Instrumentation and control (I&C) systems in nuclear power plants (NPPs) have the ability to initiate the safety-related functions necessary to shut down the plants and maintain the plants in a safe shutdown condition. I&C systems of low reliability will bring risks to the safe operation of NPPs. A sufficient level of redundancy and diversity of I&C design to ensure the safety is a major focus when designing a new reactor. Usually multiple signal paths are included in an I&C system design. Meanwhile, besides the protection and safety monitoring system (PMS), other sub-systems of I&C such as the diverse actuation system (DAS) will be included as a diverse backup of PMS to perform the functions of reactor trip and engineered safety features actuation systems (ESFAS). However, the construction costs increase as the level of system redundancy and diversity grows. In fact, from the perspective of deterministic theory, an I&C system of only two chains can meet the single failure criterion. So how to obtain the balance of safety and economy is a challenging problem in I&C system designing. Probabilistic Safety Assessment (PSA) is the most commonly used quantitative risk assessment tool for decision-making in selecting the optimal design among alternative options. In this paper, PSA technique was used to identify whether the I&C system design offers adequate redundancy, diversity, and independence with sufficient defense-in-depth and safety margins in the design of a new reactor. Firstly, detailed risk assessment criteria for I&C design were studied and identified in accordance with nuclear regulations. Secondly, different designs were appropriately modeled, and the risk insights were provided, showing the balance of safety and economy of each design. Furthermore, potential design improvements were evaluated in terms of the current risk assessment criterion. In the end, the optimal design was determined, and uncertainty analyses were performed. The results showed that all four designs analyzed in this paper were met the safety goals in terms of PSA, but each design had a different impact on the balance of risk. As the support systems of the NPP we analyzed were relatively weak, loss of off-site power and loss of service water were two main risk contributors. The common cause failure of reactor trip breakers and the sensors of containment pressure were risk-significant. After identifying the major risk factors, the I&C design team can perform subsequent optimizations in the further design based on the PSA results and achieve an optimal balance between safety and economy.
An Integrated Risk Assessment Process for Digital Instrumentation and Control Upgrades of Nuclear Power Plants