Operational Safety

Design, construction and operational features of OPAL ensure effective protection of reactor personnel, the general public and the environment against radiological hazards.

The application of the 'defence in depth' principle and the provision of redundant and independent means of protection is the design philosophy behind OPAL's building and systems.

OPAL has two redundant, independent protection systems that continuously watch for signs of deviation from the normal operating conditions.  Each system is able to trigger shutdown at any time, if required. The two protection systems monitor variables relevant to reactor safety. Safety responses are triggered automatically whenever conservative pre-set limits are exceeded.

The first shutdown system quickly inserts five neutron-absorbing plates into the reactor core. Upon release, they fall by gravity. The second shutdown system empties the reflector vessel of its heavy water which, again, flows by gravity into a storage tank. No energy is needed to make these two systems function.

The construction of all facilities is extremely robust and within strict safety margins.

The design is fully compliant with all normal requirements for research reactor safety established by ARPANSA (the Australian Radiological Protection and Nuclear Safety Agency) and the IAEA (the International Atomic Energy Agency).

The conception of the reactor applies two well proven design criteria in nuclear installations: "Defence in Depth", and ALARA ("As Low As Reasonably Achievable"). It thus establishes several successive protection levels and multiple physical barriers to prevent radioactive emissions. The two criteria have been thoroughly applied, making OPAL one of the safest research reactors in the world.

Safety

The inherent safety of the reactor is ensured by the open pool design, passive safety features and the negative reactivity coefficient of the reactor core.

An open pool means no pressurised cooling circuits, which greatly reduces the possibilities of leaks or other types of pipe failure. A negative reactivity coefficient ensures that as the reactor core increases in power and thus temperature, the inherent feedback within the fuel and coolant reduces the reactivity of the core, which in turn reduces the core power. Thus, the power generated by the reactor core is naturally self-limiting.

The reactor features passive safety systems that rely on natural phenomena (such as gravity) rather than on active power sources (such as electricity).  An example of passive safety is the core cooling system. During reactor operation, water is forced through the core by pumps. However, during shutdown, the core is cooled by natural circulation, which does not rely on electrical power or any operator input.

Core cooling

The pumps of the primary cooling system feature inertial flywheels that ensure a smooth transition from forced circulation to natural circulation during the shutdown process. No flow reversal is necessary during this transition, as both pumping and natural convection make water flow through the core upwards. When the primary cooling pumps stop, flap valves open automatically to allow natural circulation to establish. The reactor pool itself is a large heat sink, able to store the heat generated by the shutdown reactor for an extended period of time. In the case of a "loss of coolant accident", water in the pool is replenished by gravity to cool the core.

Containment

During normal operation, the ambient air circulates through the reactor containment and its quality is continually checked. If necessary, the reactor building can be isolated from the environment. Under these conditions, the containment air pressure, temperature and moisture are controlled by a containment energy removal system