ML19212A727

From kanterella
Jump to navigation Jump to search
04_08_Fire HRA Insights and Issues
ML19212A727
Person / Time
Issue date: 07/31/2019
From:
Office of Nuclear Regulatory Research
To:
D. Stroup 415-1649
Shared Package
ML19212A718 List:
References
Download: ML19212A727 (58)
v  d  e


Text

NRC-RES/EPRI FIRE PRA METHODOLOGY:

Fire Application Experience &

MCR Abandonment Research NRC-RES Fire PRA Workshop Module IV August 5-9, 2019 Rockville, MD

Outline of the Presentation Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Fire HRA/PRA Research & Application Experience NRC & EPRI Research Insights from Application Quantitative analysis Recovery analysis Dependency analysis Uncertainty analysis Fire HRA Issues Slide 2 Fire PRA Workshop 2019, Rockville, MD

Presentation Objectives Provide update and status on current HRA & fire research Provide Fire HRA insights based on application experience:

Industry experience from Fire PRA model development Feedback from peer reviews Experience in applying Fire PRA to National Fire Protection Association (NFPA) 805 transition US NRC feedback via requests for additional information (RAI) comments during NFPA 805 license amendment request (LAR) application No learning objectives, this topic provides feedback on areas of potential future improvements Fire HRA Issues Slide 3 Fire PRA Workshop 2019, Rockville, MD

Module IV - Fire HRA Topic 1:

MCR Abandonment Research

& Fire Research

Joint EPRI/NRC-RES Fire HRA Research Main Control Room Abandonment Joint EPRI/NRC-RES research initiated in 2015 Objectives:

To provide additional HRA/PRA guidance for main control room abandonment (MCRA) scenarios To publish guidance as joint EPRI/NRC-RES report(s)

To publish guidance that supplements (not replaces)

NUREG-1921 To address both loss of habitability (LOH) and loss of control (LOC)

Fire HRA Issues Slide 5 Fire PRA Workshop 2019, Rockville, MD

Technical Approach for Developing HRA/PRA Guidance for MCR Abandonment Scenarios Starting points for development:

- NUREG-1921

- Industry/NRC interactions related to FPRA-FAQ 13-0002 Including NRCs Interim Staff Guidance (ISG) & industry response

- NUREG/CR-6850

- NFPA-805 experience (both industry and NRC)

Guidance is intended for both HRA and PRA analysts Guidance is written to address applications other than NFPA 805 and future HRA/PRA analysis (to extent possible)

Guidance for qualitative analysis (Supplement 1) and quantification (Supplement 2) is being developed separately Fire HRA Issues Slide 6 Fire PRA Workshop 2019, Rockville, MD

Selected Topics from Supplement 1 - Qualitative Analysis Overview (or necessary mindset change for MCRA HRA)

PRA aspects Feasibility assessment Timelines Influencing factors Command and control Interactions with operations Fire HRA Issues Slide 7 Fire PRA Workshop 2019, Rockville, MD

Overview (or HRA mindset change)

Purpose of Overview (Section 2) is to help readers understand why more & different qualitative analysis activities may be necessary to address MCRA scenarios Topics:

- Whats unique about MCRA contexts?

- Implications for HRA/PRA

- Whats different from NUREG-1921 for MCRA?

Pointers to appendices:

- Appendix A - background & historical events

- Appendix B - discussion of command and control

- Appendix C - guidance for collecting plant information for MCRA Fire HRA Issues Slide 8 Fire PRA Workshop 2019, Rockville, MD

Overview (or mindset change) (continued)

Whats unique about MCRA contexts (& why a different HRA mindset)?

- MCRA is a rare NPP event

- MCRA is a special case of fire HRA/PRA that does not build on internal events HRA/PRA

- Without MCR environment, emergency operation procedures (EOPs), etc., common HRA assumptions (e.g., all crew members working off same procedure and providing backup to other crew members) cannot be used for MCRA

- MCRA HRA/HRA must address variations (even within NPP type and vendor) in, for example:

Remote shutdown panel (RSDP) design & capabilities General plant design Procedure(s) & associated strategy taken for safe shutdown Fire HRA Issues Slide 9 Fire PRA Workshop 2019, Rockville, MD

Qualitative Guidance: PRA Aspects Expanded MCRA process and guidance from EPRI 1011989 / NUREG/CR-6850

- Fills gaps in existing methodology where additional guidance is needed Integrating HFEs and equipment failures in model Determine plant conditions when LOH or LOC may occur

- Entry criteria for LOH based on specific thresholds and calculated from fire modeling

- Entry criteria for LOC not well defined in current methodology Expanded LOC scenario definition

- Identified in MCRA procedure entry conditions or, more likely, through interviews with operations What loss of function and instrumentation would lead to shutdown using RSDP?

Identification is highly plant specific Fire HRA Issues Slide 10 Fire PRA Workshop 2019, Rockville, MD

Feasibility Assessment for MCRA NUREG-1921 established feasibility criteria for modeling HFEs in fire PRAs Four new types of guidance are discussed:

- Feasibility must be assessed on a scenario level, in addition to with respect to individual human failure events (HFEs)

- Two new criteria have been identified:

Must have a communications plan Must have a plan for command and control

- Some additional guidance on assessing existing criteria

- What to do if not feasible is not acceptable Discussed later under Interface with Operations Fire HRA Issues Slide 11 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines NUREG-1921 established a timeline for individual HFEs

- Guidance in NUREG-1921 can be applied to MCR abandonment HFEs For MCRA, timing is even more critical, so the supplementary guidance recommends:

- Developing scenario specific timelines that show who is doing what and when, all with respect to the same time origin

- Accounting for command, control, and coordination of tasks by various operators stationed at different locations

- Integrating the various different timing sources into a single timeline with the same time origin:

fire progression accident progression procedure progression and operator response Fire HRA Issues Slide 12 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines - Three Time Phases of MCRA Phase I - Time period before abandonment decision Phase II - Time period for the decision to abandon Phase III - Time period after abandon has been made Fire HRA Issues Slide 13 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines - Three Time Phases of MCRA Phase I - associated with actions taken before the decision to abandon Phase II - timing for the decision to abandon is plant-specific and requires agreement between plant operations, fire PRA modeling and fire HRA

- Typically, the team will need to define conditions which require abandonment and the time at which these conditions will exist. Good example of FPRA feedback to training and/or procedures.

Phase III - timeline accounts for execution time after leaving the MCR, the same as NUREG-1921

- Also addresses extra time required for command & control, coordination, and communications Fire HRA Issues Slide 14 Fire PRA Workshop 2019, Rockville, MD

Example of Integrated Timeline For MCRA Scenario There can be more than one representation of a timeline Fire HRA Issues Slide 15 Fire PRA Workshop 2019, Rockville, MD

Example of Integrated Timeline For MCRA Scenario Same scenario as previous example but this example shows timelines for individual PRA actions.

Fire HRA Issues Slide 16 Fire PRA Workshop 2019, Rockville, MD

Performance Shaping Factors (PSFs)

Guidance for evaluating PSFs primarily derived from:

- List of PSFs developed in NUREG-1921

- Experience of PRA analysts in identifying MCRA sequences modeled The following PSFs identified in NUREG-1921 are just as critical for MCRA (and in some cases, more so):

- Complexity - Time pressure and stress

- Crew dynamics - Human-machine interface

- Crew communications - Environment

- Cues and indications - Staffing and availability

- Procedures - Special equipment

- Training - Special fitness needs

- Timing However, what is important to HRA about these PSFs is that they may be different in MCRA than in other fire scenarios Fire HRA Issues Slide 17 Fire PRA Workshop 2019, Rockville, MD

Performance Shaping Factors (Continued)

In general, assessment of the PSFs for MCRA needs to consider:

- Decision to abandon the MCR

- Actions at the RSDP

- Local actions in the plant

- Command & control issues, including communication & coordination Guidance to the analyst in this section:

- Provides table of examples of the PSF impacts related to distinguishing features of MCRA scenarios

- Assists the analyst in determining which PSFs are the more significant contributors to the qualitative analysis of a particular MCRA scenario by identifying the contexts that make a PSF consequential, and why Content of these tables is considered preliminary Fire HRA Issues Slide 18 Fire PRA Workshop 2019, Rockville, MD

Command and Control (C&C)

Meta-PSF that describes the need for a central body of authority to make decisions but have them carried out by a distributed group C&C during in-MCR operations:

- Shift supervisor is aided by reactor operators (ROs) and shift technical advisor (STA), who are monitoring and providing information input

- Staff are co-located, allowing face-to-face communication and shared access to information in a relatively quiet atmosphere MCRA is more complex and person-in-charge must transition through a series of contexts:

- Decision to abandon the MCR

- Transition to the RSDP

- Communication of instructions to staff located elsewhere, sometimes based on reports of measurements from the field Fire HRA Issues Slide 19 Fire PRA Workshop 2019, Rockville, MD

Differences between MCRA and MCR operations -

communication paths, indications and controls Shift Supervisor (SS, in charge of C&C) cannot directly communicate with all operators; i.e., face-to-face, real time

- Figure shows dashed lines (rather than solid lines) to represent indirect communications (e.g., use of radios)

SS likely needs to communicate with more than the two operators (see next slide)

- However, for simplicity, the figure only shows two operators Unlike in the MCR, the SS can act (i.e., directly manipulate equipment)

Depending on the capability of the RSDP, the SS may be able to only indirectly (i.e., through communications with operators at local plant stations) manipulate equipment, obtain information, etc.

Fire HRA Issues Slide 20 Fire PRA Workshop 2019, Rockville, MD

Differences in Control & Communications (after Moray)

Non-Abandonment Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data A solid line represents direct interactions. For example, operator is located at the control station.

A dashes line represents indirect interactions. There maybe distance between the operators and/or plant. For example the SS maybe at the RSDP while the operator maybe elsewhere in the plant Fire HRA Issues Slide 22 Fire PRA Workshop 2019, Rockville, MD

Interactions with Operations Findings from the analysis can be fed back into operations, training, or even design to ensure feasibility and improve reliability of MCRA PRA perspective

- Addresses (understandable) reluctance of operators to leave MCR and credibility of MCRA scenarios

- Analysts have to assist in providing the PRA perspective regarding the severity of the fire Fires large enough to result in significant effects on instrumentation availability and reliability will also be large enough to impact systems capable of providing sufficient cooling to reactor vessel -

both may render MCR ineffective Provide operators with list of failed equipment and indications for the most risk-significant plant-specific scenarios that would trigger MCRA - could be used as simulator exercises Fire HRA Issues Slide 23 Fire PRA Workshop 2019, Rockville, MD

Interactions with Operations (Continued)

Plant Modifications

- Where time is particularly constrained and the action is essential, plant modifications may be appropriate to provide rapid response mechanism or improved human-machine interface

- Example: installation of a (or several) MCR disconnect switch (or transfer switch) to address spurious operation of valves (e.g.,

mitigates spurious opening by causing the valve to re-close)

Procedure and Training Updates

- MCRA analysis can assist in clarifying or emphasizing certain steps to ensure they are performed in a sufficiently timely manner Providing better guidance to the Shift Supervisor on making the decision to abandon the MCR Consolidation or re-ordering of procedure step performance that might still allow non-risk significant actions to be taken in addition to the PRA critical actions Fire HRA Issues Slide 24 Fire PRA Workshop 2019, Rockville, MD

MCR Abandonment Current Status/Future Work Supplement 1, Qualitative Analysis for MCRA HRA

- Presentation to ACRS PRA Subcommittee in May 2016

- Peer Review in August 2016

- Publication planned for August 2017 Supplement 2, HRA Quantification for MCRA Scenarios

- Work began in Fall 2016

- Presentation to ACRS PRA Subcommittee is planned for September 2017

- Other plans include:

Testing Peer review and/or publication of a draft for public comment Final publication (with update to Supplement 1, as needed)

Fire HRA Issues Slide 25 Fire PRA Workshop 2019, Rockville, MD

Fire Research - Recently Released Publications Refining And Characterizing Heat Release Rates From Electrical Enclosures During Fire (RACHELLE-FIRE) - (NUREG-2178, Volume 1, EPRI 3002005578)

Heat Release Rates of Electrical Enclosure Fires (HELEN-FIRE) - (NUREG/CR-7197)

Nuclear Power Plant Fire Ignition Frequency and Non-Suppression Probability Estimation Using the Updated Fire Events Database:

United States Fire Event Experience Through 2009 (NUREG-2169, EPRI 3002002936)

Determining the Effectiveness, Limitations, and Operator Response for Very Early Warning Fire Detection Systems in Nuclear Facilities (DELORES-VEWFIRE) - (NUREG-2180)

Fire HRA Issues Slide 26 Fire PRA Workshop 2019, Rockville, MD

Research Conclusions Risk-informed, performance based alternatives to prescriptive, deterministic regulations can be successfully implemented Lessons learned from NFPA 805 and ongoing research are continuing to enhance the regulatory framework for fire safety for all nuclear plants in the U.S.

Fire HRA Issues Slide 27 Fire PRA Workshop 2019, Rockville, MD

Module IV - Fire HRA:

Topic 2 Fire HRA Insights from Model Development &

Application

Fire HRA Insights From Fire PRA Model Development Fire HRA links to many Fire PRA tasks, and is not a stand-alone task! Fire HRA links to

- Task 2 - Component selection

- Task 5 - Plant risk model development

- Task 7, 8, 14 - Fire PRA quantification (different levels of detail)

- Task 15 - Uncertainty

- Task 16 - Documentation HRA provides input and output from each of these tasks.

This makes it challenging as tasks are typically performed in parallel making multiple iterations necessary.

Fire HRA Issues Slide 29 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 2 NUREG/CR-6850 Task 2 - Component Selection Task 2 identifies fire-induced initiating events such as fire-induced Loss of Offsite Power (LOOP) fire-induced stuck open power-operated relief valve (PORV)

Fire HRA identification starts in this task Identify operator actions associated with fire-induced initiators Identification starts with internal events PRA (IEPRA)

May need to add operator actions, typically from fire procedure Also identify instrumentation used by operator actions Provides input to cable tracing Instrumentation not cable traced is modeled as failed Fire HRA Issues Slide 30 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 2 (contd)

Review actions in response to fire-induced hot shorts Some actions are needed to stop the fire-induced hot short For example, re-close a spuriously opened valve Some actions are undesired, taken in response to fire-induced instrumentation failures Labeled as Identify by focusing on review of annunciators and procedures Screen actions that say investigate or verify Looking for actions leading to irrecoverable damage Example, pump run without cooling or at shutoff head Confirm evaluation of operator response during operator interviews Fire HRA starts by collecting plant data during identification Review fire procedures Operator interview about the general plant response to fire:

Procedural usage, specifically strategy for fire procedures Impact on staff (e.g. do MCR staff support the fire brigade or not)

Simulator walkdown to better understand types of controls & layout Fire HRA definition of HFE tasks needed Fire HRA Issues Slide 31 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 2 into Fire HRA/PRA Process Identification o Number of fire response actions added to fire PRA varies considerably depending on type and vintage of plant o Few (usually less than 5) undesired operator actions are typically identified o Even fewer ended up being important in the overall fire PRA Definition o The success criteria for defining a Human Failure Event (HFE) can change throughout the fire PRA and NFPA process o Procedures and training may not initially exist, are being developed concurrently, or are being refined along with the fire PRA o Example, manual actuation and/or control may be needed o Needs periodic review Fire HRA Issues Slide 32 Fire PRA Workshop 2019, Rockville, MD

PRA Standard View of Quantification Options PRA Needs Detailed Screening Scoping Analysis

  • Simplest approach
  • Less bounding
  • Most realistic than screening
  • Bounding results
  • Most effort
  • Less resource- required intensive than detailed Adequate for Necessary for HFEs that are not HFEs that are risk-significant risk-significant Fire HRA Issues Slide 33 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 7 NUREG/CR- 6850 Task 7 - First Quantification can be difficult for HRA

- PRA models as whole room burn-up

- First look at sequences containing fire response actions, so first cut at qualitative analysis & HEP quantification in fire context Wide variation in the numbers of operator actions in each area

- Some compartments (or zones) have few/minimal actions & some may have more than a dozen (e.g. containment penetration area)

- Plants often would like to minimize the number of credited fire response actions Sometimes procedural issues, such as:

- Fire procedures written as guidance not direction

- May train that only some actions are needed, not necessarily all May be difficult to get response times if all actions required

- May list actions but not prioritize and/or may be done in any order

- Procedures may be in the process of being updated Fire HRA Issues Slide 34 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 7 into Fire HRA/PRA Process (contd)

NUREG/CR-6850 Task 7 First / Screening Quantification insights

- Operator interview response may be unbelievable!

- Potentially coordination issues between the HRA & quantification teams:

Fire PRA wants realistic (lower) HEPs Fire HRA wants defendable HEPs appropriate to the context

- NUREG/CR-6850 HEP screening quantification sets HEPs high so not very useful

- NUREG-1921 scoping may be useful

- Not practical to do detailed HRA for each area (typically 80-100 areas)

Need to coordinate HEP variations with quantification team, such as:

- Some areas have a baseline fire HEP and some areas may have increased HEP (e.g. if degraded instrumentation)

- Some areas require setting the HEP to 1 (if human response not feasible)

Example, areas with Information Notice (IN) 92-18 MOVs (these fail during fire

& cannot be manually actuated or recovered)

- Fire quantification database (e.g. FRANX) or data files are set appropriately Fire HRA Issues Slide 35 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 7 into Fire HRA/PRA Process (contd) 6850 Task 7 First / Screening Quantification insights

- First quantification often has issues beyond HRA First run through sequence quantification so de-bugging needed

- Example 1, fire-failed SSC list may have errors

- Example 2, improper data settings so top contributors are focused on then become unimportant when data is fixed, and new scenarios are the top (important) contributors

- HRA is more important if Task 7 used for Screening vs.

Prioritization 6850 Task 7 written to produce true screening (meaning eliminate the area from future quantification and analysis)

Many plants use Task 7 for prioritizing fire modeling Fire HRA Issues Slide 36 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 8 and Task 14 Task 8 Fire PRA Scoping Quantification

- This Fire PRA task is not always conducted For quantification of fire models (Tasks 8-11), the HEPs can be quantified using screening, scoping, or detailed Fire HRA

- Typically a mixture of HRA quantification approaches are used based on fire PRA insights at time of quantification Task 14 Fire Risk Quantification - Not all HEPs need to be quantified in detail. Only risk significant HEPs need detailed analysis

- Determining risk significance can be challenging so often times all HEPs are quantified in detail

- Dependency analysis (based on cutset review) is performed during this task Fire HRA Issues Slide 37 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights in Tasks 15 & 16 NUREG/CR-6850 Task 15 Uncertainty and Sensitivity Analyses Identifying candidates for sensitivity analysis and coordinating with Fire PRA model/quantification task on how to implement them NUREG/CR-6850 Task 16 Documentation Ensuring that the list of HFEs in the Fire HRA Notebook is consistent with the HFEs credited in the Fire PRA model

- Check Task 2 Component Selection & Task 5 Fire-Induced Risk Model

- Fire PRA develops over a relatively long period of time and recovery actions may be added

- Multiple iterations and cutset reviews can lead to model changes and HFE inclusions/deletions so a consistency check is important Fire HRA Issues Slide 38 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Insights from Peer Reviews Risk significance of HFEs affects Capability Category evaluation of peer review (for some supporting requirements)

- Screening/scoping HEPs should be replaced with detailed HEPs for risk-significant (see figure on next slide)

- Recovery HFEs that are often inserted late in the 6850 process, need to be re-checked for appropriate level of analysis

- Number of risk-significant HFEs is typically relatively small when consider over all areas and all fire scenarios Feasibility

- Good practice to document feasibility

- Re-examination of feasibility, throughout entire fire PRA process is important. The feasibility can change as the model progresses Fire HRA Issues Slide 39 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Feedback from Peer Reviews (contd)

Documentation for NUREG/CR-6850 Task 12:

- Insufficient documentation of operator talk-throughs Especially related to changes to internal events HEPs due to fire

- Incomplete documentation of HFEs in HRA Calculator Blank screens or single sentence descriptions Need for clear identification of MCR versus local actions Many backward-looking supporting requirements, need to address Part 2 (Internal Events) supporting requirements HRA dependency sometimes has findings since it is one of the last tasks before peer review Fire HRA Issues Slide 40 Fire PRA Workshop 2019, Rockville, MD

Summary of Insights - Transition to NFPA 805 Internal events HFE changes during FPRA model development (due to lengthy FPRA projects) need to be captured

- Update to HRA such as success criteria & response times (timing), task location, & number of tasks

- Focused-Scope Peer Reviews if different HRA methodology (Upgrade)

Plant desire to minimize/limit the number of credited actions

- New classification of actions, NFPA 805 Recovery Actions (RAs) per Reg Guide 1.205 for NFPA 805 LARs (actions in the licensing basis)

Does not include actions taken in the MCR Complemented by defense-in-depth actions (may or may not be in Fire PRA)

LERF-only recovery actions not strictly NFPA 805 recovery (because no VFDR) but needed to keep within the risk acceptance guidelines Extremely useful to have a plant operator on the 805 transition team; provides feedback regarding safe shutdown (success path) and FPRA sequence failures Fire HRA Issues Slide 41 Fire PRA Workshop 2019, Rockville, MD

Summary of Insights - NFPA 805 Transition (contd)

Procedure improvements being made

- Use PRA for insights

- Address integration of procedures such as how/when fire protection procedures supplement EOPs PRA provides a big picture, integrated look Historically, fire protection focused more on demonstrating execution ability Procedure and training improvements may not be completed, so modeling the post-transition plant with these mods requires assumptions and probably a commitment to review/update HRA

- Need to ensure any HFEs credited post-transition have bounding HEPs to cover later dispositions/implementations Training improvements being made

- Use Fire PRA insights Fire HRA Issues Slide 42 Fire PRA Workshop 2019, Rockville, MD

Insights from HRA related RAIs (As of June 2014) 2 to 44 total number of HRA RAIs per plant, with median of 15 Nearly all plants received an RAI related to:

- MCR abandonment

- HRA and PRA modeling of instrumentation associated with operator actions

- Application of 1E-5 minimum JHEP for dependency analysis Other common RAI topics include:

- Questions related to resolution of peer review findings.

Some plants had upward of 20 RAIs related to how peer review findings were addressed

- Justification for using HRA methods other than those in NUREG-1921

- Additional clarification of how HRA accounts for plant modifications and procedures changes which are being made as part of NFPA 805

- Additional documentation on feasibility and timing information

- Inadequate documentation Fire HRA Issues Slide 43 Fire PRA Workshop 2019, Rockville, MD

Course Outline Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Fire HRA/PRA Research & Application Experience NRC & EPRI Research Insights from Application Quantitative analysis (next training topic)

Recovery analysis Dependency analysis Uncertainty analysis Fire HRA Issues Slide 44 Fire PRA Workshop 2019, Rockville, MD

BACKUP SLIDES Fire HRA Issues Slide 45 Fire PRA Workshop 2019, Rockville, MD

Investigating Command and Control Issues for Main Control Room Abandonment Scenarios in Fire Events Stacey Hendrickson Sandia National Laboratories, Albuquerque, NM, USA John Wreathall John Wreathall & Co, Inc., Dublin, OH, USA Jeffrey Julius, Erin Collins, Kaydee Kohlhepp Gunter, Paul PSAM-HRAS Topical Conference 2017:

Amico JENSEN HUGHES, Rockville, MD, USA Human Reliability, Quantitative Human Factors Susan Cooper, Tammie Rivera and Risk Management US Nuclear Regulatory Commission, Rockville, MD, USA Munich, Germany Mary Presley, Ashley Lindeman Electric Power Research Institute, Charlotte, NC, USA June 7-9 2017

Project Outline HRA Guidelines for plant fire scenarios are addressed generally in NUREG-1921/EPRI 1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines (2012)

Main Control Room Abandonment (MCRA) is a special case for HRA

- Only briefly addressed in NUREG-1921/EPRI 1023001 EPRI & NRC working jointly under Memorandum of Understanding (MOU) to develop guidance for HRA in MCRA events

- Two stages: Qualitative guidance and quantitative guidance Currently qualitative guidance is being documented as Supplement 1 to NUREG-1921/EPRI 3002009215 Development of quantitative guidance is under way, to be documented as a joint EPRI/NRC technical report Fire HRA Issues Slide 47 Fire PRA Workshop 2019, Rockville, MD

Command & Control Command & Control (C&C)

- Developed in military settings to describe need for a central body to make decisions and have them acted upon at a distance by distributed groups

- Part of macrocognition not normally considered for In-Main Control Room (MCR) activities Decision maker (e.g., Shift Supervisor or Shift Manager) is co-located with crew members Communication and coordination is carried out face-to-face In-MCR actions highly trained and rehearsed so responses are often response-primed decisionmaking (RPD) (Klein)

- Following abandonment of MCR (MCRA) because of plant fire Decision maker is physically separate from some/all crew members Communication and coordination requires radios/telephones/runners Little training and rehearsal for actions during and after abandonment Fire HRA Issues Slide 48 Fire PRA Workshop 2019, Rockville, MD

Functional Description of Macrocognition (Smalley, 2008)

Fire HRA Issues Slide 49 Fire PRA Workshop 2019, Rockville, MD

Macrocognitive Differences between MCR Abandonment and Non-Abandonment for Fires During in-MCR Operations (typical plant) During MCRA Operations (typical plant)

Control room team, acting as a single Control room team distributed in plant areas centralized cognitive entity - Shift supervisor alone at RSDP

- Coordination with fire brigade and some plant area - Coordination with fire brigade and plant areas staff Single snapshots of plant information by Shared visual cues individuals Plans and actions occasionally rehearsed, Well-rehearsed and tested plans and actions rarely tested

- Resources anticipated & available

- Some resources anticipated & available but complete

- Limited need for flexibility in response range untested

- Recognition-primed decision-making (RPD) - Potential need for flexibility in response

- Non-RPD response Communications (mostly) face-to-face Communications mostly via radios, phones, Restricted interruptions during response etc.

period Potential for interruptions C&C is judged unlikely to be a significant cause of crew C&C cannot be ignored as a failure potential cause of crew failure Fire HRA Issues Slide 50 Fire PRA Workshop 2019, Rockville, MD

Communications Before abandonment, communications is (mostly) face-to-face and can be asynchronous - for example:

- Operators know who is speaking; minimal problem of over-talking

- Communications can be tightly coupled (i.e. closely coupled within the team)

Reported to be associated with good performance After abandonment, communications need to be structured and controlled by Shift Supervisor

- Slows down interactions

- Increases workload of supervisor

- Communications less coupled

- Interpretations of communications Fire HRA Issues Slide 51 Fire PRA Workshop 2019, Rockville, MD

Differences in Control & Communications (after Moray)

Non-Abandonment Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data Fire HRA Issues Slide 52 Fire PRA Workshop 2019, Rockville, MD

Evaluation of C&C Structure (Draft)

Identifying the person(s) leading the response, as well as each persons role and responsibility during and following MCRA Identifying where the person(s) leading the response will be located once outside the MCR Evaluating how communications are to be performed:

- Physical processes, such as use of radios, sound-powered phones, or other means

- Protocol, such as three-way communication, required reporting to Shift Supervisor (SS) when each step or task is performed, or waiting to report until a major function or system is restored Identifying how procedures will be used by the person(s) in charge and by the field operators

- Example: Do field operators have their own written procedures in hand at plant locations or do they rely only on directions from person(s) in charge Identifying how many people require interaction and communication

- Including plant staff and organizations beyond those needed only for safe shutdown Identifying how much communication will be required to satisfy all communication needs Identifying who, beyond the SS, is available to help address communication needs Fire HRA Issues Slide 53 Fire PRA Workshop 2019, Rockville, MD

OLD BACKUP SLIDES Fire HRA Issues Slide 54 Fire PRA Workshop 2019, Rockville, MD

NRC Fire Research - Pending Release NUREG/CR-7150 EPRI XXXXXX, Joint Assessment of Cable Damage and Quantification of Effects from Fire (JACQUE-FIRE), Technical Resolution to Outstanding Issues on Nuclear Power Plant Fire-Induced Electrical Circuit Failure, Volume 3 NUREG/CR-XXXX, Response Bias of Electrical Cables Coatings at Fire Conditions (REBECCA-Fire) series of 3 volumes with different publish dates during FY17 NUREG-1778, Post Fire Safe Shutdown - An Inspectors Handbook, publish date scheduled for FY17 Q3 NUREG-XXXX, Phenomena Identification and Ranking Table (PIRT) for Nuclear HEAF, publish date scheduled for FY17 NUREG/CR-7228, Open Secondary Testing of Window-Type Current Transformers, May 2017 (CD)

NUREG/KM-0003 Rev 1, Fire Protection and Fire Research Knowledge Management Digest, update scheduled for FY17 Q3 NUREG/KM-000X, Hydrogen Knowledge Management, publish date scheduled for FY18 Q4 Fire HRA Issues Slide 55 Fire PRA Workshop 2019, Rockville, MD

6850 Fire PRA Tasks Linked to Fire HRA Process Fire HRA links to many Fire PRA tasks, and is not a stand-alone task!

NUREG/CR-6850 [EPRI 1011989] Task Fire HRA Process Step (Typical)

Task 2 - Component Selection Identification of previously existing HFEs &

potential response to spurious Task 5 - Fire-Induced Risk Model Identification and Definition of fire response HFEs Task 12 - Fire HRA Qualitative Analysis - context & performance shaping factors Task 7 - First/Screening Quantification Quantification - typically screening or scoping Task 8 - Scoping Quantification Quantification - typically scoping Tasks 14 - Detailed Scenario Quantification & Dependency Quantification could be screening, scoping or detailed HRA Task 15 - Uncertainty Uncertainty Task 16 - Documentation Documentation Fire HRA Issues Slide 56 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 5 6850 Task 5 - Plant Response Model

- Human failure events added to Plant Response model Need to consider adjustment for fire effects in HFE definition

- Example 1, if the fire is in an area where all instrumentation failed or an area where action is required, then HEP = 1

- Example 2, if the fire affects an Inspection Notice 92-18 MOV then HEP = 1 since operators are unable to change valve position.

- Fire Response actions:

Must look for Pre-Emptive actions potentially impacting the FPRA plant response

- Treat as expected plant condition (successful operator action) instead of inclusion as a human failure event

- Example, fire on 480V AC bus, procedure says trip the associated 4160V AC supply bus, so Fire PRA models both 480V and 4160V buses as de-energized Fire HRA Issues Slide 57 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 5 into Fire HRA/PRA Process Qualitative analysis o More operator interviews needed than initially considered (typically 3 sets) o Can be difficult if program is in transition (procedures in development) o Few HFEs involve smoke or SCBA o Not generally need to evaluate recovery actions in areas with smoke o Evaluating feasibility is often straight-forward, but needs to include a check of references and consideration of the fire context Quantification o Reliability of operator action is difficult to evaluate consistently:

o Wide variation in FPRA context such as o Whole room burn-up vs. scenario o Partial or Full instrumentation o Wide variety of plant response strategies (e.g. Self-Induced SBO) o Wide variations in procedures (usage, level of detail)

Fire HRA Issues Slide 58 Fire PRA Workshop 2019, Rockville, MD

Fire HRA Modeling Insights from Task 5 into Fire HRA/PRA Process (contd)

Quantification contd

  • Performing screening, then scoping then detailed quantification linearly for all HEPs was resource intensive.
  • Example, initially Task 5 HFEs are set-up for Task 7 whole room burn-up; then the HEPs are refined as scenarios are developed for Tasks 8/11.
  • In many cases, jumping straight to detailed quantification was the most effective use of resources.
  • Due to evolving definition of HFE most HFEs were quantified in detail several times before the completion of the fire PRA.

Dependency analysis

  • Identification of HFE combinations can be challenging due to large size of PRA models.
  • Application of a minimum joint HEP can skew fire PRA insights.

Fire HRA Issues Slide 59 Fire PRA Workshop 2019, Rockville, MD

Retrieved from "https://kanterella.com/w/index.php?title=ML19212A727&oldid=1902168"