Investigating the implementation of the safety-diagnosability principle to support defence-in-depth in the nuclear industry- A Fukushima Daiichi accident case study

Article Overview

• Title: Investigating the implementation of the safety-diagnosability principle to support defence-in-depth in the nuclear industry: A Fukushima Daiichi accident case study

• Authors: Surbhi Bansal, Jon Tømmerås Selvik

• Published in: Engineering Failure Analysis

• Published by: Elsevier Ltd.

• Date: 22 February 2021

• Keywords:

  • Defence-in-depth (DID)

  • Safety diagnosability principle (SDP)

  • Usefulness

  • Nuclear industry

  • Fukushima Daiichi

Abstract Summary

• The Defence in Depth (DID) principle: key safety principle involving multiple barriers to ensure safety critical system protection.

• A single reliable barrier is insufficient for safety performance; monitoring barrier condition is essential.

• Previous incidents (e.g., Texas City refinery explosion) revealed inadequate monitoring can compromise safety.

• The Safety Diagnosability Principle (SDP) is proposed as a supplementary measure for DID.

• SDP requires barriers' degradation to be diagnostically reportable, improving overall safety management by enhancing DID.

• Case study on Fukushima Daiichi indicates limited improvement potential from SDP; emphasizes reliable information about barrier performance.

Introduction

• Defence in Depth (DID): Requires multiple independent defence layers (barriers) against hazards. More than one layer must fail for an accident to occur.

• Accidents can occur even with DID due to poor information and low situational awareness.

• Past incidents indicate the need for better diagnosability of safety-critical events, leading to the proposal of the SDP.

• This article evaluates the usefulness of the SDP in the nuclear industry, particularly in light of the Fukushima Daiichi disaster.

Understanding Defence in Depth (DID)

• DID Role: Protects assets by using multiple barriers to prevent escalation of faults to hazardous conditions.

• Accidents, despite the presence of DID, showcase weaknesses in monitoring barrier performances.

Key Concepts

• Independent Layers: Each layer must be effective independently; must penetrate through multiple barriers for an asset to be compromised.

• Failures in Monitoring: Historical cases demonstrate that lack of reliable information on safety barriers can lead to catastrophic decisions by operators.

Safety Diagnosability Principle (SDP)

• Definition: SDP necessitates the ability to diagnose breaches in safety barriers and provide feedback to operators on safety states.

• Primary Goals:

  • Enhance situational awareness of safety conditions.

  • Improve safety management through informed decision-making.

Implications of SDP

• The SDP aims to address blind spots in awareness of hazard conditions and safety barriers’ performances based on previous industry failures.

• Emphasis on having robust diagnostic capabilities at various operational levels of the system for timely interventions.

Case Study: Fukushima Daiichi Accident

• Overview of the Fukushima Daiichi Nuclear Power Plant (NPP) and the events leading to the 2011 disaster.

• Accident Sequence:

  • Initiating from a magnitude 9.0 earthquake, followed by a tsunami that overwhelmed safety barriers.

  • Loss of power and subsequent equipment failure led to uncontrolled core heating and explosions.

Examination of Safety Barriers at Fukushima

• Description of three main barriers utilized in the power plant.

• Overview of various safety measures intended to prevent core overheating and maintain containment integrity.

Discussion: Evaluating the Safety Diagnosability Principle

• Analysis of the benefits versus challenges presented by implementing the SDP alongside DID, using SMART criteria:

  1. Specificity: SDP must be clear about its objectives, seeking actionable insights from barrier breaches.

  2. Measurability: Ability to measure safety performance based on barriers monitored, albeit challenging.

  3. Achievability: Practicality of implementing SDP features in real-world scenarios, affected by common external failures (e.g., power outages).

  4. Relevance: Value provided by enhanced information on barriers, especially during critical mishaps.

  5. Timeliness: Availability of information must support prompt and informed decision-making.

Conclusion of Evaluation

• Overall assessment questions the need for SDP in nuclear settings when DID may sufficiently cover required information on barrior performance.

• Emphasizes the importance of integrating effective management practices and reinforcing diagnostic capabilities under DID.

• Recommendations include further testing of SDP as a standalone safety measure to determine its efficacy in nuclear safety management.

References

• Includes citation of various standards and literature supporting the study's assessment.

• Highlights previous studies and standards related to Defence in Depth, Safety Culture, and lessons learned from the Fukushima incident.

Closing Remarks

• Caution against over-reliance on supplementary safety principles without thorough evaluations of their specific impact and utility in contributing to overall safety management.