Defense in depth (nuclear engineering)
U.S. non-military nuclear material is regulated by the
Any complex, close-coupled system, no matter how well-engineered, cannot be said to be failure-proof. That is especially true if people operate controls that determine how the system performs.[2]
Fire protection defense in depth
On November 19, 1980, the NRC promulgated 10 CFR 50, Appendix R,[3] Fire Protection Program for Nuclear Power Facilities Operating Prior to January 1, 1979, which has a discussion of defense-in-depth. Defense-in-depth includes preventing plant fires; detecting, controlling, and extinguishing fires that occur; and ensuring that a fire, not promptly extinguished, will not prevent the safe shutdown of the plant.
The NRC's granted an exemption to the defense in depth regulations to the Indian Point nuclear plant. The defense in depth rule required electric power cables, which control reactor shutdown in an emergency, to have fire insulation that lasts one hour. The NRC granted Indian Point an exemption to use insulation that lasts 24 minutes.[4] The decision was challenged in Federal District Court with the judge deciding "the NRC's decision to grant the exemption was neither arbitrary nor capricious" and concluded that the agency had performed a comprehensive safety review before issuing the exemption order.[5] However, on appeal, the Federal Circuit Court, determined that the NRC must hold public hearing on any exemption to the defense in depth rule.[4]
Defense in depth in licensing basis changes
NRC's Regulatory Guide 1.174,[6] An Approach for using Probabilistic risk assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, includes a discussion of using defense in depth for changes to a nuclear power plant's licensing basis. Section 2.1.1 enumerates the elements of defense in depth:
- Balance efforts to prevent core damage, containment failure, and mitigation of accident consequences.
- Do not rely on employee training to compensate for changes to the physical systems.
- System redundancy, independence, and diversity is matched to the expected frequency, consequences, and uncertainties of the various failure and accident modes.
- Defenses against potential common-cause failures are preserved.
- Potential for the introduction of new common-cause failure mechanisms is assessed.
- Independence of barriers is not degraded.
- Defenses against human errors are preserved.
- The intent of the plant’s design criteria is maintained.
See also
References
- ^ "NRC: Glossary - Defense-in-depth". Nrc.gov. 2012-12-26. Retrieved 2013-11-11.
- ^ Daniel E Whitney (2003). "Normal Accidents by Charles Perrow" (PDF). Massachusetts Institute of Technology.
- ^ "NRC: 10 CFR Appendix R to Part 50—Fire Protection Program for Nuclear Power Facilities Operating Prior to January 1, 1979". Nrc.gov. Retrieved 2013-11-11.
- ^ a b "Court Victory on Nukes Creates Transparency on Safety Exemptions at Indian Point". 11 January 2013.
- ^ "Court Upholds NRC Permits For Entergy Nuclear Plant". Law360. 2011-03-07. Retrieved 2013-11-11.
- ^ "Regulatory Guide 1.174" (PDF). Pbadupws.nrc.gov. Retrieved 2013-11-11.