0KAERI

August 29, 2007

A Simulator Study and its Application to a Human Reliability Analysis (HRA) of NPPs

Joint 8th IEEE Conference on Human Factors and Power Plants AND 13th Annual Workshop on Human Performance/Root Cause/Trending/Operating Experience/Self Assessment

- August 26-31, 2007, Monterey, CA, USA -

Wondea Jung, Jinkyun Park, and Jaewhan Kim

Integrated Risk Assessment CenterKorea Atomic Energy Research Institute

1KAERI

Contents

ν Introductionν Background and objectiveν HRA and PSFs

ν A Human Performance DB : OPERAν Data collection ν Data analysis ν Analysis result

ν Applicationsν Sensitivity analysis of an HRA by using simulator data

ν Conclusion

2KAERI

Background

ν 1st generation HRA methods are still being used predominantly for conventional PRAs of NPPs,ν in spite of their limitations, ν although we have a few 2nd generation HRA methods.

ν Quality of PRAs has become more important because PRAsare used as technical bases for risk-informed decision makings in NPPsν It requires to improve the quality of HRAν How to improve HRA’s quality?

ν Two approaches to improve the quality of HRAsν Standardizing the process and quantification rules ν Supplying plant specific inputs to HRA

3KAERI

Overview of KAERI’s research

ν KAERI’s research on Human Performance/Reliability Analysis; ν To develop a framework for evaluation of HFs to plant riskν To develop a method/tool for improvement of human performance

• Simulator Data• Task Analysis• Event Reports

Human Performance DB (OPERA)

• Task complexity• Error influencing factors

• Design procedure/ training programs

Studies for enhancing Human Performance

• Standardizing HRA method• Supplying plant specific

inputs• Research on Advanced

HRA method

Studies for supporting HRAs

Improving Quality of HRAs

Enhancing Human Performance

4KAERI

Overview of KAERI’s research

ν KAERI’s research on Human Performance/Reliability Analysis;ν To develop a framework for evaluation of HFs to plant safetyν To develop a method/tool for enhancing human performance

• Simulator Data• Task Analysis• Event Reports

Human Performance DB (OPERA)

• Task complexity• Error influencing factors

• Design procedure/ training programs

Studies for enhancing Human Performance

• Standardizing HRA method• Supplying plant

specific inputs• Research on Advanced

HRA method

Studies for supporting HRAs

Improving Quality of HRAs

Enhancing Human Performance

5KAERI

Objective

ν To develop a human performance DB to support an HRA based on simulator studyν Generate plant specific inputs for an HRA

6KAERI

Characteristics of 1st generation HRA

ν Most 1st generation HRA methods are model-basedν Human error probability (HEP) can be quantified by

assigning inputs to model parameters, which are called performance shaping factors (PSFs).

ν Quality of HRA depends on the information of context, i.e., PSFs

ν PSFs depends on each HRA method. But a set of common PSFs can be listedν Available timeν Experience & Trainingν Procedureν Ergonomics & HMIν Complexityν Workload & Stressν Environmentν Safety cultureν etc.

Quantification model

PSFs rating

PSFs list

Error probability

Quantification process of HRA

7KAERI

HRA & PSFs

ν An assumption used in many HRA methods (THERP, ASEP HRA, SPAR-H, K-HRA, etc.) is, Pr (HE) = Pr (Error in diagnosis part) + Pr (Error in execution part)

ν Diagnosis part of HE has a big effect on the plant risk

Human Error(execution part)

16%

others1%

Common CauseFailure34%

Test andMaintenance

5%

ComponentFailure16%

Human Error(diagnosis part)

28%Human Error

44%

Event contribution to the plant risk based on the normalized F-V importance(Ref.: PSA for Ulchin3&4, KEPCO, 2000)

8KAERI

HRA & PSFs

ν In case of K-HRA method, the equation for HEP of a diagnosis part is as followsHEP(Diag.) = Basic HEP(Diag.) x W (weighting factor)

where, Basic HEP(Diag.) = f (available time for diagnosis) W = f (MMI, education/training, procedure, decision load, task priority)

ν Among PSFs, ‘available time’ is a critical input for a post-initiating HFE in most time-dependent HRA methodsν In order to determine ‘available time’, we need operators’

performance time (OPT) of a given task

9KAERI

Design of OPERA DB

ν OPERA (Operator PErformance and Reliability Analysis) DBν A database of human performance

developed by KAERIν Operators’ performance data of

emergency tasksν Event/cause data of daily operational

tasksν Data sources

ν Emergency tasks : simulator data ν Daily operational tasks : unplanned

reactor trip event reportsν Uses of OPERA DB

ν Generate inputs for HRA ν Support technical bases for HFs

researches

Human factors analysisbased on K-HPES (11 items)

CommunicationsProceduresInterface designWorking conditionsWork schedulrs, ...

Gathering the operators'performance data (20 items)

Initiating conditions Operators' experience level Performance time data in

conducting procedural steps The operators' behavior, ...

Nuclear Power Plants Simulator

Plant outagedatabase(TRIP DB)

Near-missdatabase

Task analysis(EOPs) Interviews with experts

Emergency trainingObservations/Records/nalysis

OPERAData for

daily tasksData for

emergency tasks

10KAERI

Data Collection

ν Performance time analysis based on simulator dataν In total 112 simulation records were collected for six accident

scenariosν 24 operating crews participated in the simulator experiments

Summary of the simulator records Scenarios a Number of simulation records

LOCA (loss of coolant accident) 28 SGTR (steam generator tube rupture) 23 LOAF (loss of all feed water) 23 ESDE (excessive steam demand event) 18 LOOP (loss of off-site power) 10 SBO (station blackout) 10

aInitiating conditions : - 11 distinct break sizes : 0.3%~30% on the basis of cross-sectional area of pipes - 10 distinct break locations : cold-legs in loop 1&2, pressurizer PORVs, U-tubes on SG 1&2,

MSIV on main steam line 1&2, main steam line 1&2, auxiliary feedwater lines - ON/OFF of several safety components : auxiliary/main feedwater pumps, emergency diesel

generators, switchyard, electric buses, heater/spray of pressurizer, every kinds of valve etc.

11KAERI

Data Analysis

ν Simulator records were analyzed by using two techniquesν A time-line analysis and a verbal protocol analysis have been

conducted along with the significant tasks of the EOPs

EOP &

step T ime

(min:sec) Operator ’s responses and verbal protocols

- 0:37 Star t an init iating event LOCA (loss of coolant accident event, PORV 10% open)

0:00 Reactor tr ip SPTA 0:25 Star t SPTA (standard post- tr ip action) procedure

• • •

5:24 Finish SPTA procedure DA 5:32 Star t DA (diagnostic action) procedure

5:36 SRO: “RO, ver ify whether all control rods are inserted” Step1 5:40 RO: “All control rods are inserted” 5:43 SRO: “TO, are all AC and DC buses energized?” Step2 5:57 TO: “Yes, All AC and DC buses are energized” 6:00 SRO: “RO, RCP status?” Step3 6:05 RO: “All RCPs are running” 6:11 SRO: “TO, report SGs’ level and trends” Step4 6:26 TO: “SG#1 level is 33% and decreasing now, SG#2 level

is 45% and its trend is also decreasing”

• • •

12KAERI

ν Analyze operators’ performance time of critical tasks in emergenciesν Time to finish a critical task from a

reactor tripν 30 emergency tasks of EOPs

Delivery of asufficient SI flow 4.0 5.0

Checking criteriafor RCP stoppage 6.0 7.0

Identifying and isolatinga faulty SG 11.0 12.0 13.0 14.0

Emergency tasksin coping with SGTR

Task Mean (s)

Standard deviation (s)

Delivery of a sufficient SI flow 576.4 345.3 Checking criteria for RCP stoppage 616.7 313.7 Identifying and isolating a faulty SG 1188.3 182.9

λ λ λ

Data Analysis

Simulationstart

Reactortrip

Eventinitiation

End of the 5th

procedural step

Task completion time for<Delivery of a sufficient SI flow>

13KAERI

Analysis Results

ν OPT (operators’ performance time) to diagnose an occurring eventν Time to perform the SPTA

(standard post trip action) procedure

ν Time to perform the DA (diagnostic action) procedure

0

50

100

150

200

250

300

350

Dia

gn

osi

s T

ime

(se

c)

Mean 182.36 137.15 135.8 106.67 101.33 195.93

Upper 254.79 226.92 183.47 146.53 156.58 302.62

Lower 109.93 47.38 88.13 66.81 46.08 89.24

ESDE LOAF LOCA LOOP SBO SGTR

Performance Time (sec.) Procedure and Task

Initiating Event

Number of data Mean Std. Dev.

SPTAa All events 112 196.2 72.8 LOCA 28 135.8 47.8 SGTR 23 195.9 106.7 ESDE 23 182.4 72.4 LOAF 18 137.2 89.8 LOOP 10 106.7 39.9

DAb

SBO 10 101.3 55.3 aStandard post-trip action (SPTA) procedure bDiagnostic action (DA) procedure

14KAERI

Analysis Results

ν OPT to execute an emergency task defined in EOPsExecution time c (sec) Initiating

event Task description

(task type) Procedure

stepsb Number of data Average Std. Dev.

Delivery of a sufficient SI flow 4-5 15 565.3 200.5 Checking criteria for RCP stoppage 6-7 17 592.8 200.1 Isolating break location (inside/outside containment) 8-13 13 848.9 272.1

Securing the integrity of a containment 11-13 7 808.3 249.4 Cooling down RCS 15-19 6 923.0 311.7 Maintaining RCS conditions within the limit of PT curve 20 3 988.0 253.4

Removing voids from RCS 27-28 6 1245.7 499.3 Isolating SIT 39 7 1998.6 738.6

LOCAa

Preventing LTOP event 40 3 2448.0 1023.6 Delivery of a sufficient SI flow 4-5 7 576.4 345.3 Checking criteria for RCP stoppage 6-7 9 616.7 313.7 SGTR Initial cooling down the hot-leg temperature of RCS 8-10 4 687.3 179.2

•••••• aBreak locations of LOCA were inside containment. bSteps means the step number of the related procedure, LOCA procedure in here. cExecution time means the time from reactor trip to the end of an associated task

15KAERI

Application

ν An application to HRA by using the OPTsν Sensitivity analyses of two HFEs by K-HRA method

ν HFE of F&B (feed and bleed) operationν HFE of ACD (aggressive cool down) operations

* Most important tasks to the risk of a reference NPP

16KAERI

Application

ν F&B operation ν Condition: Total loss of all feed water (MFW and AFW systems are

unavailable) in a LSSB (Large Secondary Side Break) event ν Task: Operators identify the system state, and open the valves in

SDS (Safety Depressurization System) to bleed RCS inventory within 23 minutes after reactor trip

ν Time inputs for the calculation of HEPs(time : minute)

Allowable time

Cue time Available time for F&B

Performance time for F&B

Available time for diagnosis part of F&B

Original HRA

23 (T/H) 2 (AFAS) 21 5 (expert judge)

9 (simulator)

16

Revised HRA

23 (T/H) 2 (AFAS) 21 12

17KAERI

Application

ν ACD operation ν Condition: High pressure safety injection (HPSI) system fails to

inject refueling water into RCS in a small LOCA (Loss of CoolantAccident) event

ν Task: Operators identify the system state, and start aggressive cool down operation with a maximum cooling rate of 100ºF/hr by using secondary steam removal system within 20 minutes after reactor trip

ν Time inputs for the calculation of HEPs(time : minute)

Allowable time

Cue time Available time for ACD

Performance time for ACD

Available time for diagnosis part of ACD

Original HRA

20 (T/H) 0 (SIAS) 20 10 (expert judge)

23 (simulator)

10

Revised HRA

20 (T/H) 0 (SIAS) 20 < 0

18KAERI

Application

ν Summary of the quantification resultsSensitivity analysis based on the analyzed operators’ performance time

HEP for diagnosis Nominal Final(f)9

Final HEP for action(g)

Total HEP (h=f+g)

Human Failure Events

Original/Revised HEP

Allowable time (a)

Cue time(b), related cue

Available time for a task (c=a-b)

Action time (d)6

Available time for diagnosis(e=c-d) Median7 EF Mean8 Mean Mean Mean

Original HEP1

23 2, AFAS3 21 5 16 3.90E-2 5 6.29E-2

9.46E-2 5.0E-2 1.46E-1 F&B operation

Revised HEP2

23 2, AFAS 21 9 12 7.63E-2 5 1.23E-1 1.85E-1 5.0E-2 2.35E-1

Original HEP

20 0, SIAS4, no flow from HPSIS5

20 10 10 1.0E-1 3 1.25E-1

2.38E-1 1.0E-1 3.38E-1 ACD operation

Revised HEP

20 0, SIAS, no flow from HPSIS

20 23 < 0 1.0 - 1.0 1.0 - 1.0

1) HEP based on time data of expert judgment 2) HEP based on time data of simulator and EF(error factor)

3) AFAS : Auxiliary feedwater actuation signal 4) SIAS : Safety Injection Actuation Signal 5) High Pressure Safety Injection System 6) Average time to execute a required action

7) HEP of a diagnosis part based on Figure 8-1 of the ASEP HRA [26]

8) Mean value that is converted from lognormal distribution with median and error factor (EF) 9) Final HEP of a diagnosis part after considering PSFs such as MMI, education/training, and procedure

19KAERI

Application

ν Summary of the sensitivity analysis

Change of HEP

1.46E- 01

3.38E- 012.35E- 01

1

0.00E+00

2.00E- 01

4.00E- 01

6.00E- 01

8.00E- 01

1.00E+00

1.20E+00

HFE(F&B) HFE(ACD)

Prob

abili

ty

Original HEP Revised HEP

Change of CDF

7.43E- 06 7.43E- 068.12E- 06

1.20E- 05

0.00E+00

2.00E- 06

4.00E- 06

6.00E- 06

8.00E- 06

1.00E- 05

1.20E- 05

1.40E- 05

HFE(F&B) HFE(ACD)

Freq

uenc

y

Original CDF Revised CDF

20KAERI

Conclusion

ν Decision makers want to more reliable risk informationν Need a plant specific database to improve the quality of HRA

ν To supply a plant specific inputs of HRA, an operators’performance time (OPT) was analyzed based on simulator dataν 112 simulation records with six emergency scenariosν Time to diagnose an initiating eventν Time to perform an emergency task and each procedural step

ν Applied the OPT to an HRAν Revised the HRA of a reference plant based on plant specific

simulator data

21KAERI

ν Human performance data of OPERAν Large amount of data (2,600 data)

ν 160 simulation records (’99~present)ν 440 unplanned Rx trip records (’78~’00)

ν Managing and searching SWν Generate HRA input and technical bases for

HFs evaluation

Data of OPERA DB

Task goals and stepsMajor PSFs (PIFs)Potential error types and causesCommunication patternsProcedure compliance

Qualitative data

Work practice29%

Managerial method17% Work organization

/planning12%

Man-machineinterface

12%

Training/qualifications

7%

Supervisorymethod

6%

Miscellaneous17%

Event diagnosis timeTask execution timeNumber of diagnosis failure

Quantitative data

0

50

100

150

200

250

300

350

Dia

gnosis

Tim

e (

sec)

Mean 182.36 137.15 135.8 106.67 101.33 195.93

Upper 254.79 226.92 183.47 146.53 156.58 302.62

Lower 109.93 47.38 88.13 66.81 46.08 89.24

ESDE LOAF LOCA LOOP SBO SGTR

Operator PErformance andReliability Analysis DB

OPERA DB

160 simulation records with 6 scenarios440 Rx trip records with 50 human induced events86 generic procedural step of EOPs

Task analysisof EOPs

Interview withplant experts

Simulator data

Trip data