Nuclear Industry Concepts for Safety and Performance Management and Application to Offshore Operations

Abstract

Abstract The commercial nuclear power industry has developed and applied improved methods for safety and performance management since the accident at Three Mile Island (TMI) in 1979. These include methods for risk management, identification and application of lessons learned, risk informed regulation, and safety culture improvement. Methods have also been developed to identify strategies and procedures to manage severe accidents - e.g. events outside the design basis that formed the envelope for the initial operating license. The combined implementation of all these technical, organizational, and regulatory changes has led to a significant industry-wide improvement in the performance of nuclear power plants in the US since TMI. This paper summarizes these developments in the nuclear industry, describes a recent application to risk informed safety culture assessment for a Canadian nuclear power station, and explores the potential to apply these methods for design, operation, and regulation of offshore facilities as part of the industry response to the Deepwater Horizon accident. Nuclear industry practices prior to Three Mile Island From the beginnings of the commercial nuclear power industry in the United States in the 1960's the primary unifying concept for demonstrating safety was the Design Basis Accident (DBA). A design basis accident is a postulated event that the plant must withstand. The Safety Analysis Report (SAR) for each facility was required to demonstrate that the plant could withstand the occurrence of specific prescribed DBAs. Examples include loss of coolant accidents (LOCAs), reactivity accidents, steam generator tube ruptures, loss of offsite power, etc. In addition to forming the basis for demonstrating that the plant could be operated safely within a prescribed " safe operating envelope,?? DBAs also established (perhaps inadvertently) the basic paradigm for the development of emergency operating procedures. Similarly, the design of instrumentation was intended to provide information up to but not beyond the conditions expected during a Design Basis Accident. Hidden within the emergency procedures were the assumptions that plant operators would be able to accurately diagnose the event in progress, and their major role would be to monitor the performance of automatic systems and only intervene when automatic systems failed to actuate or to restore normal conditions once the automatic systems had carried out their assigned functions. Finally, there was likely an unconscious assumption that events more serious than the design basis accident would not (or perhaps could not) occur, and that if a plant could withstand the DBAs then safety was assured for other conceivable accident sequences. Unfortunately, as we shall see later, these numerous, often unspoken assumptions were fundamentally flawed.