Office for Nuclear Regulation



Similar documents
Office for Nuclear Regulation

Office for Nuclear Regulation

Office for Nuclear Regulation

NOT PROTECTIVELY MARKED

STEP 3 ELECTRICAL SYSTEMS ASSESSMENT OF THE WESTINGHOUSE AP1000 DIVISION 6 ASSESSMENT REPORT NO. AR 09/019-P

Design of electrical power system for a 1000MW nuclear power generating station

HEALTH & SAFETY EXECUTIVE NUCLEAR DIRECTORATE ASSESSMENT REPORT. New Reactor Build. EDF/AREVA EPR Step 2 PSA Assessment

Government Degree on the Safety of Nuclear Power Plants 717/2013

Nuclear power plant systems, structures and components and their safety classification. 1 General 3. 2 Safety classes 3. 3 Classification criteria 3

Office for Nuclear Regulation

Published in the Official State Gazette (BOE) number 166 of July 10th 2009 [1]

Nuclear Power Plant Electrical Power Supply System Requirements

Belgian Stress tests specifications Applicable to all nuclear plants, excluding power reactors 22 June 2011

Fire Protection Program Of Chashma Nuclear Power Generating Station Pakistan Atomic Energy Commission 5/28/2015 1

Control of legionella bacteria in water systems

Guidance for Mobile Air Conditioning (MAC) Sectors. Guidance: F Gas and Ozone Regulations Information Sheet MAC 3: Key Obligations

Licence condition handbook

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, DC June 16, 2011

Resilience improvements to UK nuclear power plants

Boiling Water Reactor Systems

This is a Master s degree level apprenticeship which includes academic learning combined workplace learning and training.

Belgian Stress tests specifications Applicable to power reactors 17 May 2011

Liberty Mutual Insurance RISK ENGINEERING PROCEDURE. REP 07 Incident Planning For external use

Generic PCSR Sub-chapter 15.4 : Electrical Equipment

Continuous flow direct water heating for potable hot water

ANCILLARY EQUIPMENT AND ELECTRICAL EQUIPMENT Power Supply Systems and Electrical Equipment for Desalination Plants - Y.M. Hamud and A.H.

Report WENRA Safety Reference Levels for Existing Reactors - UPDATE IN RELATION TO LESSONS LEARNED FROM TEPCO FUKUSHIMA DAI-ICHI ACCIDENT

SAFETY DESIGN OF A NUCLEAR POWER PLANT

DRAFT REGULATORY GUIDE DG-1154 (Proposed Revision 2 of Regulatory Guide 1.128, dated October 1978)

WASTE Application Form - Dublin Waste to Energy SECTION J ACCIDENT PREVENTION & EMERGENCY RESPONSE

Operating Performance: Accident Management: Severe Accident Management Programs for Nuclear Reactors REGDOC-2.3.2

IAEA INTERNATIONAL FACT FINDING EXPERT MISSION OF THE NUCLEAR ACCIDENT FOLLOWING THE GREAT EAST JAPAN EARTHQUAKE AND TSUNAMI

Safety Analysis for Nuclear Power Plants

Elements Elements describe the essential outcomes. 1. Prepare to diagnose and repair air conditioning and HVAC system

PROBABILISTIC RISK ASSESSMENT AND RISK MANAGEMENT OF A NUCLEAR POWER PLANT

Element D Services Plumbing

7.1 General Events resulting in pressure increase 5

Introductions: Dr. Stephen P. Schultz

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION OFFICE OF NEW REACTORS WASHINGTON, DC

Backup Fuel Oil System Decommissioning & Restoration Plan

Factory owners must ensure the boiler is:

This document is the property of and contains Proprietary Information owned by Westinghouse Electric Company LLC and/or its subcontractors and

L.S. de Carvalho, J. M de Oliveira Neto 1. INTRODUCTION IAEA-CN-164-5P01

RC-17. Alejandro V. Nader National Regulatory Authority Montevideo - Uruguay

HSE information sheet. Fire and explosion hazards in offshore gas turbines. Offshore Information Sheet No. 10/2008

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

Public SUMMARY OF EU STRESS TEST FOR LOVIISA NUCLEAR POWER PLANT

Elements Elements describe the essential outcomes.

Emergency Power System Services Industrial UPS, Batteries, Chargers, Inverters and Static Switches

10 Nuclear Power Reactors Figure 10.1

U.S. NUCLEAR REGULATORY COMMISSION STANDARD REVIEW PLAN OFFICE OF NUCLEAR REACTOR REGULATION

Mechanical Engineering Technician- Plant Technician

Keeping electrical switchgear safe

Training for Operations and Maintenance

Diablo Canyon NPP Probabilistic Risk Assessment Program. Workshop Information IAEA Workshop

Power Plant Electrical Distribution Systems

TABLE OF CONTENT

C.I.8.2 Offsite Power System. C.I Description

UTILITIES DEPARTMENT NORTH CAMPUS DISASTER RECOVERY PLAN

FIRE RISK ASSESSMENT IN GERMANY - PROCEDURE, DATA, RESULTS -

Competency Framework for Marine Engineer Class 6. Competency Framework for Marine Engineer Class 6

Building Services Engineering Technician

This occurrence is considered to be of no significance with respect to the health and safety of the public.

Section 6 Fire Detection and Alarm Systems Russell Porteous Chief Executive Officer Firewize Services

UNITED STATES NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION WASHINGTON, D.C June 1, 2005

Nuclear Safety Council Instruction number IS- 23 on in-service inspection at nuclear power plants

Liquefied Petroleum Gas Volume 1 : Large Bulk Pressure Storage & Refrigerated LPG

ENERGY MANAGEMENT. for INDUSTRY AND BUSINESS

How To Clean Up A Reactor Water Cleanup

Safety Analysis Probabilistic Safety Assessment (PSA) for Nuclear Power Plants REGDOC-2.4.2

Contractor s Guide Outage O3 2015

Practical Guidelines for Electrical Area Classification in Combustion Turbine-Generator Power Plants

Safety assessment of the Loviisa nuclear power plant

INSPECTION AND TESTING OF EMERGENCY GENERATORS

Managing health and safety in construction

National Planning Policy for Waste

Routine and Emergency Boiler Operation

Hydraulic control unit series

CyberFortress Data Center at Innovation Park Infrastructure and Topology Guide. Innovation Park Charlotte. NC DRAFT V0.

singapore//singapore data center specifications tel: fax: internet + intellectual property + intelligence

Federal Wage System Job Grading Standards for Air Conditioning Equipment Operating, Table of Contents

Guidance for Stationary Refrigeration & Air- Conditioning

21.1 Functions, Basic Configuration, and Interfaces

Refrigeration & Air-conditioning Technician

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Current state of plant Functioning as a peak and emergency centre. Statistics Accumulated operating hours:

National Competency Based Skill Training Refrigeration and Air-conditioning Mechanic Logbook

Electrical Engineering

MANAGEMENT AND USE OF WORK EQUIPMENT: PRESSURE SYSTEMS

Guidance on Process Safety Performance Indicators

Course available 24/7 for up to six months from the date of purchase or until completion

MEM10019 Select circuit protection devices by type and rating, fit to switchboards and install earthing

Fault codes DM1. Industrial engines DC09, DC13, DC16. Marine engines DI09, DI13, DI16 INSTALLATION MANUAL. 03:10 Issue 5.0 en-gb 1

Transcription:

ONR GUIDE Essential Services Document Type: Nuclear Safety Technical Assessment Guide Unique Document ID and Revision No: Date Issued: May 2013 Review Date: May 2016 Approved by: D Senior Director Regulatory Standards Record Reference: Trim Folder 1.9.3.764. (2013/158304) Revision commentary: Routine update TABLE OF CONTENTS 1. INTRODUCTION... 2 2. PURPOSE AND SCOPE... 2 3. RELATIONSHIP TO LICENCE AND OTHER RELEVANT LEGISLATION... 3 4. RELATIONSHIP TO SAPS... 3 5. ADVICE TO INSPECTORS... 5 6. REFERENCES... 11 7. GLOSSARY AND ABBREVIATIONS... 12 Crown copyright. If you wish to reuse this information visit www.hse.gov.uk/copyright.htm for details. You may reuse this information (excluding logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view the licence visit www.nationalarchives.gov.uk/doc/open-government-licence/, write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email psi@nationalarchives.gsi.gov.uk. Some images and illustrations may not be owned by the Crown so cannot be reproduced without permission of the copyright owner. Enquiries should be sent to copyright@hse.gsi.gov.uk. For published documents, the electronic copy on the ONR website remains the most current publically available version and copying or printing renders this document uncontrolled. Comments on this guide, and suggestions for future revisions, should be made and recorded in accordance with ONR's standard procedures. Comments made from outside ONR should be sent via onrenquiries@hse.gov.uk. Page 1 of 12

1. INTRODUCTION 1.1. ONR has established its Safety Assessment Principles (SAPs) which apply to the assessment by ONR specialist inspectors of safety cases for nuclear facilities that may be operated by potential licensees, existing licensees, or other duty-holders. The principles presented in the SAPs are supported by a suite of guides to further assist ONR s inspectors in their technical assessment work in support of making regulatory judgements and decisions. This technical assessment guide is one of these guides. 2. PURPOSE AND SCOPE 2.1. The purpose of this TAG is to provide guidance to ONR assessors on the interpretation and application of the relevant SAPs when judging the adequacy of the essential services in a nuclear installation. 2.2. The Essential services are the collection of equipment that provides services such as cooling, lubrication and energy supply required by the safety systems and safety related systems and are thus an integral support to the safety functions in an operational state at all times. 2.3. The fundamental purpose of essential services is the provision of those services necessary to support safety functions which may be called on to ensure safety on the nuclear installation throughout the lifecycle. The purpose of the assessment is to confirm the Licensee has demonstrated that : the need for essential services has been identified for all stages of a plant s lifetime, including decommissioning and are correctly functionally categorised and safety classified according to their safety significance, they will be available when a demand is placed upon them, they have the capacity to supply the service during normal operation and all identified fault conditions, they are able to perform their function in any environment they may be exposed to in either normal or identified accident conditions for a specified time. This should include the effects of failure of surrounding non-essential equipment such as masonry walls, turbines, pumps, etc. the analysis has all ancillary equipment needed to ensure the service can be delivered, i.e. pumps, valves, cooling water etc. 2.4. These requirements must be met for all of the services which are considered to be essential for the safe operation and shut-down of the nuclear facility and may include electricity supplies, water, gases, fuels and lubricants, and any others as may be specified in the safety case. 2.5. This assessment guide addresses the Engineering Principles (EES1 to EES9) which outline the safety principles to be considered by the assessor when judging the adequacy of the essential services in a nuclear installation. The guide identifies and draws on other relevant key and general SAPs [Reference 1] which are applicable to the assessment of essential services. Page 2 of 12

2.6. Other assessment guidance is also available from the IAEA [References 2, 3, 4] Safety Series of publications, which should be appropriately taken into account in conjunction with the application of this guide. 2.7. This TAG contains guidance to advise and inform ONR inspectors in the exercise of their professional regulatory judgement. Comments on this guide, and suggestions for future revisions, should be recorded on the appropriate registry file etc. 3. RELATIONSHIP TO LICENCE AND OTHER RELEVANT LEGISLATION 3.1. The primary site licence conditions for which assessments of essential services are made are LC 14 (Safety Documentation), LC 24 (Operating Instructions) & LC 27 (Safety mechanisms, devices and circuits). 3.2. Other licence conditions which may be relevant are LC 15 (Periodic Review), LC 19 (Construction/Installation of New Plant), LC20 (Modification to Design of Plant Under Construction), LC 22 (Modification or Experiment on Existing Plant), LC 23 (Operating Rules), LC 27 (Safety Mechanisms Devices and Circuits) and LC 28 (Examination, inspection, maintenance and testing). 4. RELATIONSHIP TO SAPS 4.1. The Engineering Principles: essential services (EES.1 EES.9) are the SAPS which must be considered fundamental to this guide. 4.2. Three Safety Analysis principles are also of particular relevance as they identify the key information inputs to the assessment of the adequacy of the essential service provisions :- FA.2 - Requires an analysis of initiating faults. FA.6 - Requires the identification of these faults. FA.9 & ESS.11 - Requires the establishment of a schedule of safety systems and minimum safety system requirements. 4.3. As a sound provision of Essential Services depends on the application of good engineering principles, many of the other SAPS will be considered during the assessment of the plant or Page 3 of 12

the design. In analysing the essential services provisions, the assessor should also take into account the following key engineering principles:- EKP.2 - Sensitivity to fault should be minimised. EKP.3 - Defence in depth. EDR.2 - Redundancy and diversity are expected. ECS.1 - Safety Function Categorisation. EHA.1 - Internal and external hazards which may affect the essential services. ESS.18 - Availability of safety systems (and by implication any essential services on which they depend) and separation of safety systems from control systems. ELO.1 - Layout to minimise effects of hazards (see also ELO.2). EQU.1 - Qualification procedure to confirm performance under specified conditions (see also P90). EMT.6 - Monitoring and inspection is expected, and where this is not possible, then additional measures are expected in order to assure lifetime performance. ESS.8 - There should be no requirement for human action in the first 30 minutes following any requirement for protective system action. EDR.4 - Single failure principle. EDR.2 - Redundancy is assumed to be needed to achieve high reliability unless the necessary reliability can be shown to be otherwise achieved. Reliability claims based on redundancy are limited by CMF and a limit of 10-5 would be expected (see EDR.3). In practice a less reliable value may be appropriate particularly where complex control systems are required in order to achieve correct operation of the essential service (see T/AST/046). 4.4. It should be noted that many of these general principles have been written in broad terms to cover a range of engineering applications, thus some interpretation is necessary in developing the guidance for individual application. In some cases, such as human factors, reference has been made to the relevant principles in order to provide an awareness of the issues to be considered. The detailed assessment of the particular subject will of course be carried out by the appropriate assessor. 4.5. In addition to the above, the following SAPs and TAGs may also provide pertinent advice : Classification, codes and standards (ECS2, ECS.3, ECS.4, EAD.2) Design data and models (FA.18, FA.19, SC.7) Human factors (EHA.5-EHA.8) Page 4 of 12

Maintenance, inspection and testing (EMT.3, EMT.5, EMT.6, EMT.7, ELO.1, EAD.4) and T/AST/009 Plant ageing (EAD.1, EAD.2) and T/AST/016 Reliability (EDR.2, ERL.1-ERL.4) see also T/AST/30 Protection systems (Ref 4). 5. ADVICE TO INSPECTORS General Criteria 5.1. The assessor should confirm that the safety case clearly identifies all essential systems necessary to fulfil the maximum requirement of the safety function required by the safety case. For each essential service so identified and provided (EES.1 & EES.3), the safety case should define the necessary service capability and reliability, and define the time within which the service is to be provided. It should be confirmed that the service will be maintained for a sufficient period to bring the plant to a safe state and maintain it there until normal service supply is restored (EES.3). 5.2. A clear definition of the boundaries of each essential service and its source(s) should be established for analysis. Each service should be subject to analysis to confirm that it will be protected from faults within itself or the safety systems it supports such that its general availability to support safety functions is assured so far as is reasonably practicable. EES.7 is directed particularly at this requirement to minimise the probability of the essential service being lost. 5.3. Where other facilities make use of any essential service, the means by which the essential function is preserved when fault or excess demand occurs in the other facilities should be defined and assessed to confirm its effectiveness and reliability. In the particular case of several plants sharing a common service, the effect of that sharing should be incorporated into the definition of capability etc. and considered when assessing the adequacy of the service (EES.4 & EES.5). The protection system associated with the sharing should be assessed to confirm its effectiveness and integrity. In those cases where there is a sitewide essential service, a safety case should be provided to justify the adequacy of the central essential services, and this case should identify and tabulate (as above) the totality of the site essential service demands. 5.4. Particular attention should be given to reasonably foreseeable multiple or dependent faults which might give rise to the loss of a normal service and the back-up service. Specifically for electrical systems (EES.9), the short term effects of loss of normal (off-site) and on-site AC electrical power should be addressed. The general expectation is that loss of all offsite electrical supplies up to 24 hours should be treated as a frequent fault (>10-3 /yr) and for losses up to a week as an infrequent fault (>10-5 /yr). 5.5. In assessing the adequacy of essential service provision, the effects of adverse conditions and faults in the normal service or the essential service should be considered and the design shown to have incorporated adequate provision to ensure that the reliability of the service is not compromised (EES.6). Page 5 of 12

5.6. The minimum permitted configurations of essential supplies systems should be stated and the adequacy of that state justified. For the permitted minimum configurations, it should be confirmed that the requirements of the single failure principle (EDR.4) are met. Sources of Supply 5.7. Each back-up or alternative source of supply should be considered, to confirm that each such source has the necessary capacity, availability and reliability to meet the maximum demands on it, and can provide that service for the necessary time (EES.3). 5.8. Where any service is derived from a source external to the nuclear site, that service should where practicable also be obtainable from a back-up source on the site (EES.2). Assessors should note that the terminology in the SAP is "where practicable", not "where reasonably practicable" to denote the expectation of a back up source. In the particular case where an essential service is only obtained from off the nuclear site, and thus may be outwith the direct control of the Licensee, particular attention should be given to the specification, availability and reliability, all of which should be of a similar standard as those for an on-site source (EES.8). Specific Systems 5.9. As above, the safety submission from the licensee should clearly identify and define essential services necessary to ensure safety. The safety submission should also define the required performance of each essential service as well as demonstrating the adequacy of the capacity and capability of that service. It should also (preferably) define for each safety system, those essential supplies which are required, and identify the source. The list of typical essential services below should not be assumed to be comprehensive. For each service, specific points are raised for assessment consideration. Electrical Supplies 5.10. Safety related plant and equipment normally derive their electrical supplies from the National Grid via the normal electrical distribution networks. On failure of these supplies, the safety related plant and equipment must be supplied from an alternative source. Emergency Supplies alternators (usually diesel or gas turbine driven) normally provide the bulk of these alternative AC supplies, but there will inevitably be a short term interruption to supply before these alternators come into service. Assessors should confirm that adequate provision is made for the necessary automatic alterations to the distribution networks, the starting of these generators and their connection to essential loads. 5.11. For most of safety functions, interruption to supply is not tolerable. A number of options exist to provide uninterrupted supplies in such cases. These may typically be: proprietary uninterruptable supplies systems consisting of self contained combinations of batteries (generally with integral on-load charging facilities), and motor generators or static alternators to provide AC supplies; batteries, with off-load or on-load charging facilities, to provide DC supplies; the arrangements to ensure that the capacity of such batteries is adequate to maintain supplies until the essential electrical distribution is appropriately aligned. Page 6 of 12

5.12. The nature of the particular safety related plant or equipment will dictate the type of arrangement that is needed. 5.13. Given the range of safety systems and the age spread of nuclear installations, it is beyond the scope of this guide to define the combinations which will need to be assessed, but typical examples are listed in the ensuing paragraphs. 5.14. Interruptable AC supplies are typically required for a restricted range of major motive power applications such as emergency boiler feed pumps, low speed gas circulator drives, larger essential ventilation systems and essential cooling water supplies. 5.15. Uninterruptable AC supplies are typically required for: AC motors driving critical cooling pumps and critical ventilation systems, e.g. dissolver off-gas, primary monitoring instrumentation such as criticality detectors, reactor instrumentation, radiation and contamination detection etc., electrical relays handling the unloading of normal supplies from the system to allow the essential electrical supplies to be brought into operation, electrical relays used to trip and initiate electrical switchgear, valve actuators required to isolate damaged sections of the plant and activate alternative cooling circuits, and ventilation systems needed to maintain the quality of air in the control room environment and to remove contaminated air to suitable filter systems. 5.16. DC supplies are generally required to support stand alone systems such as lighting, communications systems, and some smaller critical drives on older plants designed before the advent of reliable inverter packages. 5.17. Adequate electrical analysis should have been carried out to ensure that the systems are capable of carrying out the demands that are placed upon them. These should include: load schedule analysis to ensure that the supply can meet the demand under normal operation and during the restoration of drives when the alternative supply has been established, electrical fault analysis to ensure that the system can handle the expected fault currents under earth fault and short-circuit conditions, voltage studies on dc systems to ensure that end of leg supplies are at a high enough voltage to operate the electrical plant and equipment, and fault protection discrimination studies. Gas Supplies Page 7 of 12

5.18. Gas supplies required for safety such as carbon dioxide, nitrogen, etc. are normally provided by routine deliveries to the site by road tankers. To provide an alternative supply on the site, it is necessary to ensure that the storage facilities are adequately sized to ensure that the fault study assumptions are still met in the event of an interruption of the routine deliveries. Therefore, it is necessary to have established the minimum on-site holdings of gas supplies for continued safe operation. 5.19. The storage facilities for these gases, and the design of the distribution system should be assessed as above under general criteria to confirm their capability and reliability using as a guide both the identified essential services SAPs and the other supporting SAPs. 5.20. When assessing essential gas supplies, attention should be given to any requirements for steam or electrical supplies to vaporise or condition the gas before distribution and / or to the possibility of extreme temperature being experienced by the distribution system. The condition of the vacuum insulated vessels and associated equipment for maintaining the vacuum should also be examined. Pressure relief of insulated or vacuum vessels and associated vessels can lead to particular problems of embrittlement which may need special attention. Water Supplies 5.21. Supply of water to the site is typically via the townswater supplies from the local reservoir(s). An analysis of the requirements for water supplies, both in terms of quantity and quality should be made in the safety case. Where the supply is required for an essential service (e.g. emergency boiler feed systems) the on-site alternative supply should be provided from a dedicated facility (e.g. reservoir, storage tanks, etc.) and minimum supply holdings justified and demonstrated as discussed in para 5.18. 5.22. If the storage or distribution facility is in any way shared, the supply to any non-essential service should be designed such that it does not affect the minimum storage requirements assumed in the safety case and assessment similar to para 5.19 carried out. 5.23. The provision of all water supplies defined as relevant to nuclear safety should be shown to be independent of any supplies required for fire fighting purposes. 5.24. Essential cooling water supplies should be defined in the safety submission, and particular care should be taken to confirm that any essential service functions of any auxiliary cooling water systems are defined. These supplies should be available within a defined period, to meet the plant cooling requirements as specified in the safety submission. 5.25. Where essential cooling is provided by cooling towers or other air heat exchangers, the safety case should justify any dependencies on any other essential supplies such as electrical systems. Compressed Air 5.26. This will normally be provided via a compressor/storage vessel/distribution system(s). In some cases essential supply may be claimed as, or supported by, a central or distributed system of high pressure air bottles, or by cross connection to lower quality air systems, e.g. factory or general purpose air. The main considerations in this case are the failure of the air compressors, the supply pipework and the storage vessels as faults in this area can have widespread effects such as the generation of missiles. As with other essential services, it should therefore be ascertained that the capacity of the storage vessels is Page 8 of 12

adequate to continue to supply the essential equipment (typically instrumentation) for the period defined in the fault studies, and that the quality of the air supply will not degrade the performance of the equipment. It should in particular be noted that derogation of quality of supply in respect of moisture or particulate content may have latent and / or long lasting detrimental effects on the reliability of instrumentation operated by compressed air. 5.27. The storage facilities for these gases, and the design of the distribution system should be assessed as above under general criteria to confirm their capability and reliability using as a guide both the identified essential services SAPs and the other supporting SAPs. Consideration should also be given to the segregation and isolation of the normal and essential air systems to ensure that pressure hazards and random failures (leaks, nonreturn valves, etc.) do not degrade the system. 5.28. When assessing compressed air supplies, attention should be given to the requirements for electrical and cooling water supplies to support the compressors. Fuel 5.29. In this context, fuel is typically required for the essential electrical generators, usually diesels or gas turbines, and for steam raising for vaporisation of carbon dioxide or in some cases reactor start-up (to warm up pressure vessels). As with compressed gases, normal supply of fuel (e.g. diesel) will be by means of routine tanker deliveries to on-site storage facilities. Although strictly outwith the requirements of this TAG, Ref 3 on Fire Protection is relevant to such facilities. The provision of an alternative on-site supply is a requirement to ensure that the capacity of the on-site storage of fuel is adequate to meet the fault study assumptions and minimum stock levels should be set, justified and monitored. 5.30. Special attention should be paid to the fuel pipe/valve supply arrangements and to the storage tank segregation to ensure that a common mode fuel supply fault to the prime movers cannot occur. It should be noted that the control of the alignment of fuel lines to generators or steam plant has been a particular problem in the past and appropriate design provision should be included to control and if necessary monitor such alignments. 5.31. Further attention should also be given to the manner in which tanker deliveries are arranged to ensure that no single fault, e.g. wet or dirty fuel, in any fuel delivery to the facility will cause a multiple failure of the prime movers. This is typically achieved by staggered delivery of fuel and the avoidance of cross transfers. 5.32. The licensee should have suitable arrangements in place to ensure that the appropriate quality of fuel is delivered and maintained whilst in the storage tanks. The arrangements for monitoring the condition of the storage tanks may also require to be assessed. Lubricants 5.33. Adequate lubrication of moving/rotating safety related plant and equipment should be considered by the assessor both from the design and maintenance viewpoints. For example when evaluating safety significant cooling circulating pumps, lubricated by a circulating oil system, diversity of oil supply as well as of electrical supply to the pump motors should be considered. In practical terms, minimum stocks of lubricants are unlikely to be a problem, but if the system inventory is small, licensees would be expected to have a minimum stock policy. Suitable arrangements should be in place to ensure a single contamination episode of any stored lubricant cannot lead to multiple equipment failure. Page 9 of 12

Steam-raising Supplies NOT PROTECTIVELY MARKED 5.34. Where there is an identified requirement for an essential steam raising supply (e.g. to vaporise carbon dioxide) the arrangements for the boiler fuel supplies (for starting and running), boiler ignition, feedwater supplies and any auxiliary steam supplies should each conform to the essential services principles stated variously above. In particular an assessment should be made of the boiler's capability to supply its demanded capacity in the event of a loss of site electrics. Equipment Qualification 5.35. The qualification basis of the essential services should be quoted and demonstrated to encompass all anticipated fault and environmental conditions. In particular, the basis of seismic qualification should either be stated in the safety case, or any absence of such qualification noted and justified. Life-cycle Requirements 5.36. The SAPs include a final section (EAD.1 - EAD.5 Ageing and degradation) which addresses the need to identify the actions necessary to ensure that a high standard of safety will be maintained throughout the various phases of the lifetime of the plant. The main points to be considered in respect of the essential services relate to maintenance, testing and plant operation. 5.37. The design of the services should take into account the ability to routinely maintain, test and monitor the plant throughout the lifetime of the station and meet any probabilistic risk analysis requirements. The maintenance, testing and monitoring requirements should be specified in the maintenance schedule and detailed in the associated maintenance instructions. Effect of plant modifications 5.38. As the plant is operated and modified, changes will be made which will affect essential services. As such changes may have been considered in isolation, there should be provision for regular comprehensive review of the effects of modifications on the essential services and the demands placed on those services. Operation of the plant 5.39. The requirements for the availability of essential services should be specified in the plant operating rules, identified operating instructions, or plant operating instructions as appropriate. Adequate operator training and plant operating instructions should be in place to ensure that the operators have sufficient information available to them to operate the plant under all postulated conditions. The need for the clear identification of devices or systems, and the security arrangements (e.g. lockable cabinets, valves, etc.) for the services should be considered. Page 10 of 12

6. REFERENCES 1 Safety Assessment Principles for Nuclear Facilities. 2006 Edition Revision 1. HSE. January 2008. www.hse.gov.uk/nuclear/sap/sap2006.pdf. 2 IAEA Safety Guide No NS-G-1.8: Design of Emergency Power Systems for Nuclear Power Plants (2004). (although current version is soon to be revised) 3 IAEA Safety Guide No NS-G-1.7: Protection against Internal Fires and Explosions in the Design of Nuclear Power Plants (2004). 4 IAEA Safety Guide No 50-SG-D3: Instrumentation and Control Systems Important to Safety in Nuclear Power Plants (2002). Note: ONR staff should access the above internal ONR references via the How2 Business Management System. Page 11 of 12

7. GLOSSARY AND ABBREVIATIONS NOT PROTECTIVELY MARKED AC CMF DC EAD EDR EES EHF EHA EKP ELO EMT EQU ERL ESS FA HSE IAEA LC NEPLG ONR SAP SC TAG WENRA Alternating Current Common Mode Failure Direct Current Ageing and Degradation Design for Reliability Essential Services Human Factors External and Internal Hazards Key Principles Layout Maintenance, Inspection and Testing Equipment Qualification Reliability Claims Safety Systems Fault Analysis Health and Safety Executive International Atomic Energy Agency Licence Condition Nuclear Emergency Planning Liaison Group Safety Assessment Principle(s) Safety Case Technical Assessment Guide(s) Western European Nuclear Regulators Association Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information