Barrier Identification by Functional Modeling of a Nuclear Power System

The paper investigates application of functional modeling for independent protection layer analysis of risk assessment in complex industrial plant with special reference to nuclear power production. Layer of Protection Analysis （LOPA）is a simplified semi-quantitative risk assessment method that typically builds on the information developed during a qualitative hazard evaluation such as HAZOP. LOPA typically uses order of magnitude categories for initiating event frequency,
consequence severity, and the likelihood of failure of independent protection layers (IPLs) to approximate the risk of a scenario. Identifying the IPLs systematically is a fundamental challenge as a basis for estimating the probability of failure on demand of each IPLs and for evaluating the risk to a decision concerning the scenario. Functional safety is the main focus of this study, which shows the modeling and reasoning capability of functional modeling, e.g. Multilevel Flow Modeling (MFM) and its application in IPLs analysis of a design based accident scenario, e.g. Loss of coolant accident (LOCA). Previously, MFM has showed its potential to be used for safety barrier analysis and Defense in Depth. The main contribution of the study is to explore a procedure using MFM to identify safeguards and then credit some of them as IPLs. Firstly, MFM modeling of the process system including control flow structures is presented. Secondly, the rule-based cause reasoning of MFM is used to identify initiating causes (chain of causes) of a specific consequence. Thirdly, safeguards are derived (safety functions in the system are designed represented by MFM functions) to prevent the consequence to happen. Fourth, judging the initiating causes and safeguards whether they can have common mode failure. If there is no common mode failure, then the safeguard is considered as an IPL. This procedure is demonstrated in a PWR LOCA accident scenario.