Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC TR 63039 — Probabilistic Risk Assessment of Nuclear Power Plants: Insights from Research
A comprehensive technical report on PRA methodology, human reliability analysis, and risk-informed decision-making for nuclear facilities
The safe operation of nuclear power plants (NPPs) depends not only on deterministic design-basis analysis but also on a comprehensive understanding of accident sequences, their probabilities, and their potential consequences. IEC TR 63039 provides a structured framework for applying probabilistic risk assessment (PRA) to nuclear power plants, synthesising insights from decades of international research. This technical report serves as a bridge between academic risk methodologies and practical plant-specific safety evaluations, offering engineers and regulators a common reference for identifying vulnerabilities and prioritising safety improvements.
PRA is not a single method but a family of analytical tools. IEC TR 63039 emphasises that the value of PRA lies in its systematic identification of plant-specific risk contributors, enabling targeted resource allocation for safety upgrades.
Core Methodology and Analytical Framework
IEC TR 63039 defines a three-tier PRA framework covering Level 1 (core damage frequency assessment), Level 2 (containment performance and large early release frequency), and Level 3 (off-site consequences and societal risk). The report emphasises that all three levels should be integrated to provide a complete risk picture. Each level relies on event tree analysis for accident sequence modelling and fault tree analysis for system failure logic. The standard provides detailed guidance on data sources, including generic failure rate databases (e.g., IAEA TECDOC-478) and plant-specific operational experience.
One of the distinctive contributions of IEC TR 63039 is its treatment of dependent failures. Common-cause failures (CCF) — where a single event disables multiple redundant components — are identified as a dominant contributor to core damage frequency in most plants. The report recommends using the beta-factor model or the more detailed multiple Greek letter (MGL) model for quantifying CCF probabilities, with worked examples showing how these models are applied to emergency diesel generators and reactor protection systems.
| PRA Level | Output Metric | Key Analytical Tool | Typical Acceptance Criterion |
|---|---|---|---|
| Level 1 | Core Damage Frequency (CDF) | Event tree + fault tree analysis | < 1.0 × 10⁻⁴ / reactor-year |
| Level 2 | Large Early Release Frequency (LERF) | Containment event tree, source term analysis | < 1.0 × 10⁻⁵ / reactor-year |
| Level 3 | Societal & individual risk | Atmospheric dispersion, dose assessment | Depends on national regulatory requirements |
A common pitfall in PRA is over-reliance on mean values. IEC TR 63039 stresses that uncertainty analysis — both aleatory (random variability) and epistemic (knowledge-based uncertainty) — must be propagated through the entire model using Monte Carlo simulation or analytical methods.
Human Reliability Analysis and Plant-Specific Insights
Human actions play a critical role in both accident initiation and mitigation. IEC TR 63039 dedicates substantial attention to human reliability analysis (HRA), recommending the use of standardised HRA methods such as THERP (Technique for Human Error Rate Prediction) or SPAR-H (Standardised Plant Analysis Risk-Human Reliability Analysis). The report provides tables of nominal human error probabilities for typical operator actions — including diagnosis, manual valve manipulation, and control room decision-making — alongside guidance for modifying these probabilities based on performance-shaping factors such as stress level, training quality, and available time.
Beyond the methodological details, IEC TR 63039 presents several key insights derived from international PRA research. Notably, the report observes that station blackout (complete loss of AC power) and internal floods are frequently underestimated risk contributors in older plant designs. It also highlights the importance of considering shutdown conditions (low-power and shutdown states), which can account for a significant fraction of total plant risk despite the reactor being subcritical.
One of the most actionable insights from IEC TR 63039 is the “risk-informed, performance-based” regulatory philosophy. Rather than imposing prescriptive requirements, the standard advocates using PRA results to justify alternative regulatory treatments — such as reduced testing intervals for low-safety-significant components — freeing resources for higher-risk areas.
Engineering Design Insights and Practical Applications
From a design engineering perspective, IEC TR 63039 offers concrete recommendations for integrating PRA into the plant lifecycle. During the design phase, PRA can identify dominant risk contributors before construction begins, allowing designers to incorporate inherent safety features rather than relying on expensive retrofits. For operating plants, the report recommends periodic PRA updates (typically every 3–5 years) to reflect plant modifications, ageing effects, and new operational data.
The report also addresses the interface between PRA and deterministic safety analysis, noting that the two approaches are complementary rather than competing. Deterministic analysis establishes conservative safety margins, while PRA provides a realistic assessment of risk and identifies scenarios that deterministic methods may overlook. The integration of both approaches forms the basis of a risk-informed decision-making framework that is increasingly adopted by regulatory bodies worldwide.
Q1: What is the difference between PRA and deterministic safety analysis?
A: Deterministic analysis assumes a set of bounding events and evaluates the plant’s response using conservative assumptions. PRA, by contrast, systematically considers a wide range of possible initiating events, their probabilities, and their potential consequences, providing a more complete picture of plant risk.
A: Deterministic analysis assumes a set of bounding events and evaluates the plant’s response using conservative assumptions. PRA, by contrast, systematically considers a wide range of possible initiating events, their probabilities, and their potential consequences, providing a more complete picture of plant risk.
Q2: How often should a PRA be updated?
A: IEC TR 63039 recommends updating the PRA every 3–5 years, or whenever significant plant modifications, new operating experience, or changes to regulatory requirements occur.
A: IEC TR 63039 recommends updating the PRA every 3–5 years, or whenever significant plant modifications, new operating experience, or changes to regulatory requirements occur.
Q3: Can PRA be applied to external events like earthquakes?
A: Yes. IEC TR 63039 covers external event PRA, including seismic, flood, and high-wind events. Seismic PRA typically uses fragility curves to quantify the probability of component failure as a function of ground acceleration.
A: Yes. IEC TR 63039 covers external event PRA, including seismic, flood, and high-wind events. Seismic PRA typically uses fragility curves to quantify the probability of component failure as a function of ground acceleration.
Q4: What software tools are commonly used for nuclear PRA?
A: Commonly used tools include SAPHIRE (USNRC), RiskSpectrum (Scandpower), and CAFTA (EPRI). All of these support fault tree/event tree modelling, uncertainty propagation, and importance measure calculation as described in IEC TR 63039.
A: Commonly used tools include SAPHIRE (USNRC), RiskSpectrum (Scandpower), and CAFTA (EPRI). All of these support fault tree/event tree modelling, uncertainty propagation, and importance measure calculation as described in IEC TR 63039.
