Fire upgrade and the older plant

28 February 1998

Fires are a dominant risk in nuclear power plants since they can initiate a common-cause failure that may lead to inoperable safety systems. To evaluate fire safety upgrade measures at older plants a mix of deterministic and probabilistic measures is valuable, as Dutch experience shows.

According to IAEA Safety Guide 50-SG-D21, the design of safety systems in nuclear power plants has to satisfy the following requirement with respect to fire prevention: “The safety systems required to shut the reactor down, remove residual heat and contain radioactive material shall be protected against the consequences of fires so that the safety systems are still capable of performing the above safety functions, taking into account the effects of a single failure as required in the Code on Design for these functions.”

Recent safety studies performed as part of safety upgrade programmes show that this requirement was not in force during the design phase of older nuclear power plants. Modifications must therefore be implemented, especially to reduce the effects of common-cause failures2,3. The generic and plant specific issues of concern are listed in the panel below.

Most of the concerns mentioned in this list are addressed in general international guidelines for fire protection, such as IAEA-SG-D21, 10CFR504, KTA 21015, and RG 1.1206. It appears, however, that:

• The requirements in these guidelines are not consistent.

• Some international guidelines (which are supposed to be general in character) are in fact strongly related to a specific country and have to be amended for use elsewhere.

• Not all the concerns listed are addressed in one general guideline.7

• The requirements do not match up with experiment and experience from actual fire accidents.2, 3

Typically, therefore, most nuclear power plants use a general guideline supplemented with plant-specific requirements, as agreed with the regulator.


Essentially, two basic methods exist for analysing fire-hazard concerns: probabilistic and deterministic.

Within a probabilistic analysis, the probability is investigated (usually using event trees) of the unavailability of a system (or parts of it) and what the effects would be on the core-damage frequency, taking into account the probability of the availability of other systems that can replace the function of the unavailable system.

The calculated core-damage frequencies due to postulated fire events are compared with the threshold frequency of the particular nuclear power plant (commonly 10-6 per reactor year) and the need for corrective actions determined, eg change in procedures and/or installation of additional equipment.

Up-to-date information on the nuclear power plant and other input information must be available, such as fire loads, ignition sources, ignition frequencies, failure probabilities, fire growth etc. The validity of the input information constitutes the weakness of PRA, arising from limitations in availability of data, inconsistencies in data, limited number of data points used in statistical evaluations.

The strength of PRA is that it provides insight into the safety effects of proposed modifications.

In contrast to probabilistic analyses, deterministic analyses are qualitative. In a deterministic analysis an assessment is done as to whether – in the case of an unavailable system – another system can perform the function, taking into account codes and standards and the licensing basis.

The main steps in deterministic analysis are:

• Identification of fire cells, fire compartments and fire boundaries (taking into account fire loads, ignition sources and measures to reduce them, as well as openings, such as doors, penetrations and ducting, which must have the same fire resistance as the boundary).

• Identification of systems necessary for safe shutdown and for residual heat removal (with attention given to location of these systems and their redundancies (being located in different fire compartments), routing of supporting systems and cabling for redundant systems or components (again, located in different fire compartments)).

• Identification of fire-detection and fire-protection systems (must include attention to extinguishing systems, fire-fighting arrangements and the requirement that a fire within one cell must not affect fire detection and alarm systems in other cells).

• Identification of measures and systems to ensure that radiation effects on the environment are as low as reasonably achievable (taking into account ventilation systems, containment functions etc).

A deterministic analysis mostly results in a long list of corrective actions that have to be implemented to decrease the core-damage frequency or to mitigate the consequences.


With a probabilistic analysis the justification for implementation of measures is based on comparison of the calculated core damage frequency with the threshold frequency, while in the deterministic case the justification for implementation of corrective actions is mostly based on an “issue-resolution process”.

In this latter process, the impact of the corrective action on safety is estimated quantitatively or qualitatively and compared with its estimated costs of implementation.15 This results in a ranking of the corrective actions.

For probabilistic results to be meaningful, it is necessary that the input data are as realistic as possible and should be collected from fire accidents that already have taken place.3, 11 Statistical input data have been calculated that are used in computer models to estimate the probabilities of fires in similar situations and/or nuclear power plants.

For RBMK and VVER nuclear power plants, the US DoE has developed a systematic methodology to qualitatively evaluate plant response to fires and to identify remedies to protect the reactor core from fire-induced damage.8 Although these guidelines were established for Soviet-designed nuclear power plants, the methodology can also be used to evaluate other nuclear power plant designs.

For assessment of overall fire safety and fire protection provisions in nuclear power plants, two IAEA safety series publications can be used.9,10

When performing a fire-hazard analysis, practical guidance can be obtained from IAEA Safety Series 50-P-912 and NUREG 0800.13 Although it cannot be characterised as a code, it is advisable to use the guidelines suggested by the pool of insurers.14

Overall, fire analyses, whether probabilistic or deterministic, generally lead to corrective actions in the form of separation of equipment, areas and cables.2,3


Deterministic analysis is a very good tool for assessing older nuclear power plants to see which corrective modifications are necessary to meet applicable codes and standards. It is of course not always possible to do a particular modification in an older unit due to the configuration of the plant. In such cases the effect of such a modification on the overall risk assessment can be determined and quantified with an analysis. Based upon such a probabilistic analysis, alternative modifications can be developed.

Privacy Policy
We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.