ML20045H531
| ML20045H531 | |
| Person / Time | |
|---|---|
| Site: | 05200002 |
| Issue date: | 07/20/1993 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML20045H529 | List: |
| References | |
| NUDOCS 9307200337 | |
| Download: ML20045H531 (16) | |
Text
s ATTACHMENT 1 Staff Comments on ABB-CE's Verification and Validation Plan for the NUPLEX 80+ Control Complex t
9307200337.930713'"
PDR ADOCK 05200002 A
PDR:.
n.~9.,. c.,
e,.....
,,... :..,,, s 6,...t._
y o i s.1 i n i.y n
- p. 04 Table of Contents Enzs PREFACE i
1.
INTRODUCTION 1
2.
OBJECTIV ES 1
3.
METHODOLOG Y l
3.1 Material Reviewed 1
3.2 Review Scoi>e 1
3.3 Review Procedure 1
4.
RESULTS 2
4.1 DSI!R Review 2
411 DSliR lssue 2
4.1.2 issue Resolution 3
4.2 PRM Cnteria-Hased Evaluation 3
4.2.1 S w pe 3
4.2.2 Technical Basis in Current Literature 4
4.2.3 Human Factors issue Resolution Verification 4
4.2 41151'Iask Support (Availability) Verifica60n 5
4.2.5 HFE (Suitability) Verifica6on 6
4.2.6 Integrated System Wiidation 7
4.2.7 Scheduling i1 5.
CONCl,USIONS 11
'lable 1. Resolution of DSER !ssues 3
DIKft,r t.lerrwr,t 6 Versjisan m & Valutatwn PLm Hlay 26. Ivv))
J' age as
L iig. i.. r < c rn F J'lli FFOl1 Olt Hrfu ta ove TOIFi,IF'PIf Il PE d
1.
INTRODUCTION The NRC lluman Factors Engineering Program Review Model (PitM) for advanced evolutionary reactors specified tlut a formal verification and validation (Element 8) of the human-system interfacc GISI) should be pedormed. The staff % Draft Safety Evalnation Report (DSER) review of the CESS AR has identified an open issue related to PRM Element 8 0.e.. DSER issue 18.10-1).
2.
OBJECTl \\ n.d The objective of this review is to provide comments on the ABB CE plan related to PRM Element k. Venlication and Validation 3.
METHODOLOGY 3.1 Material Reviewed The following AHH CE documents were used in this review:
1.
Draft Human I; actors Engineering Verification and Validation Plan for Nuplex 80+, Rev 00 (NPX 80-IC-VP790-03), LD-93-(X15,1/18/93, hereafter referred to as the " Plan."
2.
CESS AR Section 18.9 Verification and Validation (Amendment E), 12/30/88.
3.
Iluman Factors Program Plan for the System 80+ Standard Plant Design (NPX80-IC-DP790-01, Rev 01),12/15/92.
4 NUPLEX 80+ Verification Analysis Report (NPX80-TE790-01) Revision 2,12/13/89 5.
System 804 Prototype Design Descriptions and FTAAC (LD-93-O'48),3/5/93.
3.2 Review Scope
'lhe scope of this revicw was centered on the V&V plan. ahhough additional ABB-CE documents werv consulted (as referenced above).
The rvview focused on (1) resolution of DSER issues, and (2) evaluation of the ABB-CE documents with respect to the topics and peneral criteria of the PRM. Complete adherence to the PRM was not consideerd to be mandatory. Ddlerences m approach would be considered acceptable provided (1) the program can still mect the HFE commitment and goals (2) the dif ference between the psopo.ed criteria and those contained in the PRM are adequately justified, and (3) there is no adverv impact on other pro [' ram elements.
3.3 Review Procedure
)
l As indicated above, the staffs Draft Safety Evaluation Report (DSER) review of the CESSAR has identified an open issue related to PRM Element 8 (i e., DSER luuc 18.10-1). The draft Plan was deselopett following a meeting held on September 10th and lith tetween the staff and ADB CE te address DSER issues. The Plan was resiend uwg the PRM Element 8 general criteria as they would apply to an implerr.enution plan (as contrasted to a final report of the V&V cffort). The Dnfor t.lement 8 versjscanon & vaMatwn Plan (May 20,199.0 PageI
t t3.J a.. i w... m : gli vryiFi In it sr Iw 's vor-
-TO ilfi. tPF rr II p y, -
focus of an implementation plan is to provide the methodology by which the general criteria of the PRM clement are to be accomplished. Thus, the Plan was evaluated in tenns of the PRM general cntena and the inethalology piogused fm the V&V activitics.
- Ihe following matenals weir consulted as part of the evaluation:
1.
NUREG 1492 Draft Safety Evaluation Report. September,1992. (DSER) 2.
Public Meeting minutes from Septemter 10-11.1992, hereafter referred to as the
" September meenng.*'
3.
NRC llFE Program Review Model for Evolutionary Reactors (PRM).
4.
Review of the ABB-CE Syr. tem W Human Factors Program Plan (BNL Technical Repon E2090-T213/93). March 1993 4.
R ES UI.TS 4.1 DSER Review 4.1.1 DSER issue Ih the staffs initial review of this element reported in the DSER. Open issue 18.10-1 was identified. The open issue identified concents including:
Establishment of V&V criteria to suppon the assessment of test results;
+
Incorporation 01 " human-centered" operator performance such as operator workload in V&V tests; and Verifying that the integrated control room supports the staffing requirements of 10 CFR 50.54(m).
In the September luth and Ilth meeting. CE agreed to address these concerns in a V&V Plan to include the following 15 iteme (a)
Identification of a schedule for a validation report.
(b)
Evaluotioni of design goals and fuiicdonial acquistments.
(c)
Cnterion 2 of the PRM.
(d)
Evaluation of availability and suitability of HS1 elements.
(e)
Evaluation ofintegration of HS! elements with each other and personnel including HS1 prototypes and plant sitnulator.
(f)
The dynamic es aluations in Criterion $ of the PRM, (g)
The performance measures for dynamic evaluations included in Criterion 6 of NRC's HFE Program Review Model.
(h)
Verification that all issues addrested m the applicant's HFE issues Tracking System -
have been addressed.
(i)
Verification that critical human actions have tven supported in the design.
(j)
Operational definitions of " adequate" and " acceptable."
(k)
Demonstrabon that control room design accommodates the stafling requirements of 10 -
CFR Part 30.349(m).
(1)
Specification of addibonal skill areas required other than HFE specialists and operations experts in perform a formal analysis.
111Rfor f:lernera 8 Vrtspt alwn & Vului. awn Plwn (Muv 26. Ivv)1 Page2 l
l
. ii~, N. wc 02 :c.r1r r Fu t f u. ur on 6, c....
Triir. #FP ur n p; o--
~
(m)
Evaluation of operator aids, (n)
Demonstration of acceptable operator performance, and (o) l'. valuation of opesatos perfunnante undes dep uded conditions including complete failum of the DPS.
4.1.2 issue Resolution Ne I s items addressing the DSl R open issue are addressed in Section 4.2. Table i provides a cross relemnce between the ucm specification and die appropriate V&V plan section and Subsection of 4.2 in this document whem the item is addressed.
Tahic 1. Resolution of DSER lssue items ITEM PLAN SECTION TER SECTION a
7 4 2.7 b
63 4.2.6 c
6.1.2/62.2#,3.2 4 2.I d
6.110.2 4.24/4.2.5 e
6.3 4.2 6 f
6342 4.2.6 g
6.3.4.1/6.33 4.2.6 h
run atkluvd 4 2.3 i
61
'4.2 6
}
nca akhtud bec Note 1) 4.2.6 L
6.3.5 4 2.6 1
1 6 1/6 2/6.3 4,23/42.4/4.2.342.6 m
rnd intkirewd rKd.Wdreval(we Note 2) n 615 426 0
6.34.2 4.2.6 Note 1. Orcrational dcruudons of " adequate" and " acceptable" are not >pecifically addn el, however, tre V4 V methah psovide (mtena that S%ru what consututriadcquacy and acceptabiht).
i Note 2 ( P,trator andt are rxd specif scally aktressed, tu) wever, the identificauon of anis si,rasid be accomplished thruugh the V& V analyses.
4.2 PRM Criteria Hased Evaluation Accordmp to PRM General Cnterion I, the V&V cvaluation shall ensure that the performance of the 1151 when all elements are fully integr.%d.nto a system, meets (1) all HFE design goals as established in the program plarn and (2) al! system functional requirements and support human operatmns, maintenance. Icst, and inspection task accomphshment. Tha is accomphshed through a set of evaluations which are desenbed below.
1 4.2.1 Scope Crisers-PRM General Criterion 2 siales ihat V&V evahations shall addrew DIKfor f.lvrnent b Vers [n utwn & VaMatron PlJn (May 26,199))
yage 3
1% g.sc vi:'Ju 1 mitu'urrw cm p m W i n w It P,09
'h lluman hardware interfaces liuman software interfaces Procedures
+
Workstadon and conele conGrurations Control room design Remote shutdown system De. sign of the merall work envisonment Eduation: Ihr Plan scope is idendfied in several areas. A general scope statement appears in Secuon 2 which idendfins the scope as all llSis in the inain control room (MCR), remote shutdown area (RSA), and the local control stadons (l. css) speci6ed in the emergency procedure pusdehne.s (EKis). Proceduits are specifically excluded isom V&V 43 is, therefore, the integradon of the procedures with the rest of the HSI.
The reviewers mterpret the reference to HSis to include all of the above with the two excepdons discussed below.
First,it is not clear that V&V activities will be directed Ioward environmental considerations such as liphdny and noise in the MCR and hghting, noise, temperature, etc. at local pancis. ABB CE' constdetanon of the work environment should be clantied.
Sycond, the iune of the abwnce of a procedure element from the HFE program has already been identiGed (BNL Technical Report E2090 T2 l-3/93). he scope of ABB-CE's V&V cffort will remain open until the procedure issue is resolved.
4.2.2 Technical Basis in C :rrent Literature Cnterion: PRM General Cnterion 9 states that V&V effon shall he performed using the set of identined documents as guidance (see the PRM for the speciGc list). The purpose of this i.riterion is to ensure that the HSi ts "cvaluated using accepted HFE principles based upon current HFE pracdecs."
Euluation: Sections 3 and 18A of the Plan iden66cs documents that are identified as V&V plan refervnces. Many of these documents correspond to the documents idendGed in PRM General Cnterion 9. Ilowever, while the section it, entided references, most of the documents listed are not specifically referenced nor is it clear how they were used. For example, EPRI NP 3701, Computet Generated Unplay System Guidehncs, a referenced; yet in the section on suitability verification (where the document would most hkely be applied),it is not identified as a critena document An examination of the VeriGration Analysis Repon did not indicate that anything other than NUREG 0700 was used for verification. This document does not contain adequate criteria for a CR such as the Nuplex 804. Clarify how industry documents will be utilized.
4.2.3 Human Factors issue Resolution Verincatino Cnterion: PRM Cnterion 7 states that a verificadon shall be made that all issues documented in the.
Human Factors issue Tracking Sysicm hase been addtcased.
&aluntmn: Verification of HFE asues resolution is not addressed in the Plan.
U1HJor Lironent 8 Vertficatton & VaMatwn PLm (Mar 2t>, Jw.t)
Page4
ein ;e. 1 + c 01; u rri r Fm t u a f u cw c....r-TO IF': IFF ir.Il P. 09 Criterion: Implementation Pian Requirements for Methodology Spec Scadon (relevant to this veri 0 cation).
General objecuves
+
Methodology and procedures
+
Critena for evaluation of results
+
Evaluation: Not addre.ssed in the plan.
4.2.4 IISI Task Support (Asailability) Verification Criscrion: PR M Cntenon 1 states diat individual 11S1 elements shall he evaluated in a stauc and/or "part t.uk* naide to a3suie that all controls, displays, and data processiry that are required to accomplish human safety-related tasks and actions las defined by the task analysis. EOP analysis, and probabilistic risk assessment / human reliability analysis (PRA/liR A)] are available through the 11 S 1.
Evaluation: Plan Section 61 describes the approach to availability verificatinn. ABB CE's availability analysis accornplishes two objectivet first, consistent with PRM Criteiion 3 to ensure that all required 11S1 elements are available; second, to identify HSI elements that are not required for task accomphshment so that they can cither be removed or relocated to the appropriate placc.
De latter objective is consistent with one of the purposes of HFE verification in the PRM and is d,escribed in Draf t NUREG/CR-5908 The scope of the tasks to be analyzed is unclear. Under " Purpose' item one identified " operator
[
tasks" with no quaiification. Under purpose of availability analysis, the "procedum Guidelinc Information & Control Requ;rements (PGlCR)is identined along with the minimum inventory :.nd federally mandated requirements. 'lhe PGICR is defined as "a summarization of procedure bascd parametric requittments.' The scope of Phase 1 is then tied to those aspects of the HSI that are "specified in the EPG." It is unclear whether the availability analysis will be limited to EIGbased ac6ons? Pita critical tasks, normal operations, abnormal nocrations should be addmssed as well.
Criterion: Implementation Plan Requirements f or Methodology Specificatian (relevant to this verification).
General Objectives Methocology and procedures Participan3 Analysts Cntena for evaluation of results Utihyation of evaluations Evaluation: While most of the information identified above is provided in the Plan, several points regardmg methodology require clanfication:
)
- 1. Under the Phase i purpose paragraph. should the last line read "EPG and critical tasks" rather a
than 'EPG or critical tasks."
1
- 2. _The uiteria for availaldhty analysis caitaia foi SPDS should include NUREC-1342 since the 10 CFR 5034 (f)(2)(iv) requirrments are very general The post accident monitoting indications should mclude Reg. Guide 1.97.
- 3. Availability analysis criteria number 4 states " System 1&C Inventory" only. What is the critenon? -
01Rfor Element 8 Venfkation & Vahdanon Plan fMar M. JW.D.
Page5
ti 9 3. m.. of s e m i m i l a a N 6,
..e To to: 1:PP is la P.to o
- 4. Depending on the clarificatmn of the task scope issue (and 2 above), the availability analysis snay sesult in.: list of mmitually icquise<1 IISI elemento. As such. the li a may not be necessary and sulficient for a full range of operauons. De Phase 2 methodology addrenes identification of HS) elements that are not required for task accomplishment. It seems as though an " unnecessary" aspect of the 11S1 would be anything not on the list resuhing from availahdity analysis as defined and would ruluire removal of anyihing not on the list (note. "He process will be typeated until the 1151 panel designs match the umilability checklist"). The development of the checklist and the specincation of what is unnecessary needs to be clarified.
4.2.5 HFE (Suitability) Verification Criterion: PRM Criterion 3 states that individual HSI elements shall be evaluated in a static and/or "part ta3k" mode to assure that all controls, dit. plays, and data processing that are required are designed according to accepted flFE puidelines, standa:ds, and principles.
Saluation: Suitability veri 6 cation is addressed in Section 6.2 of the Plan. ; ac stated purpose of suitability verification is consistent with the PRM eriierion The proposed methodology is addressed below.
Criterion: Implementation Pbn Requirements for Methodology Specincation (relevant to this fcrification).
General Objectives Methodology and procedures Panicipants Perfonnance measures Analysis Criteria for evaluauon of resuhs Utilization of evaluations Etuluarmn: The plan generally addresses the above requirements. The general approach is good, but several points of cl.ulfication are acquested i Suitability is addressed using both a top down and bottom up approach. De top-down approach addresses the appropriateness of design selections within the context of operator tasks (which is consistent with " appropriate use" considerations in NUREG/CR-5908). However, the methodology section. 6 2A, seem> unly to addien the imitom-up appioach. Consultation of the Veri 6 cation Analysis Repon appeared to have the same liniitation. Clarification of the methodology by which top-down analysis is accomplished is needed.
- 2. he bottom-up approach uses HFE puidance as a basis. The criteria identified are limited to -
NUREG 07tK) and ADB CE's HFE Standard 3. Guideline >. and Bases for System 80+ (NPX-1C-DR-791-02). It is unclear if these are to be the only cnteria or whether additional documents (such as those identiGed in Section 3 - References) will be utilized. A check of the VeriGeation Analysis Repon avvealed that only NUREG-07(xi was unlucd. Overall, NUREG-07(U ts not a comprehensive analysis for the review of a prirnarily computer-based control room such as the Nt1 PLEX 80+. In addition. there are unique characteritoc( to Incal control stations (Such as valve position indication) and unique HFE requirements due to the working environment (such as working under high heat, humidity, or exposure conditions) that are not addressed by the documents and to which the apphcation of NLIREG-0700 criteria is inappropriate (such as meeting temperature requirements).
Inn for f.lcmens 6 Venferatwn a vuMutwn rh.n (Mm 20. Ivv. )
Pagen
E t 132... lFC UI F W r N I D IL HF N 6 viep in i p; t @ 10 M p, y l
J
- 3. Will all elements in the !!S1 (e.g., every display) be reviewed or will a sampling process be used? If the latter, what is that process?
- 4. How will discrupancies from guidance checklists be resolved? Conformance to any specific individual guidehne should not, in it.self, he a requirement because guidelines art insensitive to the trade-offs between design features and functions that typically occur in final designs. These trade-of f s may result in discrepancies between an acceptable final design and a specific guideline.
Instead a vciiGeadon against generic guidelines should identify potential concems which should be addressed. but which may be perfectly acceptable due to a technical basis in design studics, tests, and trade-of f analyses as justined by the designer.
4.2.6 Integrated System Validation Criterion: PRM Criterion 4 states that the integration of 11S1 elements with each other and with personnel shall be evaluated and vahdated through dynamic task perfonnance evaluation using evaluation tools which are appropriate to the accomplishment of this oh.jective. A fully functional llSI pmtotype and plant simulator shall he used as part of these evaluations. If an alternative to a 11S1 prototype is proposed its acceptability shall be dwumented in the implementation plan. The evaluations shall have as their objectives:
Adequacy of entire HS1 configuration for achievement of safety goals Confirm alh> canon of function and the stmcture of tasks assigned to perscanel Adequacy of staffing and the 11S1 to support staff to accomplish their tasks Adequacy of Procedures
+
Confirm the adequacy of the dynamic aspects of all interfaces for task accomplishment Evaluation and demonstration of error tolcrance to human and system failures haluanon: Vahdation is dncussed in Plan Section 6.3. Several aspects of the validation plan need clan 6 cation,
- l. The Human Factors Program Plan and the SSAR (Section 18.9.2 and 18.9.3) refer to phased validauon, but the vahdat on desenpuon m the PLm makes no such distmetion. The differences betwwn the approach to validation between these documents needs to be clarified.
2ffhe Plan does not clearly indicate that a dynamic plant simulator will or will not be used. A
" stimulated high fidelity simulation of the MCR and RSR" is identified without reference to plant i
simulauon, yet the stated purpow of vahdadon is to ensurr that operators can accomplish their tasks "under dynamic, tral time conditions." The draft ITA AC indicates that the " dynamic mock-1 up of the MCR consoles that simulates plant operational response." The Human Factors Program Plan indicates that final validation will be performed "on a full scope simulation facility" (p.30).
The SSAR describes a vancty of test beds including a "partally dynamic mockup with plant
=
speci6c cmphasis." The test bed sequirements for udidation need to he clariGed, i
-)
l
- 3. ' The purposes of the validation seem to be pencrally consistent with the PRM with the following _
excepuons:
Adequacy of Pa>ceduits Evaluation and demonstration of error tolerance to human failures it is recognized that the procedure issue is being addressed elsewhere however, Section 6.3.1 makes references to EPGs Validation should melude other procedures as well, e.g., normal procedures, abnormal proceduits and alarm response proceduits. The vahdation acuvitics with l
res]cct to these objecuves needs to le clanfied.
-l 131kfor Ekment 8 Wnpcunon & VuhdJIwn }4an (Mar & 1vv3)
Page 7 J
si s. s. ;..
- r.
,w ' i kn s b c Mi. G :,,.i; -
un u.; g pe w n ~ ~
^ ex.
J
\\
(Note: The ABB CE Plan makes frequent reference io the use of EPGs and operating sequences rather than EOP3. Since this issue has already been identified,it will not be further addressed in each specific instance where it appems).
l Criterinn: PRM Criterion 5 states that the dynamic evaluadons shall evaluate HS! under a range of operational conditions and upsets, and shall include:
Normal plani evolunons (e g., start up, full power, and shutdown operations)
Instrument Failures (e.g., Safety System logic & Control (SSLC) Unit, Fault
'lolerant Controller (NSSS), Local ' held Umt" f or NL A system, MUX Controller (BOP), Break in MUX line)
HS) equipment and processing failure (e g. loss of VDlis, joss of data processing, loss of large overview display)
Transients (c.g., Turbine Trip. Loss of Offsite Power, Station Blackout, Loss of all i
FW, Loss of Serv ce Water, Loss of power to selctled buses /CR power supplies, and SRV transients)
Accidents (e g Main steam line break. Positive Reactivity Addition. Cor. trol Rod Inseroon at power, Control Rod Ejection ATWS, and various-sized LOCAs)
Datuation. Plan Section 6.3.4.2 idendfica the >cenario3 identifico for validadon. A total of 22 situations are defined which generally cover the evaietion classificain.as defined by the PRM criterion. Several recommendationVcomments are provided below:
- 1. Section 6 3.4.2 Emergency Operations The reviewers would expect that all operations based on EOPs and procedures that are ba. sed on CE804 func60nal recovery guidelines would be included in vahdation. While EPG related scenarios seem to be addressed, there seems to be incompleic treatment of functional recovery guidelines. Please clarify this issue.
- 2. Secuon 63.4.2 Abnormal Operations Include scenanus reflecting (1) selected RCP failures, e p, loss of seal cooling and injection seal failure (a knnwn PWR operational issue, GI-2'4); and (2) stuck open pressunzer relief valve (the TMI scenario).
- 3. Set uun 6.3.4.2 HS1 and I&C Failure Sequences - Inclutic scenarios reflecting (1) loss of selected instrument failures (e.g., Lyza. Tn, Tc. etc.); (2) Loss of IPSO in combination with emergency operations events / transients
- 4. PRA critical actions - ensure that all PRA critical actions have been addressed in the defined scenarios. If not, construci scenarios to vahdaie die accomplislunent of these actions.
- 5. The systern should be validated for tolerance to human error. Scenarios should be constructed with planned errors to evaluate system response and operator recovery.
Criterion PRM Critenon 6 states that perfonnance rneasures for dynamic evaluations shall be adequate to test the achievement of all objectives, design goals, and perfonnance requirements and i
shall include at a minimum:
System performance measures relevant to salety Crew Pnmary Task Perfonnance (e.g., task times, procedure violations)
Crew Errors Situauon Awattness Workload -
Crrw communications and coordination
=
f UlKfor f:lement o Venfwalwn & Valulanon t'lan iMuy 20. IW.1)
Page5 4
?
n,,,....,..
ni H.m i n o n i ori n 9,...o in trr. r w d u
- e. u.
i Anthropometry evaluations Physical pisitioning and interactions 1
Etulaarmn: The Plan does not specifically identify the data to be collected? For example, no mention of syst, m performance or task times is made. Since one of the stated objectives of the tests is " validation of time response for credited operator actions", it is espected that time would be measured Secdon 6 3.4.1 generally discussed the wilection ofinfonnaten related to a verbal pmtaol of operator attions and selected link analysis type data, but no cicar pitsentation of data to be collected is presented. The SSAR (Section 18.9.2 and 18.9.3) diseuues validation of anihlommetrics and the as urance of adequate perceptual and cognitive load, yet these are not additssed b the Plan. The data collecdon requirements for validadon necd to be clarified.
3 Critmon: PRM Critenon 8 states that a verificadon shall be made that all critical human actions as defined by the task analysis and PR AlllR A have be adequately supponed in the design. The design of tests and evaluanons to be perf ormed as pan of HFE V&V activitics shall specifically examine these actions.
Esaluation: See commem 4 under PRM Criterion 5 discussion above regarding PR A cri ical t
actions.
Criterion Implementation Plan Requirements for Methodology Specificadon (rcicvant to validadon).
General Objectives Test methodology and procedures Test parucipants Test Conditions 1ISI desenpuon Perfonnance measures Data analyss Criteria for evaluadon of results Utilization of evaluations haluation: The PRM general cntena address most of the significant methodoloy.ical considerations. thus the comment and clarifications n quested below are directed to the remaining topics. A cross reference is provided to the appropnate location where cach item is discuued.
General Objectises (Dixussed under PR M Ctiterion 4 above)
Test methodology and procedutes (see I to 3 below)
Test panicipants (see 4 and 5 below)
Test Conditions (Discuued under PRM Criterion 5 above)
IISI descripuon. (see 6 below)
Performance measures (Discussed under PRM Critenon 6 above)
Data analysis (sce 7 bclow)
Criteria for evaluadon of results (sec 8 below) i Utilinnon of evaluadons (see 9 below)
-1 Documentation (see 10 bdow) l
- 1. In general, the methodology is described at a very generallesel for the purposes of a validation i
plan. 'Ihe PRM intenuon was for a plan which desenhed the details of the vahdation ellort.
l Dilifor tirment 6 Venplutton & Volubtwn Pbn (May 10.194,1I
. Page y l
1 v
oj :m[i 9ui dit. N c<Np 10 t rW r ep is si P.ia nww.t+;
- 2. IWs the term " walk-throupits" imply that the underlying plant dynamics are absent. If so, how w ould criteria such as 4e (on p. 25) be assessed since it would seem to require interaction between the operalus,1151, and plant systems.
1 Relate.d to the the data collcrdon clarificadon made above, since one of the objectives of the tests is connnnadon of 6me dynamics, will the question and answer type of data collection methods described in Section 6.3.4.1 (the first set of items b & c) be intrusive and result in invalid dmc data.
- 4. Test partkipants the Plan maaa that the participants will te "oguations expens" who an-defined as " currently of f ormerly beensed reactor operators.
Please clanly the past duties of these exicris, speci0cally, wdl they be part of the design team.
- 5. How many crews are expected to panicipate in the validation tests?
6.
ihe HS! is dcGned as a dynamic mock up of the MCR consoles that simulates plant operadonal rrsponses. In what ways is the HSl dif ferent for the Gnal design design (in terms of the life sirmficant aspects, e p., n sponse times. COL-selected equipment representations in displays, site-specific HS1 characteristics)
- 7. What type of data analysis is expected in order to test the objectives of die validation.
- 8. With regard to criteria in Section 6.3.5:
a.
Operator errors made during scenarios should be examined to assess system response and tolerance. This should be included along with specific crror scenarios a3 pan of the criteria.
b.
How are la, lh and lg different (omission vs. commission)?
c.
De criteria addressing human enor seem focused on very specific tasks, e.g., post i
trip actions. Will the idendfication and evaluadon of errors be accomplished for all operator tasks in the validation exercises?
d.
As part of 2d. the criterion should include adequate work space for procedure usage.
e.
Criterion 6e validates that operators can recogniet an infonnation or control failure within 15 minutes. Why was 15 minutes chosen as the critciion? Recognidon time would seem to depend on the plant dynamics, for example,15 minutes may be long for recognition of lou of feedwater control at full power.
f.
Additional critena will be needed should modifications to the Plan rcilecting the above comments be implemented.
- 9. U61ization el results is discussed on Section 8 and is illustrated as part of the V&V process in Figures 7.1 to 7.3. Issue identification, resolution, and review are provided for in the process.
- 10. Documentation is addressed in Secdon 7 of the Plan. Each proposed V&V activity will pcnerate a repon that desuments :he activity and which will be reviewed by the design team (a3 per the lluman Factors Program Plar.). Each repon is desenbed in more detail in the appropriate analysis secuon. (Note. Firure.7.1,7.2, and 7.3 should indicate that revisions to the repons are possible following Design Teara n view by pmviding a feedback loop in the Ogures).
Additional Criterin: - Issta s were rau ed dunng the review of other elements that were to he addreswd in vahdation. These are idendGed below:
UTKJul I.ittnent & Venficulton & VaManon Plan (Atay ?b. ]vv.n page 10
! t.,y >. P-< + ; tt;:' M 11
+,M i lah Hf hi in.:.up 10 i h I FF HF 11 P.15' i
Tmk Analysis:
- 1. Imedesvnse of mannetunu: acusiues amiated with 1&C in die MCR and operations.
i
- 2. Maintenance work order management and equipment tagout. Al@CE has indicated that most of this w ork will be done in the MCR, but outside the main control space. However, there is a requirement to mteract with CR ogerators and this interat6on should be evaluated.
- 3. lipopment documentation and supplies required to support personnel during normal, abnonnal. anJ cmcryency operations An important (onuJe ation is how CR personnel will use paper procedures in the CR. This meludes consideratinns of task lightmp, ease of handling, and adequacy of laydown. Similar evaluations shoulJ consider P&lDs, tech. specs, and other operator aids.
- 4. Operator awareness of the status of equipment under surveillance test or repair.
11S1 Desien:
- 1. The evaluation of the DPS and Dl AS alann implementa60n under high-alarm conditions should be specifically evaluated in validation.
Evaluation: These issues are not specifically addressed in the Plan.
4.2,7 Scheduling Critriinn: In the proposed resolution of the DSER, Alm-CE agreed to provide a schedule of V&V activities (as per the PRM requirement in Element 1).
Evaluation: Scheduling is described in Section 7 of the Plan. In Section 7.1 it states that availability verificatinn can he accomplished "in parallel with, before.nr after suitability verifica60n." Clarify how availability verification can be perfonned after suitability verification.
Would nmdificadons to the HS1 following availability analyses then be subject to a suitability senfication?
5.
CONCLUSIONS Overall, the V&V plan generally addmssed most of the PRM Element 8 criteria for an implementation plan. The most significant issues are:
The plan was presented in high level details rather then prnviding specific and detailed plans, procedures and criteria. For example. suitability checklists are not provided and specific data collection for validation tests are not described.
Verification of issue tracking system issues is not addreued.
+
Exchtsion of detailed pmeedures from V&V.
Many points of clanfication regardmg specific aspects of the Plan are identified. Once discussed, a fmal eva'uation of the Plan will be completed.
D1Rfor Elenum 3 Vertficatwn A Valafanon Plan (May 26. Iwh page 11 TATud p 1 r,
.. ~
i.i j
I j
-ATTACHMENT 2 Support Information for the Staff's Review of the I&C Diversity Issue i
e e
I e
i T
4 4
2 8
v
E Event & Associated Estimato Of Reasonablo Responso Time 6"
Indications Availab_le Operat_or Res_ponso Credited In Evaluation U
Loss _Of_ Coolant Accident b
u Alarms: low przr P reactor trip - 3 min Reactor trip not credited.
Iow prer L Moderator reactivity alone Q
DPS Ind: przr P credited to shutdown the
's przr L
- +
core.
- +
core power
'j.
rod bottom lights IPSO: no reactor trip
'd Alarms: low.przr P safety injection - 15 min 16 min.
Iow przr L DPS Ind: prer P
- +
przr L g.
a Alarms: low przr P Trip 2 RCPs - 16 min For 6 inch pipe break:
/
DPS Ind: przr P
- +
f Trip all 4 RCPs - 23 min l
(
i.e.,
credited to occur
~'
Alarms: low przr P Trip remaining RCPs - 22 min after the latest time for DPS Ind: 'przr P
- +
actuation of all 4 RCPs.
For 3 inch pipe break or
.04 ft2 break:
Trip all 4 RCPs - 17 min (i.e.,
credited to occur no earlier than 1 minute af ter SI is credited.)
Key:
Indication also provided by DIAS-P.
Indication also provided on IPSO.
19
+
=
=.
.r DPERATOR RESPONSE TIMES IN MINUTES FDLLOVING A SMALL; BREAK LOCA -
O
'2 4
6 8
10-12 14 16 18 20
'24-30
'2
-1 i
i i
i i
i i
l' 1
. l...
I i
.6
+
I CPf CITCD
- b frp 4 WCPs Artunte O V u
- EESPDCL inte
-16 23 30 Jk Jk Jk
. N,,
~u Safety 7r,y pgp, sa Reactor la rc t ori g
g 9
.g estituir or
- Tec f aci a te a v
.a stes a
RfASO 6btL
\\.
9 kt w uasc.
3 1b 16
'22 3
Jk sksk JL 6 INCH PIPE BREAK
's i,.
w
.,m E
Lufety Irc 4 RCPs cetuirrn Acta te Cru R fiPOCE
\\
T i +-
16 l}
30 JLsk sk er,. a m.es Westtaa Screty Tr9 Wee.g L'ile% 1E a Trp er.pc t.or, A tie t t L *' V d FJPs R EMih ADtC n ze a,se, 3
N i
~
c-JL JkJL Jk 3 INCH PIPE BREAK
~
DR.04 FT2 BREAK g
5
~u.
'CHr we4 4-5' M-
~l a.a
-