Risk Assessment and Probabilistic Risk Assessment (PRA)

1
Risk Assessment and Probabilistic Risk
Assessment (PRA)

• Mario. H. Fontana PhD.,PE
• Research Professor
• Arthur E. Ruggles PhD
• Professor
• The University of Tennessee

2
Definition of Risk

• Risk Probability of occurrence x consequences.
  We will focus on Core Damage, or Large Early
  Release as consequences.
• PRA models are normally consequence specific.

3
Total Risk Spici
Total risk would include releases, core damage,
and others.
4
Probability

• Probability is a way to predict stochastic events
• Common events probability fairly well known.
  (e.g., MOCV failure rate, lots of data)
• Rare events Less well known. Much less data.
• New Systems and Components No data

5
Consequences

• Conseqences from nuclear reactor accidents could
  be
• damage to plant
• Impact to environment
• Loss of land use
• Cost of evacuations, sheltering, etc
• Health (morbidity) effects
• Life threatening effects

6
Fault Trees

• Fault trees are used to determine the probability
  of a top event (e.g., core damage).
• Top event defines the failure or success of a
  system or component
• Fault tees use a structure of logical operations
  to calculate the probability of the top event as
  a result of basic events inputs

7
Fault Trees (2)

• The undesired event is stated at the top of the
  tree
• The fault tree gates specify logical combinations
  of basic events that lead to the top event
• Fault trees can be used to identify system
  weaknesses

8
Fault Trees (3)

• Fault trees can help recognize interrelationships
  between fault events
• Fault trees consist of logic gates and basic
  events as inputs to the logic gates
• Logic Gates Boolean operations (union or
  intersection) of the input events
• Basic Events Faults such as a hardware failure,
  human error, or adverse condition

9
AND Gate

• Event 6 and event 7 must occur to pass the
  gate. P(Q) P(A)P(B)

10
Amplifier Failure Mode Probabilities, NUREG 0492
11
Probabilities add for the OR gate, since either
input, or both, will pass failure through.
P(Q)P(A)P(B)
12
Basic event

• Basic events provide input to the fault tree,
  such as failure of a component or system,
  expressed as a probability. The circle indicates
  that no further development is necssary

13
Additional Gates (SAPHIRE)
14
Steps to building a fault tree

• Identify a top event as a failure to perform a
  function (system, component, or human failure,
  for example)
• Identify events that could contribute to failure
  of the top event (usually logic gates)
• Identify further lower level events that could
  contribute to the intermediate event

15
Steps to building a fault tree (2)

• Continue until reach basic events, which comprise
  inputs (such as component failures) to the tree
• Saphire then will perform the calculations

16
Outputs from Saphire calculations

• Calculate failure probability of top event
• Calculate failure probability of intermediate
  events
• Identify cut sets
• Cut set is a sequence of events that proceed from
  the basic event to the top event in an unbroken
  sequence
• Minimal cut sets are cut sets that contain
  minimal number of events that are not contained
  in other cut sets.

17
Outputs from Saphire calculation (2)

• Provide importance factors that indicate relative
  importance of Basic events
• e.g, RIR, Risk increase ratio Ratio of top event
  failure probability with a given Basic event
  failure probability set to 1 (guaranteed
  failure) and the rest remaining at their
  baseline value.
• There are several other measures that will be
  discussed later(See Saphire)

18
Outputs from Saphire calculation (3)

• Calculate uncertainty of top event failure
  probability given uncertainty distributions of
  the basic events.
• Usually calculations are done with point
  probability values (no distribution) but others
  can be done with different inputs
• Normal, log normal, uniform, histogram, many
  others

19
Cut Sets

• A cut set is the path by which one or more basic
  events lead to the top event.
• For example,
• a one element cut set identifies where failure of
  one basic event causes failure of the top event
• a two element cut set shows how failure of two
  basic events cause failure of the top event
• Obviously, one element cut sets should be
  avoided. (Like one bolt holding on a wing of an
  airplane one failure causes one disaster.)

20
Cut sets (2)

• Minimal cut sets are the smallest set of events
  that can cause failure of the top event. Cut
  sets that contain events already contained in a
  smaller set are discarded. Whats left are
  minimal cut sets.

21
Larger Model
22
Cut sets
23
EVENT TREES

• Event trees start with an initiating event,
  branch to the right as various safety functions
  are questioned for success (up) or failure (down)
  (ref Saphire manual)
• Event trees
• Identify accident sequences
• Identify safety system functions
• Quantify sequence frequencies

24
EVENT TREE DEVELOPMENT

• Plant familiarization
• Define safety functions and success criteria
• Select initiating events
• Determine plant response
• Define accident sequences plant damage states
• Identify system failure criteria
• Develop fault trees link to event tree

25
EVENT TREE TERMINOLOGY

• Initiating event
• Top event Safety systems intented to respond to
  the initiating event
• Branching Underneath a top event Up success,
  Down failure
• Pass No branch beneath a top event
• Sequence Branching path, initiating event to
  end state
• End states consequences and probabilities

26
Event tree- Reactor Loss of Offsite Power
27
Emergency Core Cooling System Fault Tree (ECCS)
28
Summary

• Risk assessment is a powerful tool for
• Forcing disciplined approach to analysis of
  safety issues
• Forcing understanding of the system being
  evaluated
• Providing methods for estimating modes of
  failures
• Providing methods for estimating probabilities of
  failures
• Identifying areas where more information is
  needed
• Identifying acceptability and/or areas needing
  improvement