Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mikael Olsson Control Engineer

Published byHeidi Knopp Modified over 4 years ago

Similar presentations

Presentation on theme: "Mikael Olsson Control Engineer"— Presentation transcript:

1 Mikael Olsson Control Engineer
TSS Failure Mode Effects Analysis (FMEA) ESS and ESS TSS CDR2 Mikael Olsson Control Engineer 16 July, 2019

2 TSS FMEA - agenda Purpose Independent single failure criteria
Fail-safe concept Failure and Failure effect Assumptions Conclusions

3 TSS FMEA - purpose Deterministic analysis of reliabilty (SSM, D1):
“Deterministic … methods shall be used to analyse and evaluate the … facility’s ability to fulfil the fundamental safety functions”. Independent single failure (SSM, E10) “… the most adverse single failure shall be applied in the safety group. A single failure in active structures, systems, and components shall be applied at the most adverse time.” Independent common cause failure (SSM, E11) “… common cause failures in a safety group shall be applied instead of a single failure, in the same way as in Condition E10 …” IEC recommends FMEA to analyze Cat A systems Independent failure in combination with external event

4 TSS FMEA - independent single failure criteria
SSM conditions (C22 ‘Intake state during failures’, guiding support doc) “Absolute reliability of individual SSC important to safety can never be obtained” and “Failures will always be able to occur” SSM conditions (C18 ‘Resistance to single failures’, guiding support doc) “The key words here are ‘independent/unforeseen’, implying that the additional failure is not a direct result of the occurred event, or alternatively a failure that has not been possible to anticipate, or has been missed” IEC (single failure criterion, 3.20, 3.21, 3.49, 3.50) Criterion = “…must be capable of performing its safety task in the presence of any single failure” Single failure = “…loss of capability of a component to perform its intended safety function” IAEA NS-R-1 (‘Safety of NPP: design’) “At no point in the single failure analysis is more than one random failure assumed to occur.” “Spurious action shall be considered as one mode of failure when applying the concept [single failure criteria] to a safety group or system.” IEEE 379 (‘IEEE Standard Application of the Single-Failure Criterion to Nuclear Power Generating Station Safety Systems’) “The safety systems shall perform all required safety functions for a design basis event in the presence of the following: […] a) Any single detectable failure within the safety systems” “detectable failures = Failures that can be identified through periodic testing or that can be revealed by alarm or anomalous indication”

5 TSS architecture - fail-safe concept
Each active component in the TSS has a predefined “acceptable mode for safety” in case of failure, that actuates a trip of a channel or the complete system. Sensors Predefined safe mode in case of loss of power Indicate trip = safe mode Hardware based train (relay) Relays: predefined safe mode in case of loss of control signal. Fiber communication modules: predefined safe mode of outputs to actuators in case of loss of power or loss of communication Software based train (PLC) Predefined safe mode of outputs to actuators in case of loss of power or loss of internal communication Actuators Predefined safe mode in case of loss of control signal Must receive an active/continuous control signal in order to allow beam production

6 Channel trip status (input)
TSS FMEA - failure Sensor (pressure) Process status Sensor reply Pressure OK Pressure NOK Most severe (safe mode) Spurious trip Actuator Requested action Performed action Close power circuit Open power circuit Close Most severe Open (safe mode) Spurious trip 2oo3 voting Channel trip status (input) Voting result (output) 0oo3 1oo3 2oo3 3oo3 No trip Trip (safe mode)

7 TSS FMEA - failure effect
Potential failure effects on the system

8 TSS FMEA - assumptions The H3 fire is the facility internal event that demands the TSS. It is assumed that other facility internal events (e.g. missiles, pipe failures, as exemplified in IEEE 384) are covered by the H3 fire. The fire takes place in Target utility area, and leads to an accident that demands the TSS or the H3 fire is a consequence of such accident The fire affects only one area (fire zone). The fire eliminates all TSS components in the area (fire zone) i.e. they cannot perform their safety function. The fire does not affect the TSS sensing lines in a negative way from safety point of view. A fire in any other area (i.e. outside Target utility area) could affect TSS components in those areas, but does not demand the TSS.

9 Identify critical components
TSS FMEA - procedure Identify critical components Identify failures Analyze effects of independent failures Apply independent SF/CCF Combine with H3 fire Identify protection measure (if needed) Analyze effects after protection measure Conclude

10 TSS FMEA - details in Excel

11 TSS FMEA - conclusions (independent failure)
In general the design of the system includes both redundancy, functional separation between redundant parts, and diversity to prevent loss of function due to an independent failure. Redundant sensors and cable paths for each safety function Resistance to SF of the sensors Diverse safety functions (primary and secondary function) Resistance to CCF of the sensors Diverse 2oo3 voting system (different technology) Resistance to SF and CCF of the voting, and the associated communication equipment Diverse actuators (different technology) Resistance to SF and CCF of the actuators

12 TSS FMEA - conclusions (independent failure + fire)
Most severe Fire zone: Connection cell or Utility area level 115 SF/CCF: Sensors Demanded safety function due to the fire ‘Target rotational speed’ (connection cell) All channels eliminated One diverse function is needed to withstand fire + SF Two diverse functions are needed to withstand fire + CCF ‘He inlet temperature’ (utility area) Two diverse functions are needed to withstand fire + SF/CCF ‘He mass flow’ (utility area) One channel eliminated One diverse function is needed to withstand fire + SF/CCF ‘He inlet temperature’ must not be defined as the diverse function ‘He pressure’, ‘Monolith pressure’ Same as He mass flow

13 TSS FMEA - Diverse functions (draft)
Postulated Initiating Event Detection Parameter (C.20) Helium compressor stop FHe PHe  PM  Heat exchanger malfunction or loss of cooling by intermediate system THe  PHe  PM  Helium pressure control malfunction, isolation of cooling system by valve closing PHe  PM  Power outage FHe THe  PHe  PM  Large leakage – in monolith (AA4) Large leakage – utility room (AA8) FHe PHe  Failure in process control system Operator error Leak between helium and intermediate water system (AA7) Large bypass in target wheel (AA5) Target shroud remains intact – no release Methods of detection are identified to cover all event initiators He Temperature (THe) He Pressure (PHe) He Flow (FHe) Monolith Pressure (PM) 13 13

14 TSS FMEA Thank you!

Download ppt "Mikael Olsson Control Engineer"

Similar presentations

Generic Pressurized Water Reactor (PWR): Safety Systems Overview

Generic Pressurized Water Reactor (PWR): Safety Systems Overview
ACADs (08-006) Covered Keywords Defense-in-depth, reactor protection system, solid state protection system, reactor trips, Engineered Safety Feature System.

ACADs (08-006) Covered Keywords Defense-in-depth, reactor protection system, solid state protection system, reactor trips, Engineered Safety Feature System.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
737 PNEUMATICS MENU PRINCIPAL.

737 PNEUMATICS MENU PRINCIPAL.
DM1 – WP1.5 meeting Stockholm, May 22-23, 2007 1 First safety approach of the DHR system of XT-ADS B. Arien.

DM1 – WP1.5 meeting Stockholm, May 22-23, First safety approach of the DHR system of XT-ADS B. Arien.
Failure Modes and Effects Analysis A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effects on a system or plant.

Failure Modes and Effects Analysis A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effects on a system or plant.
Oak Ridge SNS Experimental Facilities X0000936/arb 1 SNS MPS Review Target-MPS Review WBS 1.6.8 Ron Battle Target Controls, Target Systems Experimental.

Oak Ridge SNS Experimental Facilities X /arb 1 SNS MPS Review Target-MPS Review WBS Ron Battle Target Controls, Target Systems Experimental.
Reliability Risk Assessment

Reliability Risk Assessment
EUROTRANS - Helium cooled EFIT Probabilistic assessment of different DHR designs Karlsruhe, November 27-28 2008 Sophie EHSTER, Laurent VINCON.

EUROTRANS - Helium cooled EFIT Probabilistic assessment of different DHR designs Karlsruhe, November Sophie EHSTER, Laurent VINCON.
CSE 466 – Fall 2000 - Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 

CSE 466 – Fall Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 
Vegard Joa Moseng BI - BL Student meeting 09.09.2013 Reliability analysis summary for the BLEDP.

Vegard Joa Moseng BI - BL Student meeting Reliability analysis summary for the BLEDP.
1 EVALUATING INTELLIGENT FLUID AUTOMATION SYSTEMS USING A FLUID NETWORK SIMULATION ENVIRONMENT Ron Esmao - Sr. Applications Engineer, Flowmaster USA.

1 EVALUATING INTELLIGENT FLUID AUTOMATION SYSTEMS USING A FLUID NETWORK SIMULATION ENVIRONMENT Ron Esmao - Sr. Applications Engineer, Flowmaster USA.
Utilities 14 October 2008 Martin Nordby, Gordon Bowden.

Utilities 14 October 2008 Martin Nordby, Gordon Bowden.
Introduction to the ASD Suppression Actuation Threshold (ASAT) Calculator July 2007 13574_03_ASAT Calculator Sales and Marketing Introduction Presentation.

Introduction to the ASD Suppression Actuation Threshold (ASAT) Calculator July _03_ASAT Calculator Sales and Marketing Introduction Presentation.
Fire Safety in Nuclear Power Plants and Modeling Fire in a Generic EDG Room by COMPBRN III M. B. Öztemiz, Ş. Ergün Hacettepe University Nuclear Engineering.

Fire Safety in Nuclear Power Plants and Modeling Fire in a Generic EDG Room by COMPBRN III M. B. Öztemiz, Ş. Ergün Hacettepe University Nuclear Engineering.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,
1 NEI 04-02 Process Discussion. 2 Topics for Discussion Relationship to NFPA 805 Relationship to Regulatory Guide Technical Process currently in NEI 04-02.

1 NEI Process Discussion. 2 Topics for Discussion Relationship to NFPA 805 Relationship to Regulatory Guide Technical Process currently in NEI
1 Review of Specifications for Digital Upgrades NHUG Summer Meeting July 17, 2008 Tim Mitchell Component Engineering Palo Verde Nuclear Generating Station.

1 Review of Specifications for Digital Upgrades NHUG Summer Meeting July 17, 2008 Tim Mitchell Component Engineering Palo Verde Nuclear Generating Station.
CM27 – 8 th July 2010 LH2 System Progress and Future Plans M Hills T Bradshaw M Courthold I Mullacrane P Warburton.

CM27 – 8 th July 2010 LH2 System Progress and Future Plans M Hills T Bradshaw M Courthold I Mullacrane P Warburton.
Safety Assessment of General Design Aspects of NPPs (Part 2) IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information.

Safety Assessment of General Design Aspects of NPPs (Part 2) IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information.

Similar presentations

Ads by Google