Probabilistic risk assessment of a digital I&C architecture

This report presents a probabilistic risk assessment (PRA) model for the OECD/NEA WGRISK DIGMORE reference case representing digital instrumentation and control (I&C) systems in a simplified boiling water reactor plant. The reference case covers an I&C architecture with several systems, such as the primary and diverse reactor protection system, operational I&C system, hard-wired backup system, and prioritization and actuation control (PAC) systems. The modelling approach selected in this study is to develop a simplified PRA model including only common cause failures (CCFs) and high-level failure events and to perform complex calculations in the background. The approach was selected due to challenges related to CCF calculations.

In the overall results of the PRA model, the I&C systems do not play very important role. This is however partly because of simplifications made in the reference case. Spurious signals causing the main feed-water system to stop (initiating event) are the most important I&C failure events in the results. Concerning failures of safety functions, PAC systems are the most important I&C systems, because they have less redundancy and diversity than the other systems.

When comparing the results with other DIGMORE participants, some interesting observations were made on CCF models. The beta-factor model is normally considered a conservative CCF model compared to the alpha-factor model. However, in certain situations, the beta-factor model is not conservative at all and can actually be optimistic. This is the case, e.g., when a failure criterion 2-out-of-N is modelled.

Variations made to the base case model demonstrated the importance of diversity. The PAC systems were much less reliable when no diversity was assumed, and the removal of the back-up systems increased the risk significantly. The significance of software failures is quite sensitive to the failure probabilities used in the model.