安全度評估在核安管制上的應用 趙衛武 博士 2008年兩岸核能交流研討會 Good morning! I am Wei-Wu Chao, from Atomic Energy Council. Today I am going to share the application of PSA to regulatory and safety decisions to you. We normally called PSA PRA here in Taiwan, so I’ll use both of these two terms interchangeably throughout my presentation.

簡 報 大 綱 安全度評估在台灣的發展狀況 安全度評估近年在核安管制上的應用案例 安全度評估應用之未來展望 結 語 The outline of my presentation includes: PSA development in Taiwan Recent PSA applications PSA application in the future And finally, some conclusions

安全度評估在台灣的發展狀況 安全度評估 (Probabilistic Risk Assessment, 以下簡稱PRA)是一種以系統化的方式，來計算核能電廠爐心受到損壞及放射性物質外釋事故發生機率的技術。 美國三哩島核能電廠發生部分爐心損壞的事故後，核能管制單位逐漸重視此種分析技術，並要求各核能電廠執行個廠之安全評估並進行改善，以增進運轉安全性 。 As you may already know that Taiwan began to construct and operated nuclear power plants in the 1970s. After 1979 Three-Mile-Island II accident, nuclear regulator and industry adopt the probabilistic risk assessment to further evaluate the plant safety. So, in the 1980s, with the assistance from USNRC, and a consulting firm NUS, AEC along with Taipower, INER has completed the first version of PRA for Kuosheng, Maanshan, and Chinshan plants. Based on these preliminary PRA results, Taipower has improved some safety-significant systems for each plant, that includes adding a swing diesel generator at every site (we sometimes call it the 5th diesel generator) to enhance the capability in case of loss of offsite power event.

安全度評估在台灣的發展狀況 (續) 1980年代 由原子能委員會出面召集國內外相關專家( USNRC, NUS, Taipower, INER)，進行核能電廠的PRA，並分別於1985 (核二廠) 、1987 (核三廠) 、1991 (核一廠)完成三座核能電廠功率運轉下之PRA。 台電公司隨後根據各廠分析的結果來進行各項改善工作，例如：三個電廠都新增了第五台緊急柴油發電機，大幅地增強應付喪失交流電源事件(全黑事件)的能力，此外也強化了耐震、防風、防火功能。

安全度評估在台灣的發展狀況 (續) 1990年代 台電公司在核能研究所的協助下，持續發展以個人電腦操作為基準之活態安全度評估技術(living PRA) ，並定期更新模式及結果. 廠外事件如：地震、颱風、水災、火災的模式亦陸續加入活態PRA中。停機安全度評估(Shutdown PRA)也被開發完成。 歷經此一時期的研發後，PRA的技術可謂發展齊備。 In the 1990s, The methodology of living PRA, which stands for PC-based, as operated NPP model, were introduced in Taiwan by INER and Taipower in early 1990s. External events (seismic, typhoon, flooding, fire) were also incorporated in living PRA. Both power operation and shutdown PRAs have been developed. So, in this period of time, PRA model and tools are being refined.

核二廠安全度評估結果更新前後之比較

核三廠安全度評估結果更新前後之比較

核一廠安全度評估結果更新前後之比較

安全度評估在台灣的發展狀況 (續) 2000迄今 台電公司持續與核能研究所合作開發風險監看程式 “TIRM” (Taipower Integrated Risk Monitor) ，以協助電力公司對核能電廠運轉組態風險之評估及管理 。 為了協助原子能委員會對視察發現風險顯著性之判定，原子能委員會商請核能研究所發展出電腦程式PRiSE(PRA Model Based Risk Significance Evaluation ). Now in the 21st century, INER and Taipower continued to develop a PC-based risk monitor “TIRM” (Taipower Integrated Risk Monitor) to assist configuration risk evaluation and management for operating NPPs. It is also used to evaluate shutdown safety during refueling outage. To timely assess the safety significance of inspection findings, AEC contracted INER to develop a computerized tool (PRiSE) for phase-2 significance determination process (SDP). I’ll explain that a little more detailed in later slides.

安全度評估近年在核安管制上的應用案例 風險告知火災分析－防火屏蔽材料之豁免申請 選定系統之線上維修 核安管制紅綠燈（視察發現顯著性之判定） 起動變壓器允許維修時間之延長申請 In this section, I chose four examples of recent PSA applications in Taiwan, and they are: Fire barrier exemption by risk-informed fire analysis (RIFA) On-line maintenance (OLM) for selected systems Safety significance determination of inspection findings Allowed outage time (AOT) extension for startup transformer replacement

風險告知火災分析－防火屏蔽材料之豁免申請 自1990年起有關安全停機串電纜防火屏蔽材料THERMO-LAG的耐火性不符合Appendix R的問題被發現後，台電公司安裝此防火屏蔽材料的計畫便告中途暫停。 依各核能電廠換照管制追蹤案件，台電公司後續以研究計畫來搜尋合乎法規的防火屏蔽材料。 台電公司決定委託核能研究所開發風險告知防火分析技術(Risk-Informed Fire Analysis, RIFA) ，來解決此項議題。 The first case is the Fire barrier exemption by risk-informed fire analysis. It is a working item, which has been completed. This issued was raised back in the 1990s, concerning about the capability of THERMO-LAG fire barrier of cables designated for post-fire plant safe shutdown. When the issue come out, Taipower was on the process of installing THERMO-LAG to three operating nuclear power stations. And the plan then came to a halt. Taipower did try to find a qualified fire barrier to replace THERMO-LAG. But finally they decided to adopt risk-informed fire analysis (RIFA) to resolve the fire barrier issue.

風險告知火災分析－防火屏蔽材料之豁免申請 (續) 台電公司陸續提出運轉中核一、二、三廠之風險告知火災分析並申請防火屏蔽材料的豁免。 原子能委員會成立專案審查小組，邀請學者專家來審查本申請案. 考量本申請案的分析結果顯示，並不會對民眾有安全上的影響，原能會有條件地同意此豁免申請，但建立後續管制追蹤事項。 Taipower submitted RIFA analyses reports for fire barrier exemption of three operating NPPs to AEC. AEC has formed a special review team (including fire expert and police academic professor) for conducting safety assessment. With no significant safety impact to the plants and general public, AEC has conditionally approved the exemptions with follow-up action requirements.

風險告知火災分析－防火屏蔽材料之豁免申請 (續) 台電公司承諾發展各核能電廠火災後安全停機迴路之分析 。 各電廠特定事項包括： 核一廠需修改強化現有滅火系統，並重繞在特定防火分區內之部分電纜。 核二廠需重繞6條特定之電纜。 核三廠在緊急海水泵室內，需加裝一道分隔牆，以隔離電纜。 In these RIFA report, TPC commits to develop post-fire safety shutdown circuit analysis for NPPs. Plant-specific items are: For Chinshan, modifying fire extinguishing system and re-route cables in certain fire zones. For Kuosheng, six critical cables need to be re-routed. For Maanshan, a physical wall is needed for cable separations inside essential chilled water pump room. With these improvement, the fire risks could be reduced a an acceptable level.

選定系統之線上維修 有鑑於台電公司核能電廠並未實施維護法規，但欲申請部分系統之線上維修工作，原能會於2002年公布「核能電廠執行線上維修實施要點」，選定：RHR、ECW、EChW、LPCS等系統，採個案審查的方式。 線上維修申請必須涵蓋：維修範圍、運轉規範規定、電廠組態監測計畫、安全度評估(定性&定量) 。 Now let’s move to the second application of On-line Maintenance (OLM). AEC issued “Nuclear Power Plants Online Maintenance (OLM) Application Guideline” in Aug. 2002, setting up OLM acceptance criteria and applicable systems Chinshan NPP RHR OLM was approved in Aug. 2003, followed by Kuosheng NPP in Sep. 2003 and Maanshan NPP in Oct. 2003

選定系統之線上維修 (續) 核一、二、三廠選定RHR執行先導性線上維修申請，並於獲得原能會審核同意後，分別於2003年間實施。 台電公司各核能電廠已實施線上維修的系統，均依規定在允許維修時間(AOT)之60﹪內完成，且未發生非預期的事件。

選定系統之線上維修 (續) 基於以上成功的線上維修經驗，各核能電廠陸續提出申請項目如下： 核一廠： RHR Pump, RHR Booster 　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　 　 Pump 核二廠： RHR Valve & Instrument 核三廠： RHR Valve & Instrument, Containment Spray System , Essential Chilled Water System Up to Sep. 2007, Taipower successfully performed some OLMs, all of them were completed within 60﹪AOT , cases are: For Chinshan NPP, RHR Pump, RHR Booster Pump For Kuosheng NPP, RHR Valve & Instrument，AHU For Maanshan NPP, RHR Valve & Instrument, Containment Spray System , Essential Chilled Water System

選定系統之線上維修 (續) 由於台電公司於2007起試行維護法規，並於2008年正始開始實施，預期可對所有重要維修工作執行風險管理，全廠性線上維修的工作即亦將展開。 目前各核能電廠擬比照國外經驗，配合維護法規實施，推動 13 週之轉動排程(Rolling Schedule)。 Based on the experience gained from previous successful OLMs, Taipower is proposing OLM scope to be extended into further systems. Taipower commits to and will implement Maintenance Rule in 2007, which shall control OLM activities and risk management based on the principle of the rule. (As you’ve heard from James Lin from Lungmen plant yesterday, They have set up the Maintenance Rule program over last two years and currently is taking a trial run of this program, will formally start to practice next year.)

核安管制紅綠燈 為使核能電廠運轉安全狀況更透明化，原子能委員會參採美國核管會反應器監管方案(NRC ROP)中有關反應器安全領域之肇始事件、救援系統及屏障完整等三個範疇，建構了核安管制紅綠燈制度。 此制度係以績效指標(Performance Indicator)及視察指標(Inspection Findings) ，來評量核能電廠之安全狀態。 Now we come to the third example of PSA application. A so-called ”Color-designated Reactor Safety Indicator” was devised based on the idea adopted from reactor oversight process (ROP). Performance indicators of three reactor safety cornerstones (initial event, mitigating system, and barrier integrity) have been counted and posted on AEC's website since 2004. A “white” indicator of reactor core isolation cooling (RCIC) system at Chinshan Unit 1 urged the plant staff to take extra efforts solving maintenance and test problems. This shows that the indicators do give the utility pressure to have a good performance in reactor safety cornerstone.

核安管制紅綠燈 (續) 績效指標(PI) 首先於 2004起公布在原子能委員會的網站上。 2006年核一廠爐心隔離冷卻水系統(RCIC) 曾因連續出現測試失敗，而使得PI轉為白燈。台電公司及電廠相關人員均相當重視此指標，故積極採取改善措施，已有效增進RCIC之測試成功率，並轉回綠燈。

核安管制紅綠燈 (續) 原子能委員自2005年起，開始執行核安管制紅綠燈之視察。 對於視察中發現之缺失， 駐廠視察員可利用安全顯著性(Safety Significance)分析工具 快速地計算爐心受損增量(ΔCDF) ，以初步決定該視察發現之安全顯著性。 AEC began to conduct ROP baseline inspection since 2005 in reactor safety. For inspection findings, resident inspectors conduct initial screening of findings (phase 1), and then uses “PRA Model Based Risk Significance Evaluation Tool, PRiSE” for quick calculation of ΔCDF and estimation of safety significance.

核安管制紅綠燈 (續) 視察發現安全顯著性判定程序 上網公告 Yes 駐廠及專案視察 視察發現 No Yes 使用PRiSE判定 是否為綠燈 初步判定 是否為綠燈 Yes 駐廠及專案視察 視察發現 No Yes 使用PRiSE判定 是否為綠燈 No Yes 召開審查會確定燈號 是否為綠燈 The significance determination process is quite similar to NRC. If an inspection findings is identified by inspector, after phase-1 screening, he/she may utilize this computerized tool PRiSE to calculate the ΔCDF and determine the significance. If it is greater than green, then a regulatory will be called to review in details. The inspection report and result of after SDP will be posted on AEC’s website, just as NRC does in your site. No 函請台電公司申覆 審議申覆案並確立燈號 上網公告 視察發現安全顯著性判定程序

核安管制紅綠燈 (續) 視察指標之安全顯著性程度 綠燈表示無安全顧慮 白燈表示低微安全顧慮 黃燈表示中度安全顧慮 紅燈表示顯著安全顧慮 DCDF < 1E-6 1E-6 < DCDF < 1E-5 1E-5 < DCDF < 1E-4 DCDF > 1E-4 綠燈表示無安全顧慮 白燈表示低微安全顧慮 黃燈表示中度安全顧慮 紅燈表示顯著安全顧慮 The criteria and colors for determine the safety significance is basically the same as NRC SDP.

核安管制紅綠燈 (續) 完全符合 安全規定 例行性之管制 嚴重違反 安全規定 禁止運轉 視察指標 績效指標 綠 白 偏離安全規定程度增加 全部指標 白 任一指標 同基石二指標 或 不同基石三指標 偏離安全規定程度增加 管制單位介入程度增加 黃 或 任一指標 任二指標 紅 嚴重違反 安全規定 禁止運轉 整體性

核安管制紅綠燈 (續) 到目前為止，各核能電廠視察指標均為無安全顧慮的綠燈。 核二廠2號機EChW-B因寒水容量控制模組故障，造成系統不可用，視察指標有變成白燈之虞。惟經本會召開管制會議後，判定其非屬績效缺失，故仍維持綠燈. 仍有部分視察發現 (如RHR耐震能力、直流電池容量測試等) 仍待台電公司澄清後 ，再判定其安全顯著性之燈號為何？ So far, all inspection findings are determined to be green. One regulatory review meeting was called to assess the performance of emergency chilled water system (EChW) of Kuosheng plant. Some pending issues (seismic capability and battery capacity) need to be clarified after CDBI conducted earlier this year.

核二 廠Emergency Chilled Water System From Normal Chiller 277A 275A Emergency Chiller VC-16B VC1B VC5B VA1B E50B VA2B VA1D E50C VA2C N2 Exp. Tk PCV DST 275B Air Separator 277B To Normal Chiller This is an emergency chilled water system of Kuosheng plant. Because it provides cooling for ECCS pump room, the risk is quite sensitive if it fails. One incident was encountered when a refrigerant control card failed, and the its last surveillance test was done 3 months ago, so the fault exposure is 1 and half months. According to calculation, the ΔCDF will be fallen into white zone. However, after the regulatory meeting and discussion, this finding was determined not a performance deficiency. (random failure of the control card) The other incident is the plant equipment operator forgot to return a valve to its normal position after surveillance test, it may reduce the cooling capability when the demands is on. It is also a potential white finding. Again, after calculation, with conservative assumptions, ΔCDF is still within the green zone. 核二 廠Emergency Chilled Water System

起動變壓器允許維修時間(AOT)之延長申請 美國核能電廠可遵循Regulatory Guidance 1.177 執行永久性風險告知運轉規範修改(Risk-Informed Technical Specification, RI-TS) ，以延長允許維修時間(AOT )。 台電公司到目前為止並未提出此種RI-TS 之申請。 然而，台電公司因應核一廠345KV起動變壓器更換，而提出允許維修時間延長一次之申請。 The last example of my presentation is allowed outage time (AOT) extension for a special case- startup transformer replacement at Chinshan plant Permanent risk informed Technical Specification (RI-TS) change can follow Regulatory Guidance 1.177 Up to Sep. 2007, No related applications was filed by Taipower However, one-time extension of 345KV Startup Transformer AOT been has requested by Taipower and approved by AEC.

起動變壓器允許維修時間(AOT)之延長申請 (續) 2007年4月，核一廠起動變壓器發生故障而到達需更換的地步。 台電公司申請 AOT時限，暫時由3天延長到30天。 針對本案，台電公司之安全度評估結果顯示，維修時間在28天內，風險增量在法規導則的限值內，若加上一些管制措施，應可達到30天的AOT。 經過原子能委員會審查後，同意AOT延長至28天之一次申請，並要求台電公司施工前應有詳細之應變計畫 ，並採適當的管制措施，做好維修期間的風險管理。 The case of AOT extension was initiated by the following incident: Chinshan NPP 345kV Startup Transformer experienced severe damage in April, 2007, which required for replacement Taipower requested AOT temporary extension from 3 days to 30 days Taipower’s risk assessment proposed the risk was acceptable within 28 days, they also credited other analysis conservatism and requested for 30 days AEC approved a 28 days one-time AOT and requested Taipower to perform detailed contingency analysis and take appropriate measures to manage the risk during maintenance. The reason for 28-day AOT is based on the calculation of large early release frequency, which is shown as the following slide.

起動變壓器允許維修時間(AOT)之延長申請 (續) CHINSHAN ST-B Maint. Base case ST-B Maintenance Case IE\RiskMetrics CDF LERF internal 3.93E-06 1.56E-06 1.50E-05 8.09E-06 seismic 5.27E-06 4.46E-06 5.32E-06 4.50E-06 Fire 7.38E-06 1.25E-06 7.72E-06 1.31E-06 SUM 1.66E-05 7.27E-06 2.80E-05 1.39E-05 There are two acceptance criteria have to be met: ΔCDF and ΔLERF From this calculation sheet, we may find that the ΔCDF criterion could allow about 160 outage days, but the ΔLERF can only allow for 28 days outage. That’s basically why AEC’s final decision is 28 days for this one-time AOT extension request. Acceptance Criteria △CDP＜5.00E-06 △LERP＜5.00E-07 Acceptable Extension Based on △CDP/△LERP ~160 days ~28 days

安全度評估應用之未來展望 維護法規之正式實施 風險告知之相關法規導則應用：Risk-informed in-service inspection (RI-ISI), Testing (RI-IST), and technical specification (RI-TS) 全廠性之線上維修 停機安全顯著性判定工具之開發 風險告知防火法規之實施(NFPA-805) As for the future possible PSA application in Taiwan, I would say there are a lot more area to be considered. The first one is the maintenance rule implementation next year, which is soon to come. When MR is fully practiced, there will be a wide variety of area for PSA to be applied. For example, Risk-informed in-service inspection (RI-ISI), Testing (RI-IST), and technical specification (RI-TS) Plant wide OLM (not just limited systems) Shutdown SDP (Since the tool I mentioned earlier, PRiSE, is used for power operation only, AEC needs to consider for shutdown safety significance determination) The last one, plant-wide Performance-based fire protection rule implementation (NFPA-805), is currently under feasibility study. (I know there are some pilot plants are now in process of practicing the new fire regulation.)

結 語 安全度評估技術在台灣的引進、發展、改良、精進已超過25年以上的歷史。 早期的應用偏重於增進核能電廠之安全管制及改善電廠的設備。 結 語 安全度評估技術在台灣的引進、發展、改良、精進已超過25年以上的歷史。 早期的應用偏重於增進核能電廠之安全管制及改善電廠的設備。 經過多年的應用結果顯示，安全度評估已被視為執行風險告知評量之有力工具。 預期未來可應用的範圍可涵蓋整個核能電廠系統，並做為管制單位決策及電廠安全運轉和維修之用。 Finally, let me make some conclusion of my presentation: PSA has been introduced, developed, improved, refined near three decades in Taiwan. Early applications were mainly used for betterment of plant system and safety. Over these years, PSA has been proved to be a useful tool for risk-informed assessment. Full scale and plant wide PSA applications are expected in near future for both regulatory decisions and utility operations.

Thank you for your attention That concludes my presentation. Thank you very much for your attention.