ML19209C868
| ML19209C868 | |
| Person / Time | |
|---|---|
| Site: | Crane  |
| Issue date: | 09/14/1979 |
| From: | Bott T, Haas P, Tomlinson E OAK RIDGE NATIONAL LABORATORY |
| To: | |
| Shared Package | |
| ML19209C834 | List: |
| References | |
| TASK-TF, TASK-TMR NUDOCS 7910180402 | |
| Download: ML19209C868 (7) | |
Text
.
HUMAN RELIABILITY IN M0r4ITORING POWER PLANT OPERATIONS T. F. Bott g
P. M. Haas E. T. Tomlinson Oak Ridge National Laboratory Summary A proposal is presented for an initial project in a program of collecting and analyzing data on human reliability in power plant operations'.
The initial project, which will serve to demonstrate the feasibility of the method of data collection as well as provide valuable data on a specific aspect of human reliability, focuses on human errors in routine monitoring of plant parameters. The method for collection involves a controlled exoeriment under actua' piant conditions. Cualitative and quantitative characterization of human interaction in relation to monitoring devices will be made.
The monitoring will be performed at an operating power plant.
(A cooperative effort with TVA at Bull Run and/or Kingston Steam Plants is anticipated.) The program will be carried out within the Neutron Physics Division with technical support from experts in the fields of human reliability, industrial psychology, instrumentation design, and statistical analysis wno are avdilable at ORNL, Sandia Laboratories, and tne University of Tennessee.
I.
Backcround The assessment of reliability of hardware in large systems has developed into a widely accepted discipline.. Qualitative and quantitative methods have been developed and have been applied to many types of systems and specific problems. Organized, and in some cases, quite sophisticated data bases exist or are being developed to meet the needs of reliability analysts for' equipment failure rates, mean time-to-repair, etc..
t 0
7910180 4 8 A5 198
2 However, tr.e development of the caoability for assessment and prediction
(
of hu:can reliability has not kept pace with hardware reliability analysis.
k There appears to be fairly wicespread agreement that the major impediment to advancement has been and continues to be the lack of an adequate data Mathematical models do exist base on human performance or human errors.
l that would permit practical quantification of the effects of human reliabi ity In fact, much of the methodolcgy used for '
on complex man-macnine systems.
hardware reliability analysis could be applied to human reliacility proclems.
The reason for the lack of an adequate data base is not that the The need for quantification importance of human reliability is not recognized.
Many would agree that, of human reliability is stressed by most analysts.
" estimates of overall system reliability which (do) not include human 1
reliability (are) at best inaccurate and at worst grossly optimistic."
In a recent review of the literature and history of the field of hu:ran describes a number of past efrorus to establish data 2
reliacility, Embrey The primary problems seem bases and discusses the difficulties involved.
to be the complexity and variability of human behavior, the difficulty of performing controlled experiments with human beings that are "' real and the expense of collecting and maintaining an adequate base for the scope of data required.
This program is proposed to investigate methods for collecting data that will overcome some of these difficulties for at least some specific It attempts to reduce aspects of the broad problem of humin reliability.
the ccmplexity,f the problem by reducing the scope, i.e., by attacking It proposes a method for performing individual segments one at a time.
These methods centrolled experiments under actual ocerating conditions.
should produce data that are mora accurate than current estimates from operating experience and more realistic than laboratory or simulat II. Procram Plan _
As suggested above, the problem of outaining adequate A.
Project Scoce.
data for analysis of human reliability is complex, very broad in scop The task of isolating porticns of the problem which can be expensive.
successfully addressed in 3 reascnable time with limited funds is dif s
865 199
3
(
In general, a researcher attempts to design an experiment from which he can obtain principles as broadly applicable as possible with the resources he has.
However, in doing so, he runs the risk of obtaining results too general to be of use for applications to real prcblems.
This appears to have been the case for scme of the human reliability data base efforts noted previously.
In this program there is an attempt to divide the scope of the human reliability data collection effort into segments that are of managuable size and that are independent entities.
Further, there is an attem1t to concentrate on collection of data of direct practical benefit to operating installations',
i.e., data on operations that impact significantly on the availability of electrical generating facilities (fossil-fueled and nuclear-powered). Obviously, complete indepencence of the separate programs is not possible because of the many intercependencies within ccmplex man-machine systems and the various commonalities that do exist in human behavior related to differing types of 2
However, from the many possible ways of categorizing human behavior '3
tasks.
and reducing the problem scope, task selections have been made and an initial project has been outlined. The project is designed to demonstrate the feasibility of obtaining from an operating cor=ercial power plant human reliability data that are of direct benefit to the plant and to the reliability analyst.
It is this initial project that is the subject of this proposal.
3.
Project Definition, Justification and Goals.
The specific prcblem selected involves collection of data on human errors in monitoring plant equipment. Generally, operating parameters on key equipment items, both safety-related ar.d non-safety related, are monitored routinely on a periodic basis. Operation within a specified range may be required for functional reasons and/or to protect equipment frca damage.
Typically, a prespecified action or series of actions must be carried out by the operator if monitor -
readings outside of the specified range are observed.
The potential exists for human errcrs of various types associated with the observation and recorting of the monitoring equipment and with carrying out the " corrective" action.-
Numerous examples of monitoring errors that have led to equipment failures involving significant down-time have been documented.
For examole, a cursory review of only safety-related occurrences in U.S. pressurized water reactors 5
k for the single year 1975 revealed more than ninety reported incidents having causes associated with monitoring errors.
Some of the " simplest" actions (for 865 100
4
(
example, observing valve positions) are the most frequent sources of error 5
during routine operation.
In other incidents at 00E facilities failure to properly monitor the temperature of a circuit-breaker environment and misreading oil level gauges have caused equipment failures leading to significant loss of plant availability.
These numerous incidents reported as required on safety-related components undoubtedly represent only a fraction of the total number of errors actually' occurring in the plant operation. On the other hand, accurate estimates of the number of correct human actions are extremely difficult to make. Thus human " error rates" on routine monitoring actions are virtually non-existent.
Collection and analysis of data related to these monitoring actions will be a major contribution toward overall efforts to assess human reliability and reduce the impact of numar errors on power plant availability.
Such a cata collection effort will support, and in fact, may suggest appropriate direction for future development of quantitative metnods that may be necessary.
In addition to serving as a demonstration for these. data collection methods, this initial project will have useful results in itself on one aspect of
\\
human reliability which should be of direct benefit to the cooperating site and to the industry as a whole.
C.
Method of Goeration. As suggested above, several major problems exist in collecting operational data such as these. Many, probably the majority, of the human errors committed are not recorded. Cnly those that actually lead to " reportable" incidents according to currently defined standards are recorded. Moreover, the conditions associated with the various errors - operational and environmental conditions prior to time the error is actually committed, the true output of the monitoring device, the training and experience of the operator, etc. - are not recorced or are not readily -
available.
In otner words, the experimental variables are not controlled.
Finally, the " population aata", i.e., the total number of operations (rather than just the number of errors) is not readily available.
Laboratory or simulator experiments with human behavior make it possible to control many of the key variables. However, it may be extremely difficult to extrcpolate results to real operational situations in a power plant.
Such experiments are difficult to monitor without interfering with the behavior being :enitored.
865 101
5
(
The method proposed here involves a controlled experiment under operational conditions, i.e., it combines simulator methods with the operational environment. A small number of " dummy" monitoring devices will be placed in appropriate positions in the plant to simulata actual monitors.
With the help of plant management, a required list of monitor reacings will be added to the checklist for normal periodic plant operational checks.
Specifications for " normal" readings, tolerances, required actions if the readings are out of specification, etc., will be added to standard operating procedures. Actual monitor readings will be controlled by the experimenters' and will be varied at irregular intervals. To the extent possible, the control of tne instruments will be automated in order to minimize. inter-ference with the operator behavior caused by the presence of the experimenters.
Appropriate methods for monitoring resconse to an out-of-tolerance measurement will be devised.
For example, an out-of-tolerance reading which requires the operator to actuate a switch within a prescribed time might be monitored simply by using a timer with the switch.
Several specific types of monitoring devices and actions have been identified for simulaticn - pressure gauges, temperature readouts, liquid level gauges, and valve position indications.
It is assumed that others will be devised in response to consultation with instrumentation and controls personnel and plant management.
It is clear that even in this experimental situation all of the many variables affecting operator performance cannot be controlled.
However, it should be possible to record background information on some of the most obvious factors such as operator training
- and plant environmental factors.
The extent to which the effect of those variables could later be quantified would depend on the amount and quality of data cbtained.
D.
Subtasks. This initial project has been divided into four subtasks.
An outline of the four subtasks with schedules for comoletion and milestones is provided in Appendix A.
Appendix B lists estimated costs for manpower,.
consultants, and capital equipment, and Appendix C provides information on the personnel resources available.
(
Anonymity of individual operators would be retained by using a non-personal identification system.
865 102
6
(
The initial work, Subtask A, is a preparatory study involving coordination with operating pcwer plants willing to carticipate, additional background studies and consultation with experts in several pertinent areas, for~ulaticn of detailed test plans, and accuisition and preparatien of the "du=y" monitoring devices. With regard to availability of expert censultants, expertise in reliability methodology and statistical analysis of data is potentially available through established consultants for other existing reliability work in the Neutron Physics Division (development of an advanced reactor reliability data base).
Initial, informal contacts have been made with personnel in the Industrial Management Department at the University of Tennessee who have experience in the area of human behavior under industrial conditions, with the Instrumentation and Controls Division at ORNL, and with human reliability experts at ORNL and Sandia Laboratories.
Subtask B is the actual collection of data.
Following a brief initial period for installation of the monitoring devices and orientation of the operating staff, data collection will begin on a daily basis over a period of approximately eight months.
Even if there are as few as five active monitors on which an average of 20 human actions per day are recorded, a total of 24,000 separate actions would be monitored during that period.
The operator " sample size" should be at least around ten to twelve. This should provide a significant basis for quantitative estimates of human error rates.
Analysis of the results is carried out as Subtask C.
Various qualitative categorization schemes for human error have been proposed by other investigators in the past. Data will be examined in terms of these categorizations where applicable, and modified or new schemes will be developed as appropriate.
Data will be analyzed to try to determine the existence of any " trends" and for " failure rates" or other information useful for cuantitative assessment and prediction of human reliability.
~
Subtask D involves documentation of results, conclusions and reccmmencaticns for further work. Since one of the goals of this project is to demonstrate tne feasibility of carrying out this type of controlled experiment in an operational environment, the experience gained and the suggestions for adaptation of timilar methods to other aspects of human behavior will be an important result of the study. Other specific plant operations or human interactions already considered which appear to be amenable to similar methods include plant chemistry measure-ments, emissions control monitoring, radiation control system monitoring 865 103
7
(
(nuclear plants), intra-plant communications, quality assurance actions, preventive maintenance procedures, and fabrication errors. Other areas are likely to be suggested during the preparatory study.
III. Conclusion This proposal has outlined a project designed to satisfy the need for collection and analysis of data on one aspect of human error in power plant '
operations - routine monitoring of plant equipment parameters. Moreover, it has proposed a.methou of controlled experimentation under operational conditions that has the potential for application to many other aspects of human reliability in power plant operations. Cemonstration of the applicability.
of these methods and the specific results of this initial study will be valuable contributions to the overall problem of assessing and predicting human reliability.
1n9 h())
! l) N 5
e e
.