ASN Report 2017

65 ASN report on the state of nuclear safety and radiation protection in France in 2017 Chapter 02  - The principles of nuclear safety and radiation protection and the regulation and oversight stakeholders An important element for the independence of the levels of defence is the use of different technologies (“diversified” systems). The design of nuclear installations is based on a defence in depth approach. Five levels of protection are defined for nuclear reactors: Level 1: Prevention of abnormal operation and system failures This is a question firstly of designing and building the facility in a robust and conservative manner, integrating safety margins and planning for resistance with respect to its own failures or to hazards. It implies conducting the most exhaustive study possible of normal operating conditions to determine the severest stresses to which the systems will be subjected. It is then possible to produce an initial design basis for the facility, incorporating safety margins. The facility must then be maintained in a state at least equivalent to that planned for in its design through appropriate maintenance. The facility must be operated in an informed and careful manner. Level 2: Keeping the installation within authorised limits Regulation and governing systems must be designed, installed and operated such that the installation is kept within an operating range that is far below the safety limits. For example, if the temperature in a system increases, a cooling system starts up before the temperature reaches the authorised limit. Condition monitoring and correct operation of systems form part of this level of defence. Level 3: Control of accidents without core meltdown The aim here is to postulate that certain accidents, chosen for their “envelope” characteristics (the most penalising in a given family) can happen, and to design and size backup systems to withstand those conditions. Such accidents are generally studied with pessimistic hypotheses, that is to say the various parameters governing this accident are assumed to be as unfavourable as possible. In addition, the single failure criterion is applied, in other words we postulate that in the accident situation and in addition to the accident, there will be the most prejudicial failure of one of the components used to manage this situation. As a result of this, the systems coming into play in the event of an accident (safeguard systems ensuring emergency shutdown, injection of cooling water into the reactor, etc.) comprise at least two redundant and independent channels. Level 4: Control of accidents with core meltdown These accidents have been considered since the Three Mile Island accident (1979) and are now taken into account in the design of new reactors such as the EPR. The aim is to preclude such accidents or to design systems that can withstand them. Level 5: Mitigation of the radiological consequences of significant releases This requires implementation of the measures provided for in the emergency plans, including measures to protect the general public: shelter, taking of stable iodine tablets to saturate the thyroid and avoid fixation of released radioactive iodine, evacuation, restrictions on consumption of water and of agricultural products, etc. 1.2.3 Positioning of barriers To limit the risk of releases, several barriers are placed between the radioactive substances and the environment. Barriers must be designed to have a high degree of reliability and must be monitored to detect any weaknesses or failures. There are three such barriers for pressurised water reactors: the fuel cladding, the boundary of the reactor primary system, and the containment (see chapter 12). 1.2.4 Deterministic and probabilistic approaches Postulating the occurrence of certain accidents and verifying that, thanks to the planned functioning of the equipment, the consequences of these accidents will remain limited, is known as a deterministic approach. This approach is simple to apply in principle and allows an installation to be designed (and its systems to be sized) with good safety margins, by using so-called “envelope” cases. The deterministic approach is however unable to identify the most probable scenarios because it focuses attention on accidents studied with pessimistic hypotheses. The deterministic approach therefore needs to be supplemented by an approach that better reflects possible accident scenarios in terms of their probability, that is to say the probabilistic approach used in the “Probabilistic Safety Assessments” (PSA). Thus for nuclear power plants, the level 1 Probabilistic Safety Assessments (PSA) consist in establishing event trees for each “initiating event” leading to the activation of a safeguard system THE 5 LEVELS of “Defence in Depth” Limiting the consequences of discharges On-site emergency plan Limiting the consequences of a severe accident Serious accident management Control of accidents Backup systems, accident procedures Maintaining within the authorised range Regulation systems, periodic checks Prevention of anomalies Design Operation