Failure-dependent test, repair, and shutdown strategies : Reducing the impact of common-cause failures

Failure-dependent testing implies a test of redundant components (or trains) when the failure of one component has been detected. The purpose of such testing is to detect any common-cause failures (CCFs) of multiple components so that a corrective action, such as repair or plant shutdown, can be taken to reduce the residence time of multiple failures. This type of testing focuses on reducing the conditional risk of CCFs. Formulas are developed for calculating the conditional failure probability of a two-train system with different test, repair, and shutdown strategies. A methodology is presented, with an example calculation, showing the risk effectiveness of failure-dependent strategies for emergency diesel generators in nuclear power plants. Four alternative actions after the identification of a failure of one component are analyzed : (a) not carrying out any additional testing, (b) testing the redundant components and shutting down the plant if a CCF is present, (c) emergency repair of the failed component in a given time (less than the allowed outage time), and (d) additional testing of redundant components after the repair of the failed component.