Quality Assurance: using the customised safety case approach

Paul Boughton
Pontus Ryd and Andreas Knutsson look at successful quality assurance and licensing in nuclear power plants upgrades/uprates with a customised safety case approach. 

Major modernisations and power uprate projects in existing nuclear power plants (NPPs) bring major challenges - increased design complexity, fulfillment of modern safety requirements, extensive analyses and assessments required by experienced nuclear scientists and engineers coincident with the nuclear industry being in the middle of a significant generation change.

All this under the undisputable requirements on adequate safety/quality assurance and also delivered within estimated time and costs. The challenges call for effective methods and processes as well as high individual and team competence.

Experiences from providing specialist services in systems engineering for the power and process industry and many of the major NPP modernisations performed in Sweden since the mid-1990s, have lead to the development and application of a generalised safety case approach and new insights and recommendations for successful requirements management (RM) and configuration management (CM). It has proven fruitful, both in assuring proper design control and in safety/quality assurance and demonstration. It has also facilitated both internal and regulator communications.

With the approach proposed, properly applied and integrated early in a project, significant reductions in both licensing and time/cost risks should be within reach for both on-going projects and those about to start.

A safety case consists of: explicit safety/quality requirements; evidence that the requirements have been met; argument linking the evidence to the requirements.

Both the argument and the evidence are essential and the safety case is effective in assuring oneself as well as stakeholders, such as regulators, that the safety/quality goals both will be, and finally have been reached.

A generalisation of the safety case concept in a new integration methodology, that addresses the complete scope of a project (nowadays often including both important human and work process related factors and software based safety critical applications), strengthens the product management aspect of traditional project management methods. This is because many of the issues encountered originate from interface problems and from unknown/undocumented entities and new dependencies introduced.

The practical and efficient structure of the customised safety case approach (Fig. 1) consists of project specific safety/quality areas defined with different focus for complete scope coverage:

- Plant/product focus (eg, scope and definitions, requirements, design specification status, verification and validation results/base product qualification).

- Process/project focus (eg, quality assurance, design control processes, organisation and competence).

For each safety/quality area relevant claims hierarchies (Fig. 2) with regards to completeness, correctness and consistency are defined in cooperation with plant and supplier expertise, forming the total safety case definition.

The depth and detail of the claim hierarchy and corresponding requirements for explicit in-depth demonstration is governed by the relevance for safety. Each claim is evaluated based on evidences, typically verification and validation (V&V) activities such as reviews/inspections, audits, analyses and tests, with documented argumentation for claim fulfillment.

Without well functioning configuration management, there is no confidence that the plant has been designed, constructed, and is being operated in accordance with design requirements, and changes to the plant configuration are consistent with those requirements. Plant owners will as a consequence experience severe issues in both time and cost. Regulators and the public will furthermore not allow continued operation of an industrial facility that carries the inherent perceived risk of a NPP.

The definition of a system/object should be viewed as an important 'basic' requirement and maintained under CM just as any other requirement for the system/object. Defining clear functional-, physical- and geographical boundaries will, eg, make definitions of configured items (CI), requirements application to structures, systems and components (SSC)/CI and compliance V&V substantially easier.

The objective with RM is to completely, correctly and consistently establish, document, maintain and communicate the design requirements associated with traceability to the facility SSC implementing the requirements as well as to the V&V records demonstrating compliance - all within a well established CM.

Using requirements traceability matrixes (RTMs) as well as developing and maintaining function structures together with the product structure of the NPP (Fig. 3) using, eg, the guidelines of IEC 61346, nowadays replaced by IEC 81346, assist in solving most of the structural challenges of RM and CM.

Concluding recommendations

Major applications of the customised safety case approach for the life cycle safety assurance and demonstration have proven successful within so called 'mega projects' including significant I&C system and control room upgrades, but the principles and structures are generally applicable.

The recommended methods for RM and CM are important bases enabling claim fulfilment assurance in the total safety case defined.

We are convinced that if any supplier can show that proper CM, including adequate RM, is covered in the design and deliveries, also for the future owner/operator life cycle, that will be a unique selling point for decades to come, and provide significant risk reductions for both new build and upgrades/uprates projects worldwide.

Using the customised safety case approach presented to get the life cycle safety assurance and demonstration properly in place, and applying adequate CM and RM, is at least equally as important and valuable as selecting the right technology.

Enter √ or at www.engineerlive.com/ipe

Pontus Ryd, Specialist, Nuclear Power Safety & Quality Assurance, and Andreas Knutsson, Project & Systems Engineer, are with Solvina AB, Västra Frölunda, Sweden. www.solvina.se

Recent Issues