Shared Flashcard Set


Nuclear Engineering - SQM
Safety At Nuclear Plants
Undergraduate 1

Additional Engineering Flashcards




Distinguish between Nuclear Safety and Public safety

Answer: Common to nuclear safety and public safety, protection of public form radiological hazards associated wit NPP operations


Exclusive to nuclear safety protection of workers and environment from radiological hazards associated with NPP operations

 Exclusive to public safety protection of public from hazards associated with nuclear generation and with transmission, distribution and use of electricity
  Briefly explain the concept of margin of safety as it is incorporated into the design of CANDU and equipment Include in your answer an explanation of “margin to trip”, and how these two concepts are related. 


·         Margin of safety if the difference between the conservatively established operating level of a parameter, and the value where something unsafe would occur.

·         Margin of trip is the difference between the operating level of a parameter and, the level where a safety device would be actuated to prevent the unsafe situation.

·         The two concepts are linked by: providing adequate trip coverage, i.e., having the safety device actuate before the point where something unsafe would occur.

State and briefly describe five barriers built into station, design, which prevent radioactivity from escaping form the fuel and reaching the public, emphasizing how each barrier contributes to the overall goal

1)      Ceramic fuel matrix (pellets)

2)      Fuel sheath

3)      Heat transport boundary

4)      containment system

5)      Exclusion zone.

List three basic assumptions underlying the Nuclear Safety philosophy

1.      design is not perfect

2.      equipment fails occasionally

3.      staff make mistakes occasionally


System and components are expected to have a defined (low) failure rate Sate the Nuclear safety significance of frequent failures of a component before expected wear out period, and how such failures be compensated?  (Give at least 3 compensation strategies)


Significance of frequent component failure before expected wear-out:

  • If the component has a safety-related function, then Nuclear Safety is reduced—i.e. increased risk of an environmental release.

Compensation strategies:

  • Increase test frequency (poised systems)
  • Improve inspection & maintenance
  • Improve component design
  • Change system design to eliminate component, or to increase component redundancy
  • Change operating procedures to reduce stress on component
Reduce operational risk elsewhere to limit overall
List the two – accepted industry practice – types of emergency operations procedures. Briefly explain the differences between these two. Give one example of each.
EOP -> usually result in a reactor trip

-          loss of reactor regulation

-          loss of coolant : HT leaks


AOP – require the reactor to be S/D:


Loss of LPSW (low pressure service water)

Dual RRS failure (Reactor radiating system)

Dual DCC failure

Moderator events

Dual HT pumps failures, etc.

List 4 types of emergencies that may occur at a Nuclear power plant

1)      An incident with significant release of radioactivity to the environment.

2)      On-site emergency involving hazards to plant and/or personnel, such as a fire, explosion, flood, toxic, or asphyxiating gas release, tritium spill in an accessible area, or steam line break.

3)      First aid or rescue incident, potentially involving contaminated casualties

4)      Environmental spills.

5)      Externally initiated events such as a aircraft crash, breach of security, act of terrorism, or earthquake.

State and briefly explain three general aspects of the Defense in Depth approach to dealing with reactor accidents

Prevention: Prevent system/equipment failures by following rigorous operating and maintenance procedures and standards. Prevent upsets which do result from system/equipment failures from escalating into accidents.


Mitigation: Minimize accident consequences by shutting down reactor, ensuring cooling and radioactivity containment.


Management: Implement emergency procedures to manage residual accident consequences.

Once an overpoisoned GSS has been established, a number of conditions must be closely monitored. Identify four of these conditions, and for each one state why the monitoring is required.

Conditions to be monitored during GSS:

1.)    isolation of moderator purification circuit, to prevent inadvertent poison removal

2.)    fueling must not be allowed to insert unknown amount of positive reactivity

3.)    moderator pH must be maintained below 6 to prevent precipitation of Gd poison

4.)    isolation of all means of moderator D2O addition, to prevent dilution of the Gd poison.

5.)    Continual moderator circulation by at least one pump to ensure uniform Gd distribution.

State at least 3 generic requirements of Emergency Operating Procedures

1.)    Ensure reactor power is controlled;

2.)    Ensure fuel cooling is established;

3.)    Ensure containment boundaries are established and maintained;

4.)    Address additional public and personnel safety concerns;

5.)    Address additional environmental concerns;

6.)    Initiate long term stabilization and recovery actions

What should the CRO do if, while one SDS channel is rejected for testing, a second channel is discovered to be impaired

In case the channel rejected for testing cannot be returned to service, the CRO should place the reactor in the guaranteed shutdown state immediately.

Briefly explain the difference between event-based procedures and symptom-based procedures.*

Event based:

-Respond to events which have an immediate effect on the unit

-Requiring response of several major systems

-Involving failure or impairment of one or more of:

1.)Reactor Power Control

2.)Fuel Cooling

3.) Breach of one or more barriers to containment of radioactivity


Symptom Based:

-Parallel instructions for monitoring CSP;

-For restoring to a safe state if initial event misdiagnosis or secondary equipment failure;

-If the event based EOP/AOP does not have the desired effect;

-Provide a “symptom-based” response path for when the event based – response not proceeding in a timely manner or not adequate
List the elements of the primary heat removal chain for full-power operation, and identify the action priorities in the event that the primary heat sink is impaired

The elements of the primary heat removal chain for full-power operation are:

1.)    Heat Transport Pressure Tubes, Pipes and Vessels;

2.)    Main HTS Pumps;

3.)    Steam Generators;


The steam generators are the primary heat sink in a nuclear reactor. If they become unavailable, the unit must be shutdown immediately because all back-up heat removal methods can handle only decay power.

Identify and briefly describe the three engineered layers of control and protection which ensure that the fuel in a nuclear reactor never produces more fission heat than the full-power heat sinks can remove.*

1.)    Normal power regulation by Reactor Regulating System. This is the active process system which normally controls reactor power.

2.)    Setback and stepback functions. They reduce reactor power in the event that a moderate mismatch between heat removal and heat detection is detected.

3.)    Automatic shutdown via the shutdown systems. The shutdown systems insert a large negative reactivity worth into the core in case of a severe mismatch in between heat production and heat removal.

List two situations when Critical Safety parameter monitoring is required. 

-Reactor Trip

-Setback/Setback with power reduced to 1% Full Power or lower

-Automatic initiation of either Emergency Core Injection or Containment Button-up;

Briefly explain the possible reactor safety consequences of OP&P non-compliance, and state in general terms what actions are required if an OP&P is exceeded
Possible Consequences of OP&P Non-Compliance

-plant operation in an unanalyzed, potentially unsafe state.

-In such a state, transients could develop into accident conditions, and the capability to mitigate the consequences of an accident could be impaired.

-reduced Defense in Depth

-Inreased risk due to inferior operating practice

  If an OP&P limit is exceeded:

-          The affected system must be put in a known safe state, using procedures approved by the station manager, OR

-          The affected reactor must be put in a safe shutdown state.


Report the incident to the Manager and CNSC per station procedures.

List three groups that are mainly responsible for conducting surveillance.

Operating Staff

Maintenance Staff

Engineering Support Staff

List and describe three investigative techniques used to uncover the root causes of incidents.

1.)    Barrier Analysis – looks at various barriers in place and asks why they were not effective in preventing the problem.

2.)    Human Performance Enhancement System – Goal is to improve nuclear safety by improving human performance reliability, by correcting the root causes of human performance problems.

3.)    Change Analysis – The steps to the change analysis technique are to identify the problem, identify the changes since the last successful operation, and isolate the change which is responsible for the problem.

List four Critical Safety Parameters

Reactor Power

Reactor Inlet Header (RIH) subcooling Margin

Containment Activity

Containment pressure

Feedwater/Service Water activity

Describe three major benefits of following a policy of rigorous investigation of incidents and full and frank disclosure of the findings, even when damaging to the corporate image. 

Find and correct root causes

-Lesson transfer to other sites

-Increased public confidence

-Reassures Regulator

OP&Ps for a large CANDU plant stipulate that adjuster rods must be inserted and withdrawn in a sequence that is consistent with the design intent. Briefly explain the reason for this requirement.

The supporting safety analysis is based on a limited number of specified adjuster configurations and sequences, and operation in other sequence has not been analyzed;


An unanalyzed configuration could produce an unsafe core flux distribution, which might result in an event which exceeds the capabilities of safety systems, or in local overrating of fuel, possibly even fuel failures, and an environmental release potentially exceeding siting guide emission limits.

List four major categories of events that may occur at a nuclear power plant. Briefly explain the significance of each. 

1.)    Reportable Event

This is the lowest level category of event that might interest the Provincial authorities. The response would be increased monitoring by these authorities from their normal work site.

2.)    Abnormal Incident

These events (e.g. a LOCA with all safety systems working as intended) could result in releases, would invoke enhanced monitoring by Provincial and Emergency Measures staff from their respective operations centres.

3.)    On-site Emergency

Significant atmospheric release or risk of major release later invokes partial activation of the Provincial (and other) nuclear emergency plans.

4.)    General Emergency

Only Category 4, General Emergency, invokes the full activation of the provincial (and other) nuclear emergency plan. These are events involving major off-site atmospheric releases, or the likelihood of such releases. Continuing monitoring and assessment could result in …. ASSIGNMENT QUESTION

Supporting users have an ad free experience!