Managing deviations from the Design Target
with the Safety Case
IAEA GEOSAF II
Plenary 2014
Content
Walk through of the safety case loop diagram
• Role of safety case during construction and operation
• Prerequisites for high quality operations (build and Operate)
• Role of monitoring, QA/QC and qualification procedures
• Assessment of deviations
• Examples
• Updating the Safety Case
Disposal facility life cycle
• At the time of disposal facility operational period the safety case has
passed stepwise process on development (concept, siting, preliminary
design, ...)
• After authorization the disposal facility will in many case be operated for
several decades.
• The facility is also likely to be extended in several stages with concurrent
activities (excavation, waste emplacement, partial closure)
• The continuous use of Safety Case and demonstrations that performed
activities comply with safety envelope is fundamental for success.
Kuva tähän alkuun
Kuva tähän alkuun
Role of the Safety Case
• Discussed in earlier presentations
• For disposal facility the important aspects of safety case is that it
integrates operational and post-closure safety
• Safety case should define requirements that construction and operation
shall fulfill (fulfilled as-built initial state “assures” assessed long-term
safety)
• These requirements define safety envelope which again gives provisions
for design target.
Prerequisites for high quality operations
• Integrated management system
– Systematic process for development and
management of requirements
– Comprehensive project management
procedures
– Design specifications and plans that
construction and operation must follow
– Procedures for constructions and operation
activities
– Monitoring of safety related key parameters
– Demonstration of compliance within design
target (DT)
• Discussed for example in IAEA GS-R-3
and Safety Guide GS-G-3.4
Monitoring and demonstration of compliance
• Discussed in earlier presentation
• Monitoring is discussed for example in IAEA
draft Safety guide (DS357)
• Management system should include detailed
procedures for demonstration compliance with
design target
• Monitoring should focus on parameters that are
important for safety and also observable in real
disposal facility
• Monitoring and QA/QC procedures are a tool for
verifying that as-built state is acceptable
• Examples
–
–
–
–
–
Tolerances of disposal rooms
Waste package testing
Waste acceptance verification
Monitoring of favorable site properties
…
In compliance?
In case of deviation from DT (1)
• Most likely deviations are found during construction and
operation – if not, the management system is not working
properly
• Deviations should be addressed through predefined
procedures
– First step in deviation analysis is to assess it safety
significance
– Analysis may focus on estimation of large enough safety
margin or call for more detailed analysis of the effect
– Based on the analysis deviation can be approved,
documented and closed or it may require corrective actions
or rejection product
• Deviation management process is discussed in further
detail for example in IAEA GS-R-3 (non-conformances and
corrective and preventive actions)
In case of deviation from DT (2)
• Possible, more safety case related, actions for the
implementer based on monitoring results or in case of
deviation :
– Refine construction or operational procedures to reverse a
trend that if left unaddressed could cause the parameter
eventually to fall outside of the DT (and potentially outside of
the SE);
– Commission further research to understand the consequences
of the deviation. This may have the effect of expanding the DT
and consequently bringing the value into compliance;
– Review the safety case to determine whether additional safety
features can be claimed thereby compensating for the design
deviation. An updated safety envelope could be also
envisioned at this stage.
– In extremis the deviation may be so severe, so far from the SE
that the operator will need to consider whether it is still
possible to achieve a satisfactory safety case.
Examples from “real life”
• Exceeding excavation damage zone (EDZ)
tolerance
– Maximum EDZ is given in tunnel technical
specification
– Depth of EDZ is examined with ground penetrating
radar
– Continuous EDZ might have effect on post-closure
safety as a potential transport route
• Possible actions:
– In any case assessment of causes for exceeding
specification
– Approval and documentation of exceeding, if only
local
– Cutting and plugging of continuous EDZ (engineering
solution)
– Re-assessment and update of safety case, if
continuous EDZ can’t be avoided
Examples from “real life”
• Exceeding tunnel profile specification
– Theoretical tunnel profile is given in tunnel
specification and in design drawings
– As-built profile is examined with laser scanning and
other measurements
– Over excavation has an effect on tunnel backfill
emplacement and possibly on post-closure
performance
• Possible actions:
– In any case assessment of causes for exceeding
specification
– Approval and documentation of exceeding, if not
affecting DT when assessed together with backfill
performance
– Redesign of tunnel backfill and assessment of
performance if needed to meet DT
Examples from “real life”
• Waste package tested to have too large
defects
– Waste package specification includes acceptable
defect size and type
– Larger defect can have an effect on corrosion
resistance or mechanical integrity in extreme
loading cases (operational and post-closure)
– Waste container is a key safety barrier and
deviations have always safety implication
• Possible actions:
– More detailed re-evaluation of the defect size using
more accurate methods or detailed sizing of defect
– rejection of waste container component or welding
that does not meet design specification
Examples from “real life”
• Water inflow to tunnel exceeds maximum
limit used in safety case
– In crystalline bedrock a key target is to maintain
favorable site properties
– Large water inflow has an effect on hydrological and
geochemical features of the whole site (water table
drawdown, up coning of deeper groundwater)
• Possible actions:
– More detailed re-evaluation of the possible change
in the site properties
– a long-lasting or irreversible change might recall for
large re-assessment, change of disposal design or
even rejection of site
Updating the Safety Case
• Safety case should be updated during disposal facility operation
• A comprehensive update will take place according to national approach,
but should be done for example in case of
–
–
–
–
–
stepwise facility authorization
other facility modification
periodic safety review
relicensing of facility (if for example required by national legislation)
Before closure of the facility
• New information from operational period should be integrated into the
safety case
– Assessment that operation has demonstration that operation (as-built state)
has been in compliance with design target and safety envelope
– experience (more knowledge from construction, fabrication and
emplacement)
– Site characterization data
– New safety related information (R&D, other facilities, …)
Kuva tähän alkuun