Defence in Depth
Defence in depth is a nuclear safety concept that aims to prevent and mitigate accidents through overlapping layers of protection, and it is applied to all operating nuclear facilities in Canada. With this layered approach, no matter how robust and complex any one layer of safety is, there are always subsequent layers of redundant protection in place.
Five layers of defence
Watch this video to see how defence in depth is applied to nuclear power plants.
Transcript (click to expand)
Music: Soft, upbeat music begins.
On screen: (The words “Canadian Nuclear Safety Commission” appear. The Canadian flag pops up above the word “Canadian” in a text bubble. A text bubble showing workers and the words “Nuclear regulator” appears below the word “Commission”. A green shape swirls around the word “Safety” as the other words fade out.)
Narrator: The Canadian Nuclear Safety Commission is Canada’s nuclear regulator, and safety is our top priority.
On screen: (The words “Defence in depth” appear on the screen then disappear to reveal a nuclear plant. The shape of a shield overlays the nuclear plant. The shield disappears and 5 different coloured bubbles animate onto the screen. They begin to move in an orbital path around the nuclear plant.)
Narrator: Defence in depth is a safety concept that aims to prevent and mitigate accidents through 5 independent levels of defence, applied to all nuclear power plants in Canada. Level 1 is about prevention, and encompasses the design, construction, processes and maintenance occurring during normal plant operations.
On screen: (A white ball, labelled Level 1, appears then disappears, revealing a scene of level 1 activities, including workers observing activities, reviewing plans, and using meters outside.)
Narrator: Level 2 represents the measures and systems in place to control and correct any unusual occurrences during normal operations.
On screen: (A white ball, labelled Level 2, appears then disappears, revealing a scene of level 2 activities, including workers inside a nuclear plant reviewing information on computers.)
Narrator: Nuclear power plants operate at these levels for the vast majority of the time, safely and without incident.
On screen: (The picture transitions back to the nuclear plant, with 2 balls orbiting it. Then 3 more balls join the orbit.)
Narrator: The next 3 levels are rarely activated, but are frequently exercised, evaluated, maintained and improved upon.
On screen: (A white ball, labelled Level 3, appears then disappears, revealing a scene of level 3 activities, including workers assessing a situation in front of a white board.)
Narrator: Level 3 refers to the plant’s robust safety systems, designed to stop the progression of an accident.
On screen: (A white ball, labelled Level 4, appears then disappears, revealing a scene of level 4 activities, including workers conducting repairs.)
Narrator: Level 4 works to contain radioactive material within a specially designed containment structure.
On screen: (A white ball, labelled Level 5, appears then disappears, revealing a scene of level 5 activities, including various professionals working together at a distance from the nuclear plant.)
Narrator: Level 5 enlists comprehensive off-site emergency response to minimize consequences to the public and the environment.
On screen: (The picture changes to a bubble, which gets smaller and swings into orbit with the 4 other bubbles. The bubbles disappear into the nuclear plant.)
Narrator: With this reactor design, each level of protection is tough. The multiple levels of defence are built in to reinforce, defend and maintain the protection of the public and the environment.
On screen: (The plant stands alone. Nature and civilization begin to flourish around the nuclear plant and in the distance. The CNSC wordmark appears, made up of the Canadian flag symbol and the words “Canadian Nuclear Safety Commission”. The Canada wordmark then appears.)
Music: The music fades out.
Five layers of defence
Nuclear facilities in Canada operate with 5 independent and redundant layers of defence in depth.
Level 1 – Prevention of abnormal operation and failures
The first layer of defence encompasses items within the facility itself: design, construction, operation, and maintenance. This layer works to prevent incidents and equipment failures from occurring in the first place. It includes areas such as operating processes and procedures, material selection, protection against internal and external hazards, comprehensive training, and a strong safety culture.
Level 2 – Control of abnormal operation and detection of failures
The second layer of defence deals with detecting incidents and failures. Returning the plant to a state of normal operation as soon as possible can prevent events from escalating to an accident. Items such as diagnostic tools and equipment, operator training to respond to reactor transients, along with regular quality and compliance control and inspections, are critical at this level.
Level 3 – Control of accidents within the design basis
The third layer aims to control and minimize the consequences of unlikely accidents by:
- triggering safety features
- incorporating fail-safe design
- ensuring the availability of additional equipment
- implementing operator training and mitigating procedures to minimize damaged fuel and keep the reactor core intact
Operations at this level are meant to maintain barriers and containment through sophisticated safety systems at the facility level, with sufficient redundancy, diversity and segregation to ensure that any radiation releases are avoided.
Level 4 – Control of severe plant conditions
With the defence in depth approach, measures taken at the first 3 levels ensure the structural integrity of the core and limit severity of accidents. The fourth layer moves from prevention to mitigation: it delivers accident management processes and systems as well as operator training on such processes and systems, that aim to reduce consequences of severe core damage and lower the risk of a radiological release that would require protective actions.
Reactors have design features to address containment challenges and minimize releases to the environment (e.g., filtered venting, hydrogen combustion, overpressure protection, core concrete interactions, molten core spreading and cooling).
Level 5 – Mitigation of radiological consequences
The fifth layer aims to mitigate consequences of a radiological release, in the highly unlikely event of a severe accident not controlled through the preceding layers. Here, the focus is on comprehensive offsite emergency planning, training and response to address protective actions, interventions and coordination to protect the public and the environment. As with all onsite safety features of operating nuclear facilities in Canada, offsite emergency preparedness must also be exercised regularly. Stringent measures, controls and regulatory oversight are in place to ensure that there is a very low probability of approaching level 5.
Evaluating defence in depth
The overlapping safety measures of defence in depth must be periodically exercised, evaluated, and improved upon. The CNSC has inspectors onsite at every nuclear power plant operating in Canada with the sole purpose of verifying that plant operators demonstrate compliance with safety standards, including those outlined here. The inspectors monitor 14 safety and control areas pertaining to the people, the plant and the processes in operation.
Supporting regulatory information
- REGDOC-2.5.2, Design of Reactor Facilities: Nuclear Power Plants
- REGDOC-2.3.2, Accident Management
- REGDOC-2.4.1, Deterministic Safety Analysis
- REGDOC-2.4.2, Probabilistic Safety Assessment (PSA) for Reactor Facilities
- REGDOC-3.5.3, Regulatory Fundamentals, Version 3
- Safety at Pickering Nuclear - Defence in Depth - YouTube (Ontario Power Generation)
- Date modified: