1. No category

Risk analysis of the accelerator, instruments and target station of the

Risk analysis of the accelerator, instruments and
target station of the European Spallation Source
Report no. 210650-R-002
Date 12 July 2012
Client ESS AB
Scandpower AB
Carl Gustafs väg 46
SE-214 21 MALMÖ, SWEDEN
www.scandpower.com
www.riskspectrum.com
Tel. +46 (0)40 680 64 00
Fax +46 (0)40 680 64 29
Report no.:
210650-R-002
…
_
Open distribution
Distribution only after client´s acceptance
Rev. no.:
Prepared by:
Reviewed by:
Approved by:
Date:
U1
Erik Persson Sunde
Consultant
Ivan Mares
Senior Principal
Consultant
Anders Olsson
Manager
2012-07-12
Jim Kronhamn
Senior Consultant
Title:
RISK ANALYSIS OF THE ACCELERATOR, INSTRUMENTS AND TARGET STATION
OF THE EUROPEAN SPALLATION SOURCE
Client:
ESS AB
Client specification:
To perform a risk analysis of the spallation neutron source ESS. The analysis shall consider
both normal operation and maintenance aspects.
Summary:
A Hazard Identification (HAZID) study has been carried out for the target station, the
accelerator and the instruments of the European Spallation Source. The work has included a
number of workshops and the documentation of findings in a report. The analysis has resulted
in a HAZID protocol where the identified risks are specified with risk ranking, which can be
used in the future risk management activities at ESS. In addition, 159 recommendations have
been brought forward that need to be considered and evaluated.
Risk analysis of the accelerator, instruments and target station
Page i
TABLE OF CONTENTS
Page
1.
INTRODUCTION
1
2.
DEFINITIONS
1
3.
PURPOSE
1
4.
LIMITATIONS
2
5.
SYSTEM DESCRIPTION
5.1 Brief overview
5.1.1 Accelerator
5.1.2 Target station
5.1.3 Instruments
5.2 Containment barriers
5.3 Documents describing the system
3
3
3
4
6
8
8
6.
METHODOLOGY AND EXECUTION
6.1 Risk assessment
6.2 HAZID protocol
6.3 Sub systems
6.4 Hazards
6.5 Execution
6.6 Participants
9
10
11
13
14
14
15
7.
RESULTS
7.1 Target Station
7.2 Accelerator
7.3 Instruments
18
18
26
28
8.
DISCUSSION AND CONCLUSIONS
29
9.
REFERENCES
32
Appendix A:
Appendix B:
HAZID Protocol
Recommendations
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
1.
Page 1
INTRODUCTION
Scandpower has been assigned to carry out a qualitative risk analysis at a conceptual
design stage of the planned European Spallation Source (ESS) facility in Lund,
Sweden. This is a report of the Hazard Identification (HAZID) analysis of the facility
under normal operation and under maintenance. The top-down approach used in the
analysis is appropriate in this early design phase before the whole system structure is
decided.
2.
DEFINITIONS
Abbreviations
ATEX
Be
BEW
CDR
ESS
I&C
HAZID
He
HEBT
HVAC
(L)H2
N2
NBW
PBW
PMR
RF
RGEC
SMHI
SSE
TDR
TS
W
-
Explosive atmosphere directive
Beryllium
Beam Entrance Window
Conceptual Design Report
European Spallation Source
Instrumentation and Control
HAZard IDentification
Helium
High Energy Beam Transport
Heating, Ventilation and Air Conditioning
(Liquid) Hydrogen
Nitrogen
Neutron Beam Window
Proton Beam Window
Pre-moderator, Moderator, Reflector
Radio Frequency
Radioactive Gaseous Effluent Confinement
Sweden's Meteorological and Hydrological Institute
Safety Shutdown Earthquake
Technical Design Report
Target Station
Tungsten
For risk analysis/method terminology see chapter 6
3.
PURPOSE
The qualitative risk analysis presented in this report is carried out to identify possible
risks with the suggested conceptual design. This work ties together with future work
where more detailed assessments of risk areas will be undertaken. It also feeds into
the detailed design process in that it creates awareness of safety issues in the
proposed conceptual design.
The analysis is meant to be part of a long term risk management process in the ESS
project. Figure 3-1 presents possible future risk analysis activities tied to the design
process.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 2
Figure 3-1 - Context of current risk analysis activity (HAZID)
The work process of and the result from the risk analysis will be used to:
1. Outline where detailed assessments need to be carried out to create a better
understanding of the risks. These will typically be reported as recommendations in
the risk analysis protocol.
2. Identify the need for safety barriers in the facility
3. Help set the prerequisite for the containment barriers that need to be defined
4. Provide input to the base design of the facility. The risk analysis process of
systematically discussing the different parts of the facility generates this.
4.
LIMITATIONS
The work carried out is limited to identifying and assessing the risks at the facility
during normal operations and planned/exceptional maintenance once the facility is
operational. Specific construction/commissioning and de-commissioning risks are not
considered. The parts of the facility covered in this analysis are the target station, the
accelerator and one generic instrument. The conventional facilities, office and other
peripheral parts, as well as transport of activated material to and from the facility are
not analysed.
The identification of risks is focused on radiological risks. Other direct risks to people
and the external environment are recorded when identified, but are not systematically
sought.
The identification methodology is highly dependent on the knowledge and ability of the
participants in the workshops. The completeness of the risk identification cannot be
guaranteed from a qualitative analysis because of this, although having a wide range of
skills and knowledge represented during the workshops ensures best possible result.
The analysis was carried out over a prolonged period of time, during which design
assumptions changed and varying levels of information was available for the different
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 3
sub-systems that were studied. This means that the level of detail in the assessments
of the identified events varies between different sub-systems and operational modes.
5.
SYSTEM DESCRIPTION
5.1 Brief overview
ESS has the aim of becoming the world's leading facility for research using neutrons.
ESS will be located in Lund, Sweden, co-hosted by both Sweden and Denmark and will
be funded and operated by a partnership of 17 European countries. At full specification,
to be achieved in 2025, the ESS will deliver millisecond-long pulses of intense neutron
beams to 22 independent experimental stations. ESS will employ approximately 500
people.
Figure 5-1 - Visualisation from east. Photo credit: ESS AB
5.1.1 Accelerator
The purpose of the accelerator is to accelerate protons to very high energies and route
them into the target station. The starting point of the accelerator is an ion source that
produces protons by subjecting hydrogen gas to a strong magnetic field. The protons
are accelerated through an approximately 580m long vacuum tube resided inside a
tunnel building (see Figure 5-2). The accelerator tunnel is placed under ground level
and is covered by soil.
The protons are accelerated to close to the speed of light by electromagnetic fields
generated by klystrons situated along the accelerator. A long stretch of the accelerator
is cooled down to very low temperatures in order to use superconducting technology
(blue items in Figure 5-2). In the last stage of the accelerator (section S3 in HEBT, see
Figure 5-3) the proton beam is brought up to the same level as the target and
expanded to match a desired beam footprint.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 4
Figure 5-2 – Block diagram of the ESS accelerator (HS_2011_11_23 layout) indicating
the energy of the proton beam and the length of the accelerator. The orange items
(such as the Low Energy Bean Transport – LEBT, the Radio Frequency Quadrupole –
RFQ, the Medium Energy Beam Transport – MEBT, the Drift Tube Linac – DTL, and
the High Energy Beam Transport – HEBT) are normal conducting, while blue items (the
spoke resonators and the medium and high beta elliptical cavities) are
superconducting.
Figure 5-3 – Schematic picture of the accelerator to target (A2T) interface
5.1.2 Target station
The target station performs three key functions in a spallation neutron source:
a) transforms the proton beam radiation impinging on the heavy metal target into fast
neutrons as the desired product, and a large amount of radioactive isotopes and
radiation as largely undesirable by-products,
b) transforms the fast neutrons emitted by the target into slow neutrons via
moderators and reflectors, which are the final form of radiation provided by the
source, while further radioactive by-products are produced by the adsorption of
these neutrons by various facility components, and
c) provides intense slow neutron beams through beam ports accessible at the exit of
the target shielding for delivery and use at the neutron scattering instruments
around the target, fed by these beam ports.
In short the target station consists of the following main components (see Figure 5-4
and Figure 5-5):
1.
2.
3.
4.
the target itself, a rotating tungsten wheel
liquid hydrogen neutron moderators
water pre-moderators
beryllium reflectors
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
5.
6.
7.
8.
Page 5
Proton beam window
Neutron bream window
cooling systems
several thousand tons of shielding material inside the target monolith
Figure 5-4 - Schematic drawing of the Target Station
Figure 5-5 – General view of the target Station monolith
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 6
In addition to the above, multiple support- and ancillary systems are in place to ensure
efficient and safe operations. For more information about the system a reference is
made to the documentation listed in section 5.3.
5.1.2.1Hot Cells
The hot cells system (Maintenance cell, storage cell and decontamination cell) is
designed to maintain, process, package and store used components and other waste
items of the target station considering a rotating tungsten helium cooled target concept.
The operations are performed remotely and the cells are built to prevent unintentional
escape of radioactivity through the barriers provided by its design configuration and its
contaminated waste/components management.
The hot cells are located in the target station building, behind the monolith considering
the proton beam direction, see Figure 5-4. They are limited on the top by the high bay
floor, and on the bottom by the 2 meters concrete slab. The hot cells are composed of
2 main cells, see Figure 5-6: the processing cell and the maintenance cell. The
processing cell is used to process the irradiated wastes (cutting, package in trashes).
The maintenance cell is used to perform hands on maintenance on the active cells
equipment and eventually to perform hands on decontamination of tools or other
materials. A regular access to the maintenance cell is foreseen.
Figure 5-6 - Illustration of the hot cells showing the processing cell to the right, the
maintenance cell in the middle together with storage pits and the intra bay shielded
door (in yellow).
5.1.3 Instruments
The science at the ESS facility is carried out at a number of instruments positioned
around the target station in instrument halls; refer to Figure 5-7. Currently 22
instruments are planned with lengths varying between 12 to 300 meters. Figure 5-7
illustrates the major components present in an instrument. Along the instrument line,
there will be a number of different choppers. The heavy choppers (of type T0) are
designed to stop high energy neutrons from entering the instrument. The lighter
choppers with lesser mass are designed to shape the neutron beam. For each
instrument line, there will also be two types of neutron beam shutters. The primary
shutter positioned at the monolith interface will be designed to strongly attenuate (by a
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 7
actor 1E-6) all type of radiation coming from the target. It will be composed of a large
mass of steel and concrete. The secondary shutter positioned close to the instrument
will stop low energy neutrons and prevent gamma radiation from the target and other
secondary sources from entering the instrument.
Figure 5-7 – Preliminary neutron beamline and instrument layout (upper right) and
schematic layout of an instrument showing the main components that
were discussed during the analysis session (lower left). There will be up to
9 choppers of different types spread along the beam line as well as beam
collimators, beam monitors, slits and jaws.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 8
5.2 Containment barriers
Based on the legislative requirements in Sweden as well as good practices from
research reactors and similar facilities all over the world, the ESS facility shall be
designed with physical barriers for radioactive containment; in this report referred to as
containment barriers. These are constructed in order to contain the radioactive
inventory of the ESS facility in case of different events. The containment barriers will
not be equal with regard to strength but will be used to mitigate a possible
event/incident/accident at different parts of the facility.
The containment barriers will be defined according to the operational mode of the
facility. During maintenance flexible containment barriers can be established depending
on the type of maintenance carried out. During normal operation the barriers are
envisaged to be fixed and look as follows.
Two containment barriers are currently envisaged for the accelerator:
1st
2nd
LINAC tunnel entrance
Accelerator shielding
Three containment barriers are currently envisaged for the target station:
1st
2nd
3rd
Target envelope
Monolith envelope
Target building
Two containment barriers are currently envisaged for the instruments:
1st
2nd
Instrument shielding
Instrument building
The exact extent and layout of each of the containment barriers was not established at
the time of the analysis, as part of the purpose with the risk analysis work is to help set
the prerequisite for the containment barriers.
5.3 Documents describing the system
The risk analysis has utilised a number of information sources that describe the
analysed system. The primary ones are listed here:
-
Target Station Design Update Baseline December 2011 (Ref./1/)
ESS Conceptual Design Report (Ref./2/)
General Safety Objectives for ESS (Ref./3/)
Risk Analysis – Initiating Events (Ref./4/)
Guidance for External Events Analysis (Ref./5/)
Draft drawings from target station baselines
Draft drawings of active cells
Draft drawings of cryogenic plant
Early drafts of maintenance procedures
Early draft of Technical Design Report for active cells
Undocumented updated knowledge with the analysis team on the status of the
system
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 9
Where the design hasn't been established at the time of the analysis and more than
one design option has been under consideration, the approach has been either to
identify the risks with all the considered options or to prompt for further analysis work.
6.
METHODOLOGY AND EXECUTION
The risk analysis has been carried out with a so called Hazard Identification (HAZID)
methodology with the purpose of identifying possible hazardous events associated with
the activities at ESS. The method is qualitative and is normally used at an early stage
of a project or during a review of an existing facility (Ref./6/). The procedure is based
on a critical review of the analysed object by a group of experts with broad knowledge
about the object using experience, imagination and check lists.
The risk analysis is scenario based where the object is analysed focusing on identifying
possible accidents, incidents and disruptions with consequences to life and health, the
environment or large property damages/losses. The sought attributes of an event can
be described according to Figure 6-1. Events are typically identified by a question
arising "what if...?".
To focus the analysis, and because of the uncertainty in the conceptual design, a few
nominated attributes have been considered as required in the assessment process.
These are Top Event, Consequence and Risk Ranking. The rest of the attributes have
been captured when appropriate and feasible to do so.
Figure 6-1 - Overview of methodology and terminology
A brief explanation for each of the sought attributes in the analysis is given below
Hazard – A circumstance that can lead to undesired consequences and cause harm. If
the hazard was to be eliminated, the risk would be eliminated. Lists of hazards are
used as check lists to identify possible top events.
Top Event – An undesired event that poses a risk to people or to the environment. The
top event is typically chosen to be the situation or occurrence that happens to be
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 10
brought up by the analysis group and thus hasn't got a fixed point along the chain of
events from initiating event to final consequence.
Initiating event – An event or circumstance that is an initiating step towards a top
event occurring. A top event can have one or many initiating events. An initiating event
can trigger a top event on its own or in combination with other initiating events.
Consequence – A possible outcome from a top event that describes the impact on
people or the environment. The severity of the consequence and the probability of
having it are sought in a risk analysis.
Preventive and mitigating barrier – Safety barriers (in this report referred to simply
as "barriers") are measures that are in place to reduce the residual risk by preventing,
controlling and mitigating undesirable events. Barriers can be physical, functional,
symbolic, organisational etc. The containment barriers described in section 5.2 are of
the physical barrier type.
A preventive barrier stops the initiating event(s) from developing into the top event. A
mitigating barrier lessens the effect from a top event leading to less severe or no
consequences.
Risk – The probability of a consequence occurring combined with the severity of the
damage from the consequence.
Risk Ranking – An assessment of the risk that takes into consideration the probability
and severity of a described consequence.
6.1 Risk assessment
A qualitative estimation of the severity of a consequence and the probability of it
happening forms the basis for the risk assessment. The assessment is done through a
risk matrix (matrix assessment) where the severity and probability are weighted
together. The chosen risk matrix for ESS can be found in Figure 6-2. Three levels of
risk are defined; "Unacceptable", "Risk Reduction Recommended" and "Tolerable".
Unacceptable risks require risk reducing measures in order for the suggested design to
be accepted. Risks Reduction Recommended require a demonstration that the
suggested barriers are as effective as reasonably can be achieved considering
alternatives and additions. Tolerable risks require no additional barriers, but need to be
monitored, for example when design changes, to be kept at a low level.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 11
Figure 6-2 - Specification of the risk matrix applied
A methodology that allows for an assessment in two stages has been taken. In a first
assessment stage the impact of the barriers are not taken into consideration. This
results in an assessment with the probability of the initiating events occurring and the
severity of the worst unmitigated consequence. In a second assessment the impact of
the specified barriers are accounted for and thus the severity and the probability of the
mitigated consequence is assessed. Making two assessments allows conclusions to be
drawn with regards to strength requirements of the barriers and the criticality of having
knowledge about the frequency of initiating events.
A simplified risk ranking method is used for events where the uncertainty is significant
or where it is obvious that the risk from the identified top event is insignificant from a
radiological perspective. With this method a traffic light indication (red, yellow, green) is
directly applied to the event to indicate that the risk is Unacceptable, Risk Reduction
Recommended or Tolerable. When making a simplified risk ranking, the identified
barriers are accounted for.
It should be noted that depending on the nature of the hazards, the risk focuses on the
"first" person and for other the risk focuses on the "third" person1. Because of this, any
comparison of the risk ranking between different hazards should be performed with
precaution.
6.2 HAZID protocol
Identified top events, the associated initiating events and consequences, as well as
planned barriers are discussed and documented in a HAZID protocol.
1
Personnel working at the station are defined as 1st persons and people working or living in the proximity of the
station and with no relations to the spallation station are defined as 3rd persons (this includes also
environemental consequences).
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 12
Recommendations to reduce risks or uncertainty about the risks are given where
appropriate and possible.
Each analysed sub-system of the facility has its own section in the HAZID protocol and
the chosen columns are modified between these in order to best reflect the result from
that particular analysis session.
In order to show what the estimated consequences are with respect to impact on the
containment barriers, the HAZID protocol has columns to indicate which containment
barriers are affected. If an impact means the containment barrier is sufficiently
damaged to allow significant spread of radioactive inventory, it is shown in dark blue,
and if it has lost some of its tightness, it is shown in light blue. This only applies for the
target station in normal operation as the other parts of the facility and during
maintenance in general the containment barriers are not as well defined.
The risk assessments with and without barriers are presented under separate
headings, Risk Ranking – Before Safety Barriers and Risk Ranking – After Safety
Barriers respectively. The column P stands for Probability, C for Consequence and RR
for Risk Ranking. The simplified risk ranking is indicated in a separate column with
traffic light (red, yellow, green) that directly ranks the risk according to what is
described in section 6.1.
Some reported barriers in the HAZID protocol have a clarification with regards to being
credited protection system or not, which is done in order to keep target safety systems
separate from machine protection systems in the interface between target and
accelerator divisions.
For certain sub-systems an additional column stating the risk focus as "first" or "third"
person is used. This is to avoid confusion as to what the consequence from the event
concerns and to enable a different severity rating for the different exposed groups.
An example of the HAZID protocol structure is given in Figure 6-3.
Figure 6-3 - Example of an analysed top event in a HAZID protocol for the target
station in normal operation.
The main element in the HAZID protocol is the Top Event. Each top event can have
one or many hazards, initiating events, consequences, barriers and recommendations
associated with it. For each consequence, being a possible outcome from the Top
Event, a risk ranking is made and thus the element Containment barriers affected, Risk
Ranking – Before Safety Barriers and Risk Ranking – After Safety Barriers are
associated with a consequence, not directly to a Top Event.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 13
6.3 Sub systems
In order to systematically analyse the facility it has been divided into a number of
physical areas and associated operational mode, called sub systems, which are treated
sequentially. The list of sub systems is derived from the plant breakdown structure in
the Target Station Design Update Baseline (Ref./1/) for the target station and in
discussions with the analysis groups for the rest of the facility. One sub system is
added for the target station where overall effects from external events and common
cause failures are analysed in order to close gaps between the target station sub
systems.
The full list of sub systems used are found in Table 6-1 to Table 6-3.
Table 6-1 - Target station sub-systems
Normal
Operations
Maintenance
1-2. Target Wheel Assembly
x
x
3-4. Proton Beam Window Plug
x
x
5-6. Moderator Reflector Plug
x
x
7-8. Neutron Beam Systems
x
x
9. Monolith - Shielding, Structural Part and
Envelope
x
10. Connection Cells
x
11. High bay
x
12. Ancillaries
x
Sub-System
13. Other Target Station - maintenance
n/a
x
14. Overall Target Station - External Events and
Common Cause Failure
x
15. Active Cells
x
x
16. Accelerator to Target Interface
x
x
Table 6-2 - Accelerator sub-systems
Normal
Operations
Maintenance
17. Ion Source
x
x
18. Berm
x
x
19. Accelerator Tunnel
x
x
20. Klystron Gallery
x
x
Normal
Operations
Maintenance
x
x
Sub-System
Table 6-3 - Instruments sub-system
Sub-System
21. Instruments
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 14
6.4 Hazards
Hazards are usually 'normal' conditions in the facility - that have a potential to develop
into undesired consequences and cause harm upon initiating events - if not
safeguarded against with safety barriers. In the analysis a facility specific list of hazards
has been created as a supporting check list for the target station in operational mode.
The list of hazards follows:
-
Reactive chemicals
Hydrogen
Water
Proton Beam
Neutron Beam
Accumulated energy
Radioactive inventory
Radiation
Mass
-
Vacuum
Toxic chemicals
Inerts
Cryogenic conditions
Pressure
Heat
Combustible materials
As the hazards are primarily used to identify hazardous events other than radiological
risks and because other risks than radiological risks have not been focused on, no
attempt has been made to make further hazard lists for the other sub-systems of the
facility.
6.5 Execution
Analysis workshops have been held in January to June 2012 on several occasions.
The workshops have been led and documented by Scandpower in an analysis group
with representatives from relevant departments with expert knowledge of the facility
and the Safety, Health and Environment department.
The sub systems listed in section 6.3 have been treated sequentially in the analysis
starting with a presentation of the sub system by someone from the group who has
certain expertise/responsibility for the given area. After the presentation a hazard
identification session has followed. For the target station in operational mode the
identification of hazardous events has been supported by the check list presented in
section 6.4. For the other sub-systems, logical paths through the systems supported by
drawings or flow diagrams has been taken. For each identified top event an
assessment has been carried out and documented into a HAZID protocol.
Relevant drawings have been available on poster-size printouts or projected on
canvases to support the identification and assessment process.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 15
6.6 Participants
First Name
Surname
Title (role) /
Company
Christine
Darve
Cryogenics / ESS
AB
Mohammad
Eshraqi
Scientist
Accelerator
Division / ESS AB
Date
201112-16
201201-13
201201-20
201201-26
201201-30
201202-27
Gallimore
System Engineer /
ESS AB
Magnus
Göhran
System Engineer /
ESS AB
X
X
X
X
X
X
Thomas
Hansson
Nuclear Safety
Engineer / ESS
AB
X
X
X
X
X
X
Peter
Hees
Jacobsson
Environment /
ESS AB
Andreas
Jansson
Beam Diagnostics
/ ESS AB
Fredrik
Jörud
Fire Protection /
FNC
210650-R-002_U1 12 July 2012
201204-13
X
X
201204-23
201204-24
201205-31
201206-14
201206-18
201207-03
X
X
X
X
X
X
Group Leader
Cryogenics &
Vacuum / ESS AB
Head of Safety,
Health,
201204-12
X
Stephen
Wolfgang
201203-01
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
First Name
Cyril
Surname
Kharoua
Title (role) /
Company
Page 16
Date
201112-16
Research
Engineer Target
Division / ESS AB
X
201201-13
Kronhamn
Consultant /
Scandpower AB
X
X
Rikard
Linander
System Engineer /
ESS AB
X
X
Christian
Lundtofte
Consultant /
Scandpower AB
Ivan
Mares
Consultant /
Scandpower AB
Dave
McGinnis
RF System / ESS
AB
Per
Nilsson
System Engineer /
ESS AB
Jörgen
Persson
Tech
Infrastructure /
ESS AB
Francois
Mathieu
Pascal
Plewinski
Reungoat
Sabbogh
210650-R-002_U1 12 July 2012
Head of Target
Engineering group
/ ESS AB
Active Cells /
Research Centre
Rez
Mechanical
Engineer / ESS
AB
X
X
X
201201-26
201201-30
201202-27
201203-01
201204-12
201204-13
201204-23
201204-24
201205-31
201206-14
201206-18
201207-03
X
Jim
X
201201-20
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
First Name
Surname
Title (role) /
Company
Atefeh
Sadeghzadeh
Control Engineer /
ESS AB
Thomas
Shea
Senior Scientist
Beam
Instrumentation /
ESS AB
Page 17
Date
201112-16
201201-13
201201-20
201201-26
201201-30
201202-27
201203-01
201204-12
201204-13
201204-23
201204-24
201205-31
201206-14
201206-18
201207-03
X
X
Peter
Sievers
Target Expert /
CERN
Erik
Sunde
Consultant /
Scandpower AB
Garry
Trahern
Integrated
Controls / ESS AB
Rob
Connatser
Chief Instrument
Project Engineer /
ESS AB
X
Chopper systems
group leader /
ESS AB
X
Ian
Sutton
210650-R-002_U1 12 July 2012
X
X
X
X
X
X
X
X
X
X
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
7.
Page 18
RESULTS
The raw results from the risk analysis are presented in HAZID protocols in Appendix A
and Recommendations in Appendix B.
The recommendations were categorised after the analysis and a category breakdown
is presented in Figure 7-1.
Figure 7-1 – Summary of the recommendations given throughout the analysis. It shows
the categories and subcategories that the recommendations have been
split into. It also shows the number of recommendations for each category
and subcategory.
The results in the following sections are split between the target station, the accelerator
and the instruments and focus on the identified risk events and their assessed risk level
in a summarized form.
7.1 Target Station
This section includes a summary of the results from the risk analysis of the target
station. In Table 7-1, Table 7-2 and Table 7-3 the number of assessed events at the
different risk levels are presented.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 19
Table 7-1 shows the number of risk ranked events that have been assessed as
Unacceptable, Risk Reduction Recommended or Tolerable. The table also shows the
number of events where safety barriers have been considered in the assessment (postbarrier matrix assessment), the number of events where safety barriers haven't been
considered in the assessment (only pre-barrier assessment) and the number of events
where a matrix assessment haven't been done at all and a simplified risk ranking has
been applied instead. The events summarised in the first two columns of Table 7-1 are
then further split up according to the matrix assessments made in Table 7-2 and Table
7-3.
Table 7-4 to Table 7-7 list the number and the description of all the events that have
been assessed as Unacceptable or with Risk Reduction Recommended in the analysis.
Table 7-4 lists the events deemed as Unacceptable with consideration taken to safety
barriers. Table 7-5 lists the events where no assessment has been made that
considers any barriers, but where the assessments without barriers have been
Unacceptable. Table 7-6 lists the events with Risk Reduction Recommended when
consideration has been taken to safety barriers. Table 7-7 lists the events where no
assessment has been made that considers any barriers, but where the assessments
without barriers have been that Risk Reduction Recommended.
Towards the end, two tables provide summaries that aren't directly specifying the
assessed risk level. Table 7-8 presents the number of consequences leading to
damage of each of the specified containment barriers for the target station during
normal operations. Finally Table 7-9 lists the specified safety barriers that relate to
instrumentation and control.
Table 7-1 - This table is an overview of all the assessed events in the target station
analysis. The numbers in the cells show the number of events assessed
to different risk levels and has a split between the varying levels of detail
in the event assessments.
OnlypreͲbarrier
WithpostͲ
Simplifiedrisk
RiskRankingLevel
matrix
Total
barriermatrix
ranking
assessment2
assessment3
9
3
2
14
Unacceptable
RiskReduction
28
8
29
65
Recommended
10
30
43
83
Tolerable
47
41
74
162
Total
2
3
These are further specified in Table 7-3
These are further specified in Table 7-2
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 20
Table 7-2 – This table shows the number of events in the analysis where a given matrix
assessment was made taking safety barriers into consideration (a postbarrier assessment).
Table 7-3 - This table shows the number of events in the analysis where a given matrix
assessment was made where safety barriers weren't taken into
consideration (a pre-barrier assessment).
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 21
Table 7-4 - List of events at Unacceptable level where barriers have been taken into
consideration explicitly (post-barrier assessment) in either a matrix
assessment or a simplified risk ranking. If the hazard is related to a 1st
person, this is indicated in parenthesis.
Nbr. Top Event
2.6
Dropping of W-wheel
6.7
Dropping of cooled steel shielding blocks
6.10
Dropping of MR plug (1st)
10.4
Leakage in heat exchanger from primary LH2 to interm. He circuits
10.7
Leakage of H2O in interm. circuit
Table 7-5 - List of events at Unacceptable level where barriers haven't been taken into
consideration (only pre-barrier assessment). If the hazard is related to a
1st person, this is indicated in parenthesis.
Nbr. Top Event
5.1
Local overheating of the Be reflector
5.2
Misalignment of the beam hitting the MR plug (3 consequences from this top
event)
5.7
Water leak from MR plug
12.12
Bypass of filtering system (RGEC)
12.13
Leaking pipes after filters (RGEC)
12.16
Poor performance of filtering system (RGEC)
14.12
Lightning
Table 7-6 - List of events with Risk Reduction Recommended where barriers have
been taken into consideration explicitly (post-barrier assessment) in either
a matrix assessment or a simplified risk ranking. If the hazard is related to
a 1st person, this is indicated in parenthesis.
Nbr. Top Event
1.4
Wheel stops instantaneously
2.2
Leakage of gas and dust when opening first barrier, removing equipment
from shaft - opening the gas circuits (1st)
2.7
Dropping of W-wheel
4.1
Release He (slightly/highly contaminated) into the connections cells during
maintenance work (1st)
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 22
Nbr.
Top Event
4.3
Opening the lid while PBW plug is still pressurized (1st)
4.5
Unexpected activated shielding during lifting (1st)
4.8
Unintentional opening/leaking of downstream valve after that the PBW is
removed
4.9
Plug gets stuck at vertical guide during the lift (1st)
4.11
Maintenance of the horizontal flange between proton beam window and 2nd
barrier valve upstream of proton beam window (1st)
5.1
Local overheating of the Be reflector
5.5
All containments out of two or three of the cryogenic circuit ruptures
6.3
Dropping of non cooled steel shielding blocks
6.5
Person falls from the connection cells on to cooled steel shielding block
when the non cooled shielding block has been removed (1st)
6.9
MR-plug gets stuck (can't be pulled out remotely) when being pulled out from
close to target wheel (1st)
6.13
High temperature in MR plug when being pulled up (1st)
6.16
Failure of cask containment (1st)
6.17
Cask deviates from transport route (1st)
6.19
Failure to close all monolith lids/hatches in connection cell during
maintenance procedures (1st)
6.20
Failing to evacuate personnel from connection cells when inserting
component block back into the monolith e.g. MR plug (1st)
8.1
NBW damage or removed during maintenance operation (1st)
8.3
Personnel need to take manual action (1st)
8.4
Drop handling flask while moving to Hot Cells
8.5
Damaging other components inside monolith when putting a guide back in
place
12.3
Malfunction of irradiation plugs (mechanical failure or lost cooling)
12.8
Loss of coolant for tuning beam dump system (when in used)
12.9
Full power pencil or distributed beam on beam dump system
12.10
Target Station Specific control system – classified
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 23
Nbr.
Top Event
13.1
Personnel enters connection cells without sufficiently low activity level having
been reached (1st)
13.2
Extraction of water-cooled block situated below Target
14.16
Impact from heavy (e.g. radiological waste) transportation within site.
14.18
Office/support buildings fire
15.4
The cask is moved while doors unintentionally are left open (1st)
15.9
Intra bay shielding door between maintenance cell and process cell is
opened when cutting the target wheel and there is a person in the
maintenance cell (1st)
15.10
Failure associated with transporting the cask away from maintenance cell
(1st)
15.12
Explosion of escaped residual hydrogen in MR-plug (1st)
15.14
Ventilation/pressure cascade system in active cell fails
15.15
Personal protection equipments for decontamination personnel fail (1st)
Table 7-7 - List of events with Risk Reduction Recommended where barriers haven't
been taken into consideration (only pre-barrier assessment made). If the
hazard is related to a 1st person, this is indicated in parenthesis.
Nbr. Top Event
1.2
Loss of helium cooling of target wheel - with release of helium
1.6
Wheel stops with simultaneous loss of cooling
3.2
Leak of helium cooling fluid of the proton beam window
3.5
Debris hits the proton beam window from the accelerator side
5.1
Local overheating of the Be reflector
5.2
Misalignment of the beam hitting the MR plug
5.3
Pencil beam hits outside the wheel - hits the MR plug.
5.4
First containment out of two or three of the cryogenic circuit ruptures
5.6
Proton beam hits outside the wheel - hits the gap between the wheel and the
plug
5.8
Loss of vacuum in MR plug
7.3
NBW rupture, assuming air outside of the window
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 24
Nbr.
Top Event
7.4
NBW rupture, assuming vacuum outside of the window
7.6
Unintentional closing of beam shutter
7.7
False indication of shutter being open when closed
9.1
Shaking/rattling monolith steel blocks. Dislocation and rupture of the
envelope.
9.2
Dislocation and rupture of the envelope by external aggressors
9.6
High pressure in monolith from other initiating event
9.11
Unexpected static forces on target
10.2
Leakage in heat exchanger between primary PBW He and interm. H2O
circuits
10.3
Leakage in heat exchanger to monolith He from interm. H2O circuits
12.12
Bypass of filtering system (RGEC)
12.13
Leaking pipes after filters (RGEC)
12.14
Uncontrolled deltaP (RGEC)
12.16
Poor performance of filtering system (RGEC)
14.4
Explosion within plant, but outside Target Station.
14.13
Air plane (Boeing 737) crash on Target station.(2 consequences from this top
event)
14.14
Safety shutdown earthquake (SSE)
Table 7-8 - Number of consequences affecting containment barriers – only for target
station in normal operation
Table 7-9 Safety barriers relating to Instrumentation and Control
Safety barrier
Place(s) used
Automatic shutdown of proton beam
210650-R-002_U1 12 July 2012
Top Events: 1.1, 1.2, 1.3, 1.4,
1.5, 1.6, 1.7, 3.1, 3.2, 3.3,
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 25
Safety barrier
Place(s) used
5.1, 5.2, 5.3, 5.4, 5.5, 5.6,
5.7, 5.8, 7.1, 7.3, 7.5, 9.1,
9.2, 9.3, 9.4, 9.5, 9.6, 9.8,
9.9, 9.10, 10.1, 10.2, 10.3,
12.8, 14.14
Monitoring of helium flow in cooling circuit.
Top Events: 1.1, 1.2
Target beam monitoring system
Top Events: 1.3
Target instrumentation monitoring
Top Events: 1.5, 1.7
Synchronisation control
Top Events: 1.5
Monitoring
Top Events: 2.2, 2.3, 2.4, 2.6,
2.7
Monitoring load cell
Top Events: 2.6, 2.7, 6.3, 6.4,
6.7, 6.8, 6.10, 6.11
Valve upstream of proton beam window shuts on
failure to protect against spread of secondary
inventory
Top Events: 3.1, 3.2
Monitoring of the PBW helium cooling circuit
Top Events: 3.1, 3.2
Pressure is monitored but the accuracy is not
enough to detected slight overpressure.
Top Events: 4.3
Pressure is monitored but the accuracy is not
enough to detected slight underpressure.
Top Events: 4.4
Monitor activity of shielding
Top Events: 4.5
Controlled access to lifting area
Top Events: 4.5
Monitoring load cell
Top Events: 4.10
MR monitoring instruments - monitors the cooling
flow (not the temperature).
Top Events: 5.1, 5.3, 5.6, 5.7
Rupture disk to relief overpressure in monolith.
Top Events: 5.2
Target instrumentation - detecting broken vacuum
Top Events: 5.2, 5.4, 5.5
He is injected in the water stream to allow detection
of water in vacuum.
Top Events: 5.2
Stopping of the flow in circuit
Top Events: 5.4, 5.5
Video camera
Top Events: 6.20
Warning siren
Top Events: 6.20
Monitoring of pressure in the monolith
Top Events: 7.1, 7.3, 9.5, 9.6,
9.8, 9.9, 9.10, 10.3
Monitoring during startup and commissioning would
detect this problem and rectify before starting
operations.
Top Events: 7.2
Monitoring of the active content / contamination of
helium
Top Events: 7.3, 7.5, 9.4, 9.8,
9.9, 10.3
Shutdown of neutron guide vacuum system on
failure.
Top Events: 7.4
Redundant cables, springs and other control
systems mitigating against the event
Top Events: 7.6
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 26
Safety barrier
Place(s) used
Check tightness before reconnection with gas
Top Events: 8.2
Personal protection equipment
Top Events: 8.3
Control of heavy lifting
Top Events: 8.4
Regular pressure testing of monolith
Top Events: 9.4
Monitoring of temperature in the monolith
Top Events: 9.8, 9.9, 10.3
Monitoring of radiation activity in the monolith
Top Events: 9.8, 9.9
Alignment of monitoring systems
Top Events: 9.11
Monitoring activity in intermediate loop.
Top Events: 10.1, 10.2
Loss of pressure indicator.
Top Events: 10.1
Monitoring activity of intermediate loop.
Top Events: 10.3
Misalignment of proton beam will be detected and
the ion source will automatically shut off.
Top Events: 11.4
Activity monitoring of ventilation system.
Top Events: 12.5
Controlled entrance: ID, permits, double doors
Top Events: 13.1
Monitoring of activity in Connection Cells
Top Events: 13.1
Monitoring systems
Top Events: 15.5
Alarm system to indicate that door has been
opened when it shouldn't
Top Events: 15.9, 15.13
7.2 Accelerator
This section includes a summary of the results from the risk analysis of the accelerator.
In Table 7-10 and Table 7-11 the numbers of assessed events at the different risk
levels are presented.
Table 7-10 shows the number of risk ranked events that have been assessed as
Unacceptable, Risk Reduction Recommended or Tolerable. The table also shows the
number of events where safety barriers have been considered in the assessment (postbarrier matrix assessment), the number of events where safety barriers haven't been
considered in the assessment (only pre-barrier assessment) and the number of events
where a matrix assessment haven't been done at all and a simplified risk ranking has
been applied instead. The events summarised in the second column of Table 7-10 are
then further split up in Table 7-11 according to the matrix assessments made in the
analysis.
Table 7-12 and Table 7-13 list the number and the description of all the events that
have been assessed as Unacceptable or with Risk Reduction Recommended in the
analysis.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 27
Table 7-10 - This table is an overview of all the assessed events in the accelerator
analysis. The numbers in the cells show the number of events assessed
to different risk levels and has a split between the varying levels of detail
in the event assessments.
OnlypreͲbarrier
WithpostͲ
Simplifiedrisk
RiskRankingLevel
matrix
barriermatrix
Total
ranking
assessment
assessment
0
2
2
4
Unacceptable
RiskReduction
0
6
8
14
Recommended
0
3
11
14
Tolerable
0
11
21
32
Total
Table 7-11 - This table shows the number of events in the analysis where a given
matrix assessment was made taking safety barriers into consideration (a
post-barrier assessment).
Table 7-12 - List of events at Unacceptable level where barriers have been taken into
consideration explicitly (post-barrier assessment) in either a matrix
assessment or a simplified risk ranking. If the hazard is related to a 1st
person, this is indicated in parenthesis.
Nbr. Top Event
16.2
First bending magnets fail at full power
16.3
Second bending magnet fail at full power
19.1
The interlock system is defeated during a shorter proton beam stop. An
unauthorized person is in the accelerator tunnel (1st)
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 28
Nbr.
Top Event
19.2
The interlock system is defeated after a longer proton beam stop. An
unauthorized person is in the accelerator tunnel (1st)
Table 7-13 - List of events with Risk Reduction Recommended where barriers have
been taken into consideration explicitly (post-barrier assessment) in either
a matrix assessment or a simplified risk ranking. If the hazard is related to
a 1st person, this is indicated in parenthesis.
Nbr. Top Event
16.5
Hitting the collimator with concentrated high power beam
16.6
Hitting the collimator by offsetting the beam footprint (lower energy than
event above)
16.7
Fire of graphite in beam dump
16.12
Maintenance of components in the last downstream part of the HEBT (S3
segment) (1st)
16.13
Failure to put gamma shutter in place after tuning (1st)
16.16
High temperature in beam dump/collimator/instrumentation package when
being pulled up
18.1
Damage to berm caused from soil work on the berm - for example in
connection to the installation of a signal cable
19.3
Personnel gets radiated through contact with radioactive material in tunnel
(1st)
19.4
Contaminated material is brought out of the accelerator tunnel
19.7
Someone enters the tunnel when beam is on (1st)
20.1
Personnel gets a direct view of the accelerator tunnel while operational (1st)
20.2
Radiation from X-rays in Klystron gallery (1st)
20.3
Radiation from X-ray in the tunnel if klystrons are on when accelerator beam
is turned off (1st)
20.4
Shielding of the wave guides is modified and forgotten to be putted back
(there are numerous shields) (1st)
7.3 Instruments
This section includes a summary of the results from the risk analysis of the
instruments.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 29
Table 7-14 shows the number of risk ranked events that have been assessed as
Unacceptable, Risk Reduction Recommended or Tolerable. The table also shows the
number of events where safety barriers have been considered in the assessment (postbarrier matrix assessment), the number of events where safety barriers haven't been
considered in the assessment (only pre-barrier assessment) and the number of events
where a matrix assessment haven't been done at all and a simplified risk ranking has
been applied instead.
Table 7-15 and Table 7-16 list the number and the description of all the events that
have been assessed as Unacceptable or with Risk Reduction Recommended in the
analysis.
Table 7-14 - This table is an overview of all the assessed events in the instruments
analysis. The numbers in the cells show the number of events assessed
to different risk levels and has a split between the varying levels of detail
in the event assessments.
WithpostͲ
OnlypreͲbarrier
Simplifiedrisk
Total
barriermatrix
RiskRankingLevel
matrix
ranking
assessment
assessment
0
0
2
2
Unacceptable
RiskReduction
0
0
1
1
Recommended
0
0
3
3
Tolerable
0
0
6
6
Total
Table 7-15 - List of events at Unacceptable level where barriers have been taken into
consideration explicitly (post-barrier assessment) in either a matrix
assessment or a simplified risk ranking. If the hazard is related to a 1st
person, this is indicated in parenthesis.
Nbr. Top Event
21.1
False indication of shutter being closed when open (1st)
21.5
Unexpected opening of neutron beam shutter while personnel working in
detector or sample area (1st)
Table 7-16 - List of events with Risk Reduction Recommended where barriers have
been taken into consideration explicitly (post-barrier assessment) in either
a matrix assessment or a simplified risk ranking. If the hazard is related to
a 1st person, this is indicated in parenthesis.
Nbr. Top Event
21.4
8.
Maintenance of heavy choppers (1st)
DISCUSSION AND CONCLUSIONS
The risk analysis presented in this document has been a step in the ESS risk analysis
process. It shall be seen as the first step of a continuous process going along the
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 30
whole ESS project; construction, commission, operation and decommission. The
identified risks shall not been seen as final but as a working list of potentially hazardous
events that need to be managed in the future design work and eventually in operation
of the facility. The results are presented in HAZID protocols and summarised in section
7 of this report.
Uncertainty
As the design is at a conceptual stage, the processing of the event chains has been
challenging at times and led to risk assessments associated with significant
uncertainty. Uncertainties are inherent to the current stage of the design process and
have been handled and highlighted in the analysis by:
1) Using two levels of risk matrix assessment where possible and practicable, one
with safety barriers in place and one without
2) Recommending future detailed assessments to gain more knowledge about the
system and hazardous event mechanisms
For several events it hasn't been possible or meaningful to make an assessment both
before and after accounting for barriers, which also relates to uncertainty in the design.
For those events a simplified risk assessment has been made.
The intense design process at ESS has meant that the facility layout and system
design has changed during the risk analysis and it has proven to be a challenge to
keep the original system definition fixed when identifying hazardous events. The
uncertainty in the design has also varied between the different parts of the facility as
some parts are based on more novel technology than others. This brought together has
meant that the consistency of the applied methodology and reporting has been less
than expected. The overall result of the analysis is still considered to be of good quality
and purposeful.
Recommendations
Recommendations to help decrease uncertainty and manage the risks have been given
throughout the analysis associated with the identified events. The summary in Figure
7-1 shows that most recommendations were with regards to further risk analysis and
radiological calculations.
In retrospect further generic recommendations, based on the risk ranking done, have
categorically been added to events to highlight the ones that need special attention.
This has been done according to what is outlined in Figure 8-1.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
Page 31
Figure 8-1 – Generic recommendations based on the risk ranking.
In addition to recommendations that decrease uncertainty, a number of firm
recommendations for improving safety have been proposed. It should be ensured that
all of the recommendations brought forward in this analysis are considered.
Conclusions
Further work has to be done in order to expand the list of barriers (actual systems,
instructions, safety culture) and to verify their effectiveness, especially for risks that are
labelled "Unacceptable". Ffor low frequency combined with severe consequences it will
be crucial to demonstrate that the barriers ensuring a low frequency have high integrity
levels. To achieve this, it would be helpful to use agreed risk acceptance criteria
ensuring adequate risk reduction levels. An important note is that the lists of barriers
and initiating events are not necessarily exhaustive from this analysis. The lists capture
possible barriers and can be used to aid in more detailed barrier analysis in the future.
The result of the analysis clearly indicates the need of developing the risk matrix. The
risks, which today are classified as unacceptable, vary in consequences from personal
injuries of the ESS staff/visiting scientist to possible effects of people outside the ESS
site.
An overall recommendation is to continue the risk management process when the
technical design report is finalised with a more systematic and process oriented risk
analysis e.g. hazard and operability analysis (HAZOP). This would help ensure that
risks are being handled and that introduced new risks are managed at a tolerable level.
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group
Risk analysis of the accelerator, instruments and target station
9.
Page 32
REFERENCES
/1/
Plewinski F., "Target Station Design Update Baseline December 2011", EDMS ID
Number 1166507 v.2, ESS, 2011
/2/
Peggs S., "ESS Conceptual Design Report", ISBN 978-91-980173-0-4, 2012
/3/
Jacobsson P., "General Safety Objectives for ESS", EDMS ID Number 1148774
v.A5, ESS, 2011
/4/
Jacobsson P., "Risk Analysis – Initiating Events", v. A3, 2011
/5/
Knochenhauer M., "Guidance for External Events Analysis", SKI Report 02:27,
ISSN 1104–1374, 2003
/6/
ISO Standard " Petroleum and natural gas industries — Offshore production
installations — Guidelines on tools and techniques for hazard identification and
risk assessment", 17776:2000
210650-R-002_U1 12 July 2012
Scandpower is a member of the Lloyd's Register Group

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz