Justification of the nuclear power plant safety and operating efficiency in selection of maintenance and repair parameters*

Nuclear power plants (NPP) are subject to stiff requirements as to the cost effectiveness of their operation. However, since the NPP operation may be associated with the occurrence of severe environmental, social, political, material and other consequences as the result of nuclear and radiological accidents at NPPs, ensuring the specified level of the NPP safety is an operational task of the utmost importance. The current practice of the NPP design and operation suggests that the objectives involved in improving the efficiency of operation and those of ensuring the NPP safety level required by federal standards and regulations (NP-001) are achieved in isolation: no issues of ensuring high efficiency of the NPP operation are taken into account when addressing the issues involved in ensuring the safety of the NPP and, vice versa, it is a priori assumed that the required level of safety is ensured at any time when high efficiency of operation is achieved. The reason for this is the absence of procedures that make it possible to assess, in an integrated manner, the interdependence of economic and technological factors. The paper describes some of the methods to raise the efficiency of the NPP operation by selecting the best possible NPP maintenance and repair (M&R) strategies leading to high utilization and capacity factor values. A distinctive feature of the proposed techniques is that the efficiency of the NPP operation is proposed to be improved while ensuring at the same time the required level of the NPP safety with any NPP configuration.


Introduction
Nuclear power plant (NPP) units are industrial structures designed for generation of electricity having which as part of the country's fuel and energy complex (FEC) should be cost effective and justified (Murogov 2019, Energy Availability Factor, Kirillov andPioro 2015). If the economic performance of an NPP is not satisfactory, it is not practicable to use it in the FEC. To a great extent, however, the NPP operation is linked not only to the economic efficiency of the plant operation but also to the tasks of ensuring the required level of the NPP safety, specifically, to the issues involved in selecting (and justifying) such rules of operation as would provide for the safety level required by NP-001 . Broadly, safety issues are reduced to identifying the acceptable extent of damage caused by accidents at NPPs (Kirillov and Pioro 2015, Gordon 2014, IAEA-TECDOC-1846, IAEA-TECDOC-1846.

NPP safety level
For the general public, the safety of an NPP is defined by the acceptability of the damage from the NPP operation (Kutkov et al. 2015, Kutkov and Tkachenko 2011, Terentyev 2018. And the damage from the NPP operation is understood as the exposure doses received as the result of the radionuclide escape into the environment during nuclear accidents (and, accordingly, the number of the persons who fell ill or died later, the number of the territories that became uninhabitable or unfit for farming because of the radioactively contaminated soil and water, etc.). It is important to understand that the extent of the resultant damage depends not so on the NPP "behavior" in the period of the accident as on the multicomponent processes of the radionuclide dispersal and accumulation in the environment Tkachenko 2011, Terentyev 2018). In this connection, it makes sense to estimate the damage from the NPP accidents exactly in terms of the radionuclide types and quantities that have entered the environment, and the amounts of which do not depend on the environment as such and its parameters at the time radionuclides enter it and their further dispersal.
A practicable way to determine the NPP safety level in terms of resultant damage is to use probability safety indicators (PSI): total probability of severe accidents (in an interval of one year) or total probability of a major emergency release (in an interval of one year). More than that, these characteristics make it possible to compare the safety level of various NPPs since other "traditional" units for measuring the safety level with regard for the severity of damage (exposure dose, amount of radioactive contamination, etc.) are extremely dependent on many parameters of the environment as such.
Using NPPs as a source of electricity require such conditions to be simultaneously fulfilled as ensuring the safety of NPPs as complex engineering systems involving, in principle, the potential for the occurrence of destructive events characterized by radioactive contamination of the biosphere and human exposure (Gordon 2014, IAEA-TECDOC-1846, Safety Reassessment 2014, Kutkov et al. 2015, and increasing the economic efficiency of NPPs as the FEC components (Murogov 2019, Energy Availability Factor, Bukrinskiy 2013.

Efficiency of the NPP operation
A variety of indicators are used to estimate the economic efficiency of the NPP operation, the most usable of which is utilization factor, K UF : where i is the NPP operation cycle number; n is the number of operating cycles for the considered period of operation; t i is the time for which the NPP is in the serviceable condition in the i-th cyclе, h; τ i is the duration of the i-th M&R (scheduled or unscheduled) requiring the NPP to be stopped to be used for the intended purpose; m is the number of failures (recoveries) for the period of interest; j is the M&R number; k is the number of M&Rs requiring the NPP shutdown in the considered period; and τ j is the duration of the j-th M&R requiring the NPP to be stopped to be used for the intended purpose, h. Along with K UF , installed capacity utilization factor (ICUF) is widely used (Murogov 2019, Energy Availability Factor): where W act is the amount of energy actually generated by the NPP for the given period of operation Т, MW×h; W max is the maximum possible amount of energy the NPP could generate for the specified period of operation Т provided it continually operated at the rated power level (with no idle periods), MW×h; Т is the duration of the specified period of operation, h; T act is the actual time of the NPP operation in the electricity generation mode, h; and N AAP is the actual average power the NPP operated at for the actual period of being used for the intended purpose (electricity generation).
The following formula is used to switch from the K UF factor to ICUF where K OR is the operating rate. It has been found that the key contributors to reducing K UF and ICUF are the NPP idle periods during scheduled and unscheduled M&Rs (Murogov 2019, Energy Availability Factor, Bukharin et al. 2013. Accordingly, K UF and ICUF can be increased by reducing the NPP idle times during M&Rs.

Justification of the NPP safety and operating efficiency with regard for M&R
There is no extensive experience in revising the NPP M&R requirements. However, the NPP idle times during M&R can be cut by revising the M&R strategies from the point of view of providing the possibility for: -increasing the duration of unscheduled M&Rs during NPP power operation until the NPP is required to be shut down administratively -a method to improve the NPP economic efficiency by reducing the idle times due to unscheduled M&Rs of equipment (unscheduled M&R method); -reducing the duration of scheduled NPP M&Rs through the outage, in parallel, of a large number of components for M&R as compared with the existing strategy of scheduled M&Rs -a method to improve the NPP economic efficiency by reducing the idle times during scheduled M&Rs of components (scheduled M&Rs method).
The proposed methods are based on analyzing the NPP safety level both qualitatively (using a deterministic safety analysis) and quantitatively (using a probabilistic safety analysis which makes it possible to estimate the NPP safety level in terms of PSIs).
It is important to note that the proposed methods do not serve exactly to confirm the fulfillment of the PSIs defined in NP-001 (NP-001-97, NP 001-15). On the one hand, using these (especially, the unscheduled M&R method) allows verifying the requirements of the NPP process regulations (PR) from the point of view of the following question: if the fulfillment of the NP-001 requirements is ensured, as far as the PSIs are concerned, during scheduled and unscheduled M&Rs in accordance with the PR rules and limits (the methods make it possible to prove, in quantitative terms, the validity of the effective PR provisions or to demonstrate that these are possibly invalid from the point of view of ensuring the fulfillment of the NP-001 requirements (NP-001-97, NP 001-15) as far as the PSIs are concerned). On the other hand, using these methods allows "maneuvering" in the PSI intervals (limits) specified in NP-001 such that to reduce the M&R durations raising so the NPP economic efficiency while not violating the legally defined NPP safety level requirements.

Risk increase factor
Speaking about M&R, one needs to understand that this procedure necessarily involves changes in the NPP equipment configuration (Murogov 2019, Bukharin et al. 2013). Therefore, a practicable way to analyze the effects of scheduled and unscheduled M&Rs, aimed to improve the NPP economic efficiency, on the NPP safety level is to use the risk increase factor, RIF, which makes it possible to take simultaneously into account the actual state of the NPP equipment and the current modes of the NPP operation, that is, the NPP equipment configuration: where Q i is the probability of the i-th component to fail to perform its function; FDF i is the frequency of nuclear fuel damage during the outage of the i-th component for M&R for the analyzed length of time (PR-specified or expected); and FDF b is the respective frequency of nuclear fuel damage with the considered equipment being serviceable.

Unscheduled M&R method
This method is based on a hypothesis that the NPP operating efficiency can be improved by mitigating the PR requirements to the PR-specified NPP equipment outage allowed time (OAT) after the expiry of which the NPP is shut down administratively (certainly, if the serviceability of the failed components was not restored for the specified OAT). In a general case, the application of the method consists in the following: one needs to make initially sure that the logical and probabilistic model ( (components), personnel actions, as well as the values of the probabilistic characteristics of the initial events, the reliability of systems (components), the common cause failures considered in the probabilistic safety analysis, personnel errors, and other data required for the NPP PSI estimation (NP-095-15)). Then it is required to represent the analyzed situation in the LPM in a correct way (by measuring and, where required, updating the LPM such that to have it reflecting reliably the state of the considered equipment outage for unscheduled M&Rs for a certain OAT). To this end, various operation aspects of the components under consideration and the NPP as the whole are analyzed, e.g., how completely and adequately all of the identified dependences are taken into account, including for the components shared by several systems (Murogov 2019, Gordon 2014, Bukrinskiy 2013, IAEA-TECDOC-18342017. In this, emphasis is placed on testing the LPM in terms of the following: -if it includes components the OAT for which is proposed to be increased and all of the potentially important states of these components are taken into account; -if the operator actions potentially affecting the serviceability of the considered components are represented; -if all of the potential emergency sequences, which may involve the considered components, are taken into account. In the event the LPM cannot be recognized as being adequate to the actual NPP state and fit for the subsequent quantitative analysis (NP-095-15), it needs to be respectively updated, e.g., by new base events or logic switches to be added to it to enable simulation of components un-der unscheduled M&R, and to simulate the emergency sequences, other than considered earlier, or to simulate in more details the existing emergency sequences, involving potentially the components in question.
Then the proposed OAT is represented in the LPM. It is important that simulation takes into account the lifecycle stage the NPP is at, since each of the stages has various mechanisms of equipment degradation (Murogov 2019, Gordon 2014, Bukharin et al. 2013, Yershov et al. 2010: -burn-in stage -an increased rate of equipment failures is observed which is explained by manufacturing and process errors, deviations from standards and regulations during installation, omissions and errors made in the NPP design and when defining the NPP operating conditions, and other factors; substandard components fail predominantly causing so the occurrence of burn-in failures; -normal operation stage -no noticeable changes are observed in the physicomechanical or physicochemical properties of equipment under the action of external loads (the failures that occur are of a "sudden" nature and take place only with minor concentrations of loads); -aging stage -equipment has its resistivity to external loads decreasing noticeably -it cannot take up adequately the loads that act on it while preserving the NPP safe operation parameters specified in technical documentation; failures occur caused by the NPP losing gradually its initial properties as the result of wear and aging (failures manifest themselves in the form of both equipment breakdowns and the NPP key parameters being beyond the specified design limits). Depending on the properties of the materials the equipment is made of and their respective operating conditions, the processes leading to a decrease in the resistivity to external loads can be intense or slow. Besides, depending on how heterogeneous the initial characteristics of the NPP single-type components are, which is explained by the chemical and physicomechanical heterogeneity of the materials, the instability of the fabrication technology, and the like, as well as due to nonidentical values of operating loads, wear-out failures manifest themselves within a significantly short interval of time in some cases, and have a major time scatter in other cases.
Various distribution laws, including exponential, normal, logarithmically normal, Weibull-Gnedenko, Relay, beta, and gamma distribution laws, are used to take into account, in a correct manner, the nature of the considered equipment failures and the NPP's current lifecycle stage.
The above actions are followed by the quantitative estimation of the effects the analyzed configurations of the NPP equipment have on the PSIs, using the RIF factor based on formula (4). The proposed criteria of the RIF factor values and the recommendations on the qualitative estimation of the obtained quantitative results and on generation of further practical proposals for the NPP economic efficiency are presented in Table 1.
It is especially important to note that using the unscheduled M&R method makes it possible to check the fulfillment of the PR requirements to the range of the compo- Table 1. Estimated level of the NPP safety during scheduled and unscheduled M&R.

Unscheduled M&Rs
Unacceptable decrease in safety level 1. Implementation of the PR-specified requirements to the OAT length (or the expected OAT length) is not acceptable in terms of the NPP safety level since no NP-001 requirements (NP-001-97, NP 001-15) are fulfilled as to the PSIs. 2. The considered PR requirements to the OAT length (or the expected OAT length) are too optimistic and should be revised by being toughened (the considered OAT length requires to be reduced). 3. The NPP operating efficiency cannot be improved by increasing the considered OAT length.

Scheduled M&Rs
The implementation of the proposed method to improve the NPP operating efficiency is not acceptable in terms of ensuring the NPP safety level since no NP-001 requirements (NP-001-97, NP 001-15) are fulfilled as to the PSIs.

Unscheduled M&Rs
Major decrease in safety level 1. The implementation of the PR-specified requirements to the OAT length is acceptable provided compensating measures are in place to improve the NPP safety level during unscheduled M&Rs of the considered equipment. Otherwise, the analyzed OAT length should be revised by being reduced to make the PR requirements not excessively optimistic. 2. The NPP operating efficiency cannot be improved by increasing the considered OAT length since no NP-001 requirements (NP-001-97, NP 001-15) are fulfilled as to the PSIs.

Scheduled M&Rs
The implementation of the proposed method to improve the NPP operating efficiency is acceptable in terms of ensuring the NPP safety level provided compensating measures are in place to improve the NPP safety level when implementing the proposed changes and the implementation of which makes it possible to fulfill the NP-001 requirements (NP-001-97, NP 001-15) as to the PSIs.

Unscheduled M&Rs
Acceptable decrease in safety level 1. The implementation of the PR-specified requirements to the OAT length (or the expected OAT length) is acceptable since the NP-001 requirements (NP-001-97, NP 001-15) are fulfilled as to the PSIs. 2. The PR requirements to the OAT length (or the expected OAT length) are too conservative and can be revised by being mitigated. 3. The NPP operating efficiency can be raised by increasing the considered OAT length.

Scheduled M&Rs
The implementation of the proposed method to improve the NPP operating efficiency without any constraints in terms of ensuring the NPP safety since the NP-001 requirements (NP-001-97, NP 001-15) are fulfilled as to the PSIs. nents for the unscheduled M&R outage and for the OAT in terms of ensuring the fulfillment of the NP-001 requirements (NP-001-97, NP 001-15) as to the PSIs.

Scheduled M&R method
The method is based on reducing the unscheduled M&R times in conditions of the required level of the NPP safety ensured a priori (when the NPP is in operating modes with reduced power levels or in shutdown modes). In a statement of the kind, this is a classical problem of scheduling theory -the arrangement of a work system, with regard for process and resource constraints, providing for as short schedule length as possible (the shortest possible length of the scheduled M&R process in the proposed method) (Murogov 2019).
As applied to all of the works forming the scheduled M&R process, it needs to be stressed that all of these are interconnected through rigid resource and process dependences among which their two basic types are identified: -type R 1 dependences -these are consequence-precedence dependences, i.e. any two works Z i and Z j are dependent with respect to R 1 if one of them, Z j , can be started only after the other, Z i , is completed; -type R 2 dependences -these are process compatibility dependences, i.e. any two works Z i and Z j are independent with respect to R 2 if they can be performed at a time; otherwise, they are dependent with respect to R 2 and can be performed only one after the other with their performance sequence not being rigidly defined.
If the optimization of the existing strategies for unscheduled NPP M&Rs is considered in terms of the process sequence for the manipulations made (R 1 dependences), the NPP idle times during scheduled M&Rs can be reduced by mitigating the existing resource constraints. Since it is not possible to change the dependences R 1 (preventive maintenance schedules take into account all of the R 1 dependences), it is proposed to revise the R 2 dependences by the simultaneous outage for scheduled M&Rs of either more than one safety channel for any system or some of the components in one channel of the given system and some of the components in another channel.
It is important to note that a change in the NPP equipment redundancy rate leads to a still greater (as compared with "standard" scheduled M&Rs) deterioration in the reliability of the considered system. And the advantage of using this method is the quantitative justification (or rejection) of the validity of the PR requirements as to the R 2 dependences since there are no special quantitative calculations broadly used to prove the validity of the PR requirements for the existing requirements to the R 2 dependences.
The method application procedure is as follows. The key task is to determine what additional equipment can be removed out of service for M&R. This requires identifying the R 2 dependences the implementation of which can be combined with each other without violating the R 1 dependences. It is important to differentiate between the equipment units which must be available for use in emergency, and the equipment units which are defined in the NPP design as redundant. Following the selection of the equipment the repair of which permits it to be combined with the repair of other equipment, it is required to analyze the changes caused in the NPP safety level. To this end, the existing NPP LPM is altered so that to have it reflecting reliably the proposed operations (the actions taken to determine the suitability of the existing LPM in terms of the analysis conducted, and, where required, to update same, are similar to the actions described as applied to the unscheduled M&R method). It is further required to note in the LPM which equipment exactly is removed out of service for scheduled M&Rs (with regard for the considered NPP lifecycle stage). Following this, the effects of the proposed M&R strategy on the NPP PSIs are estimated quantitatively using the RIF factor.
The criteria of the RIF factor values, and the recommendations on the qualitative estimation of the obtained quantitative results and on generation of practical recommendations based on the results obtained are presented in Table 1.
Special attention needs to be given to the following: if, based on the results of using any of the methods, it has been found to be necessary to generate compensating measures aimed to improve the NPP safety level, then the RIF factor values need to be governed by to evaluate, in quantitative terms, the efficiency of such measures; the intervals of the RIF values are presented in Table 1 (from the point of view of simulation, the actions taken based on the compensating measures representation in the existing NPP LPM are similar to the actions taken based on the LPM representation of the proposed NPP equipment configurations).

Risk increase estimation criteria
The identification of the criteria different for the newly commissioned NPPs and the NPPs in operation is explained by the fact that the non-exceedance of the total probability of severe accidents in an interval of one year should be equal to 1×10 -5 for newly commissioned NPPs (NP-001-15), and it is required to seek to ensure the safety level described in (NP-001-97) for NPPs in operation.
As far as the acceptability of the criteria proposed for the RIF factor values is concerned, the following needs to be noted (Murogov 2019, Gordon 2014, Bukharin et al. 2013): -operation of NPPs involves the same probabilities of occurrence of man-made accidents as any other types of human activities (e.g., the average probability of man-made accidents is 2.15×10 -4 for metallurgical plants; 2.5×10 -4 for chemical, petrochemical, and oil refinery plants, and 6.7×10 -5 for gas supply facilities); -target NPP PSIs (NP-001-97, NP 001-15) are in the limits of the commonly accepted criteria for rating risks from various human activities and do not fall beyond these limits since the values of the occurrence risks for unfavorable events at man-made facilities (other than nuclear power), which are taken by most of the public as acceptable, also lie in the region of 1×10 -5 to 1×10 -4 .
Therefore, the proposed criteria of the RIF factor values are acceptable since they take into account the accumulated experience in using both nuclear power facilities and conventional complex engineering systems, and do not fall beyond the limits of the commonly accepted approaches to managing risks from various types of human activities.

Conclusions
Methods have been developed for selecting strategies of the NPP equipment operation to raise the operating efficiency of NPPs and ensuring the required safety level. Using these methods allows making justified changes to the existing strategies of scheduled and unscheduled M&Rs for the NPP equipment based on information on the NPP safety level at the time of interest with any NPP configuration. The unscheduled M&R method also makes it possible to verify the PR requirements to the OAT from the point of view of the acceptability of the NPP safety level during unscheduled M&Rs in the process of the NPP power operation.
The methods are based on analyzing the effects of various lengths of times, during which the considered equipment is inspected or its serviceability is restored (that is, the OAT during scheduled M&Rs and the time during which scheduled M&Rs of equipment are undertaken), on the NPP safety level during scheduled and unscheduled M&Rs of the NPP equipment.
The proposed approaches to the generation of practical recommendations for improving the NPP operating efficiency by reducing the idle time during scheduled and unscheduled M&Rs of the NPP equipment are based on the principle of the required NPP safety level being ensured unconditionally. It is proposed that the practical recommendations are generated using the results of analyzing data on the change of the risk increase factor during scheduled and unscheduled M&Rs of the NPP equipment.