|
| DOE-STD-6003-96
defense in depth (i.e., prevention of uncontrolled material releases) and/or worker
safety as determined from hazard analysis.
The safety-significant SSCs have the goals of (1) ensuring the availability of the public
safety functions via defense-in-depth and (2) supporting the health and safety of workers during
routine operations. The safety-significant SSCs would not be required to mitigate the conse-
quences of off-normal events to meet the evaluation guidelines for the public or the environ-
ment. This function is the responsibility of the safety-class SSCs. However, because the SSCs
that address the potential safety concern related to confinement will reduce potential threats to
confinement through either accident prevention or mitigation, they are considered to contribute
to defense-in-depth and thus are designated as safety-significant.
The categorization of a safety-class SSC is a two-step process. The first step is to identify
early in the design the SSCs whose failure would result in exceeding evaluation guidelines. This
should be by a "top down" functional hazards analysis. The second step is to verify in the final
stages of design that the safety-class SSCs are actually needed to be functional, as indicated by
the safety analysis process. If the SSCs are verified as being needed in the safety analysis
process, then the equipment would be designated as safety-class SSCs. These components
also must perform the required safety functions. This design approach would be as follows:
a. identify all potential hazards associated with the facility,
b. identify all SSCs needed to control those hazards,
c. identify the safety-class SSCs necessary to ensure that evaluation guidelines are not
exceeded, and
d. verify, through detailed safety analysis, the need for the systems in item (c) to meet
the evaluation guidelines provided in DOE-STD-6002.
The safety-class SSCs should be designed such that a minimum number of active or
passive mitigative systems identified from and credited within the safety analysis are available to
ensure that the evaluation guidelines are not exceeded. Reliable SSCs are required to be
employed to satisfy the requirements of safety-class items. Use of defense-in-depth principles
such as redundancy, simplicity in design, independence, fail safe, fault tolerant, and multiple
(diverse) methods for increasing the reliability and reducing the consequence to acceptable
levels is permitted and encouraged. In most cases, the use of passive methods of accomplish-
ing the safety function is preferred over using active systems.
The next step in the process would be to perform the required system safety analysis.
The safety analysis results would verify the adequacy of the safety-class SSCs to mitigate the
release of hazardous material to meet the evaluation guidelines specified in DOE-STD-6002.
Thus, the results of this evaluation determine which of the SSCs would be required to satisfy the
public safety function. It may result in multiple SSCs being required to satisfy the safety system
requirements for a particular off-normal condition scenario. In most cases, the SSCs identified in
the hazards assessment review would be the same as those verified by the safety analysis as
53
|
Privacy Statement - Press Release - Copyright Information. - Contact Us |