5 Safety Assessment Part I

Safety Assessment
Part I
Learning Objectives
• Why do safety assessment. Overall approach. Safety

assessment objectives.
• To understand the differences predisposal vs. disposal
safety assessment
• To identify the key elements in the development of the
safety assessment:
• Assessment context. Safety criteria and end points.
• Description of the facility or activity and the waste
• Development and justification of scenarios
2
Learning Objectives
• Why do safety assessment. Safety assessment objectives.

Overall approach.
safety assessment
safety assessment:
3
Safety Assessment
• Safety assessment is the process of evaluating the safety of a facility or

activity and quantifying its potential impact on human health and the
environment
• Safety assessment (SA) is one component of the safety case (SC)
• The objectives of SA are:

 To develop safe operating envelope to protect workers, the public
and the environment, in compliance with regulatory requirements
 To identify safety significant considerations for facility structures,
systems and components (SSCs) and the waste itself under normal
operations and during accidents
 To reduce likelihood of accidents and reduce consequences if an
accident occurs
4
Why do Safety Assessment?
• On March 13, 2001, three people were killed as they opened a process
vessel containing hot plastic at the BP Amoco Polymers plant in
Augusta, Georgia.
• The workers were unaware that the vessel was pressurized. The
workers were killed when the partially unbolted cover blew off the
vessel, expelling hot plastic. The force of the release caused some
nearby tubing to break. Hot fluid from the tubing ignited, resulting in a
fire.
• Cooling effects had created a layer of
hardened plastic along the inner wall of the
vessel that blocked all normal and
emergency vents. The material in the core
of the vessel remained hot and molten, and
continued to react, generating gas that
could not escape.
5
Why do Safety Assessment ?
• Chemical Safety and Hazard Investigation Board found that hazard
analyses of the process were inadequate and incomplete.
• The investigation determined that the operator was unaware of the

hazardous reaction chemistry of the polymer because of inadequate
hazard identification. This lack of awareness is a commonly cited
cause of incidents.
• The incident involved an endothermic (or heat consuming) reaction

rather than the more common exothermic (or heat producing) chemical
reactions.
6
Why do Safety Assessment ?
• Safety assessments are also undertaken to evaluate compliance
with safety requirements for all facilities and activities and to
determine the measures that need to be taken to ensure safety.
A n n a l In d iv id u a l E f fe c tiv e D-1)o s e (S v y
1.00E+00
1.00E-01
1.00E-02
1.00E-03
1.00E-04
1.00E-05 Normal - Liquid

1.00E-06 Normal - Gas
Normal - Solid
1.00E-07
Variant A - Intruder
1.00E-08 Variant A - Site Dweller
1.00E-09 Variant B - Bathtubbing

Variant C - Rapid Transport
1.00E-10
1.00E-11
1.00E-12
1.00E+00 1.00E+01 1.00E+02 1.00E+03 1.00E+04 1.00E+05 1.00E+06 1.00E+07 1.00E+08
Time after closure (Years)
7
Safety Assessment
• Safety assessments are carried out and documented by the
organization responsible for operating the facility or conducting the
activity
• Safety assessment has to be conducted in a systematic manner using

a graded approach, proportionate to the hazards, the complexity of
facilities or activities and the characteristics of the materials and
waste
• SA should be independently verified and submitted to the regulatory

body as part of the licensing or authorization process
• The details included in a particular safety assessment will depend

upon the point in the lifecycle of the facility or activity
8
Safety Assessment
 For a radioactive waste store or disposal facility, safety assessment
typically quantifies the potential radiological (and other) impacts of the
facility or activity, during the operational and post-closure phases
 A range of scenarios is considered regarding what might happen
9
Safety Assessment
Safety Assessment has a role throughout the

lifecycle of a radioactive waste management
facility, for example:
 Siting – identify suitable locations

 Design – identify necessary barriers and
safety features
 Licensing – specify acceptable wastes
and operating conditions
 Operations – procedures developed to
avoid initiating events and for response in
the event of accidents
10
Main aspects of SA
1. The occurrence of events and 5. The radiological and other
scenarios having an impact on consequences that result from
safety operation of the facility or
carrying out the activity or in the
2. Time-dependent changes in post closure period
structures, systems and
components (SSC) important to 6. The quality and extent of the
safety basic data on which the
assessment is based
3. The reaction or response of SSC
7. The use of good engineering
important to safety, under the
practice and the use of
credible scenarios
appropriate waste treatment
and disposal technology
4. Defence in depth
11
Assessment philosophy and approaches
• Assessment approaches
– Different SA approaches can be used to build confidence in the
overall outcome of the assessment
– Possible approaches include: reasoned arguments, the use of
simple conservative models, more complex physic-chemical
models, and probabilistic methods
• Conservative and realistic assessments

• A conservative assessment, aims at simplicity by deliberately
overestimating the likelihood and magnitude of exposures and/or
underestimating the ability of the engineering and safety measures
to provide protection
• A realistic assessment may require more data and more complex
models, but is more useful for optimisation.
12
Graded Approach
Decommissioning
of Facilities
Specific Safety Requirements

No SSR-6
IAEA Safety Standards require that

a graded approach shall be used in
determining the scope and level of
detail of the safety assessment for
any particular facility or activity,
consistent with the magnitude of the
possible radiation risks arising from
the facility or activity.
13
Learning Objectives

safety assessment
safety assessment:
14
Predisposal and Disposal Assessment
• Predisposal safety
assessment focuses on
near-term impacts to
workers, the public and
environmental effects due
to operations
• Post-closure disposal
safety assessment focuses
on impacts in the future
once the facility has
stopped operating
15
Predisposal and Disposal Assessment
The two types of assessments address different time frames and have
different philosophies:
•Near-term impacts are more predictable based on reliability of facility
features and known worker activities
•Long-term impacts are intrinsically more uncertain and are described as
“potential” impacts that may occur in future
As a result of these differences, the approach taken for the two types of
assessments are also somewhat different.
•More traditional “safety analysis” from nuclear facilities is applied for
predisposal assessments
•“Safety assessment” approaches including various techniques for dealing
with uncertainty have been developed for disposal facilities
16
Differences (Predisposal vs. Disposal)
Predisposal Post-Closure Disposal

Workers and local residents Less well defined potentially
exposed people and groups
Relatively well-defined Increasingly uncertain and
operational conditions and changing environmental conditions
receptors
Engineered system Degrading engineered system,
geological system and natural
environment
Independent reviews may be Independent international peer
used for complex or unusual reviews often used to complement
facilities regulatory review
17
Learning Objectives

safety assessment
safety assessment:
18
Components of the Safety Assessment
GSR Part
4
19
Components of the
Safety Case and Safety Assessment
Safety Case
Safety Assessment
Safety Assessment
Site and Engineering

Operational Safety
Radiological Impact

Scenarios
Models
Calculations
20
Predisposal management of radioactive waste
Safety Assessment
Context
Description of facility
and activities
Hazard identification
and screening
The Safety Case and Hazard analysis

Safety Assessment
for the Predisposal
Engineering
Radioactive Waste analysis
Evaluation of results
and identification
SSG-3 of controls
no
Compliance w
requirements?
yes
Independent
review 21
Disposal of radioactive waste
1. Assessment
context
2. Describe
system
3. Develop
and justify
scenarios
4. Formulate and
implement
models
5. Run analyses 10. Review and

modification
7. Compare 6. Interpret results YES

against
assessment
criteria 9. Effective to
modify
Acceptance assessment
components
YES 8. Adequate NO
safety case
NO
Rejection
Safety Assessment Methodology - ISAM 22
Development of Safety Assessment
 SA is the systematic process of evaluating the safety of a

predisposal facility or activity and quantifying its potential
impact on human health and the environment
 SA should be developed in a systematic manner using a

graded approach, proportionate to the hazards, the
complexity of facilities or activities and the characteristics of
the waste
 SA includes both the quantification of the overall level of

system performance and the analysis of the associated
uncertainties
23
Development of Safety Assessment
Starting clockwise Concept

Site Release Design
from the top we and
see the various Site Selection
stages in a facility
development Post Predicted performance data /
programme from Institutional Control Analogue performance data /
Experimental data
concept through to
construction,
operation, Safety
Post-Closure
decommissioning Institutional Control Assessment Site Construction
or closure and
release. SA is not
Decommissioning
a peripheral Post-closure monitoring
Material testing data /
Construction data /
activity – it needs data / Experimental data Experimental data
to be central to the
whole process.
Operational monitoring
data / Experimental data
Decommissioning
Site Closure and Operation
confirmation
24
Learning Objectives

safety assessment
safety assessment:
 Assessment context. Safety criteria and end points.
 Description of the facility or activity and the waste
 Development and justification of scenarios
25
Purpose, Regulations, Standards Assessment Context
Engineering Design, Safety Measures,

Other relevant information: Management systems Description of Facility or Activity and Waste
operational experiences, site data …
Development and Justification of Scenarios
Identification of Hazards
PIE lists, Expert judgments
Identification of Scenarios
Hazard Screening
Models and Computer codes

Identification of Models and Data Needs
Generic / Site specific Data
Performing Dose Calculations
Safety Assessment Evaluation of results
Process Analysis of Safety Measures
Analysis of Engineering
Compare against Assessment Criteria
Yes Adequate for Independent Yes No Review and

Accept Adequate?
Safety Case? verification Modify
No
26
Safety Assessment Context
Assessment context:
 Assessment purpose and scope
 Regulatory framework
 Assessment end points
 Assessment philosophy and approaches
• Graded approach
• Use of different assessment approaches
• Probabilistic and deterministic approaches
• Conservative and realistic assessments
 Target audience and involvement of interested parties
27
Safety Assessment - Assessment Context
• Assessment purpose
SA will develop as the project progresses and will be used as
a basis for decision making.
• Assessment scope
The scope of the safety assessment should be clearly
defined. It should identify whether the safety case
considers an entire installation or a single facility or
activity. It also should consider site boundaries and
interfaces with neighbouring activities and facilities
28
Assessment philosophy and approaches

• Graded approach
The scope, extent and level of detail of the SA to be
carried out, has to ensure that these are
commensurate with the hazards, the complexity of
facilities or activities and the characteristics of the
waste associated with a facility or activity. For example,
in the case of a step by step approach, SA prior to site
selection might be conducted in less detail than
assessments for facility commissioning.
• Use of different assessment approaches

• Regulatory framework
• Assessment endpoints
• Human receptors
• Non-human biota?
30
Assessment end points
Assessment endpoints can include:
• Radiation protection targets such as doses or risk.
 They usually are related to the relevant regulatory requirements
and shall be consistent with assessment context
• Safety indicators such as

 Dose rate,
 Concentrations / releases of radionuclides,
 Concentrations / releases of non-radiological contaminants
• Receptors (individuals, population, non-human species) associated

with different end points should be identified and described.
31
Criteria
 Basic radiation protection principles:

• justification
• dose limitation
• optimization
 National regulatory criteria and BSS
• e.g., 1 mSv/yr or up to 5 mSv over 5 yr (public), 20
mSv/yr averaged over 5 yr (worker)
 Further criteria (e.g. non-radiological effects,
conventional safety)
32
Safety criteria (risk)
• Establishment of criteria as prerequisite.

• Example categories of criteria - acceptable risks:
Normal Operation < 10-2 y-1
Design Basis Accidents 10-2 y-1< x > 10-5 y-1
Beyond Design Basis Accidents < 10-5 y-1
33
Safety criteria (doses)
Normal Operation ALARA

Defense-in-depth 20 mSv y-1 for worker
Conservative-bias 300 Sv y-1 for public
input parameters
Design Basis ALARA
Accidents Defense-in-depth 500 mSv event-1 for worker
Conservative-bias 50 mSv event-1 for public
input parameters
All Events, ALARA Risk targets established

Including Beyond Defence-in-depth
Design Basis Events
Best Estimate
input parameters
34
Example dose criteria
1
10-1
10-2
Probabilit
10-3
y
10-4
10-5
10-6
10-7
10-5 10-4 10-3 10-2 10-1 1 10 100
Dose
(Sv)
From IAEA TECDOC-1267 35

Hazard Screening


Accept Adequate?
No
36
Description of facility or activity and waste
• Site conditions
• Facilities and activities
• Waste
• Safety measures
• Engineering design
• Operational experience
• Management systems
• ….
37
Description of facility or activity and waste
• Needed, to a certain extent, for all elements of the

safety case and safety assessment;
• The quantitative analysis of impacts may pose
additional data requirements. These are
determined by the scenarios considered and
models used;
• Collection of additional data usually is an iterative
process proceeding in parallel to the development
and refinement of scenarios and models;
38
Disposal System Description
• The near-field
the waste, the disposal area, the engineered barriers of
the disposal facility plus the disturbed zone of the natural
barriers that surround the disposal facility
• The geosphere
the rock and unconsolidated material that lies between the
near-field and the biosphere, and consist of the
unsaturated zone (above the groundwater table) and the
saturated zone (below the groundwater table)
• The biosphere
those parts of the atmosphere, the hydrosphere and the
soils that normally occupied and used by humans
39

Hazard Screening


Accept Adequate?
No
40
Development and justification of scenarios
• A scenario is a postulated set of conditions and/or events that

may lead to exposure and/or environmental contamination
• Scenarios are to be developed in accordance with the safety
context and should consider:
 Relevant existing and potential hazards arising from facilities or
activities;
 Interrelation of hazards;
 Evolution of hazards over the considered time frame.
• Scenarios are to be identified for:
 normal operation
 anticipated operational occurrences and design basis accidents
 beyond design basis accidents
 serious accidents
 post operational period
41
For disposal safety assessment
key terms used
• Scenario
• A hypothetical sequence of processes and events, and is one of a set
devised for the purpose of illustrating the range of future behaviours and
states of a repository system, for the purposes of evaluating a safety case
• Reference Scenario
• Aka normal evolution scenario, design scenario, base case scenario, central scenario
• Benchmark scenario against which the impact of alternative scenarios can be
compared – often the most likely scenario
• Alternative Scenarios
• Investigate the impact of scenarios that differ to a lesser or greater extent from the
reference scenario
• Sensitivity analysis of the reference scenario
• Altered evolution scenario, deteriorated evolution scenario
• FEP
• A FEP is a feature, event, process or other factor, that it may be necessary to consider
in repository safety assessment. This includes physical features, events and
processes that could directly or indirectly influence the release and transport of
radionuclides from the repository or subsequent radiation exposures to humans, plus
other factors, e.g. regulatory requirements or modelling issues, that constrain or focus
the analysis
42
Scenario development approach
Screening of FEPs
• Reduce the number FEPs for detailed analysis
• Screened FEPs using well-documented screening criteria
• Assessment context
• Disposal system description
• Probability/likelihood of occurrence
• Consequence of occurrence
• Transparent screening process
• Document the basis for rejecting a particular FEP
43

Hazard Screening


Accept Adequate?
No
44
• A systematic approach to hazard identification, scenario

development and hazard screening should be used;
• Following steps should be applied in an iterative manner:
 Identification of hazards;
 Identification of activities / initiating events;
 Identification of scenarios;
 Hazard screening;
45
Hazards may arise from:

 Inventory, activity, physical conditions and location of
the radioactive materials;
 Non-radiological hazardous materials (e.g. chemo-
toxic, flammable) or physical conditions (e.g. high
temperature, pressure);
 Management activities and processes;
 Software reliability;
 Etc.
46

Hazard Screening


Accept Adequate?
No
47
Identification of scenarios
• For new facilities or activities, a comprehensive identification and
assessment of all design basis events (activities) should be carried out;
• For modifications of existing facilities or activities, the assessment

should focus on those design basis events that could impact on the
modification, either directly or indirectly;
• For predisposal facilities or activities, special attention should be given

to human factor and technological procedures as this often can
represent the main scenario generating component.
48
• Anticipated operational occurrences are those events

 Which exceed the bounds of normal operation and have the
potential to challenge the safety of facility;
 Which might be expected to occur at least once during the lifetime
of facility;
• Design basis accidents have a lower frequency of occurrence than the

anticipated operational occurrences:
 They would not be expected to occur during the lifetime of the
facility but have to be considered in the design of the facility.
49
Scenarios for normal operation should address:

• All conditions under which the facility systems and equipment are
being operated or activity is carried out as expected, with no
internal or external challenges.
• Normal operation conditions includes all the phases of operation for
which the facility is designed to operate (including start up and
shutdown where appropriate) and maintenance over the considered
time frame.
• The effects of variations in the input materials (feedstock, source
material, receipts, etc.) on normal operations should be considered.
Scenarios are an important aspect of uncertainty analysis and

confidence building for the post-closure safety assessment
50
• A design basis accident conditions are defined as accident conditions:
 Against which a facility is designed;
 For which the damage to the facility and the release of radioactive
material would remain within defined acceptable levels;
• Design basis accident conditions are typically divided into two
categories:
 Anticipated operational occurrences;
 Design basis accidents.
• The division is based on the frequency and the extent of challenge to
the safety;
51
• Beyond design basis accidents are those against which the facility is
not explicitly designed to withstand.
• They may be considered in two general groups:

• Accidents which have a high enough probability of occurrence and
severe enough consequences that it is advisable to give some prior
consideration to possible corrective or remedial actions which could
be taken should such an event occur.
• Accidents which have a low enough probability of occurrence and
not to warrant such consideration, even though the potential
consequences could be very high.
52
• For the first group of accidents the assessment should
aim to quantify a facility safety margin and demonstrate
that a degree of defense in depth is provided;
• The facility design and operation should includes
measures to:
 Prevent the escalation of events into serious
accidents, control the progression of serious
accidents and limit the releases of radioactive
material by provision of additional equipment
and accident management procedures;
 Mitigate the potential radiological consequences
by the provision of plans for on-site and offsite
emergency response.
53
• Accidents of the second group

are usually screened out from
further consideration, however
a justification for such
decision should be provided
and included into safety
assessment.
54
Initiating events
• Identification of postulated initiating events (PIEs) and their evolution
should be carried out using an appropriate technique, such as
 Hazard and operability analysis (HAZOP);
 Event tree analysis (ETA);
 Fault tree analysis (FTA);
• And information on the:
 Site;
 Design and operation of facility or activity;
 Operational experience;
 Feedback from other facilities or activities.
55
Initiating events
 Postulated Initiating Events (PIE’s)

natural event,
human induced outside the facility
human induced inside the facility
56
Initiating events
• External initiating events;
 Natural events: adverse meteorological conditions (e.g. wind, snow,
rain, ice, temperature, flood, lightning), earthquakes, biological
intrusion;
 Man-made events: aircraft crashes (with or without subsequent
fires), explosions, fires, loss of electrical power or other services,
unauthorized access;
• Internal initiating events at the facility or the site;
 Fire, explosion, structural collapse, leakages or spillages, failures of
ventilation, drop of heavy loads, failures of protective measures
(e.g. of shielding, personal protective equipment);
• Man-made initiating events;
 Operator errors and violations, misidentifications performing
incompatible activities;
57

Hazard Screening


Accept Adequate?
No
58
Hazards screening
• Screening of hazards is performed in order to identify and

direct efforts towards all significant and relevant hazards for
the facility or activity;
• Hazard screening could lead to a reduced number of

scenarios to be further assessed;
• Screening out means that the hazard associated impact is

evaluated to be sufficiently low that do not needs any
further assessment.
59
Hazards screening
• Qualitative screening of hazards which:
 lie outside the scope and/or objectives of the safety
assessment, or
 cannot lead to consequences in excess of relevant
criteria,
could be screened out;
• Screening of hazards is performed by performing a

conservative quantification (using simplified conservative
assumptions and simple models) of the impacts and
comparing the results with screening limits;
60
Hazards screening
• Hazards should be quantified taking no benefit from any

protective or mitigating safety measures to be used;
• However benefit from intrinsic (passive) features of the

facility (e.g. walls for shielding, engineered safety features),
which are not affected by the initiating event, should be
taken into account;
• The hazard screening should involve consideration of all

relevant exposure pathways to workers and to potentially
affected members of the public.
Hazard screening
• Sometimes it is possible to group the hazards, so that one

bounding assessment of their consequences can be
undertaken;
• Where hazards are eliminated or grouped, a justification for

the approach should be included within the safety
assessment;
• In subsequent safety assessments hazards screening

justifications should be reviewed to check that they remain
valid;
62
Summary
This presentation should have helped you to understand:
• Why do safety assessment.

• Overall approach.
• Safety assessment objectives.
• Differences between predisposal vs. disposal safety
assessments
• The first three key elements in the development of the safety
assessment:
 Assessment context (safety criteria and end points)
 Description of the facility or activity and the waste
 Development and justification of scenarios
63

5 Safety Assessment Part I

Uploaded by

Copyright:

Available Formats

You might also like

5 Safety Assessment Part I

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5 Safety Assessment Part I

Uploaded by

Copyright:

Available Formats

Safety Assessment

• Why do safety assessment. Overall approach. Safety

• Why do safety assessment. Safety assessment objectives.

• Safety assessment is the process of evaluating the safety of a facility or

• The objectives of SA are:

• The investigation determined that the operator was unaware of the

• The incident involved an endothermic (or heat consuming) reaction

1.00E-05 Normal - Liquid

1.00E-09 Variant B - Bathtubbing

• Safety assessment has to be conducted in a systematic manner using

• SA should be independently verified and submitted to the regulatory

• The details included in a particular safety assessment will depend

Safety Assessment has a role throughout the

 Siting – identify suitable locations

• Conservative and realistic assessments

Specific Safety Requirements

IAEA Safety Standards require that

• Why do safety assessment. Overall approach. Safety

Predisposal Post-Closure Disposal

• Why do safety assessment. Overall approach. Safety

Site and Engineering

The Safety Case and Hazard analysis

5. Run analyses 10. Review and

7. Compare 6. Interpret results YES

 SA is the systematic process of evaluating the safety of a

 SA should be developed in a systematic manner using a

 SA includes both the quantification of the overall level of

Starting clockwise Concept

• Why do safety assessment. Overall approach. Safety

Engineering Design, Safety Measures,

Models and Computer codes

Performing Dose Calculations

Safety Assessment Evaluation of results

Process Analysis of Safety Measures

Compare against Assessment Criteria

Yes Adequate for Independent Yes No Review and

Assessment philosophy and approaches

• Use of different assessment approaches

• Safety indicators such as

• Receptors (individuals, population, non-human species) associated

 Basic radiation protection principles:

• Establishment of criteria as prerequisite.

Normal Operation < 10-2 y-1

Design Basis Accidents 10-2 y-1< x > 10-5 y-1

Beyond Design Basis Accidents < 10-5 y-1

Normal Operation ALARA

All Events, ALARA Risk targets established

Engineering Design, Safety Measures,

Models and Computer codes

Performing Dose Calculations

Safety Assessment Evaluation of results

Process Analysis of Safety Measures

Compare against Assessment Criteria

Yes Adequate for Independent Yes No Review and

• Needed, to a certain extent, for all elements of the

Engineering Design, Safety Measures,

Models and Computer codes