Code of Practice for Safety in Design of Phwrs

8/8/2019 Code of Practice for Safety in Design of Phwrs

http://slidepdf.com/reader/full/code-of-practice-for-safety-in-design-of-phwrs 1/60

AERB Code No. SC/D

CODE OF PRACTICEON

DESIGN FOR SAFETYIN

PRESSURIZED HEAVY WATER BASEDNUCLEAR POWER PLANTS

Issued on December 23, 1989

Atomic Energy Regulatory BoardVikram Sarabhai Bhavan,Fourth Floor, North Wing,

Anushakti Nagar,

Bombay -400 094, INDIA.1989



FOREWORD

Assurance of safety of public and occupational workers, and protection of the environment are important needs to be met in the pursuance of activities for economic and social progress. These activities include theestablishment and utilization of nuclear facilities and use of radioactive sourcesand they have to be carried out in accordance with relevant provisions in theAtomic Energy Act 1962 (33 of 62).

Since the inception of nuclear power development in thecountry, maintaining high safety standards has been of prime importance.Recognising this aspect of nuclear power development Government of India

constituted Atomic Energy Regulatory Board (AERB) in November 1983 videStanding Order No. 4772 notified in Gazette of India dated 31.12.1983. AERBhas been entrusted with the responsibility of laying down safety standards andframe rules and regulations in respect of regulatory and safety functionsenvisaged under the Atomic Energy Act 1962. Under its programme of developing Codes and Safety Guides AERB at present proposes to issue four codes of practice covering the following topics:

Safety in Nuclear Power Plant Sitting

Safety in Nuclear Power Plant Design

Safety in Nuclear Power Plant Operation

Quality Assurance for Safety in Nuclear Power Plants

These codes would establish the objectives and minimumrequirements that shall be fulfilled to provide adequate assurance for safety of

Nuclear Power Plants in India.

The Safety Guides will be issued in due course to describe and

make available methods of implementing specific parts of relevant Codes of Practice, as acceptable to AERB. Methods and solutions varying from those setout in the Guides may be acceptable if they provide atleast comparableassurance that Nuclear Power Plants can be operated without undue risks to thehealth and safety of the general public and plant personnel.

The Codes and Safety Guides will be subject to revision as andwhen necessary in light of experience as well as the current state of the art inscience and technology. When an appendix is included in a document it isconsidered to be integral part of the document whereas annexures, foot notes,lists of participants and bibliography where included are only to provideinformation that might be helpful to the user.



In preparation of the Codes and Guides emphasis is on protection of site personnel and public from undue radiological hazard.However for other aspects not covered in this Code applicable and acceptable

national and international Codes and standards shall be followed. IndustrialSafety shall be assured through good engineering practice.

This Code of Practice on Design for Safety in PressurisedHeavy Water based Nuclear Power Plants states the minimum requirements to

be met during design of pressurised heavy water based nuclear power plant inIndia for assuring safety. It is intended for use by organizations and individualsresponsible for safety related functions in Design. Consistent with accepted

practice for codes and guides “shall” and “should” are used to distinguish for the potential user between firm requirement and desirable option. The principlesand objectives stated in this Code can be usefully applied to other nuclear

facilities and to non-safety related activities of NPPs.

This Code of Practice does not address all requirements for ensuring physical security of the plant or consequences arising from breach of

provisions of physical security. As details of requirements of this aspect aremeant for restricted usage, they would be dealt with in other documents byappropriate authority.

This Code of Practice has been prepared by the staff of AERBand other professionals taking into account the following statement of Dr. H. J.

Bhabha of outlining the principle of Radiation Safety: “Radioactive materialsand sources of radiation should be handled in the Atomic Energy Establishmentin a manner which not only ensures that no harm can come to the workers in theEstablishment or anyone else, but also in an exemplary manner, so as to set astandard which other organisations in the country may be asked to emulate”.The draft prepared by the DAE Committee on Safety Codes and Guides and therelevant International Atomic Energy Agency (IAEA) documents under the

NUSS Programme specially the Code on Safety of Nuclear Power Plants :Design (50-C-D of IAEA) have been utilised extensively in the preparation. Ithas been reviewed by experts and amended by the Advisory Committee beforeissue. AERB wishes to thank all individuals and organizations who havecontributed in the preparation, review and amendment of the Code. List of

persons who have participated in the Committee meetings and their organisations is included for information.

(A. K. DE)Chairman, AERB



CONTENTS

Page No.

FOREWORD i

0100 SCOPE ( 101-108) 1

0200 DEFINITIONS 3

0300 GENERAL CRITERIA 9

General Principles (0301-0303) 9Defence in depth (0304 -0307) 9Safety functions (0308-0311) 10Design basis (0312) 11Servere accidents (0313-0315) 11Quality Requirements (0316-0319) 12In-service Inspection, Testing, Maintenance monitoring(0320-321) 13System and component reliability (0322-0336) 16Design for optimised operator performance (0337-0341) 16Heat transfer to an ultimate heat sink ( 0342) 17Inspection and testing (0343-0344) 18Monitoring of radioactive release (0345) 18Effects associated with equipment failure (0346) 18Sharing of structures, systems and components (0347) 19Escape routes and means of communication (0348-0350) 19Control of access to plant (0351) 19Protection against fire and explosions (0352-0353) 19Materials ( 0354-0355) 20Protection against Natural Phenomena (0356) 20Protection against Man-Made Events (0357 -0359) 21Combination of events (0360-0361) 21

Environment (0362) 21Systems storage capacity (0363) 22Decommissioning (0364) 22

0400 GENERAL REACTOR DESIGN (0401) 23Core components (0402-0403) 23Fuel Assemblies (0404-0407) 23

Nuclear Design and Core Control (0408-0414) 24Reactor shutdown (0415-0420) 25



0500 REACTOR COOLANT SYSTEM (0501-0503) 27General requirements (0504 - 0507) 27In-service Inspection of Reactor Coolant Boundary (0508 -0510) 28

Reactor Coolant Make up (0511) 28Reactor Coolant Cleanup (0512) 28Residual Heat Removal (0513-0516) 29Emergency Core Cooling (0517-0518) 29Testing and Inspection of Emergency Core Cooling System (0519) 29Auxiliary Feed Water System (0520) 30Fuelling system (0521-0523) 30

0600 CONTROL AND INSTRUMENTATION 31General requirements (0601-0603) 31Periodic Testing and Maintenance (0604) 31

Instrument Power Supply Systems (0605) 31Control Room (0606 - 0607) 32Emergency Control Room (0608) 32

0700 PROTECTION SYSTEM (0701) 33General requirements (0702-0703) 33Protection System Reliability and Testability (0704-0705) 33Separation of Protection and Control Systems (0706) 34

0800 ELECTRIC POWER SYSTEMS 35General Requirements (0801 -0802) 35

Off-site Power System (0803) 35Emergency Power Supply System (0804-0806) 35Inspection and Emergency Power Supply Systems (0807) 36

0900 CONTAINMENT SYSTEMS (0901) 37Containment Design (0902-0904) 37Containment Leakage (0905-0907) 38Containment Penetration (0908-0909) 38Containment Isolation (0910-0912) 38Containment Air Locks (0913) 39Pressure Suppression System (0914) 39Containment Intra-Connections (0915-0917) 39Containment Heat Removal (0918) 40Containment Atmosphere Clean up (0919-0922) 40Coverings and Coatings (0923) 41Containment Testing and Inspection (0924) 41



1000 RADIOLOGICAL PROTECTION 42General Requirements (1001-1002) 42

Design for Radiological Protection (1003-1008) 42Radiation Monitoring ( 1009) 43Radioactive Waste Treatment (1010-1012) 44Control of Release of Liquid Radioactive Materialto the Environment (1013) 44Control of Airborne Radioactive Material (1014-1015) 45

1100 FUEL HANDLING AND STORAGE SYSTEMS (1101-1102) 46Fresh Fuel Handling and Storage (1103) 46Spent Irradiated Fuel Handling and Storage (1104) 46

1200 DESIGN CONFIRMATION 48Safety Analysis (1201-1203) 48Probabilistic Safety Assessment (1204-1205) 48Equipment Qualification ( 1206) 48

LIST OF PARTICIPANTS 50

ADVISORY COMMITTEE ON NUCLEAR SAFETY 51

PROVISIONAL LIST OF GUIDES ON DESIGN

FOR SAFETY IN PHWR BASED NPP’S 52



CODE OF PRACTICE ON DESIGN FOR SAFETYIN PRESSURIZED HEAVY WATER BASED

NUCLEAR POWER PLANTS

0100 SCOPE

0101 This Code of Practice describes design approaches and design require-ments for structures, systems and components that shall be met for safe operationand in order to prevent or mitigate the consequences of PostulatedInitiating Events (PIEs), which could jeopardise safety.

0102 PIEs include many factors, which singly or in combination may affect safety

and which may:

(1) be connected with the site of the plant and its environment;

(2) be caused by human action; and,

(3) originate in the operation of the Plant itself.

0103 Certain other events such as the following are not considered in this code :

(1) events that are extremely unlikely. However, some consideration isgiven to severe accidents (refer para. 0314 and 0315);

(2) events, either man-made or natural, which by themselves wouldlead to a general destruction of the region in which the Nuclear Power Plant has been erected and against which it cannot be

protected; and,

(3) accidents of an industrial nature that, under no circumstances,could affect the safety of the Plant.

0104 This Code describes the requirements for safe design of the proposed NPP atthe site selected and approved by the competent authority, in thecontext of safety of operating personnel, public, and environmentaround the site. These requirements call for consideration of site

site dependent characteristics including geography, geology, hydrology,meteorology, seismology, demography, patterns of land and water use, traffic

routes and water ways.



0105 This Code also describes the requirements for safety from radiation andradioactivity released from within the NPP and received by theoperating personnel, public and environment in vicinity of the NPP

during normal operation and under the PIEs considered credible.

0106 This Code of Practice does not deal with non-radiological effects of plant on environment.

0107 In this Code references have been made to other Codes of Practice (for example,on Sitting, Operation and Quality Assurance) and Safety Guides (whichdetail the underlying safety design principles, etc.).

0108 It should be recognized that the requirements given in this document will besubject to revision in the light of experience.



0200 DEFINITIONS

0201 The following definitions apply to this Code and may not necessarily conform to

definitions adopted elsewhere for national or international use.

Acceptable LimitsLimits acceptable to the AERB for Accident Conditions.

Accident Conditions Substantial deviations from Operational States, and which could lead to release

of unacceptable quantities of radioactive materials if the relevant engineered safetyfeatures did not function as per design intent.1

Active ComponentA component whose functioning depends on an external input, such as actua-tion, mechanical movement, or supply of power, and which therefore influences system

process in an active manner .2

Anticipated Operational OccurrencesAll operational processes deviating from Normal Operation which are expected

to occur once or several times during the operating life of the plant and which, in view of appropriate design provisions, do not cause any significant damage to items important tosafety nor lead to accident conditions.3

Atomic Energy Regulatory Board (AERB)

National authority designated by Government of India, assisted by technical andother advisory bodies, and having the legal authority for conducting the authorization

process for issuing authorization and thereby regulating nuclear power plant Sitting,Construction, Commissioning, Operation and Decommissioning or specific aspectsthereof.

ChannelAn arrangement of interconnected components within a system that initiate a

1 Asubstantial deviation may be a major fuel failure, a Loss of CoolantAccident (LOCA),etc . Examples of engineered safety features are: an Emergency CoreCooling System (ECCS) and containment.2

Example of Active Components are pumps, fans, relays and transistor. It isemphasised that this definition is necessarily general in nature as in the correspondingdefinition of Passive Components. Certain components, such as ruputre discs, check valves, injectors and some solid state electronic devices, have characteristics whichrequire special consideration before designation as an Active or Passive Component.3 Examples of Anticipated Operational Occurences are loss of normal electric

power and faults such as turbine trip, malfunction of individual items, of a normallyrunning Plant, failure to function of individual items of Control equipment, loss of power to main coolant pump.



single output. A channel loses its identity where single output signals are combinedwith signals from other channels e.g. from a monitoring channel or a safety actuationchannel.

Commissioning

The process during which the Nuclear Power Plant having been constructed aremade operational and verified to be in accordance with design assumptions and to havemet the design criteria; it includes both non-nuclear and nuclear tests.

Common Cause FailureThe failure of a number of devices or components to perform their functions as

a result of a single specific event or cause.

Competent AuthorityA national or state authority designated or otherwise recognized as such for a

specific purpose.

Control SystemA system performing actions needed for causing Plant variables to be main-

tained within prescribed limits.

DecommissioningThe process by which a NPP is finally taken out of operation.

DesignThe process and the results of developing the concept, detailed plans, support-

ing calculations and specifications for a Nuclear Power Plant

Design Basis AccidentAccident conditions against which the NPP is designed according to established

design criteria.

Diversity

The existence of redundant components or systems to perform an identifiedfunction, where such components collectively incorporate one or more different attrib-utes.

Electrical SeparationMeans for preventing one electric circuit from influencing another through

electrical phenomena.4

4. Examples of such attributes are: different operating conditiond of uses, differ-

ent size of equipment, different manufacturers, different working principles and types of equipments that use different physical methods.



Emergency Electric Power Supply (EEPS)That portion of the Emergency Power Systems provided for the purpose of

supplying electric power to a nuclear power plant’s safety systems during Operational

States as well as during and following Accident Conditions.

Fuel AssemblyAn assembly of fuel elements identified as a single unit (fuel bundle).

IndependentEquipment that is independent possesses either/or both of the following

characteristics:(1) Its ability to operate when required is unaffected by the operation or

failure of the other equipment.(2) Its ability to operate when required is unaffected by the presence of the

effects resulting from any postulated initiating event.

ltems Important to SafetyThe items which comprise :(1) those structures, systems, and components whose malfunction or failure

could lead to undue radiation exposure of the site personnel or members of the public;5

(2) those structures, systems and components which prevent AnticipatedOperational Occurrences from leading to Accident Conditions;

(3) those features which are provided to mitigate the consequences of malfunc-

tion, or failure of structures, systems or components.

Normal OperationOperation of a Nuclear Power Plant within specified Operational Limits and

Conditions including shutdown, power operation, shutting down, starting up, mainte-nance, testing and refueling (see Operational States).

Nuclear Power PlantA pressurized heavy water reactor or reactors together with all structures,

systems and components necessary for Safety and for the production of power, i.e. heator electricity.

Operational Limits and ConditionsA set of rules which set forth parameter limits, the functional capability and the

performance level of equipment and personnel approved by AERB for safe operation of the nuclear power plant.5

55

. This includes successive barriers set up against the release of radioactivityfrom nuclear facilities.



Operational StatesThe states defined under Normal Operation and Anticipated Operational

occurrences together.

Passive ComponentA component which has no moving part, and, for example, only experiences a

change in pressure, in temperature, or in fluid flow in performing its functions. Inaddition, certain components, which function with very high reliability based on irre-versible action or change may be assigned to this category.

Physical Separation(1) Separation by geometry (distance, orientation, etc.) or (2) Separation by appropriate barriers, or

(3) Separation by a combination thereof.

Postulated Initiating EventsEvents that lead to Anticipated Operational Occurrences and Accident Condi-

tions, their credible causal failure effects and their credible combinations?

Protection SystemA system which encompasses all electrical and mechanical devices and cir-

cuitry, from sensors to actuation device input terminals, involved in generating thosesignals associated with the protective function.

Quality Assurance

Planned and systematic actions necessary to provide adequate confidence thatan item or facility will perform satisfactorily in service.

RedundancyProvision of more than the minimum number of (identical or diverse) elements

or systems, so that the loss of any one does not result in the loss of the required functionof the whole.67

66

. Examples of Passive Components are heat exchangers, pipes, vessels, electri-cals cables, and structures. It is emphasised that the definition is necessarily general in

nature as is the corresponding definition of Active Components. Certain componentssuch as rupture discs, check valves, injectors and some solid state electronic devices,have characteristics which require special consideration before designation as an Activeor Passive Component.77

. The primary cause of postulated initiating events may be credible equipmentfailures and operator errors (both within and external to the Nuclear Power Plant), DesignBasis Natural Events and Design Basis External man-made Events. Specification of the

postulated initiating events should be acceptable to the Regulatory Body.



RegionA geographical area, surrounding and including the Site, sufficiently large to

contain all the features related to a phenomenon or to the effects of a particular event.

Reliability

The probability that a device, system or facility will perform its intendedfunction satisfactorily for a specified time under stated operating conditions.

Residual HeatThe sum of the heat originating from radioactive decay and shut down fission

and the heat stored in reactor related structures and in heat transport media.

Safety (Nuclear)

The achievement of proper operating conditions, prevention of accidents or mitigation of accident consequences, resulting in protection of site personnel, the publicand the environment from undue radiation hazards.

Safety FunctionA specific purpose that must be accomplished for safety.

Safety GroupThe assembly of equipment designated to perform all actions required for a

Postulated Initiating Event to ensure that the limits specified in the design basis for the

event are not exceeded.

Safety Related Instrumentation and Control SystemsThose I & C Systems important to safety, but not included in safety systems or

systems important to safety.

Safety SystemsSystems important to Safety, provided to assure, in any condition, the safe shut

down of the reactor and the heat removal from the core and/or to limit the consequencesof Anticipated Operational Occurrences and Accident Conditions (see Anticipated Op-

erational Occurrences and Accident Conditions).

Safety System Support FeaturesThe collection of equipment that provides services such as cooling, lubrication,

and energy supply required by the Protection system and the Safety ActuationSystems.

Severe Accidents Nuclear Power Plant conditions beyond those of Design Basis Accident causing

significant core degradation.



Single FailureA random failure which results in the loss of capability of a component to

perform its intended safety functions. Consequential failures resulting from a single

random occurrence are considered to be part of the single failure.

SiteThe area containing the Plant, defined by a boundary and under effective control

of the Plant Management.

Ultimate Heat Sink The atmosphere or a body of water or the groundwater to any or all of which

residual heat is transferred during Normal Operation, Anticipated Operational Occur-rences or Accident Conditions.



0300 GENERAL CRITERIA

General Principles

0301 The main objective of detailed requirements given in the Code and thedocuments cited herein is to ensure that radiation exposure of the acontrol public and plant personnel is kept within appropriate prescribedlimits under all operational states and within acceptable limits under all

postulated accident conditions. The concept of as low as reasonablyachievable (ALARA) should be applied.

With respect to accidents the objectives are to ensure that accidents aregenerally prevented; to ensure that, for all event sequences taken intoaccount in the design of the plant, even those that have very low

probability, radiological consequences are small; and to ensure, by both prevention and mitigation measures, that accidents with highconsequences are extremely unlikely.

0302 Interaction between NPP and environment, including for example, suchfactors as population, flora and fauna, meteorology, hydrology, andseismology shall be taken into account.

0303 Off-site services upon which safety of the plant and protection of the public maydepend shall be carefully planned and co-ordinated with public

authorities. This may include among others, supply of cooling water for ultimate heat sink, fire fighting, means of communication andtransport, emergency preparedness etc.

Defence in depth

0304 The design process shall incorporate defence in depth such that multiple levelsof protection are provided. Examples of these requirements are:

(1) The provision of multiple means for ensuring each of the basic

safety functions, i.e. reactivity control, heat removal and the con-finement of radioactivity;

(2) The use of reliable protective devices in addition to the inherentsafety features;

(3) The supplementing of the control of the plant by automaticactivation of safety systems and by operator actions;



(4) The provision of equipment and procedures to back up accident prevention measures, to control the course, and limit the conse-quences of accident.

0305 Escape of radioactive material is restricted by providing successive physical barriers (fuel cladding, reactor coolant boundary and contain-ment).Protection of these physical barriers against being breached is achieved

by echelons of equipments, systems and of procedures. Implementationof this concept of defence in depth is achieved by(1) Preventing deviation from normal operation as the first echelon,

(2) Detecting and intercepting deviations from normal operation con-ditions in order to prevent anticipated operational occurrences fromescalating into accident conditions, as the second echelon,

(3) Providing additional equipment, system and procedures to controlconsequences of unlikely accidents as the third echelon.

0306 Beyond the third echelon there are further contributions to the protec-tion of the public and site personnel by specific complementary plant featureswhich would be available to mitigate consequences of events beyondthe design basis and by plans for emergency preparedness.

0307 As a general requirement, the existenceof other levels of defence is not a

sufficient basis for continued operation in the absence of one level of defence. All levels of defence shall be available at all times asspecified for the various operational modes.

Safety Functions

0308 To achieve adequate safety it is essential to take safety into considera-tion as aninherent element of the overall design process. The purpose of thesafety approach presented in this Code is to maintain the plant in anormal operating state, to ensure the proper short term response

immediately following a PIE and to facilitate the management of the plant following accident conditions.

0309 To ensure safety the following general design requirements shall be met:

(1) Means shall be provided to safely shut down the reactor andmaintain it in the safe shutdown condition in operational statesand during and after accident conditions.



(2) Means shall be provided to remove residual heat from the coreafter reactor shutdown, including accident conditions.

(3) Means shall be provided to reduce the potential for the release of radioactive materials and to ensure that any releases are below

prescribed limits during operational states and below acceptablelimits during accident conditions.

0310 The consideration of safety functions is an approach for systematically meetingthese general requirements. The safety functions shall in-clude allfunctions that the plant system must perform to ensure plant safety inoperational states and during and following accident condi-tions.

0311 An overall requirement of the plant design is that its sensitivity to PIEs shall bereasonably low. The plant should be so designed as to bring it to oneof the the following stages following a PIE. Aim of design by defencein depth is to bring to a stage as near to the top of the list as canreasonably be achieved.

(1) A PIE produces no significant safety related effect or only achange in the plant towards a safe condition by inherent character-istics.

(2) Following a PIE, the plant is rendered safe by the action of systemswhich are continuously operating in the state required to controlthe PIE.

(3) Following a PIE, the plant is rendered safe by the action of systems which need to be brought into service in response to thePIE.

Design basis

0312 The design basis shall specify the necessary capabilities of the plant to copewith a specified range of operational states and accident condi-tionswithin the defined radiation protection requirements. The design basistypically includes the specification for normal operation, condi-tionscreated by the PIEs, important assumptions and, in some cases, the

particular methods of analysis.

Severe accidents

0313 The design basis for normal operation, anticipated operational occurre-



ences and accident conditions shall provided a high degree of assur-ance that nosignificant damage will occur to the reactor core and that releases of radioactive materials will stay below prescribed limits for operational

states and acceptable limits during accident conditions.

0314 Certain (unlikely) event sequences have the potential to cause signifi-cant coredegradation. These event sequences are called severe accidents.

0315 From the safety point of view it is prudent to consider these accident in atleasta limited way. Consideration, however, are not expected to involve therigorous application of conservative engineering practice used insetting design basis, but rather could be based upon realistic analysis.Based operating experience, associated safety analysis and resultsfrom safety research, design activities should include the following:

(1) Important event sequences that lead to severe accidents should beidentified for a given design.

(2) Consideration should be given to the existing plant capabilities in-cluding the possible use of some systems beyond their originallyintended function and design basis, and using some temporarysystem to return the plant to a controlled state and to mitigate theconsequences of the severe accident.

(3) Potential design changes which could either reduce the likelihoodof these events or would mitigate; the consequences, should theseevents take place, should be evaluated. They should be imple-mented if an overall increase of safety can be achieved through acommensurate effort.

(4) Accident management procedures should be established, takinginto account representative and dominant severe accidents.

Quality Requirements

0316 Structures, systems and components shall be designed, fabricated to the qualitylevel commensurate with the importance of safety to be performed,(AERB/DSG-316.1). The applicable codes and standards for design,fabrication, inspection, erection testing and inservice- inspection of allthese structures, systems and components should be identified(AERB/DSG-316.1).



0317 In the selection of equipment, consideration shall be given to both spuriousoperation and unsafe failure modes (e.g. failure to trip when required).Where failure of a system or component has to be expected and

accommodated by the design, preference shall be given to equipmentwhich exhibits a predictable mode of failure and facilitates repair or replacement.

0318 A comprehensive quality assurance programme during design, fabrica-tion,erection and testing (as required by the Quality Assurance Code No.AERB/SC/QA) shall be implemented in order to provide adequateassurance that all structures, systems and components important tosafety perform their intended safety functions throughout the life of the

plant.

0319 Necessary records of design, fabrication, inspection, erection, testing andmaintenance of structures, systems and components shall be maintainedthroughout the life of the plant as per procedures outlined in theQuality Assurance Code at the Plant site by the ResponsibleOrganisation.

In-Service Inspection, Testing, Maintenance, Monitoring

0320 Structures, systems and components important to safety shall be designed anderected so that they can be tested, maintained, inspected and monitored

for functional capability during the life of the plant, commensuratewith applicable standards. The system layout shall in-cludeconsiderations like periodic inspection, testing and maintenance in the

prevailing environment (Keeping in view the principle of ALARA).

0321 If the structures, systems and components important to safety cannot bedesigned to be tested, inspected or monitored to the extent desirable,adequate safety precautions shall be taken to compensate for potentialundiscovered failures.

System and Component reliability

Single Failure Criterion

0322 This section presents several design measures that may be used, if necessary in combination, to achieve and maintain the required relia-

bility commensurate with the importance of the safety functions to be performed.



0323 A single failure is a random failure which results in the loss of capability of acomponent to perform its intended safety function. Consequential

failures resulting from a single random occurrence are considered to be part of the single failure.

0324 An assembly of equipment satisfies the single failure criterion if it is able tomeet its purpose despite a single random credible failure assumed tooccur anywhere in the assembly. Fluid and electric systems areconsidered to be designed against an assumed single failure if neither:

(1) a single failure of any active component, nor

(2) a single failure of passive component results in a loss of capability

of the system to perform its safety function.

0325 All systems/components that are required to function following a postulatedinitiating event form a safety group. A single failure shall be assumedto occur in sequence at each element of the safety group until allcredible failures have been analysed in the Group. The analysis of eachsafety group shall be conducted in sequence and credible failures have

been considered.

0326 In this document, safety functions (or systems contributing to those safety

functions), in which redundancy is necessary to achieve the requiredhigh reliability, are identified by the statement “assuming a singlefailure” .

0327 Generally, passive components have very low probability of failure and maynot have to be taken into account. Single failures, including failure of

passive components, which need not be considered in the analysis aregiven in document AERB/DSG-0327.1.

0328 The single failure criterion shall be applied to classes of equipment assemblies,as follow:

(1) To each safety group incorporated in plant design.

(2) To each safety system where application of single failure criterionis identified in this document.

0329 Spurious action shall be considered as one mode of failure.



0330 Non-Compliance with single failure criterion may be justified for:

(1) very are postulated initiating events, or

(2) very improbable consequence of postulated initiating events, or

(3) withdrawal from service for limited periods of certain compo-nents for purposes of maintenance, repair or periodic testing (refer

para 0336):

Redundancy and Diversity

0331 High reliability often requires, in addition to high quality, the use of redundancyof, and, where appropriate diversity of structures, systems and

components within the assembly of equipment used either to mitigateconsequences of a postulated initiating event or to fulfill another important safety function.

0332 The minimum required degree of redundancy shall be, that which enables thesafety requirements to be met in each postulated initiating randomevent despite the assumed credible random failure of any onecomponent contributing to an important safety function which isneeded to mitigate the consequences of the postulated initiating event.This requirement, and the goal of maintaining intact, to the extent

practicable, all the barriers against escape of radioactive material shallreflect in the choice of number and capacity of redundant components.

Independence

0333 Reliability of systems can be improved by independence which means usingfunctional isolation and physical separation. Functional isola-tion shall

be used to reduce adverse interaction between equipment andcomponents of redundant or connected systems resulting from normal/abnormal operation or failure of any component in the system.

Physical separation which can be achieved by suitable layout and barriers shall be used as far as practicable to ensure that independence is achieved particularly in relation to common cause failure, fire etc.

Services for Safety Systems

0334 Safety system services are those used to provide essential services for safety purposes, such as cooling water, lubrication, compressed air, hydraulicfluid and electric supply. They shall have reliability,



redundancy, diversity, independence and provision of features for isolation, and testing for functional capability consistent with require-ments for the safety systems supplied (AERB/DSG-0316.1). If safety

systems support features are shared amongst various systems, thedesign shall provide for adequate redundancy to ensure uninterruptedavailability of the service to the safety system.

Common Cause Failure

0335 Common cause failure of safety systems/safety support features shall beidentified and eliminated. at the design stage by providing diversity,

physical separation, etc.

Equipment Outages

0336 In designing a plant for reliable performance, equipment outages shall be takeninto account. The impact of anticipated maintenance, tests and repair work on the reliability of each individual safety system shall beincluded in this consideration. If the resultant reliability is such that thesystem no longer meets the criteria used for design and operation, thenuclear power plant shall be shutdown or otherwise placed in a safestate if the component temporarily out of service cannot be replaced or restored within a specified time. This time and the actions to be takenshall be defined for each case in advance before the start of nuclear

power plant operation.

Design for optimized operator performance

0337 In the interest of safety the working areas and working environment of the site personnel shall be designed according to ergonomic principles.

0338 Systematic consideration of human factors and the man-machine interface shall be included in the design process.

0339 In the control room the operator shall be provided with clear displays of those parameters that indicate the current status of all equipment and systemsnecessary to achieve the safety functions outlined in paras 0309 and0310 of this Code in a coordinated manner.

0340 The operator needs information that permits him :

(1) To assess readily the general state of the plant whichever opera-tional occurrence, or an accident condition, and confirm that thedesigned automatic safety actions are being carried out;



(2) To determine the appropriate operator initiated action that should be taken

0341 The design shall aim to promote this success of operator actions in the light of the time available, the expected physical environment, and psychological pressure. The need for operator intervention on a shorttime scale of less than 30 minutes following a PIE should be kept to aminimum. The design should take into account that the credit for suchoperator intervention within 30 minutes of PIE is only acceptablewhere the designer can demonstrate that the operator has sufficienttime to decide and to act, that the necessary information on which theoperator must base a decision to act is simply and unambiguously

presented, and that the physical environment following the event isacceptable in the control room. However, even in such cases the

design shall not take credit for operator action within first 15 minutesof PIE.

Heat Transfer to an ultimate heat sink

General requirements

0342 System(s) to transfer residual heat from structures, systems and com-ponentsimportant to safety, to an ultimate heat sink shall be provided(AERB/DSG-0342.1 ). The system’s safety function shall be to trans-fer combined heat load of the structures, systems and componentsunder normal operating, anticipated operational occurrences and acci-dent conditions at a rate such that specified fuel design limits and thedesign conditions of the reactor coolant pressure boundary are notexceeded. This function shall be carried out at very high levels of reliability. All systems that contribute to the transport of heat, bysupplying fluids to the heat transport systems, by conveying heat, by

providing power, shall reflect in their design the importance of their contribution to the overall heat transfer function. Suitable redundancyin components and systems and suitable interconnections, leak detec-

tion and isolation capabilities shall be provided to assure that thesystem safety functions can be accomplished assuming a single failurecriterion. Natural phenomena and man-made events as given in

paragraphs 0356, 0357, 0358 and 0359 shall be taken into account inthe design of systems and in the possible choice of diversity in theultimate heat sinks and in the storage systems from which heat transfer fluids are supplied. Availability of heat sink should be ensured under the condition of non-availability of off-site and on-site power for extended period.



Inspection and Testing

0343 The system shall be designed to permit appropriate periodic inspection of important components to assure the integrity and capability of thesystem.

0344 The system shall be designed to permit appropriate periodic pressure andfunctional testing to assure:

(1) the structural and leak tight integrity of its components,

(2) the operability and the performance of the active components of the system and,

(3) the operability of the system as a whole and, under conditions asclose to design as practical, the performance of full operationalsequence that brings the system into operation for reactor shut-down and or loss of coolant accidents; including operation of applicable portions of the protection systems and the transfer

between normal and emergency power sources including opera-tion under complete loss of power.

Monitoring of Radioactive Release

0345 Fluids released to the ultimate heat sink shall be monitored for radioactivity toensure permissible limits of radioactive release are not exceeded.

Effects Associated with Equipment Failure

0346 Structures, systems and components important to safety shall be designed toaccommodate the effects of, and to be compatible with theenvironmental conditions, associated with, operational states andaccident conditions (AERB/DSG-0346.1). To avoid secondary fail-ures that could increase the safety related consequences of the primaryevent, these structures, systems and components shall be appropriatelylocated or protected against dynamic effects, including the effects of missiles, pipe whipping and discharging fluids and flooding that mayresult from equipment failures (AERB/DSG -0346.1). If these condi-tions are not fulfilled, other appropriate measures shall be incorporatedin the design.



Sharing of Structures, Systems and Components

0347 Structures, systems and components important to safety shall not be normallyshared between two or more reactors unless it can be shown that suchsharing does not impair their ability to perform their intended safetyfunctions. In the event of an accident in one reactor system, orderlyshutdown, cool down and residual heat removal of the remain-ingreactors shall not be impaired. Also, in long run it shall be possible tooperate the other reactor systems safely.

Escape Routes and Means of Communication

0348 The Plant shall have simple, clearly and durably marked, safe escape routeswith reliable and adequate emergency lighting and other build-ingservices essential to the safe use of these routes. Escape routes shallhave adequate redundancy.

0349 Suitable alarm systems and means of communication (audio and/or visual) shall be provided so that all persons present in the plant can be warned andinstructed even under accident conditions.

0350 Communications necessary for safety, both within the plant and to the outside,shall be assured at all times. This requirement shall be taken into

account in the design and in the diversity (atleast two independentmeans) of the communication methods selected. Means for the safetyof plant personnel shall be provided taking into account conflicting re-quirements from the point of view of industrial safety, radiation andfire protection and security.

Control of Access to Plant

0351 The Plant shall be isolated from the surroundings by suitable layout of thestructural elements in such a way that access to it can be perma-nently

controlled. In particular, attention shall be paid in the design of the buildings and site layout. Provision shall be made for supervisory personnel and/or equipment to guard against unauthorised entry to andexit from the plant of persons and goods. This control is required to

protect personnel from unnecessary exposures and for security of thePlant.

Protection Against Fire and Explosions

0352 Structures, systems and components important to safety shall be



designed and located to minimize, consistent with other safety requirements, the probability and effect of the fires and explosions caused by events inaddition to those described in paragraphs 0356, 0357, 0358 and 0359.

This objective shall be achieved by suitable incorporation of redundant parts, diverse systems, physical separation, fire barriers and design for fail-safe operation. Noncombustible or fire-retardant and heat resistantmaterials shall be used wherever practicable throughout the Plant,

particularly in locations such as containment, control room and allsafety related buildings. Fire detection and fire fighting systems of appropriate capacity and capability shall be provided. Fire fightingsystems shall be designed and located to assure that their rupture or spurious or inadvertent operation does not significantly impair capability of structures, systems and components important to safety.

0353 Requirement for the design of fire protection explosion and fire- fighting systemare given in (AERB/DSG-0353.1).

Materials

0354 Selection of materials for structures, components, etc. shall be based onconsiderations, among others, like:

(1) Irradiation damage :(2) Activation & Corrosion : To ensure satisfactory

(3) Creep, fatigue : performance duringnormal(4) Erosion : operation and accident(5) Compatibility with other : conditions

interacting materials(6) Thermal Effects :(7) Resistance to brittle fracture. :

0355 Generally used materials along with their applicability, limitation etc. are givenin AERB/DSG-0355.1.

Protection Against Natural Phenomena

0356 Structures, systems and components necessary to assure the capability for shutdown, residual heat removal and confinement of radioactivematerial shall be designed to remain functional throughout the Plantlife in the event of natural phenomena such as earthquakes, cyclonesand floods. Design basis for these structures, systems and componentsshall include:



(1) Consideration of the most serious of the natural phenomena or other external events which, according to the state of art in scienceand technology, must be considered at the specific sites,

(2) Consideration of the radiological effects of such events.

Design basis events of these structures, systems and components are asdescribed in AERB Sitting Code (AERB/SC/S).

Protection Against Man-Made Events

0357 Structures, systems and components necessary to assure the capability for shutdown, residual heat removal and confinement of radioactivematerial shall be designed to remain functional despite man-madeevents that might occur due to activities at or near the site like damruptures, mining operations and chemical operations etc. as identifiedin AERB Siting Code (AERB/SC/S).

0358 If the likelihood of failure due to one of these events, taking into considerationthe future developments at or near the plant site can be inferred to beextremely low, failure caused by that event need not be included in thedesign basis for that Plant.

0359 To the extent possible, the design of the Plant shall include appropri-ate

provision against the possibility of sabotage.

Combination of Events

0360 The design basis for the structures, systems and components important to safetyshall reflect for each site:

(1) The combinations of man-induced events, natural phenomena,equipment failures and operator errors which could credibly occur simultaneously with significant probability, and

(2) The radiological consequences of such combination of events.

0361 Initiating events and combinations thereof, operator errors are given indocument AERB/DSG-0361.1.

Environment

0362 Equipment design/selection shall take into consideration the effect of localenvironment prevalent in normal and accident conditions, during



fabrication, transportation, storage, commissioning and operation.Consideration shall be given to temperature, humidity, salinity, pollut-ants, radioactivity, etc.

System Storage Capacities

0363 Storage capacities of systems, important to safety (for example, emergency corecooling system, instrument process air supply system, emergency

power supply system, etc.) shall be adequate to tide over theanticipated operational occurrences and accident conditions.

Decommissioning

0364 At the design stage, special attention shall be paid to measures facilitating thedecommissioning of the plant. Attention should be directed to keep theexposures of personnel and the public during decommissioning “as lowas reasonably achievable (ALARA)” and to ensure adequate protectionof the environment from radioactive con-tamination. Adecommissioning report should be prepared at the design stage itself.



0400 GENERAL REACTOR DESIGN

0401 The reactor core components and the associated coolant, moderator, control and

protective systems shall be designed with appropriate mar-gins toassure that the specified acceptable design limits are not exceededduring all operational states.

Core Components

0402 The reactor core components include:

Calandria and Endshield assembly

Coolant Channel Assemblies

Other internals like shut off rods, and control rod assemblies and associatedstructures

Fuel Assemblies

0403 The design of the reactor core, pressure tubes, calandria vessel and the reactor internal structures shall account for the static and dynamic loadingexpected in the operational states and accident conditions with dueregard to the effects of temperature, pressure, irradiation, ageing, creep,

corrosion, erosion, hydriding, vibrations and fatigue. Under postulatedaccident conditions, the adequate integrity of the reactor corecomponents shall be maintained to ensure:

(1) Safe shutdown of the reactor

(2) Coolable geometry and adequate core cooling such that fueldesign limits (AERB/DSG-0403.1) are not exceeded.

Fuel Assemblies

0404 The design of fuel assemblies shall be such that they will satisfactorilywithstand their intended exposure in the reactor core despite all

processes of deterioration that can occur.

0405 The design of fuel assemblies shall consider the coolant pressure, fission gas pressure, swelling of fuel material, thermal expansion, pellet cladinteractions, power ramps, fuelling loads, dynamic load-ings includingflow induced vibrations, load variations, pressure drop,



sub-channel flow distribution, irradiation damage to design aspects and operationallimits for fuel assemblies (AERB/DSG-0403.1).

0406 Specified fuel design limits, including permissible fission product leakage, shallnot be exceeded in normal operation, and conditions that may betransiently imposed during anticipated operational occur-rences shallcause no significant additional deterioration. Fission product leakageshould be kept to a practicable minimum. In accident conditions thefuel shall remain in position and shall not suffer distortion to an extentthat would render post-accident core cooling insufficiently effective;specified fuel element limits for accident conditions shall not beexceeded.

0407 The design of fuel assemblies shall consider post irradiation handling and

storage including those damaged during usage or handling.

Nuclear Design and Core Control

0408 The Core and its control shall be so designed that, under no circum-stancesuncontrolled increase of power occurs. The control system worth andthe insertion rates shall be sufficient to override reactivity changesincluding internal dynamic reactivity coefficients during all operationalstates and accident conditions. Reactivity insertion rate shall be within

permissible limits (AERB/DSG-0408.1).

0409 Isotopic purity of heavy water coolant shall be above or equal to the designvalue limits of positive void coefficient.

0410 The reactor core including the associated coolant, moderator, control and protection system shall be designed to assure that power oscilla-tionsand/or unstable core coolant flow which can result in conditionsexceeding specified acceptable fuel design limits (AERB/DSG-0403.1)are not possible or can be readily and reliably detected and suppressed.

0411 The fuel design limits shall not be violated under any shape and level of neutron flux that can exist in any state of the core including those atfresh start up, after shutdown, during and after refuelling and thosearising from anticipated operational occurrences and accident condi-tions.

0412 The flux shapes shall be detected or inferred from measurements so as to ensurethat the fuel design limits are not violated in any region of the core.



0413 The design of the core and the fuel management scheme provided shouldminimize the demands made on control system for maintaining fluxshapes and levels within stipulated limits in all operational states.

0414 The analytical methods used for calculating the reactivity coefficients, excessreactivity and control element worth shall be verified in thecommissioning experiments at different power levels before the reac-tor is operated at regular full power (AERB/DSG-040t1.1).

Reactor Shutdown

0415 The reactor shutdown system(s) shall be capable of making and holding thecore adequately subcritical in the event of any anticipated operationaloccurrences and postulated accident conditions. The shutdown functionshall be ensured even for the most reactive situation of the core.

0416 The shutdown margin (AERB/DSG-0408.1), speed of action and theeffectiveness shall be such that fuel design limits (AERB/DSG- 0403.1)are not exceeded during anticipated operational occurrences. During

postulated accident conditions it shall be ensured that the core alongwith all internals are not damaged to extent that adequate core coolingcannot be maintained.

0417 The reactor shutdown shall be performed by two diverse systems of different

design principles. Each of the systems shall be on its own capable of quickly rendering the nuclear reactor sub-critical by an adequatemargin from operating and accident conditions. Each of these systemsshall also be capable of reliably overriding reactivity changes resultingfrom refuelling, during shutdown, and withdrawal of any controlrod/shut-off rods for maintenance during shutdown, and withdrawalsequence of the shut-off rods for startup with reactor in cold condition.One shutdown system shall be, on its own, capable of rendering thereactor sub-critical from normal operating conditions and of maintaining the reactor sub-critical by an adequate margin in the mostreactive situation of the core including the capability of reliablyoverriding reactivity changes resulting from xenon decay after shutdown.

0418 Redundancy, diversity and independence shall be provided in the reactor shutdown systems such that unavailability of either of the systems isextremely low. Adequate margins shall be given for the failuresanywhere in the Plant, as a result of which a fraction of the reactor shutdown system could become inoperative (AERB/DSG- 0408.1).



Each shutdown system shall perform its function assuming a single failure.

0419 Instrumentation and tests shall ensure that the shutdown systems are in the state

required. Design shall ensure that periodic in-service inspec-tion,calibration, functional testing and replacement are feasible.

0420 For the purpose of reactivity control and flux shaping during normal power operation a portion of the shutdown means may be used if shutdowncapability is maintained at all times.



0500 REACTOR COOLANT SYSTEM

0501 Reactor coolant system includes the main coolant system, pressure control

system, residual heat removal system (shutdown cooling sys-tem),emergency core cooling system and other associated systems.

0502 Fuelling machine and its associated control system shall also form part of reactor coolant system during the period when it is connected to thecoolant channel.

0503 The components of reactor coolant system include pressure tubes, end fittings,seal plugs, feeders, headers, pumps, steam generators, heat exchangers,

pressurise, accumulators, valves, connected piping and associatedcomponent support structures.

General Requirements

0504 Components which are part of reactor coolant pressure boundary shall bedesigned, fabricated, inspected, erected and tested to the qualitystandards as given in Safety Guide (AERB/DSG-0504.1).

0505 The reactor coolant system and associated auxiliary, control and pressure relief system shall be designed so that the reactor coolant pressure boundarywithstands all static and dynamic loads during all operational states and

accident conditions (AEKB/DSG-0504.1).

0506 Design shall reflect consideration of all conditions with due allowance made for deterioration that may occur in service, such as by corrosion, erosion,fretting, creep (limited to “pressure tubes”) fatigue, chemicalenvironment, radiation environment (AERB/DSG-0504.1) for any un-certainties in determining initial state of component and in the state of

possible deterioration. In the design of the pressure retaining bound-ary, consideration shall be given to obtaining characteristics whichensure slow propagation of any flaw (e.g. related to delectability of

flaws: leak before break). Designs and conditions in which compo-nents of the reactor coolant pressure boundary including coolantchannel assemblies could exhibit brittle behavior shall be avoided.

0507 The design of the components contained within the reactor coolant pressure boundary, such as pump impellers and valve parts, shall be such as tominimize the likelihood of failure and associated conse-quentialdamage to other items of the primary coolant system impor-tant tosafety during all operational states and accident conditions with dueallowance made for deterioration that may occur in service.



In-Service Inspection of Reactor Coolant Boundary

0508 The reactor coolant boundary components shall be designed, manufac-tured and

laid out in such a way that it is possible, throughout the service life of the Plant to carry out at appropriate intervals, adequate inspections andtests of the boundary, wherever necessary (AERB/ DSG-0504.1).

0509 Monitoring for soundness of the reactor coolant pressure boundary shall be provided by detection of flaws, distortion, or any abnormal behaviour or of excessive leakage.

0510 Where the safety analysis of the Plant indicates that particular failures in thesecondary system (AERB/DSG-0361.1) may result in seriousconsequences, it shall be possible to inspect the relevant parts of thesecondary cooling system.

Reactor Coolant Makeup

0511 Provision shall be made to maintain the quantity or pressure of coolant to ensurethat specified design limits are not exceeded in any opera-tional state,taking into account volumetric changes and leakage. The systems

performing this function shall have adequate flow capacity (flow rateand storage) to meet this requirement. They may be composed of components needed for the processes of power genera-tion or may be

specially provided for performing this function. The system shall bedesigned assuming a single-failure.

Reactor Coolant Cleanup

0512 An on-line system shall be provided to clean the reactor coolant system fromcorrosion products and radioactive substances including fission

products leaking from the fuel to minimize the crud and radioactivitylevel and keep it below their specified limits.

Residual Heat Removal

0513 A system for removing residual heat shall be provided. The system’s safetyfunction shall be to transfer fission product decay and other residualheat (AERB/DSG-0513.1 ) from the reactor core at a rate such thatspecified fuel limits and design conditions of the reactor coolant

pressure boundary are not exceeded.

0514 Adequate redundancy, diversity and design features such as suitable



interconnection, leak detection and isolation capability shall be provided to fulfill theserequirement with sufficient reliability, assuming a single failure.

0515 Main coolant system coast down characteristics coupled with suitablelayout of the system, to ensure cooling by thermosyphon, may beconsidered as part of residual heat removal system.

0516 Residual heat removal system shall have provision for fast removal of residual heat to override emergencies.

Emergency Core Cooling

0517 Adequate core cooling in the event of loss of coolant accident (LOCA) due torupture anywhere in the reactor coolant system shall be provided by

incorporating high pressure injection and long term recirculationsystems to limit the escape of fission products from the core (AERB/DSG-0517.1) This means that cooling shall be of such efficiency that:

(1) the cladding temperature will not exceed the acceptable designvalue for accident conditions (AERB/DSG-0403.1),

(2) possible chemical reactions are limited to an allowable value(AERB/DSG-0517.2),

(3) the fuel and internal structural alterations will not significantlyreduce the effectiveness of the means of emergency core cooling,

(4) cooling of the core shall be ensured for all times, in conjunctionwith other systems if required.

0518 Suitable redundancy, diversity and design features such as intercon-nection, leak detection and isolation capability shall be provided, withsufficient reliability, assuming a single failure.

Testing and Inspection of Emergency Core Cooling System

0519 The emergency core cooling system shall be designed to permitappropriate inspection and testing of important components (AERB/DSG-0504.1) to ensure

(1) the structural and leak-tight integrity of its components,

(2) the operability and performance of the active components of the



system during normal operation, as far as feasible, and

(3) the operability of the system as a whole under conditions as close

to design basis as practical, e.g., the performance of the fulloperational sequences that brings the system into operation,including operation of applicable portions of the protection sys-tem, the transfer between normal and emergency power sources,and the operation of the associated safety system support features.

Auxiliary Feed Water System

0520 An auxiliary feed water system of high reliability shall be provided to ensurethat process parameters of the reactor coolant system during specifiedoperational states and accident conditions are maintained withinstipulated limits.

Appropriate provision of steam discharge from steam generator shall be made.The system shall be designed assuming a single failure.

Fuelling system

0521 During on power refuelling, the fuelling machine is considered a part of thereactor coolant system starting from coupling of fuelling machine (tocoolant channel) till its decoupling (from coolant chan-nel).

0522 Fuelling machine integrity requirements shall be consistent with the integrity of reactor coolant boundary. The probability of loss of coolant and/or ejection of spent fuel should be minimized. In order to ensure theintegrity of reactor coolant pressure boundary during fuellingoperations, means shall be provided to verify the leak tight-ness of thesystem before removal and after installation of the seal plug.

0523 Since the movement of fuelling machine connected to a fuel channel could leadto breaching of reactor coolant boundary, measures to prevent this from

occurring shall be employed. Design of emergency core cooling systemand shut down cooling system shall take congnisance of refuellingoperation.



0600 CONTROL AND INSTRUMENTATION


0601 Instrumentation shall be provided to monitor variables and systems over their ranges for normal operation, for anticipated operational occurrencesand for accident conditions as appropriate to assure adequateinformation on plant status. Instrumentation shall be pro-vided for measuring all main variables that can affect the fission process, theintegrity of the reactor core, the reactor cooling systems and thecontainment and for obtaining any plant information required for thereliable and safe operation of the plant. The instrumentation andcontrol system shall incorporate adequate redundancy and diver-sity to

achieve the required reliability, recording of measurements importantto safety shall be provided (AERB/DSG-0601.1).

0602 Appropriate controls shall be provided to maintain these variables within prescribed operating ranges.

0603 Instrumentation and recording equipment shall be provided to ensurethat essential information is available for following the course of accident conditions and the status of essential equipment, and for

predicting, as far as is necessary for safety, the locations and quantitiesof radioactive materials possibly escaping from their design locations.

The instrumentation provision as far as practicable should providestatus of the plant during envisaged severe accident situation whichmay help accident management.

Periodic Testing and Maintenance

0604 Design and layout of instrumentation systems shall be such as to permit periodictesting and preventive maintenance, keeping the resultant radiationexposure ALARA, in order to detect and rectify faults and incipientfailures of instruments and their components.

Instrument Power Supply System

0605 Instrument Power supplies - both pneumatic and electrical- shall be designed,installed and tested to ensure adequate availability and reliability(AERB/DSG-0601.1).



Control Room

0606 A control room shall be provided from where the Plant can be safely operated in

all its operational states, and from where it can be brought andmaintained in the safe state after the onset of accident conditions andsuch design basis events as are to be used in the design of Controlroom. The Control Room design and layout shall ensure adequate

protection of occupants from hazards which could jeopardise neces-sary operator actions.

0607 Displays in the Control room shall provide the operator with an adequate andcomprehensive information of the state and performance of the Plant.The layout and design of the safety related instrumenta-tion, in

particular, shall ensure prompt attention of the operator and provide

him with accurate, complete and timely information on the states of allsafety systems during all operational states and accident conditions.Also, if any part of the safety systems have been tempo-rarily renderedinoperative for testing under administrative control, the bypaas shall

be automatically displayed in the Control room.

Emergency Control Room

0608 An Emergency Control Room shall be provided in the Plant design, to providesufficient information and control equipment, so that during a loss of

ability to perform essential safety function from the main control room,the following operations can be carried out :

(1) Reactor can be placed and maintained in a shut downstate;

(2) Residual heat can be removed;

(3) Essential plant variables can be monitored,(AERB/DSG- 0608.1).

The Emergency Control Room shall be physically and elec-trically separated from the main control room. The emer-gency control room will meet the design requirements of thecontrol room.



0700 PROTECTION SYSTEM

0701 The protection system is provided to maintain safety in situations in which the

control systems do not maintain the plant variables within acceptablevalues. The protection system in conjuction with safety actuationsystems and safety system support features perform all safety tasks thatmay become necessary.


0702 The protection system shall be designed to:

(1) initiate automatically the operation of appropriate systems, asnecessary, including the reactor shutdown system to assure thatspecified fuel and pressure boundary design limits are not ex-ceeded during anticipated operational occurrences (AERB/DSG-0702.1);

(2) sense accident conditions (AERB/DSG-0361.l ) and to initiate theoperation of systems required to mitigate the consequences of suchaccident;

(3) be able to override unsafe actions of the regulating/control sys-tem.

0703 The design shall be such as to minimise the likelihood that operator actionscould defeat the effectiveness of the protection system.

Protection System Reliability and Testability

0704 Redundancy, diversity and independence shall be provided in the protectionsystem, in order to achieve reliability targets. It shall be ensured that:

(1) it performs its function assuming a single failure;

(2) removal of any component or channel does not result in loss of required minimum redundancy or reliability;

(3) effects of natural phenomena and postulated accident conditionson any channel do not result in loss of the protection systemfunction; and



(4) it is fail safe under all conditions including extremeenvironments.

0705 The protection system shall be designed to provide for testing and calibratingthe channels and the devices used to derive the final output signal fromthe various channel signals. The system shall be designed to permit

periodic testing of its functioning when the reactor is in operation(AERB/DSG-0361.1).

Separation of Protection and Control Systems

0706 Interference of the protection system and the control system shall be prevented by avoiding interconnections or by suitable functional isolation. If signals are used in common by both the protection system and anycontrol system, appropriate separation (e.g. by adequate decoupling)shall be ensured and it shall be demonstrated that all stipulated safetyrequirements of this Code are met.



0800 ELECTRIC POWER SYSTEMS


0801 Electric power system shall comprise of off-site supplies and on-site includingemergency power supply system (AERB/DSG-0801.1). These systemsshall be designed, installed, tested, operated and main-tained to permitfunctioning of structures, systems and components important to safetyduring normal operation, anticipated operational occurrences andaccident conditions (AERB/DSG-0361.1).

0802 Functional adequacy of both off-site and on-site systems shall be in systemassured by having adequate capacity, redundancy, independence andadequate testability.

Off-site Power System

0803 Electric power from the transmission network to the on-site electric distributionsystem shall be supplied by two physically independent circuitsdesigned and located so as to minimise the probability of their simultaneous failure during normal operation and under accidentconditions. Switchyard common to both circuits is acceptable. Eachof these circuits shall be designed to be available on a long term basis

following a loss of Plant generation and loss of the other circuit, toensure continued availability of off-site power.

Emergency Power Supply System

0804 After some PIEs, various systems and components important to safety willrequire emergency power. The emergency power supply shall be ableto supply the necessary power during any PIE assuming thecoincidental loss of off-site power. Emergency power supply systemshall have sufficient redundancy, independence (including physical

separation between independent systems), and testability to performtheir safety functions, with high reliability assuming single failure.

0805 Various means of supplying emergency power are available, e.g., water, steamor gas turbines, diesel engines and batteries. Power may be supplieddirectly to the driven equipment or through an emergency electricalsystem.

0806 The emergency electrical loads shall be identified; the safety functions to be performed and the type of electric power for each safety load shall beidentified (AERB/DSG-0801.1).



Inspection and Emergency Power Supply Systems

0807 The system shall be designed with a provision to test periodically:

(1) the operability and functional performance of the components of the on-site power systems;

(2) operability of the system as a whole and the full operationalsequence that brings the system into operation.



0900 CONTAINMENT SYSTEMS

0901 A containment system shall be provided to enclose completely the reactor

coolant system and other radioactive fluid containing systems to keepthe release of radioactivity to the environment within accept-ablelimits in normal operation and accident conditions. Exempted from thisrequirements are steam generator tubings and systems with low

pressure (like purification system, spent fuel storage bay and wastestorage). The containment system includes:

(1) the containment structures and appurtenances,

(2) equipment required to isolate the containment envelope, andassure its integrity following an accident,

(3) equipment required to reduce the pressure or free radioactivematerial within the containment envelope,

(4) equipment required to limit the release of radioactive materialfrom containment following an accident.

Containment Design

0902 The containment structure, including access openings and penetration

and isolation valves, shall be designed with sufficient margins, basedon the internal pressures and temperatures and dynamic effects such asmissiles (internal) and reaction forces resulting from the accidentconditions (AERB/DSG-0902.1)The effects of other potential energysources such as energy in steam generators and energy from possiblechemical and radiolytical reactions, shall also be considered. Dueconsideration shall be given to protection against natural phenomenaand man-made events.

0903 The design pressure of the containment shall not be less than the peak

pressure, as calculated by accepted methods (AERB/DSG-0902.1).The design temperature of a region of the containment shall be itsmaximum space average temperature occurring in the course of theaccident. In addition, the local transient temperatures and pressures incertain internal pockets must be accounted for.

0904 The layout and surface conditions of the containment should be so designedthat sufficient testing, and repair if necessary, can be con-ducted atany time during life of the Plant. In case of double contain

ment, the secondary containment should completely envelop the primarycontainment. The annular space between the primary and secondary



containment envelopes shall be provided with a purging arrangement tomaintain a negative pressure in the space.

Containment Leakage

0905 The reactor containment system shall be designed such that the prescribedmaximum leakage rate is not exceeded during accident conditionsthroughout the service life of the Plant (AERB/DSG- 0902.1). Thedesign leakage rate shall be kept to a minimum in keeping with theALARA principle.

0906 The containment structures and other equipment and componentsrelevant to the leak tightness of the systems shall be designed andconstructed in such a way that the leak rate can be tested at the design

pressure after all penetrations are installed.

0907 The radioactive liquids accumulated in the reactor containment build-ingfollowing loss of coolant accident shall not leak to the environment byseepage, etc.

Containment penetration

0908 All penetrations through the containment shall meet the same designrequirements as the containment structure itself. They shall be

protected against reaction forces stemming up from pipe movement or accident loads such as missiles, jet forces, pipe whip etc.

0909 If resilient seals, expansion bellows or isolation valves are used with penetration, they should be designed to have local leak testing capabilities, independent of the overall rate determination of the contain-ment.

Containment Isolation

0910 Each line that penetrates the containment and is directly connected to thecontainment atmosphere or to the reactor coolant system shall beautomatically and reliably sealable in the accident conditions (AERB/DSG-0361.1) in which the leak tightness of the containment is essentialto prevent the release of radioactivity to the environment aboveacceptable limits. These lines should, therefore in general, be fittedwith atleast two containment isolation valves consistent withcontainment design. Isolation valves shall be located as close tothe



containment boundary as is practical. Containment isolation shall beaccomplished assuming a single failure.

0911 If the application of this criterion reduces the reliability of a safety system (suchas ECCS) that penetrates containment, redundancy shall be provided insuch systems. Containment isolation should not jeopardise functioningof safety systems.

0912 Each line that penetrates the primary reactor containment and is neither part of the reactor coolant pressure boundary nor connected directly to thecontainment atmosphere shall have atleast one adequate containmentisolation valve. This valve shall be outside the contain-ment andlocated as close to the containment as is practical (AERB/ DSG-0902.1 ).

Containment Air Locks

0913 Personnel and equipment access to the containment shall be through air locksequipped with doors that are interlocked to ensure that containmentintegrity is not violated during reactor operation and under accidentconditions, considering single failure criterion.

0914 Pressure suppression system shall have adequate capacity and capabil-ity tocondense under accident conditions all steam passing from volume V1

to Volume V2. (Volumes V1 and V2 refer to those parts of thecontainment which are upstream and downstream respectively of thePressure suppression pool). During its passage steam and air mixtureshall have sufficient contact with water in the suppression pool todissolve soluble radioactive releases. Vent shafts shall be suitablylocated in volume V 1 to equalise pressure in building compartments.Vent shafts shall be designed to withstand dynamic loading due to flowof fluids. (AERB/DSG-0914.1). The interface between volume V1and V2 shall have pressure sealing such that the prescribed equivalentleakage path area is not exceeded.

Containment Intra-Connections

0915 The design shall provide ample flow routes between separate compart-mentsinside the containment designed to act as one single intercon-nectedvolume during accident conditions. The cross sections of openings

between compartments shall be sized to ensure that the



pressure differentials during accident conditions do not result in damage to the pressure bearing structure or to other systems of importance in limitingthe effects of accident conditions.

0916 In case, during normal operational states these openings are necessary to besealed, the sealing arrangement shall be designed to blow open under accident conditions so that the pressure equalization proceeds asdesigned.

0917 The openable hatches, doors etc. provided between the sealed safety relatedvolumes shall be designed and operated to maintain adequate leak tightness.

Containment Heat Removal

0918 Capability to remove heat from the reactor containment during an accidentshall be ensured. In the event of an accident this system must becapable of ensuring a sufficiently rapid reduction in temperature and

pressure in the containment. This system shall have adequatereliability, diversity and redundancy to ensure that safety function can

be accomplished, assuming a single failure.

Containment Atmosphere Clean up

0919 Systems to control fission products, hydrogen, oxygen and other substanceswhich may be released into the reactor containment shall be providedas necessary:

(1) To reduce the amount of fission products which might be releasedto the environment during accident conditions;

(2) To control the concentration of hydrogen or oxygen and other sub-stances in the containment atmosphere during accident conditionsto prevent explosion or deflagration which could jeopardisecontainment integrity.

0920 The containment atmosphere cleanup systems shall have suitable redundancy incomponents and features, to ensure that their safety functions can beaccomplished, assuming a single failure.

0921 Filter facilities intended for accident conditions should be separately located.They should not be in continuous use during normal operation.



0922 The design of the plant shall be such that following an accident, it is possible toisolate all sources of compressed air and other non- condensable gasesleading into the containment atmosphere, other than those required for

the operation of necessary equipment.

Coverings and Coatings

0923 The coverings and coatings for components and structures within thecontainment system shall be selected and their methods of applicationshall be specified, to ensure fulfillment of their safety function under all states of operation and accident conditions and to minimize interfer-ence with other safety functions in the event of deterioration.

Containment Testing and Inspection

0924 The containment and associated system shall be designed to permit appropriateinspection and testing to ensure :

(1) the structural integrity and leak tightness during pneumatic pressure tests at design condition before commissioning,

(2) leak tightness during the operational phase; this testing can bedone at a reduced pressure. The acceptable leak rate at thisreduced pressure shall be established during commissioning,

(3) functionally correct and reliable actuation of the isolation valvesand dampers and their leak tightness during the operational

phase,(4) functional and reliable performance of other features (for ex-

ample, Building coolers), for which credit has been taken for calculating the containment pressure rise during postulated acci-dent conditions.



1000 RADIOLOGICAL PROTECTION


1001 Radiological protection is directed to avoid unnecessary radiation exposures andto keep unavoidable exposures as low as reasonably achievable. Thisobjective shall be accomplished in the design by :

(1) appropriate layout and shielding of structures, systems, and components containing radioactive materials,

(2) attention to the design of the Plant and equipment so as to reducethe time and number of site personnel exposed to radiation or contamination,

(3) minimising leakage from systems having heavy water and associ-ated cover gas,

(4) the provision for collection and segregation of radioactive mate-rials in an appropriate form and condition, either for their disposalon the site or for their removal from the site,

(5) arrangements to control, minimize the quantity and concentrationof radioactive materials spread within the Plant or released to the

environment.

1002 Full account shall be taken of the build-up of radiation levels with time in areasof personnel occupancy and the generation of radioactive materials aswastes (AERB/DSG-1002.1).

Design for Radiological Protection

1003 The Plant shall be designed to limit radiation exposures, both within andoutside the Plant to prescribed limits for the operational states and

acceptable levels for accident conditions.

1004 Suitable provisions shall be made in the design and layout of the Plant tominimize exposure and contamination from all sources of radioac-tivity. Such provisions will include shielding of radiation sourcesmeans of monitoring, control of access to the Plant, and suitabledecontamination facilities.



1005 The shielding design shall be such that radiation levels in operating areas do notexceed the prescribed limits and it shall facilitate maintenance so as toreduce radiation exposure of maintenance personnel.

1006 The Plant arrangements shall provide for control of access into radiation andcontamination areas and shall also minimize contamina-tion from themovement of radioactive materials and personnel within the Plant. ThePlant arrangements should also provide for efficient operation,inspection, maintenance, and replacement of components, asnecessary, to minimise radiation exposure.

1007 Provision shall be made for appropriate decontamination facilities, for both personnel and equipment, and for handling any radioactive wastearising from decontamination activities.

1008 Areas requiring personnel occupation (during maintenance, inservice inspection,for example) shall be easily accessible (with mobile shielding, if required), and shall have adequate control of atmosphere and/or shall

provisions for fresh air supply, etc.

Radiation Monitoring

1009 Equipment shall be provided to ensure adequate radiation protectionsurveillance in operational states, accident conditions and as practi-

cable during severe accidents. The following shall be provided:

(1) Stationary dose rate meters for monitoring the local radiation doserate at places routinely occupied by operating personnel andwhere the changes in radiation level during normal operation or anticipated operational occurrences may be such that accessshould be limited during certain periods of time. Furthermore,stationary dose rate meters shall be installed to indicate thegeneral radiation level at appropriate locations in case of accidentconditions. These instruments shall give sufficient information inthe control room and/or at the appropriate control positions so thatPlant personnel can initiate corrective action if required.

(2) Monitors for measuring the activity of radioactive substances in,the atmosphere in those areas routinely occupied by personnel andwhere the levels of airborne radioactivity may, on occasions, beexpected to require protective measures. This system shallindicate in the control room, or other appropriate locations, whena high concentration of radionuclides is detected.



(3) Stationary equipment and laboratory facilities determining theconcentration of selected radionuclides in fluid systems as appro-

priate and in gas and liquid samples taken from Plant systems or

the environment, during all operational states and accident condi-tions.

(4) Stationary equipment for continuous monitoring of the effluentsdischarged to the environment.

(5) Devices for measuring radioactive surface contamination.

(6) Facilities for measuring dose and contamination of personnel.

(7) Means to measure important meteorological parameters.

(8) Provisions for continuous monitoring of the environment should be made to determine the radiological impact, if any, in thevicinity of the plant under anticipated operational occurrences andnormal conditions. Special instrumentation shall also be providedfor monitoring accident conditions.

Radioactive Waste Treatment

1010 Adequate systems shall be provided to treat the radioactive liquid and gaseous

effluents in order to keep the quantity and the concentration of radioactive discharge with in prescribed limits. In addition ALARA

principle should be applied.

1011 Adequate systems shall be provided for the handling of radioactive solid or concentrated wastes and for storing them for a reasonable period of time, on the site. Transportation of solid wastes from the site shall beaccomplished according to the decisions of the AERB.

1012 Provisions shall be made for processing the liquid effluents that may begenerated during accident conditions.

Control of Release of Liquid Radioactive Material to the Environment

1013 The Plant shall have suitable means to process the liquid effluents, to control therelease of liquid radioactive materials to the environment and tomaintain the discharges within prescribed limits (ALARA)(AERB/DSG-1013.1).



Control of Airborne Radioactive Material

1014 A ventilation system with appropriate clean-up shall be provided to :

(1) prevent unacceptable dispersion of airborne radioactive sub-stances within the Plant,

(2) reduce the concentration of airborne radioactive substances tolevels compatible with access requirements of the particular area,

(3) keep atmospheric radiological conditions in the Plant within pre-scribed limits during normal operation, and acceptable levelsduring accident conditions,

(4) ventilate rooms containing inert or noxious gases without impair-ing the ability to control radioactive releases,

(5) keep the release of airborne radioactive substances to the environ-ment within the prescribed limits during normal operation andacceptable levels during accident conditions,

(6) ensure flow of air from low activity zones to high activity zones,and

(7) maintain reactor containment building under negative pressure(AERB/DSG-1013.1).

1015 Filter systems shall be sufficiently reliable and so designed that, under theexpected prevailing conditions, the necessary retention factors areachieved. Filter systems shall be designed such that their efficiencycan be periodically tested during normal operation of the Plant.



1100 FUEL HANDLING AND STORAGE SYSTEMS

1101 Fuel handling and storage system includes equipment structures and tools for

fuel transfer and fuel storage.

1102 Fuel handling and storage systems shall be designed to assure adequate safetyunder normal and accident conditions (AERB/DSG-1102.1).

Fresh Fuel Handling and Storage

1103 The unirradiated fuel handling and storage systems shall be designed(AERB/DSG-1102.1):

(1) with a capability to permit appropriate periodic inspection andtesting of components important to safety,

(2) to minimize the probability of loss or damage to the fuel,

(3) to provide for identification of fuel bundles,

(4) to prevent criticality.

Spent Irradiated Fuel Handling and Storage

1104 The spent fuel handling and storage systems shall be designed:

(1) with adequate heat removal capability under all operationalstates and accident conditions,

(2) with a capability to permit appropriate periodic inspection andtesting of components important to safety (AERB/DSG-1104.1),

(3) with adequate shielding for radiation protection under all han-dling and storage conditions during operational states and acci-

dent conditions,

(4) with appropriate systems to detect conditions that may result inloss of heat removal capability and excessive radiation levelsand to initiate appropriate safety action (particular mention may

be made of monitoring and control of water level in the fuelstorage pool and leak detection),

(5) to prevent dropping of fuel during transit,



(6) to ensure that fuel bundle is not stuck up in fuel transfer tunnels,

(7) to prevent unacceptable handling stresses during transit,

(8) to prevent the inadvertent dropping of heavy objects like cask or crane on the fuel,

(9) with a capability to inspect, identify and to store suspected anddamaged fuel elements,

(10) with provision for controlling clarity, the chemistry and radio-activity of water in which the irradiated fuel is handled, in--spected or stored,

(11) to prevent criticality,

(12) with a capacity to accommodate one full core fuel discharge,under all conditions.



1200 DESIGN CONFIRMATION

Safety Analysis

1201 A safety analysis of the plant design shall be performed to establish and confirmin an iterative process the design basis for the items important to safetyand to ensure that the overall plant design is capable of meeting the

prescribed and acceptable limits for radiation doses and releases set byAERB.

1202 The scope of safety analysis for a nuclear plant includes:

(1) Demonstration that operational limits and conditions are satisfiedfor the normal operation of the plant,

(2) Characterisation of the PIEs that are appropriate for the Plantdesign and its location,

(3) Analysis and evaluation of event sequences which result fromPIEs,

(4) Comparison of the results of the analysis with radiological accep-tance criteria and design limits,

(5) Establishment and confirmation of the design basis,

(6) Demonstration that the management of anticipated operationaloccurrences and accident conditions is possible by automatic safetysystem response in combination with prescribed operator actions.

1203 The applicability of the analysis methods shall be verified. The safety analysisof the plant design shall be updated in the light of significant changesof plant configuration and operating experience.

Probabilistic Safety Assessment

1204 In addition to the establishment of the design basis from the process asdescribed above a probabilistic safety assessment should be carried outfor identified PIEs in order :

_ to ensure that any design basis accident is not on a threshold of a

_ sudden escalation of the consequences of PIEs,



_ to identify features that could reduce the probability of severe ac-cidents or mitigate their consequences,

_

to ensure that adequate emergency procedures have been pro--vided, and

_ to ensure that engineered safety features of the plant can cater tothe PIEs so as to meet the safety requirements.

1205 Such a probabilistic safety assessment may be a formal requirement of theregulatory body.

Equipment Qualification

1206 A qualification procedure shall confirm that the equipment is capable of meeting, throughout its operational life, the requirements for

performing intended safety functions under all operational states,accident conditions and anticipated environmental conditions (eg:vibration, temperature, pressure, jet impingement, radiation, humidityetc.) existing at the time of need.

* * * * *



LIST OF PARTICIPANTS

Advisory Committee on Codes and Guides for Design Safety in NPP

Constituted by AERB

Dates of meeting : December 19, 1985, January 13, 1986,February 21, 1986, November 26, 1986,April 16, 1987, April 23, 1987, June 8,1987, June 15,1987, November 18, 1987,February 1, 1988, August 16, 24 and 29,1988.

Members and alternates participating in the meeting :

Shri S. K. Chatterjee (Chairman) . . . . N.P.C.Shri S. Damodaran . . . . T.C.E.Shri V. K. Mehra . . . . B.A.R.C.Shri M. M. Manna . . . . N.P.C.Shri V. K. Seth . . . . N.P.C.Shri R. K. Patil . . . . B.A.R.C.(Late) Shri A. K. Ray . . . . B.A.R.C.Shri M. Das . . . . N.P.C.Shri A. K. Asrani . . . . A.E.R.B.Shri S. P. Singh (Member-Secretary) . . . . A.E.R.B.

Kum. Usha R. Unnithan . . . . A.E.R.B.



ADIVISORY COMMITTEE ON NUCLEAR SAFETY

Advisory Committee on Nuclear Safety Constituted by AERB

Dates of the meeting : May 2 and 3, 1989, November 16, 1989.

Members participating in the meeting:

Shri P. N. Arumugham (Chairman) . . . . Consultant(could not attend)

Shri S. K. Chatterjee (Chairman) . . . . N. P. C.Shri S. K. Guha . . . . Ex-Joint Director, CWPRS

Shri S. K. Mehta . . . . B.A.R.CShri R. B. Bambhani . . . . Larsen & Toubro(could not attend)Shri K. C. Vaishya . . . . B.H.E.L.Shri D. K. Dave . . . . A.E.R.B.Shri S. P. Singh (Member-Secretary) . . . . A.E.R.B.Smt. M. Subramanian (Co-opted) . . . . A.E.R.B.



PROVISIONAL LIST OF GUIDES ON DESIGN FOR SAFETY IN PRESSURISED HEAVY WATER BASED

NUCLEAR POWER PLANTS

Safety Series No Provisional Title Year of Publication

AERB/DSG-0316.1 List of safety functions (following a PIE)-classification of components, structures andsystems including boundaries(safety level).

AERB/DSG-0327.1 Exceptions from single failure criterion.

AERB/DSG-0342.1 Ultimate heat sink and directly associatedheat transport systems for nuclear power

plants.

AERB/DSG-0346.1 Environmental and missile design basis.

AERB/DSG-0353.1 Protection against fires and explosions.

AERB/DSG-0354.1 Applicable materials.

AERB/DSG-0361.1 Initiating events and combination thereof including man induced events for safetyanalyses.

AERB/DSG-0403.1 Fuel design limits.

AERB/DSG-0408.1 Core reactivity control.

AERB/DSG-0504.1 Design basis for reactor coolant system.

AERB/DSG-0513.1 Residual heat load calulations.

AERB/DSG-0517.1 Acceptable, analytical, and experimentalmethods for calculation of blow down ratesand heat transfer characteristics of reactor coolant system during and after loss of coolant accidents.



Safety Series No Provisional Title Year of Publication

AERB/DSG-0517.2 Metal-water reaction during accidents (rates, permissible levels) / (other criteria for ECCSmay be included).

AERB/DSG-0601.1 Set points selection criteria.

AERB/DSG-0608.1 Emergency Control room.

AERB/DSG-0702.1 Protection system.

AERB/DSG-0801.1 Electrical power supply systems.

AERB/DSG-0902.1 Containment design.

AERB/DSG-0914.1 Design basis for vapour suppression system.

AERB/DSG-0918.1 Containment clean up and heat removal.

AERB/DSG-1002.1 Radiological protection.

AERB/DSG-1010.1 Radioactive Waste treatment.

AERB/DSG-1014.1 Control of release of liquid radioactive ma-terials to the environment.

AERB/DSG-1100.1 Design basis for fuel handling and storage systems.

AERB/DSG-1104.1 Testing and inservice inspection of spent fuel handlingand storage system.

Code of Practice for Safety in Design of Phwrs

Documents

Transcript of Code of Practice for Safety in Design of Phwrs