The purpose of this intervention was to form a judgement on the adequacy of NNB Generation Company (HPC) Ltd’s (NNB GenCo) and its supporting organisations’ arrangements for controlling the reactor building Fault and Protection Schedule (F&PS). The F&PS is an important part of the safety case that links faults, fault sequences and the safety measures that are claimed to prevent faults or mitigate the consequences. Furthermore, this intervention provided an opportunity for NNB GenCo, the licensee, to demonstrate how the F&PS is developed explaining fault identification, the bounding process and the substantiation provided for the safety measures claimed as lines of defence.
This intervention forms the first part of a longer term intervention strategy seeking confidence in the adequacy of NNB GenCo’s arrangements for controlling the production and developments of the F&PS supporting the major safety submissions for the Hinkley Point C (HPC) project.
This intervention was carried out collaboratively by ONR inspectors and representatives of NNB GenCo’s internal regulator (Safety Directorate – Independent Technical Assessment). The relevant ONR Safety Assessment Principles such as identification of initiating faults and safety measures were used to inform ONR judgements during this intervention. The intervention sampled a selection of fault sequences from the F&PS and included a review of:
Based on the information reviewed, the Responsible Designer appears to have an established set of processes in place to identify and record the faults presented in the F&PS.
While this intervention highlighted a number of good practices in the development of the reactor building F&PS and no significant issues were identified, a number of observations relating to further developments and integration with other systems were recorded for NNB GenCo’s further consideration.
During this intervention, the main evidence was provided by the Responsible Designer, concerning its processes for managing the development of the F&PS supporting the relevant aspects of the safety case. The arrangements employed within the Responsible Designer were summarised along with the processes adopted for screening and bounding of Design Basis Initiating Events. Future interventions on this topic will consider NNB GenCo’s, Areva’s and the Responsible Designer’s arrangements in more detail.
The following recommendation resulted from this intervention and will be taken forward as part of further planned interactions in the fault studies topic stream: