Method

The safety of a NPP is measured by functions, which depend on many features, including those defined by the design and operation of a NPP, in a concept of various layers of protection, called Defence in Depth (DiD). An important component considered in the evaluation of the efficiency of the DiD protection is “Safety Margin” (SM). In some type of evaluations this criterion is consider to be in a biunivoc correspondence with another one called “Risk” (Risk is defined as a criterion measuring the damage produced by the challenges to the NPP considering the probability of occurrence of those challenges).

In general, the SM evaluations are performed at the design phase and monitored and reviewed continuously during operation. There are therefore SM obtained in one iteration and SM obtained after a series of iterations, which are dependent of time (the NPP lifecycle time). A sample of such criteria considered for SM evaluations is in Figure 1. As illustrated in Figure 1 the SM criteria are actually defined by groups of criteria, which could be considered of having common features (defining a “facet”, i.e. technical facets – 1 and 2 or organizational – society facets 3-6). They define a space of possible variation of the degree of safety included in the 3D figure.

Figure 1. Criteria for defining Safety Margin (SM) in a

NPP.

This paper presents two main author’s ideas related to the foresight in safety for the case of nuclear power plants (NPP), as regarded from the perspective of an insider involved in various practical projects over a period of three decades:

The NPP history is seen as a history of a technology (being subject to be described by s-curve). From the perspective of NPP as a technology there were a series of important milestones of the dominant safety approaches in considering Safety Margin (SM) and/or Risk and trying to foresee which the best strategies to cope with safety challenges are. These milestones are described for the phases of the technology:

Creation, Infancy, Maturity, End of Life (EOL).

For each phase dominant approaches to judge SM and project actions for safety foresight evolved as follows:

 Point like reference (setting values as targets not to be exceeded and judging SM based on the distance to a predefined level) - specific for "infancy" period

 Curve like defining an acceptable area for a dominant variable of the definition of SM. Various parameters considered in sensitivity analyses. SM is defined as belonging to an acceptable surface, specific for end of "infancy" and beginning of maturity.

 Sophisticated multivariable description of the SM, were the acceptable zone is defined as an acceptable volume, specific for end of maturity and getting closer to end of life. In the maturity period an attempt to consider HOF is made but the issues lead to the inclusion of the "observer" in the safety model, making foresight difficult if not impossible, due to questionable level of objectivity. On the other side making systems more sophisticated gets to the point where the changes lead to an area of complex system of chaotic behavior, with the warning that there is a limit of safety improvements to increase / improve foresight for safety of a complex system like NPP.

The NPP and nuclear engineering in general has to be considered from what it actually is: a technology. For this technology the evaluations on its evolution, the evaluations on safety and the foresight on its safety have to consider the effect of lifecycle evolutions specific for any technology, as shown in [2;4;5]. Based on the author’s experience [2], there are three periods of the NPP lifecycle, which are significant for the approaches used to evaluate their SM:

 Point like reference (setting values as targets not to be exceeded and judging SM based on the distance to a predefined level) - specific for "infancy" period

 Curve like defining an acceptable area for a dominant variable of the definition of SM.Various parameters considered in sensitivity analyses. SM is defined as belonging to an acceptable surface, specific for end of "infancy" and beginning of maturity.

 Sophisticated multivariable description of the SM, were the acceptable zone is defined as an acceptable volume, specific for end of maturity and getting closer to end of life. In the maturity period an attempt to consider HOF is made but the issues lead to the inclusion of the "observer" in the safety model, making foresight difficult if not impossible, due to questionable level of objectivity. On the other side making systems more sophisticated gets to the point where the changes lead to an area of complex system of chaotic behavior, with the warning that there is a limit of safety improvements to increase / improve foresight for safety of a complex system like NPP.

There is an “End of Life period (EOL)”, when the challenges to consider more and more sophisticated combinations of challenges leads to a degree of complexity of the artefact, that triggers the level after which chaotic behaviour is most probable [2;4]. Those periods and theirs specifics are represented in Figures 2 and 3. The figures illustrate safety paradigms evolutions during the lifecycle and after major accidents and the adopted in each period safety oversight strategies to improve safety. The focus is on the criteria and decisions taken on SM.

Figure 2. Lifecycle evaluation functional for SM

Figure 3. Safety paradigms and SM approaches for NPP

[2; 4]. The periods are those reported by the author for the projects in which he participated [2; 4]

The assumptions and the methodological features of the safety evaluations (for the particular case of SM) and on the safety oversight strategies for NPP, as decided during the last decades, have therefore, in the author’s opinion, a set of specifics:

 They had to solve a diversity of safety governing issues in various periods and to define strategies for the foresight on safety for the next periods in order to improve safety of NPP. This lead to a diversity of methods. However the consideration of SM from the perspective of NPP technology as an evolving one gives a very

interesting, unifying set of insights on the past history and possible actions for the future.

 A series of actions taken before acknowledgement of the new possible methodological approaches are now very clearly aligned to a series of dominant strategic approaches, as for instance: systemic approach to NPP safety, the need for consideration of complexity, including the HOF impact of high non linearity type on the SM / Risk modelling.

 Improvement of mathematical tools to make them adaptable to a higher complexity of safety evaluations and safety foresight tasks

 Recognition and consideration of the lifecycle period specifics as an important factor to the development of methods.

The result of those specific features leads to a diversity of a “mushroom“ type (apparently annoying) of methods, that do not discard in the author’s opinion, but enhance the point, that their diversity, governed by some principles mentioned before, makes them specific for the nuclear safety evaluation status of the last decades and for the predictable foresight strategies of the near future.

However even if there is diversity, in the author’s opinion based on practical use of safety evaluations, participation in the safety decisions for real NPP cases and foresight on safety for future built, there is a unifying feature of all those diverse methods. These unifying features consist of the following:

 They had to solve a diversity of safety governing issues in various periods and to define strategies for the foresight on safety for the next periods in order to improve safety of NPP. This lead to a diversity of methods. However the consideration of SM from the perspective of NPP technology as an evolving one gives a very interesting, unifying set of insights on the past history and possible actions for the future.

 A series of actions taken before acknowledgement of the new possible methodological approaches are now very clearly aligned to a series of dominant strategic approaches, as for instance: systemic approach to NPP safety, the need for consideration of complexity, including the HOF impact of high non linearity type on the SM / Risk modelling.

 Improvement of mathematical tools to make them adaptable to a higher complexity of safety evaluations and safety foresight tasks

 Recognition and consideration of the lifecycle period specifics as an important factor to the development of methods.