22.08.2015   DESIGN FEATURES TO ACHIEVE. DEFENCE IN DEPTH IN SMALL AND. MEDIUM SIZED REACTORS

PROVISIONS FOR SAFETY UNDER EXTERNAL EVENTS

The safety design features of IRIS intended to cope with external events and external/internal event combinations are described in detail in [II-8].

The reactor, containment, passive safety systems, fuel storage, power source, control room and backup control are all located within the reinforced concrete auxiliary building and are protected from on-site explosions. The reactor unit appears as a very low profile, minimum sized target to an aircraft. The IRIS containment is completely within the reinforced concrete auxiliary building and one-half of it (13 m) is actually underground, since the containment is only 25m in diameter. The external, surrounding building target profile is only about 30 m high, and can easily be hardened and/or placed further underground. Also, the IRIS’s safety features are passive and are contained within the auxiliary building.

TABLE II-2. SAFETY-BY-DESIGN™ IRIS PHILOSOPHY AND ITS IMPLICATIONS ON DESIGN BASIS EVENTS

IRIS Design Characteristic

Safety Implication

Accidents Affected

Design Basis Events

Effect on Design Basis Events by IRIS Safety-by-Design™

Integral layout

No large primary piping

• Large break loss of coolant accidents (LOCAs)

Large break LOCA

Eliminated

Large, tall vessel

Increased water inventory Increased natural circulation

Accommodates internal control rod drive mechanisms (CRD Ms)

• Other LOCAs

• Decrease in heat removal various events

• Control rod ejection, head penetrations failure

Spectrum of control rod ejection accidents

Eliminated

Heat removal from inside the vessel

Depressurizes primary system by condensation and not by loss of mass

Effective heat removal by steam generators (SG)/ emergency high removal system (EHRS)

• LOCAs

• LOCAs

• All events for which effective cooldown is required

• Anticipated transients without scram (ATWS)

Reduced size, higher design pressure containment

Reduced driving force through primary opening

• LOCAs

Multiple, integral, shaftless coolant pumps

Decreased importance of single pump failure No shaft

• Locked rotor, shaft seizure/ break

• Loss of flow accidents (LOFAs)

Reactor coolant pump shaft break Reactor coolant pump seizure

Eliminated

Downgraded

High design pressure steam generator system

No SG safety valves

Primary system cannot over-pressure secondary system Feed/Steam System Piping designed for full reactor coolant system (RCS) pressure reduces piping failure probability

• Steam generator tube rupture

• Steam line break

• Feed Une break

Steam generator tube rupture

Downgraded

. Steam system piping failure Feedwater system pipe break

Downgraded

Downgraded

Once through steam generators

Limited water inventory

• Feed Une break

• Steam line break

Integral

pressurizer

Large pressurizer volume/reactor power

• Overheating events, including feed line break

• ATWS

Fuel handling accidents

Unaffected

TABLE II-3. PROBABILISTIC ACCEPTANCE CRITERIA FOR BDBA IN IRIS

Core damage frequency (CDF)

<10-7

Large early release frequency (LERF)

~10-9

The IRIS is designed to survive a hypothetical flood called the probable maximal flood (PMF), which combines the worst possible values of all factors that contribute to producing a flood. This and other capabilities of the IRIS design are connected to use of the passive features, which are all contained within the auxiliary building and do not require external water or power supplies for at least 7 days.

As an example, the plant ultimate heat sink is provided by water stored in the auxiliary building in the refuelling water storage tank (RWST). This water is heated and boiled and steam is vented to the atmosphere. This safety grade ultimate heat sink provides for the removal of sensible heat of the reactor coolant system and core decay heat for at least one week, without credit for any water make-up. The design objective of IRIS is to apply both the safety-by-design™ philosophy [II-3] and the PRA guided design approach to design the plant in such a way as to minimize the contribution of external events to core damage frequency (CDF) to a level lower or at most comparable to that of internal events, which is currently estimated to be ~2 x 10-8.