Multiple barriers protect the environment
Multiple barriers protect the environment
One of the key principles of nuclear safety is to have multiple barriers between radioactive substances and the environment. The first barrier is the nuclear fuel itself. During normal operation, the majority of fission products are in a solid state and will remain as part of the ceramic fuel material. A small part of the gaseous fission products ooze out of the fuel material, but in any case remain inside the tight fuel rod cladding.
The second barrier for release is the cooling circuit wall. Fission products released from leaking fuel rods and radioactive corrosion products contained in the coolant remain in normal operation within a tight cooling circuit, from where they are removed in a controlled manner using a coolant cleaning system or a gas processing system and will be processed as nuclear waste later.
The third barrier for release is formed by the pressure-resistant and gas-tight containment building surrounding the reactor. Its task is to contain radioactive materials released if the cooling circuit is damaged.
The fourth barrier is usually formed by another building on the outside of the actual containment building, the outer containment or reactor building. Small amounts of gas that may be leaking from the actual containment building are collected from the outer containment building and discharged through filters into the outside air. Most of the radioactive materials with the exception of inert gases are captured in the filters.
The redundancy principle means that safety systems are composed of several mutually compensatory parallel, i.e. redundant subsystems. For example, the system can consist of four subsystems, two of which are sufficient to carry out the required safety function. Alternatively, there may be three subsystems, where the safety function can be carried out by only one operating subsystem.
The requirement in Finland is that the most important safety systems must be able to perform their tasks, even if any single device in the system is damaged and any other device related to the function is out of use due to, for example, maintenance or repair. In practice, this means that at least three parallel devices are required.
The principle of separation means that parallel subsystems in safety systems are placed in such a way that their simultaneous damage due to, for example, fire or flood is unlikely. Separation can be done by placing the subsystems in different locations or by placing them in the same space at a sufficient distance from each other, or by building protective structures between the subsystems. Safety-significant systems are placed in different locations from other systems in the facility.
In addition to physical separation, functional separation is also observed. This prevents the mutual interactions between adjacent or interconnected systems. Examples of this include the use of isolation transformers in electronic circuits and isolating valves in systems containing liquid or gas.
The use of different operating principles, i.e. the principle of diversity, means that the same operation is carried out by systems based on different operating principles. The aim is to improve the reliability of systems, and in particular to reduce the occurrence of so-called common mode failures at the same time in different subsystems. This principle is applied, for example, on reactor shutdowns, which must be possible to be carried out using two systems based on two different principles. One system can be based on control rods and the other on pumping boron solution, which acts as a neutron absorber, into the reactor.
The principle of a safe state means that when the equipment or system loses its power source (electricity, compressed air, etc.), it will be placed in a state that is as favourable as possible for plant safety. For example, an electronic protection system for the automatic starting of safety systems is implemented in such a way that the loss of the protection system's power triggers the safety condition and launches the safety system.
A 30-minute rule means that the safety functions that are needed within 30 minutes after the beginning of the accident are triggered automatically. This ensures that operators have time to consider appropriate follow-up measures. Control room staff can take measures to improve the situation beforehand, but the safety functions automatically initiated by the safety system cannot be stopped from the control room, unless the value measured by the safety system returns to the normal range.