ML18178A212

From kanterella
Jump to navigation Jump to search
Enclosure 11 - APR1400-E-I-NR-14007-NP, Rev. 3, Human-System Interface Design Implementation Plan
ML18178A212
Person / Time
Site: 05200046
Issue date: 05/31/2018
From:
Korea Hydro & Nuclear Power Co, Ltd, Korea Electric Power Corp
To:
NRC/NRO/DNRL
Shared Package
ML18178A202 List:
References
MKD/NW-18-0091L APR1400-E-I-NR-14007-NP, Rev 3
Download: ML18178A212 (86)


Text

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Human-System Interface Design Implementation Plan Revision 3 Non-Proprietary May 2018 Copyright 2018 Korea Electric Power Corporation &

Korea Hydro & Nuclear Power Co., Ltd All Rights Reserved KEPCO & KHNP

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 REVISION HISTORY Revision Date Page Description December 0 All First Issue 2014 x Description for HSI Inventory added.

(Abstract) R_383-8458(110)

Predecessor design is changed to reference plant.

R_383-8458(112)

RCC added to HSI facility.

R_502-8647(17) xv RCC added.

(Acronyms R_502-8647(17) and Abbreviations) 1 RCC added to HSI facility.

(1) R_502-8647(17) 1 Basic HSI Style Guide is changed to Style Guide.

(1) R_374-8481(97) 1 Description for HSI Inventory added.

(1) R_383-8458(110) 1 Unnecessary terms are deleted.

1 March 2017 (1) R_374-8481(97) 2 Description is revised as indicated in the Attachment.

(1) R_374-8481(102) 2 Basic HSI Style Guide is changed to Style Guide.

(1) R_374-8481(97) 3 RCC added to HSI facility.

(2) R_502-8647(17) 3 Description for HSI Design added.

(2.1) R_374-8481(97) 4 RCC added to HSI facility.

(2.2) R_502-8647(17) 4 Basic HSI Style Guide is changed to Style Guide.

(2.2) R_374-8481(97) 5 RCC added to HSI facility.

(2.3) R_502-8647(17)

KEPCO & KHNP ii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description 6 Figure is revised to add an arrow and numbering.

(Figure 3.1) R_374-8481(102) 7 HSI/I&C is changed to I&C engineering (3.1) R_250-8282(27) 7 Basic HSI Style Guide is changed to Style Guide.

(3.1) R_374-8481(97) 7 Predecessor plant is changed to reference plant.

(3.1) R_383-8458(112) 7 Description for HSI Toolset revised.

(3.1) R_400-8425(114) 7 HSI/I&C is changed to I&C engineering.

(3.2) R_250-8282(27) 7 Basic HSI Style Guide is changed to Style Guide.

(3.2) R_374-8481(97) 7 Description for HSI Toolset revised.

(3.2) R_400-8425(114) 8, 9 Description for HSI Inventory added.

(3.2) R_383-8458(110) 8 HSI/I&C is changed to I&C engineering.

(3.2.1) R_250-8282(27) 8 Description for Intersystem Leakage Monitoring added.

(3.2.2) R_400-8425(122) 8 HSI/I&C is changed to I&C engineering.

(3.2.3) R_250-8282(27) 8 Clauses for making clear are added.

(3.2.3) R_383-8458(110) 9 Clauses for making clear are added.

(3.2.5) R_383-8458(110) 9 HSI/I&C is changed to I&C engineering.

(3.2.6) R_250-8282(27) 9 Description for Performance-based Tests revised.

(3.2.7) R_383-8458(112) 9 Description for DIHA added.

(3.2.7) R_358-8449(89)

KEPCO & KHNP iii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description 9 Description for SME margin added.

(3.2.7) R_373-8480(92) 10 Description for SME margin added.

(3.2.7) R_373-8480(92) 10 HSI/I&C is changed to I&C engineering.

(3.2.8) R_250-8282(27) 10 RCC added to HSI facility.

(3.3) R_502-8647(17) 11 RCC added to HSI facility.

(3.3.1) R_502-8647(17) 11 HSI/I&C is changed to I&C engineering.

(3.3.1) R_250-8282(27) 12 Description for HSI Inventory added.

(3.5.3) R_383-8458(110) 12 RCC added to HSI facility.

(3.5.5) R_502-8647(17) 13 Description for HSI Inventory added.

(3.6.2) R_383-8458(106) 14 Description for Intersystem Leakage Monitoring added.

(3.6.2) R_400-8425(122) 14 Description for HD Input revised.

(3.7) R_383-8458(112) 14 Description for HSI Toolset revised.

(3.7) R_400-8425(114) 14 Description for HSI Design Modification added.

(3.8) R_374-8481(101) 15 RCC added to HSI facility.

(4.1) R_502-8647(17) 16 Section No. is corrected.

(4.1) R_374-8481(102) 16 Description for IFPD deleted.

(4.1.1) R_383-8458(107) 16 Description for Safety Console Equipment revised.

(4.1) R_383-8458(107) 17 Description for CSF of LDP added.

KEPCO & KHNP iv

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description (4.1.1.1) R_400-8425(125) 17 RCC added to HSI facility.

(4.1.1.1) R_502-8647(17) 18, 20 Description for HSI Design added.

(4.1) R_374-8481(97) 18 Basic HSI Style Guide is changed to Style Guide.

(4.1.1.2) R_374-8481(97) 18 RCC added to HSI facility.

(4.1.1.2) R_502-8647(17) 18 Predecessor plant is changed to reference plant.

(4.1.1.2) R_383-8458(112) 18 RCC added to HSI facility.

(4.1.1.3) R_502-8647(17) 20 Basic HSI Style Guide is changed to Style Guide.

(4.1.1.5) R_374-8481(97) 22 Unnecessary description deleted.

(4.1.3.1) R_383-8458(107) 24 Further description added.

(4.1.4.1) R_373-8480(91) 25 Description for Core Cooling Variable revised.

(4.1.4.6) R_400-8425(121) 26 Description for PAMI added.

(4.1.4.7) R_400-8425(119) 26 Description related with Code Requirement revised.

(4.1.4.8, R_400-8425(120) 4.1.4.9) 26 Description for Radiation Monitoring Variable revised.

(4.1.4.11) R_400-8425(124) 26 Description for Radiation Monitoring Variable revised.

(4.1.4.11) R_400-8425(123) 27 Examples and references are added.

(4.1.4.18) R_373-8480(95) 27 Description for voice communications.

(4.1.4.18) R_373-8480(93) 28 EOF exception of APR1400 HFE program added.

KEPCO & KHNP v

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description (4.1.4.19) R_373-8480(91) 28 Terms predecessor design revised to reference plants.

(4.1.5) R_383-8458(112) 30 Description for Implementation Plan revised.

(4.1.6) R_374-8481(97) 30 RCC added to HSI facility.

(4.1.6.1) R_502-8647(17) 31 The term functional revised to based on the HFE (4.1.6.1) program results.

R_374-8480(97) 31 HSI/I&C is changed to I&C engineering.

(4.1.6.2) R_250-8282(27) 31 Description for references added.

(4.1.6.2) R_374-8481(97) 32 Description for references and information added.

(4.1.6.3) R_374-8481(97) 33 The term As an input changed to Overall.

(4.1.6.4) R_374-8481(97) 33 Description for Basic HSI Test/Evaluation added.

(4.1.7) R_518-8654(130) 34 Description for references and information added.

(4.1.7) R_358-8449(89) 34 Description for HSI Test and Evaluation added.

(4.1.7) R_374-8481(99) 36 HSI/I&C is changed to I&C.

(4.2) R_250-8282(27) 34, 35, 36, 37, Descriptions for APR1400 HSIS revised.

38, 40, 41, 42, R_383-8458(112) 44, 46 (4.2) 36 Description for Radiation Monitoring Variable revised.

(4.2.1) R_400-8425(124) 36 Description for HSI Inventory added.

(4.2.1) R_383-8458(106) 36 Description for CSF of LDP added.

(4.2.1) R_400-8425(125)

KEPCO & KHNP vi

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description 36 Description for Critical Safety Function added.

(4.2.1) R_518-8654(131) 37 Description for Radiation Monitoring Variable revised.

(4.2.2) R_400-8425(124) 37 Description for instrumentation added.

(4.2.2) R_400-8425(122) 37 Description for inputs from APR 1400 plant design (4.2.2) added.

R_383-8458(106) 37, 38 Terms predecessor design revised to reference plants.

(4.2.2) R_383-8458(112) 38 HSI/I&C is changed to I&C.

(4.2.2) R_250-8282(27) 39 Description for inputs from APR 1400 plant design (4.2.3) added.

R_383-8458(106) 39 Terms predecessor design revised to reference plants.

(4.2.3) R_383-8458(112) 39 HSI/I&C is changed to I&C.

(4.2.3) R_250-8282(27) 39 Terms predecessor design revised to reference plants.

(4.2.3) R_383-8458(112) 39 HSI/I&C is changed to I&C.

(4.2.3) R_250-8282(27) 41 Description for visual devices added.

(4.2.5) R_383-8458(106) 41 Description for Intersystem Leakage Monitoring added.

(4.2.5) R_383-8458(112) 41 Description for inputs from previous APR1400 HFE (4.2.5) PEs added.

R_383-8458(110) 42 Description for performance based tests added.

(4.2.5) R_383-8458(112) 42 HSI/I&C is changed to I&C.

(4.2.5) R_250-8282(27) 42 Terms predecessor design revised to reference plants.

KEPCO & KHNP vii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description (4.2.6) R_383-8458(112) 42 Description for performance based tests.

(4.2.6) R_383-8458(112) 43 Terms predecessor design revised to reference plants.

(4.2.6) R_383-8458(112) 44 Description for performance based tests added.

(4.2.7) R_383-8458(112) 44 HSI/I&C is changed to I&C.

(4.2.7) R_250-8282(27) 45 RCC added to HSI facility.

(4.2.8) R_502-8647(17) 45 Terms predecessor design revised to reference plants.

(4.2.8) R_383-8458(112) 46 Description for Traffic and visibility evaluations added.

(4.2.8) R_373-8480(94) 46 Description for Protective Clothing in the LCS added.

(4.2.9) R_374-8481(100) 46 Terms predecessor design revised to reference plants.

(4.2.9) R_383-8458(112) 46 HSI/I&C is changed to I&C.

(4.2.9) R_250-8282(27) 48 HSI/I&C is changed to I&C.

(5) R_250-8282(27) 49 Description for Result Summary Report revised.

(6) R_374-8481(102) 49 Description for HD ReSR added.

(6) R_358-8449(89) 52 RCC added to HSI facility.

(8) R_502-8647(17)

A3 Basic HSI Style Guide is changed to Style Guide.

(Appendix A) R_374-8481(97)

A5 Description for HSI Design Modification added.

(Appendix A) R_374-8481(101)

A10-A13 Clarify the responsibility of the COL applicant and the (Appendix A) scope of the HD IP with regard to the EOF KEPCO & KHNP viii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Revision Date Page Description x, xv, 2, 3, 9, Editorial corrections. (typos, acronyms, references) 10, 12, 14, 15, 25, 34, 50 (Overall) 3, 14, 31 Terminology changed. (APR1400 Basic HSI Style (2.1, 3.7, Guide APR1400 Style Guide) 4.1.6.2) 11E47-CR-17-J-220 4, 13 Supplemental description for developing CBP for ISV (2.2, 3.5.6) scenarios added.

R_553-9084(135) 13 Scope of HD input changed from specific to inclusive.

(3.6.2) 11E47-CR-17-J-220 14 Description for reference plant tools that are reflected (3.7) to APR1400 HSI design added.

11E47-CR-17-J-220 2 January 2018 14 Description for HSI design changes added.

(3.8) 11E47-CR-17-J-220 33 Description for Basic HSI test using HF V&V procedure (4.1.7) deleted.

11E47-CR-17-J-220 34 Description for additional scenarios for Basic HSI test (4.1.7) added.

11E47-CR-17-J-220 50, 51 Reference changed. (IEEE Std. 603-2009 IEEE Std.

(7) 603-1991)

Reference added. (HF V&V IP) 11E47-CR-17-J-220 9, 10 Editorial corrections.

3 May 2018 (3.2.7) 11E47-CR-18-J-030 KEPCO & KHNP ix

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 This document was prepared for the design certification application to the U.S. Nuclear Regulatory Commission and contains technological information that constitutes intellectual property of Korea Hydro & Nuclear Power Co., Ltd.

Copying, using, or distributing the information in this document in whole or in part is permitted only to the U.S.

Nuclear Regulatory Commission and its contractors for the purpose of reviewing design certification application materials. Other uses are strictly prohibited without the written permission of Korea Electric Power Corporation and Korea Hydro & Nuclear Power Co., Ltd.

KEPCO & KHNP x

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 ABSTRACT This document provides the implementation plan (IP) for the human factors engineering (HFE) human-system interface design (HD) program element (PE), one of 12 PEs in the Advanced Power Reactor 1400 (APR1400) HFE Program. This IP governs the technical activities conducted in the HD PE by defining the scope, methodology, output products, and the qualifications of the personnel who conduct the PE.

The main purpose of the HD PE is to create functional designs for the following:

1. The detailed design for the APR1400 Basic Human-System Interface (HSI), which establishes the generic indication, alarm, control, and procedural methods applied to all systems and functions controlled from the main control room (MCR), remote shutdown room (RSR), and remote control center(RCC). The same HSI methods apply to the safety parameter display system (SPDS) indications in the MCR and the technical support center (TSC). The APR1400 Basic HSI also defines indication, alarm, and control methods for local control stations (LCSs) used for important human actions (IHAs). The detailed design for the APR1400 Basic HSI is an extension of the conceptual design described in APR1400 Basic Human-System Interface Technical Report (TeR)

(Reference 2); the conceptual design of the APR1400 Basic HSI is based on the Basic HSI of the reference plants (Shin Kori Nuclear Power Plant Units 3 and 4 [SKN 3&4]).

2. The APR1400 HSI System (HSIS), which establishes soft and conventional indications, alarms, controls and operating procedures that encompass the HSI inventory in the task analysis (TA)

HFE PE and APR1400 plant system designs, within the generic HSI methods defined in the APR1400 Basic HSI.

3. APR1400 HSI Facilities, which include the ARP1400 MCR, RSR, RCC, and TSC. The facility designs accommodate the APR1400 HSIS as well as storage, communication, meeting, and other habitability features important to support required operations crew performance during all facets of plant operation.

The integration of the APR1400 HSIS and APR1400 HSI Facilities is referred to as the APR1400 HSI Design.

This HD IP controls the HSI design process and scope, including the translation of HSI inventory requirements from the TA PE into the detailed designs of alarms, displays, controls, and other aspects of the HSI. This includes HSI inventory requirements to support degraded instrumentation and control (I&C) systems, automation failures, and degraded HSI conditions. Key HD outputs include soft graphical displays, soft and conventional controls, alarm prioritization and applicability logic, computer-based operating procedures, control consoles and the configuration of control rooms. This IP provides reasonable assurance that these functional designs reflect the systematic application of HFE principles and criteria through the generation of design documents, prototypes, part-task simulators and focused design tests.

HD uses input from the following APR1400 HFE PEs to create its outputs: functional requirements analysis and function allocation (FRA/FA), treatment of important human actions (TIHA), TA, staffing and qualifications (S&Q), and procedure development (PD). The end product of the HD is the functional design of the APR1400 HSI (i.e., the APR1400 HSI Design), which is incorporated into the detailed designs of HSI hardware, software, and physical facilities. The APR1400 HSI design is then formally verified and validated in the human factors verification and validation (V&V) HFE PE through high fidelity simulation.

The HD for the APR1400 Basic HSI may be conducted at any time because it does not depend on the output of other APR1400 HFE PEs, which are incorporated primarily to generate the APR1400 HSI inventory. The HD for the APR1400 HSIS is conducted after the Basic HSI is documented (as defined herein) after the APR1400 HSI inventory is identified through the HFE PEs identified above and after the instrumentation and control (I&C) design requirements are established by the mechanical and I&C system KEPCO & KHNP xi

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 designers for each APR1400 plant system. The piping and instrumentation diagrams (P&ID) are the starting point for creating HSI indication and control designs during the HD PE. The APR1400 conventional paper-based plant operations procedures, developed during PD are the starting point for the APR1400 computer-based procedures, which are a key component of the APR1400 HSIS.

The HD is a one-time, nonrecurring HFE PE whose closure is marked by issuance of the HD results summary report (ReSR). Plant design changes are made in accordance with engineering change procedures, which include an evaluation of the APR1400 HSI design. During the APR1400 design process, the APR1400 HSI design is revised as needed in accordance with the engineering change process. APR1400 HSI design changes occurring prior to completion of the HD are reflected in the HD ReSR; APR1400 HSI design revisions occurring after completion of the HD are available for regulatory inspection. After completion of the V&V, site-specific changes, including any required changes to the APR1400 HSI Design, are managed within the design Implementation PE, which is a recurring PE for each plant.

Section 1 of this document defines the HD purpose, Section 2 establishes the scope, Section 3 provides a methodology overview, Section 4 provides the details of the methodology, including the content of each HD output product, Section 5 establishes the qualification requirements for the HD implementation team, and Section 6 defines the required content of the HD ReSR, which demonstrates that the HD PE was conducted in accordance with this IP. Appendix A demonstrates conformance of this IP to the review criteria in NUREG-0711 for the HD.

KEPCO & KHNP xii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TABLE OF CONTENTS 1 PURPOSE ............................................................................................................ 1 2 SCOPE ................................................................................................................. 3 2.1 APR1400 Basic HSI........................................................................................................................ 3 2.2 APR1400 HSIS ............................................................................................................................... 4 2.3 APR1400 HSI Facilities .................................................................................................................. 5 3 METHODOLOGY OVERVIEW ............................................................................... 6 3.1 APR1400 Basic HSI........................................................................................................................ 6 3.2 APR1400 HSIS ............................................................................................................................... 7 3.2.1 Critical Safety Function Displays .................................................................................................... 8 3.2.2 System Displays ............................................................................................................................. 8 3.2.3 Task Displays .................................................................................................................................. 8 3.2.4 Application Displays........................................................................................................................ 8 3.2.5 Alarms ............................................................................................................................................. 9 3.2.6 Computer-Based Procedures ......................................................................................................... 9 3.2.7 Performance-Based Tests .............................................................................................................. 9 3.2.8 Safety Console ............................................................................................................................. 10 3.2.9 Local Control Stations................................................................................................................... 10 3.3 APR1400 Facilities ....................................................................................................................... 11 3.3.1 Central Facilities ........................................................................................................................... 11 3.3.2 Local Control Station Facilities ..................................................................................................... 11 3.4 Independent Review ..................................................................................................................... 11 3.5 HD Interfaces with Other HFE Program Elements ....................................................................... 11 3.5.1 Operating Experience Review ...................................................................................................... 11 3.5.2 Functional Requirements Analysis and Function Allocation ......................................................... 12 3.5.3 Task Analysis ................................................................................................................................ 12 3.5.4 Treatment of Important Human Actions ........................................................................................ 12 3.5.5 Staffing and Qualifications ............................................................................................................ 12 3.5.6 Procedure Development ............................................................................................................... 13 3.5.7 Training Program Development .................................................................................................... 13 3.5.8 Human Factors Verification and Validation ................................................................................... 13 3.5.9 Design Implementation ................................................................................................................. 13 3.6 HD Interfaces with the APR1400 Plant Design ............................................................................ 13 3.6.1 Instrumentation and Control System Designs .............................................................................. 13 3.6.2 Plant System Designs................................................................................................................... 13 KEPCO & KHNP xiii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 3.7 HD Input from Predecessor Design and Reference Plants .......................................................... 14 3.8 HSI Design Modifications ............................................................................................................. 14 4 IMPLEMENTATION ............................................................................................ 15 4.1 APR1400 Basic HSI...................................................................................................................... 15 4.1.1 Basic HSI Design .......................................................................................................................... 16 4.1.2 HSI Concept of Use ...................................................................................................................... 21 4.1.3 Basic HSI Concept for Degraded I&C and HSI Conditions .......................................................... 22 4.1.4 Basic HSI Conformance with Regulatory Guidance ..................................................................... 24 4.1.5 Basic HSI Design Inputs ............................................................................................................... 28 4.1.6 Implementation Plan for Basic HSI Detailed Design .................................................................... 30 4.1.7 Basic HSI Tests and Evaluations .................................................................................................. 33 4.2 APR1400 HSIS and Facilities ....................................................................................................... 34 4.2.1 Critical Safety Function Displays .................................................................................................. 35 4.2.2 System Displays ........................................................................................................................... 37 4.2.3 Task Displays ................................................................................................................................ 38 4.2.4 Application Displays...................................................................................................................... 39 4.2.5 Alarms ........................................................................................................................................... 41 4.2.6 Computer-Based Procedures ....................................................................................................... 42 4.2.7 Safety Console ............................................................................................................................. 43 4.2.8 Central Facilities ........................................................................................................................... 45 4.2.9 Local Control Stations and Facilities ............................................................................................ 46 5 IMPLEMENTATION TEAM .................................................................................. 48 6 RESULTS

SUMMARY

REPORT .......................................................................... 49 7 REFERENCES .................................................................................................... 50 8 DEFINITIONS..................................................................................................... 52 APPENDIX A. NUREG-0711, REV. 3, REVIEW CRITERIA CONFORMANCE TABLE ........ A1 KEPCO & KHNP xiv

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 LIST OF TABLES Table 5-1 HD Implementation Summary............................................................................................ 48 LIST OF FIGURES Figure 3-1 HSI Design Overview ........................................................................................................... 6 KEPCO & KHNP xv

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 ACRONYMS AND ABBREVIATIONS 3D three dimensional AMI accident monitoring instrumentation APR1400 Advanced Power Reactor 1400 BISI bypassed and inoperable status indication BTP Branch Technical Position CBP computer-based procedure CCF common-cause failure CFM critical function monitoring CFR Code of Federal Regulations COL combined license CPC core protection calculator CSF critical safety function CPPF critical power production function D3CA diversity and defense-in-depth coping analysis DCD Design Control Document DI design implementation DIHA deterministically important human actions DIS diverse indication system DMA diverse manual actuation DPS diverse protection system EO electrical operator EOF emergency operation facility EOP emergency operating procedure ESCM engineered safety features component control system soft control module ESF engineered safety features ESF-CCS engineered safety features - component control system ESFAS engineered safety features actuation system FPD flat panel display FA function allocation FRA functional requirements analysis GDC General Design Criterion KEPCO & KHNP xvi

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 HD human-system interface design HED human engineering discrepancy HFE human factors engineering HFEPP Human Factors Engineering Program Plan HSI human-system interface HSIS human-system interface system I&C instrumentation and control IEEE Institute of Electrical and Electronics Engineers IFPD information flat panel display ISG interim staff guidance IHA important human action IP implementation plan IPS information processing system ISV integrated system validation KEPCO Korea Electric Power Corporation KHNP Korea Hydro & Nuclear Power Co., Ltd.

LCS local control station LDP large display panel MIC minimum inventory control MCR main control room NRC Nuclear Regulatory Commission NSSS nuclear steam supply system OER operating experience review OPR Optimized Power Reactor P-CCS process- component control system PE program element PD procedure development P&ID piping & instrumentation diagram PPS plant protection system PRA probabilistic risk assessment QIAS-N qualified indication and alarm system-non-safety QIAS-P qualified indication and alarm system-p RCC remote control center KEPCO & KHNP xvii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 ReSR results summary report RG Regulatory Guide RO reactor operator RSR remote shutdown room RT reactor trip S&Q staffing and qualifications SDCV spatially dedicated and continuously visible SKN 3&4 Shin-Kori Nuclear Power Plant Units 3 and 4 SLI system level initiation SME subject matter expert SPDS safety parameter display system SPM success path monitoring SS shift supervisor STA shift technical advisor TA task analysis TAA transient and accident analysis TeR technical report TIHA treatment of important human actions TO turbine operator TS trade secret TSC technical support center V&V verification and validation VDU visual display unit KEPCO & KHNP xviii

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 1 PURPOSE This document provides the implementation plan (IP) for the human factors engineering (HFE) human-system interface design (HD) program element (PE), which is one of 12 PEs in the APR1400 HFE Program. This IP governs the technical activities conducted in the HD PE by defining the scope, methodology, output products, and the qualifications of the personnel who conduct the PE.

The HD PE creates the functional designs of the APR1400 Human-System Interface (HSI Design), which includes:

1. The detailed design of the APR1400 Basic HSI, which establishes the generic indication, alarm, control, and procedural methods applied to all systems and functions controlled from the main control room (MCR), remote shutdown room (RSR), and remote control center(RCC). The same HSI methods apply to the safety parameter display system (SPDS) indications provided in the technical support center (TSC). The APR1400 Basic HSI also defines indication, alarm, and control methods for local control station (LCSs) used for important human action (IHAs). The HD uses the APR1400 Basic HSI to provide reasonable assurance that the HSI design is consistently applied throughout the APR1400 plant systems and at the HSI locations credited for controlling the critical safety functions (CSFs) and critical power production functions (CPPFs) defined by the functional requirements analysis / function allocation (FRA/FA), during normal and degraded HSI conditions.

The conceptual design of the APR1400 Basic HSI is described in APR1400 Basic Human-System Interface (Reference 2) and APR1400 Style Guide (Reference 4). The Basic HSI concept includes the HSI accommodations for the plants operations staff, such as the ergonomic designs of operator consoles, the safety console, and their architectural configurations to provide reasonable assurance of visibility and audibility for crew coordination.

The Basic HSI concept also defines the criteria and methods for spatially dedicated and continuously visible (SDCV) HSI, the methods for Class 1E and diverse HSI, and the strategies for managing degraded HSI. This IP governs the evolution of the APR1400 Basic HSI concept into APR1400 Basic HSI detailed design through the documentation of detailed functional designs, prototype development, and design tests using U.S. licensed reactor operators.

2. The APR1400 HSIS, which refers to the soft and conventional indications, alarms, controls and operating procedures that encompass the HSI inventory defined by the TA and plant system designs, within the HSI methods defined in the APR1400 Basic HSI. The APR1400 HSIS encompasses all plant operating modes, including shutdown and refueling, for both normal and abnormal conditions. Abnormal conditions include degraded I&C systems, automation failures, and degraded HSI conditions.

While the TA and plant system designs define the HSI inventory using text descriptions and characterizations, the HD reflects the inventory in graphical displays, soft controls, and conventional controls that integrate multiple, related inventory components. The HD integration is based on the inventory component relationships within plant systems, operator tasks, and plant functions using the generic techniques defined in the APR1400 Style Guide. The HD also expands the alarm inventory from the TA and plant system designs, to establish prioritization of and applicability to plant and system operating modes. The HD results in a hierarchical structure of alarms, displays, controls, and procedures that promote a mental model of the plant and plant-wide situation awareness, from the highest level functions to the success path actions needed to maintain these functions.

The HD process for the APR1400 HSIS starts with the APR1400 Basic HSI and the HSI inventory defined in Chapter 7 of the APR1400 Design Control Document (DCD) (Reference 11) to fulfill KEPCO & KHNP 1

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 regulatory guidance, such as indications, alarms, and controls for credited manual actions, controls for manual initiation of automated protective functions, indications on the SPDS, and indications and controls for common cause failure (CCF) conditions. HD creates graphic displays, soft controls and conventional controls to fulfill that DCD inventory and to fulfill the expanded HSI inventory defined by the TA and plant system designs.

3. The APR1400 HSI facilities, which are the MCR, RSR, RCC, and TSC, which accommodate the APR1400 HSIS as well as storage, communication, meeting, and other habitability features important to facilitating required operations crew performance during all facets of plant operation.

The HD establishes the architectural configuration of operations crew offices, kitchen, and restroom facilities; meeting areas; and facility lighting requirements. It provides reasonable assurance that the HSI facilities accommodate face-to-face interaction between the operations crew and other plant staff without interfering plant operations. The HD also establishes the functional design of voice communications and paging throughout the plant and in designated offsite facilities for emergency plan coordination during abnormal events. The HD generates the three-dimensional plant model for the MCR and the functional aspects of the MCR simulator specification for the integrated system validation (ISV), which is conducted during verification and validation (V&V).

The integration of the APR1400 HSIS and APR1400 HSI Facilities is referred to as the APR1400 HSI Design. This HD IP defines the activities that are necessary to develop the APR1400 HSI Design. The activities include the incorporation of HFE design standards and guidance applicable to the APR1400 HSIS, as defined in the APR1400 Style Guide and NUREG-0700 (Reference 5), into the APR1400 HSI Facilities. This IP provides a systematic approach to integrating the HFE design standards, guidance, and results of other HFE PEs into a comprehensive HSI design process. The integration provides reasonable assurance that the resulting HSI resources and facilities effectively support performance of operational functions and tasks.

The end product of the HD PE is the functional design of the APR1400 HSI (i.e., the APR1400 HSI Design), which is implemented into the detailed designs of HSI hardware, software, and physical facilities by APR1400 engineers in multiple disciplines. The APR1400 HSI Design is formally verified and validated during the V&V through high-fidelity simulation.

A key purpose of the HD is to provide reasonable assurance that the end product (i.e., APR1400 HSI Design) reflects the resolutions of all human engineering discrepancies (HEDs) generated in previous HFE PEs and the resolutions of any HEDs that may have been generated during the HD. While the APR1400 HSI Design must reflect all HED resolutions, closure of all HEDs is not required for completion of the HD because some HEDs may require resolution to be successfully demonstrated during the ISV of the V&V.

As demonstrated in Appendix A, this IP conforms to the review criteria in Section 8 of NUREG-0711, Human Factors Engineering Program Review Model, Rev. 3 (Reference 10).

This document defines the qualifications of the subject matter experts (SMEs) required to conduct HD and the independent review of its output products. This document also defines the required content of the HD ReSR, which demonstrates that the HD was conducted in accordance with this IP.

KEPCO & KHNP 2

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 2 SCOPE The scope of the HD includes the facility design of the MCR, RSR, RCC, and TSC. The scope also includes the HSIS design of the MCR and a subset of the HSIS, which is applied to the RSR, RCC, and TSC. For the emergency operation facility (EOF), the scope of the HD is limited to the HSI inventory for the SPDS. For the LCSs, the scope of the HD is limited to the HSI used for IHAs.

The HD scope is divided into the following areas:

o APR1400 Basic HSI o APR1400 HSI System o APR1400 HSI Facilities The scope of each area is defined in Subsections 2.1, 2.2, and 2.3.

2.1 APR1400 Basic HSI The APR1400 Basic HSI encompasses the physical design of the MCR, which includes operator consoles, the safety console, the large display panel (LDP), and furnishings such as book cases and work tables. The APR1400 Basic HSI defines the generic methods for controls, alarms, information displays, and procedure displays. These generic HSI methods are applied to Basic HSI functions, such as CBPs, critical function monitoring (CFM), success path monitoring (SPM), accident monitoring instrumentation (AMI), and bypassed and inoperable status indication (BISI). All Basic HSI functions are seamlessly integrated through Basic HSI features such as the information display hierarchy, single point alarm acknowledgment, intuitive diagnostic drill down and inter-function navigational hyperlinks. These physical and functional resources constitute the APR1400 Basic HSI, within which the HSI inventory for the APR1400 plant system designs is implemented.

Based on the results from the HFE program plan (HFEPP) (Reference 1, Figure 4-3 and Section 4.7.3.6),

the HD expands the APR1400 Basic HSI concept, which is described in the APR1400 Basic HSI Description technical report (TeR) in conjunction with the APR1400 Style Guide. The scope of the APR1400 Basic HSI includes:

1. The design basis (i.e., the HSI inventory selection criteria) for SDCV indications and alarms to be displayed on the non-safety LDP and safety related displays. SDCV alarms and indications promote plant level situation awareness.
2. The design basis for SDCV controls and their location within the HSI facilities.
3. The methods (e.g., dynamic video symbols, conventional HSI components) for all displays, alarms and controls, including distinctions required to accommodate Class 1E HSI, diverse HSI, and LCS HSI, and for providing operator feedback to control actions.
4. Criteria for alarm applicability and prioritization and the display and control methods for alarm states and priorities.
5. Design criteria for graphic displays including density, graphic symbol and character size, line thickness, and information orientation.
6. The video display hierarchy, including the function, task, and system design content of each hierarchical level.
7. The navigation methods between and within hierarchical display levels and between alarms, displays, controls, and CBPs and methods for providing operator feedback to screen selection actions.
8. CBP methods, including navigation within and among procedures, place keeping, annotations and bookmarks, multiple procedure usage, independent step verification, archiving, automated data checking, and provisions for continuous action steps.
9. Configuration of operator consoles and the safety console and their arrangement within the HSI facilities.

KEPCO & KHNP 3

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3

10. Methods for control transfer between HSI facilities.
11. Nomenclature and labeling standards for all elements of both soft and conventional HSI, including abbreviations and syntax for labels and alarm messages.

The APR1400 Basic HSI also establishes standard functional specifications for the indications and controls associated with plant instrumentation and components, referred to as the basic component control and instrumentation design guide. The guide provides reasonable assurance of HSI consistency across all APR1400 plant systems.

2.2 APR1400 HSIS The HD implements the HSI inventory defined by the TA and plant system designs in the Basic HSI methods described above, which encompass both video and conventional devices. For plant systems that are site specific, such as the switchyard and ultimate heat sink, the HD is based on generic assumptions that are made to establish a complete plant design that is reflected in the complete APR1400 HSIS.

These generic assumptions are modified as necessary for each plant-specific application of the APR1400 during the design implementation (DI) HFE PE.

The scope of the APR1400 HSIS encompasses soft displays and controls, and conventional displays and controls for all aspects of the APR1400 Basic HSI, as follows:

1. Large display panel (LDP); SDCV sections
2. Information flat panel displays (IFPDs); selectable displays with soft controls, including SPDS (displays are also applicable to the selectable sections of the LDP)
3. Engineered safety features control modules (ESCMs); selectable soft controls
4. Qualified indication and alarm system -- non-safety (QIAS-N); SDCV and selectable displays
5. Qualified indication and alarm system - post accident monitoring (QIAS-P); SDCV and selectable displays
6. Plant protection system (PPS) and core protection calculator (CPC) operator modules; selectable displays with soft controls
7. Reactor trip (RT) and engineered safety features (ESF) system-level initiation (SLI) controls; conventional SDCV controls
8. Minimum inventory controls (MICs); conventional SDCV controls
9. Diverse manual actuation (DMA) controls; conventional SDCV controls
10. Diverse indication system (DIS); selectable displays
11. Safety console configuration (encompassing all items above, except LDP and IFPD)
12. Alarms that are displayed on the LDP, IFPDs, and QIAS-N displays
13. LCS; conventional indications and controls For all items in the above list, the HD generates pictorial design drawings with a database that correlates each pictorial element to a unique instrumentation or control item in the plant system designs. The pictorial designs integrate the HSI inventory defined by the TA and plant system designs in the information hierarchy of the APR1400 Basic HSI, using the conventions established by the APR1400 Style Guide.

As for all computer driven displays, the HD graphical design output for the SPDS is implemented in software for the MCR, RSR, RCC, and TSC. However, for the EOF the HD output for the SPDS is provided only to define the HSI inventory requirements and to provide guidance for graphical implementation of the SPDS within the EOF. The EOF HSI system is provided by the combined license (COL) applicant. Therefore, the COL applicant provides the actual graphical design and software for the SPDS in the EOF, in accordance with the EOF HSI system style guide to provide reasonable assurance of conformance with the HFE criteria for the EOF.

The HD PE also includes the CBPs that are used for the scenarios conducted during the ISV. The inventory of CBP for the ISV scenarios includes additional procedures that are related to the ISV scenarios, but not actually needed to execute the ISV scenarios, to ensure the operator decisions are not KEPCO & KHNP 4

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 influenced by the CBP inventory. Other procedures are not within the scope of the HD PE because they have their own development and verification program through the procedure development (PD) PE.

Placeholders for the additional procedures are included in the APR1400 HSIS to provide reasonable assurance of completeness of the information inventory and to avoid operator bias during the ISV.

2.3 APR1400 HSI Facilities The APR1400 HSI Facilities included in this HD PE are the MCR, RSR, RCC, TSC, and LCSs. The EOF facility is in the scope of the COL applicant; therefore, the EOF is outside the scope of the APR1400 HD PE (except for the HSI inventory requirements and implementation guidance for the SPDS, as described above).

For the MCR, RSR, RCC, and TSC, the HD generates functional designs or design requirements that address the follow facility characteristics:

1. Arrangement of operator consoles, safety console, and LDP
2. Arrangement of meeting tables and chairs, desk areas and laydown areas for plant drawings, documents, and procedures
3. Location and functional configuration of communications devices for paging, plant announcements, and telecommunications
4. Location of personal computers, printers, and other components of the plants information technology system
5. Storage facilities for documents, drawings, operating procedures and equipment for the plants emergency plan
6. Location of entries and exits, kitchen, and restroom facilities
7. Location of offices for plant personnel and meeting rooms with an emphasis on their visibility and accessibility into the control areas
8. Ambient noise requirements, and facility features to minimize noise and provide reasonable assurance that normal voice communications are audible in required locations
9. Lighting requirements, and facility features to provide reasonable assurance that lighting minimizes glare on visual display units and conventional control devices and that facility features provide reasonable assurance that lighting is adequate in areas where documents and drawings must be read.
10. Requirements for environmental conditions that promote comfortable working conditions.

For LCSs, the HD provides reasonable assurance of timely area accessibility, adequate task lighting and a non-hazardous environment that does not require onerous personnel hazard protection.

KEPCO & KHNP 5

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 3 METHODOLOGY OVERVIEW The HD generates the designs for:

o APR1400 Basic HSI o APR1400 HSIS o APR1400 Facilities The HD process for each is depicted in Figure 3-1, and overviews are provided in Subsections 3.1 through 3.6.

TS Figure 3-1 HSI Design Overview 3.1 APR1400 Basic HSI TS KEPCO & KHNP 6

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.2 APR1400 HSIS TS KEPCO & KHNP 7

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.2.1 Critical Safety Function Displays TS 3.2.2 System Displays TS 3.2.3 Task Displays TS 3.2.4 Application Displays TS KEPCO & KHNP 8

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.2.5 Alarms TS 3.2.6 Computer-Based Procedures TS 3.2.7 Performance-Based Tests TS KEPCO & KHNP 9

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.2.8 Safety Console TS 3.2.9 Local Control Stations TS KEPCO & KHNP 10

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 3.3 APR1400 Facilities TS 3.3.1 Central Facilities TS 3.3.2 Local Control Station Facilities TS 3.4 Independent Review TS 3.5 HD Interfaces with Other HFE Program Elements The HD interfaces with other HFE PEs as described in Subsections 3.5.1 through 3.5.9.

3.5.1 Operating Experience Review TS KEPCO & KHNP 11

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.5.2 Functional Requirements Analysis and Function Allocation TS 3.5.3 Task Analysis TS 3.5.4 Treatment of Important Human Actions TS 3.5.5 Staffing and Qualifications TS KEPCO & KHNP 12

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 3.5.6 Procedure Development TS 3.5.7 Training Program Development TS 3.5.8 Human Factors Verification and Validation TS 3.5.9 Design Implementation TS 3.6 HD Interfaces with the APR1400 Plant Design The HD interfaces with the APR1400 plant design in the following key areas:

o I&C system designs o Plant system designs The interfaces are described in Subsections 3.6.1 and 3.6.2.

3.6.1 Instrumentation and Control System Designs TS 3.6.2 Plant System Designs TS KEPCO & KHNP 13

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 3.7 HD Input from Predecessor Design and Reference Plants TS 3.8 HSI Design Modifications TS KEPCO & KHNP 14

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 4 IMPLEMENTATION This section describes the HD implementation plan for:

o APR1400 Basic HSI (Subsection 4.1) o APR1400 HSIS and APR1400 Facilities (Subsection 4.2) 4.1 APR1400 Basic HSI TS KEPCO & KHNP 15

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1 Basic HSI Design TS KEPCO & KHNP 16

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1.1 LDP TS KEPCO & KHNP 17

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1.2 Soft Control TS 4.1.1.3 Information Display Hierarchy TS KEPCO & KHNP 18

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1.4 Computer-Based Procedures TS 4.1.1.5 Alarms TS KEPCO & KHNP 19

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1.6 Communications KEPCO & KHNP 20

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.1.7 Equipment Tag-out TS 4.1.2 HSI Concept of Use TS KEPCO & KHNP 21

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.3 Basic HSI Concept for Degraded I&C and HSI Conditions The APR1400 Basic HSI accommodates the following degraded HSI conditions:

o Failure of individual HSI components o Loss of all non-safety HSI o CCF of all digital safety systems o MCR evacuation The design basis and design features of the APR1400 Basic HSI to cope with each condition are described in Subsections 4.1.3.1 through 4.1.3.5.

4.1.3.1 Failure of Individual HSI Components TS KEPCO & KHNP 22

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 4.1.3.2 Loss of All Non-safety HSI TS 4.1.3.3 CCF of All Digital Safety Systems TS 4.1.3.4 MCR Evacuation TS KEPCO & KHNP 23

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.3.5 Failure of I&C Components TS 4.1.4 Basic HSI Conformance with Regulatory Guidance The regulatory guidance that influences the APR1400 Basic HSI and ultimately the HSI inventory included in the APR1400 HSIS is described in Subsections 4.1.4.1 through 4.1.4.18.

4.1.4.1 Safety Parameter Display System TS 4.1.4.2 Bypassed and Inoperable Status Indication TS KEPCO & KHNP 24

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.4.3 Relief and Safety Valve Position Monitoring TS 4.1.4.4 Manual Feedwater Control TS 4.1.4.5 Containment Monitoring TS 4.1.4.6 Core Cooling TS 4.1.4.7 Post-Accident Monitoring Instrumentation TS KEPCO & KHNP 25

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.4.8 Auxiliary Heat Removal TS 4.1.4.9 Reactor Level Monitoring TS 4.1.4.10 Leakage Control TS 4.1.4.11 Radiation Monitoring TS 4.1.4.12 Manual Initiation of Protective Actions TS 4.1.4.13 Diversity and Defense-in-Depth TS KEPCO & KHNP 26

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 4.1.4.14 Important Human Actions TS 4.1.4.15 Computer-Based Procedure Systems TS 4.1.4.16 Alarms for Credited Manual Operator Actions TS 4.1.4.17 Safe Shutdown from Outside the MCR TS 4.1.4.18 Technical Support Center TS KEPCO & KHNP 27

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.4.19 Emergency Offsite Facility TS 4.1.5 Basic HSI Design Inputs The APR1400 Basic HSI and the Basic HSI for the reference plants, SKN 3&4, are the same or similar except for the changes described in Subsections 4.1.5.1 and 4.1.5.2. The evolution of SKN 3&4 is also described.

4.1.5.1 Design Evolution KEPCO & KHNP 28

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.5.2 Changes from SKN 3&4 TS KEPCO & KHNP 29

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.6 Implementation Plan for Basic HSI Detailed Design The design concept described in the APR1400 Basic HSI TeR (Reference 2) is expanded and, revised based on the outputs from the HFE program and the final detailed plant design, to create a detailed design, as described in this implementation plan, and shown in Figure 3-1. The generation of the documents described in Subsections 4.1.6.1 through 4.1.6.4 support this revision process and assures design acceptance, consistency, and a verifiable process..

4.1.6.1 Functional Specifications TS KEPCO & KHNP 30

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.6.2 Style Guide TS 4.1.6.3 Nomenclature and Labeling Guide TS KEPCO & KHNP 31

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.6.4 Component Control and Instrumentation Design Guide TS KEPCO & KHNP 32

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.1.7 Basic HSI Tests and Evaluations TS KEPCO & KHNP 33

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.2 APR1400 HSIS and Facilities TS KEPCO & KHNP 34

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.2.1 Critical Safety Function Displays TS KEPCO & KHNP 35

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS KEPCO & KHNP 36

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS TS 4.2.2 System Displays KEPCO & KHNP 37

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS TS 4.2.3 Task Displays KEPCO & KHNP 38

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.2.4 Application Displays TS KEPCO & KHNP 39

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS KEPCO & KHNP 40

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.2.5 Alarms KEPCO & KHNP 41

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS TS 4.2.6 Computer-Based Procedures KEPCO & KHNP 42

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS TS 4.2.7 Safety Console KEPCO & KHNP 43

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS KEPCO & KHNP 44

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS 4.2.8 Central Facilities KEPCO & KHNP 45

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS TS 4.2.9 Local Control Stations and Facilities KEPCO & KHNP 46

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 TS KEPCO & KHNP 47

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 5 IMPLEMENTATION TEAM SMEs are used for various functions throughout the HD process. The SMEs who implement the HD PE activities for each HD output are described in Section 4 and summarized in Table 5-1.

Table 5-1 HD Implementation Summary TS KEPCO & KHNP 48

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 6 RESULTS

SUMMARY

REPORT The results of the HD are documented in the HD results summary report (ReSR), either directly or through reference to HD documentation. The ReSR demonstrates that the APR1400 HSI design process was conducted in accordance with this IP.

The HD ReSR includes the following:

1. HD results overview, which describes the principal findings of the HFE PE, including confirmation that the APR1400 HSIS supports correct execution of IHAs. This confirmation provides preliminary validation of the time margin result from the TA for the credited DIHAs defined in the TAA and D3CA.
2. Overview of all HED resolutions implemented in the APR1400 HSI Design, including identification of any HED resolutions that require demonstration during V&V for HED closure.
3. Each HD team members name, SME position, and the HD outputs generated by the team member or the independent review the team member conducted.
4. HD execution results, which include summaries and references to all details that demonstrate conformance with Section 4 of the IP, using the output format defined in Section 4. The output format includes the following:
a. APR1400 Basic HSI test report
b. Specifications for each HSI element within the APR1400 HSIS
c. APR1400 HSIS database(s) for alarms and graphic displays
d. CBPs for the ISV
e. Performance test reports
f. Safety console specification
g. LCS specifications
h. Specifications for each facility within the APR1400 HSI Design
i. Traffic flow and visibility report for each APR1400 Facility
5. A conclusion that the HD PE:
a. Has been conducted in accordance with this HD IP
b. Has generated an APR1400 HSI Design whose HSIS and Facilities support the functional, task and staffing requirements defined by previous HFE PEs The HD is a one-time, nonrecurring HFE PE whose closure is marked by the HD ReSR. The output of HD reflects the resolution of all HEDs generated by previous APR1400 HFE PEs or HEDs generated due to plant design changes. Any HEDs generated during subsequent V&V are evaluated during V&V or DI for any potential changes needed in the APR1400 HSI Design. These changes are managed through the HED resolution process.

After completion of V&V, site-specific changes, including any required HSI design changes, are managed within the design implementation (DI) PE, which is a recurring PE for each plant. The DI also provides reasonable assurance that all HEDs are closed.

KEPCO & KHNP 49

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 7 REFERENCES

1. APR1400-E-I-NR-14001-P, Human Factors Engineering Program Plan, Rev.3, KHNP, May 2018.
2. APR1400-E-I-NR-14011-P, Basic Human-System Interface, Rev.3, KHNP, May 2018.
3. Regulatory Guide 1.97, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants, Rev.4, U.S. Nuclear Regulatory Commission, June 2006.
4. APR1400-E-I-NR-14012-P, Style Guide, Rev.2, KHNP, January 2018.
5. NUREG-0700, Human-System Interface Design Review Guidelines, Rev. 2, U.S.

Nuclear Regulatory Commission, May 2002.

6. NUREG-0737, Clarification of TMI Action Plan Requirements, Supplement 1, U.S.

Nuclear Regulatory Commission, 1982.

7. NRC RG 1.23, Meteorological Monitoring Programs for Nuclear Power Plants, Rev. 1, U.S. Nuclear Regulatory Commission, March 2007.
8. NUREG-0696, Functional Criteria for Emergency Response Facility, U.S. Nuclear Regulatory Commission, 1981.
9. NUREG-0654, Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants, Appendix 2, U.S. Nuclear Regulatory Commission, 1980.
10. NUREG-0711, Human Factors Engineering Program Review Model, Rev. 3, U.S.

Nuclear Regulatory Commission, November 2012.

11. APR1400-K-X-FS-14002, APR1400 Design Control Document, Tier 2, Rev.2, KHNP, January 2018
12. APR1400-K-X-FS-14001, APR1400 Design Control Document, Tier 1," Rev.2, KHNP, January 2018
13. APR1400-Z-A-NR-14019-P, CCF Coping Analysis, Rev.2, KHNP, January 2018.
14. Regulatory Guide 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems, U.S. Nuclear Regulatory Commission, February 2010.
15. Regulatory Guide 1.52, Design, Inspection, and Testing Criteria for Air Filtration and Adsorption Units of Post-Accident Engineered-Safety-Feature Atmosphere Cleanup Systems in Light-Water-Cooled Nuclear Power Plants, Rev. 4, September 2012.
16. -IEEE Std. 603-1991, Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Institute of Electrical and Electronics Engineers, 1991.
17. SECY 93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, U.S. Nuclear Regulatory Commission, April 1993.
18. BTP 7-19, Guidance for Evaluation of Diversity and Defense-in-Depth in Digital Computer-Based Instrumentation and Control Systems, Rev. 6, U.S. Nuclear Regulatory Commission, July 2012.
19. DI&C-ISG-5, Digital Instrumentation and Controls, Rev. 1, Digital Instrumentation and Controls Interim Staff Guidance, U.S. Nuclear Regulatory Commission, November 2008.
20. GDC 19, 10 CFR 50, Appendix A, Control Room.
21. Regulatory Guide 1.189, Fire Protection for Nuclear Power Plants, Rev. 2, U.S.

KEPCO & KHNP 50

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 Nuclear Regulatory Commission, October 2009.

22. DI&C-ISG-04, Highly Integrated Control Rooms & Digital Communication Systems, Rev. 1, Digital Instrumentation and Controls Interim Staff Guidance, U.S. Nuclear Regulatory Commission, March 2009.
23. APR1400-E-I-NR-14008-P, Human Factors Verification and Validation Implementation Plan, Rev. 3, KHNP, May 2018.

KEPCO & KHNP 51

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 8 DEFINITIONS APR1400 Basic Human-System Interface (HSI): Generic indication, alarm, control and procedure methods applied to all systems and functions controlled from the MCR, RSR, and RCC. The same HSI methods apply to the SPDS indications provided in the MCR and the TSC. The APR1400 Basic HSI also defines indication, alarm, and control methods for LCSs used for IHAs.

APR1400 HSI Design: Complete integration of the APR1400 HSIS and APR1400 HSI Facilities (see definitions below).

APR1400 HSI Facilities: ARP1400 MCR, RSR, RCC, TSC and LCSs. The facility designs accommodate the APR1400 HSIS (see definition below) as well as storage, communication, meeting and other habitability features important to support required operations crew performance during all facets of plant operation.

APR1400 Human-System Interface System (HSIS): The soft and conventional indications, alarms, controls, and operating procedures that encompass the HSI inventory defined by the TA PE and APR1400 plant system designs within the generic HSI methods defined by the APR1400 Basic HSI.

Independent reviewer: Person with qualifications equivalent to the originator of a product but not engaged in preparing the product.

Known aspect: An aspect of the APR1400 plant design or APR1400 Basic HSI design that is documented at the time of the HFE analysis.

Performance-based testing: Testing using dynamic simulation and plant operators that includes scenarios targeted to confirm the design of specific HSI features.

Preferred emergency success path: The first set of plant structures, systems, and components, defined by the EOPs for event mitigation. EOPs may define alternate success paths if the preferred success path does not function as expected.

KEPCO & KHNP 52

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 APPENDIX A. NUREG-0711, REV. 3, REVIEW CRITERIA CONFORMANCE TABLE NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph 8.4 Review Criteria 3.5 8.4.1 HSI Design Inputs (1) Analysis of Personnel Task Requirements - The applicant should use the following analyses, performed in earlier stages of the design process, to identify requirements for the HSIs:

  • Operational Experience Review - An input to the HSI design 3.5.1 should encompass lessons learned from other complex human-machine systems, especially predecessor designs and those involving similar HSI technology.
  • Functional Requirements Analysis and Function Allocation - 3.5.2 The HSIs should support the roles of personnel in the plant, e.g., appropriate levels of automation.
  • Task Analysis - The set of requirements to support the role of 3.5.3 personnel is provided by task analyses that should identify:

- tasks needed to control the plant during a range of operating conditions from normal through accident conditions

- detailed information and control requirements (e.g.,

requirements for display range, precision, accuracy, and units of measurement)

- task support requirements (e.g., special lighting and ventilation requirements)

- important HAs, as defined in Section 7 of this document, that should be given special attention in the HSI design process

  • Staffing and Qualifications - The findings from analyses of 3.5.5 staffing/qualifications should provide input for deciding upon the layout of the overall control room and allocating controls and displays to individual consoles, panels, and workstations.

The staffing/qualifications analyses establish the basis for the minimum and maximum number of personnel to be accommodated, and requirements for coordinating activities between them.

(2) System Requirements - The applicant should identify any 3.1 paragraph 1, 3.2 constraints on the HSI design imposed by the overall I&C paragraph 1, 3.3 paragraph 1 system, e.g., constraints on the information that can be presented due to sensor data availability.

(3) Regulatory Requirements - The applicant should identify the 4.1.4, 4.1.5.2 applicable regulatory requirements as inputs to the HSI design process.

KEPCO & KHNP A1

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (4) Other Requirements - The applicant should identify any 3.1 paragraph 3 (input from other requirements, such as customer requirements, that are US operators), 4.1.3.2 inputs to the HSI design. paragraph 2 8.4.2 Concept of Use and HSI Design Overview 4.1.1, 4.1.2 (1) The applicant should develop a concept of use stating the roles and responsibilities of operations personnel based upon anticipated staffing levels. The concept of use should:

  • provide a high-level description of how personnel will work with HSI resources
  • address the coordination of personnel activities, such as interactions with auxiliary operators and the coordination of maintenance and operations Additional Information: Examples of the types of information the applicant may identify include the allocation of tasks between the main control room or to local control stations, whether personnel will work at a single large workstation or at individual ones, to what types of information each crew member will have access, and what types of information will be displayed to the entire crew.

(2) The applicant should provide an overview of the HSI, 3.1, 4.1.1.1 through 4.1.1.6 covering the technical bases demonstrating that they constitute (additional detail including a state-of-the-art HSI design supporting personnel performance. facility layout is in the Basic These bases may include analyses of operating experience and HSI Description TeR) the literature, tradeoff studies simultaneously considering multiple alternatives, and engineering tests and evaluations.

The overview should include a description of:

  • facility layouts, including workstations, large screen displays, and the nominal staff working positions
  • key HSI resources and their functionality, such as alarms, displays, controls, computer-based procedures, and other support and job aids
  • technologies to support teamwork and communication within the main control room and between the main control room, the remote shutdown facility, the TSC, EOF, and local control stations
  • the responsibilities of the crew for monitoring, interacting, and overriding automatic systems and for interacting with computerized procedures systems and other computerized operator support systems KEPCO & KHNP A2

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph 8.4.3 HFE Design Guidance for HSIs 3.3.2, 4.1.6.2 Applicants should employ design-specific HFE design guidance in designing the features of the HSIs, their layout, and environments. Although design guidance documents are called by different names, NUREG-0711 refers to them as style guides. Applicants may use one or more individual documents to serve this purpose. The HFE guidelines in NUREG-0700 may serve to support the NRC staff's review of the guidance in an applicant's style guide.

(1) The topics in the applicants style guide(s) should address Refer to APR1400 Style the scope of HSIs included in the design, and address their Guide TeR form, function, and operation, as well as the environmental conditions in which they will be used that are relevant to human performance.

Additional Information: NUREG-0700 lists HSI topics around which a style guide(s) may be organized.

(2) The guidance in the applicants style guide(s) should be 4.1.6.2 paragraph 1 developed from generic HFE guidance and HSI design-related analyses. It should be tailored to reflect the applicants design decisions in addressing specific goals of the HSI design.

Additional Information: Analyses related to the HSI design might include an evaluation of recent literature, analysis of current industry practices and operational experience, tradeoff studies, and the findings from design-engineering experiments and evaluations.

(3) The individual guidelines in the applicants style guide(s) Refer to APR1400 Style should be expressed precisely and describe easily observable Guide TeR HSI characteristics, such as Priority 1 alarms are shown in red. The guidelines in the style guide(s) should be sufficiently detailed so that design personnel can deliver a consistent, verifiable design meeting the applicant's guidelines.

(4) The applicants style guide(s) should contain procedures for Refer to APR1400 Style determining where and how HFE guidance will be used in the Guide TeR overall design process. They should be written so designers can readily understand them; the text should be supplemented with graphical examples, figures, and tables to facilitate comprehension.

(5) The applicant should maintain the style guide(s) in a form Refer to APR1400 Style that is readily accessible and usable by designers, and is easily Guide TeR modified and updated as the design matures. The guidance should include a reference(s) to the source upon which it is based.

KEPCO & KHNP A3

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph 8.4.4 HSI Detailed Design and Integration No criteria The criteria in this section are divided into the following subsections:

8.4.4.1, General 8.4.4.2, Main Control Room 8.4.4.3, Technical Support Center 8.4.4.4, Emergency Operations Facility 8.4.4.5, Remote Shutdown Facility 8.4.4.6, Local Control Stations Many criteria in this section are based on HFE guidance from other documents. We listed these documents and give the full references for them, including the specific revision or year of publication, in Section 14, References.

8.4.4.1 General 3.5.4, 4.1.4.14 (1) For important HAs (see Element 7), the applicants design should minimize the probability that errors will occur, and maximize the probability that any error made will be detected.

(2) The applicant should base the layout of HSIs within 4.1.1 paragraphs 1 and 6 consoles, panels, and workstations on (1) analyses of personnel roles (job analysis), and (2) systematic strategies for organization, such as arrangement by importance, and frequency and sequence of use.

(3) The applicant should design the HSIs to support inspection, 3.5.3, 4.1.3.1 last paragraph, maintenance, test, and repair of (1) plant equipment, and (2) the 4.1.1.7 HSIs. The applicant should design the latter so that inspection, maintenance, test, and repair of the HSIs do not interfere with other plant-control activities (e.g., maintenance tags should not block the operators views of plant indications).

(4) The applicants design should support personnel task 4.1.2 performance under conditions of minimum-, typical-, and high-level or maximum staffing.

Additional Information: Minimum staffing is that defined by plants technical specifications.

Typical staffing is that specified and used by the licensee for routine plant operations. Maximum staffing includes the augmented staff for accident situations.

(5) The applicants design process should account for using the 4.1 second paragraph bullet 5 HSIs over the duration of a shift where decrements in human performance due to fatigue may be a concern.

Additional Information: As an example, simulation tests can evaluate fatigue caused by using touch screens for long periods KEPCO & KHNP A4

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (6) The characteristics of the applicants HSIs should support 3.3.2 human performance under the full range of environmental 4.1, second paragraph. item conditions, ranging from normal to credible extreme conditions, 8; third paragraph such as loss of lighting and of ventilation. For the remote 4.2.8, item 5 4.2.9 item 1 shutdown facility and local control stations, the applicants HFE design should consider the ambient environment (e.g., noise, temperature, contamination) and the need for and type of protective clothing.

Additional Information: For example, consideration should be given to the effects that protective clothing may have on task performance (e.g., protective gloves may make manual dexterity tasks more difficult and increase the time necessary to complete them).

(7) The applicant should identify how in an operating plant: 3.8

  • the HSIs are modified and updated
  • temporary HSI changes are made (such as modifying the set points)
  • personnel-defined HSIs are created (such as temporary displays that personnel define for monitoring a specific situation)

(8) Additional Considerations for Reviewing the HFE Aspect Not Applicable s of Plant Modifications 8.4.4.2 Main Control Room No criteria, additional detail In some of the criteria below, we italicize and underline the word for all criteria in this section is how to emphasize it. The word refers to the means by which provided in the APR1400 the information identified in the criterion is displayed by the HSIs Basic HSI Description TeR to personnel, e.g., how displays depict the information that operators need for monitoring tasks.

KEPCO & KHNP A5

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (1) Safety Parameter Display System - The applicant should 3.2.1, 4.1.4.1, SPDS describe the safety parameter display system (SPDS), inventory is defined by addressing the following: FRA/FA and TA

  • Identification of Critical Safety Functions (CSFs) - The CSFs needed to meet the requirement for an SPDS should be identified. NUREG-1342 Section III.F, Minimum Parameters for Display, lists the five CSFs that personnel monitor using an SPDS for boiling water reactor (BWRs) and pressurized water reactor (PWRs). For new designs, applicants should verify that these CSFs are suitable for their design, identifying any changes needed based on their designs detailed characteristics.

CSFs may differ for non-light water reactor designs, such as high-temperature gascooled reactors and liquid-metal reactors.

  • Identification of the Parameters Personnel will use to Monitor Each CSF - The applicant should identify the plant parameters personnel need to monitor each CSF and describe the means by which plant data are synthesized, combined, or otherwise evaluated to provide the information presented in the SPDS display.

Section III.F of NUREG-1342 has guidance on acceptable parameters for the current fleet of PWRs and BWRs. The applicants identification of parameters should consider the unique characteristics of the plants design.

  • Evaluation of SPDS HSIs - The applicant should verify that the SPDS HSIs conform to acceptable HFE practices using NUREG-0700, Section 5 and other SPDS HFE guidance.

Additional Information: SPDS requirements are described in 10 CFR 50.34(f)(2)(iv), and related guidance in NUREG-0835, NUREG-1342, Supplement 1 of NUREG-0737, and NUREG-0700, Section 5. These NUREGs discuss the NRCs review guidance for SPDS, with NUREG-0700 being the primary one; the others encompass supplemental guidance, examples, and technical bases.

KEPCO & KHNP A6

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (2) Bypassed and Inoperable Status Indication - The applicant 3.2.1 paragraph 1 bullet 2, should describe how the HSI assures the automatic indication of 4.1.4.2 the bypassed and inoperable status of a safety function, and the systems actuated or controlled by the safety function. [10 CFR 50.34(f)(2)(v) - I.D.3] Regulatory Guide 1.47 includes the following guidance related to the display of bypassed and inoperable status of safety systems:

  • The status indication should be in the main control room.
  • Administrative procedures should be supplemented by an automatic indication system that shows, for each affected safety system or subsystem, the bypass or deliberately induced inoperability of a safety function, and the systems it actuates or controls.
  • Provisions should be made allowing the operations staff to confirm that a bypassed safety function was properly returned to service.
  • Annunciating functions for system failure and automatic actions based on the selftest or self-diagnostic capabilities of digital computer-based I&C safety systems should be consistent with the above bullets.
  • The indication system for bypass and inoperable status should include the ability to ensure its operable status during normal plant operation to the extent to which the indicating and annunciating functions can be verified.
  • Bypass and inoperable status indicators should be arranged such that personnel can determine whether it is permissible to continue operating the reactor.
  • The control room of all affected units should receive an indication of the bypass for their shared system safety functions.

(3) Relief and Safety Valve Position Monitoring - The applicant 4.1.4.3 should describe how the HSI indicates the position of the relief and safety valves (open or closed) in the control room. [10 CFR 50.34(f)(2)(xi)- II.D.3]

(4) Manual Feedwater Control - The applicant should describe 4.1.4.4 how the HSI provides automatic and manual initiation of the auxiliary feedwater system, and indicates auxiliary feedwater system flow in the control room. [Applicable to PWRs only, 10 CFR 50.34(f)(2)(xii) - II.E.1.2]

(5) Containment Monitoring - The applicant should describe 4.1.4.5 how the control rooms HSIs (alarms and displays) inform personnel about: (A) containment pressure; (B) containment water level; (C) containment hydrogen concentration; (D) containment radiation intensity (high level); and (E) noble gas effluents for all potential, accident release points. [10 CFR 50.34(f)(2)(xvii) - II.F.1]

KEPCO & KHNP A7

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (6) Core Cooling - The applicant should describe how the HSI 4.1.4.6 provides unambiguous indication of inadequate core cooling, such as with primary coolant saturation meters in PWRs, and a suitable combination of signals from indicators of coolant level in the reactor vessel and in-core thermocouples in PWRs and BWRs. [10 CFR 50.34(f)(2)(xviii) - II.F.2]

(7) Post-accident Monitoring - The applicant should describe 4.1.4.7 how the HSI assures monitoring of plant and environmental conditions following an accident including core damage. [10 CFR 50.34(f)(2)(xix) - II.F.3, and RG1.97]

(8) Auxiliary Heat Removal -- The applicant should describe 4.1.4.8 how that necessary automatic and manual actions can be taken to ensure proper functioning of auxiliary heat removal systems when the main feedwater system is not operable. [Applicable to BWRs only, 10 CFR 50.34(f)(2)(xxi) - II.K.1.22]

(9) Reactor Level Monitoring - The applicant should describe 4.1.4.9 how the HSI gives a record of the reactor vessels water level in one location on displays that meet normal post accident recording requirements. [Applicable to BWRs only, 10 CFR 50.34(f)(2)(xxiv) - II.K.3.23]

(10) Leakage Control - The applicant should describe how the 4.1.4.10 HSI provides for leakage control and detection in the design of systems outside containment that contain (or might contain) accident-source-term radioactive materials after an accident.

[10 CFR 50.34(f)(2)(xxvi) - III.D.1.1]

(11) Radiation Monitoring - The applicant should describe how 4.1.4.11 the HSI provides appropriate monitoring of in-plant radiation and airborne radioactivity under a broad range of routine and accident conditions. [10 CFR 50.34(f)(2)(xxvii) - III.D.3.3]

(12) Manual Initiation of Protective Actions - The applicant 4.1.4.12 should describe how the HSI supports the manual initiation of protective actions at the system level for safety systems otherwise initiated automatically. [Regulatory Guide 1.62.]

(13) Diversity and Defense-in-depth - The applicant should 4.1.4.13 describe how the HSI provides displays and controls in the MCR for manual, system-level actuation of critical safety functions, and for monitoring those parameters that support them. These displays and controls are independent of, and different from, the normal I&C. [I&C BTP 7-19, Point 4]

KEPCO & KHNP A8

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (14) Important HAs - The applicant should describe how the 4.1.4.14 HSI provides the controls, displays, and alarms that ensure the reliable performance of identified important HAs.

Section 7 of this document discusses important HAs.

(15) Computer-Based procedure platform - The applicants 4.1.4.15 computer-based procedures should be consistent with the design review guidance in NUREG-0700, Section 8, Computer-Based Procedure System and in Section 1 of DI&C-ISG-5 (NRC, 2008).

8.4.4.3 Technical Support Center 4.1.4.18, additional detail for NUREG-0696 states that HFE should be incorporated in the all criteria in this section is design of the on-site Technical Support Center (TSC), and provided in the APR1400 considers both operating and maintenance personnel. The Basic HSI Description TeR criteria in this section are applicable to the HFE aspects of the review of the TSC. The applicants submittal should include the following:

(1) The applicant should describe how the HSIs give personnel 1, paragraph 2, items 1 and 3 the information needed to: 2.2, paragraph 4

  • analyze the plants steady-state and dynamic behavior before 2.3, paragraph 2 and throughout an accident so TSC personnel can guide the 3.3.1 3.5.5 MCR operators in managing the abnormal conditions and 4.1, paragraph 1 mitigating the accident without interfering with the MCR 4.1.1.1 activities 4.1.1.3
  • undertake the needed environmental- and radiological- 4.1.1.4 monitoring functions of the EOF when it is not operational 4.1.1.5
  • offer technical support to personnel during recovery operations 4.1.1.6 after an emergency 4.1.4.18
  • provide reliable voice-communications facilities to the control room, the operations support center, the EOF, the NRC, and with state and local operations centers (2) The applicant should describe how the HSIs give personnel 1, paragraph 2, items 1 and 3 the information needed for: 2.2, paragraph 4
  • determining the plants steady-state operating conditions 2.3, paragraph 2 before the accident 3.3.1 3.5.5
  • ascertaining the transient conditions producing the initiating 4.1, paragraph 1 event 4.1.1.1
  • gauging plant systems dynamic behavior throughout the 4.1.1.3 accident 4.1.1.4
  • reviewing the accident sequence 4.1.1.5
  • deciding upon appropriate mitigating actions 4.1.1.6
  • evaluating the extent of any damage 4.1.4.18
  • assessing the plants status during recovery operations KEPCO & KHNP A9

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (3) The applicant should describe how the HSIs provide an 4.1.4.1 SPDS that replicates the SPDS in the MCR (to improve the exchange of information between personnel in the main control room and the EOF). If the SPDS in the main control room is composed of multiple displays, then multiple displays also should be provided in the TSC.

(4) The applicant should describe how the HSIs provide as a 4.1.4.1 minimum, the set of variables specified in Regulatory Guide 1.97, Revision 4, plus all sensor data and calculated variables not specified in Reg. Guide 1.97 but included in the data sets for the SPDS, for the EOF, or for transmission to offsite locations.

(5) The applicant should describe how the HSIs allow all TSC 4.1.4.1 personnel to complete their assigned tasks with unhindered access to alphanumeric and/or graphical representations of:

  • plant systems variables
  • in-plant radiological variables
  • meteorological information
  • offsite radiological information (6) The applicant should describe how the HSIs provide the 4.1.4.1 trend-information displays and time-history displays that give the TSC personnel a dynamic view of the plants status during abnormal operating conditions.

(7) The applicant should describe how HFE was incorporated 4.1.4.18 paragraph 1 into the TSC design to ensure that personnel easily understand and use the HSIs.

8.4.4.4 Emergency Operations Facility The HSI design of the EOF is NUREG-0696 states that HFE should be incorporated in the the responsibility of the COL design of the Emergency Operations Facility (EOF) considering applicant. This HD IP governs both operating and maintenance personnel. The criteria in this only the generation of the SPDS inventory data, which section are applicable to the HFE review of the EOF.

is transmitted to the EOF for display within the COL applicant's HSI design, as defined in the following sections:

2, paragraph 1 2.2, paragraph 4 2.3, paragraph 1 4.1.4.19 KEPCO & KHNP A10

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (1) The applicant should describe how the HSIs assure the The SPDS inventory data, acquisition, display, and evaluation of all radiological, which is transmitted to the meteorological, and plant-system data essential to determining EOF for display within the offsite protective measures. COL applicant's HSI design, includes radiological, meteorological, and plant-system data essential to determining offsite protective measures, as defined in Section 4.1.4.1.

(2) The applicant should describe how the HSIs continuously The HSI design of the EOF is indicate radiation dose-rates and concentrations of airborne the responsibility of the COL radioactivity inside the EOF while it is used during an applicant, including warnings emergency, including local alarms with trip levels set to provide of adverse conditions that may affect the facility's early warning to EOF personnel of adverse conditions that may habitability, as defined in affect the facilitys habitability. Section 4.1.4.19.

(3) The applicant should describe how the HSIs support reliable The HSI design of the EOF is voice communications to the TSC, the main control room, the the responsibility of the COL NRC, and the state and local emergency response facilities. applicant, including voice communications, as defined in Section 4.1.4.19.

(4) The applicant should describe how the HSIs supply data The SPDS inventory data, sufficient to assess the actual and potential onsite and offsite which is transmitted to the environmental consequences of an emergency, and information EOF for display within the on the general condition of the plant. COL applicant's HSI design, includes radiological, meteorological, and plant-system data sufficient to assess the actual and potential onsite and offsite environmental consequences of an emergency, and information on the general condition of the plant, as defined in Section 4.1.4.1.

The actual SPDS inventory data is an output of the HD PE.

KEPCO & KHNP A11

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (5) The applicant should describe how the HSIs provide The SPDS inventory data, radiological, meteorological, and other environmental data to: which is transmitted to the

  • assess environmental conditions EOF for display within the
  • coordinate radiological monitoring COL applicant's HSI design, includes radiological,
  • recommend implementing offsite emergency plans meteorological, and other As a minimum, the EOF data should include (1) sensor data of environmental data, including the variables specified in Reg. Guide 1.97, Revision 4, and (2) the variables specified in RG the meteorological variables specified in the proposed Revision 1.97, RG 1.23 and NUREG-1 to Regulatory Guide 1.23, "Meteorological Measurements 0654, as defined in Sections Programs in Support of Nuclear Power Plants," and in NUREG- 4.1.4.1 and 4.1.4.19.

0654, Revision 1, Appendix 2.

(6) The applicant should describe how the EOF HSIs provide all The SPDS inventory data, data that are available for display in the TSC, including which is transmitted to the information sent from the plant to the NRC. EOF for display within the COL applicant's HSI design, includes the same data that is available in the TSC and is transmitted to the NRC, as defined in Section 4.1.4.1.

2, paragraph 1 2.2, paragraph 4 2.3, paragraph 1 4.1.4.19 (7) The applicant should describe how the HSIs allow all EOF The HSI design of the EOF is personnel to perform their assigned tasks with unhindered the responsibility of the COL access to alphanumeric and/or graphical representations of: applicant. This HD IP governs

  • plant system variables only the generation of the SPDS inventory data, which
  • in-plant radiological variables is transmitted to the EOF for
  • meteorological information display within the COL
  • offsite radiological information applicant's HSI design, as defined in the following sections:

2, paragraph 1 2.2, paragraph 4 2.3, paragraph 1 4.1.4.19 KEPCO & KHNP A12

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (8) The applicant should describe how the HSIs display the The HSI design of the EOF is needed trend information and time-history data in the EOF. The the responsibility of the COL displays should be partitioned to facilitate the different functional applicant. This HD IP governs groups in the EOF retrieving this information. only the generation of the SPDS inventory data, which is transmitted to the EOF for display within the COL applicant's HSI design, as defined in the following sections:

2, paragraph 1 2.2, paragraph 4 2.3 paragraph 1 4.1.4.19 (9) The applicant should describe how the HSIs provide an The HSI design of the EOF is SPDS to improve the exchange of information between the the responsibility of the COL MCR and the TSC. If the SPDS in the MCR comprises multiple applicant. This HD IP governs displays, they should also be provided in the EOF. only the generation of the SPDS inventory data, which is transmitted to the EOF for display within the COL applicant's HSI design, as defined in the following sections:

2, paragraph 1 2.2, paragraph 4 2.3, paragraph 1 4.1.4.19 (10) The applicant should describe how HFE was incorporated The HSI design of the EOF is into the EOF design to ensure that personnel easily understand the responsibility of the COL and use the HSIs. applicant. This HD IP governs only the generation of the SPDS inventory data, which is transmitted to the EOF for display within the COL applicant's HSI design, as defined in the following sections:

2, paragraph 1 2.2, paragraph 4 2.3, paragraph 1 4.1.4.19 KEPCO & KHNP A13

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph 8.4.4.5 Remote Shutdown Facility 1, paragraph 2 item 1 and 3 (1) The applicant should describe how the HSI provides a 2, paragraph 1 design capability for remote shutdown of the reactor outside the 2.2, paragraph 4 main control room. [10 CFR 50, Appendix A, General Design 2.3, paragraph 1 3.3.1 Criteria 19]

4.1, paragraph 1 4.1.1.1 through 4.1.1.6 4.1.3.4 4.1.4.1 4.1.4.17 (2) The applicant should describe how the HSIs at the remote 1, paragraph 2 item 1 shutdown facility are consistent with those in the main control 4.1.1.2 room. 4.1.1.3 8.4.4.6 Local Control Stations 3.2.9 (1) The applicant should describe the basis for deciding which HSIs will be included in the main control room design, and which will be provided locally.

(2) The applicant should describe how HFE was incorporated 3.2.9, 4.2.9 into the HSIs for local control stations to ensure they are consistent with those in the MCR, and that personnel easily understand and use the HSIs.

8.4.5 Degraded I&C and HSI Conditions 4.1.3.1 through 4.1.3.5, 4.2.3 (1) The applicant should identify: item 6f

  • the effects of automation failures and degraded conditions on personnel and plant the performance
  • HFE-significant I&C degradations; i.e., the failure modes and degraded conditions of the I&C system that might adversely affect the HSIs personnel use to accomplish important HAs Additional Information: The I&C system is made up of four subsystems: Sensor, monitoring, automation and control, and communications. In this criterion, automation is considered separately due to its well-known human performance challenges and their potential impact on safety. The focus of this criterion is on HFE-significant I&C degradations. An example is a sensor degradation that results in a control room display that confuses personnel into thinking there is a process disturbance.

(2) The applicant should specify the alarms and other 4.1.3.5, 4.1.4.2, 4.2.5 item 3a information personnel need to detect degraded I&C and HSI bullets 2 and 3 conditions in a timely manner, and to identify their extent and significance.

(3) The applicant should determine any needed back-up 4.1.3.1 through 4.1.3.5, 4.2.3 systems to ensure that important personnel tasks can be item 6f completed under degraded I&C and HSI conditions.

KEPCO & KHNP A14

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (4) The applicant should determine the necessary Actions and procedures are compensatory actions and supporting procedures to ensure that identified during TA personnel effectively manage degraded I&C and HSI conditions, and the transition to back-up systems.

8.4.6 HSI Tests and Evaluations See detail below Tests and evaluations (T&Es) of concepts and detailed design features are conducted during the process of developing HSIs to support design decisions. This section provides review guidance for two types of T&Es:

  • Trade-off evaluations are comparisons between design options, based on aspects of human performance that are important to successful task performance, and to other design considerations.
  • Performance-based tests involve assessing personnel performance, including subjective opinions, to evaluate design options and design acceptability.

8.4.6.1 Trade-off Evaluations 4.1.5.1 last paragraph (1) In comparing design approaches, the applicant should consider those aspects of human performance important to performing tasks. The applicant should take into account the following factors when developing criteria to apply in selecting one design approach over another:

  • personnel-task requirements
  • human-performance capabilities and limitations
  • HSI-system performance requirements
  • inspection and testing needs
  • maintenance demands
  • use of proven technology and the operating experience of predecessor designs Additional Information: Including selection criteria for human performance will help to ensure that the differential effects of design options on human performance can be assessed, along with other considerations. For example, when analyzing trade-offs between using either a mouse or a touch screen as a computer-input device, the fatigue caused by using the device, and the time required to perform actions using each device should be considered.

(2) The applicant should state explicitly the relative benefits of 4.1.5.2 last paragraph design alternatives and the basis for the design approach selected.

8.4.6.2 Performance-Based Tests 3.2.7, 4.1.7, 4.2.1 item 7, (1) The applicant should identify the specific objectives of the 4.2.3 item 7, 4.2.4 item 7, tests. 4.2.5 item 7, 4.2.6 item 7, Additional Information: Performance-based tests have many different 4.2.7 item 7, 4.2.8 item 7 purposes, such as choosing between design alternatives or verifying that an aspect of the HSI meets performance criteria.

KEPCO & KHNP A15

Non-Proprietary HSI Design Implementation Plan APR1400-E-I-NR-14007-NP, Rev.3 NUREG-0711, Rev. 3, Review Criteria IP Section and Paragraph (2) The applicant should base the general approach to testing 4.2.1 item 10, 4.2.3 item 10, on the tests objective(s). 4.2.4 item 10, 4.2.5 item 10, The following aspects of the tests should be described (note 4.2.6 item 10, 4.2.7 item 10, that not all items are applicable to every type of test): 4.2.8 item 10

  • participants
  • testbed
  • design features or characteristics of the HSI being tested
  • tasks or scenarios used
  • performance measures
  • test procedures
  • data analyses (3) The conclusions from the tests and their impact on design 4.2 last paragraph, Additional decisions should be described. considerations for plant Additional Considerations for Reviewing the HFE Aspects of Plant modifications are not Modifications applicable KEPCO & KHNP A16