Get documents about "Safety Design in Application for Reactor Establishment
Document Sample
December 11, 2008
R1 December 03, 2009
Safety Design
in Application for Reactor Establishment Permit
Incorporated administration agency
Japan Nuclear Energy Safety Organization
JNES
December 11, 2008
R1 December 03, 2009
Contents
1. Review Guides for Safety Design
1.1 Fundamentals for Ensuring Safety
1.2 Overview of Safety Review for Establishment Permit
2. Description on the Review Guide for Safety Design
2.1 General Requirements for Nuclear Reactor Facilities
2.2 Reactor and the Reactor Shutdown System
2.3 Reactor Cooling System
2.4 Reactor Containment
2.5 Safety Protection System
2.6 Control Room and Emergency Provisions
2.7 Instrumentation and Control Systems and Electrical Systems
2.8 Fuel Handling Systems
2.9 Radioactive Waste Processing Systems
2.10 Radiation Control
3. Conclusions
December 11, 2008
R1 December 03, 2009
1. Review Guide for Safety Design
1.1 Fundamentals for Ensuring Safety
Before proceeding to the description of the Safety Review in Japan, general principles of safety
measures are explained. These general principles shall be applied throughout all the phases of
construction and operation of nuclear reactors, such as siting, design, construction, operation and
maintenance.
The nuclear fission reaction in a light water reactor core produces radioactive fission products (FPs),
as well as a large amount of heat for generation of electricity. In addition, the corrosion products in
the coolant are exposed to a large amount of radiation while passing through a core, and
radio-activated to generate radioactive corrosion products (CPs). Ensuring safety is to take
appropriate measures so that the general public living in the areas surrounding the power station
or employees working within the premises of the power station would not receive excessive
radiation exposure due to radiation emitted from these radioactive materials. As well known,
radiation has existed in nature before any nuclear reactor started to operate. "Not excessive"
means that exposure of the general public or employees to radioactive materials and radiation
generated by operation of a nuclear reactor is negligible compared with that due to natural
radiation.
The term "safety" used in general industrial facilities is focused more on the worker's safety within
the premises of facilities than considerations on the safety of the general public living in the vicinity
of the facilities. However, for nuclear power stations, the safety of general public living in the
vicinity of the nuclear power stations as well as the workers' safety within the premise shall be
focused. At nuclear power stations, safety measures against electric shock, falling, burn etc. are
required as at other industrial facilities, but measures against radiation exposure is especially
important. In order to discuss the safety of nuclear reactors, the safety levels acceptable to the
public shall be determined. Otherwise, safety measures of light water reactors cannot be discussed
whether they are adequate or not. For keeping safety of nuclear reactors at an acceptable level, it
is required to reduce occurrence of anomalies potential to cause radiation exposure in addition to
radiation exposure reduction during normal condition. The less the event probability of anomalies is,
the more the safety is ensured. So as to mention once again, in order to ensure the safety of
nuclear reactors, nuclear facilities shall be designed so that normal conditions can be continuously
maintained, the event probability of anomalies can be reduced, and consequences of the anomalies
can be mitigated, if occurred. The safety review for establishment approval is to review the nuclear
reactor design to be built and verify that the reactor is designed acceptably from such viewpoints.
General principles
(1) Ensuring safety margin
Sufficient margins shall be taken into account for siting, design, pre-service inspection, operation
and maintenance, decommissioning, and safety verification of a nuclear reactor in order to ensure
its safety.
(2) Application of proven technologies
When intending to build and operate a new nuclear reactor, technologies with their reliability
proven by past experiences and R&Ds shall be applied. The proven technologies are those already
December 11, 2008
R1 December 03, 2009
applied to and experienced by light water reactors, and/or made into rules or standards. Rules and
standards shall be revised in accordance with development of technological knowledge, based on
the results of past experiences and continuous R&Ds and/or safety analysis. Moreover, technical
approaches which have been developed by electric power companies and reactor manufacturers
may be recognized as proven technologies, but their adequacy shall be verified by independent
organizations.
(3) Implementation of rigorous quality assurance
Quality assurance shall be completely implemented in all phases of siting, design, pre-service
inspection, operation and maintenance, and decommissioning of a nuclear reactor, which ensures
that delivered structures, systems components and services related to safety functions are fully in
conformance with their specifications. Electric utilities develop, perform and maintain the quality
assurance programs of nuclear power stations. The quality assurance programs shall regulate
electric utilities, as well as reactor manufacturers, nuclear fuel suppliers, building constructors,
subcontractors etc., and its application shall not be limited only to a particular organization.
(4) Consideration to human factors
There have been some examples of anomalies due to human error in light water reactors. Some
human errors have been due to insufficient information provided to personnel, inadequate training
program, adverse working environment and unbalanced allocation of work load. Managers of
nuclear reactors shall teach personnel the importance of performing various works correctly, but
also, eliminate factors so as to reduce human error. Consideration to human factors are to pay
attention to ensure that safety would not be compromised by physiological and mental vulnerability
of personnel engaged in operation, inspections and maintenance of reactor facilities.
(5) Reduction of radiation exposure
Reduction of radiation exposure is to take appropriate measures to reduce radiation exposure as
much as possible below a certain level during either normal or abnormal conditions. On the
premises of a nuclear power station, storage facilities and quantity of radioactive materials to be
stored shall be identified and placed under strict control. For light water reactors, it shall be
provided with measures, such as installing shielding walls around the reactor pressure vessel,
reactor cooling system, reactor containment, spent fuel pool, waste-processing system where
radioactive materials are heavily present or could be present, managing exposure of personnel
engaged in radiation work, providing required education and training, preparing radiation-work
procedures, reducing the number of works in high-radiation areas, shortening the working hours,
and removing radioactive materials in the coolant.
(6) Utilization of operational experience information
Operational experience information is the information obtained after completion and
commissioning of light water reactors, which are classified into the following three groups. The
information is very important to be fed back to safe operation of reactors and to the safety design
of nuclear reactor facilities under planning, and a framework of collection, application and feedback
of the information shall be prepared and maintained by electric utilities and/or regulatory bodies.
1) Statistical data concerning deterioration of components obtained during the component checks
and inspections, and personnel error.
December 11, 2008
R1 December 03, 2009
2) Information concerning unscheduled shut-downs including accidents. An unscheduled
shut-down is to make an unplanned shut-down of a light water reactor due to certain kinds of
incident to ensure safety.
3) Information obtained from achievements of domestic and overseas safety researches.
1.2 Overview of Safety Review for Establishment Permit
The requirements provided in the Japanese safety review guides are shown in Table-1 to
understand their whole picture. The "requirements for design" show the requirements which must
be taken into the design of the structures, systems and components to ensure safety of a nuclear
reactor facility. Upon reviewing the permission of establishment, the design of nuclear reactor
facilities are reviewed to judge whether it appropriately complies with these requirements.
The "supplemental guides" show the guides related to the requirements. And, the review guides
regarding siting, design, safety evaluation and dose objective and their supplemental guides are
shown in the following table. These guides equally serve as the criteria for the review.
Siting Review Guide for Nuclear Reactor Siting
Review Guide for Safety Design of Light Water Nuclear Power Reactor Facilities
Review Guide for Classification of Importance of Safety Functions for Light Water Nuclear
Power Reactor Facilities
Review Guide for Seismic Design of Light Water Nuclear Power Reactor Facilities
Design
SG Review Guide for Fire Protection of Light Water Nuclear Power Reactor Facilities
Review Guide for Radiation Measurement During Accident at Light Water Nuclear Power Reactor Facilities
Review Guide for Liquid Waste Processing Facilities
Review Guide for Safety Evaluation of Light Water Nuclear Power Reactor Facilities
Evaluation Guide for Core Thermal Design of Pressurized Water Cooled NPRs
Safety Evaluation Guide for ECCS Performance of Light Water Nuclear Power Reactors
Evalua-
Evaluation Guide for Reactivity Insertion Events of Light Water Nuclear Power Reactor Facilities
tion SG
Evaluation Guide for Dynamic Load Added to the MARK I Containment Pressure Suppression System
Evaluation Guide for Dynamic Load Added to the MARK II Containment Pressure Suppression System
Meteorological Guide for Safety Analysis of Nuclear Power Reactor Facilities
Guide for Dose Objective Around Light Water Nuclear Power Reactor Facilities
Dose
Objective Evaluation Guide for Dose Objective Around Light Water Nuclear Power Reactor Facilities
SG
Measurement Guide for Released Radioactive Materials from Light Water Power Reactor Facilities
SG: Supplemental Guide
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
General Requirements (In the English version, Guiding Principle is referred to as
for Nuclear Reactor G)
・ Codes and standards for design, Review Guide for
Facilities
G1. Applied Codes and Standards material selection, manufacturing, Seismic Design of
and inspection Nuclear Power Reactor
G2. Design Considerations Against Natural Phenomena
Facilities
・ Independency, separateness,
G3. Design Considerations Against External Man-Induced
multiplicity, single failure criterion, Guide for Fire
Events
reliability, seismic design, fire Protection
G4. Design Considerations Against Internal Missiles protection, design to prevent
operator's erroneous action,
G5. Design Considerations Against Fire capability of test and inspection,
quality control of system
G6. Design Considerations Against Environmental
components
Conditions
G7. Design Considerations for Shared Use
G8. Design Considerations Against Operator's Actions
G9. Design Considerations for Reliability
G10. Design Considerations for Testability
Reactor and the Reactor G11. Core Design Reactor Core Design Review Guide for
Shutdown System Safety Assessment of
G12. Fuel Design ・ Maintaining conditions within the
Light Water Nuclear
allowable limits during normal
G13. Reactor Characteristics Power Reactor
operation and abnormal
Facilities
operational transients
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
G14. Reactivity Control System ・ Maintaining safe shutdown state Guide for Assessment
and core cooling of a Reactivity
G15. Independency and Testability of Reactor Shutdown
Insertion Event
System ・ Specific power limiting
characteristics
G16. Shutdown Margin of Nuclear Reactor with Control
Rods
G17. Shutdown Capability of Reactor Shutdown System Reactor shutdown system and
reactivity control system
G18. Reactor Shutdown System Capability in Case of
Accident ・ Ensuring reactor shutdown
margins
・ Restriction of the maximum
reactivity worth and reactivity
insertion rate
・ Emergency shutdown capacity
・ Two or more reactor shutdown
systems
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
Reactor Cooling System G19. Integrity of Reactor Coolant Pressure Boundary Reactor coolant pressure boundary Review Guide for
Safety Assessment of
G20. Prevention of Reactor Coolant Pressure Boundary ・ Ensuring integrity during normal
Light Water Nuclear
Failure operation and abnormal
Power Reactor
operational conditions
G21. Detection of Reactor Coolant Pressure Boundary Facilities
Leaks ・ Installation of leak-detection
Review Guide for
devices
G22. In-Service Test and Inspection of Reactor Coolant Performance of an
Pressure Boundary ・ Preventive measures for brittle and Emergency Core
propagating type rupture Cooling System
G23. Reactor Coolant Supply System
・ Implementation of inspections
G24. Systems for Removing Residual Heat
Core-cooling system
G25. Emergency Core Cooling System
・ Emergency core cooling system
G26. Systems for Transporting Heat to Ultimate Heat Sink
(ECCS)
G27. Design Considerations Against Loss of Power
・ Systems for removing residual
heat
・ Considerations to a loss of power
・ Isolation function
・ Containment heat removal system
・ Control of the containment
atmosphere
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
Reactor Containment G28. Functions of Reactor Containment Review Guide for
Safety Assessment of
G29. Prevention of Reactor Containment Boundary
Light Water Nuclear
Failure
Power Reactor
G30. Isolation Function of Reactor Containment Facilities
G31. Reactor Containment Isolation Valves Review Guide for
Nuclear Reactor Siting
G32. Reactor Containment Heat Removal System Evaluation
G33. Systems for Controlling Containment Facility
Atmosphere
Safety Protection G34. Redundancy of Safety Protection System ・ Automation of safety protection Review Guide for
System function Safety Assessment of
G35. Independency of Safety Protection System
Light Water Nuclear
・ Fail-safe design
G36. Function of Safety Protection System During Power Reactor
Transient ・ Logic circuit of high reliability Facilities
G37. Function of Safety Protection System in Case of
Accident
G38. Function of Safety Protection System in Case of
Failure
G39. Separation of Safety Protection System from
Instrumentation and Control Systems
G40. Testability of Safety Protection System
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
Control Room and G41. Control Room ・ Monitoring function of a control
Emergency Provisions room
G42. Reactor Shutdown from Outside of Control Room
・ Habitability
G43. Design Considerations for Control Room Protection
・ Function to shut down a reactor
G44. Emergency Station in Nuclear Power Plant
from the outside of a control room
G45. Design Considerations for Communication Means
G46. Design Considerations for Escape Routes
Instrumentation and G47. Instrumentation and Control Systems Instrumentation and Control Systems
Control Systems and
G48. Electrical Systems ・ Measurement of operating
Electrical Systems
conditions of a nuclear reactor
facility
Electrical Systems
・ Ensuring power supply
Fuel Handling Systems G49. Fuel Storage and Handling Systems ・ Fuel storage and handling
equipment
G50. Fuel Criticality Prevention
G51. Monitoring of Fuel Handling Area
Radioactive Waste G52. Radioactive Gaseous Waste Processing Systems ・ Radioactive Waste Processing
Processing Systems Systems
G53. Radioactive Liquid Waste Processing Systems
December 11, 2008
R1 December 03, 2009
Table-1 Requirements Provided in the Review Guides for Safety Design of Light Water Nuclear Power Reactor Facilities
Classification Requirements for Design Key Requirements Related Guide
G54. Radioactive Solid Waste Processing Systems
G55. Radioactive Solid Waste Storage Systems
Radiation Control G56. Radiation Protection in the Vicinity of the Site ・ Radiation protection for residents
in the vicinity
G57. Radiation Protection for Radiation Workers
・ Radiation protection for workers
G58. Radiation Control for Radiation Workers
・ Radiation monitoring
G59. Radiation Monitoring
December 11, 2008
R1 December 03, 2009
2. Description on the Review Guides for Safety Design
The points of safety review carried out by regulatory bodies in Japan to determine "whether the
design of nuclear power reactor facilities is adequate from a standpoint of ensuring safety" are
described here as technical references. The descriptions are provided to show major design
requirements specified in the Review Guides for Safety Design.
2.1 General Requirements for Nuclear Reactor Facilities
G1. Applied Codes and Standards
The design, material selection, fabrication and inspection of structures, systems and components
with safety functions shall conform to those codes and standards which are recognized as
appropriate in the light of the importance of their safety functions.
Commentary
The design, material selection, fabrication and inspection of structures, systems and components
with safety functions shall in general be subject to the codes and standards conformable to existing
domestic (Japanese) laws and regulations. In case foreign codes and standards or non-ordinary
codes or standards are applied, the background and justification for the intended application of
such codes and standards and the comparison of such codes and standards with their Japanese
counterparts need to be clarified.
Safety functions are roles for structures, systems and components of a nuclear reactor facility to
play in order to confine radioactive materials inside of a light water reactor during power operation
and shutdown. The safety functions are divided into 2 groups; one for "prevention functions" to
avoid a shift of a reactor facility from normal to abnormal condition as it becomes impossible to
confine radioactive materials if those functions fail to work, and another for "mitigation functions"
to avoid escalation of an anomaly or consequences of the anomaly if those functions fail to work
when a light water reactor is in abnormal condition.
"Importance of safety functions" refers to the relative degree of the importance of safety functions
from the viewpoint of ensuring the safety of nuclear reactor facilities. The importance of safety
functions is defined for Japanese light water reactors (note 1). The required safety functions for
confinement of radioactive materials are identified, are divided into the "Protection System" for
prevention functions and the "Mitigation System" for mitigation functions, and then, they are
categorized into three classes, i.e., Protection System: PS-1, 2 and 3, Mitigation System: MS-1, 2
and 3 according to their safety importance. These structures, systems and components with
"prevention functions" and "mitigation functions" are subject to the review as ones important to
safety.
The "prevention functions" categorized into the top group are "maintaining a coolant inventory",
"preventing an excess reactivity insertion", and "maintaining a core configuration." These functions
are provided by multilayer barriers for confining all radioactive materials, such as a core, coolant
pressure boundary, and primary containment boundary. Reactor vessels, steam generators,
pressurizers, core support structures, etc. fall under this category as specific equipment and
components in PWRs, and reactor vessels, pumps of reactor coolant recirculation system, core
support structures, etc. are their equivalents in BWRs.
December 11, 2008
R1 December 03, 2009
The "mitigation functions" categorized into the top group are "shutting down a reactor,"
"maintaining core non-criticality," "preventing coolant boundary over-pressurization," "heat
removing after shutdown," " emergency core cooling," "confining radioactive materials," "radiation
protection," "sending safety protection signals," and "auxiliary functions particularly important to
safety, such as emergency power supplies and a control room." These functions are provided by
the safety protection system, reactor shutdown system, emergency core cooling system, etc.
Control rods, control rod drive system, boric acid injection system of chemical and volume control
equipment etc. fall under this category as specific equipment and components in PWRs, and
control rods, control rod drive system, boric acid injection system, etc. are their equivalents in
BWRs.
Evaluating functions of structures, systems and components consisting of a nuclear reactor facility,
and categorizing their importance based on their impacts on safety, the results are provided in the
following JEAG 4612 as a private sector’s guidelines.
(Note 1) "Safety Importance Classification Guide of Electrical Devices and Mechanical Installations
Functioning for Safety” JEAG 4612 (1998)
Supplement (for reference)
When a new nuclear reactor facility is intended to be established, it is expected that certain codes
and standards applicable to it are not available. When a nuclear reactor facility intended to be
established is identical to the one already constructed and operated, the codes and standards
applied to its design shall be identified, and their applicability shall be justified.
December 11, 2008
R1 December 03, 2009
G2. Design Considerations against Natural Phenomena
1. Structures, systems and components with safety functions shall be assigned to appropriate
seismic categories, with the importance of their safety functions and possible safety impacts of
earthquake-induced functional loss taken into consideration, and be designed to sufficiently
withstand appropriate design seismic forces.
2. Structures, systems and components with safety functions shall be so designed that the safety of
the nuclear reactor facilities will not be impaired by other postulated natural phenomena other
than earthquake. Structures, systems and components with safety functions of especially high
importance shall be of the design that reflects appropriate safety considerations against the
severest conditions of anticipated natural phenomena or appropriate combinations of natural
forces and accident-induced loads.
Commentary
The interpretation of "designed to sufficiently withstand appropriate design seismic force" is
subject to the "Review Guide for Seismic Design of Nuclear Power Reactor Facilities."
The basic principles of this guide are as follows;
• Nuclear power reactor facilities shall have adequate seismic resistance to any potential
seismic forces so that they would not result in a large accident.
• Buildings and structures shall be of rigid structure in principle, and important buildings and
structures shall be supported by a rock-bed.
Structures, systems and components with safety functions are classified into the following three
groups according to their functions;
Class A.... Structures, systems and components that contain radioactive materials within
themselves or directly related to the facilities containing radioactive materials within themselves, of
which loss of function could release radioactive materials to the outside, those required to prevent
such a situation, and those required to reduce the consequences of radioactive materials released
to the outside at the occurrence of such an accident, of which impacts or effects are significant.
Specifically, those include components and piping systems consisting of "reactor coolant pressure
boundary," facilities to store spent fuel, facilities to rapidly insert negative reactivity to scram a
nuclear reactor, facilities to maintain shutdown state of a nuclear reactor, facilities to remove decay
heat from a core after reactor shutdown.
Class B..... Structures, systems and components of the above, but of which impacts or effects are
comparatively small
Class C..... Structures, systems and components other than Class A or B, of which safety
requirements are equivalent to those of general industrial facilities.
"Anticipated natural phenomena" refer to on-site natural phenomena possible to occur including
flood, tsunami, strong wind, freezing, snow, landslide, etc. The "severest conditions" refer to the
December 11, 2008
R1 December 03, 2009
conditions not less severe than the past records of the natural phenomena in question that are
considered to be reliable and statistically reasonable. The assumption of simultaneous occurrence
of different natural phenomena shall be taken into consideration if deemed necessary upon the
review of past records or field investigation results.
"Appropriate combinations of natural forces and accident-induced loads" do not necessarily mean
the simple addition of maximum accident-induced load to natural force considered to be the
severest of all but their combination in the proper way in relation to their cause and effect and their
change with time taken into account. For instance, if a probability of flood and tsunami to occur at
the same time is high, they shall be evaluated under the combined conditions, but if the probability
is infinitely small, such combination is not subject to the evaluation.
Supplement (for reference)
The Niigata-Chuetsu-Oki Earthquake occurred in July 2007 caused significant damage to the
Kashiwazaki-Kariwa Nuclear Power Station (Unit 1 to 7, BWRs), the Tokyo Electric Power Co., Inc.,
located close to the earthquake center. Units 1, 5 and 6 were outage for periodic inspections, and
other Units 2, 3, 4 and 7 in operation were automatically shutdown safely without causing any
radiological impact on the residents in the vicinity. A fire broke out at a transformer outside of a
turbine-building due to leaked dielectric oil catching fire. The facilities are under shutdown for
seismic safety verification activities on components important to safety, as of May 2008. As a result
of the seismic data analysis and resurvey of active faults, it is required to review design-earthquake
ground motions. Based on the consequences of this earthquake, fundamental modification of the
"Review Guide for Seismic Design of Nuclear Power Reactor Facilities" is under way.
December 11, 2008
R1 December 03, 2009
G3. Design Considerations against External Man-Induced Events
1. Structures, systems and components with safety functions shall be so designed that the safety of
the nuclear reactor facilities will not be impaired by postulated external man-induced events.
2. The nuclear reactor facilities shall be so designed that structures, systems and components with
safety functions are protected by appropriate means against any unjustifiable access by third
persons.
G4. Design Considerations against Internal Missiles
Structures, systems and components with safety functions shall be so designed that the safety of
the nuclear reactor facilities will not be impaired by postulated missiles that may take place within
the nuclear reactor facilities.
G5. Design Considerations against Fire
The nuclear reactor facilities shall be so designed that their safety will be protected against fire by
an appropriate combination of three measures of fire prevention, fire detection and
extinguishment and mitigation of fire effects.
G6. Design Considerations against Environmental Conditions
Structures, systems and components with safety functions shall be designed to withstand all the
environmental conditions under which their safety functions are expected.
G7. Design Considerations for Shared Use
Structures, systems and components with safety functions shall be so designed that in case they
are shared by two or more nuclear reactor facilities, the safety of the reactors will not be impaired
by the shared use.
Commentary
"External man-induced events" as referred to in the guide include airplane crash, breaking of dam,
explosion, etc.
The "internal missiles" refer to flying matter as a result of the breaking of valves and pipelines
containing fluid with high internal energy, damage of high-speed rotating equipment, a gas
explosion, heavy equipment fall, etc. The design considerations shall take into account the
secondary impacts of secondary missiles, fire, flood, chemical reaction, electrical damage, pipe
rupture and equipment breakdown that may result from the above incidents. For instance, it is
necessary to take into consideration the secondary effects such as a piping damage due to the drop
of some heavy component.
For "fire," it is provided by the "Review Guide for Fire Protection of Light Water Nuclear Power
Reactor Facilities."
"Environmental conditions under which their safety functions are expected" refer to all the
December 11, 2008
R1 December 03, 2009
environmental conditions to which the structures, systems and components whose functions are
expected to work during normal operations and abnormal conditions may possibly be exposed
throughout their service life.
In the case they are shared by two or more nuclear reactor facilities, "so designed that the safety of
the reactors will not be impaired" as mentioned here means that the safety functions required
under abnormal conditions are not impeded by shared use of structures, systems and components,
that, under abnormal conditions involving one of the reactors in concern, shutting down and
removing residual heat of the other reactors can be achieved, and that a possible failure of any of
the shared structures, systems and components will not cause an accident involving two or more
reactors at a time.
Supplement (for reference)
The example of sharing between two or more nuclear reactor facilities is power-generating
equipment for emergency power supply shared by two facilities which form a pair in a site layout.
The equipment sharing by two or more nuclear reactor facilities is mainly performed from a
standpoint of economic efficiency. However, failure of the shared equipment could affect safety of
two or more nuclear reactor facilities at the same time, so the sharing shall be carefully evaluated
from the standpoint of ensuring reliability.
December 11, 2008
R1 December 03, 2009
G8. Design Considerations to Operator's Actions
The nuclear reactor facilities shall be designed to reflect appropriate preventive considerations
against operators' erroneous operations.
G41. Control Room
The control room shall be so designed that the operating status and principal parameters of the
reactor and principal related facilities can be monitored and that prompt manual control can be
performed, whenever required, to maintain safety.
G43. Design Considerations for Control Room Protection
The control room shall be designed to be protected against fire, properly shielded so as to allow
site personnel to have access to or stay in the control room for necessary operations in case of an
accident, and safeguarded against toxic gases and gaseous radioactive materials likely to be
released due to fire or accident by means of a proper ventilation system.
G45. Design Considerations for Communication Means
The nuclear reactor facilities shall be provided with adequate warning systems and communication
means that allow necessary instructions and messages to be given properly to all the people
present in the nuclear power plant in case of an accident. The communication channel between the
nuclear power plant and necessary outside points shall be provided with redundancy or diversity.
G46. Design Considerations for Escape Routes
The nuclear reactor facilities shall be provided with evacuation lighting that functions even in case
of ordinary lighting power loss and shall have safe escape routes provided with concise and
permanent guide signs.
G47. Instrumentation and Control Systems
1 The instrumentation and control systems shall be designed with adequate considerations for
the following requirements during normal operations and abnormal operational transients.
(1) The parameters necessary to maintain the integrity of the reactor core, reactor coolant
pressure boundary, reactor containment boundary and associated systems shall be
controlled and maintained within the appropriate predicted limits.
(2) Monitoring of the aforementioned parameters within predicted variation limits shall be
possible so as to allow necessary countermeasures to be taken as required.
2 The instrumentation and control systems shall be designed to enable monitoring, and
recording as required, of the parameters necessary to recognize the status of an accident and
take countermeasures according to an adequate method over a sufficient range in case of an
accident. The systems shall also be designed to enable monitoring or estimating of the status
of reactor shutdown and core cooling in particular by use of two or more kinds of parameters.
December 11, 2008
R1 December 03, 2009
Commentary
G8. "Designed to reflect appropriate preventive considerations" refers to the design that reflects
human engineering-oriented considerations to ensure efficient panel layout, operational efficiency
of apparatus and valves, capability of monitoring reactor status accurately and quickly through
meters, lamps and alarms and prevention of errors during maintenance and inspection, and that
allows the necessary safety functions to be maintained without the operator's actions being
expected for a certain length of time after the occurrence of an abnormal condition.
G41. "Principal parameters can be monitored" means that, of the parameters required to be
monitored under paragraph 47 are those which need to be monitored on a continuous basis can be
monitored in the control room. "Prompt manual control" means the operations necessary to shut
down the reactor and maintain the reactor cooling after shutting down.
G43. "Site personnel to have access to or stay in the control room" means that such passages as
will allow site personnel to have access to the control room for necessary operations and are
allowed to stay in there for a proper length of time after an accident takes place, and that radiation
protection measures which will become feasible with time and attenuation of radiation level can be
properly taken for the site personnel who approach the control room for the shift after immediate
operations are accomplished.
G47. "Parameters necessary to maintain the integrity" include neutron flux of the reactor core,
neutron flux distribution, reactor water level, such parameters as pressure, temperature and flow
rate of the reactor coolant system, water quality of the reactor coolant, and such parameters as
pressure, temperature and atmospheric gas concentrations in the reactor containment.
"Parameters necessary to recognize the status of an accident and take countermeasures include
pressure, temperature, hydrogen gas concentration and radioactive materials concentrations of the
reactor containment atmosphere. “Records" include the availability of the information about
necessary parameters following the course of an accident.
Operator consoles are provided in a central control room so that operation parameters, such as
core power, coolant pressure, inserted length of control rods, can be monitored continuously and
appropriate operator actions can be taken during normal conditions or during postulated internal
events or postulated internal events. The central control room has functions to maintain normal
conditions, and to take appropriate operational actions to restore the normal conditions when a
deviation occurs. The central control room shall be designed with due considerations given to
human engineering, and the operator consoles shall be designed so as to have a capacity to take in
the operational conditions quickly and comprehensively.
The central control room shall be provided with functions to protect the personnel staying there
from radiation, toxic gases etc. when an accident occurs. For the case when operators cannot stay
in the central control room due to a fire etc., the equipment to terminate nuclear fission reaction
and control a residual heat removal system shall be provided at a location separated from the
central control room.
Supplement (for reference)
(1) "Human factors engineering" is an engineering to study changes in psychological and physical
human bodies accompanying human physical shapes and actions, movements of the crowd,
December 11, 2008
R1 December 03, 2009
and to apply the results to design so that a person can use equipment in a natural way and
condition. It takes into consideration human factors focused on human beings, including
human efficiency, technologies, designs, and man-machine interfaces. It is a design technique
to take into consideration those elements, such as human work load, fatigue, situation
recognition, usability, user interface, study capability, attention, alert, human efficiency,
human reliability, control/display design, stress, human error, decision-making activities.
①Control Panel
② Control Panel (details)
(2) It is required that safety systems are automatically activated to ensure safety functions, even
without operators’ actions for a certain time period after the occurrence of an abnormal
situation. The certain time period is so-called “rule of 10 minutes.” This time period provides a
margin in time for operators to take in the situation immediately after an occurrence of
abnormal situation and make a decision.
(3) Application of computers to the instrumentation and control system important to safety
In application of computers for controlling important-to-safety systems, technical standards
and technical means to assure the performance of the hardware and software to be used need
to be maintained for their service lives, especially throughout the software service life. In order
to ensure hardware and software reliability, strict quality assurance shall be implemented.
December 11, 2008
R1 December 03, 2009
Refer to other text "Digital Instrumentation and Control Systems for Safety System and Main
Control Room Design" for application of digital technologies to safety systems.
G9. Design Considerations for Reliability
1 Structures, systems and components with safety functions shall be so designed that their
adequately high reliability will be ensured and maintained as required according to the
importance of their safety functions.
2 Systems with safety functions of especially high importance shall be designed with redundancy
or diversity and independency considering their physical make-up, working principles,
assigned safety functions, etc.
3 The systems referred to in item (2) above shall be designed to be capable of fulfilling their
safety functions even in case of unavailability of off-site power in addition to an assumption of
a single failure of any of the components that comprise the systems.
G10. Design Considerations for Testability
Structures, systems and components with safety functions shall be designed to be capable of being
tested or inspected to verify their integrity and capability by adequate methods consistent with the
importance of their safety functions during reactor operation or shutdown.
Commentary
G9. In order to ensure and maintain a high-level of reliability of structures, systems and
components with safety functions, "implementation of strict quality assurance" discussed in
Paragraph (3) of general principles is indispensable. Electric utilities shall develop quality assurance
programs, and implement and maintain them throughout a service lifetime of nuclear reactor
facilities.
"Redundancy" represents the existence of two or more systems or components with identical
attributes to perform an identified function. For instance, an emergency shutdown system to insert
control rods and shutdown a nuclear reactor is provided with circuits with four channels, which
consist of detectors, comparators with set points, etc., respectively and the emergency shutdown
system is automatically activated on the two channels detecting an anomaly. It is called "having a
multiplicity" to have such two or more channels.
"Diversity" represents the existence of two or more systems or components with different
attributes to perform an identified function. As an example of BWRs, the function provided to
reduce reactor power by an immediate shutdown of recirculation pumps of the reactor coolant
recirculation system in addition to the function of the emergency reactor shutdown system using
control rods is called a diverse function.
“Single failure” means the loss of the required safety functions of a component necessary for
coping with an abnormal condition and includes multiple failures due to secondary causes, but it is
distinct from a failure of a component as a cause for an abnormal condition.
December 11, 2008
R1 December 03, 2009
G10. "Adequate methods" include the use of test bypass systems in a case test or inspection using
systems in actual service is unpractical.
Supplement (for reference)
Testability of G10 is necessary for verifying the integrity and capability of structures, systems and
components with safety functions, but a testing might interfere with continued operation of a
nuclear reactor facility. For example, there have been many cases of emergency shutdown caused
by preparation works for tests and operational tests of systems and components during reactor
operation. Reasonable considerations to test preparations, preparation of procedures, and
selection of timing for tests are essential.
December 11, 2008
R1 December 03, 2009
2.2 Reactor and the Reactor Shutdown System
G11. Reactor Core Design
1 The reactor core shall be designed to assure, with the aid of the functions of associated
reactor cooling system, reactor shutdown system, instrumentation and control systems, and
safety protection system, that the acceptable fuel design limits are not exceeded during
normal operation and abnormal operational transients.
2 Components, other than fuel rods, that make up the reactor core or are located in proximity to
it within the reactor pressure vessel shall be designed to be capable of ensuring safe reactor
shutdown and proper core cooling during normal operation and abnormal conditions.
Commentary
A core consists of many fuel assemblies, control rods, core internals, etc., and the coolant passes
through its inside. A core generates a large quantity of heat during power operation. Core internals
support fuel assemblies and control rods, and have functions to secure the coolant passages. A
core, control rods and the coolant in the core shall be designed so that operational limits for
preventing a change of boiling modes on the surface of fuel rods under normal conditions and
abnormal operational transients can be met. Moreover, they must be designed to withstand the
load including the weight of core support structures etc. and to maintain the core configuration to
ensure core cooling and control-rod insertion during design basis accidents, postulated external
events or postulated internal events.
Supplement (for reference)
Inside of a PWR core Inside of a BWR core
December 11, 2008
R1 December 03, 2009
G12. Fuel Design
1 The fuel assemblies shall be designed so as not to lose their integrity despite various
unfavorable factors that may take place during their use in the reactor.
2 The fuel assemblies shall be designed so as not to be excessively deformed during transport or
handling.
G13. Reactor Characteristics
The reactor core and associated systems shall be designed to have inherent characteristics to
suppress the reactor power rise and to be well capable of controlling reactor power oscillation if it
occurs.
G14. Reactivity Control System
1 The reactivity control system shall be designed to be capable of regulating reactivity changes
expected to occur during normal operation, thereby maintaining the necessary operational
conditions.
2 The maximum reactivity worth of control rods and reactivity insertion rate shall be such that
postulated reactivity-initiated events will not result in damage of the reactor coolant pressure
boundary nor in destruction of the core, core support structures and reactor pressure vessel
internals that may impair core cooling.
Commentary
G12. "Various unfavorable factors that may take place" include the difference between internal and
external pressures of the fuel rod, irradiation of fuel rod and other materials, fluctuations in
pressure and temperature caused by load changes, chemical effects, static and dynamic loads,
deformation of fuel pellet, composition change in fuel rod filler gas.
G13. "Have inherent characteristics to suppress the reactor power rise" means that the reactivity
feedback as an inherent total effect of Doppler coefficient, moderator temperature coefficient,
moderator void coefficient, pressure coefficient, etc. which quickly works to suppress the reactor
power rise during power transient over all operational range and thus prevent or mitigate fuel
damage. The rapid inherent characteristics to limit an increase in reactor power are explained in
"self-regulating characteristics of a nuclear reactor" of the Introduction, but discussed here again.
A nuclear reactor shall have inherent self-regulating characteristics due to negative reactivity
feedback against power increase. As shown in the following figure, self-regulating characteristics
due to negative reactivity feedback mean a characteristic to inherently limit power increase in case
of a rapid reactivity insertion due to control rod drop out of a core etc. "Be well capable of
controlling reactor power oscillation if it occurs" means that adequate attenuation characteristics
are provided so that the acceptable fuel design limits are not exceeded, or controllability against
reactor power oscillation is provided.
December 11, 2008
R1 December 03, 2009
Control rods fall out from a core suddenly.
Insertion of Sudden Negative Power increase is
Reactor positive power reactivity controlled and
reactivity increase effect becomes stable
G14. In evaluating the "maximum reactivity worth of control rods," the effects of reactivity
controlling device that limits the insertion and arrangement of control rods in conjunction with the
operational conditions of the reactor, if available, may be taken into account. "Postulated
reactivity-initiated event" refers to an event in which abnormal reactivity insertion takes place in
the reactor, including abnormal withdrawal of control rods during power operation (PWR, BWR)
and control rod drop and unconformity (PWR). They are defined in the "Review Guide for Safety
Evaluation of Light Water Nuclear Power Reactor Facilities" and the "Evaluation Guide for Reactivity
Insertion Events of Light Water Nuclear Power Reactor Facilities."
Supplement (for reference)
G14. As a device to restrict reactivity worth, BWRs are provided with the "control rod worth
minimizer", which shows an operation guide of control rod withdrawal sequences that keep
reactivity worth of each control rod to a minimum, and generate alarms when the sequences are
not observed. The classification of importance of the "control rod worth minimizer" is PS-3, the
system for preventing the occurrence of anomaly.
December 11, 2008
R1 December 03, 2009
G15. Independency and Testability of Reactor Shutdown System
The reactor shutdown system shall be designed to have at least two independent systems capable
of making the core subcritical from hot standby or hot operational conditions and maintaining the
core subcritical under hot conditions. They shall also be designed to allow testing with respect to
their functional capability.
G16. Reactor Shutdown Margin by Control Rods
The control rod-dependent system out of the reactor shutdown system shall be designed to be
capable of making the core subcritical under hot and cold conditions even when one control rod
with maximum reactivity worth is withdrawn out of the core and cannot be inserted.
G17. Shutdown Capability of Reactor Shutdown System
1 At least one independent system out of the reactor shutdown system shall be designed to be
capable of making the core subcritical under hot conditions during normal operation and
abnormal operational transients without leading to the acceptable fuel design limits being
exceeded and capable of maintaining the core subcritical under hot conditions.
2 At least one independent system out of the reactor shutdown system shall be designed to be
capable of making the core subcritical under cold conditions and of maintaining the core
subcritical under cold conditions.
G18. Reactor Shutdown System Capability in Case of Accident
At least one independent system included in the reactor shutdown system shall be designed to be
capable of making the core subcritical in case of an accident, and at least one independent system
included in the reactor shutdown system shall be designed to be capable of maintaining the core
subcritical in case of an accident.
Commentary
G15. The control-rod-dependent system and the soluble-poison-dependent system employed in
LWRs (boric acid injection system in BWRs, boric acid injection system of the chemical and volume
control system in PWRs) are considered to conform to this Guiding Principle with respect to their
performance as the reactor shutdown system. In case a control rod-dependent system itself has
multiple independent shutdown functions that are sufficient enough in number for a hot shutdown,
such functions may be regarded as multiple independent shutdown systems practically.
"Capable of maintaining the core subcritical under hot conditions" refers to the capability of
maintaining the subcritical state of the core during a period from the end of a transient state to the
addition of reactivity due to xenon decay and means that the operation of other systems, if any,
may be expected to maintain the core subcritical beyond that period. In case the operation of other
systems capable of reactor shutdown can be expected depending on the kind of event, their
contribution may be taken into account in the design considerations.
G17. "Capable of making the core subcritical under cold conditions and of maintaining the core
December 11, 2008
R1 December 03, 2009
subcritical under cold conditions" refers to achieving a cold subcritical state from a hot subcritical
state and maintaining it while compensating for reactivity addition due to xenon decay and reactor
coolant temperature change.
G18. In case the operation of any other system capable of shutting down the reactor can be
expected together with the reactor shutdown system at the time of an accident, its contribution
may be taken into account in the design considerations. A typical case would be the contribution of
the emergency core cooling system together with the reactor shutdown system in making and
maintaining the core subcritical in the event of a main steam pipe rupture in a PWR.
Supplement (for reference)
---------
December 11, 2008
R1 December 03, 2009
2.3 Reactor Cooling System
G19. Integrity of Reactor Coolant Pressure Boundary
1 The reactor coolant pressure boundary shall be so designed that its integrity will be ensured
during normal operation and abnormal conditions.
2 The pipelines connected to the reactor coolant system shall in general be fitted with isolation
valves.
G20. Prevention of Reactor Coolant Pressure Boundary Failure
The reactor coolant pressure boundary shall be designed not to exhibit brittle behavior and develop
any quickly propagating failure during normal operation, maintenance, testing and abnormal
conditions.
G21. Detection of Reactor Coolant Pressure Boundary Leaks
The means shall be provided for quick and proper detection of the leakage of the reactor coolant, if
any, from the reactor coolant pressure boundary.
G22. In-Service Test and Inspection of Reactor Coolant Pressure Boundary
The reactor coolant pressure boundary shall be designed to be capable of being tested and
inspected to verify its integrity throughout the service life of the nuclear reactor.
G23. Reactor Coolant Supply System
The reactor coolant supply system shall be designed to be capable of supplying as much coolant as
required at a proper now rate to restore the necessary inventory of the reactor coolant in case of a
limited leakage.
Commentary
G19. "So designed that its integrity will be ensured" means that the design reflects the
consideration such that abrupt cooling or heating of the reactor coolant pressure boundary and
abnormal pressure rise within it can be suppressed with the aid of reactor shutdown system,
reactor cooling system, instrumentation and control systems, safety protection system, safety
valves, etc. and that the reactor coolant pressure boundary itself can sufficiently withstand
temperature change and pressure to be experienced with extremely small possibility of failure or of
abnormal leakage of reactor coolant.
"Be fitted with isolation valves" refers to the reactor coolant pressure boundary design in which the
pipelines connected to the reactor coolant system and forming the boundary in part are fitted with
appropriate isolation valves considering the service conditions and purposes of those pipelines
during normal operations so that loss of reactor coolant can be stopped in case of abnormal
leakage from the portions not forming the reactor coolant pressure boundary.
G23. The "reactor coolant supply system" refers to the system that supplies the reactor coolant to
the reactor coolant system (control rod drive hydraulic control system and reactor core isolation
December 11, 2008
R1 December 03, 2009
cooling system (excluding the feed water system) in a BWR; charging Pump-aided supply system in
a PWR).
"A limited leakage" refers to coolant leakage through seals of valves or pumps that make up the
reactor coolant pressure boundary or through small cracks in the reactor coolant pressure
boundary.
Supplement (for reference)
Reactor pressure vessels, steam generator tubes, high-pressure piping, pressurizers, joints, valves,
pumps, and heat exchangers consisting of coolant pressure boundaries referred in G19 and G20,
including their supporting structures, shall be designed to adequately withstand the load and
maintain their integrity when abnormal operational transients, design basis accidents, postulated
external events, or postulated internal events occur. These structures and components are required
to have functions to maintain their integrity and to keep the coolant inventory constant. The
coolant pressure boundary is a barrier which contacts the coolant directly and receives its pressure
under normal condition. Isolation valves shall be provided, in principle, at joints of the coolant
pressure boundary with the piping connected to the boundary. For reactor pressure vessel, steam
generator tubes, high-pressure piping, pressurizers, joints, valves, pumps, heat exchangers
consisting of the coolant pressure boundary, their materials, design criteria, inspection methods,
and manufacturing methods shall be appropriately selected so as to design and manufacture them
to ensure the highest quality. Particularly, the reactor pressure vessel shall be designed so that it
can withstand impact load and a minor defect would not rapidly progress during normal conditions
(including shutdown, maintenance, tests and inspections), and during abnormal operational
transients, design basis accidents, postulated external events, and postulated internal events.
Coolant pressure boundaries shall be made of appropriate materials to minimize their activation.
Reactor coolant pressure boundaries shall be designed with adequate margins not to loose their
integrity during their service lives with due consideration for factors to impair their integrity
including fatigue, erosion, chemical conditions, radiation irradiation, etc. during normal operation,
abnormal operational transients, and design basis accidents. And, these structures, systems and
components shall be designed to be capable of conducting tests and inspections for verifying their
integrity through the lifetime of the nuclear reactor facility. Furthermore, they must be designed to
be able to verify that the integrity is maintained by conducting tests and inspections for irradiation
embrittlement, SCC, and deterioration due to aging. The "service life" means a time period from
commissioning to decommissioning of a nuclear reactor facility, an aging management program
including design considerations to aging, deterioration monitoring, and repair measures needs to
be specified. Actions in response to aging, i.e., deterioration due to aging, are explained in the text
"Plant Long Life Management of Nuclear Power Plant in Japan".
Pressurizer safety valves and pressurizer relief valves (PWR), and main steam safety-relief valves
(BWR) consisting of the coolant pressure boundaries shall be able to release the internal pressure
to prevent over-pressure of the coolant boundaries, and also have a function to stop blowing down
to control an excess release of the coolant.
G23. The coolant makeup system and the coolant clean-up system shall be designed to have
capacities to supply and cleanup the coolant so that the inventory of coolant and the
concentrations of radioactive materials in the coolant are controlled within operation limits, taking
December 11, 2008
R1 December 03, 2009
into consideration thermal expansion of the coolant and leakage of the coolant from the pressure
boundary.
December 11, 2008
R1 December 03, 2009
G24. Systems for Removing Residual Heat
1 The systems for removing residual heat shall be designed to be capable of removing fission
product decay heat and other residual heat from the core during reactor shutdown, thereby
preventing the acceptable fuel design limits and design conditions for the reactor coolant
pressure boundary from being exceeded.
2 The systems for removing residual heat shall be properly provided with redundancy or
diversity and independency so that they can fulfill their safety functions even in case of
unavailability of off-site power in addition to an assumption of a single failure of any of the
components that comprise the systems. They shall also be designed to allow testing with
respect to their functional capability.
Commentary
The "systems for removing residual heat" refer to the systems provided so as to remove residual
heat even in case heat removal is unachievable by main condenser (reactor core isolation cooling
system, residual heat removal system, high pressure core spray system, automatic
depressurization system, etc. in a BWR; steam generator, main steam relief valve, main steam
safety valve, auxiliary feedwater system, residual heat removal system, etc. in a PWR). In
association with these, the BWR has a main steam relief safety valve to reduce pressure in the
reactor coolant system, and PWR has pressurizer relief valve, etc. for the same purpose.
"Other residual heat" refers to heat accumulated in the structural materials of the core, reactor
coolant system, etc., in the reactor coolant and in the secondary coolant (in the case of a PWR).
"Properly provided with ..." means that redundancy or diversity and independence are required for
achieving the functions of the system during abnormal conditions.
"Independency" represents the freedom of two or more systems or components from simultaneous
functional impediment caused by common or subordinate factors under design-based
environmental and operational conditions. (Multiplicity and diversity are described in G9.)
Supplement (for reference)
"Heat removal by a main condenser" means to transfer the steam generated from the residual heat
of a nuclear reactor via turbine bypass valves to a main condenser for cooling. It is required that
the structures of the main condenser is intact, the heat-removal capability of the main condenser is
maintained, that is, its vacuum is maintained, the control system to open and close the turbine
bypass valves is intact, and so on, for the satisfactory heat removal function. All of these do not
have multiplicity or diversity and independency so that the system function can be achieved even in
case of unavailability of off-site power in addition to an assumption of single failure in their
components. The residual-heat removal function shall be realized on this assumption.
December 11, 2008
R1 December 03, 2009
G25. Emergency Core Cooling System
1 The emergency core cooling system shall be designed to be capable of preventing serious
damage of reactor fuel and of limiting the reaction between fuel cladding metal and water to
sufficiently small amount in case of a postulated loss of reactor coolant resulting from a break
in piping etc.
2 The emergency core cooling system shall be designed with redundancy or diversity and
independency so that the system can fulfill its safety functions even in case of unavailability of
off-site power in addition to an assumption of a single failure of any of the components that
comprise the system.
3 The emergency core cooling system shall be designed to be capable of being tested and
inspected on a periodical basis. The emergency core cooling system shall also be designed to
allow testing and inspection of each constituent system independently so that the integrity and
redundancy of the emergency core cooling system can be verified.
G26. Systems for Transporting Heat to Ultimate Heat Sink
1 The systems for transporting heat to an ultimate heat sink shall be designed to be capable of
transferring heat generated or accumulated in structures, systems and components with
safety functions of especially high importance to an ultimate heat sink.
2 The systems for transporting heat to an ultimate heat sink shall be properly provided with
redundancy or diversity and independency so that they can fulfill their safety functions even in
case of unavailability of off-site power in addition to an assumption of a single failure of any of
the components that comprise the systems. They shall also be designed to allow testing with
respect to their functional capability.
G27. Design Considerations against Loss of Power
The nuclear reactor facilities shall be designed that safe shutdown and proper cooling of the
reactor after shutting down can be ensured incase of a short-term total AC power loss.
Commentary
G25. "A break in piping etc." includes the events that cause loss of reactor coolant without any
physical break, such as sticking of a relief valve at its open position. The relief valves have pressure
setpoints and release the pressure, but close when the pressure returns to the predetermined
setpoints. The valves are postulated not to close due to a failure of the control circuit or a failure of
its mechanism. In this case, the reactor coolant flows out, which has the same impact as that due
to piping rupture.
G26. "Ultimate heat sink" refers to the sea, river, pond, lake or open air.
The "systems for transporting heat to an ultimate heat sink" refers to the systems that transport
heat from the emergency core cooling system, systems for removing residual heat, etc. to the
ultimate heat sink (component cooling system, component cooling sea water system, etc.).
"Properly provided with" means that redundancy or diversity and independency are required for
December 11, 2008
R1 December 03, 2009
achieving the functions of the systems during abnormal conditions.
G27. No particular considerations are necessary against long-term total AC power loss because the
repair of troubled power transmission line or emergency AC power system can be expected in such
case. The assumption of total AC power loss is not necessary if the emergency AC power system is
reliable enough by means of system arrangement or management (such as maintaining the system
in operation at all times).
Supplement (for reference)
G25 and G27. In the design of an emergency core cooling system, a loss of coolant accident where
the coolant pressure boundary is damaged leading to a release of the coolant into reactor
containment vessel is assumed. With a loss of coolant, the core will heat-up by the residual heat
and/or decay heat due to insufficient cooling, which leads to fuel rod temperature rise. The
emergency core cooling system is automatically activated by signals (signals of RPV water level low
and containment pressure high) from the safety protection system, and supply the cooling water
into the heated-up core to recover the core cooling. The emergency core cooling system shall have
functions to cool the core so that the maximum temperature of fuel cladding and its oxide layer
thickness do not exceed the operation limits throughout the course of a loss of coolant accident.
The emergency core cooling system shall be provided with multiplicity or diversity, independency,
and testability, and designed to be capable of receiving an emergency power supply and have high
reliability.
The "emergency power supply" refers to emergency on-site power generation facilities (emergency
diesel generators, batteries, etc.) and power supply facilities to the provisions with especially highly
important safety functions including the engineered safety features (emergency bus switch gears,
cables, etc.). The emergency power supply automatically starts simultaneously with a loss of
non-essential power, and supplies required power to systems and/or components with highly
important safety functions.
December 11, 2008
R1 December 03, 2009
2.4 Reactor Containment
G28. Functions of Reactor Containment
1 The reactor containment shall be designed to withstand the load (pressure, temperature,
dynamic load) resulting from postulated events for reactor containment design and an
appropriate seismic load and prevent the specified leakage rate from being exceeded with the
aid of properly operating isolation functions.
2 The reactor containment shall be so designed that the leakage rate of the entire containment
can be measured under a specified pressure on a periodical basis.
3 The reactor containment shall be designed to allow leakage tests at such important portions as
penetrations for electric cables, pipelines, etc. and access openings.
G29. Prevention of Reactor Containment Boundary Failure
The reactor containment boundary shall be designed not to exhibit brittle behavior and develop
any quick propagating failure during normal operation, maintenance, testing or abnormal
conditions.
G30. Isolation Function of Reactor Containment
1 The pipelines that penetrate the reactor containment walls shall in general be fitted with
containment isolation valves.
2 The containment isolation valves to be fitted in principal pipelines shall in general be designed
to be automatically and properly closed in case of an accident that necessitates the retention
of isolation function.
G31. Reactor Containment Isolation Valves
1 The containment isolation valves shall be located as close to the reactor containment as
practicable.
2 The installation of the containment isolation valves shall be subject to the following:
(1) Of the pipelines that open inside the reactor containment or communicate with the
reactor coolant pressure boundary, those which are not closed outside the reactor
containment shall in general be provided with one containment isolation valve inside the
reactor containment and one outside.
(2) Of pipelines other than 1) above, those which are closed inside or outside the reactor
containment shall in general be provided with one containment isolation valve outside the
reactor containment.
(3) The containment isolation valves shall not lose their isolation function due to loss of
driving power after they are closed.
(4) The containment isolation valves shall allow performance tests to be conducted on a
periodical basis, of which important ones shall be testable for leakage.
December 11, 2008
R1 December 03, 2009
G32. Reactor Containment Heat Removal System
1 The reactor containment heat removal system shall be designed to sufficiently reduce the
containment pressure and temperature resulting from the release of energy in case of
postulated events for reactor containment design.
2 The reactor containment heat removal system shall be designed with redundancy or diversity
and independency so that the system can fulfill its safety functions even in case of
unavailability of off-site power in addition to an assumption of a single failure of any of the
components that comprise the system. The system shall also be designed to allow testing with
respect to its functional capability.
G33. Systems for Controlling Containment Facility Atmosphere
1 The containment facility atmosphere cleanup system shall be designed to be capable of
reducing the concentration of radioactive materials released to the environment in case of
postulated events for reactor containment design.
2 The flammable gas concentration control system shall be designed to be capable of controlling
the concentration of hydrogen or oxygen present in the reactor containment in case of the
postulated events for reactor containment design, thereby maintaining the integrity of the
containment facility.
3 The systems for controlling containment facility atmosphere shall be designed with
redundancy or diversity and independency so that they can fulfill their safety functions even in
case of unavailability of off-site power in addition to an assumption of a single failure of any of
the components that comprise the systems. They shall also be designed to allow testing with
respect to their functional capability.
Commentary
G28. "Such important portions as penetrations for electric cables, pipelines, etc. and access
openings" refer to significant portions from the viewpoint of leakage. Such examples are
penetrations and access openings utilizing resilient seals or expansion bellows.
G29. It is the same to the requirements for brittle behavior and propagating failure in G20.
"Prevention of Reactor Coolant Pressure Boundary Failure."
G30. "Containment isolation valves" are automatic isolation valves (including check valves designed
to adequately work for containment isolation in case of an accident), normally locked shut-off
valves and remote-controlled shut-off valves. "Check valves designed to adequately work for
containment isolation in case of an accident" as referred to above are the check valves designed to
maintain the necessary isolation function by means of gravity, etc. even in a case in which the
concerned pipeline is damaged either inside or outside the reactor containment and the back
pressure to the valves is totally lost as a result.
"In general be fitted with containment isolation valves" means that the pipelines for sampling or
instrumentation important to reactor safety, the hydraulic pipelines for control rod drive, or other
similar pipelines need not be provided with containment isolation valves if the leakage through
those pipelines is as small as tolerable. "Principal pipelines" refer to the pipelines which must be
December 11, 2008
R1 December 03, 2009
fitted with containment isolation valves and may cause a leakage beyond tolerable limits from the
reactor containment if left uncontrolled during normal operational conditions, except for those
pipelines whose containment isolation valves are closed during hot operation.
"In general be designed to be automatically and properly closed" refers to the capability of
containment isolation valves to automatically close in response to the containment isolation signals
from the safety protection system, for example, and minimize the leakage of radioactive materials
from the reactor containment in conjunction with isolation barriers other than containment
isolation valves even in case of unavailability of off-site power in addition to an assumption of a
single failure. The meaning of "in general" as mentioned here is that those pipelines which belong
to principal pipelines but are part of the systems necessary to control accidents are not required to
be shut off by automatic isolation signals in order to save such systems' safety functions. Even in
such a case, however, the loss of the containment isolation function shall be prevented.
The reset function shall be considered for the containment isolation valves that are shut off
automatically for the sake of necessary post-accident activities.
G31. "Those which are not closed outside the reactor containment" are the pipelines which will
make intolerable release paths of radioactive materials in the atmosphere within the reactor
containment to the outside depending on the conditions of the pipelines during an accident if the
isolation is not applied.
"In general be provided with one containment isolation valve inside the reactor containment and
one outside" means that the design with two isolation valves outside the reactor containment can
be accepted if the design is justifiable from the viewpoint of adequate safety considerations other
than reactor containment isolation function.
"In general be provided with one containment isolation valve outside the reactor containment"
means that the design with one isolation valve either inside or outside the reactor containment can
be accepted if the pipelines do not communicate to the outside of the reactor containment
considering their functional state.
Supplement (for reference)
The reactor containment is provided to confine radioactive materials which would be released into
a reactor containment being mixed with the coolant if a loss of coolant accident occurs. The reactor
containment shall be designed so that a leak rate of the containment atmosphere is less than the
operation limit. The reactor containment shall be designed to reduce the leak rate of its
penetrations, to control the pressure and temperature of the containment atmosphere, to isolate
the penetrations during an accident, and to remove radioactive materials, toxic gas, and
combustible gas. Penetrations of the containment boundary and the reactor containment shall be
designed to withstand a rise of containment atmosphere pressure and temperature, negative
pressure, dynamic load, and missile impact with sufficient margin, when a loss of coolant accident
occurs. The containment boundary mentioned above refers to a barrier which directly contacts the
coolant and receives its pressure, when a loss of coolant accident occurs. A part of the containment
wall is sometimes doubled to reduce a leak. The reactor containment shall be designed so that its
confinement function would not deteriorate or be lost due to an earthquake or a fire.
The reactor containment shall be designed to withstand the internal pressure specified as the
December 11, 2008
R1 December 03, 2009
design limit, and be capable to perform leak rate test of the containment boundary to verify the
leak rate does not exceed the operation limit. Namely, the containment boundary shall be of
testable design for its leak rate during its service life.
The piping and wiring penetrating the containment boundary shall be minimized. The piping
penetrating containment boundary shall be provided with isolation valves inside and outside of the
boundary, which can be closed on the signals which the safety protection system produces.
However, since the residual heat removal system is required even when the containment is
isolated, the isolation valve provided in the return piping of the system will not be closed. All
isolation valves shall be installed as close to the boundary as possible.
The reactor containment shall be equipped with an air lock which allows access during low power
operation. A sufficiently large opening shall be provided to avoid damage to the barriers between
compartments and other structures, systems and components important to safety due to a large
differential pressure that could arise between compartments in the reactor containment, when a
loss of coolant accident occurs.
A system shall be provided to cool the containment atmosphere to reduce the pressure and
temperature of the containment atmosphere below the operation limits and to reduce radioactive
materials, hydrogen and oxygen levels in the atmosphere, when a loss of coolant accident occurs.
Covering and coating of the structures, systems and components to be installed in the reactor
containment shall be paid due attention to materials and coating methods so as not to impair their
safety functions.
PWR containment
December 11, 2008
R1 December 03, 2009
2.5 Safety Protection System
G34. Redundancy of Safety Protection System
The safety protection system shall be designed with redundancy so that any single failure of any of
the components or channels which comprise the system or removal from service of any component
or channel does not result in a loss of functioning for safety of the system.
G35. Independency of Safety Protection System
The safety protection system shall be designed such that the channels comprising the system are
separated from each other taking into account the independency between them as much as
practicable, thereby preventing loss of its safety functions during normal operation, maintenance,
testing and abnormal conditions.
G36. Function of Safety Protection System during Transient
The safety protection system shall be designed to detect the abnormal state during abnormal
operational transients and initiate automatically the operation of appropriate systems including the
reactor shutdown system in order to ensure that the acceptable fuel design limits are not
exceeded.
G37. Function of Safety Protection System in Case of Accident
The safety protection system shall be designed to detect the abnormal state in an accident and
initiate automatically the operation of the reactor shutdown system and necessary engineered
safety features.
G38. Function of Safety Protection System in Case of Failure
The safety protection system shall be designed to allow the nuclear reactor facilities to be settled in
a state of safety eventually in case of driving power loss, system cut-off or any other unfavorable
situation.
G39. Separation of Safety Protection System from Instrumentation and Control Systems
The safety protection system shall be designed to be functionally separated from instrumentation
and control systems so that the system does not lose its safety functions by the influence from
instrumentation and control systems in case that the both systems share common elements.
G40. Testability of Safety Protection System
The safety protection system shall be designed to be capable of being tested in general during
reactor operation on a periodical basis and shall allow testing of each constituent channel
independently so that the integrity and redundancy of the system can be verified.
Commentary
G34. A "channel" refers to the constituent elements (resistors, capacitors, transistors, switches,
lead wires, etc.) and modules (assemblies of interconnected constituent elements) to produce a
single signal necessary for the safety protection action, and covers a range from a detector to logic
December 11, 2008
R1 December 03, 2009
circuit input terminals.
G35. "Separating channels from each other" means that in case one channel develops an
unfavorable condition, the other channel will not develop any unfavorable condition of the same
nature and its safety function will not be affected.
G36. A typical function of the safety protection system during transient is detecting the abnormal
state and actuating the reactor shutdown system to scram the reactor in order to prevent the
reactor power from exceeding a given level or increasing too fast.
G38. "Driving power loss, system cut-off or any other unfavorable situation" refers to the loss of
electric power or instrumentation air or a situation in which the safety protection system has its
logic circuit cut off for some reason. The factors to be considered as the "unfavorable situation"
shall be determined depending on the respective design, including environmental conditions.
"Settled in a state of safety eventually" means that even in case of a failure in the safety protection
system, the nuclear reactor facility will be settled into a state on the safe side or can be maintained
in a safe state despite the failure in the safety protection system being un-repaired.
G39. "The system does not lose its safety functions" means that, even if any of the components or
channels comprising the instrumentation and control systems which are connected to the safety
protection system may be subjected to a single failure, inadvertent operation or removal from
service, the safety protection system with its functions not being impaired can fulfill the
requirements in G34 through G38.
G40. "Capable of being tested during reactor operation on a periodic basis" means that the safety
protection system can be tested to verify the maintenance of its proper functions at appropriate
time intervals during reactor operation and that even during the in-operation functional verification
test, the functions themselves are maintained without unnecessary actuation of the reactor
shutdown system, emergency core cooling system, etc. being caused.
Supplement (for reference)
"Safety protection system" refers to those provisions which are designed to detect abnormal
conditions of nuclear reactor facilities and directly initiate the operation of the reactor shutdown
systems, engineered safety features and other systems as required. Operation parameters, such as
core neutron flux and coolant pressure are continuously monitored to detect anomalies of a nuclear
reactor facility. Operation parameters to activate the reactor shutdown system are following
signals;
Monitoring parameters and activating parameters
PWR Neutron flux high (startup range, intermediate range, power range), neutron flux
change rate high, over-temperature △T high, over-power △T high, reactor pressure
high, reactor pressure low, primary coolant flow low, turbine trip, steam generator
secondary-side water-level abnormally low, steam generator secondary-side
feed-water flow abnormally low, pressurizer-level high, earthquake acceleration large
BWR Reactor pressure high, RPV water-level low, drywell pressure high , neutron-flux high
(startup range, intermediate range, power range), neutron-flux instrumentation
December 11, 2008
R1 December 03, 2009
inoperable, scram discharge volume water-level high, main steam isolation valve
closure, main steam stop valve closure, main steam control valve rapid closure,
main steam line radioactivity high, earthquake acceleration large
G34 describes that concrete components of a "channel" are resistors, condensers, transistors,
switches, wires etc. and modular arrays of from detectors to the logic circuit entrance, but the
safety protection system using a digital computer has been adopted as a "channel" component.
Signal processing and logic judgment to actuate safety systems, etc. are performed by software,
and compared with the hardware-based channel circuits, it requires special design control and
considerations. Refer to the other text "Digital Instrumentation and Control Systems for Safety
System and Main Control Room Design" for application of digital technology to safety system.
December 11, 2008
R1 December 03, 2009
2.6 Control Room and Emergency Provisions
G41. Control Room (Aforementioned)
G42. Reactor Shutdown from Outside of Control Room
The nuclear reactor facilities shall be designed to have the following functions that allow reactor to
be shut down from an appropriate location outside the control room.
1 To have prompt hot shutdown of the reactor together with necessary instrumentation and
control in order to maintain the nuclear reactor facility in a safe state.
2 To have the maintenance of cold shutdown state of the reactor by appropriate control
procedure.
G43. Design Considerations for Control Room Protection (Aforementioned)
G44. Emergency Station in Nuclear Power Plant
The nuclear reactor facilities shall be designed to allow installation, in the nuclear power plant, of
an emergency station from which necessary instructions will be furnished in case of an accident.
Commentary
G42. "Allow reactor to be shut down from an appropriate location outside the control room" means
that appropriate measures are taken in the event where access to the control room is prevented for
some reason.
"Prompt hot shutdown of the reactor" refers to shutting down the reactor immediately, removing
residual heat and maintaining the reactor in the hot shutdown state safely.
Supplement (for reference)
G44. At the Three Mile Island accident which occurred in U.S. in March 1979, persons gathered in
the control room during the accident creating confusion. In consideration of this fact, it was
decided to provide an on-site emergency center that can direct required measures from
appropriate location on the site other than the control room, if a loss-of-primary-coolant accident,
etc. occurs. The functions and facilities to be provided there are, when a loss-of-primary-coolant
accident etc. occurs, those required for the personnel involved to be able to remain there over a
required period, and to quickly and correctly take in the accident condition etc. not through
operators in the control room. Moreover, multiple communication lines, including at least one
dedicated line, shall be provided for communication with related organizations inside and outside of
the power station.
December 11, 2008
R1 December 03, 2009
2.7 Instrumentation and Control Systems and Electrical Systems
G47. Instrumentation and Control Systems (Aforementioned)
G48. Electrical Systems
1 The electrical systems shall be designed to allow the structures, systems and components with
safety functions of especially high importance to be fed by either the off-site power or the
emergency on-site power when they need electric power to fulfill their safety functions.
2 The off-site power system shall be connected to the electric power system with two or more
power transmission lines.
3 The emergency on-site power system shall incorporate redundancy or diversity and
independency and have enough capacity and capability to accomplish the following properly
even with the assumption of a single failure of its components.
(1) Shutting down and cooling the reactor without the acceptable fuel design limits and
design conditions for the reactor coolant pressure boundary being exceeded in case of
abnormal operational transients.
(2) Cooling the reactor core and ensuring the integrity of the reactor containment and safety
functions of other necessary systems and components in case of an accident, such as loss
of reactor coolant.
4 The electrical systems associated with safety functions of high importance shall be designed
such that their important portions can be tested and inspected on a periodic basis.
Commentary
"Off-site power system" refers to a series of provisions used to supply power to the nuclear reactor
facility from an external electric power system or main power generator.
"Emergency on-site power system" refers to emergency on-site power generation provision
(emergency diesel power generator, batteries, etc.) and power supply equipment to the provisions
with safety functions of especially high importance including the engineered safety features
(emergency bus switch gears, cables, etc.).
"Safety functions of especially high importance" and "safety functions of high importance" are
specified separately in the "Safety Importance Classification Guide of Electrical Devices and
Mechanical Installations with Safety Functions", JEAG 4612 (1998).
Supplement (for reference)
The power for components (pumps, fans, motor-operated valves, lighting etc.) of a nuclear reactor
facility is supplied by the power grid at the start of a nuclear reactor facility, and by the power
generated by a main generator after completion of starting the facility and start of its power
generation. Since the facility operation is stopped during an abnormal event of a nuclear reactor
facility, an emergency auxiliary power system with high reliability is required.
December 11, 2008
R1 December 03, 2009
2.8 Fuel Handling Systems
G49. Fuel Storage and Handling Systems
1 The storage and handling systems for fresh and spent fuels shall be designed so as to meet
the following requirements.
(1) Structures, systems and components functioning for safety perform a suitable periodical
testing and an appropriate inspection.
(2) The storage systems shall have appropriate containment and air purification systems.
(3) The storage systems shall have appropriate storage capacity.
(4) The handling systems shall have capability to prevent the dropping of fuel assemblies
during transit operation.
2 The storage and handling systems for spend fuels shall be designed so as to meet the
following requirements, in addition to the aforementioned.
(1) Proper shielding for radiation protection shall be available.
(2) The storage systems shall have the system capable of fully removing decay heat and
transporting it to an ultimate heat sink with an associated purification system.
(3) Prevention of excessive decrease of cooling water inventory in the storage systems and
proper leakage detection shall be possible.
(4) The storage systems shall not lose their safety functions even in case of postulated
dropping of fuel assemblies during handling.
G50. Fuel Criticality Prevention
The fuel storage and handling systems shall be so designed that criticality can be prevented in any
postulated case by use of a geometric safety layout or another appropriate means.
G51. Monitoring of Fuel Handling Area
The fuel handling area shall be so designed that the state of events leading to a loss of decay heat
removal capability and excessive radiation levels can be detected and that such a state can be
properly communicated to the site personnel or corrective measures can be automatically taken
against such a state.
Commentary
--------
Supplement (for reference)
---------
December 11, 2008
R1 December 03, 2009
2.9 Radioactive Waste Processing Systems
G52. Radioactive Gaseous Waste Processing Systems
The processing systems for radioactive gaseous waste generated with the reactor operation shall
be so designed that the quality and concentration of radioactive materials released to the
environment can be reduced as low as reasonably achievable through proper filtration, retention,
attenuation, management, etc.
G53. Radioactive Liquid Waste Processing Systems
1 The processing systems for radioactive liquid waste generated with reactor operation shall be
so designed that the quantity and concentration of radioactive materials released to the
environment can be reduced as low as reasonably achievable through proper filtration,
evaporation process, ion exchange, retention, attenuation, management, etc.
2 The radioactive liquid waste processing systems and associated systems shall be designed to
reflect preventive considerations against the leakage of liquid radioactive materials from the
systems and uncontrolled release of those materials to outside the site.
G54. Radioactive Solid Waste Processing Systems
The processing systems for radioactive solid waste generated from nuclear reactor facilities shall be
designed to reflect preventive considerations against the dispersion of radioactive materials in the
process of crushing, compression, burning, solidification, etc. of the radioactive waste.
G55. Radioactive Solid Waste Storage Systems
The radioactive solid waste storage systems shall have enough capacity to store radioactive solid
waste generated from nuclear reactor facilities and be designed to reflect preventive considerations
against the spread of contamination by the waste.
Commentary
G52 and G53. The radioactive gaseous and liquid waste processing systems must be so designed
that the dose equivalent rate to the public can be maintained as low as reasonably achievable and
therefore shall meet the requirements separately specified in the "Guide for Dose Objective around
Light Water Nuclear Power Reactor Facilities."
"Radioactive liquid waste processing systems" are the systems in which radioactive liquid waste
generated with reactor operation together with radioactive waste in liquid form containing such
solids as sludge are separated, collected and properly treated through filtration, evaporation, ion
exchange, retention, attenuation, etc. depending on the properties of the waste.
"Associated systems" refer to the buildings or areas that accommodate processing systems.
Detailed requirements as to being "designed to reflect preventive considerations against leakage of
liquid radioactive materials from the systems and uncontrolled release of those materials to the
outside of the site" is separately specified in "Matters or Basic Principles to be Taken into
Consideration at the Safety Review of Radioactive Liquid Waste Processing Facilities."
December 11, 2008
R1 December 03, 2009
Supplement (for reference)
Refer to the other text "Overview of Dose Evaluation on an Application for Establishment License"
for radiation doses of the general public in the vicinity.
December 11, 2008
R1 December 03, 2009
2.10 Radiation Control
G56. Radiation Protection in the Vicinity of the Site
The nuclear reactor facilities shall be so designed that the dose rate by direct and skyshine gamma
rays generated during normal operation around the site can be reduced as low as reasonably
achievable.
G57. Radiation Protection for Radiation Workers
1 The nuclear reactor facilities shall be designed so as to reflect necessary considerations for
radiation protection in order to reduce the dose equivalent rate in the areas accessible to
radiation workers as low as reasonably achievable by means of shielding, component layout,
remote handling, prevention of the leakage of radioactive materials, ventilation, etc., taking
the work efficiency of radiation workers into account.
2 The nuclear reactor facilities shall incorporate radiation protection measures that will allow
radiation workers to perform necessary operations during abnormal conditions.
G58. Radiation Control for Radiation Workers
The nuclear reactor facilities shall be provided with radiation control systems that adequately
monitor and control radiation exposure in order to protect radiation workers from radiation.
The radiation control systems shall be designed so that necessary information can be displayed in
the control room or in other appropriate places.
G59. Radiation Monitoring
The nuclear reactor facilities shall be designed to enable proper radiation monitoring over at least
reactor containment atmosphere the environmental monitoring area surrounding the nuclear
reactor facility and release paths of radioactive materials and to allow necessary information to be
displayed in the control room or in other appropriate places.
Commentary
G58. "Necessary information can be displayed in the control room or in other appropriate places"
means that the dose rate readings of an area radiation monitor necessary for radiation control can
be displayed in the control room and that the dose rate, concentrations of radioactive materials in
the air and surface densities of radioactive materials on the floor and elsewhere in radiation
controlled areas can be displayed in appropriate places.
G59. "Radiation monitoring" is measurement and surveillance of radioactive materials
concentrations, etc. by means of sampling or radiation monitor.
"Enable proper radiation monitoring" means that surveillance for the release of radioactive
materials and measurement of the dose rate can be performed during normal operations and
abnormal conditions and that radiation sources, release points, vicinity of the nuclear power plant,
anticipated release routes of radioactive materials and other necessary places can be monitored so
that prompt measures can be taken in case of an accident. Detailed requirements as to monitoring
during normal operations are separately specified in the "Guide for Measurement of Radioactive
December 11, 2008
R1 December 03, 2009
Materials Released from Light Water Nuclear Power Reactor Facilities."
Detailed requirements as to the monitoring during an accident are separately specified in the
"Review Guide for Radiation Measurement during Accidents in Light Water Nuclear Power Reactor
Facilities."
Supplement (for reference)
----------
December 11, 2008
R1 December 03, 2009
3. Conclusions
Understanding the background of requirements of the Safety Review Guides for establishment
permit of a nuclear reactor facility in Japan, it is required to review the appropriateness of safety
design applied by electric utilities. The safety-review items are general requirements for a nuclear
reactor facility and design requirements for structures, systems and components with safety
functions. This text mainly discussed the safety-review items in Japan and the interpretation of
their contents.
The author of this text considers that the following items described in "1.1 Fundamentals for
Ensuring Safety" of this text shall be memorized as basic matters for the Safety Review as well as
the requirements of G1 to G59; (1) ensuring safety margin, (2) application of proven technologies,
(3) implementation of strict quality assurance, (4) considerations to human factors, (5) reduction of
radiation exposure, (6) utilization of operational experience information. Moreover, in order to
assess the nuclear reactor facility to be installed in your own country for conformity to safety, a
wide range of knowledge and experiences are required. Looking back upon the early phase of
introducing nuclear reactors in Japan, it started with introduction of nuclear reactor facilities that
had operating history in U.S. The basic designs were adopted as they were, Japan performed some
detailed designs, and the reactor technologies had been introduced through construction and
operation experiences. And then, the construction and operation of successive nuclear reactor
facilities have been promoted independently by Japanese efforts. The regulatory framework has
also been established according to such a process and experiences. And, the regulatory
requirements have been reviewed and enhanced up to now as operation experiences many nuclear
facilities have accumulated. The regulatory bodies and private sectors are always trying hard to
achieve safer nuclear facilities.
As a most recent action, prompted by the Niigata-Chuetsu-Oki Earthquake (occurred in July 2007),
fundamental modification of the "Review Guide for Seismic Design of Nuclear Power Reactor
Facilities" is under way (described in the supplement of G2.) The feedback on new experiences has
always been provided to the guidelines relevant to the Safety Review Guides and related
private-sector guidelines.
For safety verification of nuclear reactor facilities to be newly built, a wide range of technological
knowledge is required, and as the related technologies cover a lot of disciplines, continuous
improvement in technical competence of persons in charge of the review as well as establishment
of an efficient review system is considered indispensable. Texts contained in the course of this
education system "Nuclear Technology & Methods" that show technical details of topics related to
safety at nuclear reactor facilities in Japan, are useful.
This text describes, as mentioned above, design requirements for structures, systems and
components with safety functions, as well as their interpretation and supplemental technical
matters. The electric utility who intends to install a nuclear reactor facility, in order to demonstrate
that the design of the nuclear reactor facility to be built conforms to the design requirements,
develops an application for establishment approval and applies for its establishment approval to the
National Government. Designs of nuclear reactor facilities conforming to design requirements can
be learned using the texts such as "Outline of Safety Design" (Case of PWR) and "Outline of Safety
Design" (Case of BWR). These are synoptic documents and are not the establishment license
December 11, 2008
R1 December 03, 2009
application document. The establishment license application consists of a large volume of
documents covering numerous matters.
References
1 Review Guide for Safety Design of Light Water Nuclear Power Reactor Facilities
2 "Guide to Safety of Light Water Reactor" Masayoshi Shiba, Nuclear Power Engineering
Corporation
3 Nuclear Power Generation Guide, by the Ministry of Economy, Trade and Industry,
Denryoku-Shinpousha
4 "Safety Importance Classification Guide of Electrical Devices and Mechanical Installations
Functioning for Safety ", JEAG 4612 (1998)
5 "Design Guide for Instrumentation and Control System Functioning for Safety", JEAG 4611
(1991)
December 11, 2008
R1 December 03, 2009
Corrosion Products in the Coolant
As shown in Fig. 1 (PWR) and Fig. 2 (BWR), the core of a light water reactor is in a state of high
temperature. Entering from the lower end of the core, the coolant circulates through the nuclear
reactor to remove the heat generated in the core and transport the heat to a steam turbine. For
PWRs, the heat generated in the core increases the coolant temperature, the coolant transfers this
heat to the secondary coolant via steam generators to generate steam, and returns to the pressure
vessel. For BWRs, a part of the coolant turns into steam, and this steam directly drives a turbine.
Then, it returns to the pressure vessel via the condenser and main-feedwater lines. The coolant
circulates through the inside of the reactor cooling system directly contacting with the reactor
pressure vessel, piping etc. During this process, metals get ionized and dissolve into the coolant,
and while passing through the core, they become radioactive corrosion products (CP) due to high
radiation exposure.
In order to reduce buildup of CP in the core, three measures are taken at the light water reactors.
The 1st measure is control of CP generation, the 2nd is control of CP transfer, and the 3rd is
removal of CP in the coolant. In order to control CP generation, it is important to control coolant
water quality and select appropriate materials to be used for the inside surface of a reactor
pressure vessel, core internals, and the inside surfaces of piping or components connected to the
reactor pressure vessel so that metals would not get ionized and dissolve into the coolant. It is
particularly important to use low cobalt materials to reduce the CP radioactivity and thereby reduce
radiation exposure.
For PWRs, it is important to select appropriate materials for steam generator tubes, which account
for one half of the coolant-contact surface area. In addition, the high-temperature and
high-pressure coolant is circulated throughout the primary system prior to plant operation to
formulate the oxide layer on the inside surface of piping or components as a so-called pre-filming
measure.
As a measure to reduce CP migration into the core, BWRs are provided with the condensate
purification system to reduce iron particles carried into the core via the main-feedwater line, and
thereby reduce a build-up of iron oxides on the fuel rod surface (called "crud".) Furthermore, both
of BWRs or PWRs are provided with the coolant clean-up system to remove impurities which come
off from the surfaces of the piping and components connected to the reactor pressure vessel into
the circulating coolant, and reduce CP concentrations.
December 11, 2008
R1 December 03, 2009
Fig.1(PWR)
December 11, 2008
R1 December 03, 2009
Fig.2(BWR)
Related docs
