Core Protection Flashcards
Identify ways a core can fail
- A failure of the heat removal systems (loss of reactor coolant flow, loss of coolant, loss of feedwater flow, loss of decay heat removal)
- An increase of heat created beyond the ability of the heat removal systems (failure of the reactor to trip when required ATWS, Rod ejection (PWR), inadvertent deboration (PWR)
- The inability to transfer heat from the fuel (loss of subcooling, departure from nucleate boiling, onset of transition boiling)
(L1 p4)
Describe the elements of the defense-in-depth philosophy
1) Prevention of accidents - high quality design, construction, inspection, and testing coupled with operation of the plants in accordance with approved procedures
2) Termination of accidents - is supported by redundancy and diversity in safety equipment used in conjunction with approved procedures and strategies.
3) Mitigation of accidents - is accomplished through the use of multiple barriers to fission product release plus approved emergency preparedness.
(L1 p8)
Describe the roles of procedures in the defense-in-depth philosophy
Prevention of accidents is supported by operation within the limits of normal operating procedures. Those limits are prescribed by the (FSAR), and are included in the applicable plant procedures. The FSAR generally assumes that, at the time of accident initiation, the plant is operating within the constraints of those limits.
Termination and mitigation of accidents require the use of procedures. If operation of the plant causes certain parameters to be exceeded, automatic protection systems act to terminate operations by tripping the reactor. Redundant and diverse systems actuate to provide core cooling, negative reactivity insertion, and containment cooling. Those automatic actions will require the station personnel to respond to the event using normal and emergency procedures to ensure the plant is ultimately restored to a normal operating condition. If the automatic systems fail, the operators will act in accordance with procedures to manually take action to trip the reactor and provide core cooling.
**In summary, defense-in-depth requires the use of procedures to prevent accidents by maintaining normal plant operating conditions, and to terminate and mitigate accidents when they occur.
(L1 p9,10)
Define a design basis accident
A DBA is typically a worst-case accident of interest. NRC: “a postulated accident that a nuclear facility must be designed and built to withstand without loss to the systems, structures, and components necessary to ensure public health and safety”.
(Ex. mechanical failure of a single component leading to the release of radioactive material from one or more barriers -breakage of the coupling between a control rod drive and control rod. Arbitrary rupture of any single pipe up to and including complete severance of the largest pipe in the nuclear system process barrier.)
For example, an accident may result in an interruption of core cooling flow or a loss of electrical generation, but the ultimate goal is to ensure the safety of the public.
(L1 p14)
Define PRA, including its attributes
is a quantitative assessment of the risk associated with plant operation and maintenance. This risk is measured by how often different events that lead to severe core damage occur. The original goal of PRA was to analyze and understand severe accident behavior, and then identify and fix the plant vulnerabilities.
Attributes:
- It realistically models plant design, plant procedures, and human performance
- It is a best estimate
- It is not a safety-related tool
- It is a mathematical model of all important plant systems using plant-specific data for critical components
- It models the plant response for various initiating events using calculated system reliabilities
- It takes into account realistically usable mitigating equipment
Risk = Probability x Consequences
(L2 p2)
Identify how PRA supports various engineering activities, including examples.
Design Engineer:
- Installing new safety-related equipment to the plant
- Adding a backup cooling supply to a piece of safety-related equipment
- Changing control room indications
- Replacing an AOV with an MOV
- Changing failure mode of equipment
- Evaluating the impact of a modification on safety margin and reliability
Systems Engineer:
- Supporting justifications for continued operation
- Incorporating Maintenance Rule (10CFR50.65)
- Determining the Mitigating Systems Performance Index (MSPI)
- Determining risk factors for on-line work activities
- Providing input for plant testing
PRA Engineer:
- Using the Significance Determination Process
- Using the Mitigating Systems Performance Index (MSPI)
- Using the Reactor Oversight Process
- Providing basis for Equipment out of Service (EOOS)
- Providing basis for risk-informed Technical Specifications
(L2 p9)
Define Safety Limits
are limits on the specific nuclear process variables imposed by technical specifications. These limits are set to ensure the integrity of the fission product barriers.
Examples of safety limits for a BWR are:
- Maintain Thermal Power less than some maximum Reactor Thermal Power (RTP) with low reactor coolant system pressure and low core flow
- Minimum Critical Power Ratio (MCPR) greater than some minimum limit with higher reactor coolant system pressure and core flows above some minimum value
- Reactor water level greater than the top of active irradiated fuel
- Reactor steam dome pressure less than a maximum limit
Examples of safety limits for a PWR in modes 1 or 2 are:
- Fuel pin centerline temp less than some maximum limit
- Departure from Nucleate Boiling Ratio (DNBR) greater than some minimum value
- RCS pressure less than some maximum value
Define limiting conditions for operation (LCOs).
LCOs specify the minimum acceptable levels of system performance necessary to assure safe operation of the facility. A typical LCO has four major sections
1) Statement: This is the requirement.
An example statement is: “A recirculation loop Flow Control Valve (FCV) shall be OPERABLE in each operating recirculation loop.”
2) Applicability :This section lists the reactor modes when the requirements of the LCO must be met.
Modes are specific plant conditions based on reactor coolant system temperature, reactor power or criticality, and reactor vessel head integrity.
3) Actions:
- Actions that must be met
- The time limits for completing those actions when limited conditions of operation (LCOs) are not satisfied
4) Surveillance Requirements: testing or verification activities performed on a specified frequency that ensure the LCO requirements continue to be met.
(L3 p9)
State the hierarchy of limits on safety parameters.
1) Normal Automatic Controls - established setpoints
2) Alarms/Operator Action - deviation from automatic controls
3) Automatic Trips/Relief - Auto. trip of equipment, or relief of energy (ex. relief valves)
Emergency Operating Procedures/Operator Action (RANGE b/t 3 and 4)
4) Tech Spec Limit - the plant is designed to survive a DBA with the parameter less than that value.
5) Design/Test Limit - highest value for a specified parameter that a piece of equipment is designed to survive and remain operational.
6) Break Point - equipment actually fails somewhere above the design limit.
Describe core cooling during power operation
PWR - heat transfer that occurs in the steam generator (secondary side cools the moderating water that is heated by the fuel)
BWR - heat is transferred out of the fuel pin and into the reactor coolant via convective heat transfer, which increases the water’s temperature. This water turns to steam goes through the turbine and cools off in the condenser.
(L4 p2-3)
Describe core cooling mechanisms while shutdown
PWR - Normally, after a reactor shutdown or reactor trip, the reactor coolant system (RCS) continues to operate to remove the decay heat from the nuclear core. The reactor coolant pumps circulate water through the RCS, transfering the decay heat from the fuel to the secondary fluid in the steam generators. While the reactor is shut down, the heat sink for this steam is typically either the condenser or atmosphere. This process is similar to power operation except that steam is not sent to the turbine to generate electricity.
When reactor coolant temperatures are too low to support adequate steam formation in the steam generators, the residual heat removal (RHR) system is used to remove most of the remaining decay heat. This system moves reactor coolant from the RCS and passes it through a heat exchanger, transferring the heat to a separate cooling water system. The RHR system removes heat from the RCS to cool the plant to an ambient temperature for maintenance or refueling operations and maintain the RCS temperature below saturation conditions.
(L4 p6, 7)
Describe emergency core cooling mechanisms
PWR - Safety Injection (SI) is the method for injecting large amounts of makeup water into the reactor core during accident/emergency conditions, when the normal method of core heat removal is insufficient or unavailable. A safety injection can be initiated automatically by the Engineered Safeguards Actuation System (ESAS) when certain system setpoints are reached, or initiated manually by the control room operators. Once initiated, an SI signal will automatically start pumps and reposition valves in the Emergency Core Cooling System (ECCS) to direct the makeup water into the Reactor Coolant System piping and ultimately to the reactor vessel and the fuel. An SI signal will also activate other emergency equipment, such as emergency power sources and important support systems, which help mitigate a potential accident.
The ECCS consists of four primary subsystems: water sources (borated water - initial source, CNMT sumps - secondary source - cooled by RHR HX), High Head SI pumps, Low Head SI pumps, and accumulators.
(L3 p15-18)
BWR - 1) HPCore Spray & HPCoolant Injection (HPCI) - ECC for small breaks in the reactor coolant pressure boundary that do not depressurize the reactor vessel.
3) LPCI - used to restore and maintain the reactor pressure vessel water level after a LOCA event where the vessel is depressurized. Part of RHR.
4) Core Spray or LPCS - restore and maintain reactor pressure vessel water level after a LOCA event where the reactor vessel has been depressurized.
5) Automatic Depressurization System - depressurize reactor after a pipe break in the RCP boundary. Used when pressure cannot be reduced and the ECCS cannot maintain the water level above the very low level mark. Will only depressurize the vessel and not replace water.
(L4 p22)
Identify mechanisms required for natural circulation to occur
Natural circulation flow is caused by the pressure differential between two columns of water of different densities. Those different densities are caused by temperature differences of the water that generate a thermal driving head for flow.
Four conditions must be present for natural circulation to occur:
1) A heat source (the reactor core)
2) A heat sink to which the secondary fluid transfers its heat (the steam generators)
3) The heat sink (steam generators) must be at a higher elevation than the heat source (reactor core)
4) A continuous, unobstructed flowpath (the reactor coolant system piping)
Once these conditions are met and natural circulation is taking place, the continuous flow of coolant without the aid of a pump will remove heat from the fuel.
BWR: Natural circulation readily takes place in a BWR since the cold water column is outside the shroud, and the heated water column is inside the shroud and throughout the reactor core. Water heated in the core is displaced by cooler water entering from the downcomer region at the bottom of the core. As the water is heated and rises through the reactor, it reaches the spill-over point at the steam separators where the water flows into the downcomer region.
The water level must be maintained above the bottom of the dryer skirt to ensure enough head pressure is generated to force water through the steam separators. The process of natural circulation can happen in a BWR, but is not the normal mode of operation.
(L4 p10-13)
Describe DBA-LOCA, including symptoms and indications
A Design Basis Accident (DBA) is typically a worst-case accident of interest used to design plant components.
(PWR) DBA-LOCA:
is defined as a double-ended guillotine piping rupture with a simultaneous loss of off-site power. The single worst case active failure is also assumed. This accident has major implications on Nuclear Steam Supply System (NSSS) design, and the ECCS.
(BWR) DBA-LOCA:
is defined as an instantaneous guillotine severance of the recirculation line with a simultaneous loss of off-site power. The single worst case active failure is also assumed. “Instantaneous guillotine” means that the pipe is postulated to crack completely through and around its circumference and immediately separates so that blowdown flow comes out of both ends across the full inside diameter.
Symptoms and Indications:
PWR:
- Unusual increase in containment pressure
- Decreased reactor coolant system pressure
- All ECCS pumps start
- Reactor may empty and depressurize
BWR:
- Rapid rise in dry well (Primary Containment) pressure
- Decrease in reactor water level
- All ECCS pumps start
- Reactor empty and depressurized (inventory to suppression pool)
(L5 p2-3)
Identify the sources and dangers of hydrogen
The hydrogen generated during accident and post-accident conditions is a concern because of the potential for a hydrogen burn or explosion. If the burn or explosion is inside the containment, the design limit for containment pressure may be approached or exceeded, thus challenging the containment barrier.
When airborne, hydrogen has both explosive and flammable ranges:
Explosive range: 18%-59%
Flammable ranges: ~4%-18%, and 59%-75%
Sources:
1) Radiolytic Decomposition of Water:
- Occurs in high gamma flux
- The most prevalent hydrogen source after a design basis LOCA (chronic source of hydrogen)
2) Zinc Paint Corrosion and Zinc Corrosion:
- Found in paint, conduit, and junction boxes
- Second most prevalent source
3) Aluminum-corrosion:
- Extreme reaction with NaOH
- Because of this, there are limits on aluminum in Containment
4) Zirc–water Reaction:
The zirconium reaction with water forms zirc-oxide, represented by the formula, Zr+2H2O→ ZrO2+2H2+heat. The Zirc-H2O reaction:
~1800°F: Starts
~2200°F: Becomes significant
~2800°F: Becomes self-sustaining
~3375°F: Zirc-oxide melts (at ~5080°F, the fuel melts)
ZrO2 is very brittle and the H2 gas produced is a potential explosive hazard.
5) RCS Hydrogen Inventory:
This occurs since radiolytic decomposition of water occurs even at low neutron flux levels.
6) Pressurizer Bubble:
This occurs only in PWRs. This is primarily due to Radiolytic Decomposition of Water.
(L5 p10)
