Main Section 5

Return to the Main Document

5. DESCRIPTION OF THE PRECLOSURE SAFETY ASSESSMENT

This section describes the analytical methods and summarizes the results of the preclosure safety assessment for a potential repository at Yucca Mountain. Section 5.1 describes how facilities and systems for the potential repository would use established commercial technologies and nuclear industry technologies to reduce the risk of Category 1 and Category 2 event sequences, since these technologies are well understood. Section 5.2 describes the approach used in assessing the preclosure operational safety of a potential repository at Yucca Mountain. It also discusses event identification, event sequence categorization, event sequence consequence analysis, use of features and controls important to radiological safety, and quality assurance classification. Section 5.3 provides a description of events and the results of consequence analyses and evaluations. Section 5.4 describes the testing and evaluation program planned for the potential repository's preclosure period.

5.1 KNOWN TECHNOLOGY AND OPERATING SYSTEMS

A repository at Yucca Mountain would use commercial and nuclear industry technologies for preclosure construction and operations. The methods these technologies use to reduce the risk of event sequences are well understood.

Over the past 50 years, large nuclear facilities have been designed, constructed, and operated by the commercial nuclear industry and the U.S. government. Incorporated into the design of these facilities are features and controls that prevent or reduce the consequences of accidents. The repository design draws upon this extensive experience and is based on proven technology in use at nuclear installations worldwide. For example, high-efficiency particulate air filters have been used for many years to reduce atmospheric emissions from nuclear facilities. Monitoring systems have also been used for many years to measure atmospheric effluents. Computer codes to estimate exposure from effluents have been developed and are widely used. The principles of radiation shielding are well known, and computer codes are available to aid in shielding design. The principles of time, distance, and shielding are used to keep radiation doses as low as is reasonably achievable (ALARA) (e.g., Health Physics Manual of Good Practices for Reducing Radiation Exposure to Levels that are As Low As is Reasonably Achievable [Munson et al. 1988]).

Spent nuclear fuel transportation casks are routinely loaded and unloaded in the United States. Heavy loads are routinely moved by bridge cranes at nuclear facilities, as they would be at a repository at Yucca Mountain. Across the United States, commercial nuclear power reactors currently operate spent nuclear fuel pools. At all operating nuclear plants, handling spent nuclear fuel is a routine activity. For example, from 1968 to 1994, about 105,000 spent nuclear fuel assemblies were discharged from commercial nuclear power reactors (DOE 1996b, Table 5). The lessons learned from these experiences would be incorporated into the design and concept of operations for any repository.

5.2 BASIC SAFETY ASSESSMENT METHOD

The two basic elements of any safety assessment are event identification and consequence analysis. The first element involves performing a systematic review of relevant site and facility features and processes in order to define the types of events that can occur. Events identified include the full range of probable events, from normal operational events that might occur to very low-probability events. Events are identified by first evaluating potential hazards applicable to the site and facility design, then developing a detailed site- and design-specific event scenario in which event sequences are defined and the anticipated frequency of occurrence of events is established. Based on the frequency of occurrence, events are categorized as Category 1 or Category 2 event sequences. Event sequences with lower frequencies of occurrence are considered beyond Category 1 and Category 2 event sequences and were not analyzed further. The second element of the safety assessment involves estimating the consequences of the event sequences that are identified as a Category 1 or Category 2 event sequences in the first process.

The safety assessment performs an important role in the design process. It plays a key role in the identification of facility design features and controls important to safety and is a primary input to the quality assurance classification process. In some cases, alternative design approaches or additional design features may be identified based on safety assessment results, which are then considered as part of an iterative design process. Based on the insights and results obtained from the safety assessment, the acceptability of the design can be established.

5.2.1 Event Identification Process

Events are identified based on a review of repository site characteristics, facility design features, and operational processes to be performed. An analysis of the internal and external hazards associated with preclosure operations is performed. Internal hazards are presented by the operation of the facility and associated processes. External hazards involve natural phenomena and outside man-made hazards, such as those posed by aircraft and nearby government or industrial facilities. The methodology used in the event identification analysis provides a systematic means to identify facility hazards and associated events that may result in radiological consequences to the public and workers during the repository preclosure period.

The first step in the hazard identification process is to develop a list of generic internal and external events that could result in radiological consequences to the public or workers. This generic list is not facility-specific and attempts to identify potentially hazardous events by providing a comprehensive list of possible events. The generic lists developed for the internal and external hazard analyses are based on established hazard evaluation techniques (Stephans and Talso 1997; American Institute of Chemical Engineers 1992). Tables 5-1 and 5-2 list these generic internal and external events.

Once the site characteristics, facility design, and operational processes are defined, they are evaluated against specified criteria to determine the credibility of generic hazard events that could result in radiological consequences. Event applicability criteria are developed for the generic events to support the applicability determination. If the criteria are satisfied, the generic event has the potential for a radiological consequence and is added to a list of specific initiating events to be considered in the design and safety analysis.

The criteria used to determine the applicability of internal hazards as initiators of event sequences are listed below for each event category. Applicability to a functional area of design is determined by a positive response to all questions within a hazard category or subcategory, as appropriate:

Collision/Crushing
1. Is kinetic or potential energy present?
2. Can the kinetic or potential energy be released in an unplanned way?
3. Can the release of kinetic or potential energy interact with the waste form?
Chemical Contamination/Flooding
1. Reactions
  1. Are corrosive/reactive chemicals or materials present?
  2. Can these chemicals or materials be released?
  3. Can the chemicals or materials interact with the waste form?
2. Off-Gassing
  1. Are volatile/condensable materials present?
  2. Can these materials be released?
  3. Can these materials interact with the waste form?
3. Venting
  1. Is there a potential for venting materials in the area?
  2. Can the materials interact with the waste form?
4. Debris/Leaks
  1. Is there a potential for debris or leaks in the area?
  2. Can the debris or fluids interact with the waste form?
5. Flooding
  1. Are sources of water present in the area?
  2. Is there a potential to release the water?
  3. Can the released water interact with the waste form with the potential for criticality?
Explosion/Implosion
1. Are pressure and electrical, chemical, or mechanical energy present?
2. Can an event occur that results in an explosion or implosion energy release?
3. Can the released energy impact the waste form directly?
Fire
1. Are fuel, oxidizers, and ignition sources present?
2. Is there sufficient fuel and oxidizer to sustain fire?
3. Can fire interact with the waste form?
Radiation/Magnetic/Electrical/Fissile
1. Are radiation/magnetic/electrical energy sources present external to the waste form? Is fissile material present?
2. Is a mechanism present to release radioactive/magnetic/electrical energy?
3. Can the release of radiation/magnetic/electrical energy interact with the waste form? Can fissile material be arranged, through operational processes, in a way that will result in criticality?
Thermal
1. Are external heat energy sources present?
2. Can heat energy be released?
3. Can the heat energy affect the waste form?

The criteria used to determine the applicability of external events as initiators of event sequences are listed below. The external event is considered a potential initiator of an event sequence if all of the following are determined to be true:

The potential exists and is applicable to the Yucca Mountain site.
The rate of the process is sufficient to affect the 100-year operational period. (Example: Is erosion expected to occur at the repository during the 100-year operational phase?)
The consequence of the process is significant enough to affect the 100-year operational period. (Example: Can the consequences of erosion lead to a radiological release at the repository during the 100-year operational phase?)
The event frequency is greater than or equal to 0.000001 events per year. (Example: Is any event associated with erosion expected to occur at a rate greater than or equal to once in a million years?)

If all the above statements are true for any external event, then the event is considered applicable. If any one of the above statements is false for any external event, the event is not considered applicable. If any statement is indeterminate (i.e., its validity cannot be determined at this time), the statement is treated as true and cannot be screened out at this point.

To evaluate the design and operations for the preclosure period, the period to be evaluated must be defined. The process described above used a 100-year operational phase for the higher-temperature operating mode, but the same process is valid for lower-temperature operating modes that have longer preclosure operational phases. Depending on the thermal operating mode, the preclosure period could be longer (see Section 2.1.5.2, Table 2-2) (BSC 2001f). An operational period of 100 years was selected as the duration to be used in the evaluation since it bounds the emplacement period for the range of thermal operating modes. The handling of waste in the surface and subsurface facilities is expected to last a minimum of 24 years (see Section 2.3.4.5). A 100-year preclosure period bounds surface and subsurface facilities operations and is conservative for classifying events as Category 1 and Category 2 event sequences. For example, using a 24-year period would result in a Category 1 cutoff at 4.2

10^-2 per year and potentially allow more event sequences to be compared with the less restrictive Category 2 dose limits. After the operational phase, when the waste has been emplaced in the subsurface facility, the potential for internal and external events is still possible. Assuming a preclosure period of 325 years would lower the Category 1 cutoff to 3.1

10^-3 per year and lower the Category 2 cutoff to 3.1

10^-7 per year. However, it was determined that with a 325-year preclosure period, no new events would be included (BSC 2001f, Section 4.4.1.2.1). Note that Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) describes Category 1 and Category 2 design basis events. There is no difference between Category 1 and Category 2 design basis events and Category 1 and Category 2 event sequences.

5.2.2 Event Sequence Categorization Process

The result of the event sequence identification process is a list of event sequences with a corresponding frequency of occurrence. The frequency of occurrence for each event sequence is determined using fault tree analysis or data from historical events. The frequency of occurrence is usually expressed in terms of the chance of the particular event sequence occurring during facility operations, for example, "3 chances in 100 of occurring before permanent closure of the repository." In this example, if the repository operates for 100 years and the event sequence frequency is uniform over the entire period, it can be expressed as 0.0003 per year or 3.0

10^-4 per year. Initially, when postulating the event sequence, no credit is given to design features that could prevent or mitigate the event (i.e., the most severe consequences are evaluated). If the radiation dose consequences of an event sequence are unacceptable, design features are added to prevent or mitigate the event.

Based on frequency of occurrence, event sequences are categorized as a Category 1 or Category 2 event sequence or beyond Category 1 and Category 2 event sequences, consistent with 10 CFR 63.2 (66 FR 55732). Category 1 event sequences are expected to occur one or more times before permanent closure. This is about equal to an annual frequency of one chance in one hundred (0.01 per year)¹, based on a 100-year preclosure operational period (BSC 2001f, Section 4.4.1.2.1). Category 2 event sequences are other event sequences that have at least 1 chance in 10,000 of occurring before permanent closure. This is about equal to an annual frequency of one chance in one million (0.000001 per year), based on a 100-year preclosure operational period (BSC 2001f, Section 4.4.1.2.1). Event sequences that have less than 1 chance in 10,000 of occurring before permanent closure of the repository are considered beyond Category 1 and Category 2 event sequences. The consequences of some of these types of events are presented in Final Environmental Impact Statement for a Geologic Repository for the Disposal of Spent Nuclear Fuel and High-Level Radioactive Waste at Yucca Mountain, Nye County, Nevada (DOE 2002, Tables H-6 and H-7).

Event sequences are developed using event trees, which are diagrams that depict the chronological sequence of events. Figure 5-1 shows an example of a typical event tree used to define event sequences and quantify frequency of occurrence. In this example, Event Sequence 1 begins with an unsealed disposal container drop as the initiating event. The second event represents a breach of the spent nuclear fuel assembly. The last event in this branch represents a fully functional ventilation system and associated high-efficiency particulate air filtration. This event sequence has a frequency of 0.0084 per year, classifying it as a Category 2 event sequence. Event Sequence 2 represents a release scenario in which the ventilation system and the high-efficiency particulate air filtration system are nonfunctional. This event sequence has a frequency of 1.4

10^-9 per year, which is considered to be a beyond Category 1 and Category 2 event sequence; this would be the case even if the probability of the high-efficiency particulate air filtration system not functioning were increased a hundredfold. Event Sequence 3, with zero probability, represents an unsealed disposal container drop that does not breach the enclosed spent nuclear fuel assemblies and does not result in a release.

As illustrated in Figure 5-1, the scenario development process involves the analysis of all facility features or controls that can affect the progression of an event sequence, including the effects of successful operation or failure of the heating, ventilation, and air conditioning systems with high-efficiency particulate air filters, where appropriate. Insights gained from evaluating the frequency and consequences of such failure sequences are especially useful as inputs to the design and quality assurance classification processes.

5.2.3 Event Sequence Consequence Analysis Process

Category 1 Event Sequences—Three sources are expected to contribute to the annual radiation dose to the public or repository workers from Category 1 event sequences during the facility's preclosure operational lifetime: (1) operational effluents from the Waste Handling Building, (2) operational effluents from the subsurface areas of the repository, and (3) event sequences anticipated to occur at a frequency of 0.01 per year or higher. Section 5.3.5.4.1 in Preliminary Preclosure Safety Assessment for the Monitored Geologic Repository Site Recommendation (BSC 2001f) describes the models used to estimate the radiation doses from Category 1 event sequences. Appendix A of Preliminary Preclosure Safety Assessment for the Monitored Geologic Repository Site Recommendation (BSC 2001f) considers the influence of flexible thermal operating modes with preclosure periods of up to 325 years on Category 1 event sequence selection.

Category 2 Event Sequences—The radiation doses from Category 2 event sequences come from event sequences anticipated to occur with frequencies between 0.01 and 0.000001 per year. This frequency range assumes a 100-year preclosure period that is associated with the higher-temperature repository operating mode. The Category 2 event sequences all involve drops or collisions while handling fuel assemblies, disposal containers, and transportation casks. Section 5.3.5.4.2 in Preliminary Preclosure Safety Assessment for the Monitored Geologic Repository Site Recommendation (BSC 2001f) describes the models used to estimate the radiation doses from Category 2 event sequences. The influence on the selection of Category 2 event sequences of the flexible thermal operating modes with preclosure periods of up to 325 years is discussed in Appendix A of Preliminary Preclosure Safety Assessment for the Monitored Geologic Repository Site Recommendation (BSC 2001f).

Several dosimetric quantities were calculated for Category 1 and Category 2 event sequences: (1) the total effective dose equivalent; (2) the radiation dose for various organs and tissues, such as the thyroid, lungs, and bone marrow; and (3) the radiation dose for the skin. Consistent with Standard Review Plan for Spent Fuel Dry Storage Facilities (NRC 2000a, Section 9.5.2.2), the sum of the skin dose equivalent and the total effective dose equivalent was used to indicate the lens of the eye dose.

5.2.4 Use of Features and Controls Important to Radiological Safety

The repository design incorporates a combination of prevention and mitigation features and operational controls. Prevention is the use of design features to reduce the frequency of events that result in radiological release. Mitigation involves the use of design features to reduce the consequences of a postulated radiological release event sequences, and includes those features intended to reduce releases from routine operations that are included in the Category 1 event sequences annual dose summation. The safety assessment is used to identify preventive and mitigative features.

The repository design emphasizes prevention features because prevention provides design and operational benefits. From an operations perspective, surveillance and maintenance of active safety features have been demonstrated to add to the operational complexity of existing nuclear facilities. Prevention features are incorporated in the design by performing the safety assessment as an integral part of the design process in a manner consistent with a performance-based, risk-informed philosophy. A risk-informed approach uses risk insights, engineering analysis and judgment, and equipment performance history to focus attention on the most important facility activities and to establish design criteria and management controls based upon these risk insights. This approach ensures that design features and operational controls important to radiological safety are selected in a manner that ensures safety while minimizing operational complexity through the use of proven technology.

The repository would be designed, constructed, and operated to withstand external events and natural phenomena for Category 1 and Category 2 event sequences. For example, Section 2.2.4.2.2 of this report discusses requirements for designing the surface facilities to withstand the vibratory motion associated with earthquakes. As an example, in the assembly transfer system and canister transfer system, overhead cranes and assembly transfer machines would be designed so that they would not become dislodged from their rails during a Category 1 or Category 2 event sequence earthquake. Section 2.2.5 also discusses the design processes used to keep radiation doses to workers ALARA.

For accidents involving internal events, the analysis in Design Basis Event Frequency and Dose Calculation for Site Recommendation (BSC 2001u, Table 9) shows that drops of a spent nuclear fuel assembly or canister were important contributors to event sequences. To prevent these types of accidents, the assembly transfer system would be designed, constructed, and operated so that the probability of the dry assembly transfer machine dropping an assembly is low (CRWMS M&O 2000v, Section 1.2.2.1.1). In addition, to reduce the probability that the assembly or canister would be breached because of a drop, the lift heights for fuel assemblies and canisters would be limited, as is standard practice in nuclear facility design and operations.

The analyses in Design Basis Event Frequency and Dose Calculation for Site Recommendation (BSC 2001u, Section 5.2.5) show that the availability of the Waste Handling Building heating, ventilation, and air conditioning system with high-efficiency particulate air filters plays a large role in mitigating the consequences of accidents. Therefore, the ventilation system would be designed to be highly reliable. For example, it would be designed to withstand earthquakes, impacts from flying debris (referred to as missiles), fires, or loss of offsite electrical power and still perform its intended safety functions.

The key prevention and mitigation methods rely on the use of:

Designs that accommodate potential natural phenomena (e.g., fault avoidance, placement, layout, design basis to withstand seismic events, backup power)
Designs that incorporate safety features for normal operations and Category 1 and Category 2 event sequences (e.g., limits of lift heights, air filtration and confinement systems, redundant systems, limit switches)
Administration controls (e.g., trained and certified personnel, approved procedures).

5.2.5 Quality Assurance Classification Process

The safety assessment provides valuable input to the quality assurance classification process. Repository features credited as event prevention or mitigation features in the safety assessment are "important to safety," and the safety assessment is useful in determining an item's functional role as part of the repository preclosure safety strategy. Classification is performed in a separate analysis, in accordance with formal quality assurance classification procedures. Structures, systems, and components important to safety are classified in a graded fashion to ensure quality assurance controls are implemented over the facility life cycle commensurate with an item's importance to safety.

The classification process consists of establishing the configuration and function of structures, systems, and components and their effect on repository radiological safety. It is limited to structures, systems, and components procured as a part of the repository system (e.g., transportation casks are not included). This information is then evaluated against criteria provided in the classification procedure to determine the quality assurance classification of the particular item. The following classification categories are specified by Section 3.1.3 of QAP-2-3, Classification of Permanent Items, consistent with Section 2 of Quality Assurance Requirements and Description (DOE 2000a).

Quality Level (QL)-1—Structures, systems, and components whose failure could directly result in a condition adversely affecting public safety are classified as QL-1. These items have a high safety or waste isolation significance.

QL-1 structures, systems, and components include those items, which:

Maintain containment and criticality control for spent nuclear fuel and high-level radioactive waste
Prevent or mitigate a Category 1 or Category 2 event sequence.

QL-1 structures, systems, and components are listed in Table 5-3 with a brief summary of their functions that are important to safety.

QL-2—Structures, systems, and components whose failure or malfunction could indirectly result in a condition adversely affecting public safety, or whose failure would result in doses in excess of normal operational limits, are classified as QL-2. These items have a lower safety or waste isolation significance.

QL-2 structures, systems, and components include those items, which:

Provide control and management of site-generated radioactive waste
Provide fire protection/suppression to protect the function of a QL-1 structure, system, or component important to safety
Maintain structure, system, or component integrity so that a QL-1 structure, system, or component is not prevented from performing its intended function if an event sequence occurs
Prevent or mitigate a Category 1 event sequence
In conjunction with an additional item or administrative control, prevent or mitigate a Category 2 event sequence.

QL-2 structures, systems, and components are listed in Table 5-4 with a brief summary of their functions that are important to safety.

QL-3—Structures, systems, and components whose failure or malfunction would not significantly impact public or worker safety, including those defense-in-depth design features intended to keep radiation doses ALARA, are classified as QL-3. These items have a minor impact on public and worker safety and on waste isolation.

QL-3 structures, systems, and components include those items, which:

Warn of significant increases in radiation levels or concentrations of radioactive materials
Monitor variables to verify that operating conditions are within technical specification limits
Support repository emergency response actions
Assess radionuclide release or dispersion following an event sequence
Maintain levels of radioactive effluents
Limit worker doses from normal operations and Category 1 event sequences.

Examples of structures, systems, and components classified as QL-3 include the meteorological monitoring system, area radiation monitoring system, and exhaust stack radiation monitors (BSC 2001f, Table 4-3).

Conventional Quality (CQ)—Those structures, systems, and components not meeting any of the criteria for QL-1, QL-2, or QL-3. Examples of structures, systems, and components classified as CQ include materials for balance-of-plant buildings, utilities, and commercial off-the-shelf materials and equipment.

This classification process is implemented in an iterative fashion, where each analysis iteration is considered for that phase of design. Classifications of repository structures, systems, and components will, therefore, be reevaluated as the design is developed. This approach is consistent with Technical Position on Items and Activities in the High-Level Waste Geologic Repository Program Subject to Quality Assurance Requirements (Duncan et al. 1988, Section 4.2(a)), which allows engineering judgment and conservative bounding assumptions to be used in cases where data are limited.

5.3 PRELIMINARY DESCRIPTION OF potential hazards, EVENT Sequences, AND CONSEQUENCES

This section presents the preliminary description of potential hazards, event sequences, and consequences of event sequences. Section 5.3.1 identifies the external events and natural phenomena that are the initiating events that could lead to a radiological release. Section 5.3.2 describes internal initiating events, including those that could result in a potential radiological release, no release, or a beyond Category 1 and Category 2 event sequence. Section 5.3.3 presents the consequence evaluations for Category 1 and Category 2 event sequences.

5.3.1 Preliminary Description of External Events

The general strategy for managing external initiating events is to design those structures, systems, and components important to safety to withstand the initiating events so that no release scenarios are initiated and no loss of isolation of radioactive material results. Table 5-5 lists the external events and natural phenomena initiating events considered in this evaluation. The events in Table 5-5 are appropriate for preclosure period of 100 years as well as 325 years (BSC 2001f, Appendix A).

Loss of Offsite Power—This event results in the total loss of external alternating current power to the potential repository for any period of time. It is postulated to occur as a result of an external event (e.g., lightning or downed power line) or an internal event (e.g., fire or random equipment failure). Loss of offsite power would, at a minimum, temporarily halt the transfer of waste. Loss of offsite power at the potential repository is assumed to occur one or more times during preclosure operations; therefore, it is a Category 1 event sequence.

The strategy for this event is to prevent Category 1 or Category 2 release scenarios by providing reliable power through redundant standby power sources (onsite), uninterruptible power, redundant emergency equipment where needed, redundant distribution systems, and mechanical backup controls for components important to safety. Structures, systems, and components important to safety are designed to prevent load drops during a loss of offsite power. Onsite backup power sources with staged loading controls and potential redundant offsite power lines and sources may be used to ensure continuous power is supplied to structures, systems, and components important to safety. The potential repository design would also include such features as external lightning rods to protect against a lightning-initiated loss of offsite power.

Earthquake—Vibratory Ground Motion—An earthquake is the result of sudden relative motions, or slip, between two adjacent rock surfaces in the earth's crust. The sudden slip results in the release of seismic energy, in the form of vibratory ground motion, that propagates from the location of the earthquake to the earth's surface. This ground motion can impact structures, systems, and components in the surface and subsurface facilities and lead to a radiological release. The possible consequences of an earthquake include a collapse of structures, concrete cracking, loss of offsite power, ground displacement, and subsurface rockfall.

The U.S. Department of Energy (DOE) would use proven engineering techniques to design structures to withstand potential earthquakes in the site area. The repository surface facilities, where waste would be received, prepared for emplacement, and moved into the repository, would be subject to stronger earthquake ground shaking than subsurface facilities, where waste would be emplaced.

Preclosure Seismic Design Methodology for a Geologic Repository at Yucca Mountain (YMP 1997, Section 3.1) establishes seismic hazard probability reference values to be used in determining two levels of design basis vibratory ground motion. The two reference values correspond to Category 1 and Category 2 event sequences and are defined as mean annual exceedance probabilities of 10^-3 and 10^-4, respectively. The mean annual probabilities were used in the disaggregation of probabilistic seismic hazard estimates (CRWMS M&O 2000fd, Section 6.5.3) to identify those earthquakes that control the seismic hazard at the reference probabilities.

Ground motion inputs used for preclosure design analyses are described in Section 4.3.2.2.3 (Figure 4-165). These inputs are based on a mean annual exceedance probability of 10^-4 and were developed for generic locations at the repository elevation (i.e., a depth of 300 m [1,000 ft]) and at a hard-rock outcrop directly above the potential repository.

The safety strategy for the surface facilities is to design the structures, systems, and components important to safety to withstand the effects of a design basis earthquake. The design and construction attributes necessary to ensure that structures and systems are not compromised during a seismic event are well understood and would be applied to the repository facilities.

The following NRC documents related to design basis seismic events were among the sources considered in the repository design process:

Regulatory Guide 1.29, Seismic Design Classification
Regulatory Guide 1.32, Criteria for Safety-Related Electric Power Systems for Nuclear Power Plants
Regulatory Guide 1.60, Design Response Spectra for Seismic Design of Nuclear Power Plants
Regulatory Guide 1.61, Damping Values for Seismic Design of Nuclear Power Plants
Regulatory Guide 1.92, Combining Modal Responses and Spatial Components in Seismic Response Analysis
Regulatory Guide 1.122, Development of Floor Design Response Spectra for Seismic Design of Floor-Supported Equipment or Components
Regulatory Guide 1.165, Identification and Characterization of Seismic Sources and Determination of Safe Shutdown Earthquake Ground Motion.

Earthquake—Fault Displacement—A fault is a fracture or zone of weakness in the earth's crust along which there is the potential for relative motion of rocks on opposing sides of the fracture. Scientists have used the data from site characterization studies to assess the potential for fault rupture related to earthquakes.

Preclosure Seismic Design Methodology for a Geologic Repository at Yucca Mountain (YMP 1997) establishes the probabilistic criteria for fault displacement initiating events appropriate for structures, systems, and components important to safety. Specifically, the mean annual exceedance probabilities of 10^-4 and 10^-5 are used for Category 1 and Category 2 initiating event fault displacements, respectively. These values are a factor of 10 lower than the exceedance probabilities of the corresponding Category 1 and Category 2 initiating event vibratory ground motion, reflecting the more limited experience with engineering designs for facilities that are subject to fault displacement and with assessments of fault displacement hazard.

An evaluation of the fault displacement hazard at nine locations in the Yucca Mountain vicinity was part of the probabilistic seismic hazard analyses (CRWMS M&O 2000fd, Section 6.6.3). The nine locations span the range of known faulting conditions in the area, which include recognized faults, small fractures, and unfaulted (intact) rock. Results of the hazard assessment indicate that mean displacements on the block-bounding Bow Ridge and Solitario Canyon faults are 7.8 cm (3.1 in.) and 32 cm (12.6 in.), respectively, at the 10^-5 annual exceedance probability level. In contrast, in areas where waste would be emplaced, displacements of 0.1 cm (0.04 in.) have less than one chance in 100,000 of being exceeded each year during the preclosure period.

Unlike vibratory ground motion hazard, fault displacement hazard is concentrated at the location of faults. Consequently, the exposure of structures, systems, and components to fault displacement hazard can be limited by avoiding locations near faults that have a significant potential for fault displacement. Fault avoidance is the DOE's preferred approach to mitigating fault displacement hazards.

The NRC's Staff Technical Position on Consideration of Fault Displacement Hazards in Geologic Repository Design (McConnell and Lee 1994) was considered in the repository design process.

Flood—An external flood may be initiated by intense precipitation, runoff, or a landslide. As defined by Section 2 of ANSI/ANS-2.8-1992, American National Standard for Determining Design Basis Flooding at Power Reactor Sites, the probable maximum flood is the hypothetical flood (peak discharge, volume, and hydrograph shape) considered to be the most severe reasonably possible flood, based on a probable maximum precipitation and other hydrologic factors favorable for maximum flood runoff, such as sequential storms and snowmelt. A 100-year flood is defined as the magnitude of peak discharge at any point on a river or drainage channel that can be expected to occur or be exceeded, on average, once in 100 years. Since the Yucca Mountain area is located inland and has no significant surface-water bodies or water-control structures near the site, there is no potential for such events as surges, seiches, tsunamis, dam failures, or ice jams that could affect the site nor is there any potential for future dam development. No evidence for past flooding induced by landslides in the vicinity of the site has been reported. However, floods can produce heavy loads on structures and equipment. The consequences of a flood initiating event are expected to bound the rainstorm, landslide, and debris avalanche events (BSC 2001f, Section 5.2.1.4).

The primary safety strategy for the flood event is to locate facilities outside of flood-prone areas and provide diversion channels to divert runoff away from structures. Taking into account the effects of sediment and debris transported during flood events, a series of worst-case flood studies was completed. The North Portal site is adjacent to the Midway Valley Wash. The maximum depth of water in this wash was estimated to be about 3 to 4 m (9 to 12 ft) during a probable maximum flood, with consideration given to the presence of sediment and debris. Although it was determined that a portion of the North Portal pad is in the flood-prone area, the flood waters would stop at or flow around the boundary of the pad because the pad would be higher than the maximum flood levels. Since water would rise in response to flow restrictions caused by the pad, the Waste Handling Building and Waste Treatment Building would be set approximately 0.5 m (1.5 ft) above the maximum flood elevation. The pad for the balance-of-plant area would be set about 1 m (3 ft) below the floor elevation of the Waste Handling Building to account for its dock height at the southeast corner. The drainage of the Radiologically Controlled Area would protect this pad from a probable maximum flood. An underground storm drainage collection system would contain the runoff from this area and prevent spillage into the balance-of-plant area, protecting the pad from the flood. Two open channels constructed for the Exploratory Studies Facility would protect the North Portal from the probable maximum flood (BSC 2001f, Section 5.2.1.4).

The Waste Handling Building, Waste Treatment Building, and Carrier Preparation Building are all designed to withstand the probable maximum flood. Other surface facilities are designed to withstand the 100-year flood, based on standard industrial practice (BSC 2001f, Section 5.2.1.4).

For defense in depth, the following additional surface facility characteristics or design features may also be used for flood protection:

Hardened foundations and structures
Sandbags, flood doors, and bulkheads
Waste Handling Building cells located within an interior wall
Administrative controls during severe weather conditions.

Regulatory Guide 1.59, Design Basis Floods for Nuclear Power Plants, was among the sources considered in the repository design process.

Tornado Missiles—This event involves the impact of a tornado-generated missile (flying debris). The tornado initiating event is classified as a Category 2 event sequence (BSC 2001f, Section 5.2.1.5).

The primary safety strategy is to preclude a radiological release by designing structures, systems, and components important to safety that could be vulnerable to a tornado missile to withstand the design basis tornado.

Structures, systems, and components that are vulnerable to tornado missile impacts are either protected from the missiles, designed to withstand a missile impact, or shown to not interact with a missile by a probabilistic analysis. The waste package transporter is designed to prevent any penetration that could breach a waste package as a result of the impact of a tornado missile, the surface facility foundations and structures would be designed to protect the waste forms inside from a tornado missile initiating event, and the Waste Handling Building ventilation system would be designed to continue functioning after a tornado missile initiating event impact.

Sections 3.5.1.4 and 3.5.2 of Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (NRC 1987) provide NRC guidance on missiles generated by natural phenomena and externally generated missiles, respectively. Additional defense-in-depth safety features may include administrative controls in the event of a tornado warning or extreme weather conditions, hardened buildings, and the installation of underground utilities.

Tornado Wind—This event is associated with the effects produced by high winds during a tornado (i.e., pressure drop and wind loading). The consequences of this event are pressure loads on the surface facilities, waste package transporter, and transportation cask surfaces. The design basis tornado wind is classified as a Category 2 event sequence (BSC 2001f, Section 5.2.1.6).

Structures, systems, and components that are important to safety and potentially vulnerable to a tornado would be designed to withstand the static loading and pressure drops associated with the design basis tornado. This strategy includes designing the Waste Handling Building foundations and structures to withstand the design basis tornado and designing the Waste Handling Building ventilation system to confine and filter particulates following a design basis tornado.

The following NRC documents related to design basis tornadoes were among the sources considered in the repository design process:

Regulatory Guide 1.76, Design Basis Tornado for Nuclear Power Plants
Regulatory Guide 1.117, Tornado Design Classification
Sections 2.3.1 (Regional Climatology), 3.3.1 (Wind Loadings), and 3.3.2 (Tornado Loadings) of Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (NRC 1987)
Tornado Climatology of the Contiguous United States (Ramsdell and Andrews 1986).

The design basis tornado wind for the Yucca Mountain region is 304 km/hr (189 mi/hr), with a 0.000001 probability of occurrence and a 90 percent strike probability confidence interval (BSC 2001f, Section 5.2.1.6). This wind speed bounds both the 100-year return period fastest mile wind (100-year, 1-minute gust) referenced in Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (NRC 1987, Section 2.3.1) and the basic wind (50-year, 3-second gust) calculated from the methodology in Section 6 of ASCE 7-98, Minimum Design Loads for Buildings and Other Structures .

As with the tornado-generated missile event, potential defense-in-depth safety features to protect against tornado winds may include administrative controls in the event of a tornado warning or extreme weather conditions, hardened buildings, and the installation of underground utilities.

In summary, the repository structures, systems, and components deemed important to safety would be designed to withstand or to be protected from bounding external events and natural phenomena to prevent the release of radioactive material.

5.3.2 Preliminary Description of Internal Event Sequences

Radiological consequences for the bounding internal event sequences were evaluated. Bounding event sequences include groups of similar event sequences that result in the maximum radiological consequences to a member of the public at the preclosure controlled area boundary or to a worker onsite. Collectively, the bounding event sequences establish constraints on the facility design to ensure that structures, systems, and components important to safety would perform their intended function during an event sequence, and that any radiological releases would remain within established dose limits.

Internal event sequences were screened into one of three groups, based on their frequency of occurrence and potential to result in a radiological release:

Internal event sequences with potential releases
Internal event sequences with no releases
Beyond Category 1 and Category 2 event sequences.

5.3.2.1 Internal Event Sequences with Potential Releases

These events could potentially result in a release of radionuclides, and would therefore be mitigated by the facility design. These events have been classified as Category 1 or Category 2 event sequences.

In Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Section 4.4.1.2.1), the impact of preclosure operational periods of up to 325 years on the internal events screening frequency thresholds (see Section 5.2.2) were investigated. For internal events that could impact the surface facility, the conclusion was that the results of using a 100-year preclosure period to screen internal event sequences would be unchanged by extending the period to 325 years since surface fuel handling operations would be completed after approximately 24 years. There would be no waste forms in the surface facility once the waste package subsurface emplacement operations are completed. Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Appendix A2.1) considered the increased number of waste packages for the lower-temperature thermal operating mode with de-rated or smaller waste packages (see Section 2.1.5.2, Table 2-2) and judged that the effect of additional waste package handling could increase the likelihood of some event sequences but would not change the selection of bounding event sequences that result in radionuclide releases. One potential approach to lowering the thermal output of waste packages is to age fuel by placing it into the fuel blending inventory (see Section 2.1.4). Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Appendix A6) judged that the handling and storage of fuel in this scenario is not expected to change the selection of bounding event sequences that result in radionuclide releases.

For the subsurface facility, extension of preclosure operations to 325 years does impact the screening criteria. However, Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) examined the selection of internal event sequences based on an extended preclosure period and found no new internal events that would impact the selection of bounding event sequences. For example, the extended forced circulation ventilation activities in the subsurface facility after emplacement is completed, but before permanent closure, would not be expected to result in a loss of waste package containment.

All the thermal operating modes evaluated periods of forced ventilation (see Section 2.1.5.2, Table 2-2). Forced ventilation system failures are not expected to prevent the waste package from providing containment during the preclosure period. After waste emplacement is completed, it would take about 3 weeks without forced cooling before emplacement drift wall temperature limits are approached. Therefore, temperature goals supporting postclosure performance can be maintained by repairing and restarting the forced circulation equipment within about 3 weeks (see Section 2.3.4.3.1.3).

5.3.2.1.1 Category 1 Event Sequences—Internal

The Category 1 event sequences evaluated in Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Section 5.3.2) occurred during the handling of uncanistered commercial spent nuclear fuel assemblies or spent nuclear fuel assembly baskets in the assembly transfer system.

Table 5-6 identifies the Category 1 event sequences that could potentially result in radiological releases.

Sequences Involving Individual Spent Nuclear Fuel Assemblies—Unconfined spent nuclear fuel assemblies (i.e., assemblies not in containers) will be handled remotely, underwater and individually, during transfer from the cask to the assembly transfer system basket staging rack. Then they will be handled in a dry environment during transfer from the assembly transfer system dryer to the disposal container.

While underwater, spent nuclear fuel assemblies could be dropped or impacted as a result of a mechanical or control system failure of the wet assembly transfer machine, or as a result of operator error. These event sequences would occur in the assembly transfer system pool area, which is a confinement area with high-efficiency particulate air filtration. Individual spent fuel assembly event sequences that occur underwater are identified in Table 5-6 by sequence numbers 1-01 through 1-04.

During transfer from the dryer to the disposal container, individual spent fuel assemblies could be dropped or impacted as a result of a mechanical or control system failure of the dry assembly transfer machine, or operator error. These event sequences would occur in the assembly transfer system cell, which is a confinement area with high-efficiency particulate air filtration. Individual spent fuel assembly event sequences in the cell are identified in Table 5-6 by sequence numbers 1-12, 1-13, and 1-14.

The strategy is to confine particulate releases within the Waste Handling Building and maintain offsite radiological doses ALARA using the high-efficiency particulate air filters in the ventilation system.

Spent Fuel Assembly Basket Event Sequences—Spent nuclear fuel assembly baskets would first be handled underwater, during transfer out of the basket staging rack. From there the assembly baskets, which would contain a maximum of four pressurized water reactor spent nuclear fuel assemblies or eight boiling water reactor spent nuclear fuel assemblies, could be transferred and staged in the pool storage area to facilitate aging and blending or loaded directly into the incline transfer cart. Baskets that are staged in the pool area would have an additional step of movement from the storage pool to the incline transfer cart. Once loaded onto the incline transfer cart, assembly baskets would be transported out of the pool and into the assembly drying stations, where up to six baskets could be loaded into each of the two assembly dryers. The assembly transfer system pool and cell would both be located in confinement areas with high-efficiency particulate air filtration.

Spent nuclear fuel assembly baskets could be dropped or impacted in the pool during lifting out of the basket staging racks, during transport to the pool storage area, or during transport up the inclined transfer canal as a result of mechanical failures, control system failures, or operator error. Event sequences that occur underwater involving spent nuclear fuel assembly baskets are identified in Table 5-6 by sequence numbers 1-05 through 1-09.

The primary safety strategy is to confine radionuclide particulate releases to the assembly transfer system pool water by designing the pool system consistent with ANSI/ANS-57.7-1988, American National Standard Design Criteria for an Independent Spent Fuel Storage Installation (Water Pool Type). The water treatment system will provide the capability to filter radioactive material, purify the water, and remove floating debris from the surfaces of pools. Workers will be able to use vacuums to remove particles from pool walls and floors (see Section 2.2.4.2.9). This same system provides the capability for cleanup of any radionuclide particulate releases into the pool water.

In addition, spent nuclear fuel assembly baskets can be dropped or impacted onto the floor or in one of the assembly dryers as a result of mechanical or control system failure of the dry assembly transfer machine or operator error. Spent nuclear fuel assembly basket sequences that occur in the cell are identified in Table 5-6 by sequence numbers 1-10 and 1-11.

5.3.2.1.2 Category 2 Event Sequences—Internal

The Category 2 event sequences evaluated in the Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Section 5.3.3) would occur as a result of drops or collisions among handling equipment, unsealed disposal containers, or unsealed shipping casks. The bounding Category 2 internal event sequences that are expected to result in radiological releases are identified in Table 5-7.

Spent Nuclear Fuel Assembly Basket Collision During Transfer—A spent nuclear fuel assembly basket collides with a wall or other heavy object in the assembly transfer system pool, causing a breach and subsequent release. This event could occur during transfer either from the assembly basket rack to the pool area or from the pool area to the incline transfer cart. The pool water serves as a barrier to particulate release, so only the radioactive gases are released to the Waste Handling Building environment.

The primary safety strategy is to confine particulate releases within the assembly transfer system pool by designing the pool system consistent with ANSI/ANS-57.7-1988.

Uncontrolled Descent of Incline Transfer Cart—A remotely operated incline transfer cart containing a spent fuel assembly basket loses control during ascent up the incline transfer canal, resulting in an uncontrolled descent and impact with the assembly transfer system pool, which causes a breach and subsequent release. The pool water serves as a barrier to particulate release, so only the radioactive gases are released to the Waste Handling Building environment.

The primary safety strategy is to confine particulate releases within the assembly transfer system pool by designing the pool system consistent with ANSI/ANS-57.7-1988.

Handling Equipment Drop onto Spent Fuel Assembly Basket in Pool—A lifting yoke (or other heavy object) is dropped onto an uncanistered spent fuel assembly in the assembly transfer system pool, causing a breach and subsequent release. The pool water serves as a barrier to particulate release, so only the radioactive gases are released to the Waste Handling Building environment.

The primary safety strategy is to confine particulate releases within the assembly transfer system pool by designing the pool system consistent with ANSI/ANS-57.7-1988.

Handling Equipment Drop onto Spent Fuel Assembly Basket in Cell—A lifting yoke (or other heavy object) is dropped onto an uncanistered spent fuel assembly in the assembly transfer system cell, causing a breach and subsequent release.

The strategy is to confine particulate releases within the Waste Handling Building by relying on the high-efficiency particulate air filters in the heating, ventilation, and air conditioning system.

Unsealed Disposal Container Collision—A loaded, unsealed disposal container collides with a wall, shield door, or other heavy object, resulting in the release of a fraction of its radiological contents.

The strategy is (1) to confine particulate releases within the Waste Handling Building and maintain offsite radiological doses ALARA by using the high-efficiency particulate air filters in the heating, ventilation, and air conditioning system and (2) to provide design features (e.g., limit switches, redundant controls, emergency switch) and safe load paths that would minimize the likelihood of a collision that could result in a radiological release.

Unsealed Disposal Container Drop and Slapdown—A loaded, unsealed disposal container is dropped by the disposal container bridge crane onto a welding or staging fixture. After dropping, the unsealed disposal container is presumed to slap down onto the floor and release a fraction of its radiological contents. The drop height for this event is the normal handling height in the disposal container handling cell.

The strategy is (1) to confine particulate releases within the Waste Handling Building and maintain offsite radiological doses ALARA by using the high-efficiency particulate air filters in the heating, ventilation, and air conditioning system and (2) to provide design features (e.g., limit switches for lift height, interlocks, redundant controls, redundant cables, physical restraints) that would minimize unsealed disposal container drops and potential radiological releases.

Handling Equipment Drop onto Unsealed Disposal Container—A lifting yoke (or other heavy object) is dropped onto a loaded, unsealed disposal container, resulting in the release of a fraction of its radiological contents.

The strategy is (1) to confine particulate releases within the Waste Handling Building and maintain offsite radiological doses ALARA by using the high-efficiency particulate air filters in the heating, ventilation, and air conditioning system and (2) to provide design features that would minimize handling equipment drops onto spent nuclear fuel inside a disposal container.

Unsealed Transportation Cask Drop into Cask Preparation Pit—A transportation cask, without impact limiters and with its lid unbolted, is dropped from the normal lift height into the cask preparation pit in the assembly transfer system pool area.

The strategy is (1) to confine particulate releases within the Waste Handling Building and maintain offsite radiological doses ALARA by using the high-efficiency particulate air filters in the heating, ventilation, and air conditioning system and (2) to provide design features that prevent or minimize cask drops (e.g., limit switches, interlocks, redundant control circuitry, cable restraints) or reduce the impact of a drop (e.g., a shock absorber at the base of the pit).

Unsealed Transportation Cask Drop into Cask Unloading Pool—A transportation cask, without impact limiters and with its lid unbolted, is dropped by the cask bridge crane into the assembly transfer system cask unloading pool.

The strategy is to confine particulate releases within the assembly transfer system pool by designing the pool system consistent with ANSI/ANS-57.7-1988. In addition, particulate mitigation in the assembly transfer system pool area is provided by the secondary heating, ventilation, and air conditioning confinement ventilation system.

5.3.2.2 Internal Event Sequence with No Radioactive Material Release

For these event sequences, features of the design either prevent the event sequence from occurring or prevent a radionuclide release if the event occurs. Design features to prevent the event sequence can either physically prevent the event from occurring (e.g., by eliminating, at certain steps, the lifting of transportation casks or canistered waste) or reduce the event sequence frequency below the cutoff frequency of one in one million per year (e.g., by using redundant control features in cranes and control systems). Design features that prevent a release are based on the premise that Category 1 and Category 2 event sequences will occur and that affected structures, systems, and components must be designed to prevent the waste form from releasing radioactivity during such an event sequence. Prime examples of this include the waste package event sequences, which establish design bases for the waste package to ensure that the waste package will not breach as a result of Category 1 or Category 2 event sequences. Section 3.5 of this report provides waste package event sequence analyses. Table 5-7 of Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Section 5.3.4) identifies these events.

5.3.2.3 Beyond Category 1 and Category 2 Event Sequences

Beyond Category 1 and Category 2 event sequences are event sequences that have less than 1 chance in 10,000 of occurring before permanent closure. This corresponds to an annual frequency of less than 10^-6 per year, based on an assumed preclosure lifetime of 100 years. Such event sequences are not analyzed further. However, structures, systems, and components reducing event sequences below 10^-6 per year are considered in the design basis. Appendix A in Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) considers the impact of lower-temperature operating modes on the identification of beyond Category 1 and Category 2 event sequences. The frequency of two events were found to be influenced by the thermal operating modes. These events are aircraft crash into the surface facility and rockfall onto a waste package in the subsurface facility. Aircraft hazards are impacted by increases in the surface facility's size, which would accompany an operating mode in which spent nuclear fuel is aged before being emplaced underground. However, Appendix A4.2 of Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) considered the influence of the thermal operating modes on the surface facility size and concluded that the aircraft hazards are likely to remain beyond a Category 1 or Category 2 event sequence. Rockfall onto a waste package in the subsurface becomes more likely with increases in the preclosure period, which would accompany an operating mode with extended forced ventilation. However, Appendix A4.1 of Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) considered the possible increase in the preclosure period and changes in the thermal operating modes on the drift temperature and concluded rockfall is likely to remain beyond a Category 1 or Category 2 event sequence with design optimization (e.g., optimized ground support features, waste package emplacement strategy). Table 5-12 of Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f, Section 5.4) identifies these events.

5.3.3 Consequence Evaluations

5.3.3.1 Category 1 Event Sequence Consequences

Design Basis Event Frequency and Dose Calculation for Site Recommendation (BSC 2001u) evaluated the consequences of Category 1 event sequences. Offsite radiation doses for Category 1 event sequences and normal operational effluents and emissions were based on the following (BSC 2001u, Section 6.1.1):

Annual radiation doses for the sum of normal operational effluents and emissions, including all Category 1 event sequences
Inhalation, ingestion, air immersion, and external exposure to radioactive contamination on the ground surface
Mitigation, by high-efficiency particulate air filters, of particulate emissions from the repository
For calculating the atmospheric releases from repository surface facilities, the distance to the receptor was 11 km (7 mi), the closest distance from the potential repository surface facilities to the potential site boundary. The ventilation exhaust locations for the subsurface areas of the repository are located about 3 km (2 mi) closer to the potential site boundary than the repository surface facilities. Therefore, for atmospheric emissions from the ventilation exhaust locations for the subsurface areas of the repository, the distance to the receptor is 8 km (5 mi) (BSC 2001u, Section 3.3)
Annual average ground-level atmospheric dispersion factors (BSC 2001f, Section 5.3.5.3).

The bounding Category 1 event sequences evaluated for the potential repository are internal event sequences that occur during handling of uncanistered commercial spent nuclear fuel assemblies or spent nuclear fuel assembly baskets in the assembly transfer system (Table 5-6). No releases would occur due to external initiating events; therefore, external events have not been included in the dose calculations. No Category 1 event sequences have been identified for the subsurface facilities. All Category 1 event sequences would occur in surface facility confinement areas with high-efficiency particulate air filtration that is functional in the event sequences. The reliability of the heating, ventilation, and air conditioning system, used in event trees to calculate sequence frequencies, is based on the results of Reliability Assessment of Waste Handling Building HVAC System (CRWMS M&O 1999r).

The cumulative radiation doses for Category 1 event sequences, including normal operational effluents and emissions, are summarized in Table 5-8. The dose receptor is a member of the public located at the assumed site boundary. The cumulative radiation dose to this hypothetical average member of the public estimated for Category 1 event sequences was 0.06 mrem/yr total effective dose equivalent (BSC 2001f, Section 5.3.6.1). This very low dose is attributed to several factors, including:

All of the Category 1 event sequences occur either in cells, where workers would not be present and would be protected by shield walls, or in pool areas, where particulate radionuclides are retained by the pool water. In addition, the Waste Handling Building ventilation system is designed to control airflow, filter radionuclide particulates, and vent filtered emissions through an elevated stack to the external environment. Therefore, the potential radiation exposure for Category 1 event sequences for workers is calculated at a location outside the Waste Handling Building, at an assumed distance of 100 m (330 ft). These workers are not necessarily the workers that would be involved with waste handling operations and exposed during routine operations; therefore, the radiation doses for workers from Category 1 event sequences are not added to the radiation doses from routine occupational exposures.

The radiation dose to the worker at 100 m (330 ft) from Category 1 event sequences was estimated to be 0.01 rem/yr (BSC 2001u, Table 8). The largest radiation dose to any organ or tissue other than the lens of the eye, plus the deep dose equivalent, was estimated to be 0.10 rem/yr total effective dose equivalent (BSC 2001u, Table 8). The radiation dose to the skin and extremities was estimated to be 0.13 rem/yr total effective dose equivalent (BSC 2001u, Table 8). The radiation dose to the lens of the eye is estimated to be 0.15 rem/yr total effective dose equivalent by summing the total effective dose equivalent and the skin dose (BSC 2001u, Table 8).

The radiation doses for routine occupational exposures for workers are estimated in Final Environmental Impact Statement for a Geologic Repository for the Disposal of Spent Nuclear Fuel and High-Level Radioactive Waste at Yucca Mountain, Nye County, Nevada (DOE 2002, Section 4.1.7) and summarized in Table 5-8. Maximum radiation doses ranged from about 0.06 to 0.79 rem/yr total effective dose equivalent, depending on the area of the repository, the phase of operation, and the thermal load alternative (DOE 2002, Tables 4-22, 4-25, 4-28, and 4-31). Section 7 of Preliminary Preclosure Safety Assessment for Monitored Geologic Repository Site Recommendation (BSC 2001f) discusses methods that would be used to ensure that occupational radiation doses are ALARA. Worker safety from industrial hazards was also discussed in Final Environmental Impact Statement for a Geologic Repository for the Disposal of Spent Nuclear Fuel and High-Level Radioactive Waste at Yucca Mountain, Nye County, Nevada (DOE 2002, Section 4).

5.3.3.2 Category 2 Event Sequence Consequences

Design Basis Event Frequency and Dose Calculation for Site Recommendation (BSC 2001u) evaluated the consequences of Category 2 event sequences. Offsite radiation doses (i.e., in the uncontrolled area) for Category 2 event sequences were based on the following (BSC 2001u, Section 6.1.2):

Inhalation and air immersion pathways
Release fractions that take into account the respirable fraction of radionuclide particulates
Mitigation by high-efficiency particulate air filters of particulate emissions from the surface facilities
For calculating the atmospheric emissions from repository surface facilities, the distance to the receptor was 11 km (7 mi), the closest distance from the potential repository surface facilities to the assumed site boundary (BSC 2001u, Section 3.3)
99.5 percent ground-level atmospheric dispersion factors (BSC 2001f, Section 5.3.5.3).

The radiation doses from bounding Category 2 event sequences were calculated assuming filtration through a high-efficiency particulate air filter. The bounding-consequence Category 2 event sequence is the drop of an unsealed shipping cask.

The highest radiation dose for a member of the public caused by the bounding-consequence Category 2 event sequence was 0.02 rem (BSC 2001f, Section 5.3.6.1). The largest radiation dose to any organ or tissue other than the lens of the eye was estimated to be 0.1 rem total effective dose equivalent (BSC 2001f, Section 5.3.6.1). The radiation dose to the skin and the lens of the eye was estimated to be total effective dose equivalent of 0.04 rem and 0.06 rem, respectively (BSC 2001f, Section 5.3.6.1).

5.4 PRECLOSURE SAFETY: TEST AND EVALUATION PROGRAM

The Monitored Geologic Repository Test and Evaluation Program will include planning, execution, and documentation of the testing, examination, analyses, and demonstrations necessary to verify safe and efficient operation of the repository. The preclosure components of this comprehensive program address all aspects of verification, from the development of test requirements and acceptance criteria to the performance, recording, and reporting of test procedures. The following discussion of the test and evaluation program is based on Monitored Geologic Repository Test & Evaluation Plan (CRWMS M&O 2000fj). The test and evaluation plan will be revised at the time of preparation of any license application for conformance of the plan to more specific design information and any additional performance related testing.

This test and evaluation program would include the following activities and objectives.

Design and component testing will ensure that structures, systems, and components are designed as specified and perform as required.
Preoperational testing will ensure that structures, systems, and components operate on an integrated basis and will verify processes and validate procedures for the receipt, preparation, emplacement, and movement (i.e., recovery or retrieval) of waste.
Operational testing will confirm exposure times and radiation levels during repository operations, and that operational safety has been incorporated into structures, systems, and components.

To achieve these objectives, the test and evaluation program defines, plans, and implements a set of integrated test activities focused on ensuring preclosure safety (CRWMS M&O 2000fj, Section 2). These integrated activities are:

Development testing
Prototype testing

Proof of concept testing
Mockup testing

Component testing
Construction and preoperational testing
Hot startup testing
Periodic performance testing and surveillance.

A confirmation verification tracking system would identify the tests performed throughout the test program. This tracking system would status the program's performance and would be maintained and updated as a test database that would provide a history of structure, system, and component performance. It would be made available to support the licensing process and the operations, maintenance, system upgrade, and support functions.

5.4.1 Development Testing

Development testing supports design activities by confirming design concepts, evaluating alternative design concepts, and investigating the availability of needed technology. For example, development testing will help evaluate and demonstrate the suitability of ground support systems proposed for the emplacement drifts. Development testing will also help evaluate the suitability, adequacy, and availability of instrumentation, monitoring, and control technologies for use in the subsurface environment.

The repository systems would use microprocessor-based instrumentation and control equipment, including operator control stations, digital data acquisition, data processing, network and communications equipment, borehole instrumentation, air sampling instruments, and infrared cameras. Having a good understanding of the reliability of these systems in a high-temperature and high-radiation repository environment is important to ensure public and worker safety during emplacement activities. Field testing of candidate technologies would investigate how to minimize downtime from failures.

5.4.2 Prototype Testing

Prototype testing includes proof of concept testing and mockup testing.

Proof of Concept Testing—Proof of concept prototype testing is performed for the following cases:

New technologies or design solutions that have little or no history of use at existing nuclear storage facilities or power plants
Technologies or design solutions that have not been subjected to a test program and are qualified by the NRC or DOE, as applicable, and from which accepted data were collected or analyzed and documented in a defensible source.

This prototype testing would support the development of structures, systems, and components during construction and preoperation (CRWMS M&O 2000fj, Appendix C).

Mockup Testing—While proof of concept testing supports the design process, mockup testing involves simulation or demonstration with operational realism. Mockup testing follows proof of concept testing and supports preoperational and operational activities.

5.4.3 Component Testing

Component testing, if needed, would be performed as part of the procurement process to establish equipment qualification according to the applicable quality level. Component testing, which includes qualification and acceptance testing, would be used for any unique (not off-the-shelf) equipment. Qualification testing verifies, on a limited sampling basis, the proper operation of the component with respect to extreme bounds (as defined by specifications). Acceptance testing, performed for key parameters, establishes confidence that the manufacturing process is producing the correct product. The component vendor, with quality assurance oversight and concurrence, performs component testing. This testing starts at the beginning of fabrication and is completed before installation.

Compliance with identified safety and radiological requirements would be assessed during component testing to document the appropriate details for test performance. Examples of component testing include shock, vibration, and environmental testing for performance of sensors and alarms that have or support safety functions.

5.4.4 Construction and Preoperational Testing

Construction and preoperational testing would begin during repository construction and end before receipt of waste. This test activity includes the following subactivities:

Installation and checkout testing
System integration testing
Event sequence recovery testing
Cold startup testing.

5.4.5 Hot Startup Testing

To the extent practicable, the preoperational testing described previously would verify compliance with repository performance requirements, including ALARA considerations. Hot startup testing would verify that operation and maintenance systems work properly and confirm that exposure times and radiation levels fall within acceptable limits during actual repository operations. Hot startup testing would begin after the successful completion of construction and preoperational test activities. It would include the following subactivities:

Testing and confirming exposure times and radiation dose
Verifying heat removal features and cooling systems
Confirming acceptable radiation exposure levels.

5.4.6 Periodic Performance Testing and Surveillance

Periodic performance testing would verify system performance and ensure continued proper functioning of structures, systems, and components important to radiological safety, waste isolation, fire protection, nonnuclear safety, and repository operations. Periodic testing would be performed at the Waste Handling Building and the Waste Treatment Building in the surface facilities and at the emplacement drift panels in the subsurface facilities. This testing would also be performed after maintenance and repair activities.

Previous Section | Next Section