Defence in Depth
Paragraph 3.31 of the International Atomic Energy Agency (IAEA) Fundamental Safety Principles states that:
“Defence in depth is implemented primarily through the combination of a number of consecutive and independent levels of protection that would have to fail before harmful effects could be caused to people or to the environment. If one level of protection or barrier were to fail, the subsequent level or barrier would be available.... The independent effectiveness of the different levels of defence is a necessary element of defence in depth.”
Defence in depth requires that multiple layers of defence are provided via engineered features and management arrangements for preventing failures, and if prevention fails, limiting the consequences and prevention of evolution of events to more serious conditions. Defence in depth applies to fault escalation and does not simply require multiple containment barriers or levels of protection.
The IAEA defines the following layers of defence in depth:
| Levels of Defence in Depth | Objective | Essential means for achieving the objective |
|---|---|---|
| Level 1 | Prevention of abnormal operation and failures | Conservative design and high quality in construction and operations |
| Level 2 | Control of abnormal operation and detection of failures | Control, limiting and protection systems and other surveillance features |
| Level 3 | Control of accidents within the design basis | Engineered safety features and accident procedures |
| Level 4 | Control of severe plant conditions, including prevention of accident progression and mitigation of the consequences of severe accidents | Complementary measures and accident management |
| Level 5 | Mitigation of radiological consequences of significant releases of radioactive materials | Off-site emergency response |
The IAEA layers are structured as a hierarchy, and priority is given according to the position in the hierarchy. For example, elimination of deviations from normal operation should be sought first. If this is not possible then measures to terminate any possible deviations should be considered, and so on throughout the hierarchy.
The following flowchart from IAEA Safety Reports Series No. 46, Assessment of Defence in Depth for Nuclear Power Plants shows the potential progression from one layer to the next.
The requirement to apply defence in depth in UK safety cases is reflected throughout the Office for Nuclear Regulation (ONR) Safety Assessment Principles (SAPs), and is specifically identified in principle EKP.3 of the SAPs which states:
“Nuclear facilities should be designed and operated so that defence in depth against potentially significant faults or failures is achieved by the provision of multiple independent barriers to fault progression.”
Additional Information & Guidance
- IAEA, Defence in Depth in Nuclear Safety (INSAG-10), IAEA: Vienna, 1996.
- IAEA, Safety Report Series No. 46, Assessment of Defence in Depth for Nuclear Power Plants, IAEA: Vienna, 2005.
- IAEA, Design Features to Achieve Defence in Depth in Small and Medium Sized Reactors (NP-T-2.2), IAEA: Vienna, 2009.
- ONR, Safety Assessment Principles for Nuclear Facilities, 2014 Edition.
- IAEA Safety Standards Series No. SF1: Fundamental safety Principles; 2006