Explaining the LCO concept using an analogy

There’s always room to better explain what an LCO actually is. One thing that’s helpful to know is the relationship between operability, surveillance requirements, and the LCO . . . .

The Tech Specs include Surveillance Requirements to monitor critical equipment at certain maintenance intervals to ensure that it is operable. For example, if maintenance technicians perform their surveillance on one of the emergency diesel generators (EDGs) and find that it can’t start, it becomes “inoperable” and the site enters an LCO. Things get tense then as they work around the clock to restore the EDG to Operability to lift the LCO.

To use a helpful, though perhaps controversial analogy, think of a nuclear plant like a hand grenade, with the LCO being like its hand lever and pin. The grenade is a useful tool designed for specific tasks, but it can be dangerous to the person operating it. As long as its safety measures remain intact, however, it will remain stable. When you pull the pin, the grenade is primed but you retain control over it; you just better hope you don’t trip and accidentally drop it.

When you let go of the lever you only have a few seconds before it explodes. Normally, you pull the pin and release the lever on purpose, but there is the possibility that either may be done on accident. Entering an LCO, such as by losing one EDG, is like pulling the pin, either on accident (due to component failure) or on purpose (due to routine maintenance). Losing the second EDG is like letting go of the lever: things could get messy at any moment, so you better disarm the grenade before it pops.

Shutting the plant down is a precautionary measure that’s like defusing the armed grenade if you can’t get the pin back in. The primary concern in such a case is that, even if the plant were operating normally, and the offsite power was available as normal, but the two backup power sources became unavailable, then Murphy’s law will take over and the plant will suffer a massive earthquake that knocks out the offsite power and trips the reactor. In such a case, the backup power sources would not be available to shutdown the plant, and the plant could become very dangerous.

If you can think of a better analogy that’s also less controversial, let me know. I’ll publish it here.