Probabilistic Risk Assessment Framework Development
for Nuclear Power Plant
Tao Liu1, Jiejuan Tong, Jun Zhao
1
Institute of Nuclear and new energy technology (INET), Tsinghua University, Beijing, China
(Liu-tao@tsinghua.edu.cn)
Abstract - Advanced Nuclear Power Plant (NPP)
concepts and technologies are currently under
development rapidly, which make the traditional
Probabilistic Risk Assessment (PRA) framework appears
some inapplicabilities. The objective of this paper is to
illuminate this problem and seek redress.
The discussion begins with traditional LWR NPP’s
PRA framework, and then points out its cause of
formation and limitations. Secondly, a new integral PRA
framework is suggested based on the safety characteristics
of the advanced NPP. Finally, a case study shows the
structure of the renewal PRA framework.
Keywords - PRA, framework, advanced NPP
I. INTRODUCTION
The first comprehensive application of methods and
techniques of Probabilistic Risk Assessment (PRA) can
date back to 1975 to the United States Nuclear Regulatory
Commission’s Reactor Safety Study (WASH-1400).
Since that landmark study, there has achieved substantial
methodological development, and Probabilistic risk
analysis (PRA) approach has become a more important
and indispensable analysis tool in safety evaluation of
Nuclear Power Plant (NPP) , which does not only limit in
design, structure, operation and regulation. PRA gives us
possibility to quantify probabilities and /or frequencies of
undesired events and the risk associated with various NPP
phase and operational modes. Currently, all NPPs
worldwide own plant-specific PRAs for practical in
diverse level of details and quality. Nowadays, a
recognized PRA framework has built, and furthermore, a
series of guidelines and rules are issued to explain and
manage the NPP PRA [1] [2].
As a mature type, light water reactor (LWR)
occupies most of nuclear power market. A three-Level
PRA framework basing on LWR NPP safety
characteristic has been accepted widely by NPP utilities
and national regulatory bodies in the past days. However,
technologies of NPP change with each passing day and
bring forward the forth-era advanced NPP. Notion of
Inherent and passive safety characteristics are utilized
throughout the advanced NPP design, which make the
configuration and safety features of NPP are much
different from the traditional, which farther make original
PRA hierarchy framework appears some unfeasible. The
traditional three Level PRA hierarchy frameworks have
978-1-4244-2630-0/08/$25.00 ©2008 IEEE
the initiatives to move forward to follow these
developments in NPP technology.
The objective of the paper is to explain the PRA
framework reform initiated by the advanced reactor
concepts and technology, and give some suggestions.
II. PRA FRAMEWORK FOR TRADITIONAL NPP
A. What is the traditional PRA framework?
A hierarchy PRA framework for traditional LWR
NPP has been constructed. The implement and
management methodologies have been studied in the
past decades and a series of guidelines and technique
documents have been issued by ASME, NRC, IAEA and
so on. As a representative, [1] and [2] give a full
description of standard PRA framework for traditional
LWR. Here refers to the description in [3] to explain the
duty and objective of each PRA level:
Level 1: the assessment of plant failures leading to
the determination of core damage frequency (CDF).
Level 2: the assessment of containment response
leading together with level 1 result, to the determination
of containment release frequencies.
Level 3: the assessment of off-site consequences
leading, together with the results of level2 analysis, to
estimates of risk to the public.
PRA may also be referred to as Probabilistic safety
assessment (PSA).
Figure 1 shows a coherent and integral PRA
framework of LWR NPP. The work of PRA can follow
it step by step to gain objectives. A brief explain can be
described as follows:
Risk arising from NPP is focus on radiological
results to human and environment. PRA method is used
to search for initiators which could possibly lead to
radiological results and evaluate their potential risk.
Screening initiating events (IEs) becomes the beginning
point of PRA. Selected IEs are generally classified into
groups and only major risk-contributors are paid
attentions in the following analysis considering the
workload.
A major task in PRA is building a model that defines
the initiators of potential accidents, the response of the
plant to these initiators and the spectrum of resulting plant
damage states. Specific accident sequences are defined
that consist of an initiation event group, specific system
failures and success, and their timings and human
responses. These then produce a plant damage state. The
1330
 Proceedings of the 2008 IEEE IEEM
system failures are in turn modeled in terms of basic
component unavailabilities and human errors to identify
their basic causes and to allow for the quantification of
the system failure probabilities (unavailabilities) and
accident sequence frequencies.
The modeling of the response results in the
generation of event sequences. Event sequences are
expressed in terms of IEs and successes or failures of
mitigating system. System failures are subsequently
represented by another set of models which are logical
combinations of simper events. Particular models for
event sequences are event tree (ET), cause consequence
diagrams (CCD) and event sequence diagrams. Models
for system failure are fault tree (FT), block diagram (BD),
go chart (GO) and so on. While use of the combined
ET/FT method represents the recommended basic
modeling approach.
Plant damage state includes those that cause core
damage or release from primary coolant or from ex-core
source. While, a level 1 PSA usually implies assessing
plant failures leading to severe core damage (CD), so,
most of PRA event sequences are extended into two end
states in general, which refer to “CD” and “OK”. Event
sequences assigned to “OK” seem no radiological
consequences. Theoretically, the amount of event
sequences equals to the 2n, where n refers to the number
of heading events. Heading events include system
response, operator action in an accident process and so on.
Risk frequency is obtained from accident sequence
quantification. Actually, analyzer use cutoff frequency
due to heavy workload to reject those sequences having
low frequency. Even though, there still remain a lot of
event sequences in NPP PRA and the total frequency of
CD sequences is assumed as a major risk identifier, which
is the objective of level 1 PRA. Level 1 PRA pays much
attention to the reactor and its related systems.
Level 2 PRA mainly focuses on behaviors inside
containment building. As a beginning point of level 2
PRA, sequences leading to CD are screening for selection
and grouping, and then defined as plant damage state
(PDS). PDS provide detail information about containment
system made by CD sequences. Containment engineered
safety features (ESF) and emergency operating procedure
(EOP) proceed to prevent release from containment and
remain radioactive nuclides in it. Further accident
progress is commonly modeled by Containment Event
Tree (CET), and the end state of CET sequences is
defined as release category (RC) which corresponds to
different release features. RC is the outcome of level 2
PRA, which will become the source of environmental
impact assessment in Level 3 PRA. Large early release
frequency (LERF) is induced as a major risk value.
RC is the bridge of level 2 and level 3 PRA. It will
be evaluated according to transfer conditions which much
rely on meteorology and population. Finally, dose
consequences are reduced from Level 3 PRA and used for
risk assessment and management.
1331
Uncertainty and sensitivity analysis are preceded
throughout the whole process, which make the
quantitative risk results more reliable.
Level 3PSA
CC1
CC2
CC3
Risk
Consequence
Integration
bins
Fig. 1. PRA framework for traditional LWR NPP
B. Why use this PRA framework?
PRA approach is to gain risk information through
probabilistic safety analysis. Coherent framework for
PRA is the requirement of PRA conducting, review,
management and update, while here our focus only
devoted to why the framework are constructed like this.
PRA framework arrangement is closely depend on the
NPP safety characteristics and analysis ability of the day.
Current hierarchical PRA framework is deduced from the
original Risk conception and especially suitable for
popular LWR NPP and present analysis capability. C
The simplest explanation for risk in PRA is event
frequency and its result. However, LWR NPP has so
complicated and redundant systems and components that
it is too difficult to develop such a simple integral
framework for it. Furthermore, Defense in depth strategy
makes NPP so colossal and complex that PRA technique
practically cannot assess the radioactive risk in one step.
In order to grasp the chief insight quickly from the
numerous and jumbled clues, and easy construct the
model, people deduce subsidiary objectives from the risk
goal such as “CDF” and “LERF” and perform the analysis
gradually by stage. On the other hand, safety
characteristics of LWR NPP are feasible to realize this
idea. There are three basic structural barriers which are
fuel cladding, primary pressure boundary and
containment, and environment is regards as the final
absorbing trap for the radiological materials. So, three-
level PRA framework has evolved corresponding to each
radiological containment shielding.
The hierarchy framework avoids facing the whole plant at
one time in analysis and easy to evaluate the main risk
conveniently. On the other hand, it still brings some
problems. Obviously, three levels conduction make the
analysis process incoherent and inefficient. In this
process, subsidiary objectives need to define and several
grouping processes are performed to decompose the duty
and accelerate the analysis. In LWR PRA,
 Proceedings of the 2008 IEEE IEEM
“CDF”,”LERF” are used and IEs grouping, PDS grouping,
RC grouping are preformed. Grouping workflow is
described in fig.2. The screening criteria should determine
first and then envelopment scenarios. This process itself
appends the analysis efforts and results in some risk terms
absent inevitably.
Criteria A
IE Analysis
Initiators
IEs
Grouping
ETs Analysis
PDSs Grouping
CETs Analysis
RISK RCs Grouping
Fig. 2. Grouping process of current consistent PRA framework
III. PRA FRAMEWORK OF ADVANCED NPP
A. Advanced NPP vs. current PRA framework
The evolution of NPPs over the last 50 years is
usually subdivided into four generations [3]: the first
NPPs for commercial electricity production are classified
as Generation I, The currently operating ones as
Generation II. Advanced NPPs refer to generation III and
IV, which are within the scope of this paper. The largest
improvement of advanced NPPs compared to generation
II is that many passive or inherent safety features are
incorporated which require no or minimal active
components and/or controls or operational intervention
measures to avoid serious propagation of an accident
sequence. These safety features may rely on gravity,
natural convection and heat transfer, and so on [4]. More
information on advanced reactor NPPs can be found in [5-
8]. These advanced reactors have typically [3]:
1) A standardized design for each type to expedite
licensing, reduced capital cost and construction time,
2) A simpler and more robust design, making them
easier to operate and less vulnerable to disturbances,
3) Higher availability and longer operating lifetime
–typically 60 years,
4) Reduced possibility of core melt,
5) Improved mitigation of severe accidents and
minimal effect on the environment,
6) Higher burn-up to reduce fuel use and the amount
of waste,
7) Burnable absorbers to extend fuel life.
It has shown some unbefitting points when using the
existing PRA framework for the advanced NPP. These
inexplicabilities can be included as follows:
1) In traditional PRA framework, CDF and LERF
are recognized as the subsidiary risk identifier. They may
have no corresponding terms in advanced NPP. In
traditional PRA framework, level is classified according
to the risk identifier, and further environmental
assessment mostly focuses on sequences leading to CD
and LER. However, advanced NPP design achieves a
very high safety level, which makes the core damage
cannot be evaluated easily. In addition, improved severe
accidents prevention and mitigation measures also reduce
LERF. Advanced design conception may avoid large early
release. So the unfitness of subsidiary risk objectives may
Cutoff
ask for new substitute and therefore bring the adjustment
of PRA level.
Criteria B 2) In traditional PRA framework, event tree and
fault tree are the most important configuration. This
Cutoff situation may be changed in advanced NPP PRA. ET/FT
is capable of modeling the accident progress and system
Criteria C failure in LWR PRA. While, in advanced NPP, more
inherent characteristics and passive systems play
Cutoff
important roles in NPP design, which undertake more
safety function instead of active system. The reliability of
passive systems cannot be evaluated correctly by fault
tree. Because the performance of passive systems is more
depend on nature conditions, so the uncertainty may be
paid more attention than before. The existence of much
passive systems asks for new method for reliability
analysis, which may change the fault tree embranchment
in the original PRA framework.
3) In traditional PRA framework, most scale and
attention focus on plant information, especially the
nuclear island. On the contrary, the environment factors
which influence the fission products’ transfer are devoted
less. This Pattern may be reversed in advanced NPP PRA
framework. Because Plants’ configuration is much
simpler and robust than before, and the capacity of safety
system and supporting system are largely reduced. Design
simplification makes the accident progress and the
phenomenon clearer than before. It turns easy to
determine the accident sequences and simple to model the
plant corresponds. Calculation codes will become easier
to simulate the accident scenarios and get results. On the
other hand, more efforts will focus on the radiological
materials transference. The PRA framework of advanced
NPP may be a reversed “pyramid” from information and
workload aspect.
Deeper insights from nuclear safety research,
operational experience, abnormal occurrences and
precursors in existing NPPs motivated the nuclear
industry to further develop the existing traditional PRA
towards “advanced” ones. It is the time to consider a
suitable PRA framework for advanced NPP.
B. PRA framework reform suggestion
According to above statement, some pieces of
suggestion are provided for advanced NPP PRA:
1) Three-level PRA framework can be integrated
into one level. There already have experiences in level1/2
combination, because these two levels are mainly focus
on power plant equipment and building.
1332
 Proceedings of the 2008 IEEE IEEM
2) Newly educed objective can be used instead of
“CDF” and “LERF”. They will be more effective to
enhance the public confidence for NPP and scientific
rationality of the nuclear safety regulation.
3) PRA may turn to more attention from accident
spectrum to consequence spectrum. A suitable framework
will be derived from it and practise it.
A reformed PRA framework is proposed for
advanced NPPs. ET configuration is adopted, while the
heading event/Function events include not only plant and
operator’s responses but also the release route of FPs and
environmental conditions which affect the radiological
consequence. Simpler design and less system make the
structure of ET not much multifarious than the traditional
Level 1 ETs and more information such as meteorology
parameters can be imported in ETs. Therefore the ET
gains the ability of modeling release conditions. Release
conditions may be described as release route and
environmental conditions but not limit to them.
Subsequences corresponding to each release condition
heading event does not limit to two (comparing to
success/failure), subsequences may represent different
release conditions, and the number depends on the actual
conditions and key parameters. Sequences end states can
be clarified as environment impact identifier such as
individual effective dose etc. Fig.3 gives a demonstration
of the incorporate PRA framework.
IE FE* FE FE FE Fr Conseq.
(System (Human (Release (Meteorology eq.
related) related) route related)
related)
C1
C2
C3
Cn
*FE: Function Event
Fig.3. Incorporate PRA framework using ET structure
IV. TRIAL STUDY OF PRA IN ADVANCED NPPS
As an example of advanced NPPs, High temperature
gas cooled reactor (HTR) is selected here. HTR design is
full of inherent and passive safety characteristics. Its
inherent negative temperature coefficient can realize
reactor shutdown automatically and its passive residual
heat removal system can carry out the decay heat. Special
sphere fuel elements can contain the fission products well.
Loss of coolant may not result in CD. Inertia helium
coolant avoids many chemical reactions in LWR such as
zirconium-water reaction and so on. The containment in
LWR is replaced by sub-atmospheric pressure venting
confinement of HTR. Furthermore, accident progress and
1333
fission products transfer mechanism avoids large early
release.
According to the safety features, an incorporate
PRA framework without LEVEL1/2/3 is developed for
HTR PRA. Screening and grouping of IEs is the first step,
and then an ET structure is developed according to each
IE category. Heading events involve the relative system
which can mitigate the accident consequence. RC is used
instead of “CD”/”OK” as the end state of event sequences
currently. The information of RC involves the release
magnitude, time, and attitude. RC frequency can be
calculated from the system analysis which includes both
active and passive system. It is possible to combine the
release conditions into event tree’s heading event and get
the radiological affections at the end of the event
sequence in the future work. Even though, the structure of
event tree is relatively similar and simpler because of the
simpler NPP design. Here just give the ET of a loss of
coolant accident (LOCA) to explain the structure, and RC
in LOCA is described as P1, P2, and so on.
LOCA TRIP BLOWER FLAP RHS VENT Conseq.
Freq.
P1
P2
ATWS
LOCA: loss of coolant accident; TRIP: reactor trip; BLOWER: blower
trip; FLAP: flap close; RHS: residual heat removal system action;
VENT: venting system operation; ATWS: anticipated translate without
scram;
Fig.4. LOCA ET for HTR
V. REMARKS
PRA depends on the design, analysis and calculation
code ability so heavily that they cannot keep unchanged
while the nuclear power technology renovates day by day.
Specially, for advanced NPPs, it is suggested to establish
a specific framework to improve the PRA efficiency and
verify the statement of high safety level. On the other
hand, PRA results and insights shall have much wider
applications in advanced NPPs, which require a high
quality PRA, which is well constructed, documented,
reviewed and published. Based on this expectation it can
be recommended that people should fix more attention on
the development of PRA framework and approaches for
advanced NPPs.
REFERENCES
[1] International Atomic Energy Agency. Procedures for
Conducting Probabilistic Safety Assessments of Nuclear
 Proceedings of the 2008 IEEE IEEM

Power Plants (Level 1), Safety Series No.50-P-4, IAEA,

Vienna 1992.
[2] International Atomic Energy Agency. Procedures for
Conducting Probabilistic Safety Assessments of Nuclear
Power Plants (Level 2), Safety Series No.50-P-8, IAEA,
Vienna 1995.
[3] Christian Kirchsteiger, Ricardo Bolado-Lavin: Screening
of Probabilistic Safety Evaluations for Different Advanced
Reactor Concepts. Proceeding of The 8TH
INTERNATIONAL Conference on Probabilistic Safety,
and Management. New Orleans, May 2006。
[4] Safety Related Terms for Advanced Nuclear Power Plants.
IAEA-TECDOC-626. Vienna, September 1991.
[5] Leisr, H.: The Generation IV Forum: A Multinational
Collaboration on Advanced Nuclear Energy Systems,
Pacific Basin Nuclear Conference, Honolulu, 22 March
2004.
[6] Schulenberg, T., et al: Was Ist Generation IV,
Forschungszentrum Karlsruhe Bericht FZKA 6967,
Februar 2004,
Http://bibilothek,fzk.de/zb/berichte/fzka6967.pdf
[7] USDOE and Generation IV International Forum (GIF), A
Technology Roadmap for Generation IV Nuclear Systems,
GIF-002-00, December 2002.
[8] Terms for Describing New, Advanced Nuclear Power
Plants, IAEA-TECDOC-936, April 1997.

1334