The Final Frontier
A paradigm shift in safety thinking
Decommissioning represents the final life cycle stage of any asset, and while its inevitability is ever-present, the unique risks that arise during this stage can present unexpected challenges and require smart solutions.
INTRODUCTION
When an asset such as a nuclear power station, oil & gas production facility or chemical plant reaches the end of its operating life, and refurbishment is not feasible or economically viable, the decision will be taken to begin its decommissioning. For a large, aged facility, this presents a massive challenge, typically requiring a complex and multifaceted process that needs meticulous planning, its own safety case with new safety measures, and a commitment to environmental stewardship. There can be a significant change in the safety and environmental risks normally associated with its operation, all of which must be carefully identified, assessed and managed.
A DIFFERENT MINDSET
Decommissioning requires a shift in thinking compared to new build or operational safety cases, since (for example):
- Hazards are a one-off and the associated increase in risk may be balanced against the longer term risk reduction
- Some hazards may be unknown or have large uncertainties and not be revealed until surveys are undertaken or during dismantling
- Existing systems may be repurposed and operated in ways that they were not originally intended or their performance or reliability may be degraded, given their age
- The introduction of new systems or processes is often highly constrained by existing structures and equipment
- Plant design and as-built/modified configuration information may be out-of-date, hampered by poor record keeping or entirely absent Personnel involved with the original design or operation may no longer be available, particularly if there’s a long pause before decommissioning begins
- The impact of new legislation and standards will need to be considered, which can prove tricky to navigate when a mix of new and existing equipment and structures is involved
DECOMMISSIONING STAGES
Every decommissioning project is different, but each will almost certainly involve a number of distinct stages as a way to manage the associated risk, uncertainty and timescales. For example, the decommissioning of a nuclear power plant can span decades and is typically divided into three main phases:
1. Immediate Post-Shutdown Phase:
This phase begins shortly after the reactor ceases operations for the last time. The focus at this stage is on removing fuel, waste and other hazardous materials from the plant, and safely storing these materials onsite. At this point, the site may enter an interim care and maintenance stage (which could last many years).
2. Safeguarding and Dismantling Phase:
During this phase, preparations are made for dismantling the power plant. Contaminated materials are safely removed, and systems that no longer serve a purpose are disconnected. Careful planning is crucial to prevent the spread of residual harmful substances and ensure worker safety. Significant changes to infrastructure may be required, for example removal or addition of roads or transport links, and construction of new buildings as well as the deconstruction of old ones.
3. Final Decommissioning Phase:
The final phase involves dismantling the remaining structures and cleaning up the site. Decontamination efforts are intensified, and any residual waste is disposed of in accordance with strict regulatory guidelines. The goal is to restore the site to a condition that allows for its potential reuse or return to nature. This may involve new waste storage and treatment facilities and changes to site utilities such as power and water.
A MATTER OF TIMING
Regulation is also being shaped by custom and practice, the timing of innovation and the nature of the hazard with respect to the potential number of simultaneous fatalities, all of which shape societal attitude to risk.
An interesting thought experiment is to ask the question: If motor cars had not yet been invented, would they (and roads) be permitted in their current form? In the UK, the Health and Safety Executive (HSE) expects hazards to the general public from work-related facilities or activities to cause no greater than one death in 10,000 per year (the limit of tolerability), with an aim of less than 1 death in a million per year (Ref. 5). In comparison, road traffic accidents in 2022 caused 1,695 fatalities (Ref. 6) which, averaged over a population of 67 million (Ref. 7), equates to 1 death in 39,500 per year. For some individuals (e.g. long distance commuters or pedestrians living near busy roads), their risk will be much higher than the average and may well approach the limit of tolerability (noting, however, that HSE’s enforcement responsibility in this respect does not extend to the public highway). Recognising that cars are controlled manually and preventing accidents largely depends on the driver alone, a safety engineer (and regulator) might well conclude that if we were to apply the ALARP principle, we would be obliged to consider what more could be done to reduce risk (over and above existing safety features such as speed limits, seat belts, air bags, ABS brakes, and crumple zones).
Perhaps because of our long-held love of the motor car and the typically singular nature of casualties, this hazard generally falls into a societal blind spot, compared to, say, the hazard of nuclear power, which on paper at least is over an order of magnitude safer. More generally, it appears that the safety bar for new technology will always be higher than if it were pre-existing.
RISK ASSESSMENT
Evidently, there can be changes to hazards and risks both within each stage and between stages – some hazards may be eliminated (which after all is the aim of decommissioning), while other new hazards may be introduced, albeit generally short-lived.
There will be existing safety case resources available from the operational phase, including hazard identification studies and safety assessment, which provide a good baseline from which to identify differences.
Workshops, such as HAZOPs, are an important tool in developing the decommissioning process and understanding the impact on existing systems operating in new scenarios and the requirement for new systems. Questions that are answered include:
- Are the operational hazards and consequences still present and if so, have they changed? Have any new hazards or consequences been introduced? How long will they be present for?
- Is the safety system in question still required under normal conditions or in emergencies? What happens when it is isolated? If it is needed, are the performance requirements more or less onerous?
- When can a system be safely isolated (noting that there still may be an ongoing maintenance burden)? How should this be achieved? Is a new safety system required to replace safety systems that can no longer function or to mitigate new hazards?
If the decommissioning process is labour intensive, workers may be much more exposed to potential hazards than would be the case during the operational phase. New hazards may also relate to waste generation, contamination and environmental emissions; or ongoing maintenance and testing of systems while decommissioning is underway. Subsequent assessment of the associated risk of decommissioning will typically draw a distinction between quiescent periods, where risk levels are approximately constant, and activities, which may attract a temporary increase in risk followed by a fall in steady state risk as hazards are removed or eliminated. A transparent treatment of unknowns or uncertainties is needed so that risk-based decisions can allow for any associated pessimism introduced as a consequence.
Answering the question invoked by the ALARP principle of what more is it reasonably practicable to do to minimise risk, especially relating to peaks, must take due account of the short time at risk and the final risk reduction achieved. As such, solutions may rely much more on operator action rather than passive or automated safeguards, unless these can be delivered cost-effectively.
CONCLUSION
While lessons learned can be read across from project to project, at the highest level the greatest lesson is that ideally decommissioning should be designed into all new plant from the outset rather than developed ad hoc at the time. This might involve:
- Dual purpose plant and equipment, such as installed cranes able to lift dismantled plant
- Dual purpose buildings, such as turbine halls that can become waste stores
- A modular design, with units that can be easily removed and refurbished or replaced with purpose-designed plant for decommissioning
- Designing structures in a way that simplifies the demolition process and minimises contaminated waste
- Selecting materials and corrosion tolerances appropriate for the entire lifespan
- Automating the dismantling process where practicable
Alongside this we might imagine a build approval process that requires as much thought about decommissioning as it does for operations; and a culture through life that keeps in mind decommissioning when it comes to modifications, maintenance, record keeping and knowledge capture.
CONCLUSION
The decommissioning of ageing facilities is as inevitable as the rising sun. Lessons learned along the way can be read across from facility to facility, and from industry to industry. Moreover, perhaps this hard-won experience can also inform the development and implementation of new facilities and new technologies to the extent that a considered and future-proof decommissioning plan is built into the design from the outset.
This article first appeared in RISKworld Issue 44
References
- Attribution: John at the English-language Wikipedia, https://commons.wikimedia.org/wiki/File:DounreayJM.jpg
