Draft, Interim Human Factors Review Criteria for Design Process of Advanced Nuclear Power Reactor

ML20098D390
Person / Time
Site:	05200001
Issue date:	04/21/1992
From:	Higgins J, Ohara J BROOKHAVEN NATIONAL LABORATORY
To:	Office of Nuclear Reactor Regulation
References
CON-FIN-L-2314 NUDOCS 9205280258
Download: ML20098D390 (40)
v • d • e

Text

,

_O

= i

[+'R $Of ABWR neview Droject (FIN t. 2314)

Task 1 Report -

DNL Technical Report L2314-3 4/92 (Rev 1)

• D R AFT

• Interim Human Factors Review Criteria for the Design Process of an Advanced Nuclear Power Reactor i

Prepared br:

U.S. Nuclear Regulatory Commission Office of Nuclear Reactor Regulation Washington, D C. 20555 Prepared by:

John O'Hara & James Higgins Department of Nuclear Energy Brookhaven National Laboratory j-Upton, New York 11973 l

April 21,1992 l

l l

l b@

f 9205200258 920421 PDR ADOCK 0520 1

0 )

PREFACE This draft report has been prepared by Brookhaven National Laboratory for the Human Factors Assessrent Branch of the U.S. Nuclear Regulatory Commission's (NRC's) Office of Nuclear Reactor Regulation. The NRC Project Engineer for this effort is Clare Goodman. This report is submitted as the Task 1 Report of the ' Review of the ABWR Human Factors Program' project (FIN L-2314). The authors would like to thank the inputs, comments, and suggestions of our NRC co!!eagues Dick Eckenrode, Ciare Goodman, Greg Galletti, and Donna Smith and BNL colleagues Sonja Haber and Debb!e Shurberg.

Rev 0: 3/19/92 l-l l

L l

\\

(

Draft Review Criteria Report (April 21, 1992)

{

Page i t

l r

\\

Table of Contents Preface il 1.

INTRODUCTION 1

2.

METHODOLOGY 3

3.

RESULTS 5

3,1 HFE Program Requirements 5

3.2 Draft ITAAC/DAC Structure 8

4.

BIBLIOGRAPHY 10 List of Figures Figure 1 - HFE Element:

6 Figure 2 - Human Factors.leview Stages 7

Anoendix Appendix A - Draft ITAAC/DAC 13 Draft Review Criteria Report (April 21, 1992)

Pageh

=

1 ',

' INTRODUCTION The staff of the Nuclear Regulatory Commissions (NRC) Human Factors Assessment Branch (LHFB) is reviewing the human factors elements of the General Electric (GE) Advanced Boiling Water Reactor (ABWR) Standard Safety Analysis Report (SSAR), Based upon the review of this material, the staff will prepare input for the NRC final safety evaluation report (FSER).

Brookhaven National Laboratory (BNL) assisted the staff by producing a Technical Evaluation Report (TER) which was used in the preparation of the draft safety evaluation report (DSER) which was completed on July 2,1991, Many outstanding issues were identified in the DSER.

Each of these outstanding issues will be addressed prior to completion of the FSER.

One issue to emerge from the initial review is that detailed human system interface (HSI) design information will not be available for staff review prior to design certification. To address this issue, the NRC is considering issuing a design certification based partially on the epproval of a written design implementation process plan. GE has suomitted a Design and Implementation Process Plan (D&lPP) describing the major design and implementation process activities for the ABWR human factors engineering (HFE) effort. The D&lPP is characterized in GE's Figure 18C.11 and Table 18E.11 of the SSAR submitted to the staff in October 1991. The first part of the plan presents the plant an-i system design definition stage which will be completed prior to design certification, and the second part outlines the minimum activities that must be conducted by a referencing applicant. The D&lPP will contain (1) descriptions of all required activities in the design, development and implementation of the ABWR human-system interfaces, (2) identification of predetermined NRC conformance review pobts, and (3) design acceptance criteria (DAC) and inspection, Test, Analysis and Acceptance Criteria (ITAAC) for the conformance reviews.

To review the GTs ABWR D&lPP, it is necessary to (1) assess whether all the appropriate human factors engineering elements are included in the plan, (2) identify which HFE elements require NRC review, and (3) etaiuate the proposed DAC/ITAAC to be utilized by the NRC to verify each of the review elements. Where GE's D&lPP is found by the staff to be lacking, appropriate elements and DACilTAAC must be developed.

The objective of the effort described in this report was to develop a technical basis for the review of the D&lPP. Since a design process review has not been conducted previously by the NRC as part of reactor licensing and is not addressed in the presently available guidance, i.e., NUREG 0800, a firm technical basis for such a review is lacking. Thus, it is important to identify what elements of such a plan are required to assure that safety goals are achieved and to identify the review criteria by which each element can be assessed. This element identification should be accomplished independently from that provideo by GE in order to assure that GE's plan reflects currently acceptable human factors engineering practices and that it is a thorough, complete, and workable plan. While it is likely th&t such guidance will be developed under the proposed update to the Standard Review Plan, that guidance will not be available in a time frame consistent with the GE review.

The specific objectives of this effort v.ere:

1. To develop a model of the HFE design process which can serve as a technical basis for the review of the D&lPP proposed for certification by GE. The model should be: (1) based upon currently cecepted practices, (2) well-defined, and (3) validated through experience with the development of complex, high reliability systems.

Draft Review Cntena Report (Apol 21, 1992)

Page1

2. To identify necessary HFE elements in a system development, design, and evaluation process that are requisites to successfulintegration of the human component in complex systems.

3. To identify which of the HFE elements are the key and require review to monitor the process.

4. To specify the design acceptance criteria by which key HFE elements can be evaluated.

Oraft Review Criteria Roport (April 21, 1992)

Page 2

4 2.

METHODOLOGY A technical review of current HFE guidance and practices was conducted to identify important human factors program plan elements relevant to a design process review, Ecurces reviewed included a wide range of nuclear industry and non-nuclear industry documents, including those currently under development as part of the DoD MANPRINT program. From this review a generic system development, design, and evaluation process was defined. Once specified, key HFE elements were identified and criteria by which they are assessed (based upon a review of current literature and accepted practices in the field of human factors engineering) were developed.

A Generic HFE Program Model was developed based largely on applied general systems theory and the Department of Defense (DoD) system development process whico is rooted in systems theory. Applied general systems theory provides a broad approach te system design and development, based on a series of clearly defined developmental steps, each with clearly defined and attainable goals, and with specific management processes to attain them. Kockler et.

al. define system engineering as *.. the management function which controls the total system development effort for the purpose of achieving an optimum balance of all system elements, it is a process which transforms an operational need into a description of system param9ters and integrates those parameters to optimize the overall system effectiveness. (Kockler, F.,

Withers, T., Podiack, J., & Gierman, M.,1990).

Utilization of the DoD system development as an input to the development of the Generic HFE Program Model was based on several factors. Department of Defense (DoD) policy identifies the human as an element of the total system (DoD,1990a). A system approach implies that all system components (hardware, software, personnel, support, procedures, and training) are given adequate consideration in the developmental process. A basic assumption is that the personnel element receives serious consideration from the very begir,1ing of the design process. In addition, the military has applied HFE for the longest period of time (as opposed to industrial, commercial or other users), thus the process is highly evolved and formalized and represents the most highly developed rnodel available. Finally, since military system development and acquisition is tightly regulated by federal, DoD, and military branch laws, regulations, requirements, and standards, the model provides the most finely grained, specifically defined process available.

Within the DoD systom, the development of a complex system begins with the mission or purpose of the system, and the capability requirements needed to satisfy mission objectives.

Systems engineering is essential in the earliest planning period to develop the system concept and to define the system requirements. During the detailed design of the system, systems engmeeting assures:

balanced influence of all required design specialties; resolution of interface problems; the effective conduct of trade-off analyses; a

the effective conduct of design reviews; the verification of system performance.

Systems engineering ensures the effective integration of HFE considerations into the design by providing a structured approach to system development and a management structure which details the nature of that inclusion into the overall process. The systems approach is iterative, integrative, interdisciplinary and requirements driven.

Draft Review Criteria Report (April 21,199?)

Page 3

e The systems engineering approach was expanded to develop a HFE Program Model to be used for advanced NPP HFE review by the incorporation of NRC regulatory requirements.

l Draft Review Criteria Report (April 21, 1992)

Page 4

D 3.'

RESULTS 3.1 HFE Program. Requirements A Generic HFE Program Model has been developed to serve as the basis for review of die GE ABWR HFE program. The generic model contains eight elements which include:

• Element A - Human Factors Engineering Program Management

• Element B - Operating Experience Review

• Element C - System Functional Requirements Analysis

• Element D - Allocation of Function

• Element E - Task Analysis

• Element K - Huinan System Interface Design

• Element G - Plant and Emergency Operating Procedure Development

• Element H - Human Factors Verification and Validation.

The elements and their interrelationships are illustrated in Figure 1. Also il':*strated are the minimal set of items submitted to the NRC for review of the COL't HFE efforts. All NRC review items are identified as falling into one of the five review stages:

• HF Management Planning Review

• Implementation Plan Review

• Analysis Result-Raview

• HSl Results Review

• Human Factors Verification & Validation.

The materials reviewed at each stage are shown in Figure 2.

The specification for the NFC review materials and the acceptance criteria to be used for their evaluation are identified in the dratt ITAAC/DAC which follow.

Oraft Raview Criteria Report (April 21, 1992)

Page 5

4 o

Element A Human Factors Engineering Program Management

• HFEProgram Management Plan U

Element b Operating Experience Review

• Implomontation Plan

• AnaYsis ResuRs Report

• HF E Desen Team Evaluaton Report U

Element C Development of System Functional Requirements e impbmentaton Plan

• Analysis Results Report

• HFE Design Tearn Evabaton Report F

Element 0- Allocation of Func'Jons e implementation Plan

• Analyss Results Report

• HFE Design Team Evaluation Report U

Element E Task Analysis

• Impementation Plan

• Analysis Results Report

• HFE Design Team Evaluaton Report l

V h

Element F HSI Design Element G Procedure Dewlopment

• Implementaton Plan

• Analysis Results Report m'

m

• Implementanon Plan

• Analysis Resuas Report

• HFE Desen Team Evaluaton Report

• HFE Design Team Evaluatico Report t

Element H HF Verification and Validation e irrpiementaton Plan

• Analysis Resuus Report

• HFE Design Team Evaluation Report Y

Feedback to Appropnate Elements Figure 1. HFE Elements (Draft 4/17/92)

Draft Review Criteria Report (April 21, 1992)

Page 6

C

1. HF Management Plan Review Review of HFE Program Atanagement PInn ton

• Element A Human Fadors Engineenng Program Management V

2. implementation Plans Review ReviewImplementation PInne for-

• Element B Predemssor System Review Plan

• Element C. System Funcsonal Requirements

• Element 0 Anocate of Fundsons

• Element E Task Analyse

+ Element F Interface Design

+ Element G - Prowdure Developmerd

• Element H. HF Verdeahon and Validation V

3. Analysis Results Review Review of Ans!ysts Resulte Reports &

HSI Oseign Team Evaluation Reports 16r:

• Element C System Func: Mal Requvements

• Element D Allocaton of Fundons

+ Element E Task Analysis P

4. HSI Deeg 3 Review Review dAnalysis Results Reports &

HSIDesign Team Evaluation Reports for-

+ Elernert F -Irverface Design i

+ Elemer. G Procedure Developmern V

5. HF Verification & Validation Review Revew of Anstysis Results Reports &

HSIDesign Team Evaluation Reports fx

+ Elemont H HF Vovification and Validation

• Element B Operanng Experience Review Figure 2. Human Factors Review Stages (4/17/92)

Dtatt Review Criteria Report (Apnl 21, 1992)

Page 7

3.2 Draft ITAAC/DAC Structure While the secpc of the review of the SSAR HFE will encompass all operations, maintenance, test, and inspection interfaces, procedures, and training materials; the scope of the draft ITAAC/DAC is limited to the HFE associated with the main control room and the remote shutdown system. In general, the ITAAC/DAC are based on the requircment that the HSI reflect

" state of-the art human factors principles' (10 CFR 50.34(f)(2)(iii)) as required by 10 CFR 52.47(a)(1)(ii) and that all aspects of HSI shall be developed, designed, and evaluated based upon a structured top-down system analysis using accepted human factors engineering (HFE) principles based upon current HFE practices.

For purposes of clarification ' state of-the art human factors principler' is defined as those principles currently accepted by human factors practitioners. ' Current

• is defined with reference to the time at wh!ch a program management or implementation plan is prepared.

' Accepted

• is defined as a riactice, method, or guide which is (1) documented in t'e human factors literature within a f.andard or guidance document that has undergone a peer review process and/or (2) can bo justified through scientific / industry research/ practices literature that has undergone a peer review process, A brief description of the generic structure of the diaft ITAAC/DAC is provided in this section. The draft ITAAC/DAC are contained in Appendix A. For the present dmfts, one 17AAC/DAC has been prepared for each element and no distinction has been made between T> 'S '

and 2.

Each draft ITAAC/DAC is divided into three sections: Design Commitment, inspection / Test / Analysis, and Design Acceptance Criteria.

Qesign Commitment A concho and general statement as to the HFE objective of the Element is provided in this section.

Insoection/ Test / Analysis A specification of the inspections, tests, analysis, or other actions (i.e., some action that is required but which is not a spacific inspection, test, or analysis, such as development of a program plan) taken by tne COL to achieve the objective. Generally these are divided into three activities: planning,

• analysis', and rev!cw. This section also defines those minimal set of materials to be provided to the NRC for review of the c'ement Design Acceatance Criteria This section is typically divided into four sections: General Criteria, implementation Plan, Analysis. Report, and HFE Design Team Review Report. The Generai Criteria represent the major statement of design acceptance criteria. These are the criteria the ITAAC are required to meet and which should govern the implementation Plan, Analysis Report, and HFE Design Team Review Report development. The general criteria are derived from two sources:

1. Regulatory Requirements - these are the HFE related requirements stated in 10CFR.

Since regulatory requirements generally apply to more than one HFE Prograrn element, they are contained in a table (Table Y, at the end of the document) and are referenced as the first general criteria in each secuon. It must be emphasized that this represents a ' coarse screening" of i

incorporation of regulatory requirements into ITAAC/DAC and further refinement is needed.

Draft Review Criteria Report (April 21, 1992)

Page8 l

l

2. Accepted HFE Fractices - these are the criteria derived from the HFE model development and HFE literature and current practices review, important points are listed in the acceptance criteria and applicable documents are referenced in a table (Table X). This table is not contained in the attached package and is currently under development.

k'

?'

b Draft Review Critoria Report (April 21. 1992)

Page 9

4.

Bibilography The fc! lowing is a partiallist of documents were used in the development of the Generic HFE model and the draft DAC contained in Appendix A. (The fulllist is being complied)

Bailey, R.W. (1982). Human performance engineering: A guide for system designers.

Englewood Cliffs, NJ: Prentice-Hall, Inc.

Booher, H.R. (Ed.) (1990). MANPRINT: An approach to systems integration. New York: Van Nostrand Reinhold.

NAS Committee on Human Factors. (1983) Research Needs for Human Factors. National Research Council, National Academy of Sciences, Washiigton, DC.

NAS Committee on Human Factors (Moray, N.7 Huey, B.,Eds.). (1988). Human Factors Research and Nuclear Safety. National Research Council, National Academy of Sciences, i

=

, lington, DC,.

C1 spanis, A. (1970). Human factors in systems engineering. In DeGreene, K.B. Systems

,,[h psychology. New York: McGraw-Hill Book Cumpany.

DeGreene, K.B. (1970). Systems psychology. New York: McGraw-Hill Book Company.

Department of Defense (1979a). Human engineering requirements for military sytems, equipment and facilities (MIL-H-46BSSB). Washington, D.C.: Office of Management and Budget.

Onpartment of Defense (1979b). Critical task analysis report (DI H 70FS). Washington, D.C.: Office of Management and Budget.

Department of Defense (1981). Human factors engineering design for army materiel (MIL-HOBK 7 9A (MI). Washington, D.C.: Department of the Army Department of Defense (1983). Human factors engineering program (AR 602-1).

Washington, D.C.: Department of the Army.

Department of Defense (1985). Technical reviews and audits for systems, equipments, and computer software (MIL-STD-15218). Washington, D.C.: Department of the Air Force.

Department of Defense (1986). System safety program plan (DI-SAFT-80100). Washington, D.C.: Office of Management and Budget Department of Defense (1989a). Human engineering program plan (DI-HFAC-80740).

Washington, D.C.: Off.ce of Management and Budget.

Department of Defense (1989b). Human engineering design criteria for military systems, equipment and facilities (MIL-STD-1472D). TNashington, D.C.: Office of Management and Budget.

Department of Defense (1989). Manufacturer's MANPRINT management plan (OT-11920).

Washington, D.C.: Office of Management and Budget.

Draft Review Criteria Report (April 21, 1992)

Page 10

...... ~.,.

O.

Department of Defense (1990a). - Manpower and PersonnelIntegration (MANPRINT) in the

materiel acquisition ~ process (AR 602 2). Washington, D.C.

Department of the Army.

Department of Defense (19906) _ Svstem engineering management plan (DI MGMT 81024).

- Washington, D.C.: Office of Management and Budget.

Department of Defens's (1991a). Defense acquisition (DODD 5000.7). Washington, D.C.: Offhe of Management and Budget. -

Department of Defense (1991b).' Defense acquisition management policies and procedures (DODI S000.2). _ Washington, D.C.: Office of Management and Budget.

Department of_ D_afense (1991c). Human engineering procedures guide (DOD HDBK-763).

Washington, D.C.:-Office of Management and Budget.

Hart, S.G., & Wickens, C.D. (1990). Workload assessment and prediction. _in Booher, H.R.

(Ed.) MANPRINT: An approach to systems integration. New York: Van Nostrand Reinhold.

Hennessy,- R.T. '(1900). Practical human performance testing and evaluation. ' in Bocher, H.R.

(Ed.) MANPRINT: An apprcach to systems integration. New York: Van Nostrand Reinhold.

International Electrotechnical Commission (1989). International standard: Design for control rooms of nuclear power plants (IEC 964).' Geneva, Switzerland: Bureau Central da la Commission Electrotechnique Internationale.

Kidd,~ J.S., & Van Cott, H.P. (1972). System and human engineering analysis. In ' Van Cott, H.P.

& Kinkade, R.G. (Eds.), Human engineering guide to equipment design (pp.1-16). Washington,

- D.C.: U.S. Govemment Printing Office.

. Kockler, F.,- Withers, T., Podiack, J., & Gierman, M (1990). Systems engineering-management

.gu eid (AD/A223 768). Fort Belvoir, VA: Defense Systems Management College.-

Miller, R. B. (1953). A method for man-machine task analysis (Technical Report 53137, June (AD 15921) _ Wright-Patterson AFB, Ohio: Wright Air Development Center.

Miller, R.B. (1962), Task description and analysis. 'In Gagne, R. M., and Melton, A. W. (Eds.),

Psychological _ principles in system development (pp. 187-228). New York: Holt, Rinehart and Winston.

Sanders, M.S., & McCormick, E.J. (1987). Human factors in engineer /ng and design (6th ed.).

_ New York:l McGraw-Hill Book Company.

Seminara, J.', ' Control-Room Deficiencies, Remedial Options, and Human Factors I,earch Needs,"L(NP-5795),- Electric Power Research Institute, Palo Alto, CA,1988.

Senders, J.Wz (1970). The estimation of operator workload in complex systems, in DeGreene,

- K.B. (Ed.). Systems psychology. New York:_ McGraw-Hill Book Company.

Draft Review Criteria _ Report (April 21.199'!)

Page 11

U.S. Nuclear Regulatory Commission. (1981). Guidelines for control room design reviews (NUREG 0700). Washington, D.C.: U.S. Government Printing Office.

U.S. Nuclear Regulatory Commission, 'TMI 2 Action Plan," (NUREG 0660), Washington, DC.

U.S. Nuclear Regulatory Commission.

• Clarification of TMl Action Plan Requirements,' (NUREG-0737 and Supplements), Washington, DC,1980.

U.S. Nuclear Regulatory Commission, ' Functional Criteria for Emergency Response Facilities,"

(NUREG 0696), Washington, DC,1980.

U.S. Nuclear Regulatory Commission,,;uman Factors Acceptance Criteria for Safety Parameter Display System,' (NUREG 0835), Washington, DC,1331.

U.S. Nuclear Regulatory Commission, ' Standard Review Plan,' (NUREG 0800), Washington,

~

DC, Revision 1,1984.

U.S. Nuclear Regulatory Commission, ' Human Factors Program Plan,' (NUREG 0985, Revision 2), Was.hington, DC,1986.

Warm, J. and Parasuraman, R. (Eds.), ' Vigilance: Basic and Applied Research,' Human Factors, (Special issue),1987, Pd, 623 740.

Woodson, W.E. (1981) Human factors design handbook, New York: McGraw Hill Book Company.

Draft Review Criteria Report (April 21. 1992)

Page 12

Appendix A Draft ITAAC/DAC Draft Review Criteria Report (April 21, 1992)

Page 13

4 Draft ITAAC/DAC Element A - Human Factors Engineering Progra n Management DESIGN COMMITMENT:

Human system interfaces (HSI) shall be provided for the operation, maintenance, test, and inspection of the ABWR that reflect " state of the art human factors principles" (10 CFR 50.34(f)(2)(lii)) as required by 10 CFR 52.47(a)(1)(ii). All aspects of HSI shall be developed, designed, cmd evaluated based upon a structured top-doen system analysis using accepted human factors engineering (HFE) principles based upon current HFE practices. HSI is used here in the broad sense and shall include all operations, maintenance, test, and inspection interft:ces, procedures, and training needs of the main control room and remote shutdown t

system functions and equipment.

State of the art human factors principles is defined as those principles currently accepted by human factors practitioners. ' Current' is defined with referenes to the time at which a program management or implementation plan is prepared. ' Accepted' is defined as a practice, method, or guide which is (1) documented in the human factors literature within a standard or guidance document that has undergone a peer review process and/or (2) can be justified through scientific / industry research/ practices literature that has undergone a peer review process.

INSPECTION / TEST / ANALYSIS:

To assure the integration of HFE into system development: (1) a HFE Design Team shall be established; (2) a procedure to document and track HFE related problems / concerns / issues and their solutions throughout the HFE program shall be developed; and (3) a HFE Prograra Plan shall be established to assure the proper development, execution, oversight, and documentation of the human factors engineering program.

DESIGN ACCEPTANCE CRITERIA:

General Criteria

1. The primary goal of the HFE program shall be to developing an HSl which makes possible safe, efficient, and reliable operator performance and which satisfy all regulatory requirements as stated in 10 CFR as identified in Table Y. The general objectives of this program shall be stawd in " operator-centered' terms which,.as the HFE program develops, shall be objectively defined and shall serve as criteria for test and evaluation activities.

Generic ' operator-centered' HFE design goals include:

• .The operating team can accomplish all assigned tasks within system defined time and performance criteria.

• The system and allocation of functions will provide acceptable workload lemis to ascure vigilance and to assure no operator overload.

• The system will support a high degree of operating crew " situation awareness."

• Signal detection and event recognition requirements will bo kept within the operators' information processing limits and will minimize the need for operators to mentally transform data in order to be usable, l

Draft Review Criteria Report (April 21, 1992)

Page 14 l

• The system will minimize operator memory load.

• The operator interfaces will minimize operator error and will provide for error detection and recovery capability.

2. The HFE Program shall be based upon state-of the-art HFE practices at the time of its development (as defined above) including those documents under Element A in Table X.

HFE Design Team

1. An HFE Design Team shall have the responsibility, authority and placement within the organization (as defined below) to ensure that the design commitment is achieved.

2. The team shall be responsible for (1) the development of all HFE plans and procedures; (2) the oversight and review of all HFF. design, development, test, and evaluation activities; (3) the initiation, recommendation, and provision of solutions through designated channels for problems identified in the implementation of the HFE activities; (4) verification of implementation of team recommendations, (5) assurance that all HFE activities comply to the HFE plans and procedures, and (7) scheduling of activities and milestones.

3. The scope of the Team's responsibility shall include:

• Control and instrumentation equipment all operations, maintenance, test, and inspection interfaces and facilities both within and outside the control room, a procedures a training requirements development.

4. The Team shall have the authority end organizational freedom to ensure that all its areas of responsibility are accomplished and to identify problems in the implementation of the HSI design. The team shall have the authority to determine where its input is required. access work areas, design documentation. The Team shall have the authority to control further processing, delivery, installation cr use of HFE/H31 products until the disposition of a non-conformance, deficiency or unsatisfactory condition has been achieved.

5. The HFE Team shall be placed at the level in the COL organization required to execute its responsibilities and authorities. The team shal! report to a level of management such that required authority and organizational freedom are provided, inc!uding sufficient independence from cost and schedule considerations.

6. The HFE design team shallinclude the following expertise:

(Insert specific GE's Table 18.E.2.1 Part 11 to elaborate on below)

• Technica! Project Management

• Systems Engineering

• Nuclear Engineering

• Control and Instrumentation Engiaeering

• Architect Engineering

• Human Factors

• Plant Operations

• Computer Systems Engineering Draft Review Criteria Report (Apnl 21, 1992)

Page 15

• Plant Procedure Development

• Personnel Training

• Safety Engineering

• Reliability / Availability / Maintainability /Inspectability (RAMI) Engineering HFE Issue Tackina System

1. The tracking system shall address human factors issues that are (1) known to the industry (such as TMI related HF issues and other NRC, industry and generic human factors issues), (2) identified in the operating experience review (see Element B), and (3) those identified throughout the life cycle of the ABWR system design, development and evaluation.

l

2. The method shall document and track human factors engineering issues and concerns, from identification until elimination or reduction to a level acceptable to the review team.

3. Each issue / concern that meets or exceeds the threshold effects established by the review team shall be entered on the log when first identified, and each action taken to eliminate or reduce the

. issue / concern should be thoroughly documented. The final resolution of the issue / concern, as accepted by the review team, shall be documented in detail, along with information regarding review team acceptance (eg., person accepting, date, etc.)

4. The tracking procedures shall carefully spell out individual responsibilities when an issue / concern is identified, identify who should log it, who is responsible for tracking the resolution efforts, who is responsible for acceptance of a resolution, and who should enter closeout data.

HFE Proaram and Manaaement Plan

1. An HFE Program Management plan shall be developed to describe how the human factors program shall be accomplished, i.e., the plan shall describe the HFE Team organization and composition and which lays out the effort to be undertaken and provides a,echnical approach, schedule, and management control structure and technicalinterfaces to achieve the HFE program objectives. The plan is the single document which describes the designer's entire HFE program, identifies its elements, and explains how the elements will be maoaged. Generally, it shall address:

• The scope of the HFE Design Team's authority within the broader scope of the organization responsible for phnt construction, included within this scope shall be the authority to suspend from delivery, installation, or operation any equipment which is determined by the Team to be deficient in regard to established human factors design practices and evaluation criteria

• The process through which the Team will execute its responsibilities

• The processes through which findings of the Team are resolved and how equipment design changes that may be necessary for resciution are incorporated into the actual equipment ultimately used in the plant

• The members and qualification of the team members Draft Review Criteria Report (April 21, 1992)

Page 16

l

• The process through which the Team activities will be assigned to individual team members, the responsibilities of each team member and the procedures that will govern the internal management of the team

• The procedures and documentation requirements of the HFE Issue.s Tracking System

2. The HFE Program Management Plan shall provide the following information:

1. Purpose and organization of the plan

2. Literature and current practices review

3. Overall HFE program goals and objectives

4. The relationship between the HFE program and the overall plant design program (organization and schedule).

5. HFE Design Team

• Organization within the HFE program Identify and describe the primary HFE organization or function v/ithin the organization of the total program, including charts to show organizational and functional relationships, reporting relationships, and lines of communication

• Functions and internal structure of the HFE Organization

- Describe the responsibility, authority and accountability of the HFE organization Identify the organizational unit responsible for each HFE task

- Describe the process through which management decisions wil; 5 made regarding HFE

- Describe the process through which design decisions will be made regarding HFE Describe all tocis and techniques (e.g., review forms, documentation) to be utilized by the Team to ensure taey fulfill their responsibilities

• Staffing

- Describe the staffing of the HFE Team

- Provide job descriptions of personnel of the HFE Team

- Indicate the assignment of key personnel and provide their qualifications with regard to the areas of expertise indicated above

6. HFE Issue Tracking System

• Literature and current practices review

• Responsibilities

- Responsibilities on issue Identification

- Responsibilities for issue Logging

- Responsibilities for issue Resolution

- Responsibilities for Issue Closecut l

• Procedures I sue identification Description Effects l

Criticality and Likelihood 1-

- Issue resolution Proposed Solutions implemented Solution Residual Effects Resultant Criticality and Likelihood Draft Review Criteria Report (April 21, 1992)

Page 17

• Documentation

• Audit of the issue identification and tracking cystem

7. HFE requirements

• Identify and describe the HFE requirements imposed on the design process

• List the standards and specifications which are sources of HFE requirements

8. HFE program Identify and describe the development of 6.aplementation plans, analyses, and evaluation / verification of:

• Operating Experience Review

• System Functional Requirements f evelopment

• Allocation of Function

• Tssk Analysis

• Interface Design

• Plant and Emergency Operating Procedure Development

• HF Verification and Validation

9. HFE program milestones e identify HFE milestones, so that evaluations of the effectivenets of the HFE effort can be made at critical check points and show the relationship to the integrated plant sequence of events

• Provide a program schedule of HFE tasks showing:

- miationships between HFE elemorsts and activities

- reports

- reviews

• Identify integrated design activities applicable to the HFE program but specified in other areas 10, HFE documentation

• Identify and briefly describe each required HFE documented item

• Identify procedures for' accessibility and retention.

• Describe the supporting documentation and its audit trail maintained for NRC audits

11. HFE in subcontractor efforts

• Provide a copy of the HFE requirements proposed for inclusion in each subcontract

• Describe the manner in which the designer proposes to monitor the subcontractor's compliance with HFE requirements l

l l

Draft Review Criteria Report (April 21, 1992)

Page 18

~~ _

.=

ITAAC/DAC Element B - Operating Experience Review DESIGN COMMITMENT:

The accident at Three Mile Island in 1979 and other reactor incidents have il'ustrated significant problems in the actual design and the design philosophy of NPP HSis. There have been many studies as a result of these accidents / incidents. Utilities have implemented both NRC mandated changes and additional improvements on their own initiative. However, the changes were formed based on the constraints associ. ad with backfits to existing CRs using early 1980s technology which limited the scope of corrective actions that rnight have been considered, i.e.,

more effective fixes could be used in the case of a designing a new CR with the modern technology typical of advanced CRs.

Problems and issues encountered in similar systems of previous designs shall be identified and analyzed so that they are avoided in the development of the current system or, in the case of positive features, to ensure their retention.

INSPECTION / TEST / ANALYSIS:

• A Predecessor System Review Implementation Plan shall be developed to assure that the analysis is conducted according to accepted HFE principles.

. An analysis of predecessor systems shall be conducted in accordance with the plan and the findings will be documented in an Analysis Results Report.

• The analyses shall be reviewed by the HFE Design Team and shall be documented in an Evaluation Report.

DESIGN ACCEPTANCE CRITERIA:

General Criteria

1. The analysis shall meet all 10CFR regulatory requirements as specified under Element B in Tabte Y.

2. The activity shall be based upon state-of Se-art HFE practices at the time of its development (as defined in Element A) includinu those documents under Element B in Table X.

3. Problems and issues encountered in similar systems of previous designs shall be identified and analyzed:

. Human performance issues, problems and sources of human error shall be identified.

• Design elements which support and enhance human performance shall be identified.

4. The review shall include both a review of literature pertainin,q the human factors issues related to similar systems and operator interviews.

5. The following sources both industry wide and plant or subsystem relevant should be investigated at a minimum:

Government and Industry Studies of Similar Systems Draf t Review Criteria Repxt (April 21, 1992)

Page 19

= - _. -. - _..--. - -.

O Licensoe Event Reports

+

Outage Analysis Re, tris Final FSety Analysis Reports and Safety Evaluation Reports Human Engineering Deficiencies identified in DCRDRs

+

Modifications of the Technical Specifications for Operation

+

In;ernal Memoranda / Reports as Available

+

1

6. The following topics should be included in interviews as a minimum:

Screen Design issues Data Presentation Formats Data Entry Roquiremento Situational Awareness

+

Communications Procedures

+

Staffing and Job Design Training

+

Implementation Plan The pfan shall describe the designer's approach to Predecessor System Review. The plan shall address the following:

Literatuto and current practicos review

+

Describe the technical Laels for the plan

+

DocumentaJon revicw and analysis Ucar survey methodology (for conducting interviews) and analysis plans

+

h..oiod of documenting lessons learned

- +

Integration of lessons learned into the design process

+

Anniv3A ReJR11s_. Report At a minimum. the report shall address the following:

Oujoctives Description of the Methods

.ldentification of any deviations from the implementation plan Rosalts and Discussion l

l.

+ Concisions Recommendations / Implications for HSI Design HFE Deslan.. Team Evnluation Recurt.

At a minimum, the report shall address the following:

The review methodology and procedures

+.

Compliance with implementation Plan Procedures Review findings

+

l.

l

~

Draft Review Criteria Report (April 21, 1992)

Page 20 n

~v

+ -

-,e s

n,,

-e

,,-r-

---cw

.,v-

,,,,,,e

ITAAC/DAC Element C System Functional Requirements Analysis DESIGN COMMITMElift System requirements shat! be anatyred to identify those functions which must be performed to satisfy the objectivos of each functional area. Syst m function analysis shall: (1) determine tho

/

objective, performanco requiremonta, and constraints of the design; and (2) establish the functions which must be accomplished to moot the objectives and required performanco.

INS PECTl0NITEST/AN Al.Yul3:

• A System Functimal RequiremenW Analysis impiomentation Plan shall be developed to assure that the analysis is conduc'.ad accordlag to accepted HFE principles.

• An analysis of System Functional Requirements shall be conducted in accordance with the plan and the findings will bo documented in an Analysis Results Report.

• The analyses shall be ioviewed by the HFE Desig1 Team and shall be documented in an 4

Evaluation Report.

DESIGN ACCEPTANCE CRITERI,'e Donoral Criteria

1. The analysis shall moot all 10CFR regulatory requirements as specified under Element C in Table Y.

4

2. The activity shall be based upon state-of thc-:rt HFE practicos at tho timo of its development (as defined in Element A) including those documents under Element C in Tablo X.

3. System equiremonta shall determino system functions and the function shall determino the performanco nocessary to carry out the function.

4. Critical functions shall bo defined (l.o., those functions required to achieve maje system performanco requirements; or those functions which, if failed, could degraJo system or equipment performance or poso a safoty hazard to plant rsersonnel or to the general public),

S. Safety functions shall be identified and any functional interrelationship with non safety systems shall be identified.

6. Functions shall be defined as the most general, yet differentiable means whereby the system

^

requirements are mot, discharged, or satisfied. Functions shall be arranged in a logical sequence so that any specified cporational usago of the system can be trned in an end-to ond path.

7. Functions shall be described initially in graphic form. Function diagramming shall be dono at several levels, starting at a

• top leve!" where a very gross picture of major functions is described, and continuing to decompose major functions to several lower levels uritil a specific critical end item requirement will emerge, e.g.,

a piece of equipment, software, or an operator.

8. Detailed nairativo descriptions shall be developed for each of the identified functions and for Draft Review Criteria Report (April 21, 19921 Page 21

the ovo;all system configuration design itself. Each function shall be identified and described in terms of inputs (observable parameters which will indicato system status), functional procoping (control process and pedormance measures required to achieve the function),

outputs, feedback (how to determine correct discharge of function), and interface requirements from the top down so that subfunctions are recognized as part of larger functional areas.

9. Functional operations or activities shall include:

+ dotei:: ting signals e measuring information

+ comparing one measutomont with another e processing information

• acting upon decisions to produce a twsired condition or result on the system or i

environment (e.g., r.ysterr and component operation, actuation, and trips)

10. The functiore analysis shall be kept current over the life cycle of design development.

11. Verification

• All the functions necessary for the achlovement of operational and safety goals are idt,ntified.

• All requirements of each function are identified.

jmplemgmtpiIon Plan The plan shall descr;be the designer's approach to System Functional Requiroments Analysis.

The System Functional Rnquirements Analysis implementation Plan shall address:

• Literature and current practices review Describe the technical basis for the plan.

+ List requirod system level functions Based on System Performance Requirements

• Graphic function desedptions

- 9.g., Functienal Flow Block Diagrams and Time Line Dbgrams

• Detailed function narrativo descriptions addressing:

Observable parameters which will indicato system status Control process and measure / data required to achieve the function How to determine proper discharge of function

• Analysis

- Defino an integratbn of subfunctions that are closely related so that they can be treated as a unit

- Divide identified subfunctions into two groups Common achievement is an essential condition for the accomplishment of a highor level function Alternative supporting functions to a higher level function or whose accomplishment is not necessarily a requisito for higher level function

- Identify for each integrated subfunction:

- Logical requirements for accomplishment (Why accomplishment is required) l

- Control actions necessary for accomplishment Paramotors necessary for control action Criteria for evaluating the result of control actions Parameters necessary for the eval"ation Draft Review Criteria Report (April 21. 1992)

Page 22 t

Evaluation criteria Criteria for choosir$g alternatives

- Identify characteristic measurement and define for each measurement important factors such as Load, Accuracy, Time factors, Complexity of act!on logic, Types and complexities of decision making, in,' acts resulting from the loss of :anction and associated time factoru

• Verification Describe system functica verification methodology Analysis Results ReDort The report shall address the following:

• Objectives

• Description of the Methods

• Identification of any deviations from the implementation plan

• Results and Discussion

• Conclusions

• Recommendations / implications for HSI Design HFE Design Team Evaluation __Reggrt The report shall address the following:

• The review methodology and procedures

• Compliance with implementation Plan Procedures

• Review findings Draft Review Criteria Repon, April 21, 1992)

Page A.'

.+n

,a ae, w-w,s

.r.

,, w - -

+

w

~

n

ITAAC/DAC Element D Allocation of Function DESIGN COMMITMENT:

The allocation of functions shall take advantage of human strengths and avoids allocating functions which would be impacted by human limitations. To assure that the allocation of function is conducted according to accepted HFE principles, a structured and well-documented methodology of allocating functions to personnel, system elements, and personnel system combinations shall bo developed.

INSPECTION / TEST / ANALYSIS:

• An Allocation of Function lmptomentation Plan shall be developed to assure that the analysis is conducted according to accepted HFE principles.

• An analysis of Allocation of Function shall be conducted in accordance with the plan and the findings will be documented in an Analysis Results Report.

• The analyses shall be reviewed by the HFE Design Team and shall be documented in an Evaluation Report.

DESIGN ACCEPTANCE CRITERIA:

Reftoral C r(Lef.lp

1. Tho analysis shall meet all 10CFR regulatory requirements as specified under Element D in Table Y.

2. The activity shall bo based upon state of the art HFE practicos at the time of its development (as defined in Element A) including thoste documents under Element D in Table X.

3. All aspects of system and functions definition must be analyzed in terms of resbLing human performance requirements based on the expected user population.

4. The allocation of functions to per=onnel, systern olements, and personnel system combinations shall be mado reflect (1) senaitivity, precision, time, and safety requirements, (2) required reliability of system performance, and (3) the number and level of skills of personnel required to operato and maintain the system.

5. The allocation criteria, rational, analyses, and procedures shall be documented.

6. As afternative allocation concepts are developod, analyses and trade off studies shall be conducted to determine optimum configurations of personnel and system performed functions.

' Analyses shall confirm that the personnel elements can properly perform tasks allocated to them while maintaining operator situation awareness, worklot.d and vigilance. Proposed function assignment shall take the maximum advantage of the capabilities of human and machine without imposing unfavorsble requiroments on either.

7. Functions shall be to allocated in an iterative manner, in response to develaping design specifics and the outcomes of on going analyses and trade studies.

~

-Draft Review Criteria Report (April 21, 1992)

Page 24

t

8. Function assignment shall be ovaluated.

Implementation Plan The plan shall describo the designer's approach to Allocatim cf Function. The Allocation of Function Imptomentation Plan shall address:

• Literature and current practices review

• Establishment of a structured basis for function allocation

• Attornativo systems analyses

- Specification of criteria for selection

• Tsado studies

- Define objectivos and requirements Identify alternativos

- Formulato selection critoria Welght criteria Prepare utility functions Evaluato alternativos

- Perform Sensitivity Check Select Proforted Altornativeo

• Evaluation of function assignment The plan shall describo the tests and analyses that will be performed to ovaluate the function albcation AMily31s _ Results Report The report shall address the following:

• Objectives

• Description cf the Methods

• Identification of any dovlations from the implementation plan

• Results and Discussion

• Conclusions

• Recommendations /implicctbns for HSI Desig,1 HEE _Dmign Team Eyahtallon_Bapsrt The report shall address the following:

• The review methodology and procedures

• Compliance with Implementatien Plan Procedures

• Roview findings Ett Review Criteria Report (April 21, 1992)

Page 25

--m.-

ITAAC/DAC Element E Task Analysis DESIGN CotAfAITfAEidT:

Task analysis shall identify the behavioral requirements of the tasks the personnel subsystem is required to perform in order to achiove the functions allocated to them. A task shall be a group of activities that have a commori purpose, otton occurring in temporal proximity, and which utilize the samo displays and controls. The task analysis shalk

+ provide one of the bases for making design decisions; e.g., det9rmining before hardware fabrication, to the extent practicable, whether systern performance requirements can be mot by combinations of anticipated equipment, software, and personnel,

+ assure that human performanco requirements do not exceed human capabilities,

+ be used as basic information for developing manning, skill, training, and communication requirements of the system, and

+ form the basis for specifying the requiromonts for the displays, data processing and controls needed to carry out tasks.

INSPECTION / TEST / ANALYSIS:

• A Task Analysis implementation Plan shall be developed to assure that the analysis is conducted according to accepted HFE principles.

+ An analysis of tasks sbsll be conducted in accordance with the plan and the findings will bo documented in an A.uysis Results Report, n The analyses shall be reviewed by the HFE Design Team and shall bo documented in an Evaluation Report, DESIGN ACCEPTANCE CRITERIA:

G e n orr.l Cr1torin

1. The analysis shall meet all 10CFR regulatory requirements as specified unde, Element E in Table Y.

2. The activity sha!! bo based upon stato-of tho art HFE practicos at the timo of its development,as defined in Element A) including those documents under Element E in Tablo X.

3. The scope of the task analysis shallinclude all operations, maintenance, test and inspection tasks. The analysos shall bo direct,,d to the full range of plant operating modos, including start-up, normal operations, abnormal operations, transient conditions, low power and shutdown conditions. The analyses shallinclude tasks performed in the control room as well as outside of the control room.

4. The analysis shall link the identified and described tasks in operational sequenco diagrams. A review of the descriptions and operational sequence diagrams shall identify which tasks can be considered " critical" in terms of importance for function achievement, potential for human error, and impact of task fai'ure. Human actions which are found to affect plant risk in PRA sensitivity analyses shall also be considered ' critical.' Where entical functions are automated.

l the analyses shall consider all human tasks including monitoring of an automated safety system i

Dratt Review Criteria Report (April 21, 1992)

Page 26

e and back up actions if it falls.

S. Task antalysis shall begin on a gross favel and involve the development of detailed narrative descriptions of what personnel must do. Task analyses shall define the nature of the input, process, and output required by and of personnel. Detailed task descriptions shall address (as appropriate):

• Inforrnation Requirements Inforination required, including cues for task initiation Information available

• Decision Making Requirements Description of the decisions to be made (relative, absohtte, probabilistic)

Evaluations to be performed DecislMs that are probable based on the evaluation (opportunities for cognitive errors, such as capture error, will be identified and carefully analyzed)

• Response Requirements Action to be taken Overlap of task requirements (serial vs. parallel task elements)

Frequency Speed / Time line requirernetits

-Tolerance / accuracy Operational limits of personnel performance Operational limits of machine and software Body movements required by action taken

• Feedback Requirernents Foodback required to indicate adequacy of actions taken

• Workload Cognitive Physical Estimbtion of uifficulty level

• Task Support Requirements Special/ protective clothing Job aids or reference materials required Tools and equipment required Computer processing support aids

• Workplace Factors Workspace envelope required by action taken Workspace. conditions Location and condition of the work Environment

• Staffing r.nd Commurication Requirements number of personnel, their technical specialty, and specific skills

- Communications required, including type

-Personnel interaction when more than one person is involved

• Hazard identification identification of Hazards involved

6. The task analysis shall be iterative and becomo progressively more detailed over the design cycle. The task analysia shall be detailed ennugh to identify information and control requirements to enable specification of detailed requirements for alarms, displays, data processing, and contros for human task accomplishment.

i I

j-Oraft Review Criteria Report (April 21, 1992)

Page 27

=-

O O

i L

7. The task analysis results shall provide input to the personnel training programs.

ID1R11tnantal!O1. Plan The plan shall us. ribe the designer's approach to task analysis. The Task Analysis implementation Plan shall address:

+ Literature and current practices review

+ General methods and data sources

• Grot,s task analysis

- Convert Functions to Tasks Develop Narrative Task Descriptions l

General statement of task functions Detailed task descriptions Breakdown of tasks to individual activitlen Develop Operational Sequence Diagrams

• Critical task analysis identification of Critical Tasks Detailed Task Descriptions e information and control requirements

+ Initial alarm, display, processing, and control requirements analysis Develop a task based l&C inventory

+ Application of task analyus results to training development

• Evaluation of task analysis

- The plan shall describe the methods that will be used to evaluate the results of the task analysis.

Analvsls Results Ren_ ort

~

The report shall address the following:

• Objectives

• Description of the Methods

• Identification of any deviatic,.s from the irr'ementation plan

+ Results and Discussion

+ Conclualuns

+ Recommendations / implications for HSl Design HFE Detlgn Tent, Evaluation Report The report shall address the following:

• The review meth( Jology and procedures

• Compliance with implementation Plan Procedures

+ Review findings Draft Review Criteria Report (April 21.1H2)

Page 28 l

.a

ITAAC/DAC Element F. Human System Interface Design DESIGN COMMITMENT:

Human engineering principles and criteria shall be applied along with all other design requirements to identify, select, and design to particular equipment to be operatod/ maintained /controllec' by plant personnel.

INS PECTION/ TEST /AN ALYSIS:

• A Human System Interface Design implementation Plan shall be developed to assure that the analysis is conducted acecrding to accepted HFE principles.

• An analysis of Human Sptom Interfaco Design shall be conducted in accordance with the plan and the findings will be documented in an Analysia Results Report.

• The analyses shall be reviewed by the HFE Design Team and shall be documented in an Evaluation Report.

• The Human System interface Design implomontation Plan, Analysis Results Report, and HFE DESIGN ACCEPTANCE CRITERIA:

General Critorin,.

1. The analysis Al meet all 10CFR regulatory requirements as specified under Element F in Tablo Y.

2. Tho activity shall be based upon state-of tno crt HFE practicos at the time of its development (as defined in Element A) including those documents under Element F in Table X.

3. Tne design configurat'on shall satisfy the functional and technical design requirements and insuro that the HSI will moet the appropriato HFE gu! dance and critoria.

4. The HFE offoit shall be applied to HSI both inside and outside of the control room (local hsi).

5. HSI design shall utilize the results c' iho task analysis and the l&C inventory to assure the adequacy of the HSI.

6. The HS! and working environment shall be adequate for the human performance requirements it supports. The HSl shall be capable of supporting critical operations under the worst credible environmental conditions.

7. The HSI shall be free of clomonts which are not required for the accomplishmer" of ary task.

8. The selection and design of HSI hardware and software approachos shall be based upon demonstrated criteria that support the achlovement of human task performance requiremorns.

Critaria can be based upon test results, demonstrated experience, and trado studios of identified l

optiens.

9. HFE standards shall be employed in HSI se!setion and design. Human engineering guiaanco l

Draft Review Cnteria Report (April 21, 1992)

Page 29

_ _ _ _ __ _ _ -__ _ _ _.= _ _

.-.--___.__.m O

regarding the design particulars shall be developed by the HSI designer to (1) insure that the human system inteffaces are designed to currently accepted HfE guidelines and (2) insure proper consideration of human capabilities and limitations in the developing system. This guidance shall be derived from sources such an expert judgement, design guidelines and standards, and quantitative (e.g., enthropometric) and qualitative (e.g., relative effectiveness of differing types of disolays for different conditions) data. Procedures shall be employed to ensare HSI adherence with standards.

10. HFE/HSI problems shall be resolved using studies, experiments, and laboratory tests, e.g.,

• Mockups and models may be used to resolve access, workspace and related HFE problems and incorporating these solutions into system design

• Dynamic simulation and HSI prototypes shall be evaluated for use to evaluate design details of equipment requiring critical human performance

• The rationale for selection of design / evaluation tools shall be documented

11. Human factors engineering shall be applied to the design of equipment and sof tware for maintainability, testing and inspection.

12. HSl design elements shall be evaluated to assure their acceptability for task performance and HFE, criteria, standards, and guidelines.

Imnlernentation Plan The plan shall describe the designer's approach to Human System Interface Design. The Human-System Interface Design Implementation Plan shalt address:

• literature and current practices review

• l&C requirements analysis and design

. Compare Task Requirements to l&C Availability

. Modifications to I&C Inventory

. General HSI approach selection

. Trade Studies

. Analyses

• The critoria to be used to meet General Criterion # 8 (selection and design of HSI hardware and software approaches), described above

. HFE design guidance de.elopment and documentation

= HSI detailed design and evaluations Use of design /ew.mation tools such as prototypes shall be specifically identified and rationale for selection Analysis Rp_s ults Report The report shall address the followinn:

• Objectives

• Description of the Methods

+ ldentification of any deviations from the implementation plan

• Results ar.d Discussion

• Conclusions

• Recommendations / Implications for HSI Design HFE Deslan Team Evalttion Rep _grt The report shall address the following:

I i

Draft Review Criteria Report (April 21, 1992)

Page 30 l

e O

• The review methodology and procedures

• Compliance with implementation Plan Procedures

• Review findings Draft Review Criteria Report (April 21, 1992)

Page 31 M

h

- - ~.

ITAAC/DAC Element G. Plant and Emergency Operating Procedure Development DESIGN COMMITMEN1:

Plant and Emergency Operating Procedures shall be developed to support and guide human interaction with plant systems and to control plant rele'.d events and activities. Human engineering principles and criteria shall be applied along with all other design requirements to develop procedures that are technically accurate, comprehensive, explicit, easy to utilize, and validated. The types of procedures covered in the element are:

• plant & system operations (ir.uuding start up, power, and shutdown operations)

+ abnormal & emergency operatiens

• preoperat onal, start up, and surveillance tests

• alarm responso INSPECTION / TEST /AN AlYSIS:

• A Plant and Emergency Opc:ati.ig Procedure Development implementation Plan shall be developed to assure that the development of procedures is conducted cecording to accepted HFE principles.

• The procedures shall be developed in accordance with the plan and the results will be documented in a Procedure Development Report.

• The procedure development shall be reviewed by the HFE Design Team and shall be documented in an Evaluation Report.

DESIGN ACCEPTANCE CRITERIA:

fie neral Criteria The task analysis shall be used to specify the procedures for operations (normal, abnormal r.:J omergency), test, maintenance and inspection.

1.The analysis shall meet all 10CFR regulatory requirements as specified under Element G in Table Y.

2. The activity shall be based upon state of the-art HFE practices at the time of its development (as defined in Element A) including those documents under Element G in Tablo X.

3. The procedures and their development plan shall be based upon accepted HFE practices at the t:me of their development. The plan shall be based upon a review and identification of current practices and literature, including those documents under Element I in Table X.

4. The besis for procedure developmeni shall includ u

+ Plant design bases

• system based technical requirements and specifications

• the task analyses for operations (normal, abnormal, and emergency)

• significant human actions identified in the HRA/PRA

• initiating events to be considered in the EOPs shallinclude those events procent in the desgn bases.

Draft Review Criteria Report (Aptd 21, 1992)

Page 32 l

l

d. -. - -.- - _ _ _ _ _ _ ___ __ _ ____ _ _ _ ___ __ _ _ ________ _ _ _

5. A Writer's Guide shall be developed to establish the process for developing technical procedures that are complete, accurate, consistent, and easy to undo stand and follow. The Guido shall contain sufficiently objective criteria so that procedures developed in accordance with the Guide shall be consistent in organization, style, and content. The Guido shall be used for all procedures within the scopo of this Element. The Writer's Culde shall provide instructions for procedure content and format (including the writing of action steps and the specification of

)

acceptable acronym lists and acceptable terms to be used).

6. The content of the procedures shall incorporate the following elements:

• Title

• Stainment c! Applicability

• Re,arences

• Prerequisites

• Precautions (i cluding warnings, cautions, and notes)

• Limitations and Actions

• Required Human Actions

• Acceptance Criteria e Check # Lists

7. All procedures shall be verified and validated. A review shall be conducted to assure procedures are correct and can be performed. Final validation of operating procedures shall be performet...i a simulation of the integrated system as part of V&V activities described in Elemerit J.

8. An analysis shall be conducted to c.aermine the impact of providing cornputer based procedures and to specify where such an approach would improve procedure utilization and reduce operating crew errors related to procedure use.

Implementation Plan The Plant and Emergency Operating Procedure Development Implementation Plan shall address:

• Literature and current practices-review

• Identification of source data /information to be used as a basis for proceduto development

• Methodology for the evaluation of procedures (plan shall describe tests and analyses that will be used to evaluate procedures)

• Requirements for the effective developi,ient and use of a Procedural Writer's Guide

• Procedures for trr.ining program procedure integration

• Verification and vahdation procedures

• Procedure development documentation requirements Procedute Development-Report The report shall address the following:

• Objectives

• Description of the Methods Used

• identification of any deviations from the implementation plan

• Results, including a list of procedures developed, and a discussiori of the resulting procedures including sample procedures Draft Review Criteria Report (April 21, 1992)

Page 33 9

e

,-m-W g

mr

-m.4--

e

• Conclusions J

• Recornmendations/Ir6plications for HSI Design HFE Deslan Team Evaluation Report The report shall address the following:

i

• The review methodology and procedures

• Compliance with implementation Plan Procedures

• Review findings Draft Review Criteria Report (April 21, 1992)

Page 34 a--

ITAAC/DAC Element H Human Factors Verification and Validation DESIGN COMMITMENT:

The successfulincorporction of human factors engineering irito the final HSI design and the acceptability of the resulting HSI shall be thoroughly evaluated as an integrated system using HFE evaluation procedures, guidelines, standards, and principles.

INS pE CTION, TEST /AN ALYSIS:

• A Human Factors Verification and Llidation Imptomentation Plan shall be d.veloped to assure that 'ne analysis is conducted according to accepted HFE principloa.

• An analysis of Human Factors Verification and Validation shall be conducted in accordance with the plan at.d the findings will be documented in an Analysis Results Report.

• The analyses chall be reviewed by the HFE Design Team and shall be documented in an Evaluation Report.

DESIGN ACCEPTANCC CRITERIA:

_Ge neral Critoria

1. The analysis shall meet all 10CFR regulatory requirements as specified under Element H in Table Y.

2. The activity shall be based upon state-of the art HFE practices at the time of its development (as defined in Element A) including those documents under Element H in Table X.

3. The evaluation shall verify that the performance of the HSI, when all elements are fully Integrated into a system, meets (1) all HFE design goals as established in the program plan; and (2) all system functional requirements and support human operations, maintenance, test, and

' insportion task accomplishment.

4. ' V e a C on shall address:

• Hw,an Hardware interfaces

• i4 nan software interfaces

+r ocedures

• Workstation and console configurations

• Control room design

• Remote shutdown system

• Design of the overcil work environment

5. Individual HSI elements shall be evaluated in a static and/or 'part task' mode to assure that all controls. displays, and data processing that are required are available and that they are designed according to accepted HFE guidelinos. standards, and principles.

6. The integration of HSI elements with each other and with personnel shall be evaluated and validated through dynamic task performance evaluation using evaluation tools which are appropriate to the accomplit ument of this objective. A fully functional HSI prototype and plant -

simulator shall be used as ph.t of theco evaluations. If an alternative to a HSI prototype is Draft Review Criteria Report (April 21, 1992)

Page 35 r

-m_,

.,,.--c

,,,-3m

,m~

w,-

e e

,e.,-

--,--r-.-

-v c

-.r..

Q o

i proposed its acceptability shall be documented in the implementation p;an. The evaluations shall have as their objectives:

• Adequacy of entire HSI configuration for achlovement of safety goals j

• Confirm allocation of function and the structure of tasks assigned to personnel

• Adequacy of staffing and the HSl to support staff to accomplish their tasks.

• Adequacy of Procedures

• Confirm the adequacy of the dynamic aspects of allinterfaces for task accomplishment

• Evaluation and demonstration of error tolerance to human and system failures

7. Dynamic evaluations shall evaluate HSI under a range of operational conditions and upsets, and shall include:

i

• Normal plant evolutions (e.g., start up, fuIl power, and shutdown operations)

• Inrtrument Failures (e.g., Safety System Logic & Control (SSLC) Unit, Fault Tolerant Controller (NSSS), Local 'Fleid Unit' for MUX system, MUX Controller (BOP),

Break in MUX line)

• HSI equipment and processing failure (e.g., loss of VDUs, loss of data processing, loss of large overview display)

• Transients (e.g., Turbine Trip, Loss of Offsite Power, Station Blackout, Loss of 511 FW, Loss of Service Water, Loss of power to selected buses /CR power supplies, and SRV transients)

• Ar cidents (e.g., Maui steam line broak, Positive Reactivity Addition, Control Rod Insertion at power, Control Rod Ejection, ATWS, and various sized LOCAs)

8. Performance measures for dynamic evaluations shall be adequate to test the achievement off all objectives, design goals, and 'crformance requirements and shall include at a minimum:

• System performance mu tues relevant to safety

• Crew Primary Task Perfwaance (e.g., task times, procedure violations)

• Crew Errors -

• Situation Awareness

• Workloat,

• Crew communications and coordination

• Anthropometry evaluations

• Physical positioning and interactions

9. A verification shall be made that allicsues documented in the Hurnan Factors issue Tracking System have been addressed.

10. A verification shall be made that all cr ical human actions as defined by the task analysis u

and PRA/HRA have be adequately supported,n the design. The design of tests and evaluations to be performed as part of dFE V&V activities shall specifically examine these actions, implementatlop Plan The plan shall describe the designer's approach to Human Factors Verification and Vatidation.

The Human Factors Verification and Validation Implementation Plan shall address:

• HSI element evaluation

- Control, Data Processing, Display audit

. Comparison of HSt element design to HFE gudelines, standards, and principles

• Dynamic performance evaluation of fully integrated HSI Draft Review Cri'eria Report (April 21, 1992)

Page 36

~

--T t-

-.'M~'p-=-

r r

• =

M'

~r-

General Objectives Test methodology and procedures Test participants (operators to participato in the test program)

- Test Conditions

- HSI description Performance measures Data analysis

- Criteria for evaluation of results l>tilization of ovaluations

• Documentation mquirements Test & E.aluation Plans and Procedures

- Test Reports Analysjs Results neoort The report shall address the following:

+ Objectivos

• Description of the Methods

• Identification of any deviations from tho implementation plan

• Results and Discussion

+ Conclusions

• Recommendations / Implications for HSI Design llEE_D_qslan Team Evalugilga.Esngrt The report shall address the following:

• The review methodology and procedures

• Complianco with implementation Plan Procedures

• Review findings Draf t Revi:;w Criteria Report (April 21, 1992)

Page 37

Table Y Human Factors Requirements in 10 CFR (2 pages) 10 CFR REFERENCES HFE ELEMENTS Part 20: Standluds for ProteNon Against_ Radiation 20.203. Caution signs, :.oets, signals, and controls.

H,1,B 20.207. Storage and control of licensed materials in unrestricted areas.

B,E J

DJtri 50: Domestic Utenting of Production and Utilization Feediligs 50.34 (i,. Additional TMi related Requirements, Consider all sections but

)

particularly; (1)(1) Site specific PRA D

(1)(v). HPCl/RCIC initiation levels B, E, F,0,1 (1)(vi). Reduction of challenges to relief valves B.E.G,H,1 (1)(vie). Elimination of manual activation of ADS B,E,F.G.H,1 (1)(viii). Automation issues of ECCS restart B,E,F,G,H,1 (1)(xi). Depressurization methods B.E.F,G,H,1 (1)(xii)

Hydrogen cor*ol systems B.E.F,G,H,1 (2)(i). Control room simulator B E,J (2)(11)

Improved plant procedures I

(2)(lii). Control room design that reflects state of the art human factors A

principles (2)(iv). SPDS B, E, F,G,H,1 (2)(v). Indication of' bypassed & inoperable systems B,E.F,G.H,1 (2)(vi). W

'istoms in the control room B, E,F,G,H,1 (2)(xi). Indicauon of relief valves in control room B,G,H (2)(xvi). ECCS & RPS a:tuation cycles B.E.F,G H,1 (2)(xvil) to (xix) post accident instrumentation in control room B.E.G,H,1 (2)(xxi). Heat removal system controls R. E.F,G,H,1 (2)(xxiv). Reactor vessel level instrumentation B,G,H,1 (2)(xxv). TSC, OSC, and EOF A,B, E,G,H,1 (2)(xxvii). Radiation monitoring B,E,F,G H,1 (2)(xxviii)

Control room radiation protection B.E, (3)(i)

. Incorporation of operating, design and constructior' experience A,B (3)(vii). Management controls during design and construction A,C,J 50.34a. Design objectives for equipment to control releases of radioactive B.E.F material in effluents 50.44(iii) High point vents in RCS, operoble from control room B,E,F G,H,1 50.47. Emergency planning, includ.ng procedures, facilities, etc.

8, E,G,H,1 50.48. Fire Protection, tr.rerences Appendix R and includes safe reactor B, E, F,G,H,1 shutdown requirements outside the main control room 50.54 Conditions of licenses, contains control room staffing requirements i;

B.E.F G 50.55a. Codes and standards establishes inservice inspection and testing B.E.G,H,1 requirements, which should be considered when desigring outside control room equipment and Interfaces 50,62 ATWS requirements, includes system specifications such. 3 0,E F,G H,1

,ndependence, reliability and automation 50.63 Loss of all altemating current power, requires analyses, equipment and B.E.F.G,H,1 procedures -

Dratt Review Criteria Report (April 21, 1992)

Page 38 1-r v

w-y y

8 1

Mpf,qdix A General Destgp Cnteria for Nuclear Power Plants l

A Throughout the GDC there are inspection and testing requirements specified for

'he various systems. These mutt be considered when designing the HSI

'hroughout the plant. Some added spscific criteria, as follows are also important

12. Suppression of reactor power oscillations They must be readily detected B.E.F,G.H,1 and suppressed

13. Instrumentation and control Specifies l&C for variables and systems B.E G,H,1 19 Control Room. Specifies both a normal and remote control room A.E

26. and 27, Reactivity control Requires reliable control of reactivity changes B, E, F,G,H,1 G4. Monitoring radioactivity releases Establishes monitoring requirements B,E,G H,1 Appendix B Quality Assurance Criteria Establishes design control and other All pertinent GA requirements Appendix E. Emergency Planning Establishes many pertinent EP requirements A,B,E for facilities, procedures, etc.

Appendix i. ALARA Guides Provides guidance for radiation doso reduction, A,B,F G,H,l.J which is particularly pertinent to the design stage of a NPP.

Appendix [ Primary containment leakage rate testing. This section is also B.E.G,H,1 pertinent to the design stage outside the control room. Ex! sting provisions fr.r LRT in HPPs consider human factors only marginally.

Part 52 Early site permits; standard design certifications; and combined licenses far nuclear power plants.

This part est9blishes the requirements for advanced reactors and is particularly A

relevant.

Part SS Operators' licenses Subpart E - Writtan examins: ions and tests -

Discusses source of infortnatica for required operator knowledge, skills and I

abilities.

Part 73 - Physical protection of plants and materials Details protection and A,B, E,G H,1 security equirements, which in existing plants have caused significant operational cont l! cts. These must be carefully considered at the design stage from a human engineering standpoint to avoid repetition of these problems.

l Draf t Review Criteria Report (April 21, 1992)

Page 39 l

{

--.,. -