Identification of Safety Systems in Small Modular Reactors: A Regulatory Perspective
Extended abstract for the International Conference on Operational Safety of Nuclear Power Plants
May 11-15, 2020
Suqiang Xu and Thambiayah Nitheanandan
Canadian Nuclear Safety Commission
The Canadian Nuclear Safety Commission (CNSC) has carried out pre-licensing design reviews of several small modular reactors (SMRs). In these reviews, the safety classification, including the identification of safety systems, is one of the review topics. The purpose of safety classification is to identify and categorize safety functions and those structures, systems and components (SSCs) that perform these safety functions to establish their relative safety significance. This is to ensure that the standards or rules for the design, construction, installation, testing, inspection and maintenance of each SSC is commensurate with its importance to safety. Safety systems are subject to the highest regulatory requirements. Identifying all safety systems is a very important step in a safety classification process; however, this task has not been easy. This paper clarifies the scope of safety systems and explores the need for a unified international approach to safety classification.
A brief review of international documents reveals the similarities and differences among safety classification terms such as, “systems important to safety,” “safety related systems” and “safety systems” within and across the CNSC, the International Atomic Energy Agency (IAEA), and United States Nuclear Regulatory Commission (US NRC). Many Canadian SMR review submissions come from foreign vendors that may use documents from all of the three organizations. These three terms are sometimes defined or interpreted differently by the CNSC, NRC and IAEA. For example, although the top tier term “systems important to safety” is consistent across all three organizations, there are inconsistencies in the definition of their subsets. In Canada, “safety related systems” is rarely used for new builds, but it is considered equivalent to “systems important to safety” that is wider than “safety systems.” In the USA, the term “safety systems” is synonymous with “safety related systems,” Likewise, in IAEA glossary, “safety systems” and “safety related systems” have no overlap. These subtle variations in the definition requires that they must be used carefully to minimize potential misunderstandings. Having a common understanding of safety classification terms is valuable to support harmonization.
CNSC REGDOC-2.5.2  sets out requirements and guidance for new nuclear power plant licence application. It adopts the IAEAs definition of safety systems, i.e. those provided to ensure the safe shutdown of the reactor or the residual heat removal from the core, or to limit the consequences of anticipated operational occurrences and design-basis accidents (DBAs).
Any system that performs or directly supports a fundamental safety function of safe shutdown, residual heat removal or limiting the consequences of an accident is a safety system. Though safety systems could be used for any design event, they are designed specifically for DBAs.
The reactor coolant boundary in a pressurized water reactor is a “nuclear grade” system. Actually, all pressure boundary components classified as ASME classes 1, 2 and 3 are a “nuclear grade” component. The design pressure of SMR coolant boundary is usually low; however, the coolant boundary should still be classified as a “nuclear grade” component because of its intended function to act as a barrier for radioactive materials.
All SSCs designed to perform a fundamental safety function (i.e., functional requirement) during and following design-basis earthquakes (DBEs) are also deemed a safety system item.
All environmentally qualified SSCs to be functional during and following DBAs are a safety system item.
Qualified electrical power systems are a safety system. For nuclear power plants with active safety systems, these usually consist of emergency diesel generators and batteries. SMRs usually come with passive safety systems; qualified power may not be required.
Monitoring systems are usually not a safety system, except in a few cases, one of which is post-accident monitoring, for nuclear power plants with active safety systems. Generally speaking, passive safety systems are more reliable than active safety systems. SMRs with passive safety systems might not be required to have safety-system-grade monitoring.
Systems designed for design extension conditions (DECs) only, such as portable power generators, are not safety systems, though the safety systems could be used for DECs.
In summary, the identification of safety systems is paramount in order to prevent and mitigate any AOOs and DBAs. One challenging aspect of this identification process is establishing a consistent definition across various regulatory organizations such that the vendors are able to identify the SSCs consistently, irrespective of their country of origin. In addition, all classifications in different disciplines should be correlated with each other to generate a complete and consistent safety system list.
- Canadian Nuclear Safety Commission Regulatory Document REGDOC-2.5.2, Design of Reactor Facilities: Nuclear Power Plant, May 2014.
To obtain a copy of the abstract’s document, contact us at firstname.lastname@example.org or call 613-995-5894 or 1-800-668-5284 (in Canada). When contacting us, please provide the title and date of the abstract.
- Date modified: