Doug True is the Executive Vice President of JENSEN HUGHES. Mr. True has over 35 years of experience in engineering, safety analysis, operations, and security of a variety of nuclear facilities. He has been the technical director of numerous large scale risk analysis projects ranging from nuclear power plant risk assessments to security risk assessments to chemical process industry safety analyses. Mr. True has been a major contributor to U.S. risk-informed regulatory policies and industry best practices in risk management. He is a graduate of the University of California at Berkeley with a B.S. in Chemical Engineering.
Could you briefly share what risk-informed decisions in nuclear operations and safety mean?
Traditionally, safety and operational decisions have been made under prescribed deterministic requirements applied to stylized accident scenarios, such as demonstrating the capability of safety systems under the assumption of a single failure, strict surveillance and test intervals, specific equipment allowed outage times, etcetera. While these requirements have been successful in establishing the safety of nuclear power plants, they were established in the absence of a comprehensive assessment of the contributors to risks. This has limited the flexibility in both design and operations – the regulations specified how the plant would comply. The availability of plant-specific Probabilistic Safety Assessments (PSAs) provides an integrated view of plant safety that is not possible to obtain with deterministic techniques. Thus, the risk-informed view illuminates where a plant may have safety weaknesses and where a plant may have additional safety robustness. In risk-informed (and performance-based) decisions the regulator specifies what must be achieved, which is to demonstrate that the risk is acceptably low, and that defense-in-depth and sufficient safety margins are maintained. The plant owner/operator can determine, within limits specified by the regulator, how they wish to achieve this.
Why is it important?
There are two reasons. First and foremost is safety. It has been demonstrated that the deterministic requirements that result in the design basis for the plant do not assure low risk or balanced risk. Every significant accident that has occurred has been caused by something that was beyond the assumptions in the design basis, either in terms of the event itself or the subsequent equipment failures or human actions. Further, risk assessments have shown that some beyond design basis events and accident scenarios are not as unlikely as we would have liked to believe. In terms of balancing risk, the risk assessments have shown that deterministic safety criteria, such as the single failure criterion, does not make all failures equal in importance to safety. For example, diesels are not as reliable as pumps, and loss of offsite power is more likely than large LOCA, so having only two emergency diesel generators is not the same as having two low pressure safety injection pumps when it comes to balancing risk. Utilizing risk-informed decisions for safety focusses resources on those areas that will result in the greatest safety significance and identifies those areas where the resource commitment exceeds the value of safety that is being provided.The second reason is operational efficiency. The strict design basis requirements for things like allowed outage times for equipment and surveillance test intervals result in significant costs and plant outage time. In many cases these are not commensurate with the risk associated with them. In the US, risk-informed processes have allowed many changes to these deterministic requirements at great cost savings with no decrease in safety. In fact, the evidence in the US is that the risk-informed focus has actually improved safety by increasing the focus on the risk significant equipment and plant configurations. Using risk-informed processes for allowed outage times permits plants to manage overall configurations as opposed to using the status of individual pieces of equipment, which allows more maintenance activities to be performed in parallel. It also allows changes to surveillance test intervals and for maintenance to be shifted from refueling outages to on-line, again with no degradation in safety. This has resulted in shortening the length of refueling outages in the US to the point that the critical path becomes just what it required to move the fuel, not other maintenance activities.
The bottom line is that safety resources are being used more effectively, safety is always being maintained, and operational flexibility is saving the US nuclear fleet millions of dollars every year. As the number of risk-informed applications increases, this trend is becoming even more pronounced.
What has changed since Fukushima?
Before Fukushima there was a general feeling in most countries that the design basis process for external hazards was sufficient to assure safety. There was a general belief that beyond design basis external events were incredible and so did not really have to be worried about. It was a deterministic belief – the design basis event was the worst challenge likely to happen and the plant was designed to withstand it; beyond design basis events were so unlikely as to not pose a problem that needed to be considered. Fukushima changed that. Now we understand that there is enough uncertainty in our understanding of the frequency and severity of external hazards that beyond design basis external events can be a significant contributor to plant risk; these events are not necessarily of very low frequency, and some plants may not have much margin above the design basis events. The only way to understand the risks from external hazards comes from performing risk analyses, and the only way to effectively address the risks in an effective and cost-efficient way is by using a risk-informed decision process.
What is the current global trend in risk management approach in nuclear operations?
As you might imagine, it varies greatly from country-to-country. Essentially every country requires its plants to perform at least a probabilistic safety assessment for what we call internal events – those random events that result from failures of plant equipment and operator errors. Many countries require most or all of their plants to have PSAs for internal floods and internal fires. PSAs for external hazards, such as seismic, external flood, winds, etcetera are based on considerations of the site vulnerability to such hazards. However, until recently only a few countries used those PSAs for operational risk management. That trend is changing. The US industry is very aggressive in promoting risk-informed applications, and the USNRC has established a risk-informed regulatory framework in which such applications can be implemented. China is moving forward at an ever quickening pace looking at these applications, and some initial ones have been approved by or submitted to NNSA, the regulator in China. Other countries are using it more and more for improvements in beyond design basis safety, but have not yet moved as quickly to allow greater operational flexibility. This too is changing, but it will take time to break down the bias towards the overly prescriptive deterministic requirements that have been in place for so many years.
What is the common misconception about risk-informed practices as a risk-management tool in the nuclear industry?
That’s easy. It is the misconception that risk-informed processes are somehow less rigorous and defensible than deterministic requirements; that it is easy to manipulate the risk analysis to get the answer you want and use that to make plants less safe in return for saving money. Nothing could be further from the truth. A truly risk-informed process is very robust, and involves much more than doing a PSA calculation and getting risk numbers. There are requirements for detailed reviews, submittals, checks and balances, and the involvement of many plant departments and management. All decisions involve not just the risk numbers, but a focus on risk insights, assurances of the maintenance of defense-in-depth and safety margins as well as compliance with current regulations. Yes, they help plants save money, but never at the expense of safety, and in fact they result in improved safety by focusing attention on those aspects of the plant design and operations that are most significant to maintaining the risk low.
Lastly, JENSEN HUGHES will be speaking on Optimizing Safety and Financial Performance Through Risk-informed Decision Making at ANBP 2016. What can participants expect to hear and learn from the presentation?
We will be speaking about what risk-informed decision making actually is and why that is the approach that has been adopted rather than risk-based regulation. This includes how risk-informed decision-making works in concert with traditional safety concepts such as defense-in-depth and safety margins. We will share the many lessons-learned about risk-informed applications in the US and, based on that, what it takes to develop and implement a risk-informed decision process, including examples of the successes that we have participated in that show how costs are reduced without reducing safety. We will touch on the structure of such programs, the organizational interfaces that are required, and the need to communicate and socialize these programs with all the stakeholders including within the owner/operators, the regulators, and the public. We hope to stimulate some interesting questions and discussion both during and after the session.
JENSEN HUGHES is an industry leading provider of specialty risk management, engineering design, and engineering program services for the built environment, with over 800 staff serving customers globally through more than 40 offices worldwide, including Japan, China, Korea, Singapore, Malaysia, and UAE. Our thought leading experts are known throughout the international nuclear community for developing and implementing creative risk-informed engineering policies, procedures, methods, software and applications to achieve cost-effective and flexible solutions to optimize both safety and operations of nuclear power plants. Coupled with our expertise in fire protection systems and programs, engineering design, first responder training, regulatory submittals and our fire testing laboratory, we are one of the world’s most experienced specialty engineering consulting firm. www.jensenhughes.com