1.2.3 Positioning of barriers

To limit the risk of releases, several barriers are

placed between the radioactive substances and the

environment. Barriers must be designed to have a

high degree of reliability and must be monitored to

detect any weaknesses or failures. There are three such

barriers for pressurised water reactors: the fuel cladding,

the boundary of the reactor primary system, and the

containment (see chapter 12).

1.2.4 Deterministic and probabilistic approaches

Postulating theoccurrenceof certainaccidents andverifying

that, thanks to the planned functioning of the equipment,

the consequences of these accidents will remain limited,

is known as a deterministic approach. This approach is

simple to apply in principle and allows an installation

to be designed (and its systems to be sized) with good

safety margins, by using so-called “envelope” cases. The

deterministic approachdoes not, however, lead to a realistic

view of the most probable scenarios and does not rank

risks satisfactorily, since it focuses attention on accidents

studied with pessimistic assumptions.

The deterministic approach therefore needs to be

supplementedby an approach that better reflects possible

accident scenarios in terms of their probability, that is to

say the probabilistic approach used in the “Probabilistic

Safety Assessments” (PSA).

Thus for nuclear power plants, the level 1 Probabilistic

Safety Assessments (PSA) consist in establishing event

trees for each “initiating event” leading to the activation of

a safeguard system (level 3 of defence in depth), defined

by the failure (or the success) of the actions provided for

in the reactor management procedures and the failure

(or correct operation) of the reactor. The probability of

each sequence is then calculatedbased on statistics on the

reliability of systems and on the rate of success of actions

(including data on “human reliability”). Similar sequences

of events that correspond to the same initiating event are

grouped into families,making it possible todetermine the

contribution of each family to the probability of reactor

core meltdown.

Although the PSAs are limited by the uncertainties

concerning the reliability data and the approximations

in themodelling of the facility, they consider a broader set

of accidents than the deterministic assessments and enable

the design resulting fromthe deterministic approach to be

verified and supplemented if necessary. They are therefore

to be used as a complement to deterministic studies and

not as a substitute for them.

The deterministic studies and probabilistic assessments

constitute an essential element in the demonstration of

nuclear safety that addresses equipment internal faults,

internal and external hazards, andplausible combinations

of these events.

To be more precise, the internal faults correspond to

malfunctions, failures or damage to facility equipment,

including as a result of inappropriatehumanaction. Internal

or external hazards correspond to events originating inside

or outside the facility respectively andwhich can call into

question the safety of the facility.

Internal faults include for example:

•

loss of the electrical power supplies or the cooling systems;

•

ejection of a rod cluster control assembly;

•

rupture of a pipe in the primary or secondary system

of a nuclear reactor;

•

reactor emergency shutdown failure.

With regard to internal hazards, the following inparticular

must be considered:

•

flyingprojectiles, notably those resulting fromthe failure

of rotating equipment;

•

pressure equipment failures;

•

collisions and falling loads;

•

explosions;

•

fires;

•

hazardous substance emissions;

•

floods originating within the perimeter of the facility;

•

electromagnetic interference;

•

malicious acts.

Finally, external hazards more specifically comprise:

•

the risks induced by industrial activities and

communication routes, including explosions, hazardous

substance emissions and airplane crashes;

•

earthquakes;

•

lightning and electromagnetic interference;

•

extreme meteorological or climatic conditions;

•

fires;

•

floods originating outside the perimeter of the facility;

•

malicious acts.

1.2.5 Operating experience feedback

Operating Experience Feedback (OEF), which contributes

to defence in depth, is one of the essential safety

management tools. It is based on an organised and

systematic collection and analysis of the signals emitted

by a system. It should enable the acquired experience to

be shared (for implementation of preventive measures

in a structure that learns from past experience). A first

goal of Operating Experience Feedback (OEF) is to

understand, and thus ensure progress in technological

understanding and knowledge of actual operating

practices, so that whenever pertinent, a fresh look can

be taken at the design

1

(technical and documentary).

As OEF is a collective process, a second goal is to share

the resulting knowledge, by memorising and recording

the anomaly, the lessons learned from it and how it

1. Technical and documentary design means all the designs

of the components of the working activity: design of the machine,

its operating procedure, its maintenance, how work is organised

in relation to this machine, etc.

68

CHAPTER 02:

PRINCIPLES AND STAKEHOLDERS IN THE REGULATION OF NUCLEAR SAFETY AND RADIATION PROTECTION

ASN report on the state of nuclear safety and radiation protection in France in 2015