Reliability Analysis of RSG-GAS Primary Cooling System to Support Aging Management Program

Multipurpose Research Reactor G.A. Siwabessy (RSG-GAS) which has been operating since 1987 is one of the main facilities on supporting research, development and application of nuclear energy programs in BATAN. Until now, the RSG-GAS research reactor has been successfully operated safely and securely. However, because it has been operating for nearly 30 years, the structures, systems and components (SSCs) from the reactor would have started experiencing an aging phase. The process of aging certainly causes a decrease in reliability and safe performances of the reactor, therefore the aging management program is needed to resolve the issues. One of the programs in the aging management is to evaluate the safety and reliability of the system and also screening the critical components to be managed.One method that can be used for such purposes is the Fault Tree Analysis (FTA). In this papers FTA method is used to screening the critical components in the RSG-GAS Primary Cooling System. The evaluation results showed that the primary isolation valves are the basic events which are dominant against the system failure.


Introduction
In order to support the national development program, BATAN has been conducting the research activities, development and application of nuclear energy, isotope and radiation. These activities are conducted with the aim of accelerating the welfare of the nation. To implement such tasks, it is needed several facilities that can be used to carry out various activities. One of the main facilities of BATAN is Multipurpose Research Reactor G.A. Siwabessy (RSG-GAS), a 30 MW research reactor located in PUSPIPTEK, Setu, South Tangerang.
BATAN has been operating RSG-GAS since 1987. During that period, RSG-GAS reactor was successfully operated safely. However, since it has been in operation for almost 30 years, the Structures, Systems and Components (SSC) of the reactor are already beginning to experience an aging phase. The aging process is a natural process characterized by the declining ability of the SSC to perform its functions following the function of age or time [1]. There are two categories of aging: nonphysical aging and physical aging. Non-physical aging is associated with obsolete equipment, which is already experiencing difficulties in terms of spare parts support or has not met the latest regulatory standards. Physical aging occurs due to the influence of various operating environment factors on the accumulated SSC over a long period of time, resulting in degradation in terms of functional ability of the SSC. The aging process certainly leads to a decrease in reliability and safety performance of the reactor operation. RSG-GAS is part of BATAN's means to provide nuclear science and technology utilization services for stakeholders or the community. Decreasing reliability and safety performance will decreases the quality of service to stakeholders. To maintain the mission of BATAN in terms of providing excellent service in the utilization of nuclear science and technology, it is needed to take a systematic activity to manage the aging process that occurs in RSG-GAS. This systematic activity is embedded in an activity called aging management, and as regulated in BAPETEN rules, aging activity is one of the requirements for the process of extending the operating license and regulation.
Aging management is an integrated technical, operational and maintenance measures to control aging of SSC within acceptable safety limits [1]. The systematic program for aging management in research reactors includes elements, such as: screening the essential SSCs for aging management, identifying and understanding aging of SSCs, minimizing aging of SSCs, detecting, monitoring and mitigating SSC aging degradation, as well as several other programs [2].
The SSC screening program is an early stage in aging management activities. There are a large number of components required in the operation of the reactor. In selecting an important component for aging management, a systematic method is needed to determine which components are important for safety and the difficulty of replacement. There are various methods that can be used in screening the SSCs, including with expert judgment, operational experience analysis or by probabilistic safety analysis method (PSA) [3,4,5].
As a center assigned to operate the RSG-GAS reactor, Center for Multi-Purpose Research Reactor (PRSG) has already processed SSCs screening for aging management programs based on safety function and ease of replacement [6]. These SSCs screening program has not been systematically conducted using a particular method. PRSG's SSCs screening program is only a result of the assessment and evaluation of PRSG personnels based on daily operational experience and has not used the methods referred to in References 3, 4 and 5.
In this paper, one of the most frequently used elements in the probabilistic safety analysis method (PSA), was used to screen components of RSG-GAS Primary Cooling System. This element, the Fault Tree Analysis (FTA) method, is used to screen SSCs through the development of RSG-GAS Primary Cooling System model in the form of fault tree diagram. The development of RSG-GAS Primary Cooling System model in the form of fault tree diagram had been done in previous research activities [7] and also for the Pool Venting System and Low Pressure Ventilation System of RSG-GAS [8]. In contrast to the current model developed, the development of the reliability model in Reference 7 is intended to see the reliability level of the RSG-GAS Primary Cooling System while it is operating and the results of its analysis provide an estimated probability value of the loss of primary coolant flow initiating event in the RSG-GAS due to failure of Primary Cooling System. The reliability analysis of the Primary Cooling System by the FTA method carried out in the present activity is based on the real operating conditions of the current reactor, i.e. continuous operation for 45 days (average operating time), operating at 50% power of design power and estimated from the time of system started until completion of 45 day mission time. The purpose of analysis is to get information on which key components fail to have an impact on the function of the RSG-GAS Primary Cooling System and should receive more attention in day-to-day operations. Accordingly, the results of this research activity can be used to verify and validate the screening process of RSG-GAS Primary Cooling System components as provided in Reference 6.

Primary Cooling System of RSG-GAS
When the reactor is in operation, the reactor core will produce continuous amounts of heat as a result of fission reactions occurring in the fuel. In order for the temperature in the core to remain constant in accordance with the design temperature, this heat must be transferred to the environment. The Primary Cooling System serves to extract heat directly from within the reactor core by draining free mineral water to the fuel grille and transferring it to the secondary cooling system through heat exchanger components.  Figure 1 shows the schematical diagram of RSG-GAS Primary Cooling System. The components of the primary cooling system consist of the stainless steel pipes, three centrifugal pumps, motor operated valves and two heat exchangers. The pumps serve to drain cooling water to heat exchangers in a closed loop, where under normal circumstances two pumps operate and one is in standby state. The primary cooling water flows from the top to the bottom, through the porch and the chamber delay tank (to decrease the concentration of radioactive material N16) [9].
The valves in the primary cooling system have different functions. Some valves serve as a cooling water flow regulator when the system is working normally. Some valves serve to isolate the cooling water in the reactor pool when the system is not working. Some valves serve to isolate the spare pump, so that the cooling water flow does not enter the backup pump while the system is working. Some valves also serve to isolate one pump channel at the time the pump is in maintenance. The heat exchanger is isolated by two valves (at the entrance and exit lines) when the system is not working or the heat exchanger is undergoing maintenance.
The heat exchanger component serves to move heat from the primary system to the secondary system. There are two components of heat exchanger used, each having a capacity of 50% and installed in the piping line after the pump. The horizontally-mounted, vertical-shell and tube multypass heat exchanger component with the inlet and outlet side of the primary and secondary cooling water. The primary cooling water flows on the shell and the secondary cooling water flows in the center of the tube [9].
The function of the Primary Cooling System is to cool the core and reactor pool during normal operation. The success criteria of the system is the success of the heat transfer system generated from the core when the reactor operates normally to the secondary cooling system, so that the temperature of the core and pool is maintained according to the design temperature. In order for the primary cooling system to successfully perform its functions, then: 1. JE01AA01, AA02, AA14, AA15, AA16, AA17, AA 18 and AA19 should always be open when the system is in operation. 2. Two of the three Primary Cooling System Pumps (JE01AP01, JE01AP02 and JE01AP03) should be able to function while the system is working. In normal operation, two pumps operate and one is left in standby [6]. 3. Each of the above mentioned pumps should be able to operate continuously while in service. When in standby, every pump must be immediately operated in the event that one pump in operation is suddenly dead (due to failure). 4. The JE01AA03, AA06 and AA07 valves must always be open when the JE01AP01 pump is operating. In contrast, the JE01AA03 and AA07 valves must be shut down when the JE01 AP01 pump is not operating. 5. The JE01AA04, AA08 and AA09 valves must always be open when the JE01AP02 pump is operating. In contrast, the JE01AA04 and AA09 valves must be shut down when the JE01 AP02 pump is not operating. 6. The JE01AA05, AA10 and AA11 valves must always be open when the JE01AP03 pump is operating. Conversely, the JE01AA05 and AA11 valves must be shut down when the JE01 AP03 pump is not operating. 7. The JE01AA12 valve should be able to open when the required JE01AP03 pump operates to replace the JE01AP01 pump. 8. The JE01AA13 valve must be able to open when the required JE01AP03 pump operates to replace the JE01AP02 pump. 9. JE01BC01 and BC02 Heat Exchangers should be able to function to transfer heat from the reactor core to the secondary cooling system.

Fault Tree Analysis (FTA).
The FTA method is a graphical method that models how the failure of a component evolves into a system failure [10]. This method is deductive and presented in the form of directed acyclic graph consisting of two types of nodes, event and gate. The analysis ends up to the most basic event level that cannot be elaborated, such as component failure events or human failure. Each event is related to the cause of the event through a gate. The use of gate (AND, OR or VOTING) depends on how the relation between input occurrences and output events.

Analytical Techniques.
The analytical techniques in the FTA method can be divided into two categories: qualitative techniques and quantitative techniques [10]. Qualitative techniques are used to detect weaknesses based on minimal cutset parameters, minimal path set and common cause failure. Quantitative techniques calculate the numerical value of Fault Tree diagrams in the form of Importance Measure parameters that show how critical (important) a component to the system and Stochastic Measure that gives probability value of system failure.

Qualitative Analysis Technique.
In qualitative analysis, mathematical reduction follows the laws of the Boolean Algebraic equation to the failure tree diagram representing the system reliability model. The mathematical reduction results of the Boolean Algebra result in the minimal cutset parameter, which represents the smallest combination of basic events that can cause top events. The less of amount basic events in the minimal cutset the more critical the basic events in the system. where: The probability of a top event occurrence can be calculated by the rare event method or Esary-Proschan [11]. The Esary-Proschan method produces a more accurate calculation and is used in this paper. The mathematical equation for calculating the probability of a top event occurrence based on the Esary-Proschan method is given in the form as in Equations 2 and 3.
(3) where: F Sys = system unreliability Q Sys = system unavailability Qi = unavailability of i th common event Q Cutset j = cutset j th unavailability with exclude of common event m = number of common event in all of cutsets n = cutset number t = system mission time.
In addition to the calculation of the probability of a top event occurrence, quantitative analysis techniques in the FTA method also calculate the Importance Measure parameters. Importance Measure parameters calculated in this paper are F-Vesely Importance, Risk Achievement Worth (RAW) and Risk Reduction Worth (RRW) parameters. The Importance parameter F-Vesely is a parameter that shows how much the contribution of the basic event to the probability of top event occurrence. The RAW Importance parameter is a parameter that shows how much the probability of a top event increase if the related basic events always occur (components always fail). The RRW Importance parameter is a parameter that shows how much the probability of the top event decreases if the related basic event never occurs (the component is always successful). The mathematical equations for these three Importance Measures are given in Equation 4, 5 and 6 below [12]: = system unavailability Q (x=0) = system unavailability with the asumption of the related basic events are full reliable (never fail) Q (x=1) = system unavailability with the asumption of the related basic events are full unreliable (always fail)

Development of Fault Tree Diagram.
In general, there are three factors needed to construct a fault tree diagram model: knowledge of the components in the system and their functions, the relationships between the components in the system and the logic and numerical evaluation of those relationships [13]. Failure Mode and Effect Analysis (FMEA) methods, Functional Block Diagram, and several other methods are commonly used for the initial step in constructing the fault tree diagram [14]. In this paper, Functional Block Diagram was developed to help understanding the system and the relationships among the components in the system, as shown in Figure 3 below. Based on the Functional Block Diagram of RSG-GAS Primary Cooling System in Figure 3, then we developed the fault tree diagram, as shown below. It should be noted that although in design the RSG-GAS primary cooling system is configured 2 of 3 (pump lines) [9], but since RSG-GAS reactor is operated only at 15 MWt (50% full power), the assumptions taken in the development the fault tree diagram are 1 out of 3 configuration for the pump lines and the heat exchanger used depend on the pump line operated.

Quantification Result and Discussion.
The fault tree diagram of the RSG-GAS primary cooling system was quantified using the reliability analysis software of ITEM TOOLKIT. The purpose of quantification is to get a minimal cutsets which are the smallest combination of basic event failures that lead to the system failure. In addition, quantification of fault tree diagram is also intended to obtain the probability of occurrence of top event and the importance of each basic event. To obtain the value of probability, it is needed the failure data Quantification results are done with several assumptions, i.e.: 1. The reactor operates for 45 days, according to the data (average value) provided in the RSG-GAS component maintenance report. 2. As long as the reactor operates, the power supply is assumed to be always successful (without a trip). 3. Valve and pump instrumentation system and operator action to activate valves and pumps are assumed to be always successful.
Based on the failure rate data and the above assumptions, calculations are done by using ITEM TOOLKIT software. The result of the calculation giving the probability of system unavailability is shown in Table 2 and the Minimal Cutset list and the probability of occurrence are given in Table 3.  Table 3 only shows 55 minimal cuts of 1202 minimal cuts available. The combination of basic events from all the minimal cuts produced varies between combinations of 1 basic event to 3 basic events. 8 minimal cutsets consist of single basic event. Table 3 shows that there are 4 minimal cuts that have the greatest unavailability value (0.00041) and consists of a combination of 1 basic event, namely: failure of the isolating valve of the primary system to open (JE01AA01, AA02, AA18 and AA19). 1.69587E-7 JE01AA16-FTO ::JE01AA15-FTO Thus, the primary system isolation valves (JE01AA01, AA02, AA018 and AA19) are the most important components in the system. These valves are dual-functioned, i.e. as safety-related components as well as its success can increases availabilities of the reactor. In the event of an incident or accident in the reactor pool, the success of one of the inlet valves (one of JE01AA18 and AA19) and one of the outlet valves (one of JE01AA01 and AA02) to close so that the reactor pool is isolated from the other system will make the reactor safe. In contrast to normal operation, the success of all primary system isolation valves (JE01AA01, AA02, AA018 and AA19) to open and remain open will increase reactor availability to provide service, because if one valve closes then the reactor will shut down automatically. Therefore, these valves become important object for aging management and needs to be tested frequently for its opening and closing functions, as well as other components of the primary cooling system.

Conclusion
Reliability analysis using FTA method can be used to screen the components which are important for aging management program at RSG-GAS Reactor, which in this paper is implemented in Primary Cooling System. The results of this paper may also verify and validate the results of the SSCs screening of the primary cooling system for aging management as listed in the SOP of the RSG-GAS Aging Management Program. Based on the results of qualitative and quantitative analysis of the RSG-GAS primary cooling system, it can be concluded that the basic events of the failure of the primary isolation valve (JE01AA01, JE01AA02, JE01AA018 and JE01AA019) to open or remain open are the most critical basic events in the system. Compared with the results of SSCs screening of the Primary Cooling System for aging management as listed in the SOP of the RSG-GAS Aging Management Program; JE01AA01, JE01AA02, JE01AA018 and JE01AA019, are all included in the list. Therefore, these all valves maintenance and testing program should be given top priority in the RSG-GAS aging management program so that the availability and safety level of the reactor remains high.