In all operating modes of a nuclear power plant a lot of activities take place, including maintenance, surveillance testing and plant modifications. Some of these activities can impose temporary increase in risk level, as they may change the status of equipment important to plant safety. Such risk increases are usually controlled by risk monitoring, which considers changes in risk due to changes in the status (e.g. availability) of plant systems and functions. Risk monitors are, in many cases, designed and operated to be system-oriented (or function-oriented), as they focus on “measuring” the risk associated with different system configurations (from where comes the often used term “configuration risk management”). On the other hand, components of plant systems are placed in various locations and at various floors (elevations) of plant buildings. Piping, as well as cabling, is routed through one or more buildings. Equipment performing different functions is, sometimes, located near each other due to architectural limitations. Where required, barriers are applied in order to ensure physical separation and independency. Due to these reasons, a particular plant area (compartment, room, part of a large room,…) can contain a variety of mechanical, electrical and / or other equipment with different safety implications. As well as system components, plant areas are also related to each other, with different degrees of relative importance. Since activities performed in different plant areas can imply changes, actual or potential, in the status of associated equipment, structures and / or barriers, there is also a need that risk monitoring considers the area-oriented aspects, beside considering those which are system-oriented or function-oriented. Risk impact of an activity taking place in a particular plant area can be considered in terms of changes (potential or actual) to its three components: 1) likelihood of initiators which can be triggered by equipment in the area (but which are not mitigated by any of the equipment in the same area); 2) mitigating capability regarding the initiators which are not triggered in this area; 3) likelihood of initiators triggered in this area and mitigating capability regarding the same initiators. Activity in a particular plant area may be related to none or to any combination of the three risk impact components. Normally, risk impact under 3) is limited by the architectural engineering principles (because it may become very large risk contributor). However, it may be present in some residual form and it cannot be excluded (as demonstrated by area-related risk studies performed in the past, such as internal fire and internal flooding analyses). With activity taking place in a particular area, the relevant importance of any other plant area (and, hence, potential risk impact of any activity that may be planned to go on at the same time) is then considered in terms of, respectively: 1) whether it contains the equipment relevant for mitigation of initiators that can be triggered in the considered area; 2) whether it includes the potential for triggering an initiator which is mitigated by the equipment located in the considered area; 3) whether it contains the relevant mitigation equipment or include the potential for relevant initiators. The paper discusses these and other related issues and describes some basic concepts for the area-oriented risk management.
Read full abstract