
Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Safety 　 Regulation- 1
-Deterministicvs.Probabilistic/
Fukushima-
July26,ThirdPeriod
Hiroshi UJITA
Tokyo Institute of Technology
1

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
2
Quy chế và an toàn
•
Therearegrowingtendencyintheorganizationalproblemandalsotheimpactontheenvironment,
duetowidespreadandcomplextargetsystem.
•
ShiftfromprescriptiveRegulationtoNormativeRegulation.
•
Thelegalsystemchangesfromresultstheorytoacttheory(backgroundtheory,proceduretheory,
frameworktheory).
•
Theshiftfromthepunishmentduetoaccidentoccurtothepunishmentduetonottomakethe
mechanismtopreventtheaccident.
•
AsforthePerformanceStandardRegulationintheU.S.,Risk-InformedPerformance-Based
Regulationhasbeenadoptedbasedontherisktheory.
•
AsfortheRegulatoryorganization,SafetyandEnvironmentalRegulatoryAuthorityshouldbe

establishedasintheCabinetOffice,withunifiedlookthroughouttheorganizationand
independenttotheotherauthorities.CreateanInstituteforEnvironmentandSafetyand
EnvironmentandSafetyAdvisoryCommitteetodeveloppolicies.

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
3
LawandSafety
•
Recently,frequentoverstuffedcorporatescandalsandaccidents.
•
Responsiblepersonwillfulnegligence,thatisinactionbytheostrichfashion
“hadbeenpredictedwhiledidnotconsider,”istheworst.
•
Sincethelawhasbeendesignedfororganizationalaccidentprevention
primarily,itworksbycombiningbothtechnicalandlegalmeasurestoimprove
safetymeasures.
•
Inaddition,economicandsocialsanctionsandprocedureandframeworktheory,
etc.arealsorequired.
•
Asforthesocialandeconomicsanctionsagainstorganizationalaccidents,
punitivecompensationsystemshouldalsobeconsidered.

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
•
Preventingdamage
•
Failureexpansionmitigation:autonomouscharacteristic,inherentsafety

(intrinsicallysafety)
•
Accidentprevention:afail-safe,fool-proof,redundancy,diversity
•
Accidentexpansionmitigation:confinement,controlrelease
•
Environmentaleffectsmitigation:evacuation
–
Focusonpreventingdamage,expansionmitigation,oraccident
preventiontotheforefront
–
Increasedattentiontoback-upsystems,ifithasalargeenoughimpact
ontheenvironment
4
DefenseinDepthforthesafetydesign

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
•
Deterministicapproach:
•
Safetyassessmentforeachbarriertodefenseindepth
–
Themostsevereeventisassumedtorepresentthetypicalevent,whilethe
initiatingeventsareconsideredandclassifiedbybehavior(DesignBasis
Accident)
–
Inadditiontothis,assumingthatfailureofoneofthemostimportantsafety-
relatedequipment(SingleFailureCriteria),
–

Wemayguaranteethesafetybasedontheevaluationthatwecanstillhave
enoughsafetyonthatseverehypothesis.
–
SingleFailureCriterionfailure
•
LOCA,LossofCoolantAccident,therealitywillnothappen(NRC)
•
Transientisthemostlikelyevent(ReactorSafetyStudy1975,TMI
Accident1979)
5
SystemSafetyEvaluation1

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
•
Probabilisticapproach:
•
Overallsystemsafetyassessmentbasedontheconceptofrisk
–
Easilysecuredcoverageofeventsintheprocessofconsideringtheprobability
–
Rationaldecisionsduetothepresenceofriskevaluationcriteria
-SafetyGoals:aquantitativediscussion“howsafeissafeenough”
–
Determinationofquantitativesafetytrendthroughoutthelifecycle
–
Evaluationofsafetymeasuresimplementedashardwareattheinitialsystem
construction
–
Evaluationofdailysafetyfromenteringthecommercialoperation

•
Determininginspectionfrequency,acceptablewaitingtime,etc.areinherently
risk-based
•
Chemicalplants:extensionoftimespanofperiodicinspection;1yearto2years
–
Eventsoflargeuncertaintiesanddifficulttopredictcanbequantifiedasanexpert
judge
•
Seismic(Tsunami)riskassessment,humanreliabilityassessment
6
SystemSafetyEvaluation2

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
7
Themethodologyforsafety
DeterministicApproachUseBothApproachesProbabilisticApproach
DesignMethod231
ManagementMethod122
EvaluationMethod243

 4:Excellent3:
Good2:Fair1:Poor

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
•
(Successpathmethod–MissionCritical;Space,Missile)
•

PRA(ProbabilisticRiskAnalysis)SafetyCritical
–
ETA/FTA(EventTree/Faulttreeanalysis)
–
HRA (Human Reliability Analysis)
–
CMF (Common Mode Failure) Analysis
•
QRA(QuantitativeRiskAnalysis)
–
HSE(Health&SafetyExecutive)
–
ISO(InternationalStandardOrganizations)
•
FMEA(FailureMode&EffectAnalysis)
•
HAZOP(HazardousOperabilityStudy)
8
Methodologyofrisktheory

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Study of
internal
initiating
event
Analysis of
the accident
sequences
leading to

core
damage
Analysis of
the
accident
sequences
leading to
loss of
containme
nt function
Analysis
of core
damage
accident
progressi
on
phenome
na
Core
Damage
Frequency
Source
term to
atmosphere
Analysis of
public
exposure to
atmospheric
dispersion
risk

Study of
external
initiating
events
Accident
mitigation system
reliability
analysis
Human
reliability
analysis
Occurrence
frequency of each
phenomenon
Frequency of
containment
function Loss
Level1 PSA
Level2 PSA
Level3 PSA
ProbabilisticRisk(Safety)Assessmentprocedure 　
9
Fukushima Daiichi Accident

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
　　 Level1PSA 　
Initiating
Event
Success

Criteria
Plant
Survey
HumanError
Dependent
Failure
Uncertainty
　　 study
Sensitivity
　　 analysis
ComponentFailureRate
Model
(Coredamage
frequency)
Accidentsequence
quantification
FaultTree
EventTree
Phenomenapropagationscenario
10

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
InitiatingSafety 　　 SafetyConsequence 　 FrequencyRisk 　
　　　　　　　　
event 　 function1 　 function2
11
Eventtreeanalysis(LevelofDefenseinDepth)
Succes
s

Failur
e
Success
Failur
e
Small
Medium
Large
10 － 5
10 － 6
Small
Medium

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Initiatin
g Event
Reactor
Shut
down
Core Cooling PCV Heat Removal Core Sate
Large
LOCA
Control
Rod
Drive
Hydrauli
c System
(CRDHS)
High

Pressur
e Core
Spray
System
(HPCS)
Low
Pressur
e Core
Spray
System
(LPCS)
Low
Pressur
e Core
Injection
System
(LPCI)
Residua
l Heat
Remova
l
System
(RHR)
PCV
Vent
(PCVS)
Intact
or
Damage
Intact

Intact
Intact
Intact
Intact
Intact
damage
damage
damage
damage
damage
Level1PSA:Eventtree(ET)
12

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
13
Faulttreeanalysis
(EachfunctionofDefenseinDepth)
SafetyFunctionSLoss
SafetyFunctionB2LossSafetyFunctionB1Loss
SafetyFunctionBLossSafetyFunctionALoss
ANDgate
ORgate
P(A+B+C)
=P(A)+P(B)+P(C)
-P(AB)-P(BC)-P(CA)
+P(ABC)
P(ABC)=P(A)P(B)P(C)
S=A*B
=A*B1+A*B2

(MinimalCutset)

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Low Pressure Core Injection System (LPCI) Function Loss
Safety Function A Loss Safety Function C LossSafety Function B Loss
Pump FailureValve
Failure
Human Error
Recovery
Failure
Support System
(Electric Power,
Cooling Function,
etc.) Failure
Mechanical Failure
Common Mode
Failure
Electrical Failure
AND
OR
OR
Level1PSA:Faulttree(FT)
14

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
試験に関連するすべての
リスク寄与（RT）
試験により制限できる

リスク寄与（RD）
試験により引き起こされ
るリスク寄与（RC）
リスク
サーベランス試験間隔
15
Risk contribution due to Surveillance test
period
Risk
Surveillancetestperiod
Totalriskcontribution
duetoSurveillancetestperiod
Riskcontribution
inducedbySurveillancetest
(Humanerror,Fatigue,etc.)
Riskcontribution
reducedbySurveillancetest
(MechanicalFailure)

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Level2PSA 　
Level1PSA
Accident Sequence
Plant Degradation
Classification
Phenomena,
Accident
Mitigation
PCV Event Tree

Accident Propagation
Anaysis
PCV Event Tree
Quantification
Uncertainty
Analysis
Analysis
Propagation after
Core Damage
Typical
Accident
Scenario
Event Occurrence Time,
Accident Mitigation capability
PCVDamage
SourceTerm
16

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
SevereAccident
PhenomenainPCV
17
Insulation
Over Heat
Hydrogen
Burning
Steam
Explosion
Steam

Explosion
PCV Direct Heating
Melt Direct Contact
Incondensable Gas
Accumlation
Melt- Concrete Interaction

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Group 1.
& Group 5.
Group 2.
Group 3.
& Group 5.
10
-7
10
-6
10
-5
10
-4
10
-3
10
-2
10
-1
10
0

-10 0 10 20 30
Source Terms (-)
Time to PCV Failure from Core Melt Initiation (h)
Group 3.&
Group 4.
Group 3.
Group 2. &
Group 4.


Failure location Xe CsI Sr
Drywell
× ● ○
Gas space in wetwell
+ ▲ △
Bottom of wetwell (liquid part)
＊
■ □
FPreleaseandaccident
propagationare
categoraizedbysameway
FPreleasewilldecrease
duetonaturalfall,ifthe
timetoPCVfailuretocore
meltinitiationprolonged
RadioactiveRelease
toAtmosphere
18

Nuclear Power Engineering at Electric Power University

Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
Level3PSA 　
Uncertainty
Analysis
Dominant Sequence Frequency
Level2 PS A
Source Term
Prome Model
Individual Risk
Societal Risk
Risk Evaluation
Atmosphere Data
Fission Product
Releace Analysis
Wind Data
Release tendency
Capital Data
19

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
20
Risksensitivityoftheforcontainmentleakage
0.1 1 10 100 1000
400
300
200
100
0
Publicexposureexpectation

(Man-Rem/year)
Containmentleakagerate(%/day)
Plant
GrandGulf
Oconee
PeachBottom
Surry

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
21
PrincipleofsafetygoalinUK
Regionwidelyaccepted
Regionnotaccepted
Negligiblerisk
Tolerable,
iftheriskreductioncostis
abovetheimprovementbenefit
Tolerable,
iftheriskreductionisnotpossibleor
ifthecostisnotworthimprovement
Riskisnotjustified
Safety
Limit
Safety
Goal
LargeRisk
Continuetoensurethat
riskismaintainedatthislevel
Risk

Benefit
Analysis
Tolerableregion
ALARPregion

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
10
-10
10
-9
10
-8
10
-7
10
-6
10
-5
10
-4
10
-3
10
-10
10
-9
10
-8
10

-7
10
-6
10
-5
10
-4
10
-3
BWR
PWR
CDF (1/(r.y))
Index2:ContainmentFailureFrequency
Index1:CoreDamageFrequency
PSAResultofInternalEventin
NormalOperationfor52Plants
showstobelessthan
performancegoal
NISA,PSAMethodologyAfterAccident
ManagemantPublished(Oct.2004)
CoreDamageandContainmentFailureFrequency
for52PlantsinJapan
22

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
23
FukushimaDaiichiaccidentissues
•
"Assumingwhilenotconsideringsuchevent!“

–
HumanFactor&CommonModeFailurearealwaysworthkeepinginmind
•
RareEventishighconsequencewithlowfrequency.
–
Lowconsequencewithhighfrequencyeventiseasytotreatbycommercialreason,whileitisvery
difficulttohandletherareeventeventheriskisjustthesame.
–
Unexpectedeventhasbeenusedfrequently,butitistherisk-benefitissuestoassumeornot.
TsunamiProbabilisticRiskAnalysishasbeencarriedout,andsafetyrelatedpersonnelknewthe
magnitudeoftheeffectwell.
–
Regardlessoftheinitiatingevent,lackofmeasuresto“CompleteLossofPower”istobeasked.
–
Anyway,rareeventoccurredononeoccasion,measureshadtobetaken.
–
FukushimaDaiichNuclearpowerplantsas“NationalPrivatization”destroyedbylarge-scale
disastersshouldbetakensameasinfrastructuresystemsasanationalpolicy.
•
TherearemanyCrisisManagementproblemsasfollows;
–
Delayininitialresponse
–
Delayindecisionmaking
–
Delayinexternalsupportrequest
–
Poorcollaborationamonggovernment(PrimeMinisterKan),bureaucrats(NISA,JNES),and
interestedparty(TEPCO)
–

Poorinformationdisclosureinemergencysituation
•
Afterall,itisamatteroforganizationalculture.

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
24
Energyissueandroleofnuclearenergyafterthe
FukushimaDaiichiAccident
•
Premisehereisthat"Globalwarmingisaninvariantproblem!“
–
"Energysecurityisalsoaninvariantproblem!".
•
Thelong-termenergydemandandsupplysimulationtominimizethetotalenergysystemcostwas
conductedforenergypredictionduringthe21stCenturyintheworld.
•
Takingtheeffortforenergy-savingasmajorpremise,carbon-sequestrationforfossilfuel,renewable
energyandnuclearenergyshouldbealtogetherdeveloped,whichmeansenergybestmixisachieved,
undertheCO2constraintaround450ppmatmosphere.
•
Nuclearphase-outscenario,inwhichnewnuclearplantconstructionisprohibited,ispossibleeven
consideringtheissueofglobalwarming,fromsimulationforthe21stCenturyenergypredictions
–
increaseenergycosts
–
littleroomforcountermeasureandlargeuncertaintiesoftechnology
•
Therefore,rationaluseofnuclearpowerisrequested,thatiseachcountryshouldmakedecision
–

JapanandseveralEuropeancountrieswillbealsophaseout
–
China,IndiaandASEANcountrieswillcontinuetobeintroduced
•
Iftheaccidenthappensagainanywherein,itwillbecometheglobalphase-out.
•
Intheworld,rationalunifiedsafetystandards(organizationalstructure,designandoperation,regulations)
shouldbereviewedbasedontheFukushimaDaiichiProblemworld-wideanalysisandestablished.

Nuclear Power Engineering at Electric Power University
Copyright © 2011 Tokyo Institute of Technology All Rights Reserved.
25
LessonLearnedfromFukushima‐DaiichiNuclearAccident
May9th,2011,TechnicalAnalysisSubcommittee,CommitteeforNuclear
SafetyInvestigation,AtomicEnergySocietyofJapan
-SummaryofImportantLessons
a.Estimatedtsunamiwastoosmall.
b.SafetySystemandComponentsweredamagedbecauseofseawaterflooding,
resultinginsevereaccidents.
c.Long‐termstationblackoutcausedtheaccidentsprogression.
d.Reactorparametermonitoringwasdifficultwithoutelectricity.
e.Seawatercoolingsystemwasvulnerabletotsunami.
f.AccidentManagement(AM)forlong‐termstationblackoutmaybeinsufficient.
g.Hydrogenexplosionatoutsidethecontainmentvessel(CV)wasnotconsidered.
h.Enclosureofradioactivematerialsatspentfuelpoolisdifficultifreactorbuildingwas
damaged.
i.Insufficientsafetydesignforexternalevent.
j.Japanesesafetyregulationsystemisinsufficient.
k.Publicfeelsthattheinformationdisclosureisnotenough.
l.AMactivitiespreventsignificantdeteriorationoftheaccidents.

m.SeismicDesignfortheearthquakewasconsideredeffectiveinmanycases.