ML19212A735

From kanterella
Jump to navigation Jump to search
04_16_Fire HRA Training Atheana Examples
ML19212A735
Person / Time
Issue date: 07/31/2019
From:
Office of Nuclear Regulatory Research
To:
D. Stroup 415-1649
Shared Package
ML19212A718 List:
References
Download: ML19212A735 (47)
v  d  e


Text

NRC-RES/EPRI FIRE PRA METHODOLOGY Task 12 - Fire HRA ATHEANA Example Detailed Fire HRA Quantification NRC-RES Fire PRA Workshop Module IV August 5-9, 2019 Rockville, MD

Steps in the ATHEANA Process Fire HRA - ATHEANA Example Slide 2 Fire PRA Workshop 2019, Rockville, MD

Steps 1&2: Objectives of the Analysis Step 1: Define and Interpret the Issue Need to identify, model and quantify relevant HFEs for Fire PRA sequences Defined by scope of fire PRA.

Step 2: Define the Scope of the Analysis Address human actions needed to prevent core damage in fire induced initiating events and subsequent accident sequences under full-power Defined by scope of fire PRA.

Fire HRA - ATHEANA Example Slide 3 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Initial Conditions: Single unit two loop PWR with two trains of electrical power. Steady state, full power operation.

- No out-of-service unavailability pertinent to this scenario Initiating Event: Fire in turbine room causes SBO HFE: Operator fails to manually align 115kV (alternate power) power following loss of both buses and EDGs fail to start.

Fire HRA - ATHEANA Example Slide 4 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Accident Sequence o Fire causes reactor trip o Reactor trip and Turbine trip successful.

o AFW failed due to the fire.

o PORV spuriously opens due to the fire.

o The Main Generator breaker opens and the BOP buses are powered through XTF0001 (reverse) and XTF0002.

o EDG B starts and the Engineered Safety Feature (ESF) Loading Sequencer loads onto bus.

o EDG B trips due to fire damage. The ESF Loading Sequencer is still sending a signal to trip the normal and alternate feeder breakers (for EDG protection) to the bus.

o All diesels failed - SBO o DC power remains available until batteries deplete. Batteries will last for 4 hrs Operators Success Criteria o Locally trip the alternate feeder breaker by removing power from the ESFLS to remove the trip open signal.

o Energize XSW1DA or 1DB from the alternate power source.

Consequence of failure: Core damage due to stuck open PORV Fire HRA - ATHEANA Example Slide 5 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Procedures:

o Upon Reactor Trip, enter EOP-0 Step 3 of EOP-0 verifies that buses are energized. Buses are de-energized; this will take the operator to ECA 0.0 [Station Blackout Procedure]

Step 10 of ECA 0.0 checks that buses 1DB and 1 DA are energized. Both buses are de-energized; this will take the operator to AOP 304 due to loss of bus with no EDG.

Steps 17 and 18 of AOP 304 are the relevant response actions for this HFE:

Fire HRA - ATHEANA Example Slide 6 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Operator action success criteria: Reset ESFLS to clear trip signal and align alternate power source to XSW1DA.

Required Operator Actions:

1. Shift Supervisor directs the Control Room Operator to power 1DA
2. Reset ESFLS to clear trip signal (local action, skill-of-craft) a) Local Plant Operator, stationed at or near the MCR, gets ESFLS panel key from the MCR and proceeds to the Relay Room b) Dons flash gear c) Opens left cabinet (~2ft from floor) and locally removes power from the loading sequencer d) Alerts Control Room Operator that the trip signal is clear
3. Close Breaker in MCR a) Control Room Operator will ensure BUS 1DA XFER INIT Switch is in OFF b) Close BUS 1DA ALT FEED Breaker c) Verify BUS 1DA potential lights are energized Fire HRA - ATHEANA Example Slide 7 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Staffing: Minimum staffing of the plant is as follows:

Inside Control Room: Outside Control Room:

Shift Manager* (SM) Local Plant Operator Crew #

Auxiliary Operators 3 Turbine Hall Operator 2 Shift Supervisor (SS) Shift Technical Aux bldg/Water Treatment 2 Unit 1 Advisor** (STA)

Crew composition and titles are plant specific Control Control Control Operator Operator Operator***

(OPER1) (OPER2) (OPER3)

  • Dealing with high-level management issues (e.g., communicating with NRC)
    • Normally outside CR. Will be in CR within 10 minutes of reactor trip.
      • Daytime only Fire HRA - ATHEANA Example Slide 8 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Staffing Adequacy:

Analysts walked through the scenario, including the parallel use of the fire procedure and confirmed staffing is adequate to perform this function (see table below).

o Assessment based on minimum staffing situation (i.e., night time). Daytime shifts would have, at the minimum, an additional Control Room Operator.

Total # assisting # Available Available with fire* Required for Bus Crew Member for EOP Before Fire Alignment actions Shift Manager 1 1 0 0 Shift Supervisor 1 Directing both procedures 0 STA 1 0 1 0 Control Room Operators 2 1 1 1 Plant operators 7 4 3 1

  • This includes members of fire brigade and staff occupied with FPs or otherwise occupied due to the fire Fire HRA - ATHEANA Example Slide 9 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Timing analysis:

Fire ongoing throughout the scenario o Detailed fire modeling shows fire will last approximately one hour 90 minutes for the total window (from initiator to core damage) based on a thermal hydraulic run for loss of AFW and a station blackout with one primary PORV stuck open Tdelay = 35 min from reactor trip to receiving cue for action (step 17 in AOP 304) o Based on Simulator observation for a similar scenario for SBO it took operators 10 minutes to get through ECA 0.0 step 10 Simulation based on non-fire SBO, so add an 5 additional minutes to account for the initial coordination o Based on operator interviews, estimated additional 20 minutes to reach step 17 of AOP 304 Majority of the steps in AOP 304 are checking indicators, so < 1min per step on average Includes 5 minutes to account for AOP/FP meeting to coordinate Fire HRA - ATHEANA Example Slide 10 Fire PRA Workshop 2019, Rockville, MD

Step 3: Describe the PRA scenario (nominal context/base case scenario)

Timing analysis (cont):

  • Treqd = 22 min for diagnosis and execution o Diagnosis and SS approval ~2 minutes o The action to locally remove power from the Train B ESF Loading Sequencer is trained on using Job Performance Measure (JPM) 12654 - Align ALT Feed Breaker. This JPM has a time requirement to be able to complete the local portion of the actions within 15 minutes, and this has been verified by observations of the JPM. The timing starts once the operator is given the instructions to perform this action and ends once the MCR action had been complete (end of step 18).

As part of this JPM the operators train on putting on flash gear which is required to locally remove power from the Train B ESF Loading Sequencer. The flash gear is stored in a cabinet at the entrance to the relay room.

o After the operators complete the local action they will need to return to the control room to tell the control room operators they were successful. This additional travel time is expected to take 5 minutes.

Under ideal conditions the Local Plant Operator could use the phone to call the control room. However, for fire, no cable tracing was performed on the phone lines so the telephones are assumed to unavailable. Radio unavailable during SBO.

Fire HRA - ATHEANA Example Slide 11 Fire PRA Workshop 2019, Rockville, MD

Step 4: Define HFE and Unsafe Actions Operator fails to manually HFE align 115kV power Or Operator fails to Operator fails to UAs initiate manual properly align power alignment Or Failure to locally Failure to close remove power from breaker in MCR ESFLS (step 17) (step 18)

Fire HRA - ATHEANA Example Slide 12 Fire PRA Workshop 2019, Rockville, MD

Step 4: Define HFE and Unsafe Actions HFE:

- Operator fails to manually align 115kV power (alternate power source) given an SBO.

- HFE defined as part of previous steps of Fire HRA process (Identification and Definition) but unsafe actions must be defined here if applicable.

Cues:

Multiple Indications of Loss of Buses1DA and 1DB with EDG not Available. SS makes call to power 1DA after buses have been inspected.

AOP-304, Step 17: Locally remove from the Train A ESFLS (Local, Skill-of-Craft action).

AOP-304, Step 18: Energize XSW1DA from the normal power source (MCR, proceduralized action):

- Ensure BUS 1DA XFER INIT Switch is in OFF

- Close BUS 1DA ALT FEED Breaker

- Verify BUS 1DA potential lights are energized Fire HRA - ATHEANA Example Slide 13 Fire PRA Workshop 2019, Rockville, MD

Step 4: Define HFE and Unsafe Actions

  • Unsafe Actions:

o Control room crew actions:

1. Fails to initiate manual alignment (EOO)
2. Fails to close breaker in MCR (to properly align alternate power) (EOC) a) Fails to recover from EOC (long time window, immediate feedback) o Local operator actions:
3. Fails to locally remove power Train A ESFLS (only credible failure mode is EOC) a) Fails to recover from EOC (with no local feedback available)

Fire HRA - ATHEANA Example Slide 14 Fire PRA Workshop 2019, Rockville, MD

Potential Failure Modes and Recovery Unsafe actions:

1. Control room crew fails to initiate manual alignment (EOO):

Given the nature of the action and the training, it is unlikely that the crew will skip either step 17 or step 18, but it is possible that sufficient distractions (and other factors elongating the timeline) exist that the crew could fail to complete the action in time

2. Control room crew fails to close breaker in MCR (to properly align alternate power) (EOC)

This unsafe action is not considered further because there is a very high potential for recovery, e.g.,

-Good cues for recovery

-Long Time Frame (35 minute time available for recovery)

-Fire extinguished by this point in time Fire HRA - ATHEANA Example Slide 15 Fire PRA Workshop 2019, Rockville, MD

Potential Failure Modes and Recovery (cont.)

Unsafe actions (continued):

3. Local operator fails to locally remove power Train A ESFLS (only credible failure mode is EOC), AND 3a. Local operator fails to recover from EOC (with no local feedback available)

EOC:

- Well proceduralized/skill-of-craft step with good training

- EOC failure modes may include: Open wrong switch (fail local action)

- Diagnosis is largely performed by CR operators; plant operators must simply execute the required actions and report back to CR (for purposes of coordination)

Recovery of EOC: In this case, there is no feedback available to the local operator that the wrong action was performed. Clear indications in the MCR that the ESFLS signal has not been cleared; the local operator will not get this feedback until he returns to the MCR to report back. After being notified that the wrong action has been performed, the local operator must return to the location of the ESFLS switch.

Fire HRA - ATHEANA Example Slide 16 Fire PRA Workshop 2019, Rockville, MD

Steps 5-8: Understanding the Context (Iterative Process)

Step 5: Identify Potential Vulnerabilities Step 6: Search for Plausible Scenario Variations Step 7: Evaluate Potential to Recover Step 8a: Create Operational Story/Stories Step 8b: Numerical Assessment Fire HRA - ATHEANA Example Slide 17 Fire PRA Workshop 2019, Rockville, MD

Group Exercise Break into groups and identify factor that could:

- Create potential vulnerabilities in the crews ability to respond to the scenario(s) of interest and increase the likelihood of the HFEs or UAs

- Failure modes (i.e., how can the scenario go wrong?)

- Lead to variability in crew response

  • You may want to consider the following

- Division of Labor/Workload

- Stress due to Fire

- Procedures

- Communication

- Training

- Complexity - Crew Coordination

- Environment - Variations in Timing

- Special Requirements (e.g., keys) - Variation in Crew Characteristics Fire HRA - ATHEANA Example Slide 18 Fire PRA Workshop 2019, Rockville, MD

Group Exercise (2)

Which factors are drivers? [Error Forcing Contexts]

- Note: Normally this would be done with the input of those knowledgeable of the plant and crews (e.g., operators, trainers) and any assumptions would be verified against the plants operations Fire HRA - ATHEANA Example Slide 19 Fire PRA Workshop 2019, Rockville, MD

Potential Vulnerabilities Training: Operators trained on procedures, including applicable alternative actions. Non-fire SBO scenarios are common in training and Align ALT Feed Breaker is a Job Performance Measure which is trained on bi-annually. Annual training on Fire Procedures. Trained as crew on SBO, not single operator. Fire Procedure training may not include doing the procedures in parallel.

Parallel Procedures: The fire is ongoing during this scenario, so a portion of the staff will be unavailable to help with the EOPs as they will be in the fire procedures. Through operator talk-throughs verified that adequate personnel are available for the necessary actions in this scenario. While operators will be going through two procedures in parallel (FP and EOP),

the relevant steps of the FP have been examined and do not conflict with the EOP actions. While the Control Room Operators will be operating in parallel, the Shift Supervisors attention will be split and he is a key decision point at several places in the procedure.

Fire HRA - ATHEANA Example Slide 20 Fire PRA Workshop 2019, Rockville, MD

Potential Vulnerabilities Complexity: Local action to remove power from ESFLS is a simple, skill-of-craft action.

Environment:

o Availability and Accessibility: Given location of fire and layout of plant, the relay room is accessible and there is no degraded environment (e.g.,

no smoke) in the relay room or en route to the relay room.

o Visibility: Given a SBO event, lighting will be significantly reduced (i.e.,

flashlights and/or emergency lighting). Training discusses these conditions.

o Heat/Humidity: Normal - fire effects do not reach this area, however, after some time (>action window) there could be a rise in temperature due to SBO.

  • Stress due to Fire: Some stress due to on-going fire and related distractions.

Fire HRA - ATHEANA Example Slide 21 Fire PRA Workshop 2019, Rockville, MD

Potential Vulnerabilities

  • Communications: Communication lines impacted by SBO (no radios) and landlines potentially impacted by fire (no cable tracing). Timeline adjusted appropriately.

o Previous steps in the ECA/AOP (e.g., local actions such as step 13) might cause delays due to extra time required for communication, delaying the cue (step 17).

o Generally, local plant operators have to travel back to MCR to report

  • Efficiency of crew coordination:

o Crew variations that could result in variability in the time to perform actions and effectiveness of communication back to control room.

o Too much focus on fire.

o Weaker crews.

  • Special Requirements:

o Operators will need key to access relay room; all doors locked on loss of power.

o Change in security configuration due to SBO may require operators to take a different pathway or some doors which would otherwise be open may now be closed and locked. Not all operators have all keys.

Fire HRA - ATHEANA Example Slide 22 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (6 Steps Overview) 1: Discuss HFE and possible influences / contexts using a factor checklist as an aid 2: Identify driving influencing factors and thus most important contexts to consider (e.g., operational story) 3: Compare these contexts to other familiar contexts and each expert independently provide the initial probability distribution for the HEP based on a common calibration scale.

4: Each expert discuss and justify their HEP 5: Openly discuss opinions and refine the HFE, associated contexts, and/or HEPs (if needed) - each expert independently provides HEP (may be the same as the initial judgment or may be modified) 6: Arrive at a consensus HEP for use in the PRA Fire HRA - ATHEANA Example Slide 23 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Operational Story)

  • Not limited to one operational story, particularly if the analysts have identified multiple credible contexts [EFCs] that need to be examined separately.
  • A full operational scenario description, or operational story, including accident progression and as many bells and whistles as are reasonable, such that operator trainers can put themselves into scenario.

- In quantification, you will be asking them, what would your crews do in this situation?

The resulting operational scenario description may include:

- Additional plant conditions that will need to be quantified as part of the HFE (unless accident sequence analyst wants to revise event trees or fault trees).

- Distinctions on timing of plant behavior (that might need to be addressed as part of the HFE, unless logic is revised).

- Instrument or indication issues (including failures) that will need to be reflected (for fire, might be explicitly part of PRA model, or may not).

- Different possible procedure paths or response strategies that operators might rationally take.

- Reasons why operators might take different procedure paths.

- Credible recovery actions.

Fire HRA - ATHEANA Example Slide 24 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Operational Story, UA1)

Operator Fails to Initiate Manual Alignment Possible factors/sub-scenario to explore with experts in:

Staffing variations: can be two sub-cases if large impact on crew performance

- Night time, minimal staffing (2 Control Room Operators)

- Day time, normal staffing (3 Control Room Operators)

Crew variations, such as these two extremes in possible timing outcomes:

- Methodical crew that is good at taking time to work through the procedures and talk through potential conflicts. The crew works well as a team and rely on each other a lot. Training is done as a team on both the non-fire SBO procedures and the fire procedure, so the Control Room Operators are a bit slower in working through their respective procedures when they are done in parallel, depending heavily on the Shift Supervisor for coordination, OR

- Aggressive crew, good at planning ahead, working fairly autonomously but coordinating when needed. Efficient at parallel procedures.

Weak team members, i.e., OPER1 is struggling to keep pace with the rest of the team.

There may or may not be an OPER3 that is available to look at boards and help with EOPs and/or FPs.

Fire HRA - ATHEANA Example Slide 25 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Operational Story, UA1)

Operator Fails to Initiate Manual Alignment Possible factors/sub-scenario to explore with experts:

Variations in SS experience, command & control style, & so forth, e.g.,

- SSs first actual fire and, because it is a fairly big fire, he gets very focused on fire and becomes less cognizant of timeline or becomes a bottle neck for key decisions.

- SS calm under stress and has no problem coordinating the two procedures. Team is working at a fairly fast pace and multi-tasking well (e.g., dealing with distractions),

but working at the top of their capacity.

Timing Variations:

- Delays in previous steps due to combination of radio unavailability and operators having to hunt down appropriate keys due to change in security configuration for SBO.

Other:

- Fairly significant fire (lasts 60 min), so there are many distractions (e.g., failed indicators and/or spurious indicators not directly relevant to this HFE, but may take time/attention away from operators)

- End of shift fatigue Overall, explore what factors (e.g., slow crew and other delays), result in crew missing timeframe to take action.

Fire HRA - ATHEANA Example Slide 26 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Operational Story, UA3/3a)

Fail Local Action Possible factors/sub-scenario to explore with experts:

Unsafe action #3 (EOC):

Training of non-fire SBO only; JPM timing based on average crew time, but accounts for many Local Plant Operators to be available to help with the procedure. With only two Local Plant Operators available for the EOP/AOP, the operator in question may be fatigued from rushing around and performing the higher workload.

Timing Variations:

- Delays in previous steps due to combination of radio unavailability and operators having to hunt down appropriate keys due to change in security configuration for SBO.

Given fast pace and general stress, the Local Plant Operator may feel rushed and open the wrong switch Fire HRA - ATHEANA Example Slide 27 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Operational Story, UA3/3a)

Fail Local Action Possible factors/sub-scenario to explore with experts:

Unsafe action #3a (Failure to recover EOC):

Staffing:

- Variations in staffing not applicable to this failure mode (i.e., 2 or 3 CROs)

- 2 Local Plant Operators available for assistance with this action Recovery includes:

- Diagnosis of problem (good cues); 5-10 minutes Clear indications in the MCR that the ESFLS signal has not been cleared.

- Action time (including travel time) 20-25 minutes because, while OPER1 knows right away that the ESFLS switch has not been cleared, he has to wait until the Local Plant Operator gets back to re-dispatch him to perform the local action. Need to account for travel time and time to perform the local and MCR actions.

Fire is extinguished at this point.

Adequate time for recovery 35 minutes required compared to the nominal 55 minutes available.

Fire HRA - ATHEANA Example Slide 28 Fire PRA Workshop 2019, Rockville, MD

Logic of Failure Modes Operator fails to manually align 115kV power EOO Or EOC Operator fails to Operator fails to initiate manual properly align alignment power Plant layout examined in closer detail and Or contribution due to EOC considered Failure to locally negligible 1E-4 even Failure to close remove power discounting recovery breaker in MCR from ESFLS of local action (step 18)

(step 17)

Fire HRA - ATHEANA Example Slide 29 Fire PRA Workshop 2019, Rockville, MD

Quantifying Unsafe Action #1 (EOO)

Driving factors:

- Slow crew

- Excessive travel time for local actions extends timeline

- Mismatch between training (heavy interaction as crew) and reality (relatively autonomous, especially with minimum staffing)

- Distractions and stress due to fire

- SS is a funnel point for decisions Staffing identified as a driver, so can split this scenario into 2 contexts:

- 2 Control Room Operators available (Minimal Staffing): 33%

- 3 Control Room Operators available (Normal Staffing): 67%

  • Given slow and careful crew, they are unlikely to make a mistake in the action, but may come close to missing the action time window (see next slide).
  • Nominal case accounted for by shape of the distributions

- If heavily weighted to left, positive or nominal factors more likely; having the right combination of driving factors is less likely Fire HRA - ATHEANA Example Slide 30 Fire PRA Workshop 2019, Rockville, MD

Timing Variations Timing is a driving factor in the Operational Story

- Would ask experts to develop a more detailed analysis of potential variations in timing (e.g., more explanations, more developed description of possible scenario variations, detailed histogram of probability of timing for both arrival at Step 17 and performance of required actions)

- Might separate HFE into two or more separate HFEs to address different timing for different scenarios Variations in timing due to factors discussed earlier:

- Could there be variations in the scenario (e.g., additional minor distractions in working through procedure?

Experts estimate minor variations: 10-15 additional minutes to get to critical procedure step

- Could there be variations in the time to perform (especially with different crews, availability of equipment, communication)?

Experts estimate minor variations: 5-10 additional minutes to perform critical procedure steps Overall, could reduce time for recovery to as little as 8 minutes. This, however, does not jeopardize the timeline for the actions themselves.

Fire HRA - ATHEANA Example Slide 31 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Numerical Assessment)

Combining Multiple Contexts P( HFE l S ) = P( EFCi l S ) *P(UAj l EFCi , S )

j i( j)

Only one dominant UA, so this formula simplifies to:

P( HFE l S ) = P(UA l EFCi , S )

i Two distributions need to be estimated o Minimal Staffing o Normal Staffing

  • Only one distribution will be estimated here for illustration Fire HRA - ATHEANA Example Slide 32 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Calibrate Experts)

Circumstance Probability Meaning Operator(s) is Certain to fail 1.0 Failure is ensured. All crews/operators would not perform the desired action correctly and on time.

Operator(s) is Likely to fail ~0.5 5 out of 10 operators would fail. The level of difficulty is sufficiently high that we should see many failures if all the crews/operators were to experience this scenario.

Operator(s) would Infrequently fail ~0.1 1 out of 10 would fail. The level of difficulty is moderately high, such that we should see an occasional failure if all of the crew/operators were to experience this scenario.

Operator(s) is Unlikely to fail ~0.01 1 out of 100 would fail. The level of difficulty is quite low and we should not see any failures if all the crews/operators were to experience this scenario.

Operator(s) is Extremely Unlikely to ~0.001 1 out of 1000 would fail. This desired action is fail so easy that it is almost inconceivable that any crew/operator would fail to perform the desired action correctly and on time.

Note: These values are meant as calibration points, not discrete values. The 1E-03 values is not meant to be a lower bound.

Fire HRA - ATHEANA Example Slide 33 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Numerical Assessment)

Very structured, facilitator led, expert opinion elicitation process o leads to consensus distributions of operator failure probabilities Considerations in elicitation process (covered in NUREG-1880):

o Forming the team of experts (include experts familiar with important relevant factors during fire conditions, operator trainers, etc.)

o Controlling for biases when performing elicitations o Addressing uncertainty Distribution characteristics:

o the 99th percentile is the HEP for the worst coincident (but not too unlikely) set of negative influences representing a very strong EFC o the 1st percentile is the HEP for the best coincident set of positive influences representing a weak EFC (actually a very positive context o dependency considerations embedded o uncertainty distribution explicitly considered For this illustrative example an HRA SME was used to derive the HEP; this would not normally be sufficient for an actual quantification.

Fire HRA - ATHEANA Example Slide 34 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification A tip for expert elicitation facilitators:

- In order to get experts to better access their knowledge (i.e., not just remember recent history), you can use examples from real events (i.e., stories) to illustrate how operators can do surprising things (but for good reasons.

You know that youve succeeded in getting access to this deeper knowledge when the experts start exchanging stories (e.g., do you remember when Charlie .? I can remember a time or two kind of like that.)

Fire HRA - ATHEANA Example Slide 35 Fire PRA Workshop 2019, Rockville, MD

Step 8: Quantification (Bases for Consensus Distribution)

Percentiles Analyst 1st 10th 25th 50th 75th 90th 99th Larry 0.00001 0.0001 0.0007 0.001 0.005 0.007 0.01 Moe 0.0001 0.0003 0.001 0.005 0.007 0.03 0.07 Curly 0.00001 0.00005 0.0007 0.003 0.005 0.01 0.05 Consensus 1E-04 3E-04 1E-03 3E-03 5E-03 1E-02 5E-02 Bases for Consensus Distribution:

o Under normal circumstances, the action is Extremely Unlikely to fail, but the shortened time frame due to no radio communication in combination with potential coordination complications from the fire may produce some difficulties for the crews.

Holistically, on average the action was determined to be Extremely Unlikely because actions are well trained, proceduralized/skill-of-craft, long timeline, a high potential for recovery and cues are clear so little potential for confusion or mis-direction.

Probability capped at 1E-04 Worst case falls between Unlikely to fail and Infrequently fails because even in the worst case they still have buffer time.

Tails: effectiveness of crew collaboration, specifics of timing Fire HRA - ATHEANA Example Slide 36 Fire PRA Workshop 2019, Rockville, MD

Step 9: Incorporating HEP into PRA

  • When quantifying a scenario with multiple contexts, need to combine weighted distributions. Discrete distributions can be combined using a convolution:

- Recommend using a statistical software package (e.g., Crystal Ball)

  • Depending on the PRA needs, you may:

- Provide the entire consensus histogram as your answer.

- Need to develop a mean value for the distribution using a software tool (e.g.,

Crystal Ball).

  • NUREG-1880 provides some guidance and cautions on the development of mean values.

Fire HRA - ATHEANA Example Slide 37 Fire PRA Workshop 2019, Rockville, MD

What if What if communication was not impacted, how would the analysis change?

What if there were not clearly enough people to complete the actions, how would the analysis change?

What if the operators had to take a detour that comes close to the fire?

Fire HRA - ATHEANA Example Slide 38 Fire PRA Workshop 2019, Rockville, MD

Scoping Analysis of Fire + SBO Fire HRA - ATHEANA Example Slide 39 Fire PRA Workshop 2019, Rockville, MD

Review of HFE Initial Conditions: Single unit two loop PWR with two trains of electrical power. Steady state, full power operation. Night shift with minimal staff onsite.

- No out-of-service unavailability pertinent to this scenario Initiating Event: Fire in turbine room causes SBO HFE: Operator fails to manually align 115kV (alternate power) power on loss of both buses and EDGs fail to start.

Fire HRA - ATHEANA Example Slide 40 Fire PRA Workshop 2019, Rockville, MD

Minimum Criteria

1. Procedures

- Plant procedures covering each operator action being modeled

- Support both diagnosis & execution of the action Local action (step 17) is skill-of-craft; MCR action (step 18) well proceduralized.

2. Training - on the procedures and the actions Regular training on non-fire SBO, including alternative actions.

Training on FPs.

3. Availability and Accessibility of Equipment

- Key to ESFLS Panel needed, but available in MCR Key to ESFLS Panel needed, but available in MCR.

Flash gear needed, but available locally.

Fire HRA - ATHEANA Example Slide 41 Fire PRA Workshop 2019, Rockville, MD

Feasibility Timing analysis:

o Tsw: Assume 90 minutes for the total window (IE to core damage) based on a thermal hydraulic run for loss of AFW and a station blackout with one primary PORV stuck open.

o Tdelay = 35 min from reactor trip to receiving cue for action (step 17 AOP 304) o Tcog + Texe = 22 min for diagnosis and execution Feasible? Yes time available (90 minutes) is greater than time for action (55 minutes).

Fire HRA - ATHEANA Example Slide 42 Fire PRA Workshop 2019, Rockville, MD

Time Margin Tavail (Tcog + Texe ) 55 22 Time Margin =

  • 100% =
  • 100% = 150%

(Tcog + Texe ) 22 Tsw = 90 min Tavail = 55 min Tdelay = 35 min Tcog + Texe = 22 min To Cue Crew Action Action no Initiating received diagnosis complete longer event complete beneficial Fire HRA - ATHEANA Example Slide 43 Fire PRA Workshop 2019, Rockville, MD

Assessing Key Conditions & PSFs within the Scoping Flowcharts

  • How well the procedures match the scenario
  • Response execution complexity
  • Timing of cues for the action relative to expected fire suppression time
  • Action time window

- Short time window = 30 minutes or less

- Long time window = greater than 30 minutes

  • Level of smoke and other hazardous elements in the action areas

- Need for special equipment (e.g., SCBA)

- Impairment of vision or prevention of the execution of the action

  • Accessibility Fire HRA - ATHEANA Example Slide 44 Fire PRA Workshop 2019, Rockville, MD

HFE Breakdown Quantified at this level HFE Operator fails to manually align 115kV power Or Failure to locally Failure to close INCR remove power from breaker in MCR EXCR ESFLS (step 17) (step 18)

While the HFE can be broken down into multiple steps (INCR and EXCR),

because this is defined as one HFE (based on the fact it is one diagnostic step),

we will quantify this HFE using the EXCR tree because it is more conservative.

Fire HRA - ATHEANA Example Slide 45 Fire PRA Workshop 2019, Rockville, MD

Search Scheme Scoping Analysis:

  • Define HFE: Failure to locally remove power from ESFLS (step 17). This includes both the diagnosis and the execution.
  • Does it meet the minimum criteria? Yes 1)Procedures are available 2)Training is performed on the procedure 3)The key to the Relay Room is determined to be accessible
  • Is the action Feasible? Yes 1)Demonstrated sufficient time to perform action
  • Selection Scheme:

1)D1: Entry criteria are met 2)D2: command and control in MCR 3)D3: primary cues/instrument not spuriously affected by fire 4)D4: procedures match the scenario Go to 5)D5: some actions within MCR, but key actions EXCR outside MCR, so use EXCR tree 6)D6: procedures available/skill-of-craft 7)GO TO EXCR TREE Fire HRA - ATHEANA Example Slide 46 Fire PRA Workshop 2019, Rockville, MD

HFE Local Action

- D22: Fire is ongoing

- D26: Area accessible and no fire in vicinity.

- D27: Time window is greater than 30 min (90 - 35 = 55min).

- D33: High complexity in execution due to HEP Lookup multiple step/locations Table AA

- D37: No smoke.

- Time Margin >100%

- Look up Table AA value = EXCR36 =

0.1.

Fire HRA - ATHEANA Example Slide 47 Fire PRA Workshop 2019, Rockville, MD

Retrieved from "https://kanterella.com/w/index.php?title=ML19212A735&oldid=1902160"