Integrated Probabilistic and Deterministic Safety ... · • safety and non-safety systems...

Integrated Probabilistic and Deterministic

Safety Assessment (IDPSA)

Francesco Di [email protected]

The objectives of (nuclear) safety

THREAT (Release of radioactivity from a Nuclear Power Plant (NPP))

REGULATIONS

Objectives:

▪ ensure that (nuclear) facilities operate normally and without an

excessive risk of operating staff and the environment

▪ prevent incidents and limit the consequences of any incidents that

might occur.

Design

Operation

Decommissioning

Pla

ntlife

time

Safety assessment competence is the key

to making the right decisions in design,

licensing and operation.

Prof. M. El-Shanawany

Department of Nuclear Safety & Security, Head

International Atomic Energy Agency

Deterministic Safety Assessment (DSA)

Probabilistic Safety Assessment (PSA)

Safety Assessment

Prof. George Apostolakis

Commissioner

Safety Assessment

The model of the world:

Deterministic, e.g., a thermal hydraulic code DSA

Probabilistic, e.g., a Monte Carlo simulation PSA

▪ Both deterministic and probabilistic models of the world have assumptions and parameters.

▪ How confident are we about the validity of these assumptions and the numerical values of the parameters?

Towards and integrated DSA and PSA framework

Traditional Deterministic

ApproachesProbabilistic-Based

Approaches

Risk-Informed

Approaches

IDPSA

Combination of

Deterministic

and

Probabilistic

approaches

Complementary methods of safety analysis are used jointly in evaluating the

safety:

1. Deterministic Safety Analysis (DSA)

2. Probabilistic Safety Analysis (PSA)

Application: LBE-XADS

Nuclear island

Conventional island• Accelerator Driven System (ADS)

▪ A means of transmuting nuclear waste

▪ A new type of fission reactor

▪ Both

• How?

▪Some of the “afterheat” of spent

nuclear fuel can be captured in a

power generator, instead of a

mountain– Goal is 95% of Minor Actinides (MA) & Long-

Lived Fission Products (LLFPs) transmuted

– 250 kg/300 days

Accelerator Driven System for Disposing of Spent Nuclear Fuels

The Concept

• Proton accelerator creates neutrons by spallating high-Z

target nuclei (Z=atomic/proton number)

• Spallation neutrons used to maintain fission reaction

where not normally possible

▪ Subcritical piles

▪ In waste actinides

▪ Chain reaction can’t exist w/o accelerator: To stop, just

unplug it

b e a m

s c a n n i n g

L B E f lo w

8 c m s c a n

1 2 c m d u c t w i d th

Lead Bismuth Eutectic Accelerator Driven System (LBE-XADS)

General View inside the Subcritical Assembly

Deterministic Safety Assessment (DSA)Probabilistic Safety Assessment (PSA)

Safety Assessment

The basic principles of DSA

1) Presence of leaktight barriers between the radioactive source and the

public/environment

▪ fuel cladding (1)

▪ primary reactor coolant system (2 and 3)

▪ containment building (4)

The basic principles of DSA

2) Defence-in-depth, which applies to both the design and the operation

of the facility

Accidents may still occur

Systems are to be designed and installed

to combat them and to ensure that their

consequences are limited to a level that is

acceptable for both the public and the

environment

[Commission’s White Paper, February, 1999]

External hazards

Component

failures

Human error

Off-site emergency procedures

Safeguards

Protection

Prevention and surveillance

The defence-in-depth principle

Prevention and surveillance:

▪ Items of equipment are designed with adequate safety margins

Protection:

▪ Provisions are made to detect incidents and to prevent them from

escalating safety systems are designed to restore the plant to a normal

state and maintain it under safe conditions.

Safeguard:

▪ Special safety systems are therefore designed to limit the consequences

of severe accidents to an acceptable level.

Off-site and emergency procedures:

▪ Designed to provide protection against severe conditions under which

defences at the three levels described above prove inadequate.

DSA before PSA (prior to 1975)

Design Basis Accidents (DBA) [ NUREG/CR-6042, USNRC, 1994]

▪ postulated accidents that a NPP must be designed and built to

withstand, without loss of the system structures and components

necessary to assure public health and safety

▪ include at least one significant failure of a component: failures

beyond those consistent with the single-failure criterion are not

required (unlike in PSAs)

• Very unlikely events (possible inconsistencies in requirements and decisions, unbalancing safety measures and introducing excessive burden)

• Small in number (Need to consider a broader set of safety threats, raking them, identifying and assessing uncertainties. Need to consider many operational situations (start up, shutdown, refuelling, maintenance, etc.), concurrent failures and human performance)

• Conservative initial conditions (to compensate for uncertainties)

CONCERNS ABOUT UNCERTAINTY MANAGEMENT

“Conservatism” of DSA

Assumed

threats profile

Assumed conservative

case

Protection

against

assumed

conservative

threat

Importance of the principles of DSA


SAFETY BY DESIGN

Subcritical reactor

MULTI-BARRIERS:

Pellet

Safety vessel

Containment

Secondary coolant

- The accident, caused by a sudden surge of power, destroyed the reactor and

released massive amounts of radioactive material into the environment

- Lack of containment

Chernobyl experience should remain a valuable part of the information to be taken into

account when dealing with reactor safety issues in the future

importance of the principles of DSA

The accident in 1986 at Chernobyl (I)



Safety Assessment

Farmer’s Paper (1967)

Credible (DBAs) VS incredible accidents

not logicalALL is based on assumptions in expert judgment about the credible cases

Example: consider a loss-of-coolant accident (LOCA),

various outcomes: - safe cooldown/shutdown

- partial failures

- accidental cooldown/shutdown

- severe accident

Classification of events according to the probability of its occurrence and potential consequences

• Design-basis accident (DBA):

• Beyond design-basis accidents (BDBA):

Accident sequences that are possible but were not fully considered in the

design process because they were judged to be too unlikely.

The concept of risk

Risk and Safety are considered as two opposed terms, that can be used to assess a same thing

Remember PRA = PSA

• What can go wrong? (accident sequences or scenarios)

• How likely are these scenarios?

• What are their consequences?

Definition of Risk

{ , , }i i i

R s c

is

ic

i

Three different aspects of risk:Risk assessmentRisk perceptionRisk communication

Decision makers can be influenced by all of these

The concept of risk

"Farmer curve”

Techniques for PSA

Hazard identification: FMEA (Failure Modes and Effects Analysis) & HAZOP (HAZard and OPerabilitystudy)

Accident Scenarios Identification: ETA, FTA

System Failure Probabilty Assessment: ETA, FTA, Monte Carlo simulation

ETA: comments

1. One ET for each accident initiator

2. Time and logic of Sk interventions important for the tree structure (simplifications possible)

3. Sk states conditional on accident initiator and previous Sj’s

4. Conditional probabilities of Sk states (FTA)

ETA+FTA

PSA Reactor Safety Study (WASH-1400; 1975)

Prior Beliefs

• Protect against Large LOCA

• Core Damage Frequency (CDF) is low

(about once every 100 million years, 10-8 per reactor year)

• Consequences of accidents would be disastrous

Major Findings

• Dominant contributors: Small LOCAs and Transients

• CDF higher than earlier believed(best estimate: 5x10-5, once every 20,000 years; upper bound: 3x10-4 per reactor year, once

every 3,333 years)

• Consequences significantly smaller

• Support systems and operator actions very important

“Conservatism” of DSA PSA

The accident in 1979 at the Three Mile Island (TMI-2)

- Combination of equipment malfunctions, design-related problems and worker errors

led to TMI-2's partial meltdown and very small off-site releases of radioactivity

- Small radioactive releases

- No detectable health effects on plant workers or the public

Reveals potential consequences of failure to manage

NPP safety only based on DSA

Pilot operating relief valve

(PORV) fails stuck-open

PSA Policy Statement (1995)

The use of PSA should be increased to the extent supported by the

state of the art and data and in a manner that complements the

defense-in-depth philosophy.

PSA should be used to reduce unnecessary conservatisms

associated with current regulatory requirements.

PSA Model Overview

PLANT MODEL (PHYSICS, FUEL AND THERMAL

HYDRAULIC MODELS)

CONTAINMENT

MODEL

SITE/CONSEQUENCE

MODEL

(ATMOSPHERIC,

DISPERSION

MODELS)

Level I Level II Level III

Results

Accident sequences

leading to plant

damage states

(CDF frequencies)

Results

Containment

failure/release

sequences

Results

Public health

effects

PLANT MODE

At-power Operation

Shutdown / Transition

Evolutions

SCOPE

Internal Events

External Events

Uncertainties

Event Sequence Analysis

Event Tree Analysis

Fault Tree Analysis

Containment Event Tree


The model of the LBE-XADS has been embedded within an MC-driven fault

injection engine to sample component failures.

Maxim

um

dia

therm

ic o

il t

em

pera

ture

Upper threshold

Lower threshold

“High-temperature failure mode”

“Low-temperature failure mode”

“safe”

4 control/actuator faults

64 accident scenarios

E. Zio, F. Di Maio, “Fuzzy Clustering Classification of Dynamic Scenarios of Digital Instrumentation and Control in Nuclear Power

Plants”, Proceedings of the American Nuclear Society (ANS) NPIC HMIT 2009 Topical Meeting - Nuclear Plant Instrumentation,

Controls, and Human Machine Interface Technology, 5-9 April 2009, Knoxville, Tennessee, American Nuclear Society.

E. Zio, F. Di Maio, “Processing Dynamic Scenarios from a Reliability Analysis of a Nuclear Power Plant Digital Instrumentation and

Control System”, Annals of Nuclear Energy, doi:10.1016/j.anucene.2009.06.012, 2009.

SIMULINK model of the LBE-XADS

Level I PSA: an example


HYDRAULIC MODELS)

Level I

Results

Accident sequences

leading to plant

damage states

(CDF frequencies)

Fault Tree Analysis

PSA contain uncertainties arising from three main sources:

• lack of comprehensive data: It is impossible to demonstrate the

exhaustiveness of a PSA, even when the scope of the analysis

has been extended to as large a number of situations as possible

• reliability of data: frequency of initiating events (e.g., rare initiating

events such as the combination of a steam piping break and a

steam-generator tube break) common-mode failures and failures

resulting from human actions.

• modelling assumptions that cannot easily be quantified (e.g.,

resistance of certain components under accident conditions, poorly

understood physical phenomena or human actions).

Limitations of PSA (I)

The accident in 2011 at the Daichi NPP

- Following a major earthquake, a 15-metre tsunami disabled the power supply and

cooling of three Fukushima Daiichi reactors, causing a nuclear accident on 11 March

2011.

- All three cores largely melted in the first three days.

Combination of external events (earthquake and tsunami)

Multi-unit severe accident



Safety Assessment

Integrated Deterministic

Probabilistic Safety Assessment

IDPSA = DSA+PSA

State-of-the-art PSA / DSA are challenged by increasing complexity of

the existing plants safety systems

▪ Passive safety systems in new plants and retrofits in existing plants

▪ Digital Instrumentation & Control (I&C) and Human reliability

▪ Severe accident management implemented in design

WHY? very low CDF by reducing the number of equipment that can

breakdown

Difficult heuristic “a priori” judgment about conservatism in selected DSA

and PSA scenarios

The need of integration

IDPSA

• Unquantified Probabilities

• Design-Basis Accidents

• Defense in Depth

• Can impose heavy regulatory

burden

• Incomplete

•Quantified Probabilities

• Scenario Based

• Realistic

• Rationalist Defense in

Depth

• Incomplete

Complementary methods of safety analysis are used jointly in evaluating the

safety of an NPP:

1. Deterministic Safety Analysis (DSA)

2. Probabilistic Safety Analysis (PSA)

Traditional Deterministic

ApproachesProbabilistic-Based

Approaches

Risk-Informed

Approaches

IDPSA

Combination of

Deterministic

and

Probabilistic

approaches

IDPSA definition

Integrated Deterministic-Probabilistic Safety Analysis

(IDPSA) is a collective name for the variety of different

tools which use tightly coupled probabilistic and

deterministic approaches to address in a consistent

manner:

– stochastic aspects of scenario

– modelling uncertainties

Benefits of integration

IDPSA can provide additional help to PSA and DSA practitioners in:

1) Resolving time dependent interactions between

• physical phenomena,

• equipment failures,

• safety and non-safety systems interactions,

• control logic and operator actions.

2) Identification of a-priori unknown vulnerable scenarios, or “sleeping

threats”

3) Reduction of reliance on expert judgment and simplifying assumptions

about complex interdependencies

• PSA and DSA can calculate what we know as an issue

• PSA and DSA are not capable of revealing what, and to what extent, we do

not know

“Conservatism” of DSA

Assumed

threats profile

Assumed

conservative case

Protection against

assumed

conservative threat

Deterministic and probabilistic safety assessment

(DSA&PSA)

DSA

Design Basis Accidents (DBAs)

PSA

Minimal Cut Sets

(MCS)(Precautionary

principle)

The problem:

Unknown plant

vulnerabilities are

left unknown in

traditional DSA

and PSA

(Safety margins,

multiple barriers)

T

1

2 3 4

5 6

MCS

{1}

{2,4}, {2,5}, {2,6}

{3,4}, {3,5}, {3,6}

PSA: Construction of threat profiles by MCS

Each minimal cut set is an AND gate of a

set of basic events necessary and

sufficient to cause the top event

T

………

T

1

2 3 4

5 6

PSA APPROXIMATION of threat profiles: MCS-order cut-off

CONSIDER:

Small order mcs

T

………

T

1

2 3 4

5 6

T

………

CONSIDER:

Probability of occurrence larger

than a given threshold

PSA APPROXIMATION of threat profiles: MCS-order cut-off

WORRY!!!! Wrong:

Probabilities of top events

Frequencies of sequences

Safety margins

Importance factors

Sensitivity indexes

APPROXIMATED

threat profiles

DSA


PSA

Minimal Cut Sets

(MCS)(Precautionary

principle)

Deterministic and probabilistic safety assessment

(DSA&PSA)

Integrated Deterministic and Probabilistic Safety

Assessment (IDPSA=DSA + PSA)

IDPSA

IDENTIFIED SCENARIO!!!

-Timing of events

-Sequences of failures

PRIME IMPLICANTS

«CORRECT» THREAT

PROFILE

DSA


PSA

Minimal Cut Sets

(MCS)(Precautionary

principle)


The model of the LBE-XADS has been embedded within an MC-driven fault

injection engine to sample component failures.

Maxim

um

dia

therm

ic o

il t

em

pera

ture

Upper threshold

Lower threshold



“safe”

4 control/actuator faults

64 accident scenarios

E. Zio, F. Di Maio, “Fuzzy Clustering Classification of Dynamic Scenarios of Digital Instrumentation and Control in Nuclear Power

Plants”, Proceedings of the American Nuclear Society (ANS) NPIC HMIT 2009 Topical Meeting - Nuclear Plant Instrumentation,

Controls, and Human Machine Interface Technology, 5-9 April 2009, Knoxville, Tennessee, American Nuclear Society.

E. Zio, F. Di Maio, “Processing Dynamic Scenarios from a Reliability Analysis of a Nuclear Power Plant Digital Instrumentation and

Control System”, Annals of Nuclear Energy, doi:10.1016/j.anucene.2009.06.012, 2009.

A. Cammi, L. Luzzi, A. Porta, M. E.

Ricotti, Modelling and control strategy of

the Italian LBE-XADS. Progress in

Nuclear Energy 48 (2006) pp. 578-589.

Level I PSA: traditional approaches


HYDRAULIC MODELS)

Level I

Results

Accident sequences

leading to plant

damage states

(CDF frequencies)

Fault Tree Analysis

ON OFF

Failure

As Good As New Failed

• Static: PSA is “Yes/No”, “black-and-white”

t

X(t)

100%

0%

System unavailability U(t) = Pr[X (t) <100%]

U(t) = Pr[X (t) =0%]

Conventional modelling to PSA

Continuous “Grey” zone can integrally contain not less risk than “black-and-

white” skeleton of PSA tree

What can be worse than failure?

• Wrong timing of successful operation

• Partial success

• …

Conventional modelling to PSA

• Dynamic: Timing makes even discrete (0/1) parameters

continuous

LBE-XADS: dynamic effects

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64

Fre

qu

en

cy o

f th

e e

nd

sta

te

occu

rren

ce

Failure sequence

Low-temperature failure mode Safe mode High-temperature failure mode

LBE-XADS: effect of the ORDER of failure events

Dependence of the accident sequence end state from the ordering of the

components faults in the sequence

0 500 1000 1500 2000 2500 3000

240

260

280

300

320

340

360

380

400

Time [s]

Oil

tem

pera

ture

[C

]

Scenario: Air coolers fail at t=1500 [s], PID fails at t=2000 [s]

Air coolers @ 300[kg/s], PID output @ 500 [kg/s]




0 500 1000 1500 2000 2500 3000260

280

300

320

340

360

380

400

Time [s]

Oil

tem

pera

ture

[C

]

Scenario: PID fails at t=1500 [s], air coolers fail at t=2000 [s]

PID output @ 500 [kg/s], air coolers @ 300[kg/s]




LBE-XADS: digitalization effects

Dependence of the accident sequence end state on the exact timing of the

components failures

0 500 1000 1500 2000 2500 3000250

300

350

400

450

500

550

Time [s]

Oil

tem

pera

ture

[C

]

PID controller fails at time t=2239

PID controller fails at time t=2240

LBE-XADS: magnitude effects

Dependence of the accident sequence end state with respect to the

components faults magnitudes

0 500 1000 1500 2000 2500 3000260

280

300

320

340

360

380

Time [s]

Oil

tem

pera

ture

[C

]

Scenario: PID fails at t=1500 [s]

PID controller fails at time t=1500, output @ 500 [kg/s]




0 500 1000 1500 2000 2500 3000260

280

300

320

340

360

380

400

Time [s]

Oil

tem

pera

ture

[C

]

Scenario: PID fails at t=1500 [s], air coolers fail at t=2000 [s]





Methods for IDPSA

Conventional approaches to PSA

Fault-tree/event-tree (FT/ET) at best can account for the order

of occurrence of events in system evolution

Dynamic methodologies are defined as those that explicitly

• account for the time element in probabilistic system

evolution

• are needed when the system has

hardware/process/software/human interactions

Dynamic methodologies for IDPSA

Continuous: CET (Continuos Event Tree)

CCCMT (Continuous Cell-to-Cell Mapping Technique)

Discrete: CCMT (Cell-to-Cell Mapping Technique)

MCDET/DYLAM/DETAM/ISA (Dynamic Event Tree

Generation)

Graphical: PETRI NETS

DYNAMIC FLOWGRAPHS

GO-FLOW


Continuous: CET (Continuos Event Tree)

CCCMT (Continuous Cell-to-Cell Mapping Technique)

Continuous Event Trees (CET)

Describes the system behavior in terms of the probability pn(x,t) of finding the

system in the state-space (x-space) with configuration n at a given time t.

Input:

• Configuration transition rates h(n|m, x, t)

• Probability Fn(x,t) that the system leaves configuration n before time t

• Initial condition p0(x,0)

Output:

pn(x,t)

Solution Method:

Monte Carlo simulation

x1

x2 h(n|m, x, t)

m

p0(x,0)

n

Fn(x,t)Fm(x,t)h(m|0, x, 0)

Continuous Cell-to-Cell Mapping (CCCMT)

Describes the system behavior in terms of the probability πi(j,t) of finding the

system in the cell j of the state-space (x-space) with configuration i at a given

time t.

• Derivable from CET

Input:

• Cell-to-cell transition probabilities g(j|j’,i’,t) in the state space

• Configuration transition rates Fi(j’,t) that the system leaves configuration i

before time t

• Initial condition π0(j0,0)

Output:

πi(j,t)

Solution Method:


ODE solvers

x1

x2 g(j|j’,i’,t)

j'

π0(j0,0)

j

Fi(j,t)Fi’(j’,t)g(j’|j0,i’,t)

j0


Discrete: CCMT (Cell-to-Cell Mapping Technique)

MCDET/DYLAM/DETAM/ADS/ISA (Dynamic Event

Tree Generation)

Cell-to-Cell Mapping (CCMT)

Describes the system behavior in terms of the probability πi(j,k) of finding the

system in the cell j of the state-space (x-space) with configuration i at a given

time k (k=0,1,…).

• Derivable from CET

Input:

• Cell-to-cell transition probabilities g(j|j’,i’,k) in the state space

• Configuration transition rates Fi(j’,k) that the system leaves configuration

i before time step k

• Initial condition π0 (j0,0)

Output:

πi(j,k)

Solution Method:


Matrix solvers

x1

x2 g(j|j’,i’, k)

j'

π0(j0,0)

j

Fi(j, k)Fi’(j’, k)g(j’|j0, i’,k)

j0

Comparison

Dynamic Event Tree Methodologies

MCDET/DYLAM/DETAM/ISA

• All methods generate event trees based on possible trajectory branching during system

evolution

• Methods differ in terms of branching and pruning rules, human reliability models and operator

representation

Branching occurs when particular

conditions have been reached:

•Value of specific variables

•Specific time instants

•Plant status

Traditional PRA tools (ET/FT) not suitable because:

• ORDER of failure events neglected

• TIMING of failure events neglected

IDPSA Methods proposed as suitable but:

• Modelling and computationally demanding

• Number of scenarios to be analyzed much larger than in the classic

FT/ET approach

A posteriori information retrieval

Key Points of IDPSA

A posteriori information retrieval

The number of the scenarios that are simulated is much larger than

that of the classical ET/FT approaches

Aim: Identify and group the scenarios of a dynamic safety assessment by

characterizing the principal patterns of system evolution towards failure with

an evolutionary Fuzzy C-Means (FCM) clustering algorithm

E. Zio, F. Di Maio, “Processing Dynamic

Scenarios from a Reliability Analysis of a

Nuclear Power Plant Digital

Instrumentation and Control System”,

Annals of Nuclear Energy, Vol. 36(9),

2009


Maxim

um

dia

therm

ic o

il t

em

pera

ture

Upper threshold

Lower threshold



“safe”

Feedforward control stuck @ t=0 AND failed

coomunication between air coolers and actuators

PID output stuck @ t=0

Nominal


Maxim

um

dia

therm

ic o

il t

em

pera

ture

Upper threshold

Lower threshold



“safe”

Feedforward control stuck @ t=0

Failed communication between air

coolers actuators and PID @ t=0

Air coolers stuck @ t=0


Maxim

um

dia

therm

ic o

il t

em

pera

ture

Upper threshold

Lower threshold



“safe”

Failed communication

between air coolers actuators

and PID @ t=0 AND Air

coolers stuck

Air coolers stuck @ t=0

PID output stuck @ t=0

The method

Fuzzy C-MEANS classifier

Matlab® fcm(…)

The FCM algorithms

Target: identify similarity in data

partitioning the data set to minimize:

•Constraints

•Iterative scheme

c

i

N

k

ikr

ik vxdVJ m

1 1

2 ),()(),(

Degree of membership of to cluster Γikx

Center of the cluster Γi

ikiv ,

Nk

c

i

ik ,...,2,11

1

Nkciik , 2, 1, , , 2, 1,10

Nkxk ,...,1,

Clustering results

System state variables Process variable

Fault 1

time

Fault 1

magnitude

Fault 2

time

Fault 2

magnitude

Fault 3

time

Fault 3

magnitude

Fault 4

time

Temperature of the primary

coolant at time t=3000 [s]

1- Feature Selection:

• Engineering judgement

RESULTS:

• Functional Principal Components analysis

2- RESULTS:

Fuzzy C-Means

Temperature 1st, 2nd, 3rd PC’s 5.25%

Test Set Misclassification Rate

Fuzzy C-Means

System state variables and Process Variable 7.65%

Test Set Misclassification Rate

ARTIFICIAL INTELLIGENCE AND ADVANCED SIMULATION FOR THE

SAFETY, RELIABILITY AND MAINTENANCE OF ENERGY SYSTEMS

(10 ECTS – 5+5) – 1st semester AA 2018/2019

• INTEGRATED DETERMINISTIC AND PROBABILISTIC SAFETY ANALYSIS

OF NUCLEAR POWER PLANTS (5 ECTS)

The objective of the course is to provide students with an understanding of the

Deterministic (D) and Probabilistic (P) Safety Analysis (SA) methods, and their

integration (IDPSA), which requires Artificial Intelligence (AI) and advanced

simulation methods. These will be presented with respect to practical cases of

nuclear systems.

• COMPUTATIONAL METHODS FOR RELIABILITY, AVAILABILITY AND

MAINTENANCE (5 ECTS)

The goal of this course is to provide students with the knowledge on Artificial

Intelligence (AI) and advanced simulation methods used for the reliability

and availability analysis, and maintenance engineering of industrial

equipment and energy systems.

SAFETY PERFORMANCE ASSESSMENT OF RADIOACTIVE WASTE

REPOSITORIES (5 ECTS)

• The primary goal of this course is to provide the students with the adequate

competence on methods and techniques for the assessment of the

safety performance of a radioactive waste repository, which requires the

systematic analysis of the performance of the engineered and natural barriers

of protection against radionuclide release and dispersion.

Integrated Probabilistic and Deterministic Safety ... · • safety and non-safety systems...

Documents

Transcript of Integrated Probabilistic and Deterministic Safety ... · • safety and non-safety systems...