Challenges in using a probabilistic safety assessment in a risk informed process (illustrated using risk informed inservice inspection)

Many of the ongoing and expected uses of Probabilistic Safety Assessment (PSA)¹ create new challenges to ensuring that the resulting conclusions are valid. This paper provides a summary of some of these challenges. Work conducted by the authors on Risk-Informed Inservice Inspection (RI-ISI) is used to illustrate these challenges. Means to address all of the challenges are not provided in detail in this paper. Several earlier papers discuss how these challenges can be addressed. References are provided for the interested reader (Chapman JR et al. In: PSA '95, vol. 1, Seoul, 1995: 177–80; Chapman JR et al. In: ICONE-IV, New Orleans, 1996; Dimitrijevic VB et al. In: Croatian Nuclear Society International Conference, Opatija, 1996: 245–54; Dimitrijevic VB et al. In: Croatian Nuclear Society International Conference, Opatija, 1996: 255–62; Dimitrijevic VB. In: Yugoslav Nuclear Society Conference, Belgrade, 1996: 53–61; O'Regan PJ et al. In: PSA '95, Seoul, vol. 1, 1995: 403–5; O'Regan PJ. In: ICONE-IV, vol. 5, New Orleans, 1996: 277–80).     

Analysis of truncation limit in probabilistic safety assessment

A truncation limit defines the boundaries of what is considered in the probabilistic safety assessment and what is neglected. The truncation limit that is the focus here is the truncation limit on the size of the minimal cut set contribution at which to cut off. A new method was developed, which defines truncation limit in probabilistic safety assessment. The method specifies truncation limits with more stringency than presenting existing documents dealing with truncation criteria in probabilistic safety assessment do. The results of this paper indicate that the truncation limits for more complex probabilistic safety assessments, which consist of larger number of basic events, should be more severe than presently recommended in existing documents if more accuracy is desired. The truncation limits defined by the new method reduce the relative errors of importance measures and produce more accurate results for probabilistic safety assessment applications. The reduced relative errors of importance measures can prevent situations, where the acceptability of change of equipment under investigation according to RG 1.174 would be shifted from region, where changes can be accepted, to region, where changes cannot be accepted, if the results would be calculated with smaller truncation limit.     

A framework to integrate software behavior into dynamic probabilistic risk assessment

Software plays an increasingly important role in modern safety-critical systems. Although, research has been done to integrate software into the classical probabilistic risk assessment (PRA) framework, current PRA practice overwhelmingly neglects the contribution of software to system risk. Dynamic probabilistic risk assessment (DPRA) is considered to be the next generation of PRA techniques. DPRA is a set of methods and techniques in which simulation models that represent the behavior of the elements of a system are exercised in order to identify risks and vulnerabilities of the system. The fact remains, however, that modeling software for use in the DPRA framework is also quite complex and very little has been done to address the question directly and comprehensively. This paper develops a methodology to integrate software contributions in the DPRA environment. The framework includes a software representation, and an approach to incorporate the software representation into the DPRA environment SimPRA. The software representation is based on multi-level objects and the paper also proposes a framework to simulate the multi-level objects in the simulation-based DPRA environment. This is a new methodology to address the state explosion problem in the DPRA environment. This study is the first systematic effort to integrate software risk contributions into DPRA environments.     

A historical overview of probabilistic risk assessment development and its use in the nuclear power industry: a tribute to the late Professor Norman Carl Rasmussen

This paper reviews the historical development of the probabilistic risk assessment (PRA) methods and applications in the nuclear industry. A review of nuclear safety and regulatory developments in the early days of nuclear power in the United States has been presented. It is argued that due to technical difficulties for measuring and characterizing uncertainties and concerns over legal challenges, safety design and regulation of nuclear power plants has primarily relied upon conservative safety assessment methods derived based on a set of design and safety principles. Further, it is noted that the conservatism adopted in safety and design assessments has allowed the use of deterministic performance assessment methods. This approach worked successfully in the early years of nuclear power epoch as the reactor design proved to be safe enough. However, it has been observed that as the conservative approach to design and safety criteria proved arbitrary, and yielded inconsistencies in the degree to which different safety measures in nuclear power plants protect safety and public heath, the urge for a more consistent assessment of safety became apparent in the late 1960s. In the early 1970s, as a result of public and political pressures, then the US Atomic Energy Commission initiated a new look at the safety of the nuclear power plants through a comprehensive study called ‘Reactor Safety Study’ (WASH-1400, or ‘Rasmussen Study’—after its charismatic study leader Professor Norman Rasmussen of MIT) to demonstrate safety of the nuclear power plants. Completed in October 1975, this landmark study introduced a novel probabilistic, systematic and holistic approach to the assessment of safety, which ultimately resulted in a sweeping paradigm shift in safety design and regulation of nuclear power in the United States in the turn of the Century. Technical issues of historic significance and concerns raised by the subsequent reviews of the Rasmussen Study have been discussed. Effect of major events and developments such as the Three Mile Island accident and the Nuclear Regulatory Commission and the Nuclear Industry sponsored studies on the tools, techniques and applications of the PRA that culminated in the present day risk-informed initiatives has been discussed.     

A min cut-set-wise truncation procedure for importance measures computation in probabilistic safety assessment

A truncation process aims to determine among the set of minimal cut-sets (MCS) produced by a probabilistic safety assessment (PSA) model which of them are significant. Several truncation processes have been proposed for the evaluation of the probability of core damage ensuring a fixed accuracy level. However, the evaluation of new risk indicators as importance measures requires to re-examine the truncation process in order to ensure that the produced estimates will be accurate enough. In this paper a new truncation process is developed permitting to estimate from a single set of MCS the importance measure of any basic event with the desired accuracy level. The main contribution of this new method is to propose an MCS-wise truncation criterion involving two thresholds: an absolute threshold in addition to a new relative threshold concerning the potential probability of the MCS of interest. The method has been tested on a complete level 1 PSA model of a 900 MWe NPP developed by “Electricité de France” (EDF) and the results presented in this paper indicate that to reach the same accuracy level the proposed method produces a set of MCS whose size is significantly reduced.     

Security risks and probabilistic risk assessment of glazing subject to explosive blast loading

A probabilistic risk assessment (PRA) procedure is developed which can predict risks of explosive blast damage to built infrastructure. The present paper focuses on window glazing since this is a load-capacity system which, when subject to blast loading, has caused significant damage and injury to building occupants. Structural reliability techniques are used to derive fragility and blast reliability curves (BRCs) for annealed and toughened glazing subjected to explosive blast, for a variety of threat scenarios. The probabilistic analyses include the uncertainties associated with blast modelling, glazing response and glazing failure criteria. Damage risks are calculated for an individual window and for windows in the facade of a multi-storey commercial building. If threat probabilities can be estimated then the paper shows illustrative examples of how this information, when combined with risk-based decision-making criteria, can be used to optimise risk mitigation strategies.     

Application of Bayesian network to the probabilistic risk assessment of nuclear waste disposal

The scenario in a risk analysis can be defined as the propagating feature of specific initiating event which can go to a wide range of undesirable consequences. If we take various scenarios into consideration, the risk analysis becomes more complex than do without them. A lot of risk analyses have been performed to actually estimate a risk profile under both uncertain future states of hazard sources and undesirable scenarios. Unfortunately, in case of considering specific systems such as a radioactive waste disposal facility, since the behaviour of future scenarios is hardly predicted without special reasoning process, we cannot estimate their risk only with a traditional risk analysis methodology. Moreover, we believe that the sources of uncertainty at future states can be reduced pertinently by setting up dependency relationships interrelating geological, hydrological, and ecological aspects of the site with all the scenarios. It is then required current methodology of uncertainty analysis of the waste disposal facility be revisited under this belief.In order to consider the effects predicting from an evolution of environmental conditions of waste disposal facilities, this paper proposes a quantitative assessment framework integrating the inference process of Bayesian network to the traditional probabilistic risk analysis. We developed and verified an approximate probabilistic inference program for the specific Bayesian network using a bounded-variance likelihood weighting algorithm. Ultimately, specific models, including a model for uncertainty propagation of relevant parameters were developed with a comparison of variable-specific effects due to the occurrence of diverse altered evolution scenarios (AESs). After providing supporting information to get a variety of quantitative expectations about the dependency relationship between domain variables and AESs, we could connect the results of probabilistic inference from the Bayesian network with the consequence evaluation model addressed. We got a number of practical results to improve current knowledge base for the prioritization of future risk-dominant variables in an actual site.     

Dynamic reliability: towards an integrated platform for probabilistic risk assessment

Dynamic reliability methods are powerful mathematical frameworks capable of handling interactions among components and process variables explicitly. In principle, they constitute a more realistic modeling of systems for the purposes of reliability, risk and safety analysis. Although there is a growing recognition in the risk community of the potentially greater correctness of these methods, no serious effort has been undertaken to utilize them in industrial applications.User-friendly tools would help foster usage of dynamic reliability methods in the industry. This paper defines the key components of such a platform and for each component, provides a detailed review of techniques available for their implementation. This paper attempts to provide milestones in the creation of a high level design of such tools. To achieve this purpose, a modular approach is used. For each part, various existing techniques are discussed with respect to their potential achievements. Issues related to expected future developments are also considered.     

A semi-analytic approach to robust design in the conceptual design phase

One of the most important contributions to quality engineering over the last decades is the concept of robust design and its accomplishment through the use of various experimental methods. However, the prerequisite for successful parameter design in terms of a robust solution principle is seldom discussed. Methods that explicitly aid robust design in the conceptual design phase exist but are few. This article forwards the suggestion to use the principles behind the error transmission formula as a semi-analytic method for evaluation of robustness of concept solutions, prior to entering Taguchi's parameter design stage.     

Dynamic fault tree analysis using Monte Carlo simulation in probabilistic safety assessment

Traditional fault tree (FT) analysis is widely used for reliability and safety assessment of complex and critical engineering systems. The behavior of components of complex systems and their interactions such as sequence- and functional-dependent failures, spares and dynamic redundancy management, and priority of failure events cannot be adequately captured by traditional FTs. Dynamic fault tree (DFT) extend traditional FT by defining additional gates called dynamic gates to model these complex interactions. Markov models are used in solving dynamic gates. However, state space becomes too large for calculation with Markov models when the number of gate inputs increases. In addition, Markov model is applicable for only exponential failure and repair distributions. Modeling test and maintenance information on spare components is also very difficult. To address these difficulties, Monte Carlo simulation-based approach is used in this work to solve dynamic gates. The approach is first applied to a problem available in the literature which is having non-repairable components. The obtained results are in good agreement with those in literature. The approach is later applied to a simplified scheme of electrical power supply system of nuclear power plant (NPP), which is a complex repairable system having tested and maintained spares. The results obtained using this approach are in good agreement with those obtained using analytical approach. In addition to point estimates of reliability measures, failure time, and repair time distributions are also obtained from simulation. Finally a case study on reactor regulation system (RRS) of NPP is carried out to demonstrate the application of simulation-based DFT approach to large-scale problems.     

Quantification of epistemic and aleatory uncertainties in level-1 probabilistic safety assessment studies

There will be simplifying assumptions and idealizations in the availability models of complex processes and phenomena. These simplifications and idealizations generate uncertainties which can be classified as aleatory (arising due to randomness) and/or epistemic (due to lack of knowledge). The problem of acknowledging and treating uncertainty is vital for practical usability of reliability analysis results. The distinction of uncertainties is useful for taking the reliability/risk informed decisions with confidence and also for effective management of uncertainty. In level-1 probabilistic safety assessment (PSA) of nuclear power plants (NPP), the current practice is carrying out epistemic uncertainty analysis on the basis of a simple Monte-Carlo simulation by sampling the epistemic variables in the model. However, the aleatory uncertainty is neglected and point estimates of aleatory variables, viz., time to failure and time to repair are considered. Treatment of both types of uncertainties would require a two-phase Monte-Carlo simulation, outer loop samples epistemic variables and inner loop samples aleatory variables. A methodology based on two-phase Monte-Carlo simulation is presented for distinguishing both the kinds of uncertainty in the context of availability/reliability evaluation in level-1 PSA studies of NPP.     

基于危险分析与风险评价的液压提升机安全设计

介绍了液压提升机的安全性能要求,对液压提升机进行了危险分析和风险评价,确定了各子系统的危险分值,得到了安全设计中必须高度关注的子系统;进行了各子系统的安全可靠度的预计与分配,并简要分析了子系统的安全设计要点,为液压提升机的安全可靠性分析与设计提供了依据。     

Quantified risk assessment in railway system design and operation

Over the last few years quantified risk assessment (QRA), a technique developed in the process industries, has moved into the railway and mass transport arenas. Many quantified risk assessments are now appearing covering varying aspects of railway operation and design. This paper highlights the strengths and weaknesses of the QRA technique, with specific reference to its use in railway system design and operation. Suggestions are made as to how best to manage and present a QRA, and these are illustrated in a section explaining the systematic approach of Cross Rail, a joint London Underground/British Rail/Railtrack £2 billion railway for London. Throughout this paper it is stressed that good QRA comes from management of the process and not of the ‘final figure’. The paper concludes with a listing of recommendations that are considered to be the minimum needed for the future progress of railway QRAs. Consequently the paper will be of special interest to those railway organizations undertaking or managing a QRA for the first time. Special reference is made to the use of QRAs in the presentation of Railway Safety Cases and project design.     

On the distribution type of uncertain inputs for probabilistic assessment

The effect of distribution type of uncertain inputs on the probabilistic assessment result of a system is illustrated. The tested systems include linear function, positive exponential function, negative exponential function, and reciprocal function, and a proposed corrosion mechanism for radwaste package in addition. The four types of distributions analyzed are uniform (U), log-uniform (LU), normal (N), and log-normal (LN) distributions. Latin hypercube sampling (LHS) was applied to take samples from the uncertain inputs, and the data sets obtained from the said samples were uncorrelatedly arranged before computation. The Fourier amplitude sensitivity test (FAST) was also applied to calculate the sensitivity index of the four distributions. Based on the safety assessment point of view, the results of this paper provide a rationale for the choice of the distribution type between U and LU distributions when the available data points are scarce. The result of the FAST indicates that the sensitivity of the four distributions is, in the order, S_U>S_LU>S_N>S_LN. This suggests a need to carefully identify whether the uncertain inputs are of U distribution for the purpose of sensitivity analysis.     

Advanced nuclear power plant regulation using risk-informed and performance-based methods

This paper proposes and discusses implications of a largely probabilistic regulatory framework using best-estimate, goal-driven, risk-informed, and performance-based methods. This framework relies on continuous probabilistic assessment of performance of a set of time-dependent, safety-critical systems, structures, components, and procedures that assure attainment of a broad set of overarching technology-neutral protective, mitigative, and preventive goals under all phases of plant operations. In this framework acceptable levels of performance are set through formal apportionment so that they are commensurate with the overarching goals. Regulatory acceptance would be the based on the confidence level with which the plant conforms to these goals and performance objectives. The proposed framework uses the traditional defense-in-depth design and operation regulatory philosophy when uncertainty in conforming to specific goals and objectives is high. Finally, the paper discusses the steps needed to develop a corresponding technology-neutral regulatory approach from the proposed framework.     

A quantitative assessment of LCOs for operations using system dynamics

Limiting conditions for operations (LCOs) define the allowed outage times (AOTs) and the actions to be taken if the repair cannot be completed within the AOT. Typically plant shutdown is required. In situations where the risk associated with the action, i.e. the risk of plant shutdown given a failure of the safety system, may be substantial, a strategy is needed to control the plant risk. In this study the changing operation modes are evaluated quantitatively and dynamically using the tool of system dynamics. System dynamics has been developed to analyze the dynamic reliability of a complicated system. System dynamics using the Vensim software have been applied to LCOs assessment for an example system, the auxiliary feed water system of a reference nuclear power plant. Analysis results of both full power operation and shutdown operation have been compared for a measure of core damage frequency. The increase in core damage frequency is used as a measure in this study. A time dependent framework developed in this study has been shown to be very flexible in that it can be applied to assess LCOs quantitatively under any operational context of the Technical Specifications in Final Safety Analysis Report of the reference plant.     

Constrained optimization of test intervals using a steady-state genetic algorithm

There is a growing interest from both the regulatory authorities and the nuclear industry to stimulate the use of Probabilistic Risk Analysis (PRA) for risk-informed applications at Nuclear Power Plants (NPPs). Nowadays, special attention is being paid on analyzing plant-specific changes to Test Intervals (TIs) within the Technical Specifications (TSs) of NPPs and it seems to be a consensus on the need of making these requirements more risk-effective and less costly. Resource versus risk-control effectiveness principles formally enters in optimization problems. This paper presents an approach for using the PRA models in conducting the constrained optimization of TIs based on a steady-state genetic algorithm (SSGA) where the cost or the burden is to be minimized while the risk or performance is constrained to be at a given level, or vice versa. The paper encompasses first with the problem formulation, where the objective function and constraints that apply in the constrained optimization of TIs based on risk and cost models at system level are derived. Next, the foundation of the optimizer is given, which is derived by customizing a SSGA in order to allow optimizing TIs under constraints. Also, a case study is performed using this approach, which shows the benefits of adopting both PRA models and genetic algorithms, in particular for the constrained optimization of TIs, although it is also expected a great benefit of using this approach to solve other engineering optimization problems. However, care must be taken in using genetic algorithms in constrained optimization problems as it is concluded in this paper.     

Key attributes of the SAPHIRE risk and reliability analysis software for risk-informed probabilistic applications

The Idaho National Laboratory is a primary developer of probabilistic risk and reliability analysis (PRRA) tools, dating back over 35 years. Evolving from mainframe-based software, the current state-of-the-practice has led to the creation of the SAPHIRE software. Currently, agencies such as the Nuclear Regulatory Commission, the National Aeronautics and Aerospace Agency, the Department of Energy, and the Department of Defense use version 7 of the SAPHIRE software for many of their risk-informed activities. In order to better understand and appreciate the power of software as part of risk-informed applications, we need to recall that our current analysis methods and solution methods have built upon pioneering work done 30–40 years ago. We contrast this work with the current capabilities in the SAPHIRE analysis package. As part of this discussion, we provide information for both the typical features and special analysis capabilities, which are available. We also present the application and results typically found with state-of-the-practice PRRA models. By providing both a high-level and detailed look at the SAPHIRE software, we give a snapshot in time for the current use of software tools in a risk-informed decision arena.     

Rapid risk assessment using probability of fracture nomographs

Traditional risk-based design process involves designing the structure based on risk estimates obtained during several iterations of an optimization routine. This approach is computationally expensive for large-scale aircraft structural systems. Therefore, this paper introduces the concept of risk-based design plots that can be used for both structural sizing and risk assessment for fracture strength when maximum allowable crack length is available. In situations when crack length is defined as a probability distribution the presented approach can only be applied for various percentiles of crack lengths. These plots are obtained using normalized probability density models of load and material properties and are applicable for any arbitrary load and strength values. Risk-based design plots serve as a tool for failure probability assessment given geometry and applied load or they can determine geometric constraints to be used in sizing given allowable failure probability. This approach would transform a reliability-based optimization problem into a deterministic optimization problem with geometric constraints that implicitly incorporate risk into the design. In this paper, cracked flat plate and stiffened plate are used to demonstrate the methodology and its applicability.