Obsolescence management is more than just providing a spares inventory. It must also allow continuing safe operation of the nuclear power plant without unplanned shutdowns. If like-for-like replacements are not available, the design and approval of replacement equipment can take considerable time. This is particularly the case for safety protection and programmeable systems. Such equipment is generally electronic and includes crane motor drive controls, PDP or similar logic computers and communication networks using early protocols such as DECnet.

This article advocates the need for an early planning phase termed ‘Design for Replacement’. Although this article has been primarily written about equipment obsolescence in existing plant, these processes are also applicable for new-build.

The need to be proactive

In a 2004 study for the MOD, historical analysis showed the equipment replacement costs for component parts of a system, where there is no equivalent substitute, varying from £50,000 to £2.8 million [1; see also box]. The study found that the earlier obsolescence is identified, more options are found to be available which will mitigate its cost impact. There is therefore the potential for significant cost avoidance if obsolescence is identified through a proactive obsolescence management strategy.

Reactive obsolescence management will not allow replacement options to be properly considered so that control of replacement costs can be significantly reduced. With reactive obsolescence management, an immediate replacement may not be available, the lack of which could lead to unplanned or prolonged plant shutdowns.

Proactive control of obsolescence replacement requires the development of a plan that maximises the benefits of equipment modernisation and, most importantly, results in a cost-effective solution.

Proactive obsolescence management requires an up-front pre-design stage in the planning process. Altran Praxis refers to this as a ‘Design for Replacement’ approach which enables an adequate understanding of the costs and risks of future replacements. This is especially important where the system involves technology that is rapidly evolving or provides safety protection.

The obsolescence planning process must consider the possibility that rapid technological evolution will most likely require that some systems be replaced one or more times before the plant’s end of life. New technologies in nuclear applications include programmable controls, digital I&C (instrumentation and control) systems, “smart” sensors and wireless communication.

Benefits

Proactive planning for obsolescence will, in addition to the preparation of the equipment specification:

  • Capture institutional knowledge affecting equipment condition and reliability
  • Assess potential ageing mechanisms that add to long-term risks.

Planning will involve an up-front cost in setting up a proactive obsolescence management programme; however these costs are easily offset over the life of the programme. Proactive obsolescence management will reduce total costs as time is available to evaluate and optimise the correct replacement system. Any additional benefits from improved equipment can also be offset against the obsolescence replacement cost.

Scope

The up-front ‘Design for Replacement’ approach is undertaken early as a separate activity, prior to the equipment replacement phase, to enable a complete unconstrained analysis of the obsolescence problem to be performed. By undertaking this obsolescence assessment early, the main maintenance team are not burdened with extended repair programmes as additional issues emerge during replacement. The urgency of requirements to complete the emergent changes generally results in inefficiencies as well as requiring unplanned safety approvals. Also, unfamiliar replacement activities can be poorly executed due to a lack of the correct workforce competences.

The ‘Design for Replacement’ planning activity will define the extent and requirements of the equipment to be replaced. It will include conducting a failure modes analysis to assess the importance and impact on production and safety of the failure of non-repairable obsolete equipment. The purpose is to fully understand where changes are required to the plant and the significance to associated equipment or systems.

This planning activity will provide a clear definition where new as opposed to like-for-like technology will be required. It will define whether functional improvements to the equipment are required or would be beneficial. This will consider aspects such as the human machine interface, alarm indications and reliability & availability requirements as well as any new legislative requirements. For safety protection systems involving I&C this may involve confirming compliance to new or updated standards such as—for electronic and programmable systems—IEC 61508 or IEC 61511. The derivation of the replacement equipment requirements will be based on the existing equipment data sheet, current operational procedures and equipment failure or downtime records. This should identify any constraints for replacement equipment such as space, commissioning conditions, or any parallel working arrangements with existing equipment prior to decommissioning.

In order to obtain a complete understanding of the replacement requirements, interviews with the engineer responsible for the equipment, and maintenance and operational staff should be sought. This will provide knowledge of any operational or maintenance issues, including improvement recommendations.

The replacement strategy needs to take account of the level of utilisation of equipment. Equipment with low utilisation, such as high-integrity cranes for nuclear loads, can sometimes be used as a source of temporary spares or refurbished at low risk to plant operation. Also, low-utilisation or less-important equipment may be able to be used as a source of spares.

Effects

After the outline design for any replacement system has been determined, the next step is to understand the consequences of the change, how the change will be implemented and the approval strategy.

During this next step an understanding of the existing safety argument recorded in plant safety cases is required. The safety argument should be reviewed for completeness and to determine whether any changes are required in the light of recent legislation. An attempt should be made, if possible, to isolate and remove any safety functionality into a separate system to minimise the refurbishment or upgrade of obsolete equipment. An accurate assessment is essential so excessive safety claims are not made, particularly where electronic and/or programmable systems are required. Excessive claims can lead to additional replacement costs. Obsolescence management is likely to extend over a considerable time period, so Altran Praxis advocates the use of a process called Goal Structuring Notation (GSN) to maintain the safety argument and safety claims.

Goal Structuring Notation (GSN) is a process that facilitates the development of well defined and structured safety arguments [2]. Altran Praxis finds GSN beneficial because safety arguments are easier to maintain and can be more readily understood by others. Furthermore, GSN has been adopted in the railway industry; it is strongly recommended by the rail approval authorities.

GSN is a graphical argumentation notation that explicitly represents the individual claims of a safety argument and the relationship between these claims. It further shows how these claims are supported by evidence. Hence the GSN process will present the overall safety argument with claims, as well as being extendable into the later equipment replacement phase where it can display the actual evidence used to show safety claim compliance.

Understanding the safety claim requirements in conjunction with the ‘Design for Replacement’ approach assists in understanding the costs and risks of future replacements. These activities will identify the replacement equipment, implementation requirements and the approval strategy including definition of the necessary safety justification evidence. They will provide firm time and cost estimates for implementation and commissioning activities.

This ‘Design for Replacement’ approach will avoid many problems associated with:

Inadvertent trips caused by unanticipated and undesired behaviours of digital and programmable I&C systems

Design issues discovered during installation and testing, when costs to correct are high.

The ‘Design for Replacement’ approach allows due consideration of the additional complexity associated with the presence of electronic and programmable systems. First, any new technology has to be judged adequate to meet the required safety claims. This may require compliance assessments to generic standards such as IEC 61508 or nuclear industry standards such as IEC 60880 or IEC 62138. Such a need for assessments demands an understanding of the rationale behind the code so that overly conservative conclusions are not made on a safety integrity claim for an item of equipment. Second, tools such as the CINIF EMPHASIS Tool used in the UK nuclear industry may be used to prepare these compliance assessments . Such tools are good for generic evaluation assessment. Their recommendations need to be adaptable to repeat applications in the same or similar plant; making conservative assertions could result in unnecessary application costs. Third, the assessment of electronic and programmable equipment leads to the setting of safety integrity claims using the Safety Integrity Level concept. SILs identify, in terms of four quantitative levels, the robustness required in the design and verification processes. Requirements for each of the levels are defined in standards such as IEC 61508. An understanding of the safety integrity process is required by both assessment and non-assessment staff involved with equipment replacement, so conservative decisions are not created inadvertently.

Projects involving software

In order to minimise conservatism, the lessons learnt from previous replacement projects must be fed back into the obsolescence management process to ensure that decisionmaking is lean and truly delivering the most economic solution, as well as ensuring reliable and uninterrupted nuclear power generation. Problems occur when suppliers offer a replacement that is not like-for-like. For example, a smart instrument manufacturer might propose a like-for-like replacement of a malfunctioning component. But will the replacement be exactly the same as the original? Even a standard software development such as a firmware upgrade might change the equipment functionality such that extensive substantiation is required, which will significantly increase costs due to unplanned work.

Any obsolescence report will need to be revisited every 5-10 years so that an accurate equipment list is maintained and that cost-effective planning of their replacement is performed. This update cycle can also be used to take account of significant regulatory changes. However, this requirement should not mean rewriting plant standards. In the UK at least, the fundamental ‘as low as reasonably practicable’ approach to risk reduction defined in the Health and Safety at Work Act 1974 may be found to be the controlling requirement. Besides, international systems standards define good practice, which only changes slowly with time.


Related Articles
The costs of obsolescence

References

[1] Qinetiq and ARINC, Ministry of Defence Component Obsolescence Resolution Cost Metrics Study, March 2004, available via www.neimagazine.com/modobstudy.
[2] Dr Tim Kelly, A Systematic Approach to Safety Case Management, Proceedings
of SAE 2004 World Congress, Detroit, March 2004, www.neimagazine.com/gsn