TIW-PPT-10-Risk Assessment aer

advertisement
Risk Assessment and
Probabilistic Risk Assessment
(PRA)
Mario. H. Fontana PhD.,PE
Research Professor
Arthur E. Ruggles PhD
Professor
The University of Tennessee
1
Definition of Risk
• Risk = Probability of occurrence x
consequences. We will focus on Core
Damage, or Large Early Release as
consequences.
• PRA models are normally consequence
specific.
2
Total Risk = Σpici
Total risk would include releases,
core damage, and others.
3
Probability
• Probability is a way to predict stochastic events
• Common events: probability fairly well known.
(e.g., MOCV failure rate, lots of data)
• Rare events: Less well known. Much less data.
• New Systems and Components: No data…
4
Consequences
• Conseqences from nuclear reactor
accidents could be
– damage to plant
– Impact to environment
– Loss of land use
– Cost of evacuations, sheltering, etc
– Health (morbidity) effects
– Life threatening effects
5
Fault Trees
• Fault trees are used to determine the
probability of a “top event” (e.g., core
damage).
• Top event defines the failure or success of
a system or component
• Fault tees use a structure of logical
operations to calculate the probability of
the top event as a result of “basic events”
inputs
6
Fault Trees (2)
• The undesired event is stated at the top of
the tree
• The fault tree gates specify logical
combinations of basic events that lead to
the top event
• Fault trees can be used to identify system
weaknesses
7
Fault Trees (3)
• Fault trees can help recognize
interrelationships between fault events
• Fault trees consist of logic gates and basic
events as inputs to the logic gates
• Logic Gates: Boolean operations (union or
intersection) of the input events
• Basic Events: Faults such as a hardware
failure, human error, or adverse condition
8
AND Gate
• Event 6 and event 7 must occur to “pass” the
gate. P(Q) =P(A)*P(B)
9
Amplifier Failure Mode Probabilities, NUREG 0492
10
Probabilities add for the OR gate, since either input, or both, will
pass failure through. P(Q)=P(A)+P(B)
11
Basic event
• Basic events provide input to the fault tree,
such as failure of a component or system,
expressed as a probability. The circle
indicates that no further development is
necssary
Basic event
1
1.000E-2
EVENT-1
Basic event
2
1.000E-2
EVENT-2
12
Additional Gates (SAPHIRE)
ADDITIONAL GATES
--E--
2
3
GATE-7-0
N/M Gate (2 out of 3)
EVENT-7-1
EVENT-7-1
INHIBIT Gate
ADDNL-GATES-&-SYMBOLS - Additional gates & symbols
8
TRANS-7-2
TRANSFER Gate
--E-EVENT-7-3
HOUSE Event
--E-EVENT-7-4
UNDEVELOPED Event
2007/09/19
Page 7
13
Steps to building a fault tree
• Identify a top event as a failure to perform
a function (system, component, or human
failure, for example)
• Identify events that could contribute to
failure of the top event (usually logic
gates)
• Identify further “lower level” events that
could contribute to the intermediate event
14
Steps to building a fault tree (2)
• Continue until reach basic events, which
comprise inputs (such as component
failures) to the tree
• Saphire then will perform the calculations
15
Outputs from Saphire calculations
• Calculate failure probability of top event
• Calculate failure probability of intermediate
events
• Identify cut sets
– Cut set is a sequence of events that proceed
from the basic event to the top event in an
unbroken sequence
– Minimal cut sets are cut sets that contain
minimal number of events that are not
contained in other cut sets.
16
Outputs from Saphire calculation
(2)
• Provide importance factors that indicate
relative importance of Basic events
• e.g, RIR, Risk increase ratio: Ratio of top
event failure probability with a given Basic
event failure probability set to 1
(“guaranteed failure”) and the rest
remaining at their baseline value.
• There are several other measures that will
be discussed later(See Saphire)
17
Outputs from Saphire calculation
(3)
• Calculate uncertainty of top event failure
probability given uncertainty distributions
of the basic events.
• Usually calculations are done with point
probability values (no distribution) but
others can be done with different inputs
– Normal, log normal, uniform, histogram, many
others
18
Cut Sets
• A cut set is the path by which one or more basic
events lead to the top event.
• For example,
– a one element cut set identifies where failure of one
basic event causes failure of the top event
– a two element cut set shows how failure of two basic
events cause failure of the top event
• Obviously, one element cut sets should be
avoided. (Like one bolt holding on a wing of an
airplane – one failure causes one disaster.)
19
Cut sets (2)
• Minimal cut sets are the smallest set of
events that can cause failure of the top
event. Cut sets that contain events
already contained in a smaller set are
discarded. What’s left are minimal cut
sets.
20
Larger Model
Engine fails
to start
CLASS-DEMO
Internal fuel
pump damage
1.000E-2
EVENT-F.4
Fuel supply
fails
Ignition fails
Starter inoperable
GATE-F.1
GATE-IG-1
GATE-S.1
No gas in tank
Fuel injection
failure
Battery fails
GATE-F.2
EVENT-IG.1
1.000E-2
1.000E-2
EVENT-F.7
Battery fails
1.000E-2
Spark plug wire
no 3 fails
GATE-F.3
EVENT-IG-5
1.000E-2
Gasoline not
free of gunk
1.000E-2
EVENT-F.5
2
EVENT-IG.2
Fuel injectors
fouled
1.000E-2
EVENT-IG.1
Spark plugs
wires or plugs
failed
Distributor
system fails
Battery fails
1.000E-2
4
GATE-1G.2
Spark plug wire
1 fails
1.000E-2
EVENT-IG.3
Starter fails
1.000E-2
EVENT-IG.1
Spark plug wire
no 2 fails
1.000E-2
EVENT-IG.4
EVENT-S.1
Spark plug wire
no 4 fails
1.000E-2
EVENT-IG.6
Gasoline filter
failed
1.000E-2
EVENT-F.6
21
CLASS-DEMO - Demonstration for class
2007/09/24
Page 1
Cut sets
Engine fails
to start
CLASS-DEMO
Internal fuel
pump damage
1.000E-2
EVENT-F.4
Fuel supply
fails
Ignition fails
Starter inoperable
GATE-F.1
GATE-IG-1
GATE-S.1
No gas in tank
Fuel injection
failure
Battery fails
GATE-F.2
EVENT-IG.1
1.000E-2
1.000E-2
EVENT-F.7
Battery fails
1.000E-2
Spark plug wire
no 3 fails
GATE-F.3
EVENT-IG-5
1.000E-2
Gasoline not
free of gunk
1.000E-2
EVENT-F.5
2
EVENT-IG.2
Fuel injectors
fouled
1.000E-2
EVENT-IG.1
Spark plugs
wires or plugs
failed
Distributor
system fails
Battery fails
1.000E-2
4
GATE-1G.2
Spark plug wire
1 fails
1.000E-2
EVENT-IG.3
Starter fails
1.000E-2
EVENT-IG.1
Spark plug wire
no 2 fails
1.000E-2
EVENT-IG.4
EVENT-S.1
Spark plug wire
no 4 fails
1.000E-2
EVENT-IG.6
Gasoline filter
failed
1.000E-2
EVENT-F.6
22
CLASS-DEMO - Demonstration for class
2007/09/24
Page 1
EVENT TREES
• Event trees start with an initiating event,
branch to the right as various safety
functions are questioned for success (up)
or failure (down) (ref Saphire manual)
• Event trees
– Identify accident sequences
– Identify safety system functions
– Quantify sequence frequencies
23
EVENT TREE DEVELOPMENT
Plant familiarization
Define safety functions and success criteria
Select initiating events
Determine plant response
Define accident sequences & plant damage
states
Identify system failure criteria
Develop fault trees & link to event tree
24
EVENT TREE TERMINOLOGY
• Initiating event
• Top event – Safety systems intented to respond
to the initiating event
• Branching – Underneath a top event – Up=
success, Down= failure
• Pass – No branch beneath a top event
• Sequence – Branching path, initiating event to
end state
• End states – consequences and probabilities
25
Event tree- Reactor Loss of Offsite
Power
Loss of offsite
power initiating
Emergency core
cooling system
Containment
system
LOSP
ECCS
CCS
EVENT TREE LOSP -
#
END-STATE-NAMES
1
OK-NO-RELEASE
2
SOME-LATE-RELEASE
3
MEDIUM-LATE-RELEASE
4
LARGE-EARLY-RELEASE
2007/10/07
Page 2
26
Emergency Core Cooling System
Fault Tree (ECCS)
Emergency core
cooling system
ECCS
Loss of heat
sink
1.000E-2
EVENT-ECCS-1
Loss of diesel
power
1.000E-2
EVENT-ECCS-2
Loss of water
source
1.000E-2
EVENT-ECCS-3
27
ECCS - Emergency core cooling system
2007/10/09
Page 1
Summary
• Risk assessment is a powerful tool for
– Forcing disciplined approach to analysis of safety
issues
– Forcing understanding of the system being evaluated
– Providing methods for estimating modes of failures
– Providing methods for estimating probabilities of
failures
– Identifying areas where more information is needed
– Identifying acceptability and/or areas needing
improvement
28
Download