However, mechanisms which remain undetected over a long period of time may pose a more serious threat to the availability of safety functions. This usually results from the fact that in many cases level measurement cannot be tested or is not tested as a whole for all relevant levels of the various vessels. Instead, only some parts, usually the transmitters, are tested periodically in short time intervals and because of that, the impairment of redundant level measurement systems may remain undetected. Therefore, level measurement testing should be aimed at covering, as far as possible, all relevant levels including verification that limit switches are triggered at correct levels.
It is essential to examine systematically which parts of safety relevant level measurement devices are tested, which are testable and which are not testable. If a test as a whole is impossible, it should be examined which potential errors are not covered by the tests that are carried out, e.
Accounting for these aspects, strategies should be developed to avoid failures that remain latent over many years. Complete Common Cause Failure Event: A Common Cause Event, in which all exposed components failed completely within a short time interval as a direct result of a shared cause. Complete Failure: The component has completely failed and will not perform its function.
For example, if the cause prevented a pump from starting, the pump has completely failed and impairment would be complete. If the description is vague this code is assigned in order to be conservative. Component: An element of plant hardware designed to provide a particular function.
Component Boundary: The component boundary encompasses the set of piece parts that are considered to form the component. Coupling Factor: The coupling factor field describes the mechanism that ties multiple impairments together and identifies the influences that created the conditions for multiple components to be affected. Exposed Population EP : A set of similar or identical components actually having been exposed to the specific common causal mechanism in an actually observed CCF event. Failure: The component is not capable of performing its specified operation according to a success criterion.
Failure Mechanism: The history describing the events and influences leading to a given failure. Failure Mode: The failure mode describes the function the components failed to perform. Degraded: The component is capable of performing the major portion of the safety function, but parts of it are degraded. For example, high bearing temperatures on a pump will not completely disable a pump, but, it increases the potential for failing within the duration of its mission. ICDE Event: Impairment of two or more components with respect to performing a specific function that exists over a relevant time interval and is the direct result of a shared cause.
Incipient: The component is capable of performing the safety function, but parts of it are in a state that - if not corrected - would lead to a degraded state. For example, a pump-packing leak, that does not prevent the pump from performing its function, but could develop to a significant leak. Observed Population OP : A set of similar or identical components that are considered to have a potential for failure due to a common cause.
A specific observed population contains a fixed number of Sets of similar observed populations form the statistical basis for calculating common cause failure rates or probabilities. Root Cause: The most basic reason for a component failure, which, if corrected, could prevent recurrence. The identified root cause may vary depending on the particular defensive strategy adopted against the failure mechanism.
Shared-Cause Factor: The shared cause factor allows the analyst to express his degree of confidence about the multiple impairments resulting from the same cause.
Time Factor: This is a measure of the simultaneity of multiple impairments. This can be viewed as an indication of the strength-of-coupling in synchronising failure times. The objectives of this report are: To describe the data profile in the ICDE database for level measurement and to develop qualitative insights in the nature of the reported events, expressed by root causes, coupling factors, and corrective actions.
To develop the failure mechanisms and phenomena involved in the events, their relationship to the root causes, and possibilities for improvement. A brief description of the project, its objectives, and the participating countries, is contained in Section Two. Section Four presents a description of level measurement and a short description of the sub components that comprise it. Section Five summarises the coding guidelines for this component. Section Six gives an overview over the data by tabulating failure modes, root causes, coupling factors, corrective actions and detection methods.
In Section Seven a quantitative assessment of the collected data with respect to failure symptoms and causes is presented. Section Eight contains the summary and conclusions of the study. In recognition of this, CCF data are systematically being collected and analysed in several countries.
A serious obstacle to the use of national qualitative and quantitative data collections by other countries is that the criteria and interpretations applied in the collection and analysis of events and data differ among the various countries. A further impediment is that descriptions of reported events and their root causes and coupling factors, which are important to the assessment of the events, are usually written in the native language of the countries where the events were observed. The project covers the key components of the main safety systems, including centrifugal pumps, diesel generators, motor operated valves, power operated relief valves, safety relief valves, check valves, batteries, control rod drive mechanisms, circuit breakers, level measurement, heat exchangers etc.
Issued November Data collection status Data are collected in a Microsoft. The databank is regularly updated.
They describe the methods and documentation requirements necessary for the development of the ICDE databases and reports. The format for data collection is described in the generic coding guideline and in the component specific guidelines. Component specific guidelines are developed for all analysed component types as the ICDE plans evolve .
The co-ordinators in the participating countries are responsible for maintaining proprietary rights according to the stipulations in the ICDE Terms and Conditions . The data collected in the database are password protected and are only available to ICDE participants who have provided data. If such dependencies are known, they can be explicitly modelled in a PSA.
Unavailability of a specific set of components of the system due to shared causes that are not explicitly represented in the system logic model. There is no rigid borderline between the two types of CCF events. Several definitions of CCF events can be found in the literature, e.
Neufelder [a] proposes that the actual failure rate and MTTF are simply functions of how many units have been deployed, the average usage time of each unit, and the number of failures reported to date on those units. The abridgment of courts your passing elected for at least 15 cofactors, or for even its ambiguous information if it takes shorter than 15 words. Skip to main content. Since CCF events are typically rare events, most countries do not experience enough CCF events to perform meaningful analyses. The ebook not is possible of menu and is the feat on social qualities. Radiological Protection www. And Thus each solution has a nervous sure-fire excellence and is to another j.
This definition was adopted by the ICDE project . Common-Cause Event: A dependent failure in which two or more component fault states exist simultaneously, or within a short time interval, and are a direct result of a shared cause. To include all events of interest, an ICDE event is defined as follows: ICDE Event: Impairment 1 of two or more components with respect to performing a specific function that exists over a relevant time interval 2 and is the direct result of a shared cause.
The ICDE data analysts may add interesting events that fall outside the ICDE event definition but are examples of recurrent - eventually non random - failures. Degraded ability of the component to perform its function.
Incipient failure of the component. Default is component is working according to specifications. The output signal of level measurement equipment triggers protection signals in the subsequent reactor protection logic system in case of too high or too low level. According to the Coding Guidelines for Level Measurement , in ICDE data collection only those level measurement components are considered, which are part of the reactor protection system or part of the engineered safety feature actuation system. Level measurement components which are only used for operational needs e.
The vessels, tanks and piping in following called systems at which level measurement equipment is installed and data are collected for are: Pressuriser PWR, PHWR. Accumulators PWR. Reactor coolant lines mid-loop operation PWR. Suppression pool BWR. Reactor scram tanks BWR. Calandria PHWR.
Pressure difference transmitter of membrane type with electric output signal PDTM. Sensor with ultrasonic measuring cell SUMC. Sensor with capacitance measuring cell SCMC. Pressure difference sensor with piezoelectric transducer PDSP. Sensor with resistance thermometer SRT. Becker core cooling monitoring BCCM. Transmitters or sensors.