e-learning view The Manual here
DEFENCE IN DEPTH
Defence in depth: facilities

DEFENCE IN DEPTH - SAFETY LAYERS APPROACH

 

This slide shows the approach to rating events affecting defence in depth at facilities.
It is known as the 'layer approach', because the various safety provisions are grouped into layers.

For example, an entry control system based on a couple of interlocks is a layer. A ventilation system to avoid contamination spread or to filter radioactive material is a layer. Two independent cooling systems, on the other hand, would be two layers.

Other safety layers could include

  • Interlocks
  • Leak detection
  • Physical barriers
  • Activity detectors
  • Personal dosimeters

The most difficult part of this methodology is being clear on what is a safety layer. Section 6.2.2.1 in the Manual gives quite a bit of guidance and you should read that now.

6.2.2.1. Identifying safety layers
There are a wide range of safety provisions used in the different facilities covered by this section. Some of these may be permanent physical barriers, others may rely on interlocks, others may be active engineered systems such as cooling or injection systems, and others may be based on administrative controls or actions by operating personnel in response to alarms. The methodology for rating events involving such a wide range of safety provisions is to group the safety provisions into separate and independent safety layers. Thus, if two separate indications are routed through a single interlock, the indications and interlock together provide a single safety layer. On the other hand, if cooling is provided by two separate 100% pumps, it should be considered as two separate safety  layers, unless they have a common nonredundant support system.

When considering the number of safety layers, it is necessary to ensure that the effectiveness of a number of separate hardware layers is not reduced by a common support system or a common action by operating personnel in response to alarms or indications. In such cases, although there may be several hardware layers, there may be only one effective safety layer.

When considering administrative controls as safety layers, it is important to check the extent to which separate procedures can be considered independent and to check that the procedure is of sufficient reliability to be regarded as a safety layer. The time available is considered to have a significant impact on the reliability that can be claimed from operating procedures.

Safety layers can include surveillance procedures, although it should be noted that surveillance alone does not provide a safety layer. This means the implementation of corrective actions is also required. It is difficult to give more explicit guidance, and inevitably judgement must be used. In general, a safety layer would be expected to have a failure rate 108 approaching 10-2 per demand. To help in the identification of the number of independent safety layers, the following  list gives some examples of safety layers that may be available, depending on the circumstances of the event and the design and operational safety justification for the facility:
- Electronic personal alarming dosimeters - provided that the personnel are trained in their use, that the dosimeter is reliable and that personnel can and will respond appropriately and quickly enough;
- Installed radiation and/or airborne activity detectors and alarms - provided that they can be shown to be reliable and that personnel can and will respond appropriately and quickly enough;
- Presence of a Radiation Protection Technician to detect and alert others to any abnormal levels of radiation or the spread of contamination;
- Leak detection provisions, such as containment, which direct materials to a sump provided with appropriate level measuring  instrumentation and/or alarms;
- Surveillance by operating personnel  to provide assurance of the safe condition of the facility, provided the surveillance frequency is adequate to identify performance shortfalls, and that the corrective actions required will be reliably carried out;
- Ventilation systems that encourage airborne activity to move through the facility in a safe and controlled manner;
- Shield doors and interlock entry systems;
- Natural ventilation, ‘stack effect’ or passive cooling/ventilation;
- Actions, instructions or routines that have been developed to mitigate consequences;
- Provision of a diverse system, provided there are not common aspects in supply or control systems;
- Provision of redundancy, provided there is not a non-redundant support system;
- Inerting gas systems as a means of mitigating the evolution of hydrogen in some radioactive waste storage facilities.