Probabilistic safety assessment: A tool to estimate risk and drive safety improvement at nuclear power plants

A key responsibility of the Canadian Nuclear Safety Commission (CNSC) is to ensure that any potential risks stemming from the operation of nuclear power plants (NPPs) are taken into account. Before any NPP in Canada can begin to operate, it must present a strong safety case to obtain a licence from the CNSC.

When an NPP is designed, stringent requirements are imposed to make sure that all components can resist abnormal operating conditions. These conditions include severe weather, seismic activity or intense heat and pressure that may occur as a result of an accident at the facility. This approach to designing the plant and its components, using requirements and safety margins to account for potential abnormal conditions, is called a deterministic safety analysis. Starting in the 1980s, an additional tool – the probabilistic safety assessment (PSA) – was introduced. Also known as a probabilistic risk assessment, the PSA uses probabilities to analyze the overall risk to a nuclear power plant under abnormal conditions.

What does a PSA accomplish?

A PSA answers these questions:

  • What could go wrong?
  • How likely is it?
  • What would the consequences be?

PSAs help the CNSC and operators better understand each NPP and identify potential safety improvements. PSA requirements are part of the Canadian regulatory framework as set out in REGDOC-2.4.2, Safety Analysis: Probabilistic Safety Assessment (PSA) for Nuclear Power Plants.

Learning from Fukushima

Following the Fukushima nuclear event in March 2011, the CNSC required NPP operators to re-evaluate site-specific external hazards such as seismic activity and high wind, as well as events involving spent fuel bays. REGDOC-2.4.2, published in 2014, reflects lessons learned and actioned findings from the CNSC Fukushima Task Force Report, such as new PSA requirements for multi-unit impact; consideration of other radioactive sources, such as spent fuel bays; consideration of potential combinations of external hazards (such as seismic induced fires and floods); and when units are in low-power operation for extended periods of time.

Striving for continuous improvement is one of the pillars of nuclear safety, and PSAs are no exception to this principle. Currently there is a pilot project underway with Ontario Power Generation to develop a whole-site PSA.

Assessment levels

The CNSC requires two levels of assessment: 

A Level 1 PSA analyzes the sequences that could lead to severe reactor core damage, also known as reactor meltdown. At this level, the emphasis is on plant responses to various types of accidents, whether they are initiated by external events (such as earthquakes or floods), internal events (such as system malfunctions) or human error.

A Level 2 PSA builds on the results of a Level 1 PSA. It examines the containment response to the accident and assesses the likelihood and magnitude of potential radioactive releases to the environment.

Establishing safety goals to limit risk

A limit is placed on the societal risks of NPP operation. With this in mind, the CNSC has established two qualitative safety goals:

  1. Individual members of the public shall be provided a level of protection from the consequences of nuclear power plant operation, such that there is no significant additional risk to their life and health.
  2. Societal risks to life and health from nuclear power plant operation shall be comparable to or less than the risks of generating electricity using viable competing technologies, and shall not significantly add to other societal risks.

Read summaries of PSAs for Canadian NPPs

A CNSC expert during inspection of the seismic qualification at a Canadian nuclear power plant

A CNSC expert during inspection of the seismic qualification at a Canadian nuclear power plant

For practical purposes for existing plants, two quantitative safety goal limits were established. These limits are consistent with best international practices:

  • For a Level 1 PSA, which looks at severe core damage frequency, the safety goal limit is less than 1 time in 10,000 years (i.e., 1E-04/year, or 1 x 10-4/year)
  • For a Level 2 PSA, which looks at large release frequency, the safety goal limit is less than 1 in time in 100,000 years (i.e., 1E-05/year, or 1 x 10-5/year)

Considering hazards

When a PSA is prepared, an extensive list of hazards is considered. These are usually categorized into internal and external events, which include:

  • internal events: events caused by random component failures and human error originating in the plant
  • internal fires: fires originating in the plant
  • internal floods: floods originating in the plant
  • external natural hazards: events like earthquakes, high winds, floods, freezing rain, meteorites, geomagnetic storms and solar figures
  • external human-induced hazards: events such as airplane crashes and accidents at nearby industrial facilities
Firefighters at the Point Lepreau Nuclear Generating Station

Firefighters at the Point Lepreau Nuclear Generating Station

Some of these hazards will be screened out early in the PSA process, either because of their unlikelihood or irrelevance to the region, or because of their low potential impact on the facility’s safety. For example, a flood resulting from a tsunami would not be considered when conducting a PSA for a plant in Ontario. Likewise, something like a meteorite fall (frequency in the range of one every few million years) would also be screened out.

Improving day-to-day operations

PSA results have positive implications for the day-to-day operation of existing nuclear power plants.
They are used, for instance, to optimize testing and maintenance strategies to focus on the components most important to safety.

PSA results also help CNSC staff focus their inspection and oversight efforts.

Combining PSAs with other types of assessment

PSAs do have limitations, which is why they are used along with other types of assessments in the safety case.

For instance, it is hard to model all the dependencies between systems, and to properly account for human actions (especially when it comes to procedures for managing severe accidents). Important inputs to the safety case include thorough analyses of defence in depth, safety margins, code adherence and safety culture.

The CNSC will continue leading efforts to produce PSAs and will never compromise safety!