ML061580624
| ML061580624 | |
| Person / Time | |
|---|---|
| Issue date: | 09/01/2006 |
| From: | NRC/NRR/ADRA/DNRL/NGDB |
| To: | |
| Oesterle, E,ADRA/DNRL/NRBA, 301-415-1365 | |
| Shared Package | |
| ML061800499 | List: |
| References | |
| DG-1145 | |
| Download: ML061580624 (19) | |
Text
DG-1145, Page C.I.18-1 HFE Program Management Operating Experience Review Functional Requirements Analysis and Function Allocation Task Analysis Staffing & Qualification Human Reliability Analysis Human-System Interface Design Procedure Development Training Program Development Human Factors Verification and Validation Design Implementation Human Performance Monitoring Planning and Analysis Design Verification and Validation Implementation and Operation Figure C.I.18-1 HFE elements to be addressed in the FSAR C.I.18. Human Factors Engineering Chapter 18 of the final safety analysis report (FSAR) should describe how the principles of human factors engineering (HFE) are incorporated into (1) the planning and management of HFE activities; (2) the plant design process; (3) the characteristics, features, and functions of the human-system interfaces (HSIs),
procedures, and training; and (4) the implementation of the design and monitoring changes to the design at the site. In so doing, this chapter should illustrate how human characteristics and capabilities are successfully integrated into the nuclear power plant design, in such a way that they result in a state-of-the-art design and support successful performance of the required job tasks by plant personnel. Specifically, the FSAR should address the HFE elements shown in Figure C.I.18-1.
COL Applicant Submittals For each element illustrated in Figure C.I.18-1, the FSAR should describe the objectives and scope of the applicants activities related to the given element, the methodology used to perform the analyses, and the results of the analyses. The specific content related to each element is addressed in the remainder of this section of DG-1145.
DG-1145, Page C.I.18-2 In general, the COL applicant (hereinafter called the applicant) may summarize the information.
The applicant should reference the location of the detailed information in, for example, supplemental reports.
Submittals for HFE Activities That Have Not Been Completed When the COL application is submitted, all of the HFE Program Review Model elements may not have been completed. The design implementation element, for example, will not be completed until the plant is constructed. The human performance monitoring element is an operational program. Therefore, the implementation plan for the human performance monitoring program would be approved by the time of fuel load and subsequently implemented in accordance with the approved plan.
If an HFE element has not been completed at the time the COL application is submitted, the FSAR should describe the objectives and scope of the applicants activities related to the element, the methodology that will be used to perform the activities, and the expected results of the activities. In addition, an implementation plan and schedule for completing the element should be submitted. The implementation plan should describe the use and disposition of the corresponding results. DAC/ITAAC also should be submitted that define the criteria for closure of the element when it is completed.
Applicants are encouraged to submit implementation plans at the earliest opportunity in the pre-application phase. An early review by the NRC of an implementation plan gives the applicant the opportunity to obtain staff comments concerning the applicants approach before COL submittal or before conducting the activities associated with the element. Such a review is desirable from both the staffs and the applicants perspectives because it provides the opportunity to resolve methodological issues and provide input early in the analysis or design process, when staff concerns can more easily and more cost-effectively be addressed, rather than when the activity is completed.
For similar reasons, the applicant is encouraged to submit other documents, such as an HSI style guide, for NRC review and opportunity for issue resolution before the applicant initiates and completes the detailed design work.
C.I.18.1 HFE Program Management In this section of the FSAR, the applicant should describe the HFE program plan, including the following topics:
general HFE program goals and scope HFE team and organization HFE process and procedures HFE issues tracking HFE technical program C.I.18.1.1 General HFE Program Goals and Scope The goals of the HFE program should be described to provide a design that enables personnel to accomplish their tasks within time and performance criteria, and to develop HSIs that support a high degree of operating crew situational awareness.
DG-1145, Page C.I.18-3 Any assumptions and constraints on the design should be identified. An assumption or constraint is an aspect of the design, such as a specific staffing plan or use of specific HSI technology, that is an input to the HFE program rather than the result of HFE analyses and evaluations. An example is to design the control room so that a single operator can manage all normal plant evolutions.
All plant facilities that will be designed using the HFE program plan should be identified. These should include the main control room, remote shutdown facility, technical support center (TSC), emergency operations facility (EOF), and local control stations (LCSs). The HSIs, procedures, and training included in the HFE program should also be identified.
In addition, the FSAR should identify the plant personnel who will be affected by HFE activities (e.g., licensed operators, non-licensed operators, and mechanical maintenance personnel). All plant personnel who will perform tasks that are directly related to plant safety should be identified.
C.I.18.1.2 HFE Team and Organization The FSAR should describe the following aspects of the applicants HFE design team and organization:
areas of responsibility with respect to the HFE program (e.g., scheduling of activities and milestones placement within the overall design organization authority to provide reasonable assurance that all of its areas of responsibility are accomplished and to identify problems in the implementation of the overall plant design design team composition with respect to areas of expertise staffing in terms of job descriptions and assignments of team personnel C.I.18.1.3 HFE Process and Procedures The FSAR should describe the HFE process and procedures that the design team uses to execute its functions. These procedures should address the following topics:
assigning HFE activities to individual team members governing the internal management of the team making management decisions regarding HFE making HFE design decisions governing equipment design changes reviewing HFE products Identify process management tools (e.g., review forms) that the design team uses to document the fulfillment of its responsibilities.
Describe the integration of HFE and other plant design activities (e.g., the inputs from other plant design activities to the HFE program and outputs from the HFE program to other plant design activities).
The iterative nature of the HFE design process should be described with HFE program milestones identified, and with a specification of evaluations to determine the effectiveness of the HFE effort at critical milestones in the design process. This should include a program schedule of HFE tasks showing the relationships between HFE elements and activities, products, and reviews. HFE documentation, not included in the FSAR, should be identified and briefly described with the procedures used for document retention and access.
DG-1145, Page C.I.18-4 The management of subcontractor HFE efforts should be described. The process through which HFE requirements were included in each subcontract should be described along with procedures for verifying the subcontractors compliance with HFE requirements.
C.I.18.1.4 HFE Issues Tracking The FSAR should describe the means and processes by which HFE issues are tracked to resolution.
The description should include the methodology used to document and track HFE issues from identification until the potential for negative effects on human performance has been reduced to an acceptable level. In addition, the description should identify the criteria used to decide whether issues are to be entered into the system.
Describe the means used to document issues, including the steps taken to track each issue to final resolution.
Describe the procedures used to define individual responsibilities for issue identification, logging, tracking, analysis, and resolution acceptance. Describe how each issue will be tracked to completion to ensure that it is appropriately addressed in the design and documented as such prior to fuel load.
C.I.18.1.5 HFE Technical Program The FSAR should describe the general technical approach to address the following HFE activities:
operating experience review functional requirements analysis and function allocation task analysis staffing and qualifications human reliability analysis HSI design procedure design training design human factors verification and validation design implementation human performance monitoring This section should address the integration and scheduling of these activities within the overall design effort, while the detailed objectives, scope, methodology, and results of these activities are described in subsequent sections of FSAR Chapter 18.
This section should also describe the following aspects of the HFE technical program:
general HFE requirements, standards, and specifications that are used general HFE facilities, equipment, tools, and techniques, such as simulators, utilized in the HFE program.
Items specific to individual HFE elements should be provided in the methodology descriptions for those elements.
DG-1145, Page C.I.18-5 C.I.18.2 Operating Experience Review The FSAR should describe the applicants operating experience review (OER) and how it was used to identify HFE-related safety issues.
C.I.18.2.1 Objectives and Scope of OER The FSAR should describe the objectives of the applicants OER process and the scope of the analyses performed, including OER analyses related to the following topics:
the predecessor plant(s) and systems experience in industries with applicable systems industry HSI experience risk-important human actions (HAs) specifically identified industry issues issues identified by plant personnel issue resolution or a scope of how OER is applied C.I.18.2.2 Methodology C.I.18.2.2.1 OER Process The applicant should describe its administrative procedures for evaluating operating, design, and construction experience, and for ensuring that applicable important industry experiences will be provided in a timely manner to those designing and constructing the plant, as required by Title 10, Section 50.34 (f)(3)(i), of the Code of Federal Regulations [10 CFR 50.34(f)(3)(i)].
C.I.18.2.2.2 Predecessor Plants and Systems If there is a previous or predecessor design/plant that is similar to the applicants proposed nuclear power plant or has been used as part of the design basis of the plant, the applicant should specifically identify that plant/design. When there is more than one predecessor plant/design, the role of each should be clearly defined. The applicant should then describe how HFE-related problems and issues in the previous plants/designs are identified and analyzed so that these problems and issues may be avoided in the new design. The applicant should also address how positive features of previous plants/designs are identified, evaluated, and retained.
The FSAR should describe the predecessor plant(s) and systems, and explain the relationship of each to the applicants design. The OER should include human factors issues related to the predecessor plant(s). When the new proposed plant utilizes new technology, the applicant should obtain and describe experience from applications of this new technology, even if it is not from the predecessor plant.
C.I.18.2.2.3 Risk-Important Human Actions The FSAR should identify risk-important HAs in the predecessor plants and determine whether they are still risk-important in the applicants design. For those that are applicable, the FSAR should identify the scenarios where those HAs were called for during plant operation and state whether the actions were successfully completed, noting design aspects that helped to ensure success. By contrast, if errors occurred in the execution of the HAs, the applicant should identify insights related to needed improvements in human performance.
DG-1145, Page C.I.18-6 Where the risk-important HAs for the new plant are determined to be different from those of the predecessor plant, the FSAR should identify any operational experience related to the different risk-important HAs.
The FSAR should also identify risk-important HAs from the OER that require special attention during the design process and note any insights that would be beneficial during the HFE design and implementation processes.
C.I.18.2.2.4 HFE Technology The FSAR should describe OER associated with the proposed HFE technology in the applicants design. For example, if a computer operated support system (COSS), computerized procedures, or advanced automation are planned, the FSAR should describe HFE issues associated with their use.
C.I.18.2.2.5 Recognized Industry Issues The FSAR should describe how the applicants design adresses recognized industry HFE issues (as described in NUREG/CR-6400), HFE Insights for Advanced Reactors, 1996. This includes issues in the following categories:
unresolved safety issues and generic safety issues Three Mile Island (TMI) issues NRC generic letters and information notices reports of the former NRC Office for Analysis and Evaluation of Operational Data low-power and shutdown operations operating plant event reports C.I.18.2.2.6 Issues Identified by Plant Personnel The applicant should describe personnel interviews, conducted during the OER, to determine operating experience related to predecessor plants and systems. In so doing, the applicant should summarize information obtained during personnel interviews, as it relates to plant operations and HFE design in the following areas:
Plant Operations normal plant evolutions (e.g., startup, full-power, and shutdown) instrument failures [e.g., safety-related system logic and control unit, fault-tolerant controller (nuclear steam supply system), local field unit for the multiplexer (MUX) system, MUX controller (balance-of-plant), break in the MUX line]
HSI equipment and processing failure [e.g., loss of video display units, loss of data processing, loss of large overview display]
transients [e.g., turbine trip, loss of offsite power, station blackout, loss of all feedwater, loss of service water, loss of power to selected buses or control room (CR) power supplies, and safety/relief valve transients]
accidents [e.g., main steam line break, positive reactivity addition, control rod insertion at power, control rod ejection, anticipated transient without scram (ATWS), and loss-of-coolant accidents (LOCA)]
reactor shutdown and cooldown using the remote shutdown system
1As used here and elsewhere in this document, the term requirements refers to requirements that are established as part of the design process. The term requirements is not used in this context to denote regulatory requirements. There are no regulatory requirements in this document (only guidance for preparing applications).
DG-1145, Page C.I.18-7 HFE Design Topics alarm and annunciation display control and automation information processing and job aids real-time communications with plant personnel and other organizations procedures, training, staffing/qualifications, and job design C.I.18.2.2.7 Issue Analysis, Tracking, and Review This section of the FSAR should describe how OER issues are entered into the HFE tracking system.
C.I.18.2.3 Results The FSAR should summarize the results of the OER. This summary should discuss the source materials, such as documents, event reports, personnel interviews, and so forth, that were evaluated using the OER methodology. A sample of OER-identified issues should be included along with their resolution.
The FSAR should provide a reference to the database where issues are maintained.
C.I.18.3 Functional Requirements1 Analysis and Function Allocation C.I.18.3.1 Objectives and Scope C.I.18.3.1.1 Functional Requirements Analysis The FSAR should describe the objectives of the applicants functional requirements analysis and the scope of the analyses performed. The scope should include identification and analysis of those functions that must be performed to satisfy the plants safety objectives; that is, to prevent or mitigate the consequences of postulated accidents that could cause undue risk to the health and safety of the public.
C.I.18.3.1.2 Function Allocation Analysis The FSAR should describe the objectives of the applicants function allocation analysis and the scope of the analyses performed. The scope should include analysis of requirements for plant control and the assignment of control functions to (1) personnel (e.g., manual control), (2) system elements (e.g.,
automatic control and/or passive, self-controlling features), and (3) combinations of personnel and system elements (e.g., shared control or automatic systems with manual backup).
DG-1145, Page C.I.18-8 C.I.18.3.2 Methodology C.I.18.3.2.1 Methodology for Functional Requirements Analysis The FSAR should describe the methodology used to perform the functional requirements analysis.
If the proposed new plant uses the same functional requirements (FRs) as a predecessor plant, a description of the methodology is not needed. In this case, the FSAR should identify the predecessor plant(s) that used the same FRs and should provide the functions themselves in the Results section (18.3.3).
The FSAR should describe how the functional requirements analysis will be kept current over the plants life cycle from design development through decommissioning, so that it can be used as a design basis when modifications are considered.
The applicant should provide a description of the functions and systems with a comparison to the reference plants/systems (i.e., the predecessor plants or plant systems on which the new system is based).
This description should identify differences that exist between the proposed and reference plants/systems.
Safety functions (e.g., reactivity control) include functions needed to prevent or mitigate the consequences of postulated accidents that could cause undue risk to the health and safety of the public. For each safety function, the FSAR should clearly define the set of plant system configurations or success paths that are responsible for or capable of carrying out the function. Function decomposition should start at top-level functions, where a very general picture of major functions is presented, and continue to lower levels until a specific critical end-item requirement emerges (e.g., a piece of equipment, software, or HA).
A description should be provided for each high-level function and related parameters. Note that parameters may be described qualitatively (e.g., high or low). Specific data values or setpoints are not necessary at this stage.
An important point to note is that the applicant should document the technical basis for modifications to high-level functions in the new design (compared to the predecessor design).
Describe the verification of the functional requirements analysis to show that the following criteria are met:
All of the high-level functions necessary to achieve safe operation are identified.
All requirements of each high-level function are identified.
C.I.18.3.2.2 Methodology for Function Allocation Analysis The FSAR should describe the methodology used to perform the function allocation analysis, including the iterative nature of how control functions are reallocated, in response to developing design specifics, operating experience, and the outcomes of ongoing analyses and trade studies. This description should include the HFE principles embodied in the method. The FSAR should describe how the function allocation will be kept current over the plants life cycle from design development through decommissioning, so that it can be used as a design basis when modifications are considered.
The FSAR should provide the documented technical bases for all function allocations, including the allocation criteria, rationale, and analysis. For example, the performance demands to successfully achieve the function, such as degree of sensitivity needed, precision, time, or frequency of response, may be so stringent that the function would be difficult for personnel to accomplish (or would be error-prone). This would establish a basis for automation (assuming acceptability of other factors, such as technical feasibility or cost).
DG-1145, Page C.I.18-9 Describe how the OER is/was used to identify needed modifications to function allocations. In doing so, the FSAR should describe any problematic OER issues, and provide a function allocation analysis for the new plant, either justifying the original human-machine allocation or illustrating and explaining the new function allocation, including selected solutions such as training, personnel selection, and procedure design changes.
The function allocation analysis should describe the primary allocations to personnel, as well as their responsibilities to monitor automatic functions and to assume manual control in the event of an automatic system failure.
A description of the integrated personnel role across functions and systems should also be provided in terms of personnel responsibility and level of automation.
In addition, the FSAR should describe the verification of the function allocation to show that the allocation of functions results in a coherent role for plant personnel.
C.I.18.3.3 Results The FSAR should summarize the results of the functional requirements analysis and function allocation. This summary should discuss the results of the analyses using the methodologies discussed above. The FSAR should also provide the final plant safety functions along with the analyses that were used to obtain those functions. In addition, the FSAR should provide the final plant function allocation, along with the analyses that were used to obtain that allocation. If necessary, the FSAR should also reference the reports that contain the more detailed analyses.
C.I.18.4 Task Analysis C.I.18.4.1 Objectives and Scope of Task Analysis The FSAR should describe the objectives of the applicants task analysis and the scope of the analyses performed to include assumptions and bounding conditions. The scope description should address how important operations, maintenance, test, inspection, and surveillance tasks were selected, as well as the range of operating modes included in the analyses.
The scope description should also address the means used to identify the risk-important HAs, including the monitoring and backup of automatic actions.
C.I.18.4.2 Methodology The FSAR should provide a description of the methods used to analyze tasks. This description should include the means by which tasks were derived from high-level descriptions to detailed task requirements. The methods used to describe tasks and illustrate their relationships should also be addressed.
The FSAR should also describe the methods used to allocate tasks to members of the operating crew, and how the skills necessary for task performance were determined.
In addition, the FSAR should describe the methodology and criteria used to identify a minimum inventory of alarms, displays and controls. This description should include both task performance and instrumentation and control (I&C) criteria.
DG-1145, Page C.I.18-10 C.I.18.4.3 Results The FSAR should summarize the results of the task analysis and provide examples of the results.
The FSAR should also provide a reference to where and how the detailed results are documented.
In addition, the FSAR should describe how the task analysis results were used as input to the design of HSIs, procedures, and training programs.
C.I.18.5 Staffing and Qualifications C.I.18.5.1 Objectives and Scope of Staffing and Qualifications Analyses The FSAR should describe the objectives of the applicants staffing and qualifications analyses, and the scope of the analyses performed.
The scope should include the number and qualifications of personnel for the full range of plant conditions and tasks, including operational tasks (normal, abnormal, and emergency), and plant maintenance and testing (including surveillance testing). The personnel that should be considered include licensed control room operators as defined in 10 CFR Part 55, as well as the categories of personnel defined by 10 CFR 50.120, including nonlicensed operators, shift supervisor, shift technical advisor, instrument and control technician, electrical maintenance personnel, mechanical maintenance personnel, radiological protection technician, chemistry technician, and engineering support personnel. In addition, any other plant personnel who perform tasks that directly relate to plant safety should be addressed.
C.I.18.5.2 Methodology This section of the FSAR should be coordinated with Section 13.1, which also relates to organization and staffing. The FSAR should describe the iterative nature of the staffing analysis and how the initial staffing goals are/have been reviewed and modified as the analyses associated with other HFE elements are/were completed.
The FSAR should present and discuss compliance with 10 CFR 50.54 (i) through (m). If an exemption from these requirements is being sought, the analysis and justifications should be presented [see also NUREG/CR-6838, Technical Basis for Regulatory Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in 10 CFR 50.54(m) and NUREG-1791, Guidelines for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operating Staff Requirements Specified in 10 CFR 50.54(m) Final Report].
C.I.18.5.3 Results The FSAR should summarize the results of the staffing analysis and qualifications analyses. This summary should discuss the results of the analyses obtained using the methodology discussed above. This should include sufficient detail to permit an understanding of how the methodology was implemented to provide the results. The FSAR should also provide the final staffing levels for all personnel identified in the above scope. As needed, the FSAR should reference the reports that contain the more detailed analyses.
C.I.18.6 Human Reliability Analysis C.I.18.6.1 Objectives and Scope of Human Reliability Analysis
DG-1145, Page C.I.18-11 This section of the FSAR should describe the objectives of the applicants use of the human reliability analysis (HRA) in the HFE area.
The discussion of the scope of this HFE/HRA element should include: (1) an evaluation of the potential for and mechanisms of human error that may affect plant safety (particularly the risk-important HAs); (2) a discussion of potential human errors in the design of HFE aspects of the plant to address the likelihood of personnel error, as well as the likelihood of detecting and recovering from those errors; and (3) the integration of HRA and probabilistic risk assessment (PRA) with the rest of the HFE program. The description of performance of the HRA itself is addressed in SRP Chapter 19.
C.I.18.6.2 Methodology Describe the use of the PRA/HRA to identify the risk-important HAs. Describe the various portions of the PRA that were considered in determining the risk-important HAs, including the Level 1 (core damage) PRA, Level 2 PRA (release from containment), post-core damage actions, internal and external events portions of the PRA, and the low power and shutdown PRA. Describe the importance measures, HRA sensitivity analyses, and threshold criteria (with bases) that were used to arrive at the list of risk-important HAs.
The applicant should also include a discussion of human actions related to passive systems and computer-based HSIs.
Describe the methodology by which the PRA/HRA results and the risk-important HAs are addressed by the HFE design team (through HSI design, procedural development, and training) to minimize the likelihood of operator error and provide for error detection and recovery capability.
Describe the process with which the HRA assumptions, such as decisionmaking and diagnosis strategies for dominant sequences and important actions and uncertainties, were validated during the HFE design process. This should include discussions and walkthrough analyses with personnel who have operational experience and the appropriate use of a plant-specific control room mockup or simulator.
C.I.18.6.3 Results The FSAR should provide the list of risk important HAs and summarize how those HAs and their associated tasks and scenarios were addressed during the various parts of the design process (e.g., in function allocation analyses, task analyses, HSI design, procedure development, and training) in order to ensure that those HAs are well supported by the design and are within acceptable human performance capabilities. The FSAR should also discuss the results of the validation of the HRA assumptions and, as necessary, reference the reports that contain the more detailed analyses.
C.I.18.7 Human-System Interface Design C.I.18.7.1 Objectives and Scope of HSI Design This chapter of the FSAR should describe the applicants HSI design process, including the translation of function and task requirements into the detailed design of alarms, displays, controls, and other aspects of the HSI through the systematic application of HFE principles and criteria. It should also describe the process by which HSI design requirements are developed and HSI designs are identified and refined.
C.I.18.7.2 Methodology C.I.18.7.2.1 HSI Design Inputs
DG-1145, Page C.I.18-12 The FSAR should identify the sources of information that were used as input to the HSI design process. This should include analyses of personnel task requirements, system requirements, regulatory requirements, and any additional sources of requirements that were used as input to the design.
C.I.18.7.2.2 Concept of Operations The applicant should describe the concept of operations used as a basis for HSI design. The description should include the following aspects:
crew composition the roles and responsibilities of individual crewmembers personnel interaction with plant automation use of control room resources by shift crews methods used to ensure good coordination of crewmember activities, including non-licensed operators and maintenance personnel C.I.18.7.2.3 Functional Requirements Specification The FSAR should describe the functional requirements for HSI resources, such as alarms, displays, and controls.
C.I.18.7.2.4 HSI Concept Design The FSAR should describe the conceptual designs that were considered (i.e., the alternative approaches to addressing HSI functional requirements). This description should include the means by which the alternatives were compared and the selected design was chosen, including the factors used to compare alternatives along with the criteria for selection.
C.I.18.7.2.5 HSI Detailed Design and Integration The FSAR should describe the style guide developed for the detailed design, and should identify the development and basis for the guide, along with its scope, topical contents, and procedures for use. In addition, the FSAR should describe the procedures used to maintain a style guide. A reference should be provided to the complete style guide.
In addition, this section should identify the following considerations:
how the design supports personnel in their primary role of monitoring and controlling the plant, while minimizing the demands associated with interface management how the design minimizes the probability of error in the performance of risk-important HAs and provides the opportunity to detect errors, if they should occur the basis for the control room layout, and the organization of HSIs within consoles, panels, and workstations how the control room supports a range of anticipated staffing situations how the HSI characteristics minimize fatigue how the HSI characteristics support human performance under a full range of environmental conditions
DG-1145, Page C.I.18-13 the means by which inspection, maintenance, tests, and repair of HSIs is accomplished without interfering with other control room tasks C.I.18.7.2.6 HSI Tests and Evaluations The FSAR should describe the tests and evaluations performed as part of detailed HSI design and integration. The types of activities, such as trade-off evaluations and performance-based tests, should also be identified and described.
For trade-off studies, the FSAR should identify the factors used in the evaluation, along with the selection criteria and results.
For performance-based tests, the FSAR should describe the objectives and general approach to testing. In addition, the FSAR should address aspects of the methodology including testbeds, performance measures and criteria, study participants, test design, and data analysis.
In addition, the FSAR should describe the use of the test results and their valuations, including, specifically, how identified problems and issues were resolved.
C.I.18.7.3 Results The FSAR should describe the final HSI design. This description should address the considerations discussed in the following subsections:
C.I.18.7.3.1 Overview of HSI Design and Its Key Features The FSAR should provide the overall design concept and its rationale. This description should include the main control room, remote shutdown facility, and local control stations that are important to safety. Key features of the design, such as information display, soft controls, computer-based procedures, alarm processing, and control room layout should also be described.
C.I.18.7.3.2 Safety Aspects of the HSI The FSAR should describe the plant-specific implementation of the following safety aspects of the HSI at a minimum:
safety function monitoring [e.g., safety parameter display system (SPDS)]
periodic testing of protection system actuation functions, as described in Regulatory Guide 1.22 bypassed and inoperable status indication for nuclear power plant safety systems, as described in Regulatory Guide 1.47 manual initiation of protective actions, as described in Regulatory Guide 1.62 instrumentation for light-water-cooled nuclear power plants to assess plant and environmental conditions during and following an accident, as described in Regulatory Guide 1.97 setpoints for safety-related instrumentation, as described in Regulatory Guide 1.105 HSIs for the emergency response facilities (TSC & EOF), as described in NUREG-0696 minimum inventory of fixed position alarms, controls and displays C.I.18.7.3.3 HSI Change Process
DG-1145, Page C.I.18-14 The FSAR should describe the process, after the plant is in operation, by which (1) HSIs are modified and updated,(2) temporary HSI changes are made (such as setpoint modification); and (3) operator defined HSIs are created (such as temporary displays defined by operators for monitoring a specific situation). The procedures governing permissible operator-initiated changes to the HSI should also be described. In addition, the FSAR should describe the criteria used to determine whether an HSI change or modification should come under the control of the formal engineering change process.
C.I.18.8 Procedure Development C.I.18.8.1 Objectives and Scope of Procedure Development The FSAR should describe the objectives and scope of the applicants procedure development program. This section should address the following procedures:
generic technical guidelines (GTGs) for emergency operating procedures (EOPs) plant and system operations (including startup, power, and shutdown operations) test and maintenance abnormal and emergency operations alarm response C.I.18.8.2 Methodology This section of the FSAR should be coordinated with the procedures aspects in FSAR Section 13.5 and describe the basis for procedure development, including the following:
plant design bases system-based technical requirements and specifications task analyses results risk-important HAs identified in the HRA/PRA initiating events to be considered in EOPs, including those events in the design bases GTGs for EOPs The FSAR should describe how the procedure development program addresses the requirements specified in 10 CFR 50.34(f)(2)(ii) and describe the procedure writers guide that establishes the process for developing technical procedures that are complete, accurate, consistent, and easy to understand and follow.
The FSAR should also discuss how the guide ensures that procedures are consistent in organization, style, and content, and specify which procedures fall within the purview of the guide. In addition, the FSAR should describe the basic content and format used for procedures in the facility.
This section of the FSAR should also describe the logic used in developing the content of GTGs and EOPs (e.g., symptom-based procedures with clearly specified entry conditions). Also describe the procedure verification and validation (V&V) program, including the use of simulation where appropriate.
If computer-based procedures (CBPs) are used, the applicant should describe the development, V&V, and implementation processes, with a description of the HSI for the CBPs. An analysis of the alternatives available in the event of loss of CBPs should also be provided.
The FSAR should also describe the process for procedure maintenance and control of updates, as well as how procedure modifications are integrated across the full set of procedures and how the plant ensures that alterations in particular parts of the procedures are consistent with other parts of the full set of procedures.
In addition, the FSAR should describe the physical means by which operators access and use procedures, especially during operational events, for both hard-copy and computer-based procedures.
DG-1145, Page C.I.18-15 Include a discussion of storage of procedures, ease of operator access to the correct procedures, and laydown of hard-copy procedures for use in the control room, remote shutdown facility, and local control stations.
C.I.18.8.3 Results The FSAR should summarize the results of the procedure development program. This summary should discuss the final set of procedures and procedure support equipment developed using the methodology discussed above. This should include sufficient detail to permit an understanding of how the methodology was implemented to provide the results. The actual procedures should be available for NRC inspection.
C.I.18.9 Training Program Development C.I.18.9.1 Objectives and Scope of Training Program Development The FSAR should describe the objectives and scope of the applicants training program. The overall scope of training should be defined, and should include the following:
categories of personnel to be trained, including the full range of positions of operational personnel including licensed and non-licensed personnel whose actions may affect plant safety the full range of plant conditions (normal, upset, and emergency) specific operational activities (e.g., operations, maintenance, testing and surveillance) the full range of plant functions and systems, including those that may be different from those in predecessor plants (e.g., passive systems and functions) the full range of relevant HSIs (e.g., main control room, remote shutdown panel, local control stations, TSC, and EOF) including characteristics that may be different from those in predecessor plants (e.g., display space navigation, operation of soft controls)
C.I.18.9.2 Methodology This section of the FSAR should be coordinated with the training discussions in FSAR Section 13.2 and should describe how the training program follows a systems approach to training and how it addresses the requirements of 10 CFR 50.120, 52.78, and 55.
The roles of all organizations, especially the applicant and vendors, should be specifically defined for the development of training requirements, development of training information sources, development of training materials, and implementation of the training program. For example, the role of the vendor may range from merely providing input materials (e.g., GTG) to conducting portions of specific training programs. The qualifications of organizations and personnel involved in the development and conduct of training should also be defined.
Facilities and resources such as plant-referenced simulator and part-task training simulators needed to satisfy training design requirements and the guidance contained in ANSI 3.5 and Regulatory Guide 1.149 should be defined.
The FSAR should describe the analyses that are used to derive the learning objectives, including the use of: the licensing basis, operating experience, functional requirements analysis, function allocation, task analysis, human reliability analysis, the details of the HSI design, plant procedures, and insights from the
DG-1145, Page C.I.18-16 V&V. Describe how the learning objectives address the knowledge, skills and abilities (KSAs) associated with all relevant dimensions of the trainees job.
The FSAR should describe the training program design, including the use of lectures, simulators, and computer-based training; training on theory and practical applications; and the schedule, timing and arrangement of training.
The FSAR should discuss the methods used evaluate the overall effectiveness of training programs and trainee mastery of training objectives, as well as overall proficiency, including written and oral tests and review of personnel performance during walkthroughs, simulator exercises, and on-the-job evaluation.
Also, describe the evaluation criteria used for training objectives.
The FSAR should also describe the following aspects:
the training simulator, its conformance with the current version of ANSI/ANS3.5, Nuclear Power Plant Simulators for Use in Operator Training and its place/usage in the plant training program the methods for verifying the accuracy and completeness of training materials and for refining and updating the content and conduct of training the planned retraining program C.I.18.9.3 Results The FSAR should summarize the results of the training program development. This summary should discuss the training program developed using the methodology described above. This should include sufficient detail to determine how the methodology was implemented to produce the training program used to train the facility staff.
C.I.18.10 Verification and Validation C.I.18.10.1 Objectives and Scope of Verification and Validation The FSAR should describe the objectives of the applicants verification and validation (V&V) program and the scope of the analyses performed. The description of the scope should address which aspects of the plant HFE were included in the HSI task support verification, HFE design verification, and integrated system validation.
C.I.18.10.2 Methodology The applicants methodology description should address the following topics:
operational conditions sampling: the selection of operational scenarios to be used in V&V activities design verification: the evaluation of the HSI design for meeting task requirements and HFE guidelines integrated system validation: the evaluation of whether the integrated system (hardware, software, and crew) meets performance requirements human engineering discrepancy (HED) resolution: the resolution of potential human performance issues identified in V&V evaluations C.I.18.10.2.1 Operational Conditions Sampling
DG-1145, Page C.I.18-17 Identify the operational conditions sampling methodology. Describe the range of operational conditions considered during V&V activities. This description should include consideration of (1) conditions that are representative of the range of events that could be encountered during plant operation, (2) the characteristics expected to contribute to system performance variation, and (3) the safety-significance of HSI components.
C.I.18.10.2.2 Design Verification The FSAR should describe an inventory of all HSI components (alarms, controls, displays and related equipment) associated with the personnel tasks based on the identified operational conditions that are within the defined scope of the V&V. This description should include the method used to develop the inventory and the information sources on which it is based. The types of information used to form the HSI characterization should be identified, as illustrated by the following examples:
unique identification code number or name associated plant system and subsystem display characteristics and functionality control characteristics and functionality location in the data management system The FSAR should describe the methods used to verify that the HSI provides all of the alarms, information, and control capabilities required for personnel tasks.
The FSAR should also describe the methods and approach used to verify that characteristics of the HSI, and the environment in which it is used, conform to HFE guidelines.
In addition, the FSAR should describe how the design verification evaluation criteria were developed and how HEDs are identified.
C.I.18.10.2.3 Integrated System Validation Validation evaluates whether the integration of hardware, software, and personnel elements acceptably supports safe operation of the plant. The FSAR should describe methods for integrated system validation, including the following aspects of the validation methodology:
test objectives validation testbeds plant personnel scenario definition performance measurement measurement characteristics performance measure selection performance criteria test design coupling crews and scenarios test procedures test personnel training participant training pilot testing data analysis and interpretation validation conclusions Describe how HEDs were identified during the validation.
DG-1145, Page C.I.18-18 C.I.18.10.2.4 Human Engineering Discrepancy Resolution Discuss the process by which HEDs were prioritized and resolved. Design changes made for individual HEDs should be identified, along with an indication of their current status (implemented or scheduled to be implemented). Also, when HED resolution involves a design change, the FSAR should describe how the change complies with the V&V evaluation criteria.
C.I.18.10.3 Results The FSAR should summarize the results of V&V activities, including identification and resolution of HEDs, and the major conclusions from these activities along with their bases.
If some V&V criteria cannot be evaluated until after fuel load, these should be clearly identified in terms of what remaining evaluations need to be performed, when they will be completed, and how their completion will be communicated to the staff.
The FSAR should provide information on how the detailed results are documented and how they can be accessed by the staff.
C.I.18.11 Design Implementation C.I.18.11.1 Objectives and Scope of Design Implementation The FSAR should describe the objectives and scope of the applicants design implementation. The scope should include the following considerations:
V&V of design aspects that cannot be completed as part of the HSI V&V program confirmation that the as-built HSI, procedures, and training conform to the approved design confirmation that all HFE issues in the tracking system are appropriately addressed C.I.18.11.2 Methodology The FSAR should describe how aspects of the design that were not addressed in V&V will be evaluated. These aspects may include design characteristics, such as new or modified displays for plant-specific design features, and features that cannot be evaluated in a simulator, such as control room lighting and noise.
Describe how the final (as-built) HSIs, procedures, and training will be compared with the detailed design description to verify that they conform to the design that resulted from the HFE design process and V&V activities. Also describe the process for correcting any identified discrepancies, as well as the justification process for allowing discrepancies to remain.
In addition, describe the process for ensuring that all HFE-related issues documented in the issue tracking system will be verified as adequately addressed.
C.I.18.11.3 Results The design implementation methodology cannot be completed until the plant construction is complete. Therefore, at the time the COL application is submitted, the results section of the FSAR should describe the final documentation that will be developed to show successful completion of this activity.
DG-1145, Page C.I.18-19 C.I.18.12 Human Performance Monitoring C.I.18.12.1 Objectives and Scope of Human Performance Monitoring The FSAR should describe the objectives and scope of the applicants human performance monitoring program.
The program description should address how the program provides reasonable assurance that the following criteria are met:
The design can be effectively used by personnel, including within the control room and between the control room and local control stations and support centers.
Changes made to the HSIs, procedures, and training do not have adverse effects on personnel performance (e.g., changes do not interfere with previously trained skills).
Human actions can be accomplished within established time and performance criteria.
The acceptable level of performance established during the integrated system validation is maintained.
C.I.18.12.2 Methodology The applicant should describe (1) a human performance monitoring strategy, (2) how it trends human performance relative to changes implemented in the plant after startup, and (3) how it demonstrates that performance is consistent with that assumed in the various analyses conducted to justify the changes.
Applicants may integrate, or coordinate, their performance monitoring for risk-important changes with existing programs for monitoring personnel performance, such as the licensed operator training program and the corrective action program.
The FSAR should describe how the program will ensure that the following criteria are met:
Human actions are monitored commensurate with their safety importance.
Feedback of information and corrective actions are accomplished in a timely manner.
Degradation in performance can be detected and corrected before plant safety is compromised (e.g.,
by use of the plant simulator during periodic training exercises).
Available information that most closely approximates performance data in actual conditions is used, when plant or personnel performance under actual design conditions is not readily measurable.
The FSAR should also describe how the program provides for specific cause determination, trending of performance degradation and failures, and determination of appropriate corrective actions.
C.I.18.12.3 Results Human performance monitoring is an operational program that begins after plant operation commences. Therefore, the results section of the FSAR should describe the documentation to be maintained after the program is implemented.