Facebook Instagram Youtube Twitter

Safety Systems

Most nuclear power plants introduce a ‘defense-in-depth‘ approach to achieve maximum safety, and this approach is constituted of multiple safety systems supplementing the natural features of the reactor core. Level 3 and level 4 usually rely on various safety systems, structures, and components. Engineered safety features and protection systems are provided to prevent evolution towards severe accidents and confine radioactive materials within the containment system. The measures at this level aim to prevent core damage in particular. Design and operating procedures are also aimed at maintaining the effectiveness of the barriers, especially the containment. For example, the emergency core cooling system (ECCS) is provided to mitigate the consequences of a loss-of-coolant accident (LOCA), even though the first level of defense makes such an occurrence highly unlikely.

Safety-related

In the regulatory arena, the term “safety-related” applies to systems, structures, components, procedures, and controls (of a facility or process) that are relied upon to remain functional during and following design-basis events. Safety-related systems, structures, and components have three characteristics. They ensure:

  1. the integrity of the reactor coolant pressure boundary (the reactor vessel and associated piping that circulates the reactor coolant);
  2. the capability to shut down the reactor and maintain it in a safe shutdown condition; or
  3. the capability to prevent or mitigate the consequences of accidents that could result in potential offsite exposures

A containment isolation valve is safety-related, for example, because isolating the reactor coolant lines confines radioactivity to the containment building and performs the functions defined above. It helps keep radioactivity away from the public.

An emergency diesel generator is safety-related because providing backup power to safety-related equipment ensures the capability to shut down the reactor and maintain it safely.

Class 1E

The IEEE created its term for “safety-related electric equipment,” which is “Class 1E.” In IEEE 308 it gives the definition of Class 1E as follows:

The safety classification of the electric equipment and systems that are essential to emergency reactor shutdown, containment isolation, reactor core cooling, and containment and reactor heat removal or that are otherwise essential in preventing the significant release of radioactive material to the environment.

See also: IAEA Safety Standards, Safety Classification of Structures, Systems, and Components in Nuclear Power Plants. Specific Safety Guide No. SSG-30, ISBN 978–92 –0–115413–2. Vienna, 2014.

Active and Passive Nuclear Safety

Nowadays, the most common nuclear reactors (PWRs and BWRs) rely mostly on active safety systems. Active in the sense that they involve electrical or mechanical operation on command systems (e.g., high-pressure water pumps). But the trend is to introduce more passive design features.

Passive nuclear safety is a design approach that is more or less in use in nuclear power plants. Passive safety systems are designed to accomplish safety functions without any active intervention on the part of the operator or electrical/electronic feedback to bring the reactor to a safe shutdown state in the event of a particular type of emergency (usually overheating resulting from a loss of coolant or loss of coolant flow). These systems take advantage of natural forces or phenomena such as gravity, pressure differences, or natural heat convection.

The primary design objective of the advanced passive technology is to provide greatly simplified nuclear plant designs that meet or exceed the latest regulatory requirements and safety goals while being economically competitive with other systems.

Passive safety systems include: passive safety injection, passive residual heat removal, and passive containment cooling. These systems have been designed to meet the NRC single-failure and other recent criteria.

More recently, however, new reactor designs are making more extensive use of passive safety features for a variety of purposes, for instance, for core cooling during transients, design basis accidents or even severe accidents, or for containment cooling, with the claim that passive systems are highly reliable and reduce the cost associated with the installation and maintenance of systems requiring multiple trains of equipment requiring expensive pumps, motors, and other equipment as well as redundant safety class power supplies.

Reactor Protection System

The Reactor Protection System, RPS, is one of the safety systems and provides the following functions:

  • Monitors the plant for abnormal conditions and alerts the operator to take appropriate action
  • Automatically provides
    • reactor trip (shutdown) signals
    • engineered safeguards actuation signals when plant conditions, as monitored by nuclear instrumentation and process instrumentation, reach the plant safety limits

The RPS automatically initiates a rapid reactor shutdown (scram) by inserting control rods to preserve the integrity of the fuel cladding and reactor coolant pressure boundary. Also, the overall purpose of the reactor protection system is to prevent the release of radioactivity into the environment. The initiation of a reactor trip by the RPS prevents the core from operating in a condition that could cause damage to the core.

The protection system normally uses 2/3 or 2/4 logic. A 2/3 logic means that a trip occurs when at least 2 signals out of 3 indicate a trip condition.

Reactor trip signals provided by the system are usually as follows:

  • Manual trip signal – Redundant control board pushbuttons are provided.
  • Neutron flux trip signals – Source, intermediate, and power range signals are provided for protection during startup, full power, and shutdown operations.
  • Primary coolant trip signals – DNBR, kw/ft, high-power-to-flow, and reactor coolant pump under-speed trip signals provide trips. The main purpose is to prevent core coolant conditions which could lead to excessive fuel or cladding temperatures or excessive bulk boiling of the coolant.
  • Pressurizer trip signals – High pressure, low pressure, and high-level trip signals initiate a reactor trip.
  • Steam generator trip signals – Low feedwater flow and low water level trip signals protect against steam generator water inventory loss. High water level trip signals protect against excessive water carryover into the turbine.
  • Turbine-generator trip – A trip of the turbine-generator above a certain power level initiates a reactor trip.
  • Safety injection signal – Actuation of the Safety Injection System simultaneously initiates a reactor trip to prevent excessive reactor coolant temperature and/or pressure.

Due to its importance to safety, the RPS is designed, constructed, and tested to the highest standards. These include requirements for the ability to withstand single failures and still provide full protection, for the independence of separate trains, and for testability to insure continued reliability.

Engineered Safety Features

The main purpose of the engineered safety features is to prevent or limit the escape of radioactivity to the environment in cases of a highly unlikely transient or accident that is too severe to be managed by the reactor protection system alone. A protective action is generated when a sufficient number and combinations of these set-points have been met or exceeded.

The ESF functions include:

  • Safety injection actuation. The safety injection actuation shuts down the reactor (if it is still operating), maintains it in a shutdown state (via injection of borated water), and ensures sufficient core cooling to limit possible fuel damage.
  • Containment spray actuation. The containment spray system is automatically actuated by a very high containment pressure signal.
  • Containment isolation. Redundant isolation valves and dampers, inside and outside the containment building, are shut in all non-essential lines that penetrate the containment building to ensure no leakage from containment to the environment.
  • Steam line isolation. This isolation ensures that a steam break accident downstream of the valves is isolated, and if upstream (in containment), only one steam generator is discharged.
  • Feedwater isolation. A high steam generator water level and SI actuation also trip the main feed pumps and the main turbine.
  • Emergency feedwater actuation. The primary function of the Emergency Feedwater System is to supply feedwater to the steam generators following accidents or transient conditions when the main feedwater system is not available. The system thereby maintains the capability of the steam generators to remove plant stored heat and core decay heat by converting the emergency feedwater to steam which is then discharged to the condenser or the atmosphere.

Emergency Core Cooling System – ECCS

The purpose of the Emergency Core Cooling Systems (ECCS) aims to provide core cooling under loss-of-coolant accident (LOCA) conditions to limit fuel cladding damage. The ECCS limits the fuel cladding temperature below the limit so that the core will remain intact and in place, with its essential heat transfer geometry preserved. The Code of Federal Regulations, CFR, requires the ECCS to be designed so that after any LOCA, the reactor core remains in a geometrical configuration amenable to cooling. The basic criteria are limiting fuel cladding temperature and oxidation to minimize clad fragmentation and the hydrogen generation from clad oxidation to protect the containment.

The ECCS usually consists of redundant high-pressure systems (e.g.,3×100%) and redundant low-pressure systems (e.g.,3×100%).

  • HPCI. The high-pressure systems are the High-Pressure Coolant Injection system (HPCI) and the Automatic Depressurization system (ADS). The HPCI system maintains adequate reactor vessel water inventory for core cooling on small break LOCAs. It depressurizes the reactor vessel, allowing the low-pressure ECCS to inject on intermediate-break LOCAs.
  • LPCI. The low-pressure systems are the Low-Pressure Coolant Injection (LPCI) made of the Residual Heat Removal (RHR) system and the Core Spray (CS) system. The LPCI is an emergency system that consists of a pump that injects a coolant into the reactor vessel once it has been depressurized. The CS system (typical for BWRs) provides spray cooling to the reactor core to help mitigate the consequences of the large-break LOCAs when reactor pressure is low enough for the system to inject water into the reactor vessel. For low pressures, the accumulator injection system is also available. The accumulators are independent tanks containing borated coolant stored under nitrogen gas at a given pressure.

See also: Decay Heat Removal

Containment Systems

The containment building is primarily designed to prevent or mitigate the uncontrolled release of radioactive material to the environment in operational states and accident conditions. Therefore it is considered the fourth and final barrier in the Defence-in-depth strategy.

While containment plays a crucial role in Design Basis Accidents or Design Extension conditions, it is “only” designed to condense steam from primary coolant and to contain it inside the building.

In case of Design Basis Accidents such as the Large Break Loss of Coolant Accident (LBLOCA), the pressure increase is usually significant, and active containment systems (pressure-suppression systems) must be available to maintain the integrity (to keep the pressure and temperature under certain limits) of the containment building.

Pressure-suppression systems are critical to safety and greatly affect the size of containment. Suppression refers to condensing the steam after a major break has released it from the cooling system. There are many designs of suppression systems around the world.

Most of Pressurized Water Reactors (PWRs) containments use two-stage pressure-suppression systems:

  • Fan Cooler System. This system circulates air through heat exchangers and filters to provide the cooling of the containment atmosphere. Since this system is insufficient for suppression during a severe loss of coolant accidents, the containment spray system must be available as the secondary active pressure-suppression system.
  • Containment Spray System. This system usually consists from three elements:
    • Spray System Pump
    • Spray System Tank
    • Spray System Rings and Nozzles

When pressure increases inside the containment indicated, the containment spray system is automatically started, and the pumps (usually with 3×100% redundancy) take suction from the tank (refueling water storage tank can also be used) and pump the water into spray nozzles located in the upper part of the containment. The water droplets, being cooler than the steam, will remove heat from the steam, which will cause the steam to condense. This will cause a reduction in the pressure of the building and will also reduce the temperature of the containment atmosphere. The spray system usually contains extra chemical additives dissolved in the tank to enhance the removal of particular radionuclides from the containment atmosphere. Especially radioiodine, which is of particular importance, can be effectively bonded to potassium hydroxide or sodium hydroxide.

Most Boiling Water Reactors (BWR) containments use pressure-suppression pools to maintain the integrity of the containment building. The major containment designs are Mark I, Mark II, and Mark III. The Mark I and Mark II containments consist of two main parts:

  • A drywell houses the reactor coolant system.
  • A wetwell is a suppression chamber that stores a large body of water therefore, it is commonly called the suppression pool.

Water spray systems are usually installed in both the drywell and the wetwell. The Mark III design consists of primary containment and a drywell.

Containment buildings and containment pressure-suppression systems vary widely depending on certain reactor designs. In some cases, unique technologies can be installed. For example, the containment building of Loviisa NPP uses two ice condensers as the pressure-suppression system.

Hydrogen Mitigation in Water Cooled Power Reactors

Hydrogen mitigation in water-cooled power reactors is an important area of study in the field of the safety of nuclear reactors. Hydrogen and oxygen can be generated during the normal operation of a power reactor primarily due to the radiolysis of the water in the core.

During accidents, hydrogen and oxygen can also be generated as a consequence of:

  • Metal–water reactions in the core
  • Radiolysis of the water in the sump or the suppression pool
  • Degassing of hydrogen dissolved in the primary coolant
  • Chemical reactions with materials in the containment ( interactions of molten core debris with concrete)
  • Thermolysis of water – in extreme cases

During DBAs (Design Basis Accidents), such as the large break loss of coolant accident, the production of hydrogen (metal–water reactions in the core) is limited at low values by the operation of the emergency core cooling systems. Also, the radiolysis of the water in the core is a relatively slow process. Therefore, from the DBA’s point of view, the hydrogen hazards can be eliminated by maintaining the local hydrogen concentration below its flammability limit (4% of volume). This requirement can be ensured by mixing devices or thermal hydrogen recombiners.

 
References:
Nuclear and Reactor Physics:
  1. J. R. Lamarsh, Introduction to Nuclear Reactor Theory, 2nd ed., Addison-Wesley, Reading, MA (1983).
  2. J. R. Lamarsh, A. J. Baratta, Introduction to Nuclear Engineering, 3d ed., Prentice-Hall, 2001, ISBN: 0-201-82498-1.
  3. W. M. Stacey, Nuclear Reactor Physics, John Wiley & Sons, 2001, ISBN: 0- 471-39127-1.
  4. Glasstone, Sesonske. Nuclear Reactor Engineering: Reactor Systems Engineering, Springer; 4th edition, 1994, ISBN: 978-0412985317
  5. W.S.C. Williams. Nuclear and Particle Physics. Clarendon Press; 1 edition, 1991, ISBN: 978-0198520467
  6. G.R.Keepin. Physics of Nuclear Kinetics. Addison-Wesley Pub. Co; 1st edition, 1965
  7. Robert Reed Burn, Introduction to Nuclear Reactor Operation, 1988.
  8. U.S. Department of Energy, Nuclear Physics and Reactor Theory. DOE Fundamentals Handbook, Volume 1 and 2. January 1993.

Nuclear Safety:

  1. IAEA Safety Standards, Safety of Nuclear Power Plants: Design, SSR-2/1 (Rev. 1). VIENNA, 2016.
  2. IAEA Safety Standards, Safety of Nuclear Power Plants: Commissioning and Operation, SSR-2/2 (Rev. 1). VIENNA, 2016.
  3. IAEA Safety Standards, Deterministic Safety Analysis for Nuclear Power Plants, SSG-2 (Rev. 1). VIENNA, 2019.
  4. IAEA TECDOC SERIES, Considerations on the Application of the IAEA Safety Requirements for the Design of Nuclear Power Plants, IAEA-TECDOC-1791. VIENNA, 2016.
  5. Safety Reports Series, Accident Analysis for Nuclear Power Plants with Pressurized Water Reactors. ISBN 92–0–110603–3. VIENNA, 2003.
  6. Appendix A to 10 CFR Part 50, “General Design Criteria for Nuclear Plants.”
  7. NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition.
  8. Nuclear Power Reactor Core Melt Accidents, Science and Technology Series. IRSN – Institute for Radiological Protection and Nuclear Safety. ISBN: 978-2-7598-1835-8
  9. ANSI ANS 51.1: Nuclear Safety Criteria for the Design of Stationary Pressurized Water Reactor Plants, 1983.

See above:

Nuclear Safety