Approved by the
Decree of the Federal
Environmental, Industrial
and Nuclear Supervision Service
dated October 23, 2017 No. 442
FEDERAL RULES AND REGULATIONS
IN THE AREA OF ATOMIC ENERGY USE "GENERAL SAFETY
ASSURANCE PROVISIONS FOR SPACECRAFTS WITH
NUCLEAR REACTORS"
(NP-101-17)
I. Purpose and scope of application
1. These federal rules and regulations in the field of atomic energy use "General provisions of safety assurance for spacecraft with nuclear reactors" (NP-101-17) (hereinafter - the General Provisions) are developed in accordance with Article 6 of Federal Law No. 170-FZ dated 21 November 1995. No. 170-FZ "On atomic energy use", Decree of the Government of the Russian Federation dated December, 1, 1997 "Adoption of the Statute concerning Development and Approval of Federal Codes and Standards in the Field of Nuclear Energy Use" (Russian Federation Law Code, 1997, no. 49, art. 5600; 2012, no. 51, art. 7203) and establish safety requirements specific for spacecrafts with nuclear reactors as sources of radiation exposure for the personnel, the public and the environment.
The General Provisions lay down the purposes and the main criteria of safety of spacecraft with nuclear reactors as well as the basic principles and general requirements for technical and administrative measures focused on safety assurance. The implementation scope of these principles and measures shall comply with the federal rules and regulations in the area of nuclear energy use. In the absence of necessary regulations, the proposed specific technical solutions are justified in accordance with state of the art in science, technology and production.
3. These General Provisions establish general requirements to assurance of nuclear and radiation safety, with taking into account the specifics of spacecraft with nuclear reactors as sources of possible radiation effects on personnel, population and the environment in the design, construction, commissioning, operation and decommissioning of spacecraft with nuclear reactors.
Design, construction, commissioning, operation, decommissioning of spacecraft with nuclear reactors and their constituent parts shall be carried out in accordance with the requirements of regulatory legal acts regulating the creation, production and operation (application) of space complexes.
4. The requirements of these General Provisions shall apply to spacecraft with nuclear reactors, in which nuclear power installations based on nuclear reactors provide consumers of unmanned spacecraft with electric energy through the use of a closed system for converting the thermal energy of the nuclear reactor into electrical energy.
5. The requirements of these General Provisions shall apply to all stages of the full life cycle of spacecraft with nuclear reactors established by the legislation in the field of atomic energy use.
6. The list of abbreviations is given in Appendix 1, and terms and definitions are given in Appendix 2 to these General Provisions.
II. Main objectives, criteria and principles for assurance of the
safety of spacecraft with nuclear reactors
7. The main purpose of ensuring the safety of spacecraft with nuclear reactor (NRSC) is to protect the personnel, the population and the environment from radiation exposure during normal operation, abnormal operation, including design basis accidents, as well as to limit this impact in beyond design basis accidents.
8. A NRSC complies with the safety requirements if the following conditions are met: The radiation exposure of the personnel, the population and the environment from NRSC during normal operation and abnormal operation, up to design basis accidents, inclusive, does not lead to exceeding the established limits of radiation exposure doses for the personnel and the population, standards for emissions and discharges, the content of radioactive substances (RS) in the environment, shall be limited at beyond design basis accidents; moreover, the probability of accidents shall be limited.
9. The NRSC safety is achieved by design, development and manufacture of the equipment, construction and operation of the NRSC with due regard for the requirements of federal laws, federal rules and regulations in the area of nuclear energy use, by creating and maintaining safety culture, consideration of the operation experience and state-of-the-art science, technology and production.
10. The acceptable exposure limits for the personnel engaged in the construction of SC NPI and NRSC, the acceptable exposure limits for the public under normal and abnormal operation (including accidents), the acceptable limits for environmental emissions of RS shall be established in accordance with the legislation of the Russian Federation.
11. Main principles of NRSC safety assurance are the following:
preventing the possibility of uncontrolled self-sustaining nuclear chain reaction by means of organizational and technological measures;
the ability to ensure keeping RS within the designed limits;
the ability to provide heat removal from the reactor core at all the conditions stipulated in design documentation.
12. The design of NRSC must, at its return to the Earth, prevent exceeding the radiation exposure doses for the personnel and radiation exposure doses for the population established by the Radiation Safety Standards approved by the resolution of the Chief State Sanitary Officer of the Russian Federation dated July 7, 2009. No. 47 (registered by Ministry of Justice of the Russian Federation on August 14, 2009, registration number No. 14534).
13. The design of NRSC must prevent a self-sustaining chain reaction of fission before the SC enters the working orbit at any possible abnormal operation conditions, including external impacts associated with the destruction (explosion of the rocket and space complex and (or) the destruction of NRSC in case of its falling down to Earth).
14. The NRSC safety shall be provided by consistent implementation of the defense-in-depth principle based on the system of physical barriers in the way of ionizing radiation and radioactive substances propagation into the environment and the system of technical and administrative measures for maintenance of the physical barriers efficiency as well as for protection of the personnel, the public and the environment.
15. The configuration and purpose of the physical barriers shall be defined in the SC NPI and NRSC design. Sufficiency of the implemented physical barriers and technical and administrative defense-in-depth measures shall be justified in the SC NPI and NRSC design and confirmed at the stage of ground elaboration of the SC NPI.
16. The system of technical and administrative arrangements shall form five levels of defense-in-depth at all stages of the NRSC life cycle and include the following levels.
Level 1. Prevention of operational occurrences:
conditions for the location of facilities with SC NPI and NRSC;
arrangement of a sanitary protective area, a supervised area and a protective action planning zone around the SC NPI manufacturing factory and on the cosmodrome around facilities with a SC NPI and NRSC;
development of the SC NPI design documentation based on the conservative approach with well-developed inherent self-protection of the RP and measures aimed to prevent the cliff edge effect;
assurance of quality of safety-related systems of NRSC and the spacecraft nuclear power installation (SC NPI), as well as that of work performed;
operation of NRSC in accordance with the requirements of regulatory legal acts and operational documentation;
monitoring and maintaining the operability of safety-related systems and components through timely identification of defect, documentation of the work and results and control;
selection and provision of the qualification level of the NPP personnel required for working under normal operation conditions and in abnormal operation including pre-accident situations and accidents, formation of safety culture;
selection of methods and ways of transportation of SC NPI via public ways;
selection of the trajectory of the launch of NRSC to outer space;
determination of NSO;
selection of the working orbit of NRSC and the disposal orbit;
use of verified and certified SC NPI calculation programs, systems, experimental studies of the principal design solutions.
Level 2. Prevention of design basis accidents by normal operation systems:
timely identification of deviations from normal operation and their elimination;
control during operation with deviations.
Level 3. Prevention of beyond design basis accidents by safety systems:
prevention of escalation of initiating events into design basis accidents, and of escalation of design basis accidents into beyond design basis accidents through the use of safety systems;
mitigation of the consequences of accidents that could not be prevented at the manufacture of SC NP and construction of NRSC, by containment of released RS.
Level 4. Beyond design basis accident management:
return of the RP of the SC NPI to the controlled state when the fission chain reaction stops, and continuous fuel cooling and confinement of radioactive substances within the established design boundaries are ensured;
prevention of progression of beyond design basis accidents and mitigation of their consequences, including through the use of special engineering features to manage beyond design basis accidents as well as any systems (components) including normal operation systems (components) and safety systems (components) capable of performing the required functions under the given conditions;
protection of the SC NPI RP containment from destruction during beyond design basis accidents and maintaining its operability during the manufacturing of SC NPI and construction of the NRSC.
Level 5. Emergency planning: preparation and execution of action plans for protection of the personnel and the public.
The defense in depth shall be implemented at all stages of activities related to the NRSC safety assurance to the extent covered by this type of activity. The adverse events prevention strategy shall take priority, with special attention paid to levels 1 and 2.
Measures to ensure independence of the defense-in-depth levels from each other shall be substantiated in the SC NPI and NRSC designs.
17. If it is revealed that any of the designed physical barriers is inoperable or measures for its protection are unavailable, measures shall be taken to bring the SC NPI RP power unit into a safe state.
The SC NPI design shall incorporate measures aimed to prevent damage of any barriers resulting from damage of other barriers as well as damage of several physical barriers under a single impact.
18. Technical and organizational solutions adopted for the NRSC safety assurance shall be tried in the previous experience, tests, studies and SC NPI prototype operation practice. This approach shall be applied not only to the equipment development and the NRSC design but also to manufacturing of the equipment, the NRSC construction, operation and decommissioning.
19. The NRSC safety principles determined by its specifics as a space nuclear facility, shall be:
resistant of the structure to long-term large values of linear and dynamic overloads, vibration loads;
ability to provide heat removal to outer space;
ability to withstand long-term multidirectional temperature effects while in space;
ability to ensure the resistance of structural materials to the effects of solar radiation, ionizing radiation of outer space and NPI;
ability to ensure the SC NPI start-up and its further operation only upon entering the working orbit;
operation of the NRSC on the working orbit not below the NSO;
ability to provide the withdrawal of SC to the disposal orbit.
20. The system of technical and administrative arrangements for the SC NPI safety assurance, design basis for the safety-related systems and components shall be presented in the SC NPI SAR developed by the OO. No safety-related discrepancies between the information in the SC NPI SAR and the NRSC design, or between the NRSC and its design shall be allowed. Compliance of the SC NPI SAR with its actual state shall be maintained by the OO throughout the entire NRSC service life.
21. The results of the SC NPI safety analysis shall be presented in the SC NPI SAR. Deterministic and probabilistic safety analyses shall be presented in the SC NPI SAR. Safety analyses shall be performed for all operational states of the SC NPI with due regard of all operational occurrences of the SC NPI. Deterministic analyses of design basis accidents shall be based on a conservative approach. Probabilistic safety analyses shall include probability assessment for an emergency release. Safety analyses shall be accompanied with assessment of errors and uncertainties for the obtained results. Any software means used for safety analysis shall be certified.
22. Arrangement and reliability of safety-related systems and components, documentation and various works affecting the NRSC safety shall be the subject of quality assurance activities at all stages of the NRSC life cycle.
23. The SC NPI and NRSC designs shall provide for the engineering features and administrative measures aimed at prevention of accidents and mitigation of their consequences and assuring:
non-exceedance of the established limits for design basis accidents through the use of inherent self-protection properties and application of SS;
mitigation of consequences of any beyond design basis accidents through the use of special engineering features for beyond design basis accident management, application of any other suitable engineering features regardless of their initial purpose and implementation of administrative measures including beyond design basis accident management measures and plans for protection of the personnel and the public against the consequences of such accidents.
24. The established limits for design basis accidents shall not be exceeded in case of any initiating event considered in the SC NPI and NRSC designs. At the same time, coincidence of the initiating event with any single failure of any of the following safety system components independent from the initiating event shall be taken into account in accordance with the single failure principle: an active component or a passive component with moving mechanical parts, or a passive component without any moving parts, or any human error independent of the initiating event.
In addition to a failure of any of the above-mentioned components independent of the initiating event all failures resulting from this single failure, failures resulting from the initiating event and also any failures of components undetectable in the course of the NRSC operation and affecting the accident progression shall be taken into account.
Failures of components (systems they are included into) may be disregarded if a high level of their reliability is confirmed.
The reliability level is deemed to be high when the component (system) reliability parameters are at least equal to the relevant parameters of the most reliable passive components of safety systems without any moving parts.
25. The list of initiating events presented in the SC NPI SAR shall include all possible internal and external events violating normal operation of the SC NPI and not eliminated by the inherent self-protection properties of the reactor and principles of its design. Combinations of the SC NPI and NRSC system (component) failures, human errors, internal or external impacts shall be included into the above-mentioned list of initiating events in the cases stipulated by the requirements of the federal rules and regulations in the area of nuclear energy use.
26. The lists of initiating events for analysis of design basis accidents shall be presented in the SC NPI SAR and NRSC design.
Internal events with the estimated occurrence probability of 10-6 or less within the period of one year may be excluded from the list of initiating events for analysis of design basis accidents.
27. The lists of beyond design basis accidents shall be presented in the SC NPI SAR and NRSC design. They shall include representative scenarios in order to define measures for management of such accidents. Representativeness of scenarios shall be provided by consideration of the criticality level of the beyond design basis accident on the SC NPI and NRSC as well as potential operability or inoperability of safety systems and special-purpose engineering features for beyond design basis accident management.
Realistic (non-conservative) analysis of the above-mentioned beyond design basis accidents with assessment of development probabilities and consequences of beyond design basis accidents shall be given in the SC NPI SAR.
Analysis of beyond design basis accidents presented in the spacecraft nuclear reactor SAR shall serve as the basis for development of action plans in order to protect the personnel and the public in case of any accidents and also for development of beyond design basis accident management guidelines.
28. For beyond design basis accidents not eliminated by inherent self-protection properties of the reactor and the principles of its design (regardless of their probability) administrative measures for management of such beyond design basis accidents shall be developed including the measures aimed to reduce radiation exposure for the personnel, the public and the environment particularly by implementation of action plans for protection of the personnel and the public in case of an accident.
29. The OO shall arrange development and implementation of quality assurance programs at all stages of the complete NRSC life cycle and for this purpose develops a general quality assurance program in accordance with the requirements of the federal standards and rules in the field of atomic energy use, regulatory documents regulating the creation, construction and operation (use) of space complexes, controls activities of any companies performing works or rendering services to the operating organization (particularly research, design, engineering, construction, installation and commissioning companies, suppliers of systems and components, manufacturing plants of the SC NPI and NRSC systems and components). Companies performing works and rendering services to the OO shall ensure the development of their private quality assurance programs for the relevant activities.
30. Safety culture shall be formed and supported for all employees and organizations related to the NPI manufacturing, the NRSC construction, operation and decommissioning, as well as design, development and manufacturing of their systems and components.
Safety culture shall be formed and supported in the following way:
declaration of the safety priority over economic and production purposes;
selection, professional training and proficiency maintenance for senior managers and personnel in each safety-related area of activity;
strict adherence to discipline with clear distribution of authority and personal responsibility of managers and performers;
development and adherence to the requirements of quality assurance programs, standard operating procedures and operation documentation and their regular updating with due regard for the experience gained;
managers of the organizations engaged in the NRSC construction shall create atmosphere of confidence and establish approaches to collective work as well as social and living conditions of the personnel forming intestine necessity of positive attitude toward safety;
each employee shall understand the impacts of his/her activities on the NRSC safety and any consequences that may result from failure to adhere or poor adherence to the requirements of quality assurance programs, operation documentation, standard operating procedures and job statements;
self-control of safety-related activities by the employees;
each manager and employee shall understand inadmissibility of concealment of any errors in his/ her activities, the necessity for detection and elimination of their causes, the need for continuous self-improvement, study and implementation of the best practices particularly foreign ones;
establishment of the system of rewards and punishments based on the results of work activities that promotes transparency in the activities of employees and prevents concealment of any errors in their work.
31. The OO shall assure the NRSC safety including any measures for prevention of accidents and mitigation of their consequences, accounting and control of nuclear materials, RS and radioactive wastes, physical security of NPI, nuclear materials, RS and radioactive wastes, radiological control of the environment in the sanitary control-protective area and the supervised area.
The OO shall provide for the NRSC usage only for the purposes it has been designed and constructed for.
The OO shall perform activities for the NRSC safety enhancement in accordance with the plans developed with due regard for the results of safety analyses and operation experience.
32. The NRSC design must substantiate, and the operational documentation must provide information about the necessary organizational structure and control requirements to the qualification of the construction works and operation of the NRSC, training and material base, technical facilities for professional training and the staff of specialists. For the NRSC a full-scale simulator needs to be developed for the control of NRSC, to be adopted for operation before the construction of the NRSC.
33. To prepare the personnel participating in the SC NPI manufacturing and NRSC construction, commissioning and operation, the design shall provide for a personnel training centre and a psycho-physiological examination laboratory with the educational and material resources, technical equipment for professional training and the staff of specialists necessary to assure high-quality training of the NPP personnel.
34. The construction of NRSC shall only be allowed subject to the NRSC design approved in accordance with the established procedure after obtaining a license for the relevant activity in accordance with the legislation of the Russian Federation in the field of atomic energy use, as well as a permit in accordance with the legislation of the Russian Federation on space activities.
35. The NRSC design shall provide for technical and administrative measures of physical security assurance as well as for fire safety of the NRSC during the construction and ground commissioning stages. The physical security measures shall not impair the NRSC safety assurance conditions.
36. The NRSC design shall provide for communication and announcement means (particularly redundant ones) in order to organize the NRSC management under normal operation conditions and in case of any design basis and beyond design basis accidents.
37. Mutual coordination of the requirements for safety of the NPI and NRSC shall be ensured in the SC NPI and NRSC designs in the course of the NRSC development.
III. Classification of systems and components
38. NRSC systems and elements differ in:
purpose;
impact on safety;
nature of the performed safety functions.
39. The systems (components) are classified as follows in accordance with their purpose:
normal operation systems and components;
safety systems and components;
systems (components) of special-purpose hardware for beyond design basis accident management.
40. The systems (components) are classified as follows in accordance their impact on safety:
safety-related systems and components;
non-safety-related.
41. The safety systems (components) are classified as follows in accordance with the nature of their functions:
protective;
localizing;
supporting;
controlling.
42. Safety-related systems (components) include:
safety systems (components);
normal operation systems (components), the failure of which would disrupt the normal operation of the NRSC or hamper elimination of abnormal operational occurrences of the NRSC;
systems (components) provided in the NRSC design for accident management within the time period specified in the NRSC design.
43. Four safety classes are established in accordance with the safety impact of the components.
Class 1. Class 1 includes fuel elements, EGC and NRSC components, whose failures constitute initiating events for accidents resulting in damage of fuel elements (EGC) with an excess of the maximum design limit while the SS perform their designed function.
Class 2. Class 2 includes the following NRSC components that are not included into Class 1:
components whose failures constitute initiating events resulting in fuel element (EGC) damage without the maximum design limit exceedance while the SS perform their design function, with regard for their failure frequency specified for design basis accidents;
safety system components whose single failures in case of a design basis accident result in exceedance of the design limits specified for such accidents.
Class 3. Class 3 includes safety-related components of NRSC and SC NPI not included into Classes 1 and 2.
Class 4. Class 4 includes non-safety-related NPP normal operation components not included into Classes 1, 2 and 3.
Components used to manage beyond design basis accidents and not included into safety classes 1, 2 and 3 also refer to safety class 4.
44. In case a component has features pertaining to different classes this component shall be referred to a higher safety class.
45. Devices (pipeline valves, throttling devices and other) separating components of different safety classes shall be referred to a higher safety class.
46. The safety classes of the elements of NRSC shall be assigned by developers of designs of RP of SC NPI, SC NPI and NRSC in accordance with the requirements of these General Provisions.
47. Requirements for the quality of NRSC components referred to safety classes 1, 2 and 3 and assurance thereof shall be defined in the regulations and other regulatory documents establishing requirements for their design and operation. In this case the above-mentioned regulatory documents shall set more stringent requirements for quality and quality assurance of the components referred to higher safety classes.
48. Pertinence of the components to safety classes 1, 2, 3 and 4, applicability of regulations and other regulatory documents to these components shall be substantiated and specified in the documentation for design, development and manufacture of the NRSC systems and components and reflected in the SC NPI SAR.
49. Class designation of a component reflects its pertinence to safety classes 1, 2, 3, 4. To reflect the nature of the functions performed by an element, the classification designation is supplemented with the following letters:
N - normal operation component;
Z - protective;
L - localizing;
O - supporting;
U - safety system control element;
T - component of special-purpose hardware for beyond design basis accident management.
If a component has multiple purposes all the purposes are to be included in the component designation.
Examples of class designations: 2N, 3Z, 2NZ, 3T.
50. Classification characteristics of the NRSC systems and components stipulated by these General Provisions shall be taken into consideration in any other classifications for the NRSC systems and components developed in accordance with the requirements of federal rules and regulations in the area of nuclear energy use.
IV. The basic requirements to safety-related to spacecraft
with a nuclear reactor
General requirements for safety-related systems and
components
51. Safety-related systems and components shall be designed and developed in accordance with the principles of these General Provisions and any other federal rules and regulations in the area of atomic energy use. The requirements of any other regulatory documents not referred to regulations may be applied to the extent they do not contradict the federal standards and rules in the area of nuclear energy use.
52. For SRS in SC NPI and NRSC designs there must be determined and substantiated their composition, characteristics, operation period, service life, reliability, operating procedures and operating conditions, as well as means of monitoring, diagnostics and testing for compliance with design characteristics.
53. The SC NPI shall have safety systems intended to perform the following basic safety functions:
emergency reactor shutdown and maintenance of its subcritical state;
keeping the RS within the limits set by the SC NPI design.
The design of the SS must exclude their mutual influence, which prevents them from properly performing their safety functions. It is achieved inter alia by physical separation and functional independence.
54. In order to reduce the probability of NRSC failures, prevent and/or mitigate the consequences of employee (personnel) errors, preference should be given to systems (components), the design of which is based on the passive principle of action and the properties of inherent self-protection.
55. SRS should perform their functions to the scope established by the design at the initial events caused by:
natural and human-induced external impacts;
internal mechanical, thermal, chemical effects at normal operation, abnormal operation, including design basis accidents.
56. SC NPI, NRSC and their SRS must withstand without loss of efficiency mechanical effects during operations of transportation, storage, loading and unloading, docking of SC NPI with SC and of SC with LV.
57. NRSC and its SRS must be able to withstand the impacts of loads during the bringing of SC to the working orbit without loss of efficiency. Types of loads and specific values of their impacts should be set in the NRSC design.
58. NRSC and its SRS, with the NRSC used according to its designated purpose, shall maintain their operability throughout the SC lifetime in the state of weightlessness in conditions of space vacuum, impact solar radiation, their own atmosphere, radiation fields from the operating NR, multidirectional thermal impacts and mechanical impacts due to the operation of the SC systems.
Data on the magnitude of the impacts must be determined in the NRSC design with taking into account the radiation situation and the possibility of ejection of the working fluid or coolant of the SC NPI heat removal system circuit.
59. The response of SRS to effects of internal events should not result in violations of design limits or safe operating conditions.
60. During the ground stages of the NRSC life cycle, the SRS must undergo maintenance, repair, testing and verifications. The type, sequence and scope of maintenance, tests and inspections are set out in the SC NPI and NRSC design and operational documentation.
SRS shall be directly and fully tested for compliance with design specifications during commissioning, after repair, in case of failure and periodically. If direct and complete verification is not possible, indirect and/or partial checks must be carried out.
61. SRS must remain operational in case of failures for a common reason.
62. Measured parameters of SRS and permissible limits of their variation shall be defined in the design and operational documentation The measuring instruments that have passed the verification, and ensuring compliance with the mandatory requirements established by the legislation of the Russian Federation on ensuring the unity of measurements shall be used in the SRS.
63. Unauthorized access to SRS at the ground stages of the NRSC life cycle should be excluded by technical means and organizational measures.
64. Multi-purpose use of safety systems and their components shall be justified. Combination of safety functions with normal operation functions shall not result in any violation of the NRSC safety requirements and reduction of the required reliability in performance of safety functions.
65. The SC NPI safety systems shall function in such a way so that their operation after actuation would continue up to complete performance of their functions. Return of the safety system into the initial state shall be carried out in accordance with the requirements established in the SC NPI design documentation and reflected in the operation documentation.
66. In case a safety-related system is arranged through the use of programmable digital devices, the relevant standards, rules and methods for development, testing and verification of the programmable digital devices and software within the entire service life of the system and particularly in the course of software development shall be established and applied. All developments shall be subject to the quality assurance system. The NRSC design shall provide for means of protection against unauthorized interference into software functioning.
67. Reliability analyses for performance of functions by safety-related systems as well as reliability parameters for safety-related components shall be presented in the SC NPI SAR. Reliability analysis shall be performed with due regard for common cause failures.
Nuclear core and reflectors
68. Damage to fuel elements by the number and type of damage during normal operation and abnormal operation must not lead to release of radioactivity (fission products), disrupting the operation of NRSC equipment and causing exceeding the dose limits established in the radiation safety standards for personnel and the population at the ground stages of the NRSC life cycle. Limits of damage of fuel elements and levels of radioactivity of the heat carrier for normal operation, abnormal operation, including design accidents, shall be established in the NRSC design.
69. The active zone and reflectors shall be designed so that during normal operation and design basis accidents their mechanical strength and absence of deformations disrupting operability of reactivity members and heat removal from fuel would be provided.
70. The design of the core, reflectors along with all of their components that affect reactivity shall exclude uncontrollable growth of energy release in the core, leading to damage of fuel elements beyond the established designed limits with any change of reactivity due to reactivity members and reactivity effects in operational states and at design basis accidents.
71. The design of the core and the reactor must exclude the possibility of formation of secondary critical masses during the destruction of the reactor and the melting of elements of the core structure.
72. The design of the core, NR and safety systems (components) must prevent the penetration of the NR vessel at any abnormal operational occurrences.
Reactor plant cooling circuit
73. The cooling circuit of the SC NPI RP must provide heat removal from the core and the RP elements without violating the design limits for the temperature of the fuel elements and structural elements, the rate of its variation during normal operation and abnormal operation.
74. The equipment of the cooling circuit must withstand static and dynamic loads and temperature effects arising in any of its parts in case of violations of abnormal operation to design basis accidents inclusive, including unintentional energy release into the coolant caused by:
sudden insertion of positive reactivity in case of the most efficient reactivity member ejection with the maximum velocity provided that such ejection is not prevented by design;
injection of the "cold" coolant into the core (with negative reactivity coefficient by the coolant temperature) or any other possible positive reactivity effect related to the coolant.
75. Systems and elements of the cooling circuit of SC NPI RP must remain operational, with taking into account corrosion-chemical, neutron-physical, radiation, temperature, hydraulic and other effects possible during normal operation, and at abnormal operation.
76. The cooling circuit systems and components shall be capable of withstanding the displacement of elements, static and dynamic loads and temperature impacts determined by the NRSC design during normal operation, and at abnormal operation, including design basis accidents.
77. The cooling circuit shall be provided with means for compensation for temperature-related variations in the volume of the coolant and for protection against unacceptable pressure increase in the circuit during normal operation, and at abnormal operation and design basis accidents.
78. The design of the cooling circuit must exclude leakage of the coolant, leading to violation of heat removal from the SC NPI RP during normal operation of the SC NPI, at abnormal operation and design basis accidents.
Control of spacecraft with a nuclear reactor
79. NRSC control shall be carried out with control systems, which include the onboard system and the SC ground control system. The SC NPI shall be controlled with an ACS associated with the OBCS, NOCS and CSS of the RP.
80. The ground control complex, the OBCS and the ACS of the SC NPI, designed for automated and/or automatic control of SC NPI and NRSC, must provide:
management of NPI and its systems in all conditions of normal operation with automatic maintenance of the installation parameters within the limits substantiated by the SC NPI and ACS project;
chain fission reaction monitoring and control for all modes and conditions in the core under normal operation (particularly in sub-critical state of the reactor) and in case of any operational occurrences including accidents;
implementation of control actions to bring the parameters of SC NPI to operational limits, or to bring SC NPI RP to a safe state by protective systems;
exercising control actions on process equipment (cooling circuit, power and refrigeration equipment).
81. The NRSC parameters to be controlled from the OBCS shall provide unambiguous information to the operating personnel in relation to compliance with the NRSC safe operation limits and conditions as well as on automatic actuation and functioning of safety systems.
The list of commands and signals issued from the SC OBCS to the SC NPI ACS, as well as the list of transmitted parameters for the ground control complex must be determined in the NRSC design.
82. Control signals from the ground control system must have priority over the control signals of the onboard control system.
83. Instructions for control of systems (components) that are generated by ACS or the GCS control means shall be automatically recorded.
84. As part of the GCS, there must be provided an information support system for operator of SC NPI and autonomous means of registration and storage of transmitted information.
The operator information support system shall provide consolidated information on the SC NPI parameters characterizing the state of safety functions to the GCS personnel.
Independent means shall ensure recording and storage of the information necessary to investigate accidents. These means shall be protected against unauthorized access. Extent of the information to be recorded and stored shall be substantiated in the NRSC design.
Normal operation control systems
85. NOCS must create and implement, based on the design objectives, criteria and constraints of the control over equipment for normal operation of the SC NPI RP.
86. NOCS shall perform automatic control in all modes of operation of NRSC with the indicators of quality, reliability and metrological characteristics established in the SC NPI and NRSC design.
Lists of controlled parameters and signals on the state of SC NPI, lists of controlled parameters and control signals, as well as lists of parameters on the state of SC NPI, for which the introduction of the SS is provided, must be justified and given in the SC NPI design.
87. NOCS shall contain:
means for communication with the onboard control complex of SC and the GCS;
means to ensure the acquisition, processing, recording, storage and transmission of information sufficient to timely and unambiguously establish the initiating events of abnormal normal operation and accidents, their development, to determine the actual algorithm of operation of the SS and the safety-related elements of control and management systems, as well as to determine deviations from the algorithms of functioning of systems and equipment SC NPI.
88. NOCS shall provide automatic and (or) automated diagnostics of the condition and modes of operation, technical means of NOCS (including the technical means using the software) and modes of their operation.
89. NOCS must generate light and acoustic signals on the control room panels (boards) of the ground control system on violations of operation limits, or safe operation limits and conditions.
90. Neither failures of elements of display, registration of information and diagnostics, nor a failure of communication with the GCS shall affect the ability of the control channel to provide control of parameters to the scope set by the design of the NRSC (SC NPI, RP of SC NPI).
Control safety systems
91. CSS must automatically initiate SS actions in the conditions provided by the SC NPI and NRSC design, monitor and manage them when performing the specified functions established in the SC NPI design.
92. The GCS must be capable of remote actuation of SS. A failure in automatic actuation circuit shall not prevent remote actuation and execution of safety functions. Impact on the minimal number of control elements shall be sufficient for remote actuation.
Arrangements for remote control of SS mechanisms should provide for at least two logically related actions to initiate them.
93. CSSs shall comply with the requirements of the following principles:
redundancy;
independence;
diversity.
Redundancy, independence and diversity shall be such that any single failure of the CSS would not impair its operability and protection against common cause failures in accordance with the requirements of these General Provisions would be provided.
94. CSSs shall ensure:
PSS management priority;
continuous automatic diagnostics of operability of control systems;
diagnostics of operability of CSS channels and process equipment with the frequency established in the design and operational documentation of NRSC;
formation of warning and alarm signals informing the personnel at the ground control station about violations of the limits and conditions of safe operation, operation of SS and failures of software, hardware and engineering means of CSS.
95. Any single failures in the CSS must not interfere with their operability, and must be provided with their protection against failures for a common reason.
96. CSS hardware and software must be checked and tested in accordance with the procedures set out in the operational documentation.
97. The CSSs shall be designed in such a way so that to follow any commenced action through up to full completion of the function in accordance with the preset algorithm for the RP bringing into the safe state. Algorithms of protective actions and the possibility of intervention of ground personnel must be justified in the design documentation of SC NPI, NRSC and presented in the SAR.
98. CSSs shall be separated from NOCSs to the extent providing that disturbances or failures of any NOCS component or channel would not affect the CSS capability to perform its functions.
99. Any failure of CSS elements for automatic control of safety system components shall not impair their control by the OBCS personnel.
100. Failures of hardware and software and damage to the CSS established in the SC NPI and NRSC designs must lead to the appearance of signals on the ground control system and initiate actions aimed at ensuring the safety of the NRSC.
Supporting safety systems
101. Supporting safety systems (components) are designed to supply the SS with energy, working medium and create the conditions required for their operation, including heat removal.
These functions must have priority over the action of internal protection of elements of the SSS, if it doesn't lead to more serious consequences from the point of view of nuclear or radiation safety.
The list of permanent internal protection elements SSS must be justified in the SC NPI and NRSC designs.
102. Supporting safety systems shall have reliability parameters for performance of the specified functions sufficient to achieve the required functional reliability of the safety systems in combination with reliability parameters of the safety systems supported by them.
103. Within the NRSC there must be a self-contained source of energy capable, regardless of the state of RP of SC NPI or the energy conversion system, to provide power necessary for operation of safety systems, the system of control of parameters that determine the operational safety of NRSC, the system for communication with the onboard control system and the ground control system.
104. In the manufacture of SC NPI and at the ground stages of the NRSC life cycle, the relevant infrastructure must include fire protection equipment.
Protective safety systems
105. Protective safety systems (components) must provide bringing the NR to the subcritical state and maintaining it in the subcritical state, and cooling the core in order to prevent or limit damage to fuel elements (EGC), equipment and pipelines containing RS, and the propagation of radioactivity during normal operation and at abnormal operation, including design basis accidents.
106. The PSS shall ensure that the NR is brought to the sub-critical state at excess of the setpoints determined in the designs of the SC NPI and NRSC and/or operational documentation.
107. PSS must:
be actuated automatically and remotely;
retain its functions in case of power loss.
108. The efficiency and speed of action of systems designed to bring the NR to the subcritical state must be sufficient to limit the energy release to a level that does not lead to damage to the fuel elements beyond the established limits for normal operation, abnormal operation, including design basis accidents, and suppression of positive reactivity resulting from the manifestation of any reactivity effect or a possible combination of reactivity effects during normal operation, and at abnormal operation, including design basis accidents.
109. Within PSS it is necessary to provide a system for emergency heat removal from the NR. The absence of an emergency heat removal system must be substantiated in the SC NPI design.
110. Use of cooling systems (channels) intended for normal operation as the systems (channels) for emergency heat removal from the reactor is permitted provided that they comply with the requirements for safety systems.
111. Before the normal operation is restored after the actuation of the PSS, the causes that resulted in the actuation must be identified and eliminated.
112. Actuation of protective safety systems shall not result in failures of the equipment of any normal operation systems.
The allowable number of PSS operations (including false positives) over the NRSC lifetime must be substantiated in the SC NPI design based on their impact on the equipment service life.
Localizing safety systems
113. LSS must ensure the limitation of spreading of radioactive substances and ionizing radiation into the environment beyond the boundaries provided by the NRSC and SC NPI design.
114. The degree of permissible leakage of LSS and ways to achieve the required degree of tightness must be substantiated in the designs of SC NPI and NRSC.
Compliance with the actual tightness of LSS of SC NPI with design must be checked and confirmed in the process of manufacturing of SC NPI.
V. Basic principles of security
implemented in the design of the spacecraft
with nuclear reactors
115. The selection of arrangements, designs, parameters, characteristics and modes of operation of NRSC shall be made at design, with taking into account specifics of its functioning and operation of the NPI.
116. Design solutions for SC NPI and NRSC must meet the requirements of chapters I - III of these General Provisions and federal rules and regulations in the field of atomic energy use.
117. Design and engineering solutions on SRS shall be made on the basis of results of the analysis of possible failures of these systems and an assessment of their consequences, as well as results of the analysis of reliability of control systems.
118. The NRSC design must determine the space infrastructure necessary for the SC in question and develop requirements for the facilities of this infrastructure that ensure the safe construction and operation of the NRSC.
119. In the NRSC design, failure analysis of systems and elements of the space complex, engineering complex of NRSC and other space infrastructure facilities must be carried out, based on the results of which the operational documentation of NRSC must provide for measures aimed at preventing a possible accident.
120. The design of NRSC must provide for engineering measures for the protection of the RP of SC NPI, NPI SC and SRS from damage at internal and external impacts considered in the SC design .
121. The NRSC design shall include safety measures for the decommissioning of the NRSC or the return of the SC NPI to the manufacturer for disposal (if necessary).
122. The NRSC design must determine the procedures as well as devices and fixtures for:
confirmation of operability of systems and components (including devices located inside the SC NPI) in the construction of NRSC;
testing of systems for compliance with their design parameters in the construction of NRSC;
checking of the sequence of signal transmission and equipment actuation (including switching to emergency power supply sources);
123. The NRSC design shall provide for special-purpose engineering features to assure beyond design basis accident management.
124. The NRSC design must provide for engineering means for monitoring the condition of SC NPI and SC NPI RP in conditions of accidents, as well as means of post-accident monitoring. The scope of the SC NPI RP and SC NPI monitoring stipulated in the SC NPI design shall be sufficient for accident management.
125. The NRSC design shall provide for the possibility of technical diagnostics (checkup) of safety systems, special-purpose hardware for beyond design basis accident management and also safety-related normal operation components referred to safety classes 1 and 2 and the possibility of their representative testing.
126. Within the design and the SC NPI SAR results must be presented of the safety assessment of the SC NPI.
127. Operation limits and conditions, safe operation limits and conditions for all operational states of the NPI including power operation of the reactor, shutdown states and refueling shall be established and substantiated in the SC NPI design and reflected in the NPI SAR.
128. The SC NPI design shall specify requirements for chemistry regimes of the media in the SC NPI systems and components that should be observed in the course of operation in order to maintain integrity of physical barriers in the way of ionizing radiation and radioactive substance propagation into the environment.
129. In the SC NPI design, the limits of damage to fuel elements (EGC) must be set, with taking into account the operability of the SC NPI and NRSC equipment.
VI. Ensuring safety in the manufacture of nuclear
power installation of the spacecraft
130. Manufacturing and installation of SC NPI systems and equipment must be carried out in accordance with the design.
131. Structures, equipment, products and automation facilities used in the manufacture and installation of SC NPI , including engineering means of physical protection, shall be subject to conformity assessment in accordance with the established procedure.
132. Quality control and acceptance of the performed works and finished components, systems and equipment shall be arranged in accordance with the requirements of the regulatory documentation, the detailed design and quality assurance programs.
133. Research on critical stands of the influence of SC NPI components on neutron-physical characteristics must be carried out in accordance with the requirements of regulatory legal acts and normative documents in the field of atomic energy use.
134. Ground tests of SC NPI, including physical start-up, tests with ensuring creation of internal and external loads with simulation of the environmental conditions corresponding to complex influence of operating conditions shall be carried out according to requirements of regulatory legal acts and normative documents in the field of atomic energy use.
135. The requirements of nuclear and radiation safety for buildings and facilities, in which SC NPI is manufactured, as well as for storage, accounting and control, loading of nuclear fuel and carrying out physical start-up shall be determined by regulatory legal acts and normative documents in the field of atomic energy use.
136. The test results must confirm that the NPI as a whole, as well as the SRS, have been implemented and are functioning in accordance with the design, and the identified shortcomings have been eliminated.
137. Transportation of SC NPI must be carried out in a special transport packaging set (package) or subject to special conditions of transportation in accordance with the requirements of federal rules and regulations in the field of atomic energy use.
VII. Safety during construction of
spacecraft with a nuclear reactor
138. Work on the construction of NRSC is potentially nuclear hazardous. For their implementation, organizations of the chief designer of NRSC, the chief designer and manufacturer of SC NPI must develop installation, process and operational documentation containing measures to ensure the NRS and providing a list of systems and equipment of space infrastructure to be used in the construction of NRSC.
139. The organization authorized by the State Space Corporation Roscosmos (the body licensing space activities) to carry out work on the construction of NRSC must have, in addition to the license of the State Space Corporation Roscosmos, a license of the state body for safety regulation in the use of atomic energy for the relevant activity and be responsible for ensuring nuclear and radiation safety in the construction of NRSC.
In addition to the above authorized organization, the SC NPI and NRSC development organizations , as well as the manufacturer of the SC NPI and SC NPI, having the appropriate licenses for the right to operate in the field of atomic energy use, must be involved in the construction of NRSC.
140. During the construction of the NRSC, during the handling of the product and its components, as well as in at falls of the NPI and other possible violations of the NRSC construction conditions stipulated by the detailed design documentation, measures must be taken to eliminate the displacement of reactivity members.
141. Construction of NRSC must be carried out with the reactivity members of the control and protective systems introduced into the core and providing the subcriticality corresponding to the value of the effective neutron multiplication factor of the reactor not more than 0.95, and blocking the supply of voltage to the ACS.
142. During the construction of the NRSC, checks (tests) of each of the SC NPI safety-related systems and checks of the operation of SRS during their interaction, including those exercised in conjunction with the onboard control system, must be provided.
143. The type, scope of tests and the control and verification equipment used in the tests shall be established in the SC NPI and NRSC design documentation and test programs in accordance with the requirements of regulatory and guidance documents regulating the activities for the creation, production and operation of the SC.
144. The test program must include a sequence of operations and measures to ensure that the reactor is subcritical during normal operation and at abnormal operational occurrences.
145. The test results shall be executed with an act (report) drawn up by the organizations developing the SC NPI and NRSC. The SC NPI and NRSC developing organizations shall, based on the results of construction and tests, release a final report on the readiness of NRSC for flight tests.
VIII. Safety assurance during commissioning
and operation of a spacecraft with a nuclear reactor
Arrangement of operation
146. The OO, with the participation of SC NPI and NRSC developers, must develop operational documentation for each stage of commissioning and operation, providing for the requirements for the equipment necessary to perform the work of the stage, the conditions of transportation, the magnitude of the permissible mechanical impacts during transportation and docking of NRSC, the permissible levels of radiation from SC NPI, the composition and sequence of work during flight tests and operation, measures to ensure nuclear and radiation safety, the personnel actions in the event of an accident.
Operation manuals for the systems and equipment shall contain specific instructions for the personnel related to methods of working in the course of normal operation, operational occurrences and pre-accident situations.
147. The OO must ensure the development of NPI, issue of and compliance with instructions and guidelines that determine the actions of personnel to ensure safety in case of abnormal operational occurrences, including instructions for the elimination of design-basis accidents and guidance on the management of beyond design-basis accidents.
148. The personnel actions prescribed by the manuals and guidelines shall be based on characteristics of the occurring events and states of the SC NPI and the entire NRSC as well as on anticipated accident development. Anticipated actions shall be aimed to recover safety functions and to mitigate consequences of accidents.
149. The OO must ensure the development of a list of nuclear hazardous works. Nuclear hazardous work must be carried out under special work programs, providing for measures that exclude the possibility of unauthorized changes in the arrangements, equipment and algorithms of CSS.
150. The operating organization shall assure continuous surveillance over all activities affecting the NRSC safety particularly based on self-assessment of the operating organization activity. The OO shall submit regular safety analyses for the NRSC to the competent authority for safety regulation in the area of nuclear energy use and the authorized nuclear energy usage controlling agency.
151. The operating organization shall establish and adhere to the procedure for maintenance, storage and review of the operation documentation.
152. Any deviations from the safe operation limits and conditions that have taken place at the SC NPI and NRSC (including accidents) shall be investigated in accordance with the requirements of federal rules and regulationsin the field of atomic energy use. The developers of SC NPI, NRSC and the operating organization must develop and implement measures to prevent the recurrence of violations due to the causes that caused earlier violations in the operation of SC NPI.
153. In the operation of NRSC, the OO must ensure the acquisition, processing, analysis, systematization and storage of information about failures of components of SRS and erroneous actions of personnel, and their prompt communication to all organizations concerned in the prescribed manner, including the designers of the RP of SC NPI, NPI SC and NRSC.
154. In case of detection by the OO of a deviation (event), which is a harbinger of an accident, the OO and the organization-developer of NRSC must develop a plan for implementation of measures to prevent similar deviations (events), as well as to develop substantiation for the possibility of operation of NRSC for the period before the implementation of the measures provided for in this plan. The above-mentioned plan and substantiation shall be submitted by the OO to the competent state regulatory authority for safety in nuclear energy use.
Commissioning and operation of the spacecraft
with a nuclear reactor
155. The main stages of commissioning are:
preparation for flight tests, including docking of the NRSC with the launch vehicle (upper stage), transportation of the NRSC as part of the space rocket to the launch complex, preparation for launch and launch of the space rocket, launch of the NRSC into the near-earth orbit;
flight tests of the NRSC;
registration of documents of acceptance and putting into operation in accordance with the documents governing the creation, production and operation (application) of the SC.
156. During transportation of the NRSC and its docking with the LV, the possibility of achieving the criticality of the reactor or the formation of secondary critical masses in case of violation of the stipulated conditions of transportation and docking, must be excluded.
157. If during transportation and docking, mechanical or other types of impact on NRSC are found, exceeding the values established in the design and operational documentation, work with NRSC must be stopped before the decision on its operability to be made by the OO and the developer of SC NPI, and NRSC.
158. At launching of NRSC and bringing the same to the near-earth (working) orbit, all reactivity members must be in a position that ensures the maximum subcriticality of the reactor.
159. For all stages of commissioning, except for the stages associated with the launch of the NR, the prevention of unauthorized start-up of the automatic control system must be ensured. For the ground stages of commissioning, the radiation situation in the work area must be monitored.
160. Flight tests of the NRSC must be conducted under the NRSC flight test program, which must include the SC NPI flight test program. The NRSC flight test program must make part of the SC flight test program.
161. The safety of NRSC at start-up of SC NPI RP shall be provided by:
removal of locks from power supply of drives of reactivity members according to a special algorithm substantiated in the NRSC design and presented in operational documentation. All locks must be removed only on instructions from the ground control system after confirmation of the NRSC's reaching the working orbit using ground-based measuring instruments;
bringing the reactor to the critical state and to the rated power level in the working orbit according to a special program worked out during SC NPI ground tests and NRSC flight tests.
162. Radiation exposure levels outside the NRSC during normal operation and abnormal operational occurrences, including design basis accidents, must be determined in the operational documentation and provided with NRSC technical means.
163. In case of violation of operating limits (without violation of safe operation limits) by the automatic control program installed in the onboard control system, or from the ground control system, bypassing the control program, or on signals from sensors placed on the SC, a sequence of actions aimed at bringing the NRSC to normal operation in accordance with the operational documentation must be performed. If it is impossible to return to normal operation, the NR must be switched to the subcritical state.
164. In case of violation of limits and conditions of safe operation, the causes of the violation shall be clarified and eliminated and measures taken to restore safe operation. If it is impossible to return to the safe operation, the NR must be switched to the subcritical state. Operation can be continued only after clarification and elimination of the reasons of violation of limits and conditions of safe operation. If it is not possible to return to safe operation, the NRSC must be decommissioned.
165. All abnormal operational occurrences must be investigated and accounted for to identify the causes and take corrective measures. During the investigation of violations, the causes (phenomena, processes or conditions that caused the violation of the normal course of the technological process) and the circumstances that created the conditions for the presence or manifestation of an immediate cause, must be identified.
166. Based on the results of the investigation of the violation, the OO must develop corrective measures to eliminate the causes and prevent the recurrence of the violation, as well as to prevent the development of negative trends that adversely affect the safety. The list of corrective measures must indicate the final goals and dates of implementation of the measures.
Radiation safety
167. Radiation protection of the personnel and the public in the course of the NRSC operation shall be assured due to compliance with the legislation of the Russian Federation in the area of radiation safety as well as the requirements of federal standards and rules in the area of nuclear energy use and other regulations.
168. Radiation safety of NRSC shall be achieved by:
designed preventing the NR from attainment of unauthorized criticality;
starting and bringing the NR at the rated power only upon reaching the working orbit of NRSC;
withdrawal the NRSC or SC NPI to a disposal orbit at the end of the designated period of operation, or in case of accident.
169. Technical means, methods and techniques provided in the design and operational documentation shall provide:
detection of any physical barrier integrity breaches;
determination, assessment and prediction of radiation situation in the premises of the facility with SC NPI or NRSC, sanitary protection zone and surveillance zone;
definition, assessment and prediction of equivalent doses of external and internal exposure for the workers (personnel) and all persons within the sanitary-protective area;
radiation monitoring of personnel, vehicles and materials;
operation of the necessary part of the radiation monitoring system in the conditions created by accident (established in the design);
prediction of radiation situation on the ground in case of accidents on NRSC or SC NPI;
recording and storage of any information required for the accident investigation.
IX. Decommissioning of the spacecraft
with a nuclear reactor
170. Planning for the decommissioning of the NRSC must be carried out during the design, construction, testing and operation of the NRSC.
The NRSC design shall provide for the measures aimed at safe decommissioning of the NRSC power unit.
171. Planning of the NRSC decommissioning in the course of design and construction shall be arranged by development and improvement of the NRSC decommissioning concept which should be presented in the NRSC SAR.
172. Planning for the decommissioning of NRSC must be carried out through periodic revision (ascertainment) of the concept of decommissioning of the NRSC presented in the NRSC design. This must be done with taking into account the previous record of the NRSC operation.
173. Prior to the beginning of the NRSC decommissioning operations, the OO, based on the concept of NRSC decommissioning, as well as the analysis of design documentation and operational experience, must ensure the development of the NRSC decommissioning program.
174. In the decommissioning program, the final state of SC NPI and NRSC, organizational and technical measures for the preparation for decommissioning and implementation of decommissioning, aimed at the implementation of the selected option, the schedule and sequence of their implementation, must be determined.
175. The decommissioning of the NRSC shall be carried out at the planned end of the flight program or when it is impossible to return to the safe operation of the NRSC in case of violation of the limits and conditions of safe operation.
During decommissioning, the NR must be brought to the subcritical state in a way that completely excludes its re-start, including in case of design-basis accidents. The NR shall be brought to the cooldown mode, at which removal of residual heat release without exceeding the safe limits of damage of fuel elements or other elements of the RP of SC NPI established in the design shall be provided.
176. Upon the termination of the NRSC operation and bringing the SC NPI to the safe condition, the NRSC must be brought to the disposal orbit. After the decommissioning of the NRSC, control must be provided of the orbital parameters from the ground during the stay of the NRSC in the near-earth space.
177. Work on decommissioning may be terminated only after reaching the final state of the NRSC, as specified in the program, which shall be recorded in a document (act, conclusion) issued by the OO.
The document must show the compliance of the actual state at the time of completion of decommissioning to the final state determined in the design.
X. Recruitment and training of personnel
178. Construction, commissioning and operation of the NRSC shall be carried out by personnel with the necessary qualifications and approved for unsupervised work in accordance with the procedure established by the organization performing the relevant work.
At performance of the above works, the work places must be attended by the personnel allowed to work independently according to the relevant positions, for which the minimum number and composition are specified in the NRSC and SC NPI designs and stipulated in the SC NPI SAR and the appropriate operational documentation.
179. Selection, training, assurance of qualification of the personnel performing certain types of activity in the field of use of atomic energy, the admission to unsupervised work shall be performed subject to a procedure established by governing bodies in the field of space activities and use of atomic energy.
180. Personnel shall perform certain activities in the area of nuclear energy use only against presentation of permits granted by the state regulatory authority for safety in nuclear energy use.
181. Qualification requirements for the personnel without any need to obtain permits from the state regulatory authority for safety in nuclear energy use shall be established by the organization performing the relevant activities.
182. Selection, training, admission to independent work and assurance of qualification of the personnel performing works on construction of NRSC, commissioning and operation of NRSC shall be provided by the OO and the organizations authorized for carrying out the corresponding works. The system of the personnel selection and training shall be aimed at achievement, control and maintenance of their proficiency level required to assure safe performance of the relevant activities in the field of atomic energy use and to perform any activities for mitigation of accident consequences in case of their occurrence.
Formation of safety culture in the operating personnel shall be an integral part of training.
183. At the professional training of personnel, technical means, including simulators of various types, approved for use in the training of personnel, must be used to develop practical skills in the implementation of relevant activities in the field of atomic energy use. Particular attention must be paid to the development of actions in case of possible violations, including accidents, and taking into account the practical record of the relevant activities in the field of atomic energy use.
184. Before admission to unsupervised work, the personnel servicing the SC NPI and/or NRSC must undergo medical examination. The state of health of the personnel shall ensure that they perform the duties of servicing the NRSC and/or SC NPI.
185. The personnel involved in the construction of the NRSC, in the commissioning and operation of the NRSC, must be trained for action in case of design basis and beyond design basis accidents.
186. Actions of the personnel in case of beyond design basis accidents shall be regulated by the guidelines to be developed in accordance with par. 147 of these General Provisions with due regard for the analyses of design basis and beyond design basis accidents.
187. Emergency response drills shall be held regularly in order to prepare the personnel for actions under accident conditions.
188. The organizations carrying out construction of NRSC, commissioning and operation of NRSC shall develop methods and programs of preparation and implementation of anti-accident training drills for elaboration of actions in the conditions of accidents, and organize holding the above training.
XI. Measures to be taken in case of accident
189. The OO shall ensure the development and readiness to implement emergency plans for the protection of personnel and the public in the event of an accident at SC NPI and/or NRSC at the manufacture of SC NPI, construction of NRSC, commissioning and operation of NRSC, with taking into account the radiation effects of beyond design basis accidents. Plans shall be developed on the basis of design characteristics and parameters of the SC NPI and NRSC, the list of beyond design basis accidents presented in the SC NPI SAR, criteria for decision-making on measures for the protection of personnel and population, with taking into account economic, natural and other characteristics and features of the territories.
190. In organizations engaged in activities for the use of atomic energy in the manufacture of SC NPI, works at the cosmodrome with SC NPI and NRSC, commissioning and operation of NRSC, must involve using means of communication, including the duplicating ones, with the authorized body of state regulation of safety in the use of atomic energy and management bodies specially authorized to solve problems in the field of protection of population and territories from emergencies and created under the executive authorities of the constituent entities of the Russian Federation and local self-government.
191. If as a result of an accident there was radioactive contamination of the territory, on the basis of control and forecast of the radiation situation, the zone of radiation accident shall be established. The radiation accident zone shall include settlements in which the designed average annual effective dose for a critical population group due to a radiation accident may exceed 1 mSv. In the radiation accident zone, the radiation situation shall be monitored and measures taken to reduce radiation levels.
192. The organizations specified in paragraph 190 of these General Provisions shall develop plans of actions for localization and elimination of possible accidents.
Appendix 1
to federal rules and regulations
in the field of atomic
energy use "General
safety assurance provisions for spacecraft
with nuclear reactors" approved by
Order of the Federal
Environmental, Industrial and
Nuclear Supervision Service
dated October 23, 2017 No. 442
ABBREVIATIONS
OBCS - Onboard Control System
PSS - Protective Safety Systems
SC - Spacecraft
SCx - Space Complex
LSS - Localizing Safety Systems
GCS - Ground Control System
SAR - Safety Analysis Report
SSS - Supporting Safety Systems
SW - Software
NSO - Nuclear Safe Orbit
RS - Radioactive Substances
LV - Launch Vehicle
RP - Reactor Plant
ACS - Automatic Control System
SS - Safety System
SRS - Safety-Related System
FE - Fuel Element
TA - Technical Assignment
CSS – Control Safety System
NOCS - Normal Operation Control System
EGC - Electrogenerating Channel
OO - Operating Organization
NR - Nuclear Reactor
NRS - Nuclear and Radiation Safety
NPI - Nuclear Power Installation
Appendix 2
to federal rules and regulations
in the field of atomic energy
use "General
safety assurance provisions for spacecrafts
with nuclear reactors" approved
by Order of the Federal
Environmental, Industrial
and Nuclear Supervision Service
dated October 23, 2017 No. 442
TERMS AND DEFINITIONS
Accident on a spacecraft with a nuclear reactor - abnormal operation at the NRI with release of radioactive substances and (or) ionizing radiation in the amounts exceeding the specified safe operation limits beyond the boundaries established in the design for normal operation conditions. The accident is characterized by the initiating event, development scenarios and consequences.
Design basis accident on a spacecraft with a nuclear reactor - an accident with the initiating events and end states defined in the NRSC and/or SC NPI design and the provided safety systems aimed to assure mitigation of its consequences to the limits established for such accidents with due regard for the single failure principle applied to the safety systems or a human error independent from the initiating event.
Beyond design basis accident on a spacecraft with a nuclear reactor - an accident caused by initiating events not taken into account for design basis accidents, or accompanied by failures of safety systems in excess of a single failure, or errors of personnel beyond those stipulated for design basis accidents.
Nuclear accident on a spacecraft with a nuclear reactor - an accident caused by loss of supervision over chain nuclear fission reaction in the NR nuclear core and (or) loss of control over chain nuclear fission reaction in the NR nuclear core with the formation of the critical mass in the course of NR loading, transportation or storage of nuclear materials; damage of any components containing nuclear materials.
Automatic control - control performed by the automation equipment without any involvement of the personnel.
Automated control of a spacecraft with a nuclear reactor - control carried out by personnel using means of automation.
Core is a part of the NR in which nuclear fuel and structural elements are placed intended for the implementation of a controlled nuclear fission chain reaction.
Software tool validation - the regulated procedure involving confirmation of the possibility to use the ST in the specified field of application and also obtaining the design parameter values with certain tolerance through the use of the ST.
Safe state of a spacecraft with a nuclear reactor is the controlled state of the NRSC and/or SC NPI, at which the following shall be assured:
exclusion or retention within specified limits (control) of a self-sustaining fission chain reaction;
removal of energy released in nuclear reactions with stable parameters, excluding damage to the structures and equipment of the nuclear installation;
protection of personnel and the public from radioactive radiation and RS.
Safety of a spacecraft with a nuclear reactor - a state of protection of people and the environment from possible harmful consequences arising from the normal operation of the NRSC and abnormal operational occurrences, including accidents.
Safety of a spacecraft with a nuclear reactor radiation - the state of protection of present and future generations from effects of ionizing radiation harmful to their health during operation of NRSC.
Safety of a spacecraft with a nuclear reactor nuclear - a state of protection of people and the environment from the possible harmful effects of an unauthorized increase in the power of SC NPI and/or the emergence of a self-sustaining fission chain reaction in the nuclear material of the NRSC.
Nuclear safety shall be ensured by the implementation of a specified subcriticality of nuclear fission and the prevention of spontaneous fission chain reaction in nuclear fuel, and maintaining the power of nuclear fission within the design limits during operation of NRSC.
Safe failure of a system (component ) of a spacecraft with a nuclear reactor is a failure of the system (component), at which the SC NPI passes or is switched to a safe state without the need to initiate any action through CSS.
Onboard spacecraft control system - onboard SC complex with software designed for the implementation of algorithms for control and monitoring of onboard systems, performing calculation operations and issuing the results of calculation and control actions to systems and actuators.
SC onboard system is a set of interconnected systems, devices and units of the SC distinguished by design and/or functional characteristics.
Putting a spacecraft with a nuclear reactor into operation is a set of works, during which it is verified that the functioning of the NRSC systems and components corresponds to the characteristics specified in the design and detailed design documentation.
Probabilistic safety analysis is a system safety analysis, in the process of which the values of probabilistic safety indicators shall be determined, and the results of which shall be used for qualitative and quantitative assessments of the level of safety of NRSC and for decision-making in the design and operation of NRSC.
Probabilistic safety indicators - the values of the probability of damage to the radiation sources or of the probabilities of emissions of RS into the environment.
Secondary critical mass (critical mass) - a composition of fissile materials of NR formed as a result of an accident with the destruction of the core and having an effective neutron multiplication factor equal to or greater than one.
Decommissioning of a spacecraft with a nuclear reactor is a stage in the life cycle of the NRSC, providing for a set of activities that exclude the use of the NRSC for its intended purpose and ensure the safety of the population and the environment.
Sealed enclosure of a spacecraft with a nuclear reactor - a set of elements of a ground object with SC NPI RP, including construction structures that enclose the space around the SC NPI, form a boundary provided for by the design of this object and prevent the spreading of RS and ionizing radiation into the environment in quantities exceeding the established limits.
Deterministic safety analysis - the analysis of the reaction of the object to a postulated initiating event at a given state of the system and components that affect the way of occurrence of an accident, the internal results of which are used for qualitative and quantitative assessments of the safety of NRSC and decision-making in the design and operation of the NRSC.
Space infrastructure of a spacecraft with a nuclear reactor is a complex of interconnected service structures or objects that make up and/or provide the basis for the functioning of the NRSC.
Space infrastructure of the Russian Federation includes:
cosmodromes;
launch facility and launchers;
command and measurement systems;
space object flight control centres and stations;
stations for reception, storage and processing of information;
space equipment storage facilities;
areas of falling of separating parts of space objects;
polygons for landing of space objects and runways;
experimental facilities for elaboration of space equipment;
centres and equipment for cosmonaut training;
other ground facilities and equipment used in space activities.
Objects of space infrastructure, including mobile ones, are such to the extent that they are used to support or carry out space activities.
Initiating event in the system (component) of a spacecraft with a nuclear reactor is a single failure in the system (component) of NRSC (SC NPI), internal or external impact, personnel error, or a combination of these events that lead to violation of the normal operation of NRSC (SC NPI) and can lead to violation of the limits and (or) conditions of safe operation.
Life cycle of a spacecraft with a nuclear reactor is a set of interrelated processes of successive changes in the state of the NRSC from the beginning of development to the end of operation.
Protective safety systems (components) of nuclear reactor spacecraft - safety systems (components) intended for performance of the functions to prevent or limit damage of nuclear fuel, FE claddings, equipment and pipelines containing radioactive substances.
Personnel qualification - proficiency level of any person from among the managers and employees carrying out any works that affect the NRSC safety including basic vocational education, professional knowledge and skills as well as work experience assuring high quality and safety of the licensed activities in the course of the job duty performance.
Conservative approach to the safety analysis of a spacecraft with a nuclear reactor is an approach, where the safety analysis of a spacecraft with a nuclear reactor involves using the values of parameters and characteristics that obviously lead to more adverse results.
Reactor plant coolant circuit (primary circuit) - the circuit together with the volume control system (if any) intended for the coolant circulation through the RP and the heat removal equipment in the operation modes and conditions established in the SC NPI design.
Spacecraft is a technical device designed to function in outer space for the purpose of solving problems in accordance with the purpose of a space complex or space system.
Space complex is a set of functionally interconnected orbital and ground-based technical means providing both independent solution of target tasks on the basis of the use of outer space and within the space system.
A space complex may include space vehicles, means of preparation for bringing to orbit, control of spacecraft and their landing, facilities and support means.
Space system is a set of one or several space complexes and special complexes designed to solve target problems.
Safety criteria - values of parameters and (or) characteristics of NRSC and SC NPI, according to which safety is substantiated and which are established by regulatory documents or in the NRSC and SC NPI design. The safety criteria established in the NRSC and SC NPI design must not be at variance with the requirements of regulatory documents.
Safety culture - the set of characteristics and peculiarities of the activities of organizations and behaviour of individuals which assigns the highest priority to matters of assurance of the safety of the nuclear installation according to extent of their significance.
Localizing safety systems (components) - systems (components) designed to limit the spreading of radiation and ionizing radiation beyond the boundaries provided by the design of the NRSC and SC NPI and their release into the environment.
Ground control complex of spacecraft is a set of technical means, structures and vehicles designed to control the SC, unified in a single complex of information and service communication control lines.
Anticipated operational occurrence is any disturbance in the NRSC operation with deviation from the established operation limits and conditions. Here, other design limits and conditions may be violated.
Normal operation of a spacecraft with a nuclear reactor is the operation of the NRSC within the operating limits and conditions established by the design.
Normal operating conditions of a spacecraft with a nuclear reactor are the conditions under which the designed operational limits and conditions of the NRSC are met.
Supporting safety systems (components) of a spacecraft with a nuclear reactor - process systems (components) intended to supply the safety systems with power and working media and to create conditions for their functioning.
Disposal orbit is a radiation-safe orbit designed to take the NRSC to it after completion of operation to reduce the probability of collisions with operating SC and to free up space for new SC.
Shutdown of reactor plant - bringing the NR to the subcritical state and keeping the NR in this state.
Common cause failure of systems (components) of a spacecraft with a nuclear reactor - failure of systems (components) caused by the same failure, or the same human error, or internal or external impact.
Error of personnel operating a spacecraft with a nuclear reactor - a single unintentional incorrect impact on controls or a single omission of a correct action, or a single unintentional incorrect action in the maintenance of safety-related equipment and systems.
Passive system (component) of a spacecraft with a nuclear reactor - a system (component) with the functioning associated only with the event initiating its actuation and independent from operation of any other system (component), for example a control system or a power supply system.
In accordance with their design features the passive systems (components) are classified into passive systems (components) with mechanical moving parts (for example check valves) and passive systems (components) without mechanical moving parts (for example pipelines and vessels).
Personnel serving a spacecraft with a nuclear reactor - persons working with man-made radiation sources (group A) or working on a radiation object, or on the territory of its sanitary protection zone and being in the area of exposure to man-made sources.
Consequences of a failure of systems (components) of a spacecraft with a nuclear reactor - probable (observed) damage from a failure of a component and/or the object of operation as a whole.
Pre-emergency situation on a spacecraft with a nuclear reactor - the state of NRSC (SC NPI) characterized by violation of the limits and (or) conditions of safe operation, which has not developed into an accident.
Maximum permissible emergency release - numerical values of radionuclide releases into the environment in case of beyond design basis accidents at the NPI manufacture stage that do not cause any exceedance of the exposure dose for the public within the protective action planning zone and outside it above the values specified in the effective radiation safety standards and necessitating any decision making on the public protection measures in case of an accident with due regard for the worst weather conditions.
Limits of safe operation of a spacecraft with a nuclear reactor are the values of process parameters, parameters and characteristics of the state of systems (components) and NRSC (SC NPI) as a whole, set by the design, deviations from which can lead to an accident.
Design limits of a spacecraft with a nuclear reactors - values of parameters and characteristics of the systems (components) and the entire NRSC (SC NPI) established in the design for normal operation and abnormal operation including pre-accident situations and accidents.
Operational limits for a spacecraft with a nuclear reactor - the values of parameters and characteristics of the state of systems (components) and NRSC (SC NPI) as a whole, set by the design for normal operation.
Fuel element (electric generating channel) damage - exceedance of at least one of the damage limits established for fuel elements.
Threshold effect is a significant abrupt deterioration in NRSC safety (SC NPI) caused by small parameter changes.
Accident consequences on a spacecraft with a nuclear reactor - a radiation situation caused by the accident and inflicting harm and losses due to exceedance of the established radiation exposure limits for the personnel, the public and the environment.
Safe failure principle - the principle stating that in case of any system or component failure the SC NPI shall transfer to the safe state without any necessity for initiation of any actions via the CSS.
Single failure principle - the principle stating that the system shall perform the preset functions in case of any initiating event requiring its operation and in case of any component failure in this system considered in the NRSC and SC NPI design and independent of the initiating event.
The principle of independence - the principle for reliability enhancement by functional and (or) physical separation of the channels (components) whereas a failure of any channel (component) does not result in the failure of another channel (component).
The principle of diversity - the principle for reliability enhancement by application of two or more systems or components for performance of a safety function having different designs or operation principles in order to reduce the probability of a common cause failure.
The principle of redundancy - the principle for reliability enhancement by application of several similar or different components (channels, systems) so that each of them shall perform the required function regardless of the state (including failure) of other components (channels, systems) intended to perform this function.
Component or system check (inspection) - control of a system or component in order to determine their operable or non-operable condition, to detect any faults and to confirm the design characteristics.
Nuclear reactor start-up is a set of operations that provides the beginning of a controlled fission chain reaction and a controlled increase in the reactor power to the required level using systems for heat removal and conversion into electrical and/or kinetic energy.
Physical start - NR start-up, which includes bringing the reactor to a critical state and the experimental determination of the neutron-physical characteristics of the NR at the power level, which does not require forced cooldown of the RP.
Working orbit - the orbit in which the spacecraft performs the target operation.
Nuclear safe orbit - the orbit, the lifetime of the NRSC on which is sufficient for the decay of fission products accumulated in the reactor and radionuclides activated in the NRSC structural elements, to the level established in the NRSC design and regulatory documentation.
Designers of a nuclear installation (spacecraft with a nuclear reactor, nuclear power installation of spacecraft, reactor plant of the spacecraft nuclear power installation) - organizations that develop the design and provide its scientific and technological support, including engineering support, throughout the NRSC life cycle stages.
Rocket and space complex - a set of space missile(-s)s with functionally interrelated technical means and facilities designed to ensure the transportation, storage, bringing to readiness and keeping ready, maintenance, training, launch and flight control of space missiles at the ascent phase.
Reactor plant - NR and systems and components directly related to the same that are intended for normal operation, emergency protection, cooling, and maintenance in the safe state, as well as radiological protection of the NRSC systems.
Nuclear reactor - a device for controlled nuclear fission chain reaction.
Inherent self-protection - the property of NRSC (SC NPI) to provide safety based on natural responses, processes and characteristics.
Self-assessment - analysis performed by the organizations engaged in relevant activities, by the administrative management or the personnel of organization in order to assess compliance with the requirements related to the NRSC and SC NPI safety as well as to evaluate efficiency and adequacy of management for safety purposes.
System of a spacecraft with a nuclear reactor - a combination of NRSC components for performing specified functions.
Automatic control system - a set of hardware, software and information support designed for automatic control of SC NPI.
Safety systems (components) of a spacecraft with a nuclear reactor - systems (components) designed to perform specific actions (safety functions) aimed at preventing accidents or limiting their consequences.
Safety-related systems (components) of nuclear reactor spacecraft - safety systems (components) as well as normal operation systems (components), the failures of which can disrupt normal operation of the NRSC or impair elimination of deviations from normal operation and can lead to accidents.
Normal operation systems (components) of a spacecraft with a nuclear reactor - systems (components) intended for normal operation.
Special-purpose hardware for beyond design basis accident management - systems (components) provided in the SC NPI (NRSC) design for management of beyond design basis accidents.
Special transport packaging set is a sealed device designed for transportation and storage of SC NPI (RP of NPI).
Reactivity members are technical means implemented in the form of solid, liquid or gaseous absorbers (retarders, reflectors), the change of position or state of which in the core or reflectors is provided by a change of reactivity of the reactor.
Stage of life cycle - conventionally identifiable part of the life cycle, which is characterized by specifics of the direction of the work carried out at this stage, and the final results.
Safety requirements - a set of characteristics, conditions imposed on the object of operation, as well as technological methods and protective equipment, technical and organizational measures to ensure safety, in order to exclude or reduce to acceptable values the effects on personnel, the object of operation, interfaced and other objects, as well as the environment, characterized by hazardous and harmful factors that may arise during the operation of the object.
Accident management - organizational measures and actions involving the use of technical means aimed at preventing the development of design-basis accidents into beyond-design ones and/or to mitigate the consequences of beyond-design-basis accidents.
Management for safety purposes - activities performed by organizations engaged in relevant activities, by the administrative system of the relevant organization. This system integrates all control elements in such a way that any processes assuring compliance with the NRSC and SC NPI safety requirements are established and implemented with due regard for other requirements particularly economic requirements, requirements for the management, personnel, occupational safety, environmental protection, accounting and control of nuclear materials, physical security and quality so that these requirements and demands would not affect the NRSC safety adversely.
Control of a spacecraft with a nuclear reactor (nuclear power installation of spacecraft) - bringing the NRSC (SC NPI) control systems to a predetermined state and/or maintaining this state.
Control safety systems (components) - systems (components) intended to initiate actions of safety systems and to assure control and monitoring thereof during performance of the prescribed functions.
Safe operation conditions - the minimum requirements for quantity, characteristics, operability and maintenance conditions for the safety-related systems (components) established in the design when compliance with the safe operation limits and (or) safety criteria is assured.
Normal operation conditions - the conditions established in the design for the quantity, characteristics, operable condition and maintenance of systems and equipment of NRSC (SC NPI) necessary for its operation without violating the limits of normal operation.
Actuation setpoints of safety systems - the values of parameters, which automatically trigger the actuation of SS in cases of anticipated abnormal operational occurrences.
Operation of a spacecraft with a nuclear reactor is the stage of the life cycle from the moment of the NRSC's launch into the working orbit to decommissioning, during which the specified NRSC functions (properties) shall be implemented through purposeful activities of the operating personnel to bring the NRSC into the readiness, keeping it ready and using the same according to its designated purpose, as stipulated by the design and operational documentation.
Nuclear reactor spacecraft operating organization (operating organization) - the organization established in accordance with the legislation of the Russian Federation and recognized in accordance with the procedure and under the terms and conditions stipulated by the Government of the Russian Federation and the relevant nuclear energy usage controlling agency as suitable for operation of the NRSC and performance of the activities for the NRSC siting, design, construction, operation and decommissioning with its own efforts or through engagement of any other organizations.
Component of a spacecraft with a nuclear reactor is an integral part of the NRSC, which shall be considered in the analysis as a whole, and not subject to further disaggregation.
Nuclear hazardous work - work affecting reactivity, which, when performed, may lead to violations of limits and (or) conditions of safe operation of the NRSC (SC NPI) and/or to the formation of secondary critical mass.
Nuclear power installation of spacecraft is a complex of systems and equipment located in the SC and intended for the implementation of controlled nuclear chain fission reaction, conversion of nuclear energy into other types of energy (mechanical, thermal, electrical) and providing them to SC in the modes and conditions of its application established by the design.