How safe is safe? – GRS closes gaps in PSA methodology


How does one assess how safe something is, e.g. an x-ray apparatus, a car, or a nuclear power plant? There is no objective measure for assessing safety. To calculate the risk of an accident occurring is one possibility of assessing safety. Here, the calculation of the risk plays an important role, not only in areas with frequent accidents but less severe consequences (e.g. car) but also in technology areas where accidents rarely occur but where these have severe consequences (e.g. nuclear technology).

In nuclear technology, the experts began at a very early stage already to express the risk of accidents in numerical form. The aim was and still is to recognise possible accidents, practically exclude them my technical measures, and limit their consequences. The plant operators have to demonstrate the safety of the German nuclear power plants by performing safety reviews at regular intervals. Supervisory authorities and authorised experts subsequently check the results of these safety reviews for correctness.

Probabilistic and deterministic assessments

To assess the accident risk, nuclear technology makes complementary use of probabilistic and deterministic methods. Deterministic methods follow the classic, cause-related "If - then" principle. They allow the calculation of the behaviour of a nuclear power plant in a postulated event. Deterministic methods can model the behaviour of a nuclear power plant both in great detail and in simplified form. With the latter approach, the calculation will involve higher tolerance limits in order to consider uncertainties.

Probabilistic assessments allow a numerical assessment of an accident risk and assume that technical failure will only be a matter of time. There is thus always a certain probability of a failure or the consequences of an event. How often this will occur can be calculated with a probabilistic safety analysis (PSA).

How does a probabilistic safety analysis work?

The starting point of a probabilistic safety analysis is the broad spectrum of events within (e.g. loss of coolant through a leak, loss of the electricity supply, fire, etc.) and outside a nuclear power plant (e.g. earthquake, flooding, etc.) that can lead to a deviation from normal operation. In so-called event trees, the different scenarios that develop in such events are modelled and their frequency is calculated. The calculations are based on

•    the operating mode of the nuclear power plant,
•    the operating experience with the plant concerned or with similar plants,
•    findings from safety research, and
•    scientific and technical expertise.

The PSA combines all these data. The results provide reliable foundations for decisions about the need and benefits of safety-related improvements. A PSA can be performed at three levels:

Level 1: Determination of the frequency of core damage states (within the reactor),
Level 2: Determination of the sequences in the event of core meltdown (within the nuclear power plant) up to the release of activity into the environment
Level 3: Analysis of the possible consequences of accidents due to the dispersion of radioactive substances outside the nuclear power plant.

GRS expands PSA methodology

The idea of the PSA originated in the US; it was first applied in Germany by GRS in the 1970s. The German Risk Studies  Phase A and Phase B document the first results of this then new methodology, which today is so naturally used for the safety assessment of German nuclear power plants. Over the years, the use of PSAs led to comprehensive technical improvements in the plants and has contributed essentially to the high level of safety of the German nuclear power plants.

The application of new technologies, modified operating modes and new findings from operating experience as well as from scientific research demand constant further development of the PSA methodology. GRS has therefore been developing PSA methods and tools further, particularly with regard to four aspects:

1.    software-based, digital instrumentation and control,
2.    uncertainties,
3.    operator actions and organisational influences, and
4.    initiating events cause by redundancy-wide internal and external events.

The new research results close major gaps in PSA methodology. They contribute to making the PSA even more reliable and further increasing its validity.

GRS publications on the topic of PSA (in German)

German Risk Study Nuclear Power Plants − Phase B

Advanced methods for a fire PSA (GRS 190)
BWR safety analysis final report part  1 (GRS 102/1)
BWR safety analysis final report part 2  (GRS 102/2)
Assessment of the accident risk of advanced pressurised water reactors in Germany (GRS 175)