Safety of NFCFs (Sustainability Assessment)

From INPRO Wiki
Revision as of 12:49, 21 July 2020 by SHIROKIYD (talk | contribs)
Jump to navigation Jump to search 
INPRO basic principle (BP) for sustainability assessment in the area of NFCF safety - The planned NFCF is safer  than the reference NFCF. In the event of an accident, off-site releases of radionuclides and/or toxic chemicals are prevented or mitigated so that there will be no need for public evacuation.

Introduction

Objective

This volume of the updated INPRO manual provides guidance to the assessor of a planned NES (or a facility) on how to apply the INPRO methodology in the area of NFCF safety. The INPRO assessment is expected either to confirm the fulfilment of all INPRO methodology NFCF criteria, or to identify which criteria are not fulfilled and note the corrective actions (including RD&D) that would be necessary to fulfil them. It is recognized that a given Member State may adopt alternative criteria with indicators and acceptance limits that are more relevant to its circumstances. Accordingly, the information presented in Chapters 5 to 10 (INPRO methodology criteria, user requirements and basic principle for sustainability assessment in the area of safety of NFCFs) should be viewed as guidance. However, the use of such alternative criteria should be justified as providing an equivalent level of enhanced safety as the INPRO methodology.
This report discusses the INPRO sustainability assessment method for the area of safety of NFCFs. The INPRO sustainability assessment method for safety of nuclear reactors is discussed in a separate report of the INPRO manual . This publication is intended for use by organizations involved in the development and deployment of a NES including planning, design, modification, technical support and operation for NFCF. The INPRO assessor (or a team of assessors) is assumed to be knowledgeable in the area of safety of NFCFs and/or may be using the support of qualified national or international organizations (e.g. the IAEA) with relevant experience. Two general types of assessors can be distinguished: a nuclear technology holder (i.e. a designer, developer or supplier of nuclear technology), and a (potential) user of such technology. The role of a technology user in an INPRO assessment is to check in a simplified way whether the supplier’s facility design appropriately accounts for nuclear safety related aspects of long term sustainability as defined by the INPRO methodology. A designer (developer) can use this guidance to check whether a new design under development meets the sustainability focused INPRO methodology criteria in the area of fuel cycle safety and can additionally initiate modifications during early design stages if necessary to improve the safety level of the design. The current version of the manual includes a number of explanations, discussions, examples and details so it is deemed to be used by technology holders and technology users.

Scope

This manual provides guidance for assessing the sustainability of a NES in the area of NFCF safety. This report deals with NFCFs that may be potentially involved in the NES, i.e. mining, milling , refining, conversion, enrichment, fuel fabrication, spent fuel storage, and spent fuel reprocessing facilities. It is clear that operations of NFCFs are more varied in their processes and approaches than are nuclear reactor systems. Most significant of these variations is the fact that some countries pursue an open fuel cycle, i.e. spent fuel is treated as a waste, while some others have a policy of closing the fuel cycle, i.e. treating the spent fuel as a resource, and a number of states have yet to make a final decision on an open or closed fuel cycle. Further, diversity is large if one considers different types of fuels used in different types of reactors and the different routes used for processing the fuels before and after their irradiation depending upon the nature of the fuel (e.g. fissile material: low enriched uranium/ natural uranium/ uranium-plutonium/ plutonium/ thorium; fuel form: metal/ oxide/ carbide/ nitride) and varying burnup and cooling times. Taking into account this complexity and diversity, the approach adopted in this report has been to deal with the issues as far as possible in a generic manner, rather than describing the operations that are specific to certain fuel types. This approach has been chosen in order to arrive at a generalized procedure that enables the user of this report (the assessor) to apply it with suitable variations as applicable to the specific fuel cycle technology being assessed. In addition, it is recognized that the defence in depth (DID) approach and ultimate goal of inherent safety form the fundamental tenets of safety philosophy. The DID approach is applied to the specific safety issues of NFCFs.
As the safety issues relevant to the sustainability assessment of refining and conversion facilities are similar to those of enrichment facilities, the INPRO methodology criteria for those two types of facilities are combined in this manual and not discussed separately. Based on similar considerations, the assessments of uranium and uranium-plutonium mixed oxide (MOX) fuel fabrication facilities have likewise been combined . However, particular care must be taken to ensure that using a graded assessment approach and enhanced safety measures for higher risk facilities (e.g. using plutonium or uranium with higher enrichments/criticality risks) will yield appropriately enhanced levels of safety.
It should be noted that for NFCFs the INPRO methodology includes the consideration of chemical and industrial safety issues, principally where these could affect facility integrity or radiological safely. Although otherwise beyond the scope of this guidance, it bears noting that care is required due to the different public perceptions of the risks posed by conventional and radiological events and releases and, conversely, the negative reactions that may be generated about an NFCF’s radiological safety if conventional safety events occur.
In the current version of the INPRO methodology, the sustainability issues relevant to safety of reactors and safety of NFCFs are considered in different areas. Innovative integrated systems combining reactors, fuel fabrication and reprocessing facilities on the same site such as molten salt reactors with nuclear fuel in liquid form and integrated fast reactors with metallic fuel has not been specifically addressed. Reactor and NFCF installations of such integrated systems are expected to be assessed simultaneously and independently against corresponding criteria in the INPRO areas of reactor safety and safety of NFCFs. When more detailed information on the safety issues in integrated systems has been acquired, this approach can be changed in the next revisions of the INPRO methodology.
NFCFs processing nuclear materials in a given stage of the fuel cycle may be based on different technologies with different safety issues. Different kinds of fuel may be fabricated or reprocessed in different facilities serving different reactors. In this report, the discussion is restricted to the fabrication of fuels most commonly used in power reactors; however, the requirements and criteria have been formulated in a sufficiently generic manner and are therefore expected to be applicable to innovative technologies. Nevertheless, the fabrication or reprocessing technologies for innovative types of fuels (e.g. TRISO fuel with carbon matrix, metal fuel, nitride fuel) may involve safety issues requiring the modification of specific INPRO methodology criteria or the introduction of new or complementary criteria. It is expected that the future accrual of more detailed information on safety issues in innovative NFCFs will give rise to proposed modifications of the INPRO criteria and that these will be considered in future revisions of the methodology.
In this version of the INPRO methodology, the transportation of fresh nuclear fuel, spent nuclear fuel, and other radioactive materials or wastes throughout the nuclear fuel cycle has not been generally considered as independent stages of the nuclear fuel cycle. The INPRO methodology does not define specific requirements and criteria for such transportation but assumes that the safety issues of transportation are to be considered as part of the INPRO assessments of those NFCFs from which such packaging and transportation activities originate, e.g. fuel fabrication facilities for fresh fuel transportation and spent fuel storage facilities for spent fuel transportation. The IAEA has developed a set of safety standards to establish requirements and recommendations that need to be satisfied to ensure safety and to protect persons, property and the environment from the effects of radiation in the transport of radioactive material[1][2][3][4][5][6].
This manual does not establish any specific safety requirements, recommendations or criteria. The INPRO methodology is an internationally developed metric for measuring nuclear energy system sustainability and is intended for use in support of nuclear energy system planning studies. IAEA safety requirements and guidance are only issued in the IAEA Safety Standards Series. Therefore, the basic principles, user requirements and associated criteria contained in the INPRO methodology should only be used for sustainability assessments. The INPRO methodology is typically used by Member States in conducting a self-assessment of the sustainability and sustainable development of nuclear energy systems. This manual should not be used for formal or authoritative safety assessments or safety analyses to address compliance with the IAEA Safety Standards or for any national regulatory purpose associated with the licensing or certification of nuclear facilities, technologies or activities.
The manual does not provide guidance on implementing fuel cycle safety activities in a country. Rather, the intention is to check whether such activities and processes are (or will be) implemented in a manner that satisfies the INPRO methodology criteria, and hence the user requirements and the basic principle for sustainability assessment in the area of safety of NFCFs.

Structure

This publication follows the relationship between the concept of sustainable development and different INPRO methodology areas. Section 2 describes the linkage between the United Nations Brundtland Commission’s concept of sustainable development and the IAEA’s INPRO methodology for assessing the sustainability of planned and evolving NESs. It further describes general features of NFCF safety and presents relevant background information for the INPRO assessor. Section 3 identifies the information that needs to be assembled to perform an INPRO assessment of NES sustainability in the area of NFCF safety. Section 4 identifies the different types of facilities that can form part of a nuclear fuel cycle. This section also provides an overview of the general safety aspects of those facilities. Section 5 presents the rationale and background of the basic principle and user requirements for sustainability assessment in the INPRO methodology area of NFCF safety. Criteria are then presented in Sections 6 to 10 along with a procedure at the criterion level for assessing the potential of each NFCF to fulfil the respective INPRO methodology requirements. The Annex presents a brief overview of the selected IAEA Safety Standards for NFCFs that are the basis of the INPRO methodology in this area. The Annex also explains the relationship and differences between the IAEA Safety Standards and the INPRO methodology. Table 1 provides an overview of the basic principle and user requirements for sustainability assessment in the area of NFCF safety.

Table 1. Overview of the INPRO basic principle and User requirements for sustainability assessment in the area of NFCF safety
INPRO basic principle for sustainability assessment in the area of NFCF safety: The planned NFCF is safer than the reference NFCF. In the event of an accident, off-site releases of radionuclides and/or toxic chemicals are prevented or mitigated so that there will be no need for public evacuation.
UR1: Robustness of design during normal operation The assessed NFCF is more robust than the reference design with regard to operation and systems, structures and components failures.
UR2: Detection and interception of AOOs The assessed NFCF has improved capabilities to detect and intercept deviations from normal operational states in order to prevent AOOs from escalating to accident conditions.
UR3: Design basis accidents (DBAs) The frequency of occurrence of DBAs in the assessed NFCF is reduced. If an accident occurs, engineered safety features and/or operator actions are able to restore the assessed NFCF to a controlled state, and subsequently to a safe state, and the consequences are mitigated to ensure the confinement of radioactive and/or toxic chemical material. Reliance on human intervention is minimal, and only required after sufficient grace period.
UR4: Severe plant conditions The frequency of an accidental release of radioactivity into the environment is reduced. The source term of accidental release into the environment remains well within the envelope of the reference facility source term and is so low that calculated consequences would not require public evacuation.
UR5: Independence of DID levels and inherent safety characteristics An assessment is performed to demonstrate that the DID levels are more independent from each other than in the reference design. To excel in safety and reliability, the assessed NFCF strives for better elimination or minimization of hazards relative to the reference design by incorporating into its design an increased emphasis on inherently safe characteristics.
UR6: Human factors (HF) related to safety Safe operation of the assessed NFCF is supported by accounting for HF requirements in the design and operation of the facility, and by establishing and maintaining a strong safety culture in all organizations involved in the life cycle of the facility.
UR7: RD&D for advanced designs The development of innovative design features of the assessed NFCF includes associated research, development and demonstration (RD&D) to bring the knowledge of facility characteristics and the capability of analytical methods used for design and safety assessment to at least the same confidence level as for operating facilities.

NFCF safety issues related to nuclear energy system sustainability

This section presents the relationship of the INPRO methodology with the concept of sustainable development, a comparison of NFCFs with chemical plants and nuclear reactors, and a summary of INPRO recommendations on the application of the DID concept to NFCFs.

The concept of sustainable development and its relationship with the INPRO methodology in the area of NFCF safety

The United Nations World Commission on Environment and Development Report [7](often called the Brundtland Commission Report), defines sustainable development as “development that meets the needs of the present without compromising the ability of future generations to meet their own needs” (para.1). Moreover, this definition:

“contains within it two key concepts:

  • the concept of ‘needs’, in particular the essential needs of the world’s poor, to which overriding priority should be given; and
  • the idea of limitations imposed by the state of technology and social organization on the environment’s ability to meet present and future needs.”

Based on this definition of sustainable development a three-part test of any approach to sustainability and sustainable development was proposed within the INPRO project: 1) current development should be fit to the purpose of meeting current needs with minimized environmental impacts and acceptable economics, 2) current research, development and demonstration programmes should establish and maintain trends that lead to technological and institutional developments that serve as a platform for future generations to meet their needs, and 3) the approach to meeting current needs should not compromise the ability of future generations to meet their needs.
The definition of sustainable development may appear obvious, yet passing the three-part test is not always straightforward when considering the complexities of implemented nuclear energy systems and their many supporting institutions. Indeed, many approaches may only pass one or perhaps two parts of the test in a given area and fail the others. Where deficiencies are found, it is important that appropriate programmes be put in place to meet all test requirements to the extent practicable. Nevertheless, in carrying out an NFCF INPRO assessment, it may be necessary to make judgements based upon incomplete knowledge and to recognize, based upon a graded approach, the variable extent of the applicability of these tests for a given area.
The Brundtland Commission Report’s overview (para.61 in Ref[7]) on nuclear energy summarized the topic as follows:

“After almost four decades of immense technological effort, nuclear energy has become widely used. During this period, however, the nature of its costs, risks, and benefits have become more evident and the subject of sharp controversy. Different countries world-wide take up different positions on the use of nuclear energy. The discussion in the Commission also reflected these different views and positions. Yet all agreed that the generation of nuclear power is only justifiable if there are solid solutions to the unsolved problems to which it gives rise. The highest priority should be accorded to research and development on environmentally sound and ecologically viable alternatives, as well as on means of increasing the safety of nuclear energy.”

The Brundtland Commission Report presented its comments on nuclear energy in Chapter 7, Section III. In the area of nuclear energy, the focus of sustainability and sustainable development is on solving certain well known problems (referred to here as ‘key issues’) of institutional and technological significance. Sustainable development implies progress and solutions in the key issue areas. Seven key issues are discussed:

  1. Proliferation risks;
  2. Economics;
  3. Health and environment risks;
  4. Nuclear accident risks;
  5. Radioactive waste disposal;
  6. Sufficiency of national and international institutions (with particular emphasis on intergenerational and transnational responsibilities);
  7. Public acceptability.

The INPRO methodology for self-assessing the sustainability and sustainable development of a NES is based on the broad philosophical outlines of the Brundtland Commission’s concept of sustainable development described above. Although three decades have passed since the publication of the Brundtland Commission Report and eighteen years have passed since the initial consultancies on development of the INPRO methodology in 2001 the definitions and concepts remain valid. The key issues for sustainable development of NESs have remained essentially unchanged over the intervening decades, although significant historical events have starkly highlighted some of them.
During this period, several notable events have had a direct bearing on nuclear energy sustainability. Among these were events pertaining to non-proliferation, nuclear security, waste management, cost escalation of new construction and, most notably, to nuclear safety.
Each INPRO methodology manual examines a key issue of NES sustainable development. The structure of the methodology is a hierarchy of INPRO basic principles, INPRO user requirements for each basic principle, and specific INPRO criteria for measuring whether each user requirement has been met. Under each INPRO basic principle for the sustainability assessment of NESs, the criteria include measures that take into consideration the three-part test based on the Brundtland Commission’s definition of sustainable development as described above.
The Commission Report noted that national governments were responding to nuclear accidents by following one of three general policy directions:

“National reactions indicate that as they continue to review and update all the available evidence, governments tend to take up three possible positions:

  • remain non-nuclear and develop other sources of energy;
  • regard their present nuclear power capacity as necessary during a finite period of transition to safer alternative energy sources; or
  • adopt and develop nuclear energy with the conviction that the associated problems and risks can and must be solved with a level of safety that is both nationally and internationally acceptable.”

These three typical national policy directions remain consistent with practice to the current day. Within the context of a discussion on sustainable development of nuclear energy systems, it would seem that the first two policy positions cannot result in development of a sustainable nuclear energy system in the long term since nuclear energy systems are either avoided altogether or phased out over time. However, it is arguable that both policy approaches can meet the three-part Brundtland sustainable development test if technology avoidance or phase-out policies are designed to avoid foreclosing or damaging the economic and technological opportunity for future generations to change direction and start or re-establish a nuclear energy system. This has certain specific implications regarding long term nuclear education, knowledge retention and management and with regard to how spent nuclear fuels and other materials, strategic to nuclear energy systems, are stored or disposed of.
The third policy direction proposes to develop nuclear energy systems that “solve” the problems and risks through a national and international consensus approach to enhance safety. This is a sustainable development approach where the current generation has decided that nuclear energy is necessary to meet its needs, while taking a positive approach to develop enhanced safety to preserve the option in the future. In addition to the general outlines of how and why nuclear reactor safety is a principal key issue affecting the sustainability and sustainable development of nuclear energy systems, the Commission Report also advised that several key institutional arrangements should be developed. Since that time, efforts to establish such institutional arrangements have achieved a large measure of success. The Brundtland Commission Report was entirely clear that enhanced nuclear safety is a key element to sustainable development of nuclear energy systems. It is not possible to measure nuclear energy system sustainability apart from direct consideration of certain safety issues.
Understanding the psychology of risk perception in the area of nuclear safety is critical to understanding NES sustainability and sustainable development. In a real measured sense, taking into account the mortality and morbidity statistics of other non-nuclear energy generation technology chains (used for similar purpose), nuclear energy has an outstanding safety record, despite the severe reactor accidents that have occurred. However, it should not be presumed that this means that reactor safety is not a key issue affecting nuclear energy system sustainability. How do dramatically low risk estimations (ubiquitous in nuclear energy system probabilistic risk assessment) sometimes psychologically disguise high consequence events in the minds of designers and operators, while the lay public perception of risk (in a statistical sense) may be tilted quite strongly either toward supposed consequences of highly unlikely, but catastrophic disasters, or toward a complacent lack of interest in the entire subject? This issue has been studied for many years. What should be the proper metrics for the INPRO sustainability assessment methodology given that the technical specialist community has developed an approach that may seem obscure and inaccessible to the lay public?
With regard to nuclear safety, the public are principally focussed on the individual and collective risks and magnitude of potential consequences in case of accidents (radiological, economic and other psychosocial consequences taken together). In the current INPRO manual, the URs and CRs focus on assessment of the NES characteristics associated with the majority of these issues. Unlike several other key sustainability issues assessed in other areas of the INPRO methodology, Brundtland sustainability in the area of nuclear safety is intimately tied to public perception of consequence and risk. Continuously allaying public concern about nuclear reactor safety is central to sustainability and sustainable development of nuclear energy systems.
This report describes how to assess NES sustainability with respect to the safety of NFCFs.

How NFCFs compare with nuclear reactors and chemical plants

As stated in Section 3 of Ref[8], NFCFs imply a great diversity of technologies and processes. They differ from nuclear power plants (NPPs) in several important aspects, as discussed in the following paragraphs.
First, fissile materials and wastes are handled, processed, treated, and stored throughout NFCF mostly in dispersible (open) forms. Consequently, materials of interest to nuclear safety are more distributed throughout NFCF in contrast to NPP, where the bulk of nuclear material is located in the reactor core or fuel storage areas. For example, nuclear materials in current reprocessing plants are present for most or part of the process in solutions that are transferred between vessels used for different parts of the processes, whereas in most NPPs nuclear material is present in concentrated form as solid fuel.
Second, NFCFs are often characterized by more frequent changes in operations, equipment and processes, which are necessitated by treatment or production campaigns, new product development, research and development, and continuous improvement.
Third, the treatment processes in most NFCFs use large quantities of hazardous chemicals, which can be toxic, corrosive and/or combustible.
Fourth, the major steps in NFCFs consist of chemical processing of fissile materials, which may result in the inadvertent release of hazardous chemicals and/or radioactive substances, if not properly managed.
Fifth, the range of hazards in some NFCFs can include inadvertent criticality events, and these events can occur in different locations and in association with different operations.
Finally, in NFCFs a significantly greater reliance is placed on the operator, not only to run a facility during its normal operation, but also to respond to anticipated operational occurrences and accident conditions [9].
Whereas the reactor core of an NPP presents a very large inventory of radioactive material and coolant at high temperature and pressure and within a relatively small volume, the current generation of NFCFs operate at near ambient pressure and temperature and with comparatively low inventories at each stage of the overall process. Accidents in NFCFs may have relatively low consequences when compared against nuclear power plants. Exceptions to this are facilities used for the large scale interim storage of liquid fission products separated from spent fuel and, where applicable, facilities for separating and storing plutonium.
In some cases in an NFCF, there are rather longer timescales involved in the development of accidents and less stringent process shutdown requirements are necessary to maintain the facility in a safe state, as compared to an NPP. Nevertheless, the INPRO area of NFCF safety applies the principles of the DID concept and encourages the NFCF designers to enhance the independence of DID levels in new facilities. NFCFs also often differ from NPPs with respect to the enhanced importance of ventilation systems in maintaining their safety even under normal operation. This is because nuclear materials in these facilities are in direct contact with ventilation or off-gas systems. Various forms and types of barriers between radioactive inventories and operators may have different vulnerabilities. Fire protection and mitigation assume greater importance in an NFCF due to the presence of larger volumes of organic solutions and combustible gases. With fuel reprocessing or fuel fabrication facilities, the wide variety of processes and material states such as liquids, solutions, mixtures and powders needs to be considered in safety analysis.
From this point of view, the safety features of NFCFs are often more similar to chemical process plants than those of NPPs. In addition, radioactivity and toxic chemical releases and criticality issues warrant more attention in NFCFs than in NPPs . Further comparisons of the relevant features of an NPP, a chemical process plant and an NFCF are presented in Table 2.

Table 2. Typical differences between NPPs, chemical process plants and NFCFs (modified from Ref[10]).
Feature NPP Chemical Process Plant NFCF
Type of hazardous materials Mainly nuclear and radioactive materials A variety of materials dependent on the plant (acids, toxins, explosives, combustibles, etc.) - Nuclear and radioactive materials;

- Acids, toxins, combustibles (nitric acid, hydrogen fluoride, solvents, process and radiolytic hydrogen, etc.)

Areas of hazardous sources and inventories - Localized in core, fuel storage and spent fuel pool;

- Standardized containment system, cooling of residual heat, criticality management

Distributed in the process and present throughout the process equipment - Present throughout the process equipment in the facility;

- Consisting both of nuclear materials and chemically hazardous materials;
- Containment relies on both physical barriers and ventilation

Physical forms of hazardous materials (at normal operation) - Fuel in general is in solid form ;

- Other radioactive materials in solid, liquid, gaseous form

Wide variety of physical forms dependent on the process, e.g. solid, liquid, gas, slurry, powder - Wide variety of physical forms of nuclear and radioactive materials;

- Wide variety of physical forms of chemically hazardous materials

As outlined above, from a safety point of view, NFCFs are characterized by a variety of physical and chemical treatments applied to a wide range of radioactive materials in the form of liquids, gases and solids. Accordingly, it is necessary to incorporate a correspondingly wide range of specific safety measures in these activities. Radiation protection requirements for the personnel are more demanding, especially in view of the many human interventions required for the operation and maintenance of an NFCF. The safety issues encountered in various NFCFs have been discussed in [8][9]. A comprehensive description of the safety issues of fuel cycle facilities is provided in Ref[11].

FIG.1. Conceptual comparison of safety characteristics between an NPP and a reprocessing facility.

For most existing NFCFs, the emphasis is on the control of operations using administrative and operator controls to ensure safety as well as engineered safety features, as opposed to the emphasis on engineered safety features used in reactors. There is also more emphasis on criticality prevention in view of the greater mobility (distribution and transfer) of fissile materials. Because of the intimate human contact with nuclear materials in the process, which may include (open) handling and transfer of nuclear materials in routine processing, special attention is warranted to ensure worker safety. Potential intakes of radioactive materials require control to prevent and minimize contamination and thus ensure adherence to specified operational dose limits. In addition, releases of radioactive materials into the facilities and through monitored and unmonitored pathways can result in significant exposures.
The number of physical barriers in an NFCF that are necessary to protect the workers, the environment and the public depends on the potential internal and external hazards, and the consequences of failures; therefore the barriers are different in number and strength for different kinds of NFCFs (the graded approach). For example, in mining, the focus is on preventing contamination of ground or surface water with releases from uranium mining tails. Toxic chemicals and uranium by-products are the potential hazards of the conversion stage and for forms of in-situ mining. In enrichment and fuel fabrication facilities (with no recycling of separated or recovered nuclear material from spent fuel), safety is focused on preventing criticality in addition to avoiding contamination via low-level radioactive material.
It might be possible to enhance safety features in a nuclear energy system by co-location of front end (e.g. mining/ milling, conversion and enrichment, and fuel production facilities) and back end (reprocessing and waste management) facilities. This would have benefits through minimal transport, optimisation and alignment of processes, avoiding multiple handling of radioactive materials in different plants of the fuel cycle and comprehensive and integrated waste treatment and storage facilities.
Compared to safety of operating NPPs, only limited open literature is available on the experience related to safety in the operation of NFCFs. Examples of United States Nuclear Regulatory Commission regulation are provided in Refs[12][13][14][15][16]. Safety of and regulations for NFCFs have been discussed in IAEA meetings and conferences [8][9]. Aspects of uranium mining have been reported extensively [17][18][19][20][21][22][23][24]. The Nuclear Energy Agency of the Organization for Economic Cooperation and Development published a comprehensive report on safety of nuclear installations in 2005[25]. Safety guides on conversion/enrichment facilities, fuel fabrication, reprocessing and spent fuel storage facilities have also been published by the IAEA[26][27][28][29][30]. It is obvious that in well-designed NFCFa, the safety related events that have a high hazard potential will have low frequency of occurrence and vice versa. For example, Fig. 1 (modified from Ref[31]) conceptually compares the relationship between potential consequences and frequency for safety related events in a nuclear power plant and a reprocessing facility.
The figure demonstrates that, compared to accidents in an NPP, an NFCF may have relatively higher consequences of accidents having higher probability of occurrence, e.g. accidental criticality. However, accidents with very high consequences have essentially lower probability than in NPPs and can only occur in a few high inventory NFCFs, typically large reprocessing plants and associated liquid high level waste interim storage facilities[32].

Application of the Defence-In-Depth concept to NFCFs

The original concept of defence in depth was developed by the International Safety Advisory Group (INSAG) and published in 1996 [33]. Historically it is based on the idea of multiple levels of protection, including consecutive barriers preventing the release of radioisotopes to the environment, as already formulated in Ref[34]:

“All safety activities, whether organizational, behavioural or equipment related, are subject to layers of overlapping provisions, so that if a failure were to occur it would be compensated for or corrected without causing harm to individuals or the public at large”

The application of DID to NFCFs takes into account their following features:

  • The energy potentially released in a criticality accident in a fuel cycle facility tends to be relatively small. However, generalization is difficult as there are several fuel fabrication or reprocessing options for the same or different type of fuels;
  • The power density in a fuel cycle facility in normal operation is typically several orders of magnitude less than in a reactor core;
  • In a reprocessing facility, irradiated fuel pins are usually mechanically cut (chopped) into small lengths suitable for dissolution and the resultant solution is further subjected to chemical processes. This may create a possibility for larger releases of radioactivity to the environment on a routine basis as compared to reactors;
  • The likelihood of a release of chemical energy is higher in fuel cycle facilities of reprocessing, re-fabrication, etc. Chemical reactions are part of the processes used for fresh fuel fabrication as well as for reprocessing of spent nuclear fuel.

The numbers of barriers to radioactive releases to the environment depend in different types of NFCFs on the forms, conditions, inventories and radiotoxicity levels of the processed nuclear materials. Table 3 gives a summary of the typical numbers of barriers to radioactive releases to the environment in existing NFCFs at different steps of nuclear fuel cycle.

Table 3. Typical numbers of barriers in existing NFCFs
Facility type Number of barriers
Mining 0–1
Milling / Processing / Conversion 1–2
Enrichment 2
Fuel manufacture Low radioactivity 1–2
High radiotoxicity 2–3
Fresh fuel storage 2
Fresh fuel transportation 2
Spent fuel transportation 3
Spent fuel storage Wet 2
Dry 3
Reprocessing 3
Reprocessing product storage including waste Low radiotoxicity 2
High radiotoxicity 3

Table 4 summarises how INPRO uses the DID concept within this sustainability assessment methodology for the area of NFCF safety. The INPRO methodology applies this DID concept to all NCFCs as part of a graded approach that considers the level of risks in each individual facility.

Table 4. INPRO proposals for applying the defence-in-depth concept to sustainability assessment in the area of NFCF safety
Level DID level purpose[11] INPRO methodology proposals for NFCFs
1 Prevent deviations from normal operation and the failure of items important to safety. Enhance prevention by increasing the robustness of the design, and by further reducing human error probabilities in the routine operation of the plant. Enhance the independence among DID levels.
2 Detect and control deviations from operational states in order to prevent anticipated operational occurrences at the facility from escalating to accident conditions. Give priority to advanced monitoring, alarm and control systems with enhanced reliability and intelligence. Together with qualified procedures for operators, the systems need to be able to anticipate and detect abnormal operational states, prevent their progression and restore normalcy. Enhance the independence among DID levels.
3 Prevent releases of radioactive material and associated hazardous material or radiation levels that require off-site protective actions. Decrease the expected frequency of accidents. Achieve fundamental safety functions by an optimized combination of inherent safety characteristics, passive safety features, automatic systems and operator actions; limit and mitigate accident consequences; minimize reliance on human intervention, e.g. by increasing grace periods. Enhance the independence among DID levels.
4 Mitigate the consequences of accidents that result from failure of the third level of DID and ensure that the confinement function is maintained, thus ensuring that radioactive releases are kept as low as reasonably achievable. Decrease the expected frequency of severe plant conditions; increase the reliability and capability of systems to control and monitor severe accident sequences; reduce the characteristics of the source term of the potential emergency off-site releases of radioactivity Avoid ‘cliff-edge’ failures of items important to safety. Enhance the independence among DID levels.
(5) Mitigate the radiological consequences and associated chemical consequences of releases or radiation levels that could potentially result from accidents. Emergency preparedness is covered in another area of the INPRO methodology called Infrastructure[35].

Necessary INPUT for a sustainability assessment in the area of safety of nuclear fuel cycle facilities

Definition of a nuclear energy system to be assessed

In principle, a clear definition of the nuclear energy system (NES) is needed for an assessment using the INPRO methodology in all its areas. As described in the overview manual of the INPRO methodology , the NES is supposed to be selected, in general, based on an energy planning study. This study is expected to define the role of nuclear power (the amount of nuclear capacity to be installed over time) in an energy supply scenario for a country (or region or globally). Using the results of such a study, the next step is to choose the facilities of the selected NES that fit the determined role of nuclear power in the country (or region). The NES definition should include a schedule for deployment, operation and decommissioning of the individual facilities.
For a NES sustainability assessment in this area of the INPRO methodology, the NFCF to be assessed and a reference design have to be defined. Where possible, the reference design has to be determined as an NFCF of most recent design operating in 2013, preferably from the same designer as the assessed facility, and complying with the current safety standards. In such a case, the INPRO assessment in this area is expected to demonstrate an increased safety level to achieve long term sustainability in the assessed NFCF in comparison to the reference design. If a reference design cannot be identified within the same technology lineage, a similar existing comparable technology or, when other options are not available, an existing facility of different technology used for the same purpose can be used as a reference. If a reference design cannot be defined, it needs to be demonstrated through the assessment of RD&D results that the NFCF design employs the best international practice to achieve a safety level comparable to most recent technology and that the assessed facility is therefore state of the art.

INPRO assessment by a technology user

An INPRO assessor, being a technology user, needs sufficiently detailed design information on the NFCF to be assessed. This includes information relating to the design basis of the plant, engineered safety features, confinement systems, human system interfaces, control and protection systems, etc. The design information needs to highlight the structures, systems and components (important to safety) that are of evolutionary or innovative design[36] and this could be the focus of the INPRO assessment.
In addition to the information on the NFCF to be assessed, the INPRO assessor needs the same type of information on a reference plant design in order to perform a comparison of both designs. Details of the information needed are outlined in the discussion of the INPRO methodology criteria in the following sections.
If not available in the public domain, the necessary design information could be provided by the designer (potential supplier). Therefore, a close co-operation between the INPRO assessor as a technology user and the designer (potential supplier) is necessary as detailed in the INPRO methodology overview manual.
In addition, all relevant operational and maintenance data and history of the reference facility will be useful as well as any records of modifications, any failures and incidents in the reference NFCF or similar facilities.

Results of safety assessments

To assess sustainability, the INPRO assessor will need access to the results of a safety assessment of a reference plant and to the basic design information of the NFCF to be assessed that includes a safety analysis that evaluates and assesses challenges to safety under various operational states, AOO and accident conditions using deterministic and probabilistic methods; this safety assessment is supposed to be performed and documented by the designer (potential supplier) of the NFCF to be assessed.
For an NFCF to be assessed using the INPRO methodology, the safety assessment would need to include details of the RD&D carried out for advanced aspects of the design. Such information is usually found in a (preliminary) safety report (or comparable document) that may be available in public domain or could be provided by the designer (potential supplier) of the NFCF. Thus, as stated before, a close co-operation between the INPRO assessor as a technology user and the designer (potential supplier) is necessary.

INPRO assessment by a technology developer

In principle, an INPRO assessment can be carried out by a technology developer at any stage of the development of an advanced NFCF design. This assessment can be performed as an internal evaluation and does not require results of the formal safety assessment. However, it needs to be recognized that the extent and level of detail of design and safety assessment information available will increase as the design of an advanced NFCF progresses from the conceptual stage to the development of the detailed design. This will need to be taken into account in drawing conclusions on whether an INPRO methodology sustainability requirement for safety has been met by the advanced design.
One potential mode for the technology developer’s use of the INPRO methodology is in performing a limited scope assessment. Limited scope INPRO assessments can be focused on specific areas and specific nuclear energy system installations having different levels of maturity. A limited scope study may assess the facility design under development and may help highlight gaps to be closed in on-going RD&D studies and define the scope of data potentially needed to make future judgements on system sustainability.

Other sources of INPUT

The assessor can use the IAEA Fuel Incident Notification and Analysis System (FINAS) and other international and national event reporting systems for specific and general information relevant to the technology type and detailed design of an advanced NFCF.

INPRO basic principle for sustainability assessment in the area of safety of nuclear fuel cycle Facilities

INPRO basic principle for sustainability assessment in the area of NFCF safety: The planned NFCF is safer than the reference NFCF. In the event of an accident, off-site releases of radionuclides and/or toxic chemicals are prevented or mitigated so that there will be no need for public evacuation.
The main goal of the INPRO basic principle is to encourage the designer/developer to increase the safety level of a new facility to be installed after 2013. To achieve this goal, the INPRO methodology proposes that NFCF designers/ developers undertake the following key measures:

  • Incorporate enhanced defence in depth into an advanced NFCF design as a part of the fundamental safety approach.
  • Incorporate, when appropriate, inherently safe characteristics and passive systems into advanced NFCF designs as a part of a fundamental safety approach to excel in safety and reliability.
  • Reduce the risk from radiation exposures to workers, the public and the environment during construction/ commissioning, operation, and decommissioning of an advanced NFCF.
  • Perform sufficient RD&D work to bring the knowledge of NFCF characteristics and the capability of analytical methods used for design and safety assessment of a plant with innovative features to at least the same confidence level as for a reference plant.
  • Take human factors into account in the design and operation of an NFCF and establish and maintain a safety culture in all organizations involved in a nuclear power program.

The INPRO methodology has developed seven user requirements to specify in more detail the main measures presented above. These user requirements are to be fulfilled primarily by the designer (developer, supplier) of the NES but also in some cases by the operator. As stated before, the role of the INPRO assessor is to check, based on evidence provided by the designer and operator, whether they have implemented the necessary measures as required by the INPRO methodology. The following sections provide rationale and background information for each user requirement (UR).

UR1

ᅠ User requirement UR1: robustness of design during normal operationᅠ

INPRO user requirement UR1 for sustainability assessment in the area of NFCF safety: The assessed NFCF is more robust than the reference design with regard to operation and systems, structures and components failures. The first INPRO user requirement, UR1, for sustainability assessment in the area of NFCF safety is mostly related to the first level of DID, which is focused on preventing AOOs, i.e. deviations from normal operation and failures of items important to safety. AOOs are defined as those conditions of operation that are caused by events associated with internal or external hazards expected to occur one or more times during the lifetime of an NFCF but that do not cause any significant damage to items important to safety nor lead to accident conditions requiring safety features (Level 3 of DID) to control.
In principle, the design (e.g. mechanical, thermal, electrical, etc.) of normal operating systems in any NFCF can be made more robust, i.e. reducing the likelihood of failures, by increasing design margins, improving the quality of manufacture and construction, and by using materials of higher quality. Sufficient margin in the design needs to be provided so that any small deviation (e.g. resulting from failure) of system parameters from normal operation will not lead to an accident.
It is acknowledged that increasing the robustness of an NFCF design is a challenging task that requires optimisation wherever enhancing one aspect can have a negative influence on other aspects in other areas (e.g. in economics, making the system uncompetitive, or in proliferation resistance). Thus, an optimum combination of design measures is necessary for increasing the overall robustness of a design.
It is important to note that for the assessment of all criteria of user requirement UR1 the INPRO assessor (a technology user) needs information on the facility to be assessed and on a reference facility. The assessed NFCF is expected to demonstrate a safety level superior to that of the reference facility. If a reference facility design is not available to the assessor, it needs to be demonstrated that the assessed facility incorporates the most recent technology and that international best practice has been used, i.e. that the facility is state of the art.
For an operating NFCF, the requirements for design, manufacturing, and operation (and decommissioning) are usually specified in (extensive) national standards or in adopted standards from other countries; the most widely known and used standards are the Nuclear Codes and Standards published by the American Society of Mechanical Engineers.
The major means to achieve an increase in robustness in an NFCF are to ensure a high quality of design, construction and operation, including human performance. For new (innovative or evolutionary) NFCF designs, the expected frequencies of AOOs are expected to be reduced relative to a reference design. This reduction could be achieved by such means as using improved materials, simplified designs to minimize failures and errors, improved design margins (mechanical, thermal, electrical, etc.), increased operating margins, increased redundancies of systems, lessened impacts from incorrect human intervention (the system needs to be tolerant of mistakes), more effective and efficient inspections, continuous monitoring of the plant health, etc. Examples of concepts with increased robustness against certain potential hazards are designs that use passive systems deemed potentially more reliable than active systems (e.g. natural convection cooling), higher reliability self-checking control systems (avoidance of deviations from normal operation), use of non-flammable materials (avoidance of fires), etc. The use of inherent safety characteristics is a useful means of achieving robustness and has been highlighted as a separate user requirement, UR5.
For an NFCF under assessment, measures and features are to be developed that ensure that the robustness of the innovative design against internal and external hazards[33] will be comparable or superior to that of the reference design.
For (innovative) designs of NFCFs still under development and for which no standards may yet exist, at least for the first plant to be installed, a conservative design approach according to existing standards can be proposed as discussed for user requirement UR7.
User requirement UR1 considers occupational doses corresponding to Levels 1 and 2 of DID, i.e. at normal operation and for anticipated operational occurrences. It is important to note that UR1 does not consider radiation exposure of workers during accidents. Radiation exposure of workers, public and the environment during/after accidents is dealt with in user requirements UR3 and UR4. A similar approach is supposed to be established for limiting chemical doses to workers.
The need to avoid undue burdens from radiation and/or toxic chemical exposure of the public and the environment during normal operation and AOOs (in an NFCF or nuclear reactor) is covered in a separate area of the INPRO methodology focused on the environmental impacts of stressors[37].
In this context, it bears noting that the International Basic Safety Standards for Radiation Protection and for Safety of Radiation Sources in Ref[38] define acceptable levels of radiation exposure for workers and the public for planned and emergency (accident) exposure situations Additional detailed guidance on occupational radiation protection in NFCFs is provided in Ref[19]. Comparable (mostly national) standards exist for toxic chemicals[39].

UR2

ᅠ User requirement UR2: detection and interception of AOOsᅠ

INPRO user requirement UR2 for sustainability assessment in the area of NFCF safety: The assessed NFCF has improved capabilities to detect and intercept deviations from normal operational states in order to prevent AOOs from escalating to accident conditions.
The second user requirement, UR2, for sustainability assessment in the area of NFCF safety involves the limited consideration of selected provisions in the first DID level and mostly relates to the second level of DID, which deals with detection and control of failures and deviations from normal operational states in order to prevent AOOs from escalating to accident conditions. The objective is met if the plant returns to normal operation either automatically or through operator action after an AOO or component failure and a progression to higher levels of DID is avoided.
In the design of a new NFCF (to be installed after 2013), priority is expected to be given to advanced instrumentation and control (I&C) systems and improved reliability of these systems. The facility needs to be designed to give the operator a sufficient grace period after an AOO or failure. In the longer term, priority can be given to design-specific inherent safety features and to robust and simple (possibly passive) control as well as advanced monitoring and alarm systems.
The main function of the I&C system in this level of DID is to detect deviations from normal operation and failures, produce an alarm, and together with operator actions prescribed in detailed operating procedures, enable rapid return of the facility to normal operating conditions with, ideally, no consequences, e.g. no need for follow up inspections or regulatory event reports.
I&C systems process measurement data from several different kinds of instrumentation. Examples of I&C systems include: conventional process instrumentation, vessel fluid level measurement instrumentation, radiation monitoring and alarm instrumentation, accident instrumentation, and hydrogen detection and measurement instrumentation. These instrumentation sets contain channels of different importance to safety.

UR3

ᅠ User requirement UR3: design basis accidentsᅠ

INPRO user requirement UR3 for sustainability assessment in the area of NFCF safety: The frequency of occurrence of DBAs in the assessed NFCF is reduced. If an accident occurs, engineered safety features and/or operator actions are able to restore the assessed NFCF to a controlled state, and subsequently to a safe state, and the consequences are mitigated to ensure the confinement of radioactive and/or toxic chemical material. Reliance on human intervention is minimal, and only required after sufficient grace period.
The third user requirement, UR3, for sustainability assessment in the area of NFCF safety is mostly related to the third level of DID, which concentrates on the control of accidents to prevent releases of radioactive materials and associated hazardous materials or radiation levels that would require off-site protective actions. The objective is met if the accident consequences are limited to within the design basis. The ‘design bases’ of a facility are the conditions and events taken into account in the NFCF design such that the facility can withstand them by the intended operation of engineered safety features, inherent safety features and prescribed operator interventions without exceeding authorized limits. Thus, a DBA is an accident causing conditions[40] for which a facility is designed, in accordance with established design criteria and conservative methodology, and for which releases of radioactive and/or chemically toxic materials are kept within authorized limits. Authorized limits of radiation exposure after accidents in nuclear facilities are expected to comply with the IAEA Safety Standards[19][38]. Examples of limits for chemical exposure can be found in Ref[39].
A grace period needs to be available before human (operator) intervention is necessary to prevent the escalation of a DBA into an accident with large releases of radioactivity and/or toxic chemicals to the environment. This grace period depends upon the nature of the NFCF, the type of incident, and the system parameters at the time of the incident, etc. However, based on available international experience, a grace period of 10 to 30 minutes is given as the typical decision interval for the operator in the event of a DBA in an NPP[34]. A similar approach could be adapted for NFCFs other than mining and milling activities.
The term ‘controlled state’ is characterized by a situation in which either the facility’s engineered safety features or its prescribed operator interventions are able to compensate for the loss of functionality resulting from a DBA. The term ‘frequency of occurrence’ as used in user requirement UR3 refers to the number of events per NFCF year that lead to a DBA as determined via probabilistic methods (PSA). In the context of DBAs (caused by postulated initiating events associated with internal or/and external hazards), the term ‘grace period’ refers to the time period during which no operator inventions are needed and solely the actions of automatic active (and/or passive) safety features will suffice to keep the analysed DBA from escalating to a severe accident with potentially large releases to the environment.
Passive safety features can provide additional safety gains. Safety features consisting solely of passive components are very often deemed more reliable than active safety features due to missing (or a reduced number of) active components. In addition, no (or very limited) human actions are needed and, thus, the likelihood of human errors is very low. Nevertheless, failures in passive safety features due to human error in design or maintenance, the presence of unexpected phenomena, and potential adverse system interactions, are expected to be analyzed and may need to be compensated by other design measures. It is acknowledged that some kinds of passive safety features can be difficult to design in NFCFs.
Ensuring the confinement of radioactive and/or chemically toxic materials means that the design of engineered safety features and/or operator actions (procedures) for mitigating the consequences of a DBA need to provide deterministically for the continued integrity of at least one barrier to the unacceptable release of radioactive and/or chemically toxic materials following any DBA.

UR4

ᅠ User requirement UR4: severe plant conditionsᅠ

INPRO user requirement UR4 for sustainability assessment in the area of NFCF safety: The frequency of an accidental release of radioactivity into the environment is reduced. The source term of accidental release into the environment remains well within the envelope of the reference facility source term and is so low that calculated consequences would not require public evacuation.
The fourth user requirement UR4 for sustainability assessment in the area of NFCF safety is focused on accident conditions more severe than those in DBAs. It is mainly related to the design extension conditions and to the fourth level of DID, which has the objective to mitigate the consequences of accidents that result from failure of the third level and ensure that radioactive releases are kept as low as reasonably achievable. A severe (nuclear fuel cycle) accident is any event affecting the facility that results in off-site radiological consequences equal to or greater than the high contamination level or radiation level criteria for design extension conditions, i.e. an event more severe than a DBA.
An accidental release of radioactivity could occur if the magnitude of an initiating event (associated with external hazards) exceeds the design basis or additional failures of safety systems and/or operator interventions occur after an initiating event (associated with internal or / and external hazards) that lead to the design extension conditions with severe damage to equipment containing radioactive and / or chemically toxic materials. Consequence mitigation calls for keeping those radioactivity and / or toxic chemicals that are released from internal barriers damaged during an accident inside the NFCF containment/ confinement structure to the extent possible by avoiding any cliff-edge effects that could damage the remaining barrier(s) to external release.
Ref[41] identifies generic criteria for protective actions and other response actions in a nuclear or radiological emergency to reduce the risk of stochastic effects. Projected dose limits indicated as criteria for public evacuation can be used in the INPRO assessment when corresponding national criteria have not been established yet.
For new NFCFs, the capability and reliability of natural and/or engineered processes for controlling complex accident sequences with severe damage is expected to be increased, as well as the capability and reliability of associated instrumentation, control and diagnostic systems. Appropriate severe accident management procedures also need to be developed. Through these measures, the frequency of accidental releases of radioactive and chemically toxic materials can be reduced and the inventory and conditions of release are expected to be constrained to avoid any need to evacuate the population.
When the frequency of accidental releases cannot be calculated with a high level of confidence, the new NFCF design needs to demonstrate deterministically that the probability of an accidental release of radioactivity and/or toxic chemicals into the environment is lower than that for the reference facility, e.g. through improved engineered safety features, prescribed operator actions, and the use of additional inherent safety characteristics or further measures to minimize hazards, and that the consequences (doses, concentrations of toxic chemicals) from an accident would not require public evacuation except as a short term precautionary measure.
It is nevertheless acknowledged that also for new (and advanced) NFCFs, it will still be necessary to establish an emergency preparedness regime[38][41][42] regardless of the safety level of the new NFCF (as discussed in another area of the INPRO methodology focused on infrastructure[35]) in order to meet the objective of the fifth level of the DID concept and the corresponding legal and regulatory requirements.

UR5

ᅠ User requirement UR5: independence of DID levels AND inherent safety characteristicsᅠ

INPRO user requirement UR5 for sustainability assessment in the area of NFCF safety: An assessment is performed to demonstrate that the DID levels are more independent from each other than in the reference design. To excel in safety and reliability, the assessed NFCF strives for better elimination or minimization of hazards relative to the reference design by incorporating into its design an increased emphasis on inherently safe characteristics.
As discussed in Section 2.3, the different levels of DID focus on facility conditions ranging from operational to accident states. The DID levels are arranged with increasing severity from operational states (Level 1) to the control of severe plant conditions, including the prevention of accident progression and the mitigation of severe accident consequences (Level 4). As stated in Ref[33], the general goal of DID is to ensure that even a combination of equipment or human (operator) failures at one level of defence “would not propagate to jeopardize defence in depth at subsequent levels”. Thus, independence of the safety features designed to cope with processes in the different levels of defence is key to meeting this goal.
To confirm sufficient independence of the DID levels in the assessed NFCF design, a safety assessment is supposed to be performed by the designer (potential supplier) using a suitable combination of deterministic and probabilistic approaches, or hazards analysis.
INPRO user requirement UR5 covers also the role of inherent safety characteristics in new NFCF designs (to be installed after 2013). An inherent safety characteristic is defined in Ref[43] as a fundamental property of a design concept that results from the basic choices in the materials used or in other aspects of the design that assure that a particular potential hazard cannot become a safety concern in any way. The term inherent safety is normally used with respect to a particular characteristic, not to the plant as a whole; e.g. an area is inherently safe against internal fire if it contains no combustible material. An increased use of inherent safety characteristics in the design will strengthen accident prevention in advanced NFCFs by reducing hazards.
The design of a new NFCF is expected to be such that hazards are eliminated (if possible) or minimized, e.g. avoiding explosions by eliminating or minimizing the use of explosive gases. If hazards cannot be eliminated, appropriate equipment needs to be installed to prevent potential damage and to protect the installation, its personnel, the public and the environment. In addition, administrative measures need to be implemented to avoid operator errors to the extent possible.
The analysis of an inherent safety characteristic is difficult but can be possible with the application of adequate mathematical models and, in some cases, by experimental investigations. The analysis of hazards and their consequences needs to be performed using deterministic and probabilistic approaches. For the deterministic approach, engineering judgment, operating experience, validation of design tools and continuous exchanges of information with other industries are mandatory. For probabilistic approaches, the methods likewise need to be validated and the data used needs to be reliable. Analyses are expected to cover all operating states, including normal operation, shutdowns, and maintenance and repair intervals.
There are also external hazards associated with the site of an NFCF. Examples of external hazards related to siting include earthquakes, flooding, storms, airplane crashes, and fires and explosions outside the plant. By selecting an appropriate site for an NFCF, these hazards can be minimized.
The necessary RD&D effort to achieve sufficient confidence in advanced designs with increased inherent safety characteristics is discussed in user requirement UR7.

UR6

ᅠUser Requirement UR6: human factors related to safetyᅠ

INPRO user requirement UR6 for sustainability assessment in the area of NFCF safety: Safe operation of the assessed NFCF is supported by accounting for HF requirements in the design and operation of the facility, and by establishing and maintaining a strong safety culture in all organizations involved in the life cycle of the facility.
There are two aspects of safety covered in this user requirement. The first aspect focuses on the design of safety related equipment to minimize effects from human errors. The second aspect covers the attitude to safety of workers in the nuclear facilities and related organizations.
The importance of human factors to the safe and reliable operation of nuclear facilities is globally recognized and is an issue that needs to be dealt with systematically in an NFCF design. The designer of a new NFCF is expected to place increased emphasis on human factors to minimize the possibilities for human (e.g. operator or maintenance worker) error. Any relevant experience available from operating NFCFs and the best practices from other industries such as aircraft and chemical plants need to be considered for this process.
There are two perspectives on human factors. On the one side, the operating staff members are seen as valuable resources who play important roles in facility operation, inspection, testing and maintenance, and who sometimes compensate for deficiencies in automatic systems. On the other side, human intervention can also be seen as having limited reliability and a potential to cause disturbances whose consequences need to be taken into account in the design of all facility systems and functions in order to ensure sufficient levels of safety and availability of the facility.

FIG. 2. Components of safety management[44].

The INPRO task group on safety has summarized the possible negative contributions to accident hazards from human actions into three groups:

  • Human errors during plant operation, testing or maintenance that contribute to the failure or unavailability of systems;
  • Human errors during plant operation, testing or maintenance that give rise to an initiating event; and
  • Human interventions during incident or accident situations that negatively influence the sequence of events.

As a common design principle, it needs to be ensured that:

  • Functions assigned to the operating staff constitute consistent tasks that align with the abilities and strengths of the operating staff (e.g. appropriate degrees of automation, appropriate numbers of tasks, appropriate sharing among centralized and local operating actions);
  • The man-machine interface (e.g. control room, screen-based and conventional control means, processing of information to be presented to the operators) optimally supports the tasks of operators and minimizes the potential for human errors.

It is expected that the ability to predict human response to both normal and abnormal situations will improve significantly over the next decades and will have a major impact on facility design and operation. Simulator technologies are constantly improving and can thus allow more realistic representations (and progression predictions) of transient and accident plant states in expert systems.
A human factors engineering (HFE) program plan needs to be an essential part of the NFCF design process that helps to integrate the operating staff and facility systems and to minimise the frequency of potential human errors. Ref[45] has defined HFE as follows: “The application of knowledge about human capabilities and limitations to designing the plant, its systems, and equipment. HFE affords reasonable assurance that the design of the plant, systems, equipment, human tasks, and the work environment are compatible with the sensory, perceptual, cognitive, and physical attributes of the personnel who operate, maintain, and support the plant or other facility”. Listed below are examples of some design and operational features and assessments that are largely already implemented in existing NFCFs but can be subjected to further improvements in new NFCFs:

  • Feedback from experience including a formal methodology;
  • A probabilistic safety assessment (PSA) taking human error into account;
  • Use of adequate (and quantitative) models that consider the causes of human error and, as such, may help the designer find appropriate measures to avoid the causes of human errors and thus minimize their occurrence;
  • The existence of a separate main control room;
  • Visualization of the status of facility equipment (components, systems, etc.), the dynamics of processes, the performance of automated processes and their relation with the state of the facility in a manner that helps guide operator actions;
  • Monitoring by knowledge-based (expert) systems;
  • Appropriate ambient conditions in safety relevant rooms (e.g. main control room);
  • Appropriate plant operating procedures (e.g. alarm sheets, procedures for normal operations, incidents and accident situations);
  • Formal verification of adequate design implementation;
  • Management of human reliability (e.g. personnel selection, periodic training, etc.).

The term ‘safety culture’ was introduced in 1986 by the International Safety Advisory Group in a summary report of the post-accident review meeting on the Chernobyl accident[46] and was further elaborated in Refs[34][47]. Ref[47] defined safety culture in the following way :

“Safety culture is the assembly of characteristics and attitudes in organizations and individuals, which establish that, as an overriding priority, protection and safety issues receive the attention warranted by their significance”.

This definition emphasizes that safety culture relates to the structure and style of organizations (governmental institutions, owner/operator, and industrial entities) as well as to the habits and attitudes of individuals (managers and employees). Safety culture demands a commitment to safety on three levels: policy, management and individual[44][48][49][50][51][52][53][54]. The policy level requires a clear statement of safety policy, adequate management structures and related resources, and the establishment of self-regulation (by regular review). To fulfil their commitments, managers need to define clearly the responsibilities, accountabilities and safety practices for the control of work, ensure that staff are qualified and trained, establish a system of rewards and sanctions, and perform audits, reviews and benchmarking comparisons. In carrying out their tasks, individuals need to maintain an attentive and questioning attitude, adopt a rigorous and prudent approach, and participate in effective communications (see Fig. 2 taken from Ref[44]). The importance of the management system for safety culture in nuclear facilities has been described in Ref[44], which defines this system as “those arrangements made by the organization for the management of safety in order to promote a strong safety culture and achieve good safety performance”. Organizations go through a number of stages in developing their safety cultures[48]:

  • Safety is compliance driven and is based mainly on rules and regulation;
  • Good safety performance becomes an organizational goal;
  • Safety is seen as a continuing process of improvement to which everyone can contribute.

Ref[49] presents practical advice on how to strengthen safety culture. The status of requirements for establishing, implementing, assessing and continually improving a management system for safety culture are reflected in the IAEA Safety Standards, e.g. Refs[50][51][52][53]. These include generic guidance on establishing, implementing, assessing and continually improving such a management system. As outlined above, safety culture is a complex concept (see also Ref[54]) and there is no single indicator that can be used for determining its status. To capture both observable behaviour and people’s attitudes and basic beliefs, several methods need to be applied including interviews, focus groups, questionnaires, observations and document reviews.
When applying these assessment tools, the key safety culture characteristics and attributes described in Refs[44][51] can be used for the identification of strengths and weaknesses in an organization’s safety culture. Annex 1 of Ref[44]sets out a series of questions for each of the major areas of concern – safety requirements and organization, planning, control and support, etc. – that are helpful in assessing the effectiveness of a safety management system and the status of an organization’s safety culture. Monitoring and measurement of the established and implemented management system effectiveness, self-assessment and performance evaluation of management at all levels, independent assessments conducted regularly, management system reviews, identification of non-conformance and establishment of corrective and preventive actions, and finally identification of improvement opportunities[50][51] are all important elements to consider as evidence as to whether safety culture prevails.
The assessment of a safety culture can only be completed once an organization is actually operating a facility. But the necessity to inculcate a safety culture within an organization and the necessity of a safety management system need to be recognized in the planning phase for a NES. Furthermore, the proposed policies and management structures of the owner/operator can be assessed prior to operation to determine if they are consistent with safety culture. IAEA offers a service to its Member States called ISCA (Independent Safety Culture Assessment) that can assist with evaluating the status of safety culture.

UR7

ᅠUser requirement UR7: necessary RD&D for ADVANCED designsᅠ

INPRO user requirement UR7 for sustainability assessment in the area of NFCF safety: The development of innovative design features of the assessed NFCF includes associated research, development and demonstration (RD&D) to bring the knowledge of facility characteristics and the capability of analytical methods used for design and safety assessment to at least the same confidence level as for operating facilities.
INPRO user requirement UR7 discusses the necessary RD&D efforts for developing NFCFs with primarily innovative but also evolutionary design features.
It is well known that intensive research may be needed to bring the level of knowledge of facility behaviour and the capability of computer codes to model phenomena and system behaviour for innovative NFCF designs to at least the same confidence level as for operating facilities.

FIG. 3. Overview of the different tasks for definition of RD&D

A sound knowledge of the phenomena (e.g. chemical reaction rates, partition coefficients, solubility), and component and system behaviour, where applicable, is required to support the development of analysis tools for NFCF accidents. Hence, the more a facility differs from operating designs, the more RD&D is required. RD&D provides the basis for understanding events that threaten the integrity of barriers defined by the defence in depth concept. RD&D is also expected to provide information to reduce allowances for uncertainties in design, operating envelopes, and in estimates of accident frequencies and consequences.
For most NFCFs, it is acknowledged that the analytical tools (modelling tools) needed for completing a safety assessment comparable to the safety assessments done for nuclear reactors are currently not yet available. To promote the development of safety codes and analytical methods in the area of NFCF safety, the INPRO task group has described a situation that can hopefully be reached within the next decades.
As the development of an innovative design proceeds, RD&D is carried out to identify phenomena important to facility safety and operations and to develop and demonstrate an understanding of such phenomena. At any given point in the development process, the current understanding is incorporated into computer or analytical models that form the basis for design analysis and safety assessments. Such models are then used as tools for sensitivity analyses to identify important parameters and estimate safety margins. The results of such analyses are also used to identify coupled effects and interactions among systems that are important to safety. It is not unusual to obtain unexpected results, particularly in the early stages of development. The results, whether expected or not, are used to guide the RD&D program in efforts such as those to improve conceptual understanding, obtain more accurate data, confirm the extent of system interactions/independence, and adequately characterize the design. The RD&D, in turn, leads to improvements in understanding and in the analytical tools used in design and safety analyses.
The process is iterative: At the pre-conceptual stage of development, physical understanding, analytical models, supporting data bases, and codes may be simplistic and involve significant uncertainties. As development proceeds, understanding increases and uncertainties (both in conceptual understanding and in data) are reduced, and the validation of analytical models and codes improves. At the time of commercialization, all safety relevant phenomena and system interactions need to be identified and understood and the associated codes and models need to be adequately qualified and validated for use in the safety analyses, which in turn demonstrate that the facility design is safe. Complementary aspects are outlined in Ref[55].
At least the following requirements need to be met by the RD&D program of a developer for an innovative or evolutionary design:

  • All significant phenomena affecting safety associated with the design and operation of an innovative NFCF have to be identified, understood, modelled and simulated (this includes the knowledge of uncertainties, and the effects of scaling and environment);
  • Safety-related systems, structures and components behaviour need to be modelled with acceptable accuracy, including knowledge of all safety-relevant parameters and phenomena, and validated with a reliable database.

Figure 3 gives an overview of tasks to be performed in defining the necessary RD&D for an innovative design.
For an innovative design, the first task is to identify all technology differences from operating designs. To identify the knowledge state and the importance of phenomena and system behaviour, an appropriate tool has to be used such as the PIRT process (Phenomena Identification and Ranking Tables), which is based mainly on engineering judgment. In addition, the adequacy and applicability of design and safety analysis computer codes have to be assessed. Both the PIRT results and the assessment of the adequacy and applicability of related computer codes inform the identification and prioritization of required RD&D efforts. An additional peer review by researchers and appropriate safety experts would strengthen the choice of the selected RD&D tasks.
Besides phenomenological data, reliability data including uncertainty bands[56] for designated components need to be evaluated to the extent possible. This is especially valid for passive safety features. During the process of generating new and/or more detailed data (e.g. for computation fluid dynamics codes) the selected RD&D tasks are expected to be repeatedly assessed and necessary changes adopted. Qualified data need to be included in a technology base, e.g. validation matrices.

Concluding remarks

To assess long term sustainability with regard to the safety of an NFCF to be installed after 2013, the INPRO methodology has formulated one basic principle with seven user requirements. INPRO’s sustainability assessment approach in the area of NFCF safety is based on the IAEA Safety Standards and, as derived from those, the application of a DID oriented strategy for comparing the safety attributes of the assessed NFCF designs to those of reference designs. The assessment approach is supported by an increased emphasis on inherent safety characteristics and, where appropriate, passive safety features. Greater independence of the different levels of defence in depth is considered a key element for avoiding failure propagation from one DID level to the next. Using a graded approach, the number of physical barriers in a nuclear facility that are necessary to protect the environment and people depends on the potential internal and external hazards and the potential consequences of failures; therefore, the barriers will vary in number and strength depending on the type of NFCF.
The end point of the enhanced defence in depth strategy of the INPRO methodology is that, even in case of accidents, no emergency environmental releases of radioactivity and/or toxic chemicals can occur that would necessitate public evacuation. Nevertheless, effective emergency planning, preparedness and response capabilities will remain a prudent requirement.

Adaptation of the INPRO methodology to uranium and thorium mining and milling

See Mining and milling of uranium and thorium to find necessary background with a short description of the main processes found in a facility for uranium and thorium mining and milling (or processing). The sustainability assessment method is described in terms of the corresponding criteria of the INPRO methodology in the area of safety, which are adapted as necessary to the specific issues potentially affecting this type of NFCF.
The INPRO methodology for sustainability assessment in the areas of nuclear safety was developed originally with a focus on nuclear power plants and was later adapted to NFCFs. The use of the INPRO methodology for an assessment of a uranium or thorium mining and milling facility required significant modifications of the methodology, as several user requirements and criteria are not directly applicable for such a facility. This section presents how the INPRO methodology in the area of NFCF safety was adapted to a mining and milling facility.

INPRO basic principle for sustainability assessment of uranium and thorium mining and milling facilities in the area of safety

INPRO basic principle for sustainability assessment of uranium or thorium mining and milling facility in the area of safety: The planned uranium or thorium mining and milling facility is safer than the reference mining and milling facility.
The rationale for the BP was provided in Section 5. The definition of the reference NFCF is at NFCF page. This definition comprises several options that can be used to determine the reference NFCF depending on the type of facility assessed and the specific technology used. In the context of uranium and thorium mining and milling, the concept of a reference design is primarily applicable to a milling facility and tailings management facility. Definition of the reference facility for the mine assessed can be fairly challenging compared to other types of NFCF because of very broad variety of technologies used in mining as stipulated by the different types of deposits and different geological/ hydrological conditions. However, when a reference facility cannot be defined for a given mine, at least the systems dealing with radiological hazards (e.g. shielding, ventilation, protection against radon and dust) can be assessed against INPRO criteria.
The INPRO methodology has defined a set of requirements for mining and milling facilities and criteria for the assessment. Several INPRO criteria defined for the sustainability assessment of mining and milling facilities in the area of safety involve consideration of ‘state of the art’ concept as the acceptance limits. These sustainability assessment criteria are related to those specific features of the mining and milling facilities that are important to radiation protection and safety (control of radiation sources). The criteria should therefore not be interpreted as nuclear safety recommendations, industrial safety requirements or general requirements for the mining or milling technology used.
The INPRO methodology user requirements pertaining to mining and milling facilities are displayed in Table 5.

Table 4. INPRO User requirements and criteria for sustainability assessment of mining and milling facilities in the area of NFCF safety
User requirement Criteria Indicator (IN) and Acceptance Limit (AL)
UR1: Robustness of design during normal operation:

The design for the mining/ milling facility assessed is more robust than the reference design with regard to operation and systems, structures and component failures.

CR1.1: Design of normal operation systems IN1.1: Robustness of design of normal operation systems.
AL1.1: Superior to that in the reference design.
CR1.2: Facility performance IN1.2: Facility performance attributes.
AL1.2: Superior to those in the reference design
CR1.3: Inspection, testing and maintenance IN1.3: Capability to inspect, test and maintain.
AL1.3: Superior to that in the reference design.
CR1.4: Failures and deviations from normal operation IN1.4: Expected frequency of failures and deviations from normal operation.
AL1.4: Lower than that in the reference design.
CR1.5: Occupational dose IN1.5: Occupational dose values during normal operation and AOOs.
AL1.5: Lower than the dose constraints.
UR2: Detection and interception of AOO:

The mining/milling facility assessed is capable to monitor, detect and intercept deviations from normal operational states in order to prevent AOOs from escalating to accident conditions.

CR2.1: I&C systems and operator procedures IN2.1: I&C system to monitor, detect, trigger alarms, and, together with operator actions, intercept and compensate AOOs that could lead to radiation exposure of workers.
AL2.1: Availability of such systems and/or operator procedures.
CR2.2: Grace periods for AOOs IN2.2: Grace periods until human (operator) actions are required after detection (and alarm) of AOOs.
AL2.2: Adequate grace periods are defined in the design analyses.
UR3: Accidents:

The frequency of occurrence of accidents in the mining/ milling facility assessed is reduced. If an accident occurs, engineered safety features and/or operator actions are able to restore the facility assessed to a controlled state, and subsequently to a safe state, and the consequences are mitigated to ensure the confinement of nuclear and/or toxic chemical material. Reliance on human intervention is minimal, and only required after sufficient grace period.

CR3.1: Frequency of accidents IN3.1: Calculated frequency of occurrence of accidents.
AL3.1: Lower than that in the reference design.
CR3.2: Engineered safety features and operator procedures IN3.2: Reliability and capability of engineered safety features and/or operator procedures.
AL3.2: Superior to those in the reference design.
CR3.3: Grace periods for accidents IN3.3: Grace periods for accidents until human intervention is necessary.
AL3.3: Longer than those in the reference design.
CR3.4: Barriers IN3.4: Number of confinement barriers maintained (intact) after an accident.
AL3.4: At least one.
UR4: Severe plant conditions None User requirement UR4 was found to be not directly applicable to a mining and milling facility
UR5: Inherent safety characteristics:

To excel in safety and reliability, the mining/ milling facility assessed strives for elimination or minimization of some hazards relative to the reference design by incorporating into its design an increased emphasis on inherently safe characteristics.

CR5.1: Minimization of hazards IN5.1: Examples of hazards: fire, flooding, release of radioactive material, radiation exposure, etc.
AL5.1: Hazards minimized according to the state of the art.
UR6: Human factors related to safety:

Safe operation of the mining/ milling facility assessed is supported by accounting for HF requirements in the design and operation of the facility, and by establishing and maintaining a strong safety culture in all organizations involved in the life cycle of the facility.

CR6.1: Human factors IN6.1: Human factors addressed systematically over the life cycle of the mining/ milling facility assessed.
AL6.1: Evidence is available.
CR6.2: Attitude to safety IN6.2: Prevailing safety culture.
AL6.2: Evidence is provided by periodic safety reviews.
UR7: RD&D for advanced designs:

The development of innovative design features of the mining/ milling facility assessed includes associated RD&D to bring the knowledge of facility characteristics and the capability of analytical methods used for design and safety assessment to at least the same confidence level as for operating facilities.

CR7.1: RD&D IN7.1: RD&D status.
AL7.1: RD&D defined, performed and database developed.
CR7.2: Safety assessment IN7.2: Adequate safety assessment.
AL7.2: Approved by a responsible regulatory authority.

UR1 (mining)

[ + ]
Assessment Methodology
Areas of INPRO Sustainability Assessment OverviewEconomicsSafety (Nuclear Reactors)Safety (NFCF)Waste managementEnvironmental Impact on StressorsEnvironmental Impact from Depletion of ResourcesInfrastructure
Requirements Basic PrincipleUser requirementsCriteria

References

  1. INTERNATIONAL ATOMIC ENERGY AGENCY, Regulations for the Safe Transport of Radioactive Material, IAEA Safety Standards Series No. SSR-6 (Rev. 1), IAEA, Vienna (2018).
  2. INTERNATIONAL ATOMIC ENERGY AGENCY, Advisory Material for the IAEA Regulations for the Safe Transport of Radioactive Material, IAEA Safety Standards Series No. TS-G-1.1 (Rev. 1), IAEA, Vienna (2008).
  3. INTERNATIONAL ATOMIC ENERGY AGENCY, Planning and Preparing for Emergency Response to Transport Accidents Involving Radioactive Material, IAEA Safety Standards Series No. TS-G-1.2 (ST-3), IAEA, Vienna (2002).
  4. INTERNATIONAL ATOMIC ENERGY AGENCY, Compliance Assurance for the Safe Transport of Radioactive Material, IAEA Safety Standards Series No. TS-G-1.5, IAEA, Vienna (2009).
  5. INTERNATIONAL ATOMIC ENERGY AGENCY, The Management System for the Safe Transport of Radioactive Material, IAEA Safety Standards Series No. TS-G-1.4, IAEA, Vienna (2008).
  6. INTERNATIONAL ATOMIC ENERGY AGENCY, Radiation Protection Programmes for the Transport of Radioactive Material, IAEA Safety Standards Series No. TS-G-1.3, IAEA, Vienna (2007).
  7. 7.0 7.1 UNITED NATIONS, Our Common Future (Report to the General Assembly), World Commission on Environment and Development, UN, New York (1987).
  8. 8.0 8.1 8.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of and Regulations for Nuclear Fuel Cycle Facilities, Technical Committee meeting in Vienna (2000), IAEA-TECDOC-1221, IAEA, Vienna (2001).
  9. 9.0 9.1 9.2 RANGUELOVA, V., NIEHAUS, F., et al, Safety of Fuel Cycle Facilities, Topical Issue Paper No.3 in Proceedings of International Conference on Topical Issues in Nuclear Safety, Vienna, 3-6 Sept. 2001, IAEA, STI/PUB/1120, IAEA, Vienna (2002).
  10. INTERNATIONAL ATOMIC ENERGY AGENCY, Procedures for Conducting Probabilistic Safety Assessment for Non-Reactor Nuclear Facilities, IAEA-TECDOC-1267, IAEA, Vienna (2002).
  11. 11.0 11.1 INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Nuclear Fuel Cycle Facilities, IAEA Safety Standards, Specific Safety Requirements No. SSR-4, IAEA, Vienna (2017).
  12. NUCLEAR REGULATORY COMMISSION, Standard Review Plan for the Review of a License Application for a Fuel Cycle Facility, NUREG-1520 Rev.1. US NRC, Washington (2010).
  13. NUCLEAR REGULATORY COMMISSION, Standard Review Plan for the In-Situ Leach Uranium Extraction License Application, NUREG-1569. US NRC, Washington (2003).
  14. NUCLEAR REGULATORY COMMISSION, Consolidated Guidance about Material Licensees, NUREG-1556 series. US NRC, Washington (1998).
  15. NUCLEAR REGULATORY COMMISSION, Integrated Safety Analysis Guidance Document, NUREG-1513. US NRC, Washington (2001).
  16. NUCLEAR REGULATORY COMMISSION, Risk Analysis and Evaluation of Regulatory Options for Nuclear By-product Materials Systems, NUREG/ CR-6642. US NRC, Washington (2000).
  17. NTERNATIONAL ATOMIC ENERGY AGENCY, Treatment of Liquid Effluent from Uranium Mines and Mills, IAEA-TECDOC-1419, IAEA, Vienna (2005).
  18. INTERNATIONAL ATOMIC ENERGY AGENCY, The Long Term Stabilization of Uranium Mill Tailings, IAEA-TECDOC-1403, IAEA, Vienna (2004).
  19. 19.0 19.1 19.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Occupational Radiation Protection, Safety Guide, IAEA Safety Standards No. GSG-7, IAEA, Vienna (2018).
  20. INTERNATIONAL ATOMIC ENERGY AGENCY, Monitoring and Surveillance of Residues from the Mining and Milling of Uranium and Thorium, Safety Reports Series No. 27, IAEA, Vienna (2003).
  21. INTERNATIONAL ATOMIC ENERGY AGENCY, Management of Radioactive Waste from the Mining and Milling of Ores, Safety Guide, IAEA Safety Standards Series No. WS-G-1.2, IAEA, Vienna (2002).
  22. INTERNATIONAL ATOMIC ENERGY AGENCY, Guidebook on Good Practice in the Management of Uranium Mining and Mill Operations and the Preparation for their Closure, IAEA-TECDOC-1059, IAEA, Vienna (1998).
  23. INTERNATIONAL ATOMIC ENERGY AGENCY, Innovations in Uranium Exploration, Mining and Processing Techniques, and New Exploration Target Areas, IAEA-TECDOC-868, IAEA, Vienna (1996).
  24. INTERNATIONAL ATOMIC ENERGY AGENCY, Guidebook on Environmental Impact Assessment for In Situ Leach Mining Projects, IAEA-TECDOC-1428, IAEA, Vienna (2005).
  25. OECD/NUCLEAR ENERGY AGENCY (NEA), The Safety of the Nuclear Fuel Cycle, Third Edition, NEA No.3588, OECD/NEA, Paris (2005).
  26. INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Conversion Facilities and Uranium Enrichment Facilities, IAEA Safety Standards, Specific Safety Guide No. SSG-5, IAEA, Vienna (2010).
  27. INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Uranium Fuel Fabrication Facilities, IAEA Safety Standards, Specific Safety Guide No. SSG-6, IAEA, Vienna (2010).
  28. INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Uranium and Plutonium Mixed Fuel Fabrication Facilities, IAEA Safety Standards, Specific Safety Guide No. SSG-7, IAEA, Vienna (2010).
  29. INTERNATIONAL ATOMIC ENERGY AGENCY, Storage of Spent Nuclear Fuel, IAEA Safety Standards, Specific Safety Guide No. SSG-15, IAEA, Vienna (2012).
  30. INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Nuclear Fuel Reprocessing Facilities, IAEA Safety Standards, Specific Safety Guide No. SSG-42, IAEA, Vienna (2017).
  31. UEDA, Y., Current Studies on Utilization of Risk Information for Fuel Cycle Facilities in Japan, Workshop on Utilization of Risk Information for Nuclear Safety Regulation, Tokyo, May (2005).
  32. INTERNATIONAL ATOMIC ENERGY AGENCY, Experiences and Lessons Learned Worldwide in the Cleanup and Decommissioning of Nuclear Facilities in the Aftermath of Accidents, IAEA Nuclear Energy Series No. NW-T-2.7, IAEA, Vienna (2014)
  33. 33.0 33.1 33.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Defence in Depth in Nuclear Safety, INSAG-10, A report by the International Safety Advisory Group, IAEA, Vienna (1996).
  34. 34.0 34.1 34.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Basic Safety Principles for Nuclear Power Plants, 75-INSAG-3, Rev.1, INSAG-12, IAEA, Vienna (1999).
  35. 35.0 35.1 INTERNATIONAL ATOMIC ENERGY AGENCY, INPRO Methodology for Sustainability Assessment of Nuclear Energy Systems: Infrastructure, IAEA Nuclear Energy Series, No. NG-T-3.12, IAEA, Vienna (2014).
  36. INTERNATIONAL ATOMIC ENERGY AGENCY, Terms for Describing New, Advanced Nuclear Power Plants, IAEA-TECDOC-936, IAEA, Vienna (1997).
  37. INTERNATIONAL ATOMIC ENERGY AGENCY, INPRO Methodology for Sustainability Assessment of Nuclear Energy Systems: Environmental Impact of Stressors, IAEA Nuclear Energy Series No. NG-T-3.15, IAEA, Vienna (2016).
  38. 38.0 38.1 38.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Radiation Protection and Safety of Radiation Sources: International Basic Safety Standards Interim Edition, IAEA Safety Standards, General Safety Requirements Part 3, No. GSR Part 3, IAEA, Vienna (2014).
  39. 39.0 39.1 INTERNATIONAL LABOUR ORGANIZATION, Chemical Exposure Limits, Resource list. Official web-site (2011)
  40. INTERNATIONAL ATOMIC ENERGY AGENCY, IAEA Safety Glossary, Terminology used in Nuclear Safety and Radiation Protection, 2018 Edition, IAEA, Vienna (2018).
  41. 41.0 41.1 INTERNATIONAL ATOMIC ENERGY AGENCY, Preparedness and Response for a Nuclear or Radiological Emergency, IAEA Safety Standards, General Safety Requirements Part 7, No. GSR Part 7, IAEA, Vienna (2015).
  42. INTERNATIONAL ATOMIC ENERGY AGENCY, Criteria for Use in Preparedness and Response for a Nuclear or Radiological Emergency, IAEA Safety Standards, General Safety Guide No. GSG-2, IAEA, Vienna (2011).
  43. INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Related Terms for Advanced Nuclear Plants, IAEA-TECDOC-626, IAEA, Vienna (1991).
  44. 44.0 44.1 44.2 44.3 44.4 44.5 INTERNATIONAL ATOMIC ENERGY AGENCY, Management of Operational Safety in Nuclear Power Plants, INSAG Series No. 13, IAEA, Vienna (1999).
  45. NUCLEAR REGULATORY COMMISSION, Human Factors Engineering Program Review Model, NUREG-0711, Rev.3. US NRC, Washington (2012).
  46. INTERNATIONAL ATOMIC ENERCY AGENCY, Summary report on the post-accident review meeting on the Chernobyl accident, IAEA Safety Series No.75-INSAG-1, IAEA, Vienna (1986).
  47. 47.0 47.1 INTERNATIONAL ATOMIC ENERCY AGENCY, Safety culture, INSAG-4, IAEA Safety Series No. 75, IAEA, Vienna (1991).
  48. 48.0 48.1 INTERNATIONAL ATOMIC ENERGY AGENCY, Developing Safety Culture in Nuclear Activities: Practical Suggestions to Assist Progress, Safety Reports Series No. 11, IAEA, Vienna (1998).
  49. 49.0 49.1 INTERNATIONAL ATOMIC ENERGY AGENCY, Key Practical Issues in Strengthening Safety Culture, INSAG Series No. 15, IAEA, Vienna (2002).
  50. 50.0 50.1 50.2 INTERNATIONAL ATOMIC ENERGY AGENCY, Leadership and Management for Safety, IAEA Safety Standards Series No. GSR Part 2, IAEA, Vienna (2016).
  51. 51.0 51.1 51.2 51.3 INTERNATIONAL ATOMIC ENERGY AGENCY, Application of the Management System for Facilities and Activities, IAEA Safety Standards Series, Safety Guide No. GS-G-3.1, IAEA, Vienna (2006).
  52. 52.0 52.1 INTERNATIONAL ATOMIC ENERGY AGENCY, The Management System for Nuclear Installations, IAEA Safety Standards, Safety Guide No. GS-G-3.5, IAEA, Vienna (2009).
  53. 53.0 53.1 INTERNATIONAL ATOMIC ENERGY AGENCY, Establishing the Safety Infrastructure for a Nuclear Power Programme, IAEA Safety Standards, Specific Safety Guide No. SSG-16, IAEA, Vienna (2012).
  54. 54.0 54.1 INTERNATIONAL ATOMIC ENERCY AGENCY, Safety Culture in Nuclear Installations, Guidance for Use in the Enhancement of Safety Culture, IAEA-TECDOC-1329, IAEA, Vienna (2002).
  55. INTERNATIONAL ATOMIC ENERCY AGENCY, Maintaining Knowledge, Training and Infrastructure for Research and Development in Nuclear Safety, INSAG Series No. 16, IAEA, Vienna (1999).
  56. NUCLEAR REGULATORY COMMISSION, Guidance on the Treatment of Uncertainties Associated with PRAs in Risk Informed Decision Making, NUREG-1855 Volume 1, US NRC, Washington (2009).
Retrieved from "http://inpro-dev.westeurope.cloudapp.azure.com/wiki/index.php?title=Safety_of_NFCFs_(Sustainability_Assessment)&oldid=260"