- Email: [email protected]
FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO
G Model
ARTICLE IN PRESS
FUSION-9171; No. of Pages 4
Fusion Engineering and Design xxx (2017) xxx–xxx
Contents lists available at ScienceDirect
Fusion Engineering and Design journal homepage: www.elsevier.com/locate/fusengdes
FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO Alberto Vale Instituto de Plasmas e Fusão Nuclear, Instituto Superior Técnico, Universidade de Lisboa, Av. Rovisco Pais 1, 1049-001 Lisboa, Portugal
h i g h l i g h t s • Functional Breakdown Structure (FBS) for the ex-vessel transportation. • Functional Failure Modes, Effects and Criticality Analysis (FFMECA). • Recovery procedure in case of failure.
a r t i c l e
i n f o
Article history: Received 22 September 2016 Received in revised form 17 January 2017 Accepted 26 February 2017 Available online xxx Keywords: Remote maintenance Ex-vessel transportation Failure events DEMO
a b s t r a c t In DEMO, the ex-vessel Remote Maintenance Systems (RMS) are responsible for the replacement and transportation of the plasma facing components. The ex-vessel operations of transportation (e.g. blankets or divertors) are performed by cranes or by means of trolleys. The blankets are extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas. An alternative is the transportation in horizontal configuration by means of trolleys along the galleries. A failure may occur in any situation, interrupting the current nominal operation. The work identifies a functional breakdown structure for the ex-vessel RMS operations and develops a Functional Failure Modes, Effects and Criticality Analysis (FFMECA). The results of the different FFMECA studies lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of the horizontal versus the vertical transportation of blankets. In case of failure, a recovery procedure shall be triggered. The results will help the design process to improve and thus reduce the criticality index of the identified failures. © 2017 Elsevier B.V. All rights reserved.
1. Introduction DEMO (DEMOnstration Power Plant) is a proposed nuclear fusion power plant intended to build upon the expected success of the ITER experimental nuclear fusion reactor. The development of the remote maintenance system (RMS) is driven by the need to maximize the overall plant availability and minimize the plant down time for maintenance. According to the initial design of DEMO, there are two main buildings, the reactor building (RB), where the reactor is placed, and the Assessment Maintenance Facility (AMF), with the storage areas to accommodate active and non-active components, maintenance areas for repairing operations and the galleries that establish the interface between the RB and the other areas, as illustrated in Fig. 1. The ex-vessel RMS are responsible for the replacement and transportation of the plasma facing components. The main
E-mail address: [email protected]
loads of transportation are the blankets and divertors. The blanket is extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas. An alternative for the blanket transportation is also presented: the blanket is extracted in a vertical configuration, but transported in horizontal configuration by means of trolley system along the galleries, as described in [1] and as illustrated in Fig. 1. In the performed study, whenever the horizontal or vertical transportation is applicable, two Functional Breakdown Structure (FBS) were generated and their respective FFMECA presented. Comparison between the two transportation alternatives is also presented. The results of each FFMECA lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of each alternative. The paper is organized as follows. Section 2 describes the exvessel transportation, the FBS and the failures events. Section 3 describes the criticality and distribution of failure events. Section 4 proposes a recovery strategy and Section 5 summarizes the main conclusions.
http://dx.doi.org/10.1016/j.fusengdes.2017.02.101 0920-3796/© 2017 Elsevier B.V. All rights reserved.
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model FUSION-9171; No. of Pages 4 2
ARTICLE IN PRESS A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
minor issues. It would also inspect and identify the origin of any problem inside the vacuum vessel, apply corrective actions, and also be available for recovery of the primary remote handling equipment used during first wall exchanges. The cask is transported by means of a mobile autonomous vehicle. • Lower level: on this level of the reactor building, ex-vessel operations are focused on the transportation of the divertor cassette module by means of the divertor cassette transport cask, which docks onto the divertor maintenance ports. This vehicle, in its current design, combines the function of cask and vehicle transportation.
Fig. 1. Reactor building and assessment maintenance facility of DEMO.
2. Ex-vessel transportation and failure events The main loads of transportation are the blankets and divertors. The blankets are extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas, as illustrated on the left of Fig. 1. An alternative is the transportation in horizontal configuration by a trolley like system along the galleries, as illustrated on the right of Fig. 2, which can be the same used for the transportation of divertors, at the lower level. The maintenance operations inside the reactor building are described as follows. • Upper level: transportation and removal/installation of the blanket segments, the Multi-Module Segment (MMS), performed by the Vertical Maintenance System (VMS), which is comprised by a series of casks that dock onto the vertical maintenance ports by means of a system of cranes and tracks. The first two casks to be deployed are the pipe joint cask and the pipe closure cask that contain cranes, dextrous manipulators, tools and storage areas to allow the service connections to be removed and the port to be opened. The next five casks to be deployed contain a vertical maintenance crane which attaches to and extracts a blanket segment. The new blankets are then installed in the reverse procedure and the service connections reinstalled, as stated in [2,3]. • Equatorial level: operations are performed by the equatorial cask, which contains components for the reactor, such as the Multi-Purpose Deployer (MPD), similar to that proposed for ITER [2,3]. The MPD has been dimensioned to carry out the tasks required to avoid the risk of lengthy plant downtimes due to
Fig. 2. Vertical transportation (left) and horizontal transportation (right).
The maintenance operations inside the AMF are performed as follows. • Upper level: operations are performed by the VMS cask, which transports the blanket segment between the AMF and the reactor building. The VMS casks are transported by means of a system of tracks and a tracks’ winch, which attaches to the VMS cask and is responsible for lifting and lowering it. Remote maintenance operations also include storage operations in the designated areas and transferral of components between the upper and equatorial levels at the exchange areas. • Equatorial level: the equatorial cask operates at this level delivering components between the reactor building and the AMF. It will also support the process of exchange of: blanket segments with the upper level and divertor cassette modules with the lower level (at the exchange areas). The equatorial cask is transported by means of a trolley, which goes underneath, and connect to the cask. This setup allows the flexibility to use the same trolley with different casks, depending on the requirements. • Lower level: the divertor cassette transport cask operates between the AMF and the reactor building delivering/retrieving cassette modules and sending these to the equatorial level. The previous maintenance operation in reactor building can be performed in two different configurations: vertical or horizontal. For each configuration a FBS was created, sharing common parts, as illustrated in Figs. 3 and 4, and detailed in [3]. Failure events can occur in any situation, interrupting the current maintenance operation. In case of a failure, the nominal operation has to be interrupted and a recovery operation is triggered (recoverability). In case of success of a recovery operation, two situations may occur: (i) resume the previous nominal operation that was being performed before the failure or (ii) start a different nominal operation. In both situations, the cask or crane is recovered and returns to a nominal operation and no rescue cask is required, i.e., without help of additional systems. If the cask or crane cannot be recovered, a rescue operation is triggered (rescue-ability), where a rescue cask is required, i.e., deployment of additional/external system(s) is required. Failure events can be issued by different causes, such as, electrical, hydraulic, mechanical, navigation and positioning causes. Example of failure modes are: arm extending mechanism, control system, crane’s winch, deployment system, driving system, gripping arm, lifting system, localization system, navigation system, positioning system, track’s winch, door closing system, door opening system, arm extending mechanism and alignment system. Possible failure effects are: arm malfunction, arm not gripping to component, arm not ungripping the component, cask not aligned with exchange slot, cask not aligned with parking slot, cask not aligned with port, cask not engaged with tracks, crane not aligned with cask, crane not aligned with tracks, door not closed, door not open, MMS not deployed, system gripping insufficiently, system is moving too fast, system is moving too slow, system not ungripping,
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model FUSION-9171; No. of Pages 4
ARTICLE IN PRESS A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
3
Fig. 3. FBS considering the vertical transportation.
Fig. 4. FBS considering the horizontal transportation (the yellow color represents the differences where compared to the vertical transportation. (For interpretation of the references to color in this figure legend, the reader is referred to the web version of this article.)
system stops, vehicles not aligned with cask, not aligned with parking slot, etc. The failure may occur when retrieval/deployment form/to parking, storage and exchanging areas and with VMS, components, divertor, MMS, blankets, etc. The FMMECA is used to chart the probability of failure modes against the severity of their consequences. The FFMECA is based on the FBS of the vertical and horizontal transportations, which details the breakdown of the operations between the AMF and the reactor building (e.g., deployment and retrieval of cask to/from storage and maintenance areas).
Fig. 5. Criticality Index sum per level (vertical transportation).
3. Criticality and distribution of failure events The RAMI stands for Reliability, Availability, Maintainability and Inspectability. It is purpose is to make sure that all the systems of the ITER machine will be reliable during the operation phase and maintain their performance under operational conditions with the best possible availability [4]. The ITER RAMI analysis programme applies Occurrence and Severity ratings for assessing the criticality of the failure modes identified in relation to the basic functions, namely Fig. 6. Criticality Index sum per level (horizontal transportation).
• Occurrence refers to the manifestation probability of the causes identified for the failure mode (from frequent <10 weeks up to very low >2000 years). • Severity refers to the magnitude of harm caused by the envisioned effects of the failure mode on the system or the environment (weak <1 h to serious >1 day). The criticality matrix plotting the failure scenarios by their assessed occurrence and severity rates is available in [4]. The criticality index sum per levels of vertical and horizontal transportations are depicted in Figs. 5 and 6, respectively. In terms of
criticality, the Upper Level of both buildings is the most critical in vertical transportation. The most critical sub-task in RB and AMF is moving the crane to cask location, in the Upper Level of both buildings. The horizontal transportation performs better results, as in shown in Table 1. However, there are more cases of rescue-ability when compared to the recoverability using the horizontal transportation, as illustrated in Figs. 7 and 8. The comparison is detailed in the report of the FFMECA for the ex-vessel transportation in DEMO [5].
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model
ARTICLE IN PRESS
FUSION-9171; No. of Pages 4
A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
4
Table 1 Distribution of the failure effects between the AMF and the RB. Vertical transport.
Horizontal transport.
AMF
Rescue-ability (RS) Recoverability (RC) Sub-total
199 162 361
258 100 358
RB
Rescue-ability (RS) Recoverability (RC) Sub-total
154 230 384
148 68 216
Fig. 7. Recoverability vs rescue-ability cases distribution per level (vertical transportation).
operation and there are rescue casks and Multi-Purpose Rescue Vehicle (MPRV) is available for rescue operations. 5. Conclusion This paper presented a comparison between two options of exvessel transportation: an horizontal transportation and a vertical transportation. The results of each FFMECA lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of each option. It should be noted that at this early stage all RMS operations and procedures have not been defined yet and this is a preliminary study, which tries to quantify the criticality of the identified operations, given the previous experience from similar ITER systems. The development Rescue-Ability cases have a significant impact, when considering the horizontal transportation of the MMS, on both buildings. If the vertical transportation of the MMS is considered Rescue-ability and Recoverability cases have a similar weights. In summary, the results show that a design using only a vertical transportation is not a good option in terms of failure analysis. A failure event may interrupt the entire remote maintenance system and a design with a high criticality index sum may compromise the entire performance of a nuclear reactor. However, there are additional issues that shall be addressed to evaluate the comparison between the vertical vs horizontal transportation, which are beyond this paper, such as: the amount of components exchanged between the equatorial and lower levels of the AMF, the malfunctioning of cranes blocks the passage along the galleries, no means of repair or rescue of vertical cranes and no means of repair or rescue of divertor casks, the interface/ports between the RB and the galleries and between the galleries and storage/maintenance rooms. Acknowledgments
Fig. 8. Recoverability vs rescue-ability cases distribution per level (horizontal transportation).
4. Recovery strategy A recovery strategy is presented according to the following priorities: (i) resuming the current nominal operation, (ii) if not possible, perform a different nominal operation and (iii) if not possible, perform a rescue operation. For radiation protection aspects, the recovery strategy is divided in two parts: with activated components (when transporting or in the proximity of activated components) and without activated components (free of load or transporting non-activated components). Firstly, moves the activated load to a safety place and then unblock the passage, if applicable. A couple of assumptions were considered, such as the possibility of repair a failed cask at the same time of nominal operations with other casks, the maintenance cask is always transported without activated load, when the maintenance cask is being repaired, no other nominal operations are allowed, no nominal or recovery operations during a rescue
This work has been carried out within the framework of the EUROfusion Consortium and has received funding from the Euratom research and training programme 2014–2018 under grant agreement No. 633053. The views and opinions expressed herein do not necessarily reflect those of the European Commission. References [1] A. Vale, Assessment of ex-vessel transportation in remote maintenance systems of DEMO, Fus. Eng. Des. 98–99 (2015) 1660–1663. [2] O. Crofts, A. Loving, D. Iglesias, M. Coleman, M. Siuko, M. Mittwollen, V. Queral, A. Vale, E. Villedieu, Overview of progress on the European DEMO remote maintenance strategy, Fus. Eng. Des. Part B 109–111 (2016) 1392–1398. [3] A. Loving, O. Crofts, N. Sykes, D. Iglesias, M. Coleman, J. Thomas, J. Harman, U. Fischer, J. Sanz, M. Siuko, M. Mittwollen, et al., Pre-conceptual design assessment of DEMO remote maintenance, Fus. Eng. Des. 89 (2014) 2246–2250. [4] D. van Houtte, K. Okayama, F. Sagot, RAMI approach for ITER, Fus. Eng. Des. 85 (2010) 1220–1224. [5] A. Vale, “Cask and Associated Transport Systems Recovery – EUROfusion Remote Maintenance System Project (WPRM)”, AWP2015-RM-4.3-T002 EFDA D 2LF8L9, August 2015.
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
ARTICLE IN PRESS
FUSION-9171; No. of Pages 4
Fusion Engineering and Design xxx (2017) xxx–xxx
Contents lists available at ScienceDirect
Fusion Engineering and Design journal homepage: www.elsevier.com/locate/fusengdes
FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO Alberto Vale Instituto de Plasmas e Fusão Nuclear, Instituto Superior Técnico, Universidade de Lisboa, Av. Rovisco Pais 1, 1049-001 Lisboa, Portugal
h i g h l i g h t s • Functional Breakdown Structure (FBS) for the ex-vessel transportation. • Functional Failure Modes, Effects and Criticality Analysis (FFMECA). • Recovery procedure in case of failure.
a r t i c l e
i n f o
Article history: Received 22 September 2016 Received in revised form 17 January 2017 Accepted 26 February 2017 Available online xxx Keywords: Remote maintenance Ex-vessel transportation Failure events DEMO
a b s t r a c t In DEMO, the ex-vessel Remote Maintenance Systems (RMS) are responsible for the replacement and transportation of the plasma facing components. The ex-vessel operations of transportation (e.g. blankets or divertors) are performed by cranes or by means of trolleys. The blankets are extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas. An alternative is the transportation in horizontal configuration by means of trolleys along the galleries. A failure may occur in any situation, interrupting the current nominal operation. The work identifies a functional breakdown structure for the ex-vessel RMS operations and develops a Functional Failure Modes, Effects and Criticality Analysis (FFMECA). The results of the different FFMECA studies lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of the horizontal versus the vertical transportation of blankets. In case of failure, a recovery procedure shall be triggered. The results will help the design process to improve and thus reduce the criticality index of the identified failures. © 2017 Elsevier B.V. All rights reserved.
1. Introduction DEMO (DEMOnstration Power Plant) is a proposed nuclear fusion power plant intended to build upon the expected success of the ITER experimental nuclear fusion reactor. The development of the remote maintenance system (RMS) is driven by the need to maximize the overall plant availability and minimize the plant down time for maintenance. According to the initial design of DEMO, there are two main buildings, the reactor building (RB), where the reactor is placed, and the Assessment Maintenance Facility (AMF), with the storage areas to accommodate active and non-active components, maintenance areas for repairing operations and the galleries that establish the interface between the RB and the other areas, as illustrated in Fig. 1. The ex-vessel RMS are responsible for the replacement and transportation of the plasma facing components. The main
E-mail address: [email protected]
loads of transportation are the blankets and divertors. The blanket is extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas. An alternative for the blanket transportation is also presented: the blanket is extracted in a vertical configuration, but transported in horizontal configuration by means of trolley system along the galleries, as described in [1] and as illustrated in Fig. 1. In the performed study, whenever the horizontal or vertical transportation is applicable, two Functional Breakdown Structure (FBS) were generated and their respective FFMECA presented. Comparison between the two transportation alternatives is also presented. The results of each FFMECA lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of each alternative. The paper is organized as follows. Section 2 describes the exvessel transportation, the FBS and the failures events. Section 3 describes the criticality and distribution of failure events. Section 4 proposes a recovery strategy and Section 5 summarizes the main conclusions.
http://dx.doi.org/10.1016/j.fusengdes.2017.02.101 0920-3796/© 2017 Elsevier B.V. All rights reserved.
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model FUSION-9171; No. of Pages 4 2
ARTICLE IN PRESS A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
minor issues. It would also inspect and identify the origin of any problem inside the vacuum vessel, apply corrective actions, and also be available for recovery of the primary remote handling equipment used during first wall exchanges. The cask is transported by means of a mobile autonomous vehicle. • Lower level: on this level of the reactor building, ex-vessel operations are focused on the transportation of the divertor cassette module by means of the divertor cassette transport cask, which docks onto the divertor maintenance ports. This vehicle, in its current design, combines the function of cask and vehicle transportation.
Fig. 1. Reactor building and assessment maintenance facility of DEMO.
2. Ex-vessel transportation and failure events The main loads of transportation are the blankets and divertors. The blankets are extracted and transported vertically by cranes along galleries from the reactor to the storage or maintenance areas, as illustrated on the left of Fig. 1. An alternative is the transportation in horizontal configuration by a trolley like system along the galleries, as illustrated on the right of Fig. 2, which can be the same used for the transportation of divertors, at the lower level. The maintenance operations inside the reactor building are described as follows. • Upper level: transportation and removal/installation of the blanket segments, the Multi-Module Segment (MMS), performed by the Vertical Maintenance System (VMS), which is comprised by a series of casks that dock onto the vertical maintenance ports by means of a system of cranes and tracks. The first two casks to be deployed are the pipe joint cask and the pipe closure cask that contain cranes, dextrous manipulators, tools and storage areas to allow the service connections to be removed and the port to be opened. The next five casks to be deployed contain a vertical maintenance crane which attaches to and extracts a blanket segment. The new blankets are then installed in the reverse procedure and the service connections reinstalled, as stated in [2,3]. • Equatorial level: operations are performed by the equatorial cask, which contains components for the reactor, such as the Multi-Purpose Deployer (MPD), similar to that proposed for ITER [2,3]. The MPD has been dimensioned to carry out the tasks required to avoid the risk of lengthy plant downtimes due to
Fig. 2. Vertical transportation (left) and horizontal transportation (right).
The maintenance operations inside the AMF are performed as follows. • Upper level: operations are performed by the VMS cask, which transports the blanket segment between the AMF and the reactor building. The VMS casks are transported by means of a system of tracks and a tracks’ winch, which attaches to the VMS cask and is responsible for lifting and lowering it. Remote maintenance operations also include storage operations in the designated areas and transferral of components between the upper and equatorial levels at the exchange areas. • Equatorial level: the equatorial cask operates at this level delivering components between the reactor building and the AMF. It will also support the process of exchange of: blanket segments with the upper level and divertor cassette modules with the lower level (at the exchange areas). The equatorial cask is transported by means of a trolley, which goes underneath, and connect to the cask. This setup allows the flexibility to use the same trolley with different casks, depending on the requirements. • Lower level: the divertor cassette transport cask operates between the AMF and the reactor building delivering/retrieving cassette modules and sending these to the equatorial level. The previous maintenance operation in reactor building can be performed in two different configurations: vertical or horizontal. For each configuration a FBS was created, sharing common parts, as illustrated in Figs. 3 and 4, and detailed in [3]. Failure events can occur in any situation, interrupting the current maintenance operation. In case of a failure, the nominal operation has to be interrupted and a recovery operation is triggered (recoverability). In case of success of a recovery operation, two situations may occur: (i) resume the previous nominal operation that was being performed before the failure or (ii) start a different nominal operation. In both situations, the cask or crane is recovered and returns to a nominal operation and no rescue cask is required, i.e., without help of additional systems. If the cask or crane cannot be recovered, a rescue operation is triggered (rescue-ability), where a rescue cask is required, i.e., deployment of additional/external system(s) is required. Failure events can be issued by different causes, such as, electrical, hydraulic, mechanical, navigation and positioning causes. Example of failure modes are: arm extending mechanism, control system, crane’s winch, deployment system, driving system, gripping arm, lifting system, localization system, navigation system, positioning system, track’s winch, door closing system, door opening system, arm extending mechanism and alignment system. Possible failure effects are: arm malfunction, arm not gripping to component, arm not ungripping the component, cask not aligned with exchange slot, cask not aligned with parking slot, cask not aligned with port, cask not engaged with tracks, crane not aligned with cask, crane not aligned with tracks, door not closed, door not open, MMS not deployed, system gripping insufficiently, system is moving too fast, system is moving too slow, system not ungripping,
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model FUSION-9171; No. of Pages 4
ARTICLE IN PRESS A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
3
Fig. 3. FBS considering the vertical transportation.
Fig. 4. FBS considering the horizontal transportation (the yellow color represents the differences where compared to the vertical transportation. (For interpretation of the references to color in this figure legend, the reader is referred to the web version of this article.)
system stops, vehicles not aligned with cask, not aligned with parking slot, etc. The failure may occur when retrieval/deployment form/to parking, storage and exchanging areas and with VMS, components, divertor, MMS, blankets, etc. The FMMECA is used to chart the probability of failure modes against the severity of their consequences. The FFMECA is based on the FBS of the vertical and horizontal transportations, which details the breakdown of the operations between the AMF and the reactor building (e.g., deployment and retrieval of cask to/from storage and maintenance areas).
Fig. 5. Criticality Index sum per level (vertical transportation).
3. Criticality and distribution of failure events The RAMI stands for Reliability, Availability, Maintainability and Inspectability. It is purpose is to make sure that all the systems of the ITER machine will be reliable during the operation phase and maintain their performance under operational conditions with the best possible availability [4]. The ITER RAMI analysis programme applies Occurrence and Severity ratings for assessing the criticality of the failure modes identified in relation to the basic functions, namely Fig. 6. Criticality Index sum per level (horizontal transportation).
• Occurrence refers to the manifestation probability of the causes identified for the failure mode (from frequent <10 weeks up to very low >2000 years). • Severity refers to the magnitude of harm caused by the envisioned effects of the failure mode on the system or the environment (weak <1 h to serious >1 day). The criticality matrix plotting the failure scenarios by their assessed occurrence and severity rates is available in [4]. The criticality index sum per levels of vertical and horizontal transportations are depicted in Figs. 5 and 6, respectively. In terms of
criticality, the Upper Level of both buildings is the most critical in vertical transportation. The most critical sub-task in RB and AMF is moving the crane to cask location, in the Upper Level of both buildings. The horizontal transportation performs better results, as in shown in Table 1. However, there are more cases of rescue-ability when compared to the recoverability using the horizontal transportation, as illustrated in Figs. 7 and 8. The comparison is detailed in the report of the FFMECA for the ex-vessel transportation in DEMO [5].
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101
G Model
ARTICLE IN PRESS
FUSION-9171; No. of Pages 4
A. Vale / Fusion Engineering and Design xxx (2017) xxx–xxx
4
Table 1 Distribution of the failure effects between the AMF and the RB. Vertical transport.
Horizontal transport.
AMF
Rescue-ability (RS) Recoverability (RC) Sub-total
199 162 361
258 100 358
RB
Rescue-ability (RS) Recoverability (RC) Sub-total
154 230 384
148 68 216
Fig. 7. Recoverability vs rescue-ability cases distribution per level (vertical transportation).
operation and there are rescue casks and Multi-Purpose Rescue Vehicle (MPRV) is available for rescue operations. 5. Conclusion This paper presented a comparison between two options of exvessel transportation: an horizontal transportation and a vertical transportation. The results of each FFMECA lead to the conclusions in terms of the most critical failure scenarios and the pros and cons of each option. It should be noted that at this early stage all RMS operations and procedures have not been defined yet and this is a preliminary study, which tries to quantify the criticality of the identified operations, given the previous experience from similar ITER systems. The development Rescue-Ability cases have a significant impact, when considering the horizontal transportation of the MMS, on both buildings. If the vertical transportation of the MMS is considered Rescue-ability and Recoverability cases have a similar weights. In summary, the results show that a design using only a vertical transportation is not a good option in terms of failure analysis. A failure event may interrupt the entire remote maintenance system and a design with a high criticality index sum may compromise the entire performance of a nuclear reactor. However, there are additional issues that shall be addressed to evaluate the comparison between the vertical vs horizontal transportation, which are beyond this paper, such as: the amount of components exchanged between the equatorial and lower levels of the AMF, the malfunctioning of cranes blocks the passage along the galleries, no means of repair or rescue of vertical cranes and no means of repair or rescue of divertor casks, the interface/ports between the RB and the galleries and between the galleries and storage/maintenance rooms. Acknowledgments
Fig. 8. Recoverability vs rescue-ability cases distribution per level (horizontal transportation).
4. Recovery strategy A recovery strategy is presented according to the following priorities: (i) resuming the current nominal operation, (ii) if not possible, perform a different nominal operation and (iii) if not possible, perform a rescue operation. For radiation protection aspects, the recovery strategy is divided in two parts: with activated components (when transporting or in the proximity of activated components) and without activated components (free of load or transporting non-activated components). Firstly, moves the activated load to a safety place and then unblock the passage, if applicable. A couple of assumptions were considered, such as the possibility of repair a failed cask at the same time of nominal operations with other casks, the maintenance cask is always transported without activated load, when the maintenance cask is being repaired, no other nominal operations are allowed, no nominal or recovery operations during a rescue
This work has been carried out within the framework of the EUROfusion Consortium and has received funding from the Euratom research and training programme 2014–2018 under grant agreement No. 633053. The views and opinions expressed herein do not necessarily reflect those of the European Commission. References [1] A. Vale, Assessment of ex-vessel transportation in remote maintenance systems of DEMO, Fus. Eng. Des. 98–99 (2015) 1660–1663. [2] O. Crofts, A. Loving, D. Iglesias, M. Coleman, M. Siuko, M. Mittwollen, V. Queral, A. Vale, E. Villedieu, Overview of progress on the European DEMO remote maintenance strategy, Fus. Eng. Des. Part B 109–111 (2016) 1392–1398. [3] A. Loving, O. Crofts, N. Sykes, D. Iglesias, M. Coleman, J. Thomas, J. Harman, U. Fischer, J. Sanz, M. Siuko, M. Mittwollen, et al., Pre-conceptual design assessment of DEMO remote maintenance, Fus. Eng. Des. 89 (2014) 2246–2250. [4] D. van Houtte, K. Okayama, F. Sagot, RAMI approach for ITER, Fus. Eng. Des. 85 (2010) 1220–1224. [5] A. Vale, “Cask and Associated Transport Systems Recovery – EUROfusion Remote Maintenance System Project (WPRM)”, AWP2015-RM-4.3-T002 EFDA D 2LF8L9, August 2015.
Please cite this article in press as: A. Vale, FFMECA and recovery strategies for ex-vessel remote maintenance systems in DEMO, Fusion Eng. Des. (2017), http://dx.doi.org/10.1016/j.fusengdes.2017.02.101