G. Johanson, A. Kreuser, P. Pyy, D. Rasmuson, W. Werner
April 6, 2013
Events initiated by common-cause-failure (CCF) can significantly affect the availability and reliability of nuclear power plant safety systems. In recognition of this, CCF data are systematically collected and analysed in the International Common-Cause Data Exchange (ICDE) Project, which was initiated in August 1994. Since April 1998, the NEA has formally operated the project. Currently eleven countries participate in the project. The ICDE collects all events where two or more identical, redundant components of a group, fulfilling the same function, have failed or were impaired due to a shared cause (ICDE events). Complete CCFs, i.e. failure of all identical, redundant components in the group due to a shared cause are an important subset of the collected data. Currently, data exchange and analysis covers the following components: centrifugal pumps, diesel generators, motor-operated valves, safety and relief valves, check valves, reactor protection system components (level measurement, control rod drives, etc), circuit breakers, and batteries. The main findings of the ICDE reports issued by 2005 show averaged over all components that about two thirds of all complete CCF events involve faulty actions by plant personnel and contractors. The single largest contribution is from faulty testing and maintenance work due to deficient and/or incomplete procedures. Other important causes are insufficient testing and requalification of components or systems after maintenance, repair, modifications or backfitting work, as well as operator errors of commission. The probability that a reported ICDE event is a complete CCF decreases strongly with increasing number of redundant components, demonstrating the effectiveness of redundancy as a powerful defence against CCFs. However, complete CCFs cannot be completely prevented by high redundancy only.