Safety Assessment IAEA International Atomic Energy Agency Safety

Safety Assessment IAEA International Atomic Energy Agency

Safety Assessment (BSS) • Assessment of all aspects of a practice that are relevant to protection and safety; for an authorized facility, • this includes sitting, design and operation of the facility. IAEA

Safety Assessment (BSS) (cont. ) • Requirement 13 • The regulatory body shall establish and enforce requirements for safety assessment, and • the person or organization responsible for a facility or activity that gives rise to radiation risks shall conduct an appropriate safety assessment of this facility or activity. IAEA

Responsibility • Prior to the granting of an authorization, the responsible person or organization shall be required to submit a safety assessment, which shall be reviewed and assessed by the regulatory body. • The person or organization or registrants and licensees, as appropriate, shall conduct a safety assessment that is either generic or specific to the practice or source for which they are responsible. IAEA

At which stage shall it be conducted? • Safety assessments shall be conducted at different stages, including the stages of sitting, design, manufacture, construction, assembly, commissioning, operation, maintenance and decommissioning (or closure) of facilities or parts thereof, as appropriate, so as: IAEA

Safety assessment Objectives A. To identify the ways in which exposures could be incurred, account being taken of the effects of external events as well as of events directly involving the sources and associated equipment; B. To determine the expected magnitudes and likelihood of exposures in normal operation and, to the extent reasonable and practicable, make an assessment of potential exposures; C. To assess the adequacy of the provisions for protection and safety. IAEA

What shall it include? • The safety assessment shall include, as appropriate, a systematic critical review of: A. The operational limits and conditions for the operation of a facility; B. The ways in which structures, systems and components, including software, and procedures relating to protection and safety might fail, singly or in combination, or might otherwise give rise to exposures, and the consequences of such events; C. The ways in which external factors could affect protection and safety; IAEA

What shall it include? (cont. ) D. The ways in which operating procedures relating to protection and safety might be erroneous, and the consequences of such errors; E. The implications for protection and safety of any modifications; F. The implications for protection and safety of security measures or of any modifications to security measures; G. Any uncertainties or assumptions and their implications for protection and safety. IAEA

What shall be taken in account? • The registrant or licensee shall take into account in the safety assessment: A. Factors that could precipitate a substantial release of radioactive material, the measures available to prevent or to control such a release, and the maximum activity of radioactive material that, in the event of a major failure of the containment, could be released to the environment; B. Factors that could precipitate a smaller but continuing release of radioactive material, and the measures available to detect and to prevent or to IAEA control such a release;

What shall be taken in account? (cont. ) C. Factors that could give rise to unintended operation of any radiation generator or a loss of shielding, and the measures available to detect and to prevent or control such occurrences; D. The extent to which the use of redundant and diverse safety features, which are independent of each other so that failure of one does not result in failure of any other, is appropriate to restrict the likelihood and the magnitude of IAEA potential exposure.

Documenting and reviewing • Registrants and licensees shall ensure that the safety assessment is documented and, where appropriate, that it is independently reviewed under the relevant management system. • Registrants and licensees shall perform additional reviews of the safety assessment as necessary to ensure that the technical specifications or conditions of use continue to be met when: IAEA

Additional reviews of the safety assessment A. Significant modifications are envisaged to the facility or to its operating procedures or maintenance procedures; B. Significant changes occur on the site that could affect the safety of the facility or of activities on the site; C. Any significant changes in activities are envisaged; IAEA

Additional reviews of the safety assessment D. Information on operating experience, or information about accidents and other incidents that could result in exposures, indicates that the current assessment might be invalid; E. Any relevant changes in guidelines or standards are envisaged or have been made. IAEA

Improvements • If as a result of a safety assessment, or for any other reason, opportunities to improve protection and safety appear to be available and improvement seems desirable, any consequential modifications shall be made cautiously and only after favourable assessment of all the implications for protection and safety. • The implementation of all improvements shall be prioritized so as to optimize protection and safety. IAEA

SAFETY ASSESSMENT REQUIREMENTS IAEA

SAFETY STANDARDS RELATED TO GS-R Part 4 IAEA

TABLE OF CONTENT OF GS-R-Part 4 IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES • Safety Assessment (overall requirements) • The responsibility for carrying out the safety assessment shall be with the person or organization authorized (licensed) to operate the facility or carry out the activity • Primary purpose of determining whether an adequate level of safety has been achieved and whether the basic safety objectives and safety criteria established by the designers, the operator and the regulatory authority, reflecting the radiation protection requirements as laid down in the Basic Safety Standard have been complied with. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES • Safety Assessment (overall requirements) The safety assessment shall : • Include assessment of the radiological protection provisions (below specified limits and ALARA) • Address all the radiation risks that arise from normal operation and from abnormal and accident conditions • Be carried out as early as possible in the lifetime of the facility or activity and shall be updated as necessary as the facility or activity passes through the stages of its lifetime. Therefore, (…) requirements are identified to be used in the safety assessment of nuclear facilities and activities with special attention to the defence in depth, quantitative analyses and the application of graded approach IAEA

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety - deterministic - probabilistic Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Emergency preparedness IAEA Submission to the regulatory authority Independent verification

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority -sufficient skilled and expert people available to carry out the work -required background material is available (information relating to the design and operation of the facility or activity) -necessary tools for carrying out the safety assessment are available. This includes the computer codes required for carrying out the safety analysis -criteria to be used for judging whether the safety of the facility or activity is adequate have been defined

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority potential radiological consequences from the facility or activity shall be identified and assessed (radiation exposure to people and the release of radioactive material to the environment following the occurrence of abnormal or accident conditions that lead to a loss of control).

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority -All the safety functions associated shall be identified and assessed (safety functions associated with the engineered structures, systems and components, any natural barriers as applicable, and any human actions required to ensure the safety) -The assessment of the safety functions shall determine whether they will be carried out with an adequate level of reliability, there is no vulnerability to a single failure or to a common cause failure for engineered equipment, and any structure, system, component or barrier provided to carry out a safety function has an adequate level of redundancy, diversity, separation, segregation, equipment qualification, etc.

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment -The assessment shall be carried out and include: SAFETY ASSESSMENT - The physical and chemical characteristics Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA - The identification of the natural and manmade hazards of the area that have the potential to affect the safety of any facility or activity - The site demographic characteristics in regard to any siting policy of the Member State and the need to determine an emergency plan. Uses of safety assessment Limits, conditions, etc. that will affect the dispersion or migration of radioactive materials released in normal operation or due to an incident or accident; Submission to the regulatory authority -The scope and level of detail of the site assessment shall be consistent with the potential radiological consequences and will be reviewed periodically during the lifetime of the facility or activity.

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority -The safety assessment shall determine whether adequate measures are in place for a facility or activity to control the occupational radiation exposure of people – as required by the Fundamental Safety Objective. -The safety assessment shall determine whether adequate measures are in place to control the occupational radiation exposure within any relevant dose limit and that the protection is optimized such that the magnitude of individual doses, the number of people exposed and the likelihood of incurring exposures have all been kept as low as reasonably achievable, economic and social factors being taken into account. -The safety assessment of the radiological protection provisions shall address normal operation of the facility or activity, and abnormal and accident conditions.

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority The Safety Assessment shall: -determine whether a facility or activity uses structures, systems, components and procedures of robust and proven design with previous successful application (…). -identify the design principles that have been applied to the facility and determine whether these requirements have been met; -determine whether, where appropriate, a suitable safety classification scheme has been formulated and applied to the structures, systems and components (importance to safety, consequences of their failure, identification of the appropriate industry codes and standards , etc. ) - address the external hazards -address the internal hazards -address whether preference has been given to a fail-safe design, or, if this is not possible, whether a means of detecting the failures that have occurred has been incorporated wherever possible -Address ageing, wear out, life limiting factors -Include R&D

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority To the extent that safety cannot be achieved by inherently safe design and engineered provisions, the safety assessment shall identify the procedures and measures that are necessary for all normal operational activities, in particular those required to implement the identified operational limits and conditions, and those required in response to abnormal and accident conditions. The safety assessment shall determine whether the requirements specified for personnel competences, associated training and minimum staffing levels for maintaining safety are adequate. The safety assessment shall determine whether the design and operation of any facility and the procedures for any activities have addressed the requirements to comply with human factors, including those related to the ergonomic design of all the areas, manmachine interfaces where human activities are carried out, and future decommissioning and closure activities. For facilities and activities already in existence, the safety assessments shall include aspects of safety culture where appropriate.

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority In the case of a repository for the disposal of significant quantities of radioactive waste, the anticipated and potential radiological effects on human health and the environment shall be considered for the post-closure phase. Potential radiological impacts following closure of the repository may arise from gradual processes, such as the degradation of barriers, and from discrete events that could affect waste isolation such as inadvertent human intrusion. The safety assessment shall address all aspects relevant for long term safety in order to provide a basis for giving reasonable assurance that the repository will meet the design objectives and safety requirements. In view of the uncertainties inherent in predicting future events, according to the Safety Standard for the geological disposal of radioactive waste, reasonable assurance of compliance with the safety requirements related to long term hazards is most likely to be achieved by the use of multiple lines of reasoning. This is achieved by supplementing the quantitative estimates of repository performance with other qualitative evidence that the repository will provide isolation of the wastes as designed.

DEFENCE IN DEPTH AND SAFETY MARGINS • The assessment of defence in depth shall determine whether adequate provisions have been made at each of the levels of defence in order to: • Prevent deviations from normal operation and, in the case of a repository, its desirable long-term evolution; • Detect and intercept deviations from normal operation and the desirable long-term evolution should they occur; • Control accidents within the limits inherent in the design; • Identify accident management measures to control severe accident (beyond design basis) conditions; and • Mitigate the radiological consequences of potential releases. IAEA

DEFENCE IN DEPTH AND SAFETY MARGINS • The safety assessment shall identify the necessary layers of protection including physical barriers to confine the radioactive material at specific locations and the need for supporting administrative controls. IAEA

DEFENCE IN DEPTH AND SAFETY MARGINS • In order to determine whether defence in depth has been adequately implemented the safety assessment shall determine whether: • The highest priority has been given to: reducing the number of challenges to the integrity of layers of protection and physical barriers; preventing the failure or bypass of a barriers; preventing failure of one barrier leading to the failure of another one; and preventing significant releases if failure of the barriers should occur; • The layers of protection and physical barriers are independent of each other as much as possible; IAEA

DEFENCE IN DEPTH AND SAFETY MARGINS • In order to determine whether defence in depth has been adequately implemented the safety assessment shall determine whether: • Special attention has been given to internal and external hazards that have the potential to adversely affect more than one barrier at once or to cause simultaneous failures of safety systems; and • Specific measures have been implemented to ensure the effectiveness of the required levels of defence. IAEA

DEFENCE IN DEPTH AND SAFETY MARGINS • The safety assessment shall determine whethere adequate safety margins in the design and operation of the facility or activity so that there is a wide margin to failure of any structures, systems or components for any of the abnormal or accident conditions that could occur. IAEA

SCOPE OF THE SAFETY ANALYSIS • The safety analysis shall: • assess the performance of a facility or activity in all operational states and, as necessary, in the postoperational phase and shall determine whethere is compliance with the safety requirements; • address both the consequences arising from all normal operational conditions as well as the probabilities and consequences associated with all identified abnormal or accident conditions; IAEA

SCOPE OF THE SAFETY ANALYSIS • The safety analysis shall: • identify the abnormal and accident conditions that challenge nuclear safety (all internal and external events and processes that may impact on physical barriers to confine the radioactive material or otherwise give rise to radiological risks; • address the abnormal and accident conditions that arise during operation of the facility or activity. The aim shall be to determine the cause of the abnormal or accident conditions, its significance and determine the effectiveness of the proposed corrective action. IAEA

APPROACHES TO SAFETY ANALYSIS • The safety analysis shall incorporate deterministic and probabilistic approaches, as appropriate. Both can provide input into an integrated decision making process. • The aim of the deterministic approach is to define and apply a set of conservative rules and requirements for the design and operation of a facility or activity. If these rules and requirements are met, they are expected to provide a high degree of confidence that the level of risk to workers and members of the public from the facility or activity will be acceptably low. IAEA

APPROACHES TO SAFETY ANALYSIS • Probabilistic safety analysis determine all significant contributors to the radiological risk from a facility or activity and to evaluate the extent to which the overall design is well balanced and meets probabilistic safety criteria if been defined. • The probabilistic approach uses realistic assumptions whenever possible and is able to quantify uncertainties explicitly. . IAEA

SAFETY ASSESSMENT AND SAFETY ANALYSIS Safety assessment Safety analysis Two complementary methods Deterministic Safety Analysis (DSA) Predicts the response to postulated events with predetermined assumptions; checks fulfilment of acceptance criteria Probabilistic Safety Analysis (PSA) Combines the likelihood of initiating events, potential scenarios and their consequences into estimation of CFD, source term or overall risk Evaluation of engineering factors important to safety § § § § § IAEA § § Proven engineering practices Defence in depth Radiation protection Safety classification Protection against internal and external hazards Combination of loads Selection of materials Single failure criterion Redundancy, diversity Equipment qualification Ageing Man-machine interface, …

CRITERIA FOR JUDGING SAFETY • Criteria for judging safety shall be defined for the safety analysis that are sufficient to meet the fundamental safety objective and the fundamental principles given in and the requirements of the designers, operator and the regulatory authority. • In addition, detailed criteria may be developed to assist in assessing compliance with these higher level objectives, including risk criteria which relate to the likelihood of abnormal or accident conditions occurring with significant radiological consequences. IAEA

CRITERIA FOR JUDGING SAFETY • There will always be uncertainties associated with safety analysis (predictions) which depend on the exact nature of the facility or activity and the complexity of the safety analysis. To the extent practicable the results of a safety analysis shall be robust, i. e. tolerant to uncertainties. • Uncertainties in the safety analysis shall be characterized with respect to their source, nature and degree, using quantitative methods, professional judgment or both. • Uncertainties which may have implications on the outcome of the safety analysis and decisions made on that basis shall be addressed in uncertainty and sensitivity analyses. IAEA

USE OF COMPUTER CODES • The computer codes used in the safety analysis shall undergo a sufficient level of verification and validation. • Verification determines whether the controlling physical equations and data have been correctly translated into the computer code. • Validation determines whether the mathematical model is an adequate representation of the real system being modelled by comparing the predictions of the model with observations of the real system or experimental data. IAEA

USE OF COMPUTER CODES • The computer codes used in the safety analysis shall undergo a sufficient level of verification and validation. • The validation process shall identify the uncertainties and shortcomings in the models and the underlying data basis and how these are to be taken into account in the safety analysis. IAEA

USE OF DATA FROM OPERATING EXPERIENCE • Operational safety performance data shall be collected and assessed, including records of incidents such as human errors, performance of safety systems, radiation doses, generation of radioactive waste and effluents. • For complex facilities, the collection of data may be based on a set of safety performance indicators that have been established for the facility. • Operational safety experience shall be used, as appropriate, to update the safety assessment and review management systems. IAEA

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority DOCUMENTATION: - The results and findings of the safety assessment shall be documented in the form of a safety report (compliance with the fundamental safety principles and any other safety requirements set out in national laws and regulations). - The quantitative and qualitative outcome of the safety assessment forms the basis of the safety report. It is supplemented by supporting evidence and reasoning for the robustness and reliability of the safety assessment and its assumptions. - The safety analysis shall be documented with sufficient scope and detail (justification for the selection of events and processes addressed and for the definition of scenarios; overview and necessary details of the collection of data, the modeling and the assumptions; criteria used for the evaluation of the modeling results; results of the analysis addressing the performance of the facility or activity, incurred risks and prevailing uncertainties and conclusions - Safety report shall be retained until the nuclear facility has been fully decommissioned or the repository for nuclear waste has been closed.

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority - The operating organisation shall carry out an independent verification to increase the level of confidence in the safety assessment before it is used by the operator or submitted to the regulatory authority. - The independent verification shall be performed by individuals or a group of people that is separate from those carrying out the safety assessment. The aim shall be to determine whether the safety assessment has been carried out in a way that is consistent with the current state of the art for that type of facility or activity. - Decisions about the scope and level of detail of the independent verification are subject to a graded approach and should reflect the level of risk, complexity and novelty of the facility or activity. - The independent verification shall ensure that the models and data used are accurate representations of the design and operation. - A separate independent verification shall also be carried out by the regulatory authority to determine whether the safety assessment meets their requirements

SAFETY ASSESSMENT FLOWCHART Preparation for the safety assessment SAFETY ASSESSMENT Safety analysis Potential radiological consequences - deterministic - probabilistic Safety functions Site characteristics Radiological protection Engineering Human factors Long term safety Provision of: - defence in depth - multiple barriers - safety margins Supporting evidence I T E R A T I V E Uses of safety assessment Limits, conditions, etc. Maintenance, inspection Management system Safety report Independent verification Emergency preparedness IAEA Submission to the regulatory authority - Safety Assessment is Building Confidence - Confidence that the plant will operate as designed and that it will respond as designed to accident conditions - Confidence that the tools and processes used to design and assess the safety are the right tools, that they are verified and validated for intended use.

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) Selected Requirements • Assessment of the possible radiation risks (Requirement 6) • Assessment of human factors (Requirement 11) • Scope of the safety analysis (Requirement 14) • Deterministic and probabilistic approaches (Requirement 15) IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Assessment of the possible radiation risks (Requirement 6) The possible radiation risks associated with the facility or activity shall be identified and assessed 4. 19. This includes the level and likelihood of radiation exposure of workers and the public and the possible release of radioactive material to the environment that are associated with anticipated operational occurrences or accidents that lead to a loss of control over a nuclear reactor core, nuclear chain reaction, radioactive source or any other source of radiation. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • Absence or limited scope of Level 2 PSA (or even Level 1 • • PSA) Omission of certain initiating events (usually accidents at shutdown operational modes or accidents in radwaste treatment systems or spent fuel management systems) Missing justification for categorization of initiating events Missing data important for evaluation of radiological status prior the accident (cladding defects, excessive coolant radioactivity, and leaking steam generator tubes) Assumptions used in safety analysis not presented in a clear and convincing way IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • Inconsistencies in transfer of data (without sufficient justification) from thermal-hydraulic analysis to containment analysis and to source term analysis • Unexpected rapid increase of doses in the environment with decreasing probability of occurrence in the range 1 E-6 – 1. E 7/r. year (increase more than 2 orders of magnitude) • Over- conservatism used in analysis of design basis accidents (e. g. postulation of a core melt) leading to the conclusion that radiological consequences of design basis accidents are more severe than of severe accidents • Missing assessment of doses to control room staff in case of severe accidents IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Assessment of human factors (Requirement 11) • Human interactions with the facility or activity shall be addressed in the safety assessment and it shall be determined whether the procedures and safety measures that are provided for all normal operational activities, in particular those that are necessary for implementation of the operational limits and conditions, and those that are required in response to anticipated operational occurrences and accidents, ensure an adequate level of safety 4. 40. It has to be determined in the safety assessment whether requirements relating to human factors were addressed in the design and operation of a facility or in the way in which an activity is conducted. This includes those human factors relating to ergonomic design in all areas and to human–machine interfaces where activities are carried out. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • PSA and Human Reliability Analysis (HRA) results are not used in developing the emergency procedures • The time windows for several operator actions are not supported by thermal hydraulic calculations • The thermal hydraulic analyses supporting the calculation of time windows for operator actions do not address all features of the accident sequences. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Scope of the safety analysis (Requirement 14) • The performance of a facility or activity in all operational states and, as necessary, in the post-operational phase shall be assessed in the safety analysis. 4. 50 The safety analysis has to address both the consequences arising from all normal operational conditions (including start-up and shutdown where appropriate) and the frequencies and consequences associated with all anticipated operational occurrences and accident conditions shall be addressed in the safety analysis. This includes accidents that have been taken into account in the design (referred to as design basis accidents) and beyond design basis accidents (including severe accidents) for facilities and activities where the radiation risks are high. The analysis has to be performed to a scope and level of detail that corresponds to the magnitude of the radiation risks associated with the facility or activity, the frequency of the events included in the analysis, the complexity of the facility or activity, and the uncertainties inherent in the processes that are included in the analysis. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • No separate analysis of a category of BDBA without severe core damage • No concise description of which global or detailed acceptance criteria have been used, including criteria associated with high burn-up issues. • Missing full power Level 2 PSA • Limited scope LPSD PSA • Missing analysis of events related to accidents related to the spent fuel pool • Inconsistencies in targets for severe accidents IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Deterministic and probabilistic approaches (Requirement 15) Both deterministic and probabilistic approaches shall be included in the safety analysis. 4. 55. The objectives of a probabilistic safety analysis are shall be to determine all the significant contributing factors to the radiation risks arising from a facility or activity, and to evaluate the extent to which the overall design is well balanced and meets probabilistic safety criteria where these have been defined. In the area of reactor safety, probabilistic safety analysis uses a comprehensive, structured approach to identify failure scenarios. It constitutes a conceptual and mathematical tool for deriving numerical estimates of risk. The probabilistic approach uses realistic assumptions whenever possible and provides a framework for addressing many of the uncertainties explicitly. Probabilistic approaches may provide insights into system performance, reliability, interactions and weaknesses in the design, the application of defence in depth and risks that it may not be possible to derive from a deterministic analysis. IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • Missing full power Level 2 PSA, limited scope of Low Power and Shutdown PSA • Use of old data sources, no evidence of analysing recent (national or international) operating experience (PIEs, failure rates) • Missing or insufficient uncertainty & sensitivity studies, no display of uncertainty bands • Insufficient documentation of phenomenological aspects • Unusually low Core Damage Frequency or Large Release Frequency results • Missing definition of core damage • Cliff-edge effects (releases) IAEA

SAFETY ASSESSMENT FOR FACILITIES AND ACTIVITIES (GS-R-Part 4) SELECTED REQUIREMENTS vs. GENERIC REACTOR SAFETY REVIEWS • Findings • Unusually large contributions from individual accident sequences • Inconsistencies between tables reporting results • Insufficient documentation of application of THERP methodology • Insufficient documentation of reliability data used • Missing information on truncation criteria used • Insufficient information about extrapolation of results from smaller to larger size reactors • Need for review of fire PSA IAEA

CONCLUDING REMARKS Ø Safety assessment is a key element of a safe and economic nuclear power programme: • By its nature, a nuclear power programme involves issues and challenges associated with nuclear material, radiation and related challenges • A nuclear power programme is a major undertaking requiring careful planning, preparation and investment in a sustainable infrastructure that provides legal, regulatory, technological, human and industrial support to ensure that the nuclear material is used exclusively for peaceful purposes and in a safe and secure manner IAEA 58

International Atomic Energy Agency …Thank you for your attention IAEA 59

EXERCISE 1 Ø As Regulatory Body of the Member State “VIC Republic”, you would like to update your national regulation for NPPs licensing (design) in accordance with the latest IAEA Safety Standards that are available (NS-R-1 ; GS-R- Part 4) • On the basis of the table of content of your existing national “VIC Republic standard” : Standard Format and Content Of Safety Analysis Report For NPPs, and on the representative initiating events to be analysed, please assess the completeness of your national regulation and identify the deviations and needs for updates in order to meet the requirements of the IAEA International Safety Standards IAEA Topic/Area Corresponding Requirement of NS-R 1 (content) XXX Means shall be provided … Corresponding Requirement of GSR- Part 4 (content) It has to be evaluated in the safety 60 assessment. .