Operational safety
"Defence in depth" is the design philosophy behind OPAL's building and systems.
Within OPAL, there are two independent protection systems which continuously watch for signs of deviation from the normal operating conditions. Each of them is able to trigger shut-down if needed.
Design
The design and construction features of OPAL ensure effective protection of reactor personnel, the general public and the environment against radiological hazards.
The construction of all facilities is extremely robust and within strict safety margins.
The design is fully compliant with all normal requirements for research reactor safety established by ARPANSA (the Australian Radiological Protection and Nuclear Safety Agency) and IAEA (the International Atomic Energy Agency).
The conception of this one reactor applies two well proven design criteria in nuclear installations: "Defence in Depth", and ALARA ("As Low As Reasonably Achievable"). It thus establishes several successive protection levels and multiple physical barriers to prevent radioactive emissions. The two criteria have been thoroughly applied, making OPAL one of the safest research reactors in the world.
Safety
The inherent safety of the reactor is ensured by the open pool design and the negative reactivity coefficient of the reactor core.
An open pool means no pressurised circuits, which greatly reduces the possibilities of leaks or other types of pipe failure. A negative reactivity coefficient means that as the reactor core increases in power and thus temperature, the inherent feedback within the fuel and coolant reduces the reactivity of the core, which in turn reduces the core power. Thus, the power generated by the reactor core is naturally self-limiting.
The reactor features passive safety, based on natural phenomena rather than on technological systems. The coolant circulation system, forced by pumps in standard operations but guaranteed by natural convection in other circumstances, is the principal example of this design philosophy, but there are many others, mostly in the redundant shut-down systems.
The two protection systems monitor all variables relevant to reactor safety. Safety responses are triggered automatically whenever set limits are attained.
The nuclear fission chain reaction can be interrupted at any time by the action of redundant and independent shutdown devices, each based on a different physical principle and each functionally non-related to the other.
The reactor safety and protection systems take the reactor to a safe shut-down condition should any abnormal operating conditions be detected.
Reactor shutdown
The first shutdown system quickly inserts five neutron-absorbing plates into the reactor core. Upon release, they fall by gravity. The second shutdown system empties the reflector tank of its heavy water which, again, flows by gravity into a storage tank placed underneath the core. No energy is needed to make these two systems function.
Core cooling
The pumps of the primary cooling system feature inertial flywheels for continued cooling during the shutdown process. No flow reversal is necessary to dissipate the reactor heat by natural circulation, as both pumping and natural convection make water flow through the core upwards. The reactor pool itself is a large heat sink, able to cool down the core in any circumstances. In the case of a "loss of coolant accident", water in the pool is replenished by gravity to cool the core.
Containment
During normal operation, the ambient air circulates and its quality is continually checked. If necessary, the reactor building can be isolated from the environment. Under these conditions, the containment air pressure, temperature and moisture are controlled by a containment energy removal system.