The quantitative estimation of risk, known as proba­bilistic risk assessment (PRA) or as probabilistic safety assessment (PSA) is still in its infancy, but is increas­ingly becoming accepted as a valuable input to the judgement of whether a reactor design is acceptably safe or not. However, the quantification of risk is not yet a formal requirement of CEGB’s design safety criteria nor is it a licensing requirement.

The use of probabilistic techniques in studying re­actor safety is still the subject of much debate because of the difficulties with the treatment of uncertainties, systems interactions, human factors and the tack of data in specific areas such as hazards and the failure ot the major structural items of plant. In spite of the known shortcomings it is now becoming widely accepted that probabilistic analyses are a valuable and essential element of a reactor safety study, although the specific number which comes out of such analysis should not be regarded as an absolute value. The results of such an analysis can be used as an aid to the judgement of acceptability and provide a guide as to the relative safety ot two different reactor designs, or two safeguard systems, so lone as the analyses have been carried out in a consistent manner.

Underlying the CEGB’s design safety criteria there is the judgement that a level of risk of fatality of 10"6 per year to individual members of the public as a consequence of the operation of a nuclear power station is acceptable. This is in view of the benefits derived by the nation from the production of electri­city by this means, and on the basis that such a risk is negligible when compared with the risks to which we are all subject in everyday living. It is a risk which is also comparable to (or better than) that associated with those non-nuclear industries which the public regard as very safe. From the results of studies, it is also judged that a station which meets this individual risk criterion also leads to an acceptable social risk.

Essentially, risk is the product of frequency and consequences. Thus, for example, the risk (R) of fatali­ty of a given individual for a given potential accident sequence is the product of the estimated frequency of that accident sequence (F) and the probability (C) that the radiological dose received would lead to the fatality of that individual, namely:

R = F x C

To arrive at the total risk, all potential accident se­quences have to be taken into account, each sequence having its own frequency value and consequence val­ue, and these individual contributions to risk then summated.

The concept is simple, but in practice estimation of risk is complex. It proceeds in three distinct steps. First, the frequencies of the sequences are estimated (known as a level 1 PRA). Secondly, the quantity and composition of the radioactive material released to atmosphere is estimated (a level 2 PRA) and thirdly the health effect of this release on the public is es­timated (a level 3 PRA).

A level 1 PRA is restricted to determining the fre­quency of accident sequences. Such an assessment is also necessary to determine, for example, whether the CEGB’s target of 10-6 per year for the frequency of uncontrolled releases of radioactive material (see Section 3.2 of this chapter) is met. The analysis uti­lises the techniques of fault and event trees.

The level 2 PRA extends that of level 1 to deter­mine the quantity and composition of the radioactive material released to atmosphere (the source term). It includes transient analysis to determine how fuel and clad temperatures would vary, determination of the quantities and type of fission products released from failed clad, determination of whether these have a pathway to atmosphere (e. g., through open relief valves or by containment leakage) and estimation of the time, duration and height of release.

Finally, in the level 3 PRA, the ways in which that activity can reach members of the public has to be determined which, inter alia, depends on the weather conditions that might prevail at the time, and on the particular habits of individuals in the locality (what food they eat, etc.).

To carry out such calculations for each and every fault sequence would be prohibitive and, in practice, simplifying and generally pessimistic assumptions are made. Similar fault sequences are grouped together and derived radiological source terms are similarly grouped.

The faults studied are not restricted to those within the design basis, i. e., those for which engineered safe­guards systems are provided, but extends to very low frequency events which would lead, for example, to core meltdown. Study of these very low frequency events (degraded core analysis) necessitates assessment of the progression of the fault as the core melts and the molten material interacts with structural material such as the pressure vessel and subsequently the con­crete containment. Uncertainty exists in these complex phenomena. Also allowance for operator action, bene­ficial or counterproductive, cannot yet be fully taken into account, and some inadvertent omissions in the fault sequences considered cannot be discounted. There are also some deliberate omissions in the assessment, such as the effects of external hazards for which data is sparse.

Despite these uncertainties, the risk assessment for Sizewell В supports the judgement that the design achieves a high level of safety. The estimated risk of fatality for an individual at the site fence is about 10 ~s per year from accidents. It is considered incon­ceivable that the known shortcomings of probabilistic risk assessment could completely erode away the large margin that exists between this calculated risk and the CEGB’s underlying judgement that a risk of 10~6 per year is an acceptable value.