GD-385: Pre-licensing Review of a Vendor's Reactor Design

Preface

Guidance document GD-385, Pre-licensing Review of a Vendor's Reactor Design describes the pre-licensing review process provided by the Canadian Nuclear Safety Commission (CNSC) for assessing a vendor's design for a nuclear power plant or small reactor. The review considers the areas of design that relate to reactor safety, security and safeguards.

A pre-licensing review is an optional service provided by the CNSC. The review can be undertaken by a reactor vendor prior to an applicant's submission of a licence application to the CNSC.

This review can provide early identification and resolution of potential regulatory or technical issues in the design process, particularly those that could result in significant changes to the design or safety analysis. The objective of a pre-licensing review is to increase regulatory certainty while ensuring public safety.

This service does not certify a reactor design, and does not involve the issuance of a licence under the Nuclear Safety and Control Act. It is not required as part of the licensing process for a new nuclear power plant or small reactor. The conclusions of a design review do not bind or otherwise influence decisions made by the Commission Tribunal, with whom the authority resides to issue licences for nuclear power plants and small reactors.

Guidance document GD-385, Pre-licensing Review of a Vendor's Reactor Design, provides guidance information only. For this topic a licensee or licence applicant is not obliged to satisfy any provisions through regulations or licence conditions, so no regulatory document (RD) accompanies this guidance document. In this document, “should” is used to express guidance. “May” is used to express an option, or that which is permissible within the limits of this regulatory document. “Can” is used to express possibility or capability.

1.0 Introduction

Section 21(1)(a) of the Nuclear Safety and Control Act (NSCA) gives the Canadian Nuclear Safety Commission (CNSC) the authority to: “enter into arrangements, including an arrangement to provide training, with any person, any department or agency of the Government of Canada or of a province, any regulatory agency or department of a foreign government or any international agency” in order to attain its objectives.

At the request of a vendor, and by entering into a service agreement, the CNSC will undertake a pre-licensing review of a vendor's reactor design. The review does not certify a reactor design, and does not involve the issuance of a licence under the Nuclear Safety and Control Act. It is not required as part of the licensing process for a new nuclear power plant or small reactor. The conclusions of a design review do not bind or otherwise influence decisions made by the Commission Tribunal, with whom the authority resides to issue licences for nuclear power plans and small reactors.

Much of the detailed information resulting from the design review - including the vendor's submissions of documentation - may be considered commercially confidential, as per the terms of the service agreement. The public will be informed of the high-level outcomes of the review work by the posting of an executive summary of each review report on the CNSC Web site.

1.1 Purpose and Scope

This document describes the pre-licensing review process provided by the CNSC for assessing a vendor's design for a nuclear power plant or small reactor. The review considers the areas of design that relate to reactor safety, security and safeguards.

1.2 What is a pre-licensing review?

A pre-licensing review, commonly referred to as a vendor design review, is an optional service that the CNSC provides for the assessment of a vendor's design for a nuclear power plant or small reactor. The primary purpose of a vendor design review is to inform the vendor of the overall acceptability of the reactor design. The CNSC enters into a service agreement with the vendor that is based on a fixed scope of work.

This review provides the early identification and resolution of potential regulatory or technical issues in the design process, particularly those that could result in significant changes to the design or safety case. The CNSC conducts more detailed reviews of the design and safety case at the time of an application for a licence to construct and an application for a licence to operate.

The following figure illustrates the level of design completion that is necessary to support a vendor design review versus the level of design completion that is necessary to support an application for a licence to construct, or a licence to operate, for a nuclear power plant or small reactor. The licence to prepare site phase is not shown in the diagram because the applicant for a licence to prepare site determines the level of design information required to determine site suitability.

Table 1: Where the vendor design review fits into the reactor design process
  Phases of Reactor Design   Reactor Design Completeness
  Conceptual Design 0% Vendor establishes design rules and processes
Pre-licensing review of a vendor reactor design by the CNSC Basic engineering program:
  • safety design guides
  • design requirements
  • safety specification
  • design quality assurance processes
   
  Detailed design for a construction licence:
  • preliminary safety analysis report
  • design descriptions
  • technical specifications of structures, systems and components to the level of detail for purchase orders
  • detailed design quality assurance program
  • all safety-related research and developments is complete
 

Vendor and licensee collaborate on a facility safety case to prove that there are no outstanding safety issues with the detailed reactor design.

The goal is a design that is sufficient for a construction licence application

Construction licence application to the CNSC      
  Detailed design for an operating licence:
  • final safety analysis report
  • design manuals
  • commissioning manuals
  • operating manuals
  Vendor and licensee finalize safety case to prove the reactor is built per design and will operate safely
Operation licence application to the CNSC      
  Vendor provides ongoing design support to licensee 100%  

A vendor design review evaluates if:

  • the vendor understands Canadian regulatory requirements and expectations
  • the design complies with, as applicable, CNSC regulatory documents RD-337, Design of New Nuclear Power Plants [1] or RD-367, Design of Small Reactor Facilities [2] and related regulatory documents and national standards
  • a resolution plan exists for any design issues identified in the review

A review considers technical aspects, and does not include considerations such as:

  • design costs
  • state of completion of the design
  • scheduling factors relative to the review of a licence application
  • design changes that could be required as a result of future findings

A vendor design review can begin once a vendor has, at a minimum, made reasonable progress in the basic engineering phase of the design. As per Figure 1 this means that the basic architecture of systems important to safety has been laid out following the vendor's reactor design guides and design requirements. The following documents should be approaching a state of completion, such that the vendor is ready to proceed with the detailed design phase in preparation for a utility's submission of a construction licence application:

  • design guides that contain design philosophies, safety philosophies and rules that designers must follow when performing their design work, including safety requirements such as applicable codes and standards
  • design requirements for systems important to safety that establish such aspects as:
    • minimum performance requirements and reliability targets
    • reflect significant progress made in any safety-related research and development
  • the vendor's overall management system as it applies to the design of the proposed plant's (or small reactor's) structures, systems and components
  • design and safety analysis representative of a preliminary safety analysis report

1.3 Benefits of a vendor design review

The reports that are prepared during a vendor design review provide a significant amount of information that is of benefit to the vendor, applicant and the general public.

1.3.1 Benefits to the vendor

The review provides the vendor with information that can be used when holding discussions with a potential applicant who is considering the vendor's technology.

A vendor design review can provide further assurance that, along with information contained in RD/GD-369, Licence Application Guide - Licence to Construct a Nuclear Power Plant [3], the vendor has the necessary data to support an applicant in a future application to construct an NPP. For small reactor facilities most of the information contained in RD/GD-369 is applicable, but may be applied in a graded manner. The depth and breadth of information required in support of an application will depend on the risk and complexity of the facility.

When an applicant approaches the CNSC for a licence, the applicant will be required to demonstrate the adequacy of the design and its associated safety case against Canadian regulatory requirements and CNSC expectations. Preparing submissions for each phase of the vendor design review allows the vendor to plan and prepare for effective discussions with potential applicants who are considering the use of the vendor's reactor technology.

The vendor design review gives the vendor early feedback on the use of new or novel design features and approaches. These may be new materials for SSCs, or engineering standards and methodologies which may not have been previously employed in Canada.

The review also offers the vendor early notification of potential fundamental barriers to licensing. Within the review process, the vendor is able to identify resolution paths for any issues before an applicant seeks to obtain a licence to construct or licence to operate. By being aware of such resolution paths, both the vendor and the applicant can have reasonable confidence that the issue can be resolved in a reasonable timeframe, in order to keep within the expected licensing schedule.

A vendor design review contributes to regulatory certainty by:

  • providing clear and early feedback to the vendor on Canadian regulatory requirements and how well the design meets these requirements
  • identifying potential licensing and technical (safety) issues early on, thereby providing the vendor time to resolve issues before they become barriers to licensing; this is particularly important for issues that could result in significant changes to the design or safety analysis
  • enabling CNSC staff to become familiar with the design prior to the receipt of a licence application, thereby reducing the amount of time needed to assess the design during the review of the applications for the licences to construct and operate

1.3.2 Benefits to the applicant

The CNSC encourages potential applicants to have early and ongoing dialogue with vendors to discuss and resolve potential regulatory issues when considering technologies for proposed nuclear reactor facilities.

Vendor design reviews allow the regulator to become informed of the design, thus facilitating future licence application reviews. The resultant review information obtained throughout the review phases may add significantly to the understanding of both the technology and any of its associated issues that need to be resolved prior to, and during, the licensing process.

The CNSC expects a future applicant to be highly familiar with the technology it will eventually purchase for a proposed nuclear reactor facility - that is, to be a “smart buyer”. Under the NSCA, the applicant is ultimately accountable for licensed activities, and will be required to demonstrate the adequacy of the design and its associated safety case against Canadian regulatory requirements and CNSC expectations. Potential applicants are encouraged to speak with vendors early on in the licensing process to discuss and resolve potential regulatory issues.

1.3.3 Benefits to the public

The vendor design review provides the public with a measure of early assurance that a new reactor technology being proposed for construction and operation in Canada will meet Canadian regulatory requirements.

By performing an early review of key aspects of a reactor design and the vendor's organization, the public can be assured that:

  • the vendor understands Canadian regulatory requirements and CNSC expectations
  • the design will meet the requirements contained in CNSC regulatory documents RD-337 or RD-367 (as applicable to the proposal) and related regulatory documents and standards
  • the vendor is actively seeking the resolution of any design issues identified in the review

These three assurances increase the level of regulatory certainty and contribute to public safety.

1.4 CNSC use of information from other nuclear regulatory jurisdictions

If a vendor has had its reactor design either reviewed or certified by a nuclear regulator from another country and, as a result, has accumulated a certain amount of regulatory feedback, the CNSC would consider such material in the vendor design review, under the following conditions:

  • the vendor would be responsible for obtaining and providing the reviewed or certified information to the CNSC, as part of the design review submittals
  • the vendor would explain how that information demonstrates the design will meet Canadian requirements
  • the CNSC would conduct its own assessment in light of its regulatory framework
  • the CNSC would use the information submitted to the extent that the information is compatible with the CNSC review process

2.0 Vendor Design Review

The vendor design review is divided into three phases, each requiring increasingly more detailed technical information.

Phase 1 review - Compliance with regulatory requirements: CNSC staff assess the information submitted in support of the vendor's design and determine if, at a general level, the design intent complies with CNSC design requirements (for new nuclear power plants as specified in RD-337, and for small reactors facilities in RD-367), and related regulatory requirements.

Phase 2 review - Pre-licensing assessment: This phase goes into further detail, with a focus on identifying potential fundamental barriers to the licensing of the vendor's design for a nuclear power plant or small reactor in Canada.

Phase 3 review - Pre-construction follow-up: In this phase, the vendor can choose to follow up on one or more focus areas covered in Phase 1 and 2 against CNSC requirements pertaining to a licence to construct. For those areas, the vendor's anticipated goal is to avoid a detailed revisit by CNSC during the review of the construction licence application.

Phase 1 and 2 reviews have 19 review focus areas, representing key areas of importance for a future construction licence. The Phase 3 review is tailored on a case-by-case basis. See Appendix A for detailed information on the review focus areas.

3.0 What is a fundamental barrier to licensing?

When reviewing a vendor's reactor design, CNSC staff assesses aspects of the design related to safety, security and safeguards, in order to identify potential issues with respect to licensing and technical requirements. Areas of concern that fail to comply with Canadian regulatory requirements or to address CNSC design expectations for new nuclear power plants and small reactors are identified. If not corrected, the issues could become fundamental barriers to licensing.

A fundamental barrier is a shortcoming in the design or the design process that, if not corrected, could have the potential for significant risk to the public, workers or the environment. The barrier is considered fundamental when there is no clear and adequate path to resolution of a significant safety issue. A barrier would also be considered fundamental if there are significant uncertainties associated with the proposed resolution plan, or if the timeline is such that the issue may not be resolved at the time an application for a licence to construct is submitted to the CNSC.

The following are considered to be barriers to licensing a nuclear power plant or small reactor design in Canada:

  • non-compliance with Canadian regulatory requirements
  • unjustified non-conformance with Canadian regulatory requirements, including those in the regulatory document RD-337 or RD-367, and other applicable regulatory documents and national standards for design and analysis
  • unjustified non-compliance with design and safety analysis quality assurance standards and procedures
  • a design that does not address known issues of safety significance (i.e., the design has not taken into account resolution of safety concerns from past regulatory reviews)
  • a design that does not meet the “as low as reasonably achievable” (ALARA) principle
  • unproven engineering practices for new or innovative design features (i.e., not adequately supported by analysis, research and development, or both)
  • a design introduces unacceptable operational complexity in order to meet operation compliance (i.e., to meet regulatory requirements, the system or technology would be so complicated as to introduce complexities that may cause other events due to human factors)

4.0 Objectives and Scope of a Vendor Design Review

4.1 Focus areas

Nineteen focus areas are reviewed during Phases 1 and 2 of a design review and include topics of significant safety importance to a design so that any identified issues can be addressed by the vendor early in the design process. The vendor may propose additional focus areas that are specific to the reactor design.

The 19 focus areas are:

  1. general plant description, defence in depth, safety goals and objectives, dose acceptance criteria
  2. classification of structures systems, and components (SSCs)
  3. reactor core nuclear design
  4. fuel design and qualification
  5. control system and facilities:
    1. main control systems
    2. instrumentation and control
    3. control facilities
    4. emergency power system(s)
  6. means of reactor shutdown
  7. emergency core cooling and emergency heat removal systems
  8. containment / confinement and safety-important civil structures
  9. beyond design basis accidents (BDBAs) and severe accidents (SA) prevention and mitigation
  10. safety analysis (deterministic safety analysis, probabilistic safety analysis) and internal and external hazards
  11. pressure boundary design
  12. fire protection
  13. radiation protection
  14. out-of-core criticality
  15. robustness, safeguards and security
  16. vendor research and development program
  17. management system of design process and quality assurance in design and safety analysis
  18. human factors
  19. incorporation of decommissioning in design considerations

Appendix A provides a description of the objectives and scope for each focus area.

4.2 Phase 1 of the vendor design review

A vendor can initiate a Phase 1 review once the conceptual design is complete and the basic engineering program is either at an advanced stage or completed, since high-level design information would be required in support of the review.

As part of Phase 1, CNSC staff reviews the submitted documentation against key areas of either regulatory document RD-337 or RD-367 (whichever is applicable for the reactor design proposed by the vendor), along with any other related regulatory requirements. This review is conducted in order to assess that the design intent is compliant with Canadian regulatory requirements.

The vendor is expected to demonstrate that the design intent meets the requirements of RD-337 or RD-367 and related regulatory requirements, through the description of intended programs.

4.2.1 Phase 1 focus areas and information required from the vendor

For each of the focus areas, the following information is required to demonstrate that the design meets the Phase 1 objectives:

  • demonstration of compliance with relevant sections of RD-337, or RD-367, and related regulatory requirements
  • safety analysis at a sufficient level to demonstrate the adequacy of the design concepts
  • design information, such as design guides, design requirements, design descriptions and design manuals
  • information in support of new or novel designs or approaches, when used
  • path forward for resolving any outstanding safety issues, including research and development efforts

4.2.2 Review criteria

For each of the review focus areas, the submissions are assessed using the requirements and expectations relevant to the individual review focus area, including:

  • Nuclear Safety and Control Act
  • CNSC regulations:
    • General Nuclear Safety and Control Regulations
    • Class I Nuclear Facilities Regulations
    • Radiation Protection Regulations
    • Nuclear Security Regulations
  • CNSC regulatory documents:
    • RD-337, Design of New Nuclear Power Plants
    • RD-367, Design of Small Reactors
    • RD-310, Safety Analysis for Nuclear Power Plants [4]
    • RD-308, Safety Analysis for Small Reactors [5]
    • S-294, Probabilistic Safety Assessment for Nuclear Power Plants [6]
    • G-129, Keeping Radiation Exposures and Doses “As Low As Reasonably Achievable (ALARA)”[7]
    • G-144, Trip Parameter Acceptance Criteria for the Safety Analysis of CANDU Nuclear Power Plants [8]
    • G-306, Severe Accident Management Programs for Nuclear Reactors [9]
    • G-219, Decommissioning Planning for Licensed Activities [10]
  • Canadian Standards Association (CSA) and other national standards:
    • CSA N285.0-08/N285.6 SERIES-08, General requirements for pressure-retaining systems and components in CANDU nuclear power plants/Material Standards for reactor components for CANDU nuclear power plants [11]
    • CSA N287.1-93 (R2009), General Requirements for Concrete Containment Structures for CANDU Nuclear Power Plants [12]
    • CSA N293-2007, Fire Protection for CANDU Nuclear Power Plants [13]
    • CSA N286-05, Management System Requirements for Nuclear Power Plants[14]
    • CSA N289.1, Design Guides on Seismic Requirements [15]
    • NBCC 53301S, The National Building Code of Canada [16]
    • NBCC 47667, The National Fire Code of Canada [17]

The vendor may propose the use of alternate codes and standards; however, the vendor must provide information that outlines the basis of how the alternate standards are broadly equivalent to Canadian codes and standards. This gap analysis is integral to the vendor demonstrating their understanding of Canadian requirements.

Initial consideration is also given to the extent to which generic or outstanding safety issues have been resolved, and to whether the knowledge base for new or innovative features in the design has been established.

4.2.3 Project management information

Phase 1 activities are captured in an overall vendor design review project plan, which falls under the service agreement.

A Phase 1 vendor design review typically takes eight months to one year to complete, in a time frame agreed to by both the vendor and CNSC. The estimated effort for this review phase is approximately 4,000 hours, however additional effort may be required depending on how well novel designs or approaches are supported, or if the vendor requests that additional review focus areas be covered in the service agreement.

4.2.4 Project deliverables

At the end of the review period, the CNSC delivers a Phase 1 summary report to the vendor, containing findings for each review focus area and the bases for those findings.

At this time the CNSC will issue the following statement for all focus areas that successfully complete the review process:

"Canadian Nuclear Safety Commission staff has completed a Phase I pre-licensing review of a vendor's reactor design for the [name of vendor and reactor design]. In the following key areas, CNSC staff has determined that the design intent is compliant with the CNSC regulatory requirements and meets the expectations for new nuclear power plant [small reactor] designs in Canada:
[list of review focus areas]"

For any focus areas where the review indicates the need for additional work by the vendor to demonstrate intent to meet the requirements of RD-337 or RD-367, the CNSC will issue a statement identifying any gaps. The vendor is responsible for identifying how it will address any gaps.

The Phase 1 report is treated as commercially sensitive information, and is not made available to the public. However, as part of the Phase 1 report, CNSC provides an executive summary, which is posted on the CNSC Web site, to communicate the high-level results of the review to the public and other stakeholders.

4.3 Phase 2 of the vendor design review

A vendor can initiate a Phase 2 review once the design's basic engineering program is either well under way or completed. The results of a Phase 2 review assist the vendor's development of a preliminary safety analysis report, as part of the preparations in support of an applicant for an eventual (site-specific) application for a licence to construct.

This phase focuses on identifying any potential fundamental barriers to licensing the reactor design in Canada. Phase 2 serves to give CNSC a significant level of assurance that the vendor has taken into account CNSC design requirements. Consideration is also given to the extent to which generic or outstanding safety issues have been resolved. In addition, CNSC staff conducts an audit of the design process, to verify that it has been implemented correctly and in accordance with the vendor's policies and procedures.

For the Phase 2 review, particular attention is paid to the review focus areas where there are new design features or approaches used in the design, to ensure that the vendor has performed or planned testing and analysis work to support the adequacy of the design.

In Phase 2 the vendor is also expected to provide follow-up information to demonstrate how it is resolving any issues identified during Phase 1.

4.3.1 Phase 2 focus areas and information required from the vendor

The Phase 2 review also uses the 19 review focus areas; however more detailed information is required for each of the focus areas to demonstrate that the reactor design and supporting analyses meet the Phase 2 objectives, namely that the vendor's design and safety activities are meeting Canadian requirements.

4.3.2 Review criteria

The review criteria used for Phase 2 remain the same as those used in Phase 1 (see Appendix A). However, this phase goes into further detail, with a focus on identifying any potential fundamental barriers to licensing the vendor's nuclear power plant or small reactor design in Canada.

4.3.3 Project management information

Phase 2 activities are captured in an overall vendor design review project plan which falls under the service agreement.

A Phase 2 vendor design review typically takes 12 to 18 months to complete, along a time frame agreed to by both the vendor and CNSC. The estimated effort for the review is 9,500 hours, but additional effort may be required, depending on how well novel designs or approaches are supported, or if the vendor requests that additional topics be covered in the service agreement.

4.3.4 Project deliverables

At the end of the Phase 2 review period, the CNSC delivers a Phase 2 summary report to the vendor that contains findings for each review focus areas and the bases for those findings.

At this time, the CNSC will issue the following statement for all topics that successfully complete the review process:

"Canadian Nuclear Safety Commission staff has completed a Phase 2 pre-licensing review of a vendor's reactor design for [name of vendor and reactor design]. This review provides a further level of assurance that [name of vendor] has taken into account regulatory requirements and expectations. Based on the Phase 2 review, CNSC staff concludes that there are no fundamental barriers to licensing the [name of design] design in Canada."

For any focus areas that require the vendor to perform additional work to demonstrate the design will meet CNSC design requirements, the CNSC will issue the following statement.

"This statement is subject to the successful completion of [name of vendor and reactor]'s planned activities, in particular those related to:
[list of review focus areas]"

The Phase 2 report is treated as commercially sensitive information, and is not made available to the public by the CNSC. However, the CNSC provides a Phase 2 report executive summary, which is posted on its external Web site, to communicate the high-level results of the review to the public and other stakeholders.

4.4 Phase 3 of the vendor design review - pre-construction follow-up

Phase 3 is initiated by a vendor who has already completed Phase 1 and 2. Phase 3 should not be initiated by a vendor until the design's (non-site-specific) detailed engineering program is under way. This generally occurs when the vendor is supporting a licensee who is preparing an application for a licence to construct.

In this phase, the vendor may choose to follow up on one or more focus areas covered in Phase 1 and 2 against CNSC requirements pertaining to a licence to construct. The vendor may also seek to confirm whether more specific aspects of the design and related activities will meet the design and safety analysis criteria contained in:

  • RD-337, Design of New Nuclear Power Plants or RD-367, Design of Small Reactor Facilities, as applicable
  • RD/GD-310, Safety Analysis for Nuclear Power Plants or RD-308, Deterministic Safety Analysis for Small Reactor Facilities, as applicable

4.4.1 Focus areas and information required from the vendor

For Phase 3, the vendor supplies any additional information necessary for the follow-up discussions to proceed. This information, targeting specific focus areas, is agreed upon between both parties prior to the onset of Phase 3 work.

4.4.2 Review criteria

Phase 3 review criteria are found in CNSC documents RD-337, RD-367, RD- and GD-310, and RD-308.

4.4.3 Project management information

Phase 3 activities are generally agreed upon by both parties at the end of Phase 2, and captured in an amendment to the overall vendor design review project plan. At this time, the service agreement is also amended to add the additional scope of work, timelines and budget.

Phase 3 vendor design reviews vary in scope and depth from vendor to vendor. The time frame for a Phase 3 review is tailored to the vendor on a case-by-case basis. The review goes into considerably more depth (in line with the level of review performed during a construction licence review) the vendor should be aware that Phase 3 review may be a multi-year exercise, with a cost commensurate with the scope and depth of review.

4.4.4 Project deliverables

At the end of the Phase 3 review period, CNSC delivers to the vendor a Phase 3 summary report, containing either a summary of the discussions, or any additional findings for each focus area, along with the bases for those findings.

The Phase 3 report is treated as commercially sensitive information, and is not made available to the public. As part of the Phase 3 report, the CNSC provides an executive summary, which is posted on the CNSC external Web site, to communicate the results to the public and other stakeholders.

Appendix A: Focus Review Areas

The following table describes the 19 review focus areas used in the assessment of a vendor's reactor design. These focus areas are not all-inclusive of a full design review, but are representative of key areas of importance to a vendor in a future application to construct an NPP. The scope and objectives listed are identical for both Phase 1 and Phase 2; however, the Phase 2 review goes into considerably more depth, in order to confirm that the vendor is applying the design intent shown in Phase 1.

Focus Area Objectives and Review Scope
1

General plant description, defence in depth,safety goals and objectives,doseacceptance criteria

Objectives
  • to understand the overall layout of the plant and general operation of key systems important to safety
  • to determine, with reasonable confidence, whether the provisions made in the design are meeting CNSC expectations and regulatory requirements as they pertain to defence in depth, safety goals and objectives, and dose acceptance criteria
Review Scope
  • general plant description and layout (operation of key plant systems important to safety)
  • how defence-in-depth principles are being applied in the design such that safety objectives and goals (dose acceptance criteria, and safety goals) will be met in the design for all plant states from normal operation to beyond design basis accidents
2

Classification of structures systems, and components (SSCs)

Objectives
  • to determine, with reasonable confidence, whether the provisions made in the design, as it is evolving, are meeting the CNSC expectations and regulatory requirements as they pertain to safety classification of SSCs and requirements for other specific classifications (e.g., seismic and environmental qualification)
Review Scope
  • the safety classification principles, approach & acceptance criteria
  • how safety classification is tied to codes and standards (e.g. pressure boundary, seismic, etc.)
  • review of safety classification of example SSCs
3

Reactor core nuclear design

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to reactor core nuclear design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for reactor core nuclear design
  • to confirm that the vendor has, with a reasonable level of assurance, demonstrated that the safety principles, such as inherent safety features, single failure criterion and defence in depth, would be met by the core design
Review Scope
  • the description of the physical core design (geometry, materials, etc.)
  • models and calculation methods used including uncertainties analysis
  • tools used for physics design and analysis including toolset validation and verification to support the design
  • operation limits and conditions for core, core instrumentation and control. and nuclear fuel
  • physics and reactivity coefficients including effects or power coefficient of reactivity (PCR)
  • core response in accident analysis
  • power control (to ensure compliance with the design requirements, specifically on linear element rating), including aspects of loss of reactivity control
  • supporting research and development programs
4

Fuel design and qualification

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to fuel design
  • to confirm that fuel design is addressing CNSC expectations related to fuel design including fuel performance, operation/safety limits, fuel handling and storage aspects
Review Scope
  • mechanical and thermal hydraulic design of fuel elements and assemblies (for example, geometry, materials)
  • the overall programs of the qualification of the fuel design for normal operations and postulated accidents
  • manufacturing aspects of the fuel design including material properties
  • the database in support of normal operation and postulated accidents (including assessments for the qualification of fission gas models and plenum volume design)
  • design tools (for example, computer codes) used, including verification and validation
  • uncertainties analysis
  • safety limits for fuel
  • analyses of fuel responses to accidents
  • fuel interaction with other reactor components for all plant states (from normal operation to BDBAs) and the reactor coolant (e.g., chemistry)
  • operation and safety limits and conditions for fuel
  • high level description of fuel handling aspects
  • system(s) for detecting defect fuel
  • storage capacity for fresh and irradiated fuel
  • supporting research and development programs
5

Control system and facilities:

  1. main control systems
  2. instrumentation and control
  3. control facilities
  4. emergency power system(s)
Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to systems to control the operation of structures systems and components important to safety
  • to confirm the design, as it is evolving, is meeting CNSC expectations for instrumentation and control systems and their deployment
Review Scope
  • provisions made in design for overall plant control including:
    • actual design details and descriptions of control systems that will monitor and control structures systems and components important to safety
    • vendor's description of interactions with other control systems, electrical systems and supporting systems (e.g., instrument air, HVAC)
  • the description of main and auxiliary control facilities, including emergency support centre(s)
  • description how control systems meet requirements of levels 1 and 2 of defence in depth
  • description of how control system design is maintaining functional separation between process systems and safety systems and ensuring sufficient redundancy and diversity
  • description of provisions made in design for reactor regulation (control of reactor)
  • capability to mitigate anticipated operational occurrences. and those not mitigated by the reactor control/protection system
  • design verification and qualification under normal operation and anticipated operational occurrences conditions
  • operation limits and conditions in accordance with reactor control/protection system failure
6

Means of reactor shutdown

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the provisions made in the design of “shutdown means”
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for reactor shutdown means
Review Scope
  • design and description of methods to shut down the reactor, including:
    • shutdown logic
    • software and hardware
    • trip parameters and trip set points
    • actuation provisions
    • materials
    • physics characteristics of “poison” materials
    • independence and reliability
    • physical layout
    • human factors aspects or interaction with operator(s) in the main control room as well as secondary control facilities
  • physics aspects like time effectiveness, reactivity worth, single failure criterion including failure of one the most “heavy” element, short and long term effectiveness
  • the design's sufficiency to cover level 3 defence in depth
  • the dispositioning of trip coverage, including how trip set points are utilized and the rationale for the number of trip parameters and support systems/parameters
  • the use of redundancy, diversity and reliability to ensure means of shutdown is always available when needed
  • description of the various guaranteed shutdown states to be used by the design
  • how separation will be maintained between reactor control/protection systems and other protection, control and regulating systems
  • interface between the means of shutdown. and other reactor components such as the reactor coolant and moderator
  • the effects of chemistry (if applicable)
  • manufacturing aspects of devices that will be used for shutdown
7

Emergency core cooling and emergency heat removal systems

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to emergency core cooling and emergency heat removal systems
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for emergency core cooling system(s) and emergency heat removal systems
Review Scope

For emergency core cooling systems (ECC), a description of:

  • the basic design of emergency core cooling system(s) including how this system will be a barrier to core damage
  • support and interfacing systems to the ECC system(s)
  • ECC's chief function and the most challenging event
  • how design requirements intend to consider proven designs, operating experience and plant layout factors

This review also examines codes and standards that the vendor proposes to use for the design of ECC systems.
For emergency heat removal systems, a description of:

  • the basic design of emergency heat removal systems including how these systems will be a barrier to core or pressure boundary damage
  • support and interfacing systems to the emergency heat removal systems
  • each emergency heat removal system's chief function
  • analysis of the most challenging events these systems will mitigate against
  • how design requirements intend to consider proven designs, operating experience and plant layout factors
  • this review also examines codes and standards that the vendor proposes to use for the design of emergency heat removal systems
8

Containment /confinement and safety-important civil structures

Objectives
  • to confirm that the vendor has understood and interpreted correctly the CNSC's expectations for design of containment/confinement and mitigating/complementary features that cover the full spectrum of reactor operating conditions and accident conditions. This includes beyond design basis accidents and severe accidents
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for the performance and design of the containment/confinement structures
  • to assess the scope and completeness of containment design compliance with CNSC regulatory requirements (RD-337 or RD-367)
Review Scope
  • description of containment/confinement structures & systems, including descriptions of:
    • system actuation (trip parameters by list and numbers)
    • instrumentation and control logic (and related software)
    • major equipment
    • trip parameters
    • materials
    • physical and chemical properties of cooling substances (e.g., light water with some quality, demineralised, raw)
    • redundancy
    • independence and separation
    • reliability
    • physical layout
    • human factors aspects or interaction with operator(s) in main control room as well as secondary control facilities
  • the requirements for containment / confinement structures including external hazards (e.g., seismic and environmental qualification)
  • the design and analysis tools including tool verification and validation and uncertainty analysis. This should include tools and methods to perform deterministic and probabilistic safety analyses of severe accidents
  • the methods used to prevent/mitigate containment/confinement bypass
  • means of control of radiation release
  • the description of severe accident mitigation and management program
  • the description of complementary design features
  • review of other civil structures important to safety:
    • purpose, functional and structural characteristics, safety class
    • safety and safety support systems
    • radioactive and dangerous substances
    • other systems
    • seismic and EQ qualification
    • external hazards robustness
9

Beyond designbasis accidents (BDBAs) and severe accidents (SA)
- prevention and mitigation

Objectives
  • to confirm that the vendor understands CNSC expectations for the provision of severe accident prevention and mitigation in the design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for provisions for severe accident prevention and mitigation
  • to confirm containment provisions for severe accidents are accounted for with reasonable assurance

Review Scope

  • the criteria for selecting the BDBAs and severe accident scenarios.
  • description of analysis (computer codes) tools used, including verification & validation
  • deterministic analyses for few (2-3) typical severe accident scenarios and discussion of severe accident progression
  • descriptions of:
    • plant systems and equipment that will be used for mitigation of severe accidents and the levels of confidence that such equipment will perform their functions
    • any complementary design features and of the barriers to arrest progression of a severe accident
    • potential challenges to containment integrity (such as steam explosions, MCCI, burns of combustible gases, over-pressurization) and of the containment design features to ensure that containment meets performance criteria in RD-337 during severe accidents
    • instrumentation that will be used for monitoring of radiation and safety critical parameters and for severe accident management
    • measures that will be in place to avoid re-criticality of core materials
  • provisions for radiological shielding
  • completed, ongoing and future research and development efforts in this focus area including timelines for completion and a description of experimental facilities, where applicable
10

Safety analysis
- deterministic safety analysis
- probabilistic safety analysis
- internal and external hazards

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the safety analysis submitted for design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for probabilistic safety assessment (PSA levels 1 and 2) and deterministic safety analysis (DSA)
Review Scope
  • the process for deterministic safety analysis and progress for the design
  • the level 1 and 2 probabilistic safety analysis (PSA)
  • the process for hazards analysis (e.g., accounting of internal flooding and fire in PSA, and seismic and other external hazards, including tornado protection), as well as progress and results for the design
11

Pressure boundary design

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the pressure boundary design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for pressure boundary design
Review Scope
  • general design approach to pressure boundary design
  • pressure boundary design for reactor coolant system and safety/safety support systems
  • general approach to overpressure protection, including systems containing radioactivity
  • reactor coolant system overpressure protection
  • accounting of dependent pressure boundary failure (e.g., wiping effect)
12

Fire protection

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the design for fire protection
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for design for fire protection
Review Scope
  • general design approach and strategy for fire protection, including design requirements for such things as fire protection systems (including detection and suppression)
  • review of. structural aspects of fire protection, such as fire resistance of walls and doors for fire compartments containing safety and safety-important systems
  • description of the fire protection measures being implemented inside confinement and containment
  • strategy and measures for alerting plant staff of fire events or conditions that may potentially trigger a fire event (e.g., annunciations, high temperature alarms for potential ignition sources)
  • strategy and measures for control of fire protection systems
  • how human factors are considered in design for fire protection
  • description of how fire protection systems interface with other systems, including inter-unit interfaces, where common systems are shared
13

Radiation protection

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the design for radiation protection
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for provisions for radiation protection
Review Scope
  • the radiation protection objectives, design expectations and design requirements for the design
  • description of how the “as low as reasonably achievable” (ALARA) principle is being implemented in design, including description of radiological zones and proposed control of personnel access to different zones
  • dose description for different groups, both onsite and offsite, for a generic plant using this design
  • radiation monitoring process and instrumentation proposed for normal operation, AOOs and DBAs
  • general description of radiation protection provisions in the design of the facility to be used for radioactive waste handling/processing/storage (taking into account anticipated quantities of radioactive waste (annual, lifetime)
  • descriptions of evacuation routes/plans for plant workers
14

Out-of-core criticality

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the design for prevention of out-of-core criticality
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for provisions for prevention of out-of-core criticality
Review Scope
  • the objectives, design expectations and design requirements for the prevention of out-of-core criticality
  • description of provisions for prevention of out-of-core criticality in the design, including spent fuel storage, storage of fresh fuel, in-plant and ex-plant transportation of fuel
15

Robustness, safeguards and security

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the provision of robustness, security and safeguards in the design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for the provision of robustness, security and safeguards in the design
Review Scope
  • the objectives, design expectations and design requirements for building and system robustness against external events or threats, including control of personnel access to plant structures, systems and components (particularly control rooms)
  • the objectives, design expectations and design requirements for security and safeguards, including provisions for cyber-security
16

Vendor research and development program

Objectives
  • to assess the vendor's overall research and development (R&D) program in terms of:
    • overall program scope and depth (particularly in areas of novel design)
    • how well the program will support the design's safety case, should it be selected for construction by a licence applicant
    • whether design gaps will be resolved in a timely manner, in order to meet regulatory requirements, should the design be selected for construction (e.g., clarify “grey” design areas, decrease uncertainties)
    • how continuing R&D efforts would support licensees, once the design is built and is being operated
Review Scope
  • the overall R&D program
  • high level description of all R&D underpinning the design, including any research facilities that the research and development is/will be dependent on (including R&D facilities external to the vendor
  • testing and qualification programs in support of the design
  • description of any novel design tools (such as computer codes), including verification & validation and uncertainties assessments
17

Management system of design process and quality assurance in design and safety analysis

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the design control measures applied to the reactor design and safety analysis
  • to confirm that the design is evolving under controlled design measures that includes a confirmation of the adequacy of the vendor's design control measures are consistent with CNSC expectations. (CNSC Phase 2 audit)
Review Scope
  • the description of how the vendor conducts design management (including the integration of R&D results into the design)
  • the design control measures, and whether they are consistent with the requirements of CSA-N286-05, Management System Requirements For Nuclear Power Plants and RD-337, Design of New Nuclear Power Plants
  • the process for incorporating into the design the capability to manufacture, construct, operate and maintain the reactor
  • the process for incorporating industry operating experience into the design
  • the process for establishing and maintaining configuration management including information control and change control
18

Human factors

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the provision of human factors in the design
  • to confirm that the design, as it is evolving, is meeting CNSC expectations for the provision of human factors in the design, and includes an examination of how human factors aspects of the design are in conformance with CNSC design expectations
Review Scope
  • the general principles regarding implementation of human factors in the design
  • the human factors engineering program, and how it is integrated into overall design activities
  • how human factors considerations are incorporated into key operator and maintainer plant interfaces including:
    • the plant main control room(s)
    • secondary control area(s)
    • emergency support centre
    • field interfaces important to safety
19

Incorporation of decommissioning in design considerations

Objectives
  • to confirm that the vendor understands CNSC expectations and regulatory requirements as they pertain to the design provisions concerning future decommissioning at the end of the plant's service life
  • to confirm that the design, as it is evolving, is considering future decommissioning activities in the design, in order to minimize worker dose, effects on the environment from decommissioning activities and radiological waste
Review Scope
  • the general principles regarding implementation of decommissioning consideration early in the design (conducted against OECD document NEA-6833, Decommissioning Considerations for New Nuclear Power Plants)
  • the high level description of how the design would be decommissioned at end of life
  • a description of proposed decommissioning techniques and end state for major plant components, particularly associated with the reactor systems and interfacing systems that could become contaminated over the life of the plant
  • a general description of amount of radioactive waste anticipated as a result of decommissioning including the mid-life refurbishment or planned replacement of major structures, systems and components during the plant's service life

Glossary

accident
Any unintended event (including operating errors, equipment failures or other mishaps), the consequences or potential consequences of which are not negligible from the point of view of protection or safety.For the purposes of this document, accidents include design-basis accidents and beyond-design-basis accidents. Accidents exclude anticipated operational occurrences, which have negligible consequences from the perspective of protection or safety.
accident conditions
Deviations from normal operations more severe than anticipated operational occurrences, including design basis accidents and beyond design basis accidents.
accident management
The taking of a set of actions during the evolution of a beyond design basis accident to:
  • prevent the escalation of the event into a severe accident
  • mitigate the consequences of a severe accident
  • achieve a long term safe stable state
anticipated operational occurrence (AOO)
An operational process deviating from normal operation that is expected to occur at least once during the operating lifetime of a nuclear power plant or small reactor, but which, in view of appropriate design provisions, does not cause any significant damage to items important to safety or lead to accident conditions.
applicant
The organization that has applied to the CNSC for a licence to construct for a nuclear power plant, which has the overall responsibility, and controlling and coordinating authority, for overseeing the safe and satisfactory completion of all design, procurement, manufacturing, construction and commissioning work. In most cases, the applicant is also the responsible organization that will later operate the plant (also referred to as the operating organization). Where this is not so, responsibility for the plant and its safety nevertheless continues to reside with the applicant, who must supervise the activities of an operating organization that operates the plant.
As Low As Reasonably Achievable (ALARA) - social and economic factors taken into account
A fundamental principle of radiation protection whereby the protective measures implemented to minimize radiation exposure are optimized with respect to the level of risk reduction and the cost of implementation.
beyond design basis accident (BDBA)
Accident conditions less frequent and more severe than a design basis accident. A BDBA may or may not involve core degradation.
design
In context of a review of a vendor's reactor design, the overall planning and philosophies that go into ensuring that every aspect of the physical design will consider safety, security and safeguards under all scenarios it may encounter during its lifecycle.
design basis
The range of conditions and events taken into account in the design of the nuclear power plant or small reactor (the facility), according to established criteria, such that the facility can withstand the range of conditions and facilities without exceeding authorized limits by the planned operation of safety systems.
design basis accident
Accident conditions for which a reactor facility is designed according to established design criteria, and for which damage to the fuel and the release of radioactive material are kept within regulated limits.
mitigation
Measures aimed at limiting the scale of core damage, preventing interaction of the molten material with containment structures, maintaining containment integrity, and minimizing off-site releases, in the event of an accident.
moderator
A material that reduces neutron energy by scattering without appreciable capture. Materials of prime concern are those containing light nuclei with large scattering cross sections and relatively low absorption cross sections.
normal operation
Operation within specified operational limits and conditions, including start-up, power operation, shutdown, maintenance, testing and refuelling.
operation
All activities performed to achieve the purpose for which a nuclear power plant or small reactor was constructed. For nuclear power plants, this includes maintenance, refuelling, in-service inspection and other associated activities.
operational limits and conditions
A set of rules setting forth parameter limits and the functional capability and performance levels of equipment and personnel, which are approved by the regulatory body for safe operation of an authorized facility. This set of limits and conditions is monitored by or on behalf of the operator and can be controlled by the operator.
safety analysis
Analysis by means of appropriate analytical tools that establishes and confirms the design basis for the items important to safety; and ensures that the overall plant design is capable of meeting the acceptance criteria for each plant state.
safety case
An integrated collection of arguments and evidence to demonstrate the safety of a facility. A safety case will normally include a safety assessment, but could also typically include information (including supporting evidence and reasoning) on the robustness and reliability of the safety assessment and the assumptions made therein.
safety function
A specific purpose that must be accomplished by a structure, system or component for safety, including those necessary to prevent accident conditions and to mitigate the consequences of accident conditions.
safety system
Systems provided to ensure the safe shutdown of the reactor or the residual heat removal from the core, or to limit the consequences of anticipated operational occurrences and design basis accidents.
severe accident
Accident conditions more severe than a design basis accident and involving significant core degradation.
severe accident management (SAM) program
A program that establishes both of the following:
  • the actions to be taken to prevent severe damage to the reactor core, to mitigate the consequences of the core damage should it occur, and to achieve a safe, stable state of the reactor over the long term
  • the preparatory measures necessary for implementation of such actions
shutdown
A subcritical reactor state with a defined margin to prevent a return to criticality without external actions.
single failure
A failure that results in the loss of capability of a system or component to perform its intended function(s) and any consequential failure(s) that result from it.
single failure criterion
A criterion (or requirement) applied to a system such that it will be capable of performing its task in the presence of any single failure.
smart buyer
An organization that has a clear understanding and knowledge of the product or service being supplied. In the context of nuclear safety, the organization knows what is required, fully understands the need for a vendor's services, specifies requirements, supervises the work and technically reviews the output before, during and after implementation.

References

  1. Canadian Nuclear Safety Commission (CNSC), RD-337, Design of New Nuclear Power Plants, 2008.
  2. CNSC, RD-367, Design of Small Reactors, 2011.
  3. CNSC, RD/GD-369, Licence Application Guide, Licence to Construct a Nuclear Power Plant, 2011.
  4. CNSC, RD-310, Safety Analysis for Nuclear Power Plants, 2008.
  5. CNSC, RD-308, Safety Analysis for Small Reactors, 2011.
  6. CNSC, S-294, Probabilistic Safety Assessment (PSA) for Nuclear Power Plants, 2005.
  7. CNSC, G-129, Keeping Radiation Exposures and Doses “As Low As Reasonably Achievable (ALARA)”, 2004.
  8. CNSC, G-144, Trip Parameter Acceptance Criteria for the Safety Analysis of CANDU Nuclear Power Plants, 2006.
  9. CNSC, G-306, Severe Accident Management Programs for Nuclear Reactors, 2006.
  10. CNSC, G-219, Decommissioning Planning for Licensed Activities, 2000.
  11. Canadian Standards Association (CSA), CSA N285.08/N285.6 Series-08, General requirements for pressure-retaining systems and components in CANDU nuclear power plants/Material Standards for reactor components for CANDU nuclear power plants 2008.
  12. CSA, CSA N287.1-93 (R2009) series, General Requirements for Concrete Containment Structures for CANDU Nuclear Power Plants, 1993, reaffirmed 2009.
  13. CSA, CSA N293-2007, Fire Protection for CANDU Nuclear Power Plants.
  14. CSA, CSA N286-05, Management System Requirements for Nuclear Power Plants.
  15. CSA, CSA N289.1, General Requirements for Seismic Qualification of CANDU Nuclear Power Plants.
  16. National Research Council, National Model Construction Codes, NRCC 53301S, The National Building Code of Canada, 2010.
  17. National Research Council, National Model Construction Codes, NRCC 47667, The National Fire Code of Canada, 2010.