Click here to make tpub.com your Home Page

Page Title: Defense-In-Depth
Back | Up | Next

Click here for thousands of PDF manuals

Google


Web
www.tpub.com

Home
   
Information Categories
.... Administration
 Advancement
 Aerographer
 Automotive
 Aviation
 Construction
 Diving
 Draftsman
 Engineering
 Electronics
 Food and Cooking
 Logistics
 Math
 Medical
 Music
 Nuclear Fundamentals
 Photography
 Religion
   
   

 



DOE-STD-6003-96
should pass into a safe state without a requirement to initiate any actions. The system
design should be fault-tolerant to the maximum extent feasible. An example of a fail-
safe feature would be a safety-related isolation valve that automatically fails closed on
loss of power or actuating air. Additionally, the design should ensure that a single fail-
ure does not result in the loss of capability of a safety-class SSC to accomplish its
required public safety function. Fluid and electrical systems are considered to be
designed against an assumed single failure if neither
1. a single failure of any active component (assuming passive components function
properly) nor
2. a single failure of a passive component (assuming active components function
properly)
results in a loss of the capability of the system to perform its safety function. Note that
for some passive mechanical components such as piping or pressure vessels, there
may not be a credible failure mode. For other passive mechanical components such
as burst disks, vacuum windows, or bellows, the credibility of a single failure should
be determined on a case-by-case basis.
f. Testability. All safety-class and safety-significant SSCs should be designed and
arranged so that they can be adequately inspected, tested, and serviced as appropri-
ate before commissioning and at suitable and regular intervals thereafter. If it is not
feasible to provide adequate testability of a component, then the safety analysis
should take into account the possibility of undetected failures of such equipment. For
example, an installed burst disk cannot be tested, but there may be no credible failure
modes that prevent it from performing the intended safety function.
6.1.3.2 Defense-In-Depth
Fusion facilities should apply the "defense-in-depth" concept in design. The design pro-
cess should incorporate defense in depth such that multiple levels of protection are provided
against the release of radioactive and toxic material if required. The necessary level of protec-
tion is a function of the risk to the public and workers. Aspects of the defense-in-depth concept
that are applicable to fusion facilities include the following:
a. the selection of materials (especially fusion island materials) and other design inputs
to reduce radiological and toxic materials inventories;
b. the use of conservative system design margins, taking into account uncertainties in
material performance and the operating environment;
c. the use of a succession of independent physical barriers (passive is preferred) for pro-
tection against release of radioactive and/or toxic materials;
77

Privacy Statement - Press Release - Copyright Information. - Contact Us

 Integrated Publishing, Inc. - A (SDVOSB) Service Disabled Veteran Owned Small Business