e-learning view The Manual here
DEFENCE IN DEPTH
Defence in depth: facilities

FURTHER ISSUES RELATED TO SAFETY LAYERS

 

So far, only the basic approach to rating events at facilities has been discussed, but we need to consider three more detailed issues.

'High integrity safety layers'
Time available
How to treat availability of containment

We’ll start with high integrity safety layers.
You must now read section 6.2.2.3 of the Manual for a clear explanation of high integrity safety layers before continuing to the next page.

6.2.2.3 High integrity safety layers

In some situations, a high integrity safety layer may be available (e.g. a reactor pressure vessel or a safety provision based on proven and naturally occurring passive phenomena, such as  convective cooling). In such cases, because the layer is demonstrated to be of extremely high integrity or reliability, it would clearly be inappropriate to treat such a layer in the same way as other safety layers when applying this guidance.

A high integrity safety layer should have all the following characteristics:
- The safety layer is designed to cope with all relevant design basis faults and is explicitly or implicitly recognized in the facility safety justification as requiring a particularly high reliability or integrity;
- The integrity of the safety layer is assured through appropriate monitoring or inspection such that any degradation of integrity is identified;
- If any degradation of the layer is detected, there are clear means of coping with the event and of implementing corrective actions, either through pre-determined procedures or through long times being available to repair or mitigate the fault.

An example of a high integrity layer would be a vessel or a vault. Administrative controls would not normally meet the requirements of a high integrity layer though, as noted in Section 6.2.2.4, certain operating procedures can also be regarded as high integrity safety layers if there are very long timescales available to perform the actions required, to correct errors by operating personnel should they occur, and if there are a wide range of available actions.