1. Introduction
Accidents at TMI, Chernobyl, and Fukushima nuclear power plants further strengthened nuclear safety-related regulatory systems and raised the need for a comprehensive review of the safety management systems for nuclear power plants. The U.S. NRC adopted a risk-informed and performance based nuclear regulatory system including the concept of defense in depth (DiD) [1] at the end of 1990, and then it spread to regulatory agencies around the world. The International Atomic Energy Agency (IAEA) defined DiD as the most important means for the prevention and mitigation of nuclear power plant accidents in Fundamental Safety Principles published in 2006 [2]. Also, the most important lesson of the Fukushima accident in Japan in 2011 was that DiD was the most important factor in nuclear safety. Therefore, in order to secure the safety of nuclear power plants from the viewpoint of reflection of lessons learned and operating experience, it is necessary to secure the barriers by incorporating the concept of DID to the nuclear power plant and to confirm whether the barriers about each level of DID are secured. Since then, the Nuclear Regulation Authority, Japan has made major changes to the safety inspection system, and now it is shifting its engineering technology to risk-informed and performance based advanced one including DiD concepts, which is currently used in the U.S. NRC. In Korea, the Nuclear Safety and Security Commission (NSSC) issued a Severe Accident Policy (2001.08), Recommendation of the Risk-Informed Safety Inspection Implementation (2002.12), and Risk-Informed, Performance Based Comprehensive Regulation Plan (2006). The Korea Institute of Nuclear Safety (KINS) conducted an international joint research project Establishment of Advanced and Future-oriented Nuclear Safety Regulatory System [3] from 2007 to 2012. For this, a regulatory study of Establishment of Implementation Program for Graded Regulation Using Risk and Performance Information [4] was conducted in order to enhance the safety regulation effect, efficiency, and overall safety by differentiating regulatory resources and activities based on the performance and design/operational characteristics of the nuclear power plants. Also, a research project by the title of Establishment of Implementation System for Risk Communication based on Nuclear Issues [5] was conducted with the aim of contributing to the promotion of social acceptance of nuclear energy by eliminating the public awareness and information gap inherent in nuclear conflict issues by combining risk communication with policies. However, due to Korea's inherent regulatory system and environment, regulation on the use of risk information has not yet been put into practical institutionalization except for some limited application.
Regulatory agencies in most countries with nuclear power plants are conducting periodic or regular basis inspections. KINS has recently revised the Periodic Inspection Guideline (Rev. 3, 2015.10) [6] to consider the conditions of site surveillance and determine the target items and methods of regulatory inspection (in other words, periodic inspection, regular inspection, or safety inspection) using risk information. However, these inspection items are specified and controlled by the law, and the assessment methodology is still a deterministic one with single line defense. Actually, this method was introduced from Japan in early 1980s when the only three nuclear power plants (Kori 1, 2 and Wolsong 1) were operated in Korea and is still being used. It aims to check whether the performance of each inspection items satisfies the acceptance status at the time of the Pre-Service Inspection for each facility and system in accordance with Article 35, Enforcement Decree of the Nuclear Safety Act. In other words, the domestic regulatory inspection of nuclear power plants including all the facilities focuses more on confirming readiness for operation rather than confirming safety function. In addition, since all systems and facilities in a plant are subject to inspection, it is inefficient and ineffective to inspect them all with limited regulatory resources during operational phase.
Therefore, it is necessary to improve the regulatory periodic safety inspection system for domestic nuclear power plants. Nowadays, the safety of nuclear power plant draws more public attention than ever before so that the regulatory inspection is recognized as one of the most important safety verification tools. As pubic concern on safety increase, two approaches can be taken: one is to tighten regulation and the other is to improve regulatory effectiveness by strengthening DiD measure. The objective of this investigation is to suggest way to improve the effectiveness of periodic safety inspection through three approaches: (1) to compare KINS periodic safety inspection with NRC baseline inspection practices, (2) to evaluate event reports and (3) to review preliminary initiating events.
2. A methodology to estimate the regulatory inspection system
2.1. Estimation method
Fig. 1 shows the estimation procedure. This method focuses on confirming safety in terms of level of DiD and each cornerstone in U.S. NRC Reactor Oversight Process (ROP) [10], rather than focusing on checking whether the nuclear power plant can be operated through periodic inspections. For this method to be effective in practice, it is necessary to match 1) inspection objectives of items and detailed sub-items for the target facility and 2) design objectives of the structure, system, and component (SSC) included in the target item with the objectives and functions required in each level of DiD and cornerstone in ROP.
Fig. 1. An analysis method for deriving vulnerability of periodic inspection from the view point of defense in depth.Ultimately, this approach allows us to see how the current periodic inspection items are distributed in terms of levels of DiD in nuclear safety (and additionally in terms of cornerstones in the ROP) and thus to identify vulnerabilities in safety verification.
In order to classify all SSC included in the facilities subject to periodic inspection according to the design purpose, function and safety level, Final Safety Analysis Report (FSAR) 3.2 “System Quality Classification” [11] and the Maintenance Rule (MR) (10 CFR 50.65 “Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants”) [12] were used. The MR provides criteria for the management scope of nuclear power plant based on SSC, and NRC Reg. Guide 1.160 [13] that is the regulatory guidelines for the implementation of MR provides an alternative to determine the management scope by function. This is an important issue that determines whether the criteria should be classified as a facility or a function. First, an analysis of the DiD perspective was conducted, followed by an analysis of the ROP Cornerstone perspective. The latter is to confirm the consistency of the analysis, linking the purpose of each cornerstone with the concept of each level of DiD and matching the analysis results of the DiD perspective analyzed earlier. For example, periodic inspection items identified as level one of DiD can be classified as “Initiating Events”, “Barrier Integrity”, “Occupational Radiation Safety”, and “Public Radiation Safety” by overlapping items, the identified items as level two of DiD were classified as “Initiating Events” only. The U.S. regulatory system has been developed based on operating experiences and R&D results accumulated over the years. This system been considered as the most reliable and robust in most of nuclear countries in the world. Therefore, valuable insights can be obtained from comparative approach on the inspection methodologies between NRC's baseline inspection where the DiD concept is well incorporated and KINS's Periodic safety inspection that was no visible DiD concept.
2.2. Periodic inspection model
2.2.1. KINS model
Regulatory inspections of domestic nuclear power plants are carried out on the basis of Article 22 (Inspection) of Nuclear Safety Act [7]. As referred to in this law, all nuclear power plants must be operated in compliance with the operating license in accordance with Article 21 (Standards for License) of the Nuclear Safety Act, and the performance of each facility and system must maintain standard status at the time of Pre-Service Inspection in accordance with Article 35 (Regular Inspection) of the Enforcement Decree of the Nuclear Safety Act [8]. Periodic inspection is to confirm this. According to this law system, the standards for license of regulatory inspection are focused on maintaining the performance for normal operation of all systems in a nuclear power plant, and ultimately preventing disaster caused by nuclear reactor or radioactive material under the conditions of operation as well. This, in a legal context, seems to be well consistent with the 8th Principles (“All practical efforts must be made to prevent and mitigate nuclear or radiation accidents”) of the IAEA Fundamental Safety Principles, No. SF-1 [2]. In Article 19 (Periodic Inspection) of the Enforcement Regulations for the Nuclear Safety Act [9], the periodic inspection period is defined as the term from the day when the reactor is stopped for the purpose of refueling until the day when full power operation is resumed. If the inspection result satisfies the standards of Article 21 of the Nuclear Safety Act, it is stipulated that the reactor criticality is allowed. Table 1shows the legal system for periodic inspections of domestic nuclear power plants.
Table 1. Legal system concerning periodical inspections of domestic nuclear power plants.
| Law Title | Article | Provisions |
|---|---|---|
| Nuclear Safety Act | 22 (Inspection) | Operator of a nuclear power reactor shall undergo an inspection of the Commission, as prescribed by Presidential Decree. |
| Enforcement Decree of the Nuclear Safety Act | 35 (Regular Inspection) | Each operator of a nuclear power reactor shall undergo a regular inspection of the operation and performance of reactor facilities according to the objects to be inspected and methods of inspection prescribed by Ordinance of the Prime Minister pursuant to Article 22 (1) of the Act. |
| Enforcement Regulations for the Nuclear Safety Act | 19 (Periodic Inspection) |
|
| Nuclear Safety and Security Commission Notification | 2017–09 |
Selection of inspection items: Selection of inspection targets considering the impact on safety and performance. Designated items subject to inspection by reactor type: facilities subject to light water reactor inspection. |
| 2016–30 | Regulations on facilities related to the “Other facilities pertaining to the safety of a nuclear reactor” |
In particular, Article 19 (Periodic Inspection) of the Enforcement Regulations for the Nuclear Safety Act stipulates that the inspection target items and methods for each facility shall be prescribed in the NSSC's notification. According to this, the NSSC Notice No. 2017-09 [14] specifies eleven facilities including the Other Facilities Pertaining to the Safety of a Nuclear Reactor (OFPSNR) Facility and one operational technical capability field for regulatory inspections as shown in Table 2. The OFPSNR Facility is defined in detail in NSSC Notice No. 2016-30 [15]Article 2. The total number of inspection target items was 100 and the total number of detailed inspection items was 322 on the basis of the facility-specific checklist of the Periodic Inspection Guideline [6].
Table 2. Items subject to regulatory inspection of domestic nuclear power plants.
| Inspection target facilities | No. of Items | No. of detailed items |
|---|---|---|
| 1. Nuclear reactor (including fuels) | 6 | 20 |
| 2. Nuclear reactor coolant system facility | 6 | 20 |
| 3. Instrumentation and control system facilities | 11 | 22 |
| 4. Nuclear fuel material handling and storage facilities | 2 | 6 |
| 5. Radioactive waste disposal facilities | 5 | 26 |
| 6. Radiation control facilities | 7 | 16 |
| 7. Reactor containment facilities | 6 | 19 |
| 8. Reactor safety system facilities | 5 | 14 |
| 9. Power supply system facilities | 17 | 54 |
| 10. Power conversion system facilities | 10 | 36 |
| 11. Other facilities pertaining to the safety of a nuclear reactor | 20 | 73 |
| 12. Technical Operation | 5 | 16 |
| Sum | 100 | 322 |
2.2.2. U.S. NRC model
The U.S. NRC operates a regulatory framework called Reactor Oversight Process (ROP) [10] which is a tiered approach to assessing performance indicators and utilizing risk information to inspect, measure and evaluate the safety and security of nuclear power plants. As shown in Fig. 2, this system has three key strategic performance areas of nuclear safety, radiation safety and safeguard to protect the health and safety of the public from nuclear power plants. Within each area, there are cornerstones that reflect the essential safety aspects of facility operation. It provides a means to collect information about licensee performance, assess the information for its safety significance, and provide for appropriate license and NRC response (Fig. 3). There are a total of seven cornerstones in the ROP framework, each of which has a goal in Table 3. The ROP has a principle that when a regulator guarantees that a company meets the safety objectives of each of these seven cornerstones, the regulator's goal of ensuring the safety of the nuclear power plants (ensuring public health and safety) is achieved. Table 3 summarizes intentions and goals that are included in the seven cornerstones.
Fig. 2. U.S. NRC reactor oversight process framework.
Fig. 3. Overview of the reactor oversight process.Table 3. Objectives of the cornerstones in ROP framework.
| Area | Cornerstone | Objectives |
|---|---|---|
| Reactor Safety | Initiating Events | Limit the frequency of those events that upset plant stability and challenge critical safety functions, during shutdown as well as power operations. |
| Mitigating Systems | Monitor and maximize the availability, reliability, and capability of systems that mitigate the effects of initiating events to prevent core damage. | |
| Barrier Integrity | Provide reasonable assurance that the physical design barriers protect the public from radionuclide releases caused by accidents. | |
| Emergency Preparedness | Ensure that licensees are capable of implementing adequate measures to protect public health and safety during a radiological emergency. | |
| Radiation Safety | Occupational Radiation | Ensure adequate protection of worker health and safety from exposure to radiation from radioactive material during routine civilian nuclear reactor operation. |
| Public Radiation | Ensure adequate protection of public health and safety from exposure to radioactive material released into the public domain as a result of routine civilian nuclear reactor operations. | |
| Safeguards | Security | Provide assurance that the licensees' security system and material control and accounting programs use a defense-in-depth approach and can protect against (1) the design basis threat if radiological sabotage from external and internal threats, and (2) the loss of radiological materials. |
The NRC's regulatory inspection comparable to the domestic periodic inspection is a risk-informed baseline inspection. This inspection program is an integral part of the NRC's ROP and supports the goals and objectives of that process. This program is comprised of three parts. They are cornerstone-based inspections, verification of performance indicators, and identification and resolution of problems. Baseline inspection can be divided into Resident Inspection and Region Based Inspection depending on the inspector performing this inspection: the former by resident inspectors and the latter by region-based inspectors. Under the baseline inspection program, all areas where there is a need to evaluate a licensee's performance are defined as inspectable areas. Inspections within these areas were adjusted where licensee performance to meet a cornerstone objective is adequately gauged by performance indicators. In baseline inspection, as shown in Table 4, a total of 41 inspectable areas are designated for seven cornerstones and related inspection procedures are developed and implemented. This presents a listing of inspectable areas associated with each cornerstone of safety.
Table 4. Inspectable areas in baseline inspection program [19].
| No. | Inspectable Area |
|---|---|
| 1 | Access control to radiologically significant areas |
| 2 | Access authorization program |
| 3 | Access control |
| 4 | Adverse weather protection |
| 5 | ALARA planning and controls |
| 6 | Alert and notification system testing |
| 7 | Component Design Bases Inspection |
| 8 | Contingency response |
| 9 | Drill evaluation |
| 10 | Emergency response organization augmentation testing |
| 11 | Emergency action level and emergency plan changes |
| 12 | Equipment alignment |
| 13 | Equipment performance, testing, maintenance |
| 14 | Evaluations of changes, tests, or experiments and Permanent Plant Modifications |
| 15 | Exercise evaluation |
| 16 | Fire protection |
| 17 | Fitness for duty program |
| 18 | Flood protection measures |
| 19 | Heat sink performance |
| 20 | Identification and resolution of problems |
| 21 | Information technology security |
| 22 | In-service inspection activities |
| 23 | Irradiated fuel transportation security |
| 24 | Licensed operator requalification |
| 25 | Maintenance risk assessments and emergent work evaluation |
| 26 | Maintenance Effectiveness |
| 27 | Material control and accountability |
| 28 | Operability evaluations |
| 29 | Plant modifications |
| 30 | Owner controlled area controls |
| 31 | Post maintenance testing |
| 32 | Protective strategy evaluation |
| 33 | Radiation monitoring instrumentation |
| 34 | Radiation worker performance |
| 35 | Radioactive material processing and transportation |
| 36 | Radioactive Gaseous and liquid effluent treatment and monitoring systems |
| 37 | Radiological environmental monitoring program |
| 38 | Refueling and outage activities |
| 39 | Response to contingency events |
| 40 | Security Training |
| 41 | Surveillance testing |
3. Applications and results
3.1. Characteristics of domestic periodic inspection system from the viewpoint of DiD in nuclear safety
In order to understand the extent to which the detailed items to be inspected contributes to the safety verification of the nuclear power plant based on the KINS's Regulatory Inspection Guideline [6], which is the purpose of the regulatory inspection, the results of mapping and re-grouping them into each level of DiD in nuclear safety are shown in Table 5 below. The regulatory inspection items projected by the level of DiD are 417 in total if they allow overlapping items depending on the functions that are suitable for the purpose of each level of DiD in nuclear safety. Fig. 4 shows the distribution of the safety inspections for each target facility to be inspected, with 112 in the OFPSNR facility, followed by 58 in the Power Supply System Facilities and the third 45 items in the Power Conversion System Facilities. A total of 215 items were distributed in these three facilities, accounting for 51.56% of all items. As shown in Fig. 5, the distribution of safety verification in DiD levels is 58.8% in the level one, 17.0% in the level two, 20.4% in the level three, and 3.8% in the level four respectively. It is because most periodic inspections are concentrated on the SSCs included in the Radioactive Waste Disposal Facilities, Radiation Control Facilities, and Power Conversion System Facilities, and OFPSNR Facility, which include most of the SSCs for DiD level one that are not dependent on or affect engineered safety features actuation system (ESFAS) and mitigating systems for design based accidents or severe accidents. In addition to the prevention of the early events (associated with DiD level 1) according to the lessons of the Fukushima accident, preparations for abnormal or even more situations such as transient (associated with DiD level 2), design basis accidents (associated with DiD level 3), and severe accidents (associated with DiD level 4) must be made to secure safety. As a measure of this lesson, the current domestic regulatory inspection system, concentrated in the level 1 of DiD, seems to be far from securing the safety of the nuclear power plant.
Table 5. The analysis results of regulatory inspection items in DiD perspective.
| Inspection target facilities | No. of items | No. of items associated with defense in depth* (counting overlapped) | ||||||
|---|---|---|---|---|---|---|---|---|
| General items | Detailed items | 1 | 2 | 3 | 4 | 5 | sum | |
| 1. Nuclear reactor (including fuels) | 6 | 20 | 20 | 3 | 23 | |||
| 2. Nuclear reactor coolant system facility | 6 | 20 | 19 | 3 | 1 | 23 | ||
| 3. Instrumentation and control system facilities | 11 | 22 | 14 | 14 | 4 | 32 | ||
| 4. Nuclear fuel material handling and storage facilities | 2 | 6 | 6 | 6 | ||||
| 5. Radioactive waste disposal facilities | 5 | 26 | 26 | 26 | ||||
| 6. Radiation control facilities | 7 | 16 | 15 | 1 | 16 | |||
| 7. Reactor containment facilities | 6 | 19 | 3 | 16 | 19 | |||
| 8. Reactor safety system facilities | 5 | 14 | 6 | 11 | 17 | |||
| 9. Power supply system facilities | 17 | 54 | 21 | 8 | 29 | 58 | ||
| 10. Power conversion system facilities | 10 | 36 | 36 | 5 | 4 | 45 | ||
| 11. Other facilities pertaining to the safety of a nuclear reactor | 20 | 73 | 69 | 25 | 18 | 112 | ||
| 12. Technical Operation | 5 | 16 | 13 | 12 | 15 | 40 | ||
| Sum | 100 | 322 | 245 | 71 | 85 | 16 | 417 | |
| rate(%) | 58.8 | 17.0 | 20.4 | 3.8 | 0.0 | 100 | ||
| *Defense in Depth | ||
|---|---|---|
| Level | Objective | Essential Means |
| Level 1 | Prevention of abnormal operation and failures | Conservative design and high quality in construction and operation |
| Level 2 | Control of abnormal operation and detection of failures | Control, limiting and protection systems and other surveillance features |
| Level 3 | Control of accidents within the design basis | Engineered safety features and accident procedures |
| Level 4 | Control of severe plant conditions, including prevention of accident progression and mitigation of the consequences of severe accidents | Complementary measures and accident management |
| Level 5 | Mitigation of radiological consequences of significant releases of radioactive materials | Off-site emergency response |
Fig. 4. The distribution of inspection items in DiD perspective (by facility).
Fig. 5. The distribution of inspection items in DiD perspective (total).The type analysis of inspection findings noted for the periodic inspection items listed in Table 2 provides information on how the actual inspection activity contributes to the comprehensive nuclear safety verification of the current periodic inspection. Table 6 shows the types of inspection findings noted (including recommendations) in the Regulatory Inspection Reports of Hanul Unit 5 (1st ∼ 8th inspections) and Hanul Unit 6 (1st to 8th inspections) [16], [17]. According to this analysis results, about 27.5% of the inspection findings noted are related to OFPSNR Facilities, about 17.4% are in the Power Supply System Facilities, about 13.8% in the Power Conversion System Facilities, and 11.9% were in the Radioactive Waste Disposal Facilities. These facilities accounted for about 70.6% of the all inspection findings noted. Looking at the inspection results noted, procedural nonconformity that is classified as human error accounts for about 42.2% of the total inspection findings. The type analysis of inspection findings noted for the periodic inspection items are shows, like the results of mapping and re-grouping detailed inspection items into each level of DiD, the current domestic regulatory inspection system seems to be far from securing the safety of the nuclear power plant. In fact, it is not unreasonable for periodic inspections to appear to be very formal and ineffective without contributing significantly to safety verification, because these facilities include inspection items that do not contribute to, or even contribute to, anything except DiD level 1 but dominate, and their inspection activities are not focused on safety verification.
Table 6. The analysis results of regulatory inspection findings noted for Hanul Unit 5&6.