1 #130

Preparing Posiva’s Post-Closure Safety Case Towards the Operational Phase

A. Hagros1, H. Reijonen1, B. Pastina2, N. Marcos1, P. Hellä1

1Saanio & Riekkola Oy, Helsinki, Finland

2Posiva Oy, Eurajoki, Finland

E-mail contact of main author:

Abstract. Posiva Oy is currently preparing a safety case to support the operating licence application (OLA) for the spent nuclear fuel disposal facility under construction at the Olkiluoto site in south-western Finland. The methodology to prepare the safety case documentation will consider the latest updates in the regulations; lessons learned from Posiva’s previous safety case, TURVA-2012, submitted in the context of the construction licence application (CLA) in 2012; the feedback received from the Radiation and Nuclear Safety Authority (STUK) on the CLA, including several specific requirements for the next safety case; and new challenges related to the implementation of repository construction and operation. This calls for a higher level of maturity in both the safety case itself and in the design on which the safety case is based. Since the safety case work will inevitably take several years, it is necessary to introduce requirements, design and data freezes at the beginning of the safety case production process. The design freeze is based on the information and requirements available at the start of the safety case work, but updates can be expected as the design matures and is optimized for industrialization and operation. A change management process is set up to facilitate the assessment of the impacts of the proposed changes on the safety case results. The input data used in the safety assessment and their possible updates will be managed by using of a central database. The uncertainties in the initial state of the components of the disposal facility will be tackled by implementing an analysis of potential deviations in these components at the time of installation. Deviations are then screened and implemented in scenario formulation. Defining a range of initial state parameter values and deviations for the installed components introduces some flexibility in design and increases the robustness of the safety case.

Key Words: Spent nuclear fuel repository, long-term safety, safety case, Olkiluoto

1.  Introduction

Posiva Oy is responsible for the disposal of spent nuclear fuel from the Finnish nuclear power plants of Loviisa and Olkiluoto. In November 2015, the Finnish Government granted a construction licence for Posiva’s disposal facility at Olkiluoto, in south-western Finland. The construction licence application was supported by a safety case, TURVA-2012 [1], which was evaluated by the Radiation and Nuclear Safety Authority (STUK). STUK concluded that Posiva had developed a safety concept that is in line with the regulatory requirements [2] and that the post-closure safety of the disposal facility has been analyzed in a sufficient manner for the purposes of the construction licence stage [3]. At the moment, Posiva is in the process of preparing a safety case to support the operating licence application (OLA) for the disposal facility. Before the application can be submitted, Posiva will have to fulfil 34 requirements formulated by STUK for the new safety case and the related research and modelling work [3]. The new safety case will also need to consider any updates in the regulations, as well as new challenges related to the implementation of repository construction and operation.

2.  Overall Safety Case Methodology

A safety case is the synthesis of evidence, analyses and arguments that quantify and substantiate the claim that the repository will be safe after closure and beyond the time when active control of the facility can no longer be assumed [4]. A safety case includes a quantitative and a qualitative assessment of the long-term performance of the disposal system. The quantitative assessment (a.k.a. safety assessment) is defined as the process of systematically analyzing the ability of the disposal facility to provide the safety functions and to meet the requirements and of evaluating the potential radiological hazards and compliance with the safety requirements. The qualitative assessment broadens the scope of the safety assessment to include the compilation of a wide range of evidence and arguments that complement and support the reliability of the results of the quantitative analyses [5].

The general safety case structure builds upon the one used in TURVA-2012 [1], i.e. the safety case will consist of a portfolio of main reports and a number of supporting reports.

2.1.  Handling uncertainties in the initial state

Design development work is moving towards implementation stage and, accordingly, Posiva has planned the disposal operation at a very detailed level, both in order to plan and optimize the disposal operation, but also for production and large-scale implementation tests. The experience obtained to date is used in the safety case to better constrain the uncertainties related to the initial state of the repository system. Initial state refers to the description of the state of various repository components after emplacement has been completed, i.e. information which acts as a starting point for the performance and safety assessments.

The uncertainties are handled through a systematic screening of the possible deviations through a modified failure mode and effect analysis (FMEA [6]), and further handling in the scenario formulation work incorporating the deviations into the safety case. The FMEA for the initial state has been modified to screen events that can lead to failure modes that are likely to be undetected and thus remain in the repository at the time of the initial state. The aim is to improve the description of the initial state of the repository system from the traditional design freeze description [7] towards a description of the repository in ‘as-built’ state.

2.2.  Handling uncertainties during the long-term evolution

Uncertainties during the long-term evolution of the disposal system are handled through a systematic analysis of how the different FEPs might act on the components of the disposal system during its evolution, followed by the formulation of scenarios and analysis of cases giving rise to potential failures of containment and radionuclide releases and their corresponding radiological impacts.

3.  Methodology to Handle Changes

3.1.  Requirements, Design and Data freezes

Since the safety case work will inevitably take several years, it is necessary to introduce requirements, design and data freezes at the beginning of the safety case production process. The requirements freeze allows the design to be fixed for specific purposes, such as the safety case or large-scale tests. The design freeze is based on the information available at the time of requirements freeze. The data freeze refers to data other than actual design data and includes, for example, geological site data, surface environment data or time-dependent data needed in the modelling chain, where the output of certain models will serve as input to other models. The data freeze does not need to happen at the same time as the design and requirements freeze, only at the time it is needed as input in the modelling chain. Once input to the safety case has been approved and frozen, its documentation and change management process (see below) is of utmost importance to ensure traceability and reliability of the results in the safety case. The input data will be stored in an electronic central database in a traceable manner, so that both the approved data, approval process and future potential updates are clearly recorded.

3.2.  Design Development During the Safety Case Process

Requirements, design and data freezes were already used in TURVA-2012 (see, e.g., [7, 8]). One of the lessons learnt was that it is not possible to freeze the design completely before the start of the safety case work, because important developments can happen during the safety case process, which lasts several years while the design develops and operational experience is being obtained. This is expected to be emphasized in the operating licence application process as the design reaches full maturity and is optimized for industrialization and operation. The long-term performance of the design solution as well as further operational aspects, particularly related to the installation of engineered barriers in repository-like conditions will also be studied in large-scale demonstration tests. In their Review Report [2], STUK has concluded that although there are no direct requirements for demonstrations in any of the regulations, the Guide YVL B.1 [9] states that the solutions and methods chosen during the course of the design shall be based on proven technology and operating experience. In addition, the design shall strive for simplicity and, if new solutions are proposed, they shall be validated through tests and experiments [2]. Posiva’s plans for large-scale demonstrations are described in the waste management programme YJH-2015 [10].

3.3.  Change Management Process

As changes to the design and to other input data may be expected to take place during the safety case work, a change management process needs to be set up to manage the traceability and reliability of the safety case and to facilitate the assessment of impact of changes in design on the safety case results. For this purpose, the whole modelling chain used in the safety case is documented and linked to the approved input data.

Configuration management defines the general process to be followed in order to implement a change in the design or requirements for the disposal facility. The heart of the configuration management process consists of classifying each proposed change according to its impact on operations and safety (including long-term safety). Posiva is currently developing the methodology to assess the long-term safety impact of proposed changes within the configuration management process. The criteria to be followed will address the impact of a given design, requirement or process change on the initial state, on the fulfillment of the long-term safety functions, or the overall uncertainty management.

Change management is based on expert judgment and relies on a close co-operation between long-term safety and design from the beginning of the safety case work. The main interfaces between these two groups of experts are the long-term safety requirements and their verification as well as the initial state.

4.  Conclusions

Requirements, design and stepwise data freezes need to be performed in a safety case that is developed in parallel with design optimization and operational readiness activities. A safety case supporting the operating licence application needs a higher level of design maturity than that supporting the construction licence application. In Posiva’s case, the design is currently being optimized for industrialization and operation and large-scale demonstrations are also taking place, the handling of changes arising from these activities is a major challenge in the safety case process.

As some uncertainties in the initial state of the repository components can be assumed to remain, an analysis of potential deviations in these components at the time of installation is proposed to be implemented. The uncertainties in the initial state can then be taken into account in the formulation of scenarios.

A change management process needs to be set up to incorporate changes in a controlled way, so that their long-term safety impacts are properly assessed. The proposed changes need to be considered holistically, including the impact not only on long-term safety but also on the safety case production process. The proposed changes will only be accepted if they do not compromise long-term safety and if the safety case analyses can be updated using the new input. Considering the long operational phase (over 100 years) of the disposal facility, further optimization activities are expected to occur as the operational experience and knowledge bases develops; a change management process is thus needed also after the operations have started.

5.  References

[1]  POSIVA OY, Safety Case for the Disposal of Spent Nuclear Fuel at Olkiluoto – Synthesis 2012, POSIVA 2012-12, Eurajoki (2012).

[2]  RADIATION AND NUCLEAR SAFETY AUTHORITY, STUK’s Review on the Construction License Stage Post Closure Safety Case of the Spent Nuclear Fuel Disposal in Olkiluoto, STUK-B 197, Helsinki (2015).
https://www.julkari.fi/bitstream/handle/10024/127160/stuk-b197.pdf

[3]  RADIATION AND NUCLEAR SAFETY AUTHORITY, Safety Case for the Disposal of Spent Nuclear Fuel in Olkiluoto: Decision, Presentation Memorandum, 1/H42252/2015, Helsinki (2015).

[4]  NUCLEAR ENERGY AGENCY, Post-Closure Safety Case for Geological Repositories: Nature and Purpose, Report 3679, Paris (2004).

[5]  POSIVA OY, Safety case plan 2008, POSIVA 2008-05, Eurajoki (2008).

[6]  STAMATIS, D.H., Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Quality Press (2003).

[7]  POSIVA OY, Safety Case for the Disposal of Spent Nuclear Fuel at Olkiluoto – Description of the Disposal System 2012, POSIVA 2012-05, Eurajoki (2012).

[8]  POSIVA OY, Safety Case for the Disposal of Spent Nuclear Fuel at Olkiluoto – Design Basis 2012, POSIVA 2012-03, Eurajoki (2012).

[9]  RADIATION AND NUCLEAR SAFETY AUTHORITY, Safety Design of a Nuclear Power Plant, Guide YVL B.1, Helsinki (2014).
http://plus.edilex.fi/stuklex/en/lainsaadanto/saannosto/YVLB-1

[10]  POSIVA OY, YJH-2015 Nuclear waste management at Olkiluoto and Loviisa power plants: Review of current status and future plans for 2016–2018 (in Finnish), YJH-2015, Eurajoki (2015).