Implementation of five level Defense In Depth
Defence in depth (DiD) is an overall strategy for safety measures and features of Nuclear Power Plans to prevent accident. Multipe levels of protection to provide a graded protection against a wide variety of transients, incidents and accidents. Here, will give two example of implementation of five level defense.
(1) REACTOR HARMONIZATION WORKING GROUP (RHWG) OF WESTERN EUROPEAN NUCLEAR REGULATORS’ ASSOCIATION (WENRA)
https://www.wenra.eu/sites/default/files/publications/rhwg_safety_of_new_npp_designs.pdf
(1) Even though no new safety level of defence is suggested, a clear distinction between means and conditions for sub-levels 3.a and 3.b is lined out. The postulated multiple failure events are considered as a part of the Design Extension Conditions in IAEA SSR-2/1.
(2) Associated plant conditions being now considered at DiD level 3 are broader than those for existing reactors as they now include some of the accidents that were previously considered as “beyond design” (level 3.b). For level 3.b, analysis methods and boundary conditions, design and safety assessment rules may be developed according to a graded approach, also based on probabilistic insights. Best estimate methodology and less stringent rules than for level 3.a may be applied if appropriately justified. However the maximum tolerable radiological consequences for multiple failure events (level 3.b) and for postulated single failure events (level 3.a) are bounded by Objective O2.
(3) The task and scope of the additional safety features of level 3.b are to control postulated common cause failure events as outlined in Section 3.3 on “Multiple failure events”. An example for an additional safety feature is the additional emergency AC power supply equipment needed for the postulated common cause failure of the primary (non-diverse) emergency AC power sources. The task and scope of the complementary safety features of level 4 are outlined in Section 3.4 on “Provisions to mitigate core melt and radiological consequences”. An example for a complementary safety feature is the equipment needed to prevent the damage of the containment due to combustion of hydrogen released during the core melt accident.
(4) It should be noted that the tolerated consequences of Level 3.b differ from the requirements concerning Design Extension Conditions in IAEA SSR-2/1 that gives a common requirement for DEC:“for design extension conditions that cannot be practically eliminated, only protective measures that are of limited scope in terms of area and time shall be necessary”.
(5) Level 5 of DiD is used for emergency preparedness planning purposes
(2). BN-1200. REALIZATION OF “DEFENSE IN DEPTH” PRINCIPLE
BN1200 reactor is positioned as a reactor of 4-th generation Therefore its design have to meet two well-known international initiatives GEN-IV and INPRO. https://www.jaea.go.jp/04/turuga/internationalworkshop/presentationPDF/201206121430_Iurii%20Shvetsov_Russia.pdf
Multiple Barriers to Radionuclide Release, Three protective barriers refer to a series of strong and leak-tight physical barriers between radioactive products and the environment. The barriers prevent release of radioactive products in all circumstances. (https://www.nuclear-power.com/nuclear-power/reactor-physics/nuclear-safety/defence-in-depth-principle/ )
Basic interpretation of the defence in depth principle considered the independent physical layers surrounding the hazard source (concerning a nuclear reactor for example, a first level is the cladding that encases the fuel, a second level is the reactor vessel, and a third level is provided by the containment building). Progressively, safety specialists began to adopt a more conceptual interpretation of layers, including the influence of non-physical layers of defence such as emergency response and human and organizational factors of safety.(https://risk-engineering.org/concept/defence-in-depth)
The DiD concept was initially limited to multiple barrier systems (focused on the confinement safety function) and then expanded to apply to all safety functions for nuclear installations. The implementation of DiD consists of the realization of different physical barriers, as well as a combination of active, passive and inherent safety features that contribute to the effectiveness of the physical barriers in confining radioactive material at specified locations. The number of barriers will depend upon the initial source term, the effectiveness of barriers, the possible internal and external hazards, and the potential consequences of failures. Barriers should be properly independent and reliable. The safety functions achieved through the DiD levels 1 to 4 relate to the design and operation of the NPP itself, while the DiD level 5 relates mainly to the off-site emergency planning. ( https://asampsa.eu/wp-content/uploads/2017/03/ASAMPSA_E-WP30-D30.7-vol4-PSA-and-DiD.pdf )
summaries of five level defense in depth
A hierarchical deployment of different levels of equipment and procedures, to maintain the effectiveness of physical barriers placed between a radiation source or radioactive materials and workers, the public or the environment, in operational states and, for some barriers in accident conditions.
DiD help to preserve fundamental safety functions (control of reactivity, removal of heat from the core and confinement of radioactive materials).
The objectives of DiD:
- to compensate for potential human and component failures
- To maintain the effectiveness of the barriers by averting damage to the facility and to the barriers themselves
- to protect the public and the environment from harm in the event that these barriers are not fully effective
The assumptions of this state are there will be error in design, equipment will occasionally fail and people will occasionally make mistakes. Twofold strategies to require these objectives are prevents accidents and if prevention fail, to limit their potential consequences and prevent any evolution to more serious conditions.
Generally, DiD structured in 4 physical barriers and 5 successive levels.
- If one barrier or level were to fail, the subsequent comes into play
- Special attention to hazards that could potentially impair several levels of defense, such as fire, flooding or earthquake.
- Basic prerequisites to all measures of the 5 level, appropriate conservatism, quality assurance and safety culture in safe design and operation
- Ensure that no single human or equipment failure would lead to harm to the public, and even combinations of failures that are only remotely possible would lead to little or no harm
- The independence of different levels of defense in depth is a key element.