NSD-NRC-97-5119, Forwards Rev 2 to WCAP-14651,Rev 1 to WCAP-14701,Rev 3 to WCAP-14401 & Ssar Chapter 18 Markups to Resolve Comments Received in

From kanterella
(Redirected from ML20141K155)
Jump to navigation Jump to search
Forwards Rev 2 to WCAP-14651,Rev 1 to WCAP-14701,Rev 3 to WCAP-14401 & Ssar Chapter 18 Markups to Resolve Comments Received in
ML20141K155
Person / Time
Site: 05200003
Issue date: 05/19/1997
From: Mcintyre B
WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To: Quay T
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
Shared Package
ML20141K158 List:
References
NSD-NRC-97-5119, NUDOCS 9705280348
Download: ML20141K155 (26)
v  d  e


Text

,

x, ,g 7

( -

. NJ

,, )

Westinghouse Energy Systems em 355 Pittsburgh Pennsylvania 15230 0355 Electric Corporation NSD-NRC-97-5119 DCP/NRC0856 Docket No.: STN-52-003 May 19,1997 Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555 ATTENTION: T. R. QUAY

SUBJECT:

RESOLUTION OF EDITORIAL HFE COMMENTS RECEIVED 04/24/97

Reference:

1. Letter from NRC to Westing!.ouse (Huffman to Liparulo), " Editorial Comments on the AP600 Human Factors Engineering Documentation," dated 04/24/97.

Dear Mr. Quay:

Attached are the following documents, issued to resolve the comments received in the referenced letter:

WCAP-14651, Revision 2 WCAP-14701, Revision I WCAP-14401, Revision 3 SSAR Chapter 18 markups as summarized in Table 1 of this letter 1

With this submittal, the Westinghouse status for DSER open item 5247 is changed to " Confirm-W" with an action for Westinghouse to ensure the attached SSAR markup is incorporated into the AP600 SSAR Revision 13, scheduled for May 30,1997. This markup does not reflect changes being incorporated into SSAR Revision 13 to resolve NRC comments on the HFE ITAAC. Please contact Robin K. Nydes at (412) 374-4125 if you have any questions regarding this transmittal.

x h Y Brian A. McIntyre, Manager l i

Advanced Plant Safety and Licensing ,

jml Enclosure cc: Jim Bongara, NRC (lL,1E)

Bill iluffman, NRC (ll, SE)

~~

John O'Hara, DNL (1L,1E) gggggg Jim liiggins, BNL (ll, lE)

...a ..o -

N. J. Liparulo, Westinghouse (w/o Attachment) 9705280348 970519 PDR ADOCK 05200003-E PDR u,

l

,e ' '

x TABLE 1 SSAR PAGE REVISIONS MADE TO RESOLVE NRC COMMENTS FROM REFERENCE 1 OF NSD-NRC-97-5119 i Comment Revised SSAR Page(s) Notes  !

1 18.1 2 2 18.1-4 3 18.2-1, 18.12 1 4 18.2 12, 18.2-5 5 18.2-4, 18.2-l 9 6 18.4-2 7 18.8-1, 18.8-16, 18.8-20 8 &. 9 18.8-17, 18.8-18 The change to 18.8-18 also q addresses the consistency issue of using " remote shutdown facility" vs. " remote shutdown workstation". Consistency with SSAR Chapter 7 and the ITAACs was confirmed.

10,11, & 12 18.11-1 12 18.11-5 (Figure 18.11-1) 13 18.1-4, 18.8-25, 18.12-8 Reference list changed for WCAP-14651 changes made.

12, 14, & 15 18.8-26, 18.11-2 Reference list changed for WCAP-14701 changes made.

15 18.8-29 16 18.8-30 17 18.1-4, 18.8-25, 13.11-2 References list changed for WCAP-14401 changes made.

Consistency with the HFE ITAAC was confirmed.

n/a 18.12-10 A typographical error was corrected.

3 t B94

)

AP600 Open item Tracking Syztem Database: Execative Sr,mm ry Date: 5/19/97 I Selecties: litem no] between 5247 And 5247 Sorted by item #

leem DSI.R Section Resp Titic/Descnpta (W) NRC I

. _ _ . __ - ._W No. Branch Question Type Detail Status Engineer . Status Status '

. _ _ _ _ . . _ . .._ _ .__ _ , _ _ _ . _ . _ _ _ - _ . _ . _ . - - - - . _ _ _ - _ . . . _ _ .No_ . /._.._D_

. '_. -.ate. .

5247 NRR/IlifFB 1B RAI4.)I MMIS/Kerch Confrm-W Action W NTD-NRC-97-5119 ,

~

[ Respond to NRC " Editorial Comments on the AP600 Iluman Factors Engineering D--mion* recived by letter dated april 24,1997.

~

[]

lTelecon with KercWBongarra helTESSA'R and5UIP'ciuinge ~ aged uport Markups we'dansmi5dinternally r forAanagement revieE~~~

Comments rec'd and final changes being incoporased. Will provide a letter to NRC transmining markups and WCAPs; marLups to be incorporated jinto SSAR Rev 13,end-May. rkn 5/8/97

[ Westinghouse action complete with SSAR markup and WCAPs subrnistal by NSD-NRC-97-5119. rkn 5/19 i

I t

3 e

i i i

i i

P i

I L

I I

e Page: 1 Total Records: I I

_ _ _ _ _ _ _ _ _ _ _ _ . _____ _ _____________m __ _- _m. x -_.. _.. . . _ , - . . _ . . . - - . . . , , - - - . . , . .

- . ~ . . . . . . , _ . , - , . . . ~ . ._ _.,m_ _ _i

. 18. Human Factors Engineedag 7

( i i TI e layout and environmental design of the main control and the remote shutdown rooms, and I the supplementary support areas, such as the technical support center, are sites of application I of the traditional disciplines of human factors engineering.

I I Input from the designers is provided to the Combined License applicant that includes i decisions made in the design of the AP600 that affect those interfaces in the Combined I License applicant's scope. This includes input on the operating staff training program and on I the development of the plant operating procedures.

I l Because of the rapid changes that are taking place in the digital computer and graphic display I technology employed in a modem human rystem interface, design certification of the AP600 l I focuses upon the process used to design and implement human system interfaces for the l AP600, rather than on the details of the implementation. As a result, this chapter describes I the processes used to provide human factors engineering in the design of the AP600 l

i This chapter describes the application of the human factors engineering disciplines to the i design of the AP600. The basis for the human factors engineering program is the human i l factors engineering process specified in Reference 2. Figure 18.1-1 illustrates the 10 elements I of the human factors engineering program. Rese elements conform to the elements specified I in Reference 2. De organization of this chapter parallels these elements. In addition to the ,

10 elements of the program review model, this chapter includes a description of the minimum l 1

l inventory of controls, displays, and alarms present in the main control room,\The following p, l provides an annotated outline of the chapter:

l fark& h l 18.2 Human Factors Engineering Program Management i y

4 gg I

l Section 18.2 presents the AP600 human factors engineering program plan that is)s&#g 1 used to develop, execute, oversee, and document the human factors engineeringl I program. This program plan includes the composition of the human factors I engineering design team.

I l 18.3 Operatmg Experience Review I

1 Section 183 and Reference 3 present the results of a review of applicable operating I experience. This operating experience review identifies, analyzes, and addresses i human factors engineering-related problems encountered in previous designs.

I I 18.4 Functional Requirements Analysis and Allocation l

I Section 18.4 and Reference 4 present the results of the functional requirements I analysis and function allocation process applied to the AP600. ng functional l requirements analysis defines the plant's safety functions, decomposes each safety I function, compares the safety functions and processes with currently operatmg l Wesdaghouse pressurned water reactors, and provides the technical basis for those I processes that have been modified. He function allocation documents the Revision: 9 August 9,1996 18.1-2 3 WestinghouS8

18. Human Factors Engineering k,

18.12 Inventory Section 18.12 presents the minimum inventory of. " r^-himedNntrols, displays, and alarms The design basis and the selection criteria used to identify the minimum inventory bare presented.

18.1.1 References ff 4enf pi Oc imith con /To{ (604 O!1$ Q f Nd-1.

reame +e shha win urb cksk tk.

Reason, J. T., " Human Error," Cambridge, U.K., Cambridge University Press,1990.

1 2. NUREG-0711. " Human Factors Engineering Program Review Model," July 1994, U.S. NRC.

3. WCAP 14645, " Human Factors Engineering Operating Experience Review Report for the l AP600 Nuclear Power Plant," Revision 2, December 1996.

I 4. WCAP-14644, "AP600 Functional Requirements Analysis and Function Allocation,"

l Revision 0, September 1996.

5. WCAP-14694, " Designer's Input To Determination of the AP6CX) Main Control Room I Staffing Level," Revision 0, July 1996.
6. WCAP-14651, " Integration of Human Reliability Analysis with Human Factors 1 Engineering Design Implementation Plan," Revisiorpf, September 1996' .

( 1

z. M61 7 1 7. WCAP-14690, " Designer's Input To Procedure Development for the AP600," Revision 0, 1 June 1996.
8. WCAP-14655, " Designer's Input to The Training of The Human Factors Engineering i Verification and Validation Personnel," Revision 1. August 1996.
9. WCAP-14401, " Programmatic Ilevel Description of the AP600 Human Factors l Verification and Validation Plan," Revision 2, J,anuar'y 1997.

/

3 Nml

/

Revision: 11 February 28,1997 18.1-4 3 Westinghouse

18. Hrman Factors Ergineering

[

lMuryht*1Auf.(h 1 18.2 Human Factors Engineering Program Management I

)

I ne purpose of this section is to describe the goals of the AP600 human fac ors engineering I program, the technical program to accomplish these goals, the h== fr^~ -ag":-ing -

I design team, and man 1gement and organizational structure that support the implementation i of the technical program.

l Human factors engineenng is the system engineering of human system interfaces. He I program management tools and procedures that govem the design of AP600 systems apply I to the human factors engineering activity. This approach is expected to integrate the design i of human system interfaces with other plant systems.

I i 18.2.1 Human Factors Engineering Program Goals, Scope, Assumptions, and Constraints I 18.2.1.1 Human Factors Engineering Program Goals I The goal of the human factors engineering program is to provide the users of the plant I operation and control centers effective means for acquinng and understanding plant data and l l

1 executing actions to control the plant's processes and equipment.

l l The objective is to enable personnel tasks to be accomplished within time and performance I criteria.

l l 18.2.1.2 Assumptions and Constraints l

I There are a number of inputs to the human factors engineering design process that specify I assumptions or constraints on the human factors engineering program and the human system I interfaces design.

I I Major design inputs include regulatory guidelines, guidance from utilities and utility I representative groups, utility requirements documents, and AP600 plant systems design I specifications. The requirements resulting from these design inputs are captured in human i system interfaces specification documents and functional requirements doct'.ments.

1 I While assumptions and constraints specified by design inputs are provisionally treated as I design requirements, the appropriateness of these requirements is evaluated as part of the I human factors engineering design process. Results of human factors engineering activities I such as operating experience review, task analyses, rapid prototyping and concept testing, and I verification and validadon activities are used to provide feedback on the adequacy of initial i human system interfaces design assumptions and constraints. If results of human factors i engineering analyses or evaluations indicate that initial human system interfaces design I assumptions or constraints are inadequate, then the human system inteifaces design I requirements are revised utilizing the standard AP600 design configuration change control I process.

Revision: 9 18.2 1 August 9,1996

[ W85tingh00S8

l ' he. % i. h } icep+ e Aft's n

  • d o' %,IedSill o r- p
  • 4w 7-h t .

( E. C t~' NAuidf/co

.'etc l

[ v d A t1 a / 0 C Tg) ee g'g"umh[c!ctorsYn'g'in#

- - x~ n ., .~ km n.- n ,. u.,, , ,

j i

. 1 I s '-

I the implementation technology to be assumed for the human system interfaces is derived from I assessment of existing technology and anticipated advancements. An emphasis is placed on 1 j utilization of proven, reliable technology. The decision on the specific technology to be I employed is made on a case-by-case basis after available technology attematives are evaluated, l[ 18.2.1.3 Applicable Facilities 4

Facilities included in the scope of the AP600 human factors engineering program are the main l control room (MCR), the technical support center (TSC), the remote shutdown facility, the I{ operational support center, the emergency operations facility (EOF), and local control stations.

l l >--The cm%un vr uvu. facility dw ei, middig spccificatian of  !=ation is 'he -

I respezibilky-c! the Cc-biaed Lice = AppW=' Communication with the emergency I operations facility is the responsibility of the Combined License applicant. Section 13.3 1 discusses the responsibility for emergency plar_ zg.

I I 18.2.1.4 Applicable Human System Interfaces l

I The scope of the human system interfaces encompasses the instrutnentation and control I systems which perfonn the monitoring, control, and protection functions associated with all I modes of plant normal operation as well as off-normal, emergency, and accident conditions.

I Both the physical and the cognitive characteristics of those humans involved in the use, I control, maintenance, test, inspection, and surveillance of plant systems are accommodated.

I i 18.2.1.5 Applicable Plant Personnel i

I De AP600 human factors engineering program and the design of the human system interfaces I includes the selection, synthesis, and distribution of process data to plant operations personnel I as well as other plant personnel. Rese additional users include management, engineering, I maintenance, health physics and chemistry personnel.

I i 18.2.1.6 Technical Basis 1

I ne human factors engineering program is perfonned in accordance with accepted industry I standards, guidelines, and practices. De references listed at the end of each Chapter 18 I section and within any supporting documentation and reports are used to guide the human i factors engineering program. The human factors engineering process specified in Reference 1 I is used.

I i 18.2.2 Human Sys:em Interfaces Design Team and Organiration '

I l The human system interfaces design team is part of the AP600 systems engineering function I and has similar responsibility, authority, and accountability as the rest of the design i disciplines. Figure 18.2-1 depicts the process used by the human system interfaces design I team members. Figure 18.2-2 shows the organization cf the human system interfaces design I team and its relationship to the AP600 design organization.

Revision: 9 August 9,1996 18.2-4 3 W95tingh0llS8

  • 18. Human Factors Engineedng 1 18.2.2.1 Responsibility i

I The mission of the human system interfaces design team is to develop the main control room I and ancillary control facilities (such as remote shutdown workstation) that suppon plant I personnel in the safe operation and maintenance of the plant. The human system interfaces I design team is responsible for coordinating the human factors aspects associated with

I designing the stmetures, systems, and components that make up the main control room and I ancillary control facilities.

I l The human system interfaces design team is responsible for:

I l - Development of human system interfaces plans and guidelines I = Oversight and review of human system interfaces design, demopment, test, and I evaluation activities I = Initiation, recommendation, and provision of solutions for problems identified in the I implementation of the human system interfaces activities

, I = Assurance that human system interfaces activities comply with the human system l interfaces plans and guidelines I

i 18.2.2.2 Organizational Placement and Authority I

I The organization of the human system interfaces design team and its relation to the AP600 l design organization is depicted in Figure 18.2-2. He structure of the organization may I change, but the functional nature of the human system interfaces design team is retained I through the change. The human system interfaces design team consists of an instrumentation I and control system manager, advisors / reviewers team, core human system interfaces design I team, and human system interfaces technical lead. The technical disciplines described in I subsections 18.2.2.3 and 18.2.2.4 are organized by function within the core human system

, I interfaces design team. He core human system interfaces design team and the i advisors / reviewers team report to theja8 instrumentation and control system manager. He I human system interfaces technical lead works within the human system interface design I function and reports to theprTstrumentation and control system manager through the I manager of the human system interface design function. nejanifnstrumentation and I control system manager is responsible for the design of the AP600 instrumentation and control I systems which include the human system interfaces. ThpantTnstrumentation and control I system manager reports to the AP600 project manager.

I I ne manager of the human system interface design function, who performs the function of I technical project management for the human factors engineering design process, is responsible

I for the overall human system interfaces design and for integration of tk ' uman system I interfaces design with the overall plant design. De advisors / reviewers team is responsible I for overseeing the general progress of the human system interfaces design, providing guidance I within the core human system interfaces design team, reviewing and providing comments on I documents, specifications, and drawings pertaining to the human system interfaces design, and I providing supplemental expertise in particular areas of design. De responsibility of the core I human system interfaces design team is to produce the detailed design of the human system Revision: 9 18.2 5 August 9,1996 T W85tifigh0US8
18. Human Factors Engineering I 18.2.3.1 General Process and Procedures l

U U l The Mnstmmentation and control system hMfunction is responsible for development I of,the AP600 instrumentation and control (I&C), including human system interfaces, and I coordinating and integrating AP600 instrumentation and control and human system interfaces I with other AP600 plant design activities. He overall operation of the project instrumentation I and control systems function is defined. The function includes human system interfaces I design of control rooms and control boards, instrumentation and control design, and control I room / equipment design. The function includes definition of an engineering plan, review of I inputs, production of system documentation, verification of work, procurement and i manufacturing follow-up, and acceptance testing. An iterative feature is built into the process.

I I Documents produced as pan of the instrumentation and control and human system interfaces I design process include:

1 1

  • Operating experience review documents I
  • Task analysis documents I = Functional requirements documents I = Human system interfaces design guidelines documents I = Design specification documerits I
  • Instrumentation and control architecture diagrams 1 . Block diagrams I
  • Room layout diagrams I . Instrumentation lists l = System specification documents I The procedures governing instrumentation and control engineering work specify methods for I verification of work. The types of verification include:

I l

  • Design verification by design reviews l . Design verification by independent review /altemative calculations I . Design verification by testing I .

l I System Specification Documents 1

i System specificadon documents identify specific system design requirements and show how j l the design satisfies the rcquirements. They provide a vehicle for documenting the design and I they address information interfaces among the various design groups.

I I System specification documents follow established format and content requirements. The  ;

I content of a system specification document includes: i l

I

  • Purpose of the system i
  • Functional requirements and design criteria for the system i
  • System design description including system arrangement and performance parameters I
  • Layout Revision: 9 August 9,1996 18.2 12 3 W8Stingt10US8

l

. Tuman Factors EEgineering iterative stages of the human factors engineering process. Potential points of iteration are indicated in Figure 18.2-3. Further details on the activities, inputs, and output documents

, associated with the various elements of the human factors engineering program are provided {

in the sections corresponding to each human factors engineering element. i Figure 18.2-3 provides a program milestone schedule of human factors engineering tasks showing relationships between human factors engineering elements and activities, products, and reviews. Intemal design reviews are performed at various points throughout the design process. .

npwt l 18.2.6 C j

-- & ombined License Information \

The Combined License applicant referencing the AP600 cenified design is responsible fo'r the l emergency operations facility 4 sign *i'ncluding specification of the location di Acto r/4,i c f l

@ th % th % b h u, w luba cinheen JR 9 tm g i 18.2.7 References y // // .

l

1. NUREG-0711. " Human Factors Engineering Program Review Model," U.S. NRC.

1

2. WCAP-14645, " Human Factors Engineering Operating Experience Review Report For '

The AP600 Nuclear Power Plant."  ;

3. WCAP-14694, " Designers Input to Determination of the AP600 Main Control Room

, Staffing Level."

\

4. WCAP-14644, "AP600 Functional R.egmrements Analysis and Allocation."
5. Reason, J.T., " Human Error," Cambridge, U.K., Cambridge University Press,1990.

I

\ 6. WCAP-14822, "AP600 Quality Assurance Procedures Supporting NRC Review of AP600 l SSAR Sections 18.2 and 18.8," Revision 0, Febmary 1997.

l ~j1tk. C&#1th Ncen K sfhcarb' t!{er'f *1 n'14 Sfe _WN #^ /S r uf tnSobc ftr "Yhe II

<>t ? duh Ch 'l ilt Q C ohs o ttb hMIM*\ LW e; psehr r0 (M1 /cc<t+f0 b  !.' sec h c ',1 /d,2-e Revision: 11

[ W85fingt10US8 18.2-19 February 28,1997

i 1

. j

18. Human Factors Ergineering i l

1 Mechanisms available for reconsidering, and if necessary, changing AP600 function allocations in response to operating experience, and the outcomes of ongoing analyses and trade studies 18.4.1 Combined License Information p V

This section has no requirement for information to be provided in support of the Combined License application.

l 18.4.2 References

)

1. NUREG-0711. " Human Factors Engineering Program Review Model," 1994.

i l 2. WCAP-14644, "AP600 Functional Requirements Analysis and Function Allocation," j l Revision 0, September 1996.

l

3. NUREG/CR-3331, "A Methodology for Allocation of Nuclear Power Plant Control l Functions to Human and Automated Control," 1983.

I i

l i

1 Revision: 11 February 28,1997 18.4-2 W-Westingt100S8

' _. ,: 18. Human Fcciors Engineering 4

18.8 Human System Interface Design 1 This section provides an implementation plan for the design of the human system interface (HSD and information on the human factors design for the non-HSI ponion of the plant. The human system interface includes the design of the operation and control centers (OCS) and

I each of the human system interface resources. Execution and documentation of this I implementation plan is the responsibility of the Combined License applicant.

l l The operation and control centers includes the main control room, the technical suppon center, the remote shutdown facility, operational support center 1ocal control stations and associated 3

workstations for each of these centers. The AP600 humin system interface resources include:

. Wall panel info mation system

  • Alarm system { . ,i W

Plant infonnation system Computerized procedure system

?'" * * '1 y '

/

U'% /

Soft controls / dedicated controls

  • Qualified data processing system The wall panel information station presents information about the plant for use by the operators. No control capabilities.are included. The wall panel information station provides dynamic display of plant parameters and alarm information so that a high level understanding of current plant status can be readily ascertained. It is located at one end of the main control ,

area at a height such that both operators and the shift supervisor can view it while sitting at  !

their respective workstations. This panel provides information important to maintaining the  ;

situation awareness of the crew and for supporting crew coordination. The wall panel l information station provides a dynamic plant display of the plant. It also serves as the alarm system overview panel display. The display of plant disturbances (alarms) and plant process data are integrated on this wall panel information station display. The wall panel information station is a nonsafety-related system. It is designed to have a high level of reliability.

The mission of the AP600 alarm system, together with the other human system interface l resources, is to provide the operations and control centers operating staff with the means for acquiring and understanding the plant's behavior. The alarm system improves the )

performance of the operating crew members, when acting both as individuals and as a team,  !

by improving the presentation of the plant's process alarms. The alarm system supports the control room crew members in the following steps or activities of Rasmussen's operator decision-making model (Reference 25): i

= The " alert" activity, which alerts the operator to off-normal conditions

  • 'Ihe " observe what is abnormal" activity, which aids the user in focusing on the important issue (s)

Revision: 10 3 Westinghouse 18.8 1 December 20,1996

, 18. Human Fcctors Engineering The technical basis for software specifications are verified with plant data (for example, heat.

up and cool down limits, steam generator setpoints and high- and low-level alarm setpoints).

The AP600 human system interface is designed so that the plant data is a separate data file independen; of the software specifications.

18.8.2.6 Minimum Information The AP600 human system interface resources used to address the Safety Parameter Display System requirements are the alarm system, plant information system, and the computerized procedure system. The AP600 human system interface displays sufficient information to determine plant safety status with respect to the Safety Parameter Display System safety functions. The safety functions and respective parameters presented in Table 2 of i Reference 32 is used as a starting point for the AP600. The human system interface design implementation plan is described in subsection 18.8.1 and includes the integration of Safety Parameter Display System requirements into the human system interface. De Safety Parameter Display System design issue of " minimum information" is tracked by the human factors engineering issues tracking system.

18.8.2.7 Procedures and Training As stated in Sections 13.2 and 13.5, the development of enining programs and plant procedures are the responsibility of the Combined License applicant. Reference 30 describes how training insights are passed from the designer to the Combined License applicant.

Reference 31 provides input to the Combined License applicant for the development of plant l operating procedures.

18.8.3 Operation and Control Centers j The human system interface includes the design of the operation and control cente (operation j and control centers). He design of each of these control centers is conducted using the i human system interface implementation plan presented in subsection 18.8.1. Thp j each of the operation and control centers in the AP600 is providel ght subsec-tions. Coupled with each mission statement is a brief description of the major tasks and i design features that are supported by that center. j 18.8.3.1 Main Control Room Mission and Major Tasks The mission of the main control room is to provide a seismically qualified habitable and comfortable loct. tion for housing the resources for a limited number of humans to monitor and control the plant processes.

The major tasks performed in the main control room include monitoring, supervising, manag-ing, and controlling those aspects of the plant processes related to the thermodynamic and energy conversion processes under normal, abnormal, and emergency conditions. Operating staff can monitor, supervise, manage, and control processes that have a real-time requirement for protecting the health and safety of operating personnel. The main control room supports Revision: 11 February 28,1997 18.8-16 3 Westiligt10Use

i 09 5 % e) S k ec n 6 ISr [ b & len1 N 'd k W jf A l i' W a

resg4 3 e [ n O rm L j

([ic bA ,Mj/ca+,n,"gA 7'*(8/

y.4 ,oHuNn' 3gSc tY Ey

, i de

$ j _ ,. ,

Q'l ~' ' ' 'f nTrer anj y, , y,m}

/ ./

l alarms, displays, controls, and procedures. These resources are located in a control area outside of the main control room.

1 18.8.3.8 Local Control Stations Slission and Major Tasks l The mission of the local control stations is to provide areas, outside of the main control room, the remote shutdown room, and the radwaste control area, for operations personnel with the appropriate resources to perfonn monitoring and control activities. Activities that are implemented on local control stations are reviewed to verify that their removal from the main control room is consistent with the operator staffing and perfonnance considerations. Human system interface locations are provided for single task operations such as the operation of a

( , mmmi valve i b

  • L3e 3 G m.'p..ny C n. 2 r, . s x e ,,;g 18.8.4 Human Factors Design for the o Human-System Interface Portion of the Plant
18.8.4.1 General Plant Layout and Design The AP600 design process incorporates a human engineering approach to operations and maintenance. Maintainability design guidelines and human factors and as-low-as-reasonably-l achievable (ALARA) checklists are used to meet the requirements of a human engineered environment. The design objectives include reducing worker exposure and eliminating unnecessary inspection and maintenance tasks.

i 18.8.4.1.1 Maintainability l

Design features such as component selection, layout and standardization increase the probability that targeted repair times are achieved. These features coupled with a preventative maintenance program help the AP600 meet its objectives for operation and maintenance.

Design requirements from the utility industry and industry design practices establish criteria for layout, changeout, and replacement for pans and components; access for major pieces of equipment; and vehicle passage.

. Critical path outage models are prepared for the AP600. A typical refueling and maintenance outage schedule is used by design engineers. The model indicates maintenance windows for major outage events. Maintenance and testing of equipment and necessary plant operations  !

, (for example, refueling, heatup, and cooldown) are scheduled within the outage window.

i 4

18.8.4.1.2 Accessibility and Equipment Laydown Provisions AP600 maintainability design guidelines assist designers in identifying top-level layout requirements for equipment accessibility. Component engineers specify space requirements for routine maintenance, inservice inspection, testing and component replacement.

1 Frequency of inspection and maintenance dictates whether permanent platforms, ladders, and scaffolding are provided.

Revision: 10 December 20,19% 18.8 20 [ Westiflgh0US8

18. Human Fact:rs Engineering I I

the operator's decision-making process, and promotes the interaction with other plant personnel, while preventing distractions by non-operating persorinel. The main control room provides the interfacing resources between the operation of the plant and the maintenance of the plant. Its areas include the main control area, the switching and tagging area, the shift I

  • supervisor's office, the shift supervisor's clerk's office, and the operations staff's area (see I Figure 1.2-8). Habitability systems are described in Sections 6.4 and 9.4.

l 18.8.3.2 Main Control Area Mission and Major Tasks "

~

1 The mission of the main control area is to provide the support facilitie necessary for the operators to monitor and control the AP600 efficiently and reliably. Fi e 6.4-1 provides a view of th main control area. The main control area includes reactor operator workstatio '"leismus A and DDfie~ supervisor's workstation, the dedicated safety panel and the panel associated with the wall panel information system. The layout, size and ergonomics of the operator workstatior(shand the wall panel information system depicted in this figure does not reflect the results of the human system interface design implementation plan described in subsection 18.8.1. The actual size, shape, ergonomics and layout of the operator workstatior(s) and the wall panel information system is an output of the implementation plan. l The major task of the main control area is to provide the human system interface resources that determine the plant state and implement the desired changes to the plant state during both normal and emergency plant operations. The mam control area provides alarms to alert the operator to the need for funher investigation. Plant process data displays permit the operator to observe abnormal conditions and identify the plant state. The controls enable the operator to execute actions. The process data displays and the alarms provide feedback to enable the operator to observe the effects of the control actions.

E,<L J m

^

deactor operator @orkstatiorfWr29c'o'n'tairfthe displays and controls to sta 3 maneuver the plant. and shut dowr. the plant. Reference 44 presents input from the designer to the Combined License applicant for.the determination of the staffing level of the operating crew in the main control room. Each workstation is designed to be manned by one operator.

There is sufficient space and operator interface devices for two operators. The physical makeup rof "/d=iens A- is identical. He human system interface resources available at each workstation are:

-@e A:n<e r egh / o p A.b r (Jo r Wi s h3 Plant information system displays

  • Control displays (soft controls)

=

Alarm system support displays

  • Computerized procedure displays Screen and componen; selector controls .-

\ge reaLuarechu MH 40'O . S The supervisor workstatiori is identical r to "/e&du?A LTDxcept that its controls are locked-out. He supervisor workstation contains both internal plant and extemal plant communications systems.

Revision: 10

[ W6Stiflgt10ljSe 18.8-17 December 20,1996

18. Human Factors Engineering l

a reWh e pdct att(Whin '

i l

Upon failure of eetheGS =i= A ei lleiw.e., "f the failed workstation is locked out, )

and the supervisor workstation controls are unlocked. This modified workstation configuration l maintains independent, redundant workstations. l A dedicated safety panel is located in the main control area. The qualified data processing 1 system visual display units and the dedicated safety system controls are provided in this panel. ;

These visual display units are the only monitoring display devices in the main control room  !

that are seismically qualified and provide the post-accident monitoring capabilities in i accordance with Regulatory Guide 1.97. Dedicated system-level safety system control switches are located on the dedicated safety panel to provide the operators with single-step ,

safety system actuation capabilities. A minimum inventory of these dedicated displays and i controls are presented in Section 18.12.

l There is storage space for supplies, protective clothing and some spare parts. Cabinets are  !

provided for necessary documents, and a drawing laydown area is provided for the operators' l use. Restroom and kitchen facilities are provided for the main control room operations crew.

l 18.8.3.3 Switching and Tagging Area Mission and Major Tasks i

The mission of the switching and tagging area is to provide an interface between plant I maintenance and plant operations personnel. Figures 1.2-8 and 6.4-1 provide the layout of j the switching and tagging area. The operations ' staff monitors and approves the state of  ;

systems, major components, and equipment. The maintenance staff is informed of  !

maintenance required by the operations staff. The means for initiating, tracking, and logging I maintenance work orders is provided. l l

The major task of the switching and tagging area is to ease the management and j implementation of the switching and tagging operations. The switching and tagging area generates notifications that equipment is not available due to testing, maintenance, or i equipment failure. These notifications alert plant operating personnel to the unavailability of l equipment. Notifications are provided to plant maintenance personnel, alerting them that i operating personnel are aware of the equipment status. 'Ihe switching and tagging area  ;

facilitates a systematic and organized approach to removing equipment from service as well as retuming it to service.

18.8.3.4 Remote Shutdown n Mission and Major Tasks.

v)

The mission of the remote shutdown.womssateen is to provide the* resources to bring the plant to a safe shutdown condition ster an evacuation of the main control room. The remote shutdown workstation resources are based on an assumed evacuation of the main control room without an opportuniV to accomplish tasks involved in the shutdown except reactor trip. l Subsection 7.4.3 discunes safe shutdown using the remote shutdown workstation, including i design bases information.

Revisiont 10 December 20,1996 18.8-18 3 Westinghouse

18. Human Factors Engineering 5
18. Electric Power Research Institute, " Advanced Light Water Reactor Utility Requirements Document, Vol. HI. ALWR Passive Plant, Chapter 10: Man-Machine Interface Systems."

Revision 6, December 1993.

19. Intemational Electrotechnical Commission, " Design for Control Rooms of Nuclear Power Plants," IEC Standard 964,1989.
20. Intemational Electrotecnmcal Commission, "Operanng Conditions for Industrial-Process Measurement and Control Equipment," IEC Standard 654-1, 1979.
21. Proctor D. H. and Hughes, J. P., " Chemical Hazards of the Workplace," 1978.
22. 29CFR1910. " Occupational Safety and Health Standards," 1975.
23. WCAP-14651, " Integration of Human Reliability Analysis With Human Factors 1 Engineering Design Implementation Plan," Revision,l', SeptemTr 1996'.

2 My 7

24. WCAP-14401, " Programmatic Level Description of the AP600 Human Factors i Verification and Validation Plan," Revision % J,anuary'1997.

b Afd)

25. WCAP-14695, " Description of the Westinghouse Operator Decision Making Model and l Function Based Task Analysis Methodology," Revision 0, July 1996.
26. 10 CFR 50.34 (f) (2) (iv).
27. NUREG-0737, Supplement 1; " Requirements for Emergency Response Capability."
28. NUREG-0696, " Functional Criteria For Emergency Response Facilities."
29. NUREG-0711 " Human Factors Engineering Program Review Model," July 1994.
30. WCAP-14655, " Designer's Input for the Training of the Human Factors Engineering i Verification and Validation Personnel," Revision 1, August 1996.

l 31. WCAP-14690, " Designer's Input to Pmeedure Development for the AP600," Revision 0, 1 June 1996.

32. NUREG-1342, "A Status Report Regarding Industry Implementation of Safety Parameter Display Systems."
33. Rasmussen, J.,1986, "Information Processing and Human-Machine Interaction, An Approach to Cognitive Engineering," (New York, North-Holland). '
34. O'Hara, J. M. and Wachtel, J.,1991, " Advanced Control Room Evaluation: General Appmach and Rationale" in "Proceedmgs of the Human Factors 35th Annual Meeting,"

pp.1243-1247, (Santa Monica, CA, Human Factors Society).

Revision: 11 Y W8Stingh0US8 18.8-25' February 28,1997

. \

18. Human Factors Engineering
35. Woods, D. D. and Roth, E. M.,1988, " Cognitive Systems Engineering," Helander, M.

(

(ed.), " Handbook of Human-Computer Interaction," pp.3-43, (New York, NY, Elsevier Science Publishing Co.,Inc.).

36. Woods, D. D., Wise, J. A., and Hanes, L. F.,1982, " Evaluation of Safety Parameter Display Concepts," NP-2239, (Palo Alto, CA. Electric Power Research Institute).
37. Woods, D. D. and Roth, E. M.,1986, "The Role of Cognitive Modeling in Nuclear Power Plant Personnel Activities," NUREG-CR-4532, Volume 1, (Washington, D.C.,

U.S. Nuclear Regulatory Conmussion).

38. Woods, D. D., Roth, E. M., Stubler, W. F., and Mumaw, R. J.,1990, " Navigating Through Large Display Networks in Dynamic Control Applications" in " Proceedings of the Human Factors Society 34th Annual Meeting," pp. 396-399, (Santa Monica, CA, Human Factors Society).
39. Reason, J. T.,1990, " Human Ermr," (Cambridge, UK, Cambridge University Press).
40. Stubler, W. F., Roth, E. M., and Mumaw, R. J.,1991, " Evaluation Issues for Computer-Based Control Rooms" in " Proceedings of the Human Factors Society 35th Annual Meeting " pp. 383-387, (Santa Menica, CA, Human Factors Society).
41. Woods, D. D.,1982, " Application of Safety. Parameter Display Evaluation Project to Design of Westinghouse Safety Parameter Display System," Appendix E to " Emergency

(

Response Facilities Design and V & V Process," WCAP-10170, submitted to the U.S.

Nuclear Regulatory Commission in support of their review of the Westinghouse Generic Safety Parameter Display System Non-Proprietary, (Pittsburgh, PA, Westinghouse ,

Electric Corp.). I

42. U.S. Department of Defense,1989, " Military Standard 1472D; Human Engineering Design Criteria for Military Systems, Equipment and Facilities," (Washington, D.C., U.S.

Department of Defense).

43. American National Standards Institute,1988, ' ANSI /HF 100-1988, American National Standard for Human Factors Engineering of Visual Display Terminal Workstations,"

(Santa Monica, CA, Human Factors Society, American National Standards Institute).

44. WCAP-14694, " Designer's Input To Determmation of the AP600 Main Control Room Staffing Level."
45. WCAP-14701," Methodology and Results of Defining Evaluation Issues for.the AP600 l Human System Interface Design Test Program."j $vipin 7j JMy /pj7 1 46. Reid, G. B. and Nygten T. E.,1988, "The Subjective Workload Assessment Technique:

1 A Scaling Procedure for Measuring Mental Workload," also in Hancock, P. A., and i Meshkati, N., (eds.), " Human Mental Workload," (Amsterdam, North Holland).

Revisiont 11 February 28,1997 18.8-26 W Westinghouse i

]

J

, 18. Human Factors Ergineering i

e i

4 1

4 l HFE Vortfication and Validetion l I I HSITask HFE C y Fu 4 l*P,f g

(Hanswers & Software) l l JL i 1 r 1 r i

  • Resolve desgn issues AP6004pecdic g

. o ign g conc *P#

  • Establish adequacy of g
    • =+ System g
  • Funceonal desgn concept and Validation 1

requrements functional requrements lhing m l l I

) U 1 P 4

l l 4 tenue Concept Teste l Resolution I .

l l Man-rwh.4aop test of concrew I I example of functional desen:

1 I l

  • Rapid prototypes l I
  • Part-tast sanulations 1 Final Plant HFE
  • High fidelity srnulator l Vertikettart l for smier plant g
  • Factory I socoptance test  ;

I I

.m accepennos test I l

I I

ri,ur,is.s.2 Guye  ;

ir6oo ma..ro. ate.uo/ Testing and Verification and Validation Activities 1

I Revision: 9 j 18.8 29 August 9,1996

[ W8Stingh00$e

, gl 18. Human Factors Engineering i

Detection and Monitoring / Situation Awareness i

. Alert Observe Identify State A&enn Systern WPt3 wptg wpis PlantInformecon System Alann System QDPS Plant intormahn Sysum cops Computertand Procedures i

j interpretation / Planning Implications l Goal Selection Plan Success Selectl of State Cmunnand Pmo.dur Path Formulate Plant informahn Sysum Phnti Systwn Compuhnand Pmoedures Actions

! Plantirdumaten W C*'"'"'*""'" Compumrted Pmostas  ;

l ,, g Pw.unfo,m on syst.rn 4 Control Execute Actions son cone

  • FM Coreois Feedback Monitor Goal Monitor State Verify Action I Achievement WPis son w  ;

Alarm sv=== o.6 n.s corn e i m, Plant informenon System l WP6 QDPS Plant infarrnsten System 00PS ,

Figure 18.8 3 1 Mapping Human System Interface Resources to Operator Model 4 h I1%iui- H!ak Revision: 9 August 9,1996 18.8 30 3 W8Sfingh0US8

l

18. Human Factors Ecgineering im i 18.11 Human System Interface Design Test Program I c.

l Dis section describes 6 ;!r fc/the AP600 human system / interface design test program.

1 This test program consists of two distinct parts:

I l .

Concept tests to be performed as part of the human system interface design process (as I described in subsection 18.8.1).

i l I

  • Verification and validation (V&V) tests to be performed at the completion of the AP600 l design process.

l heulrt i The goal of the human system interface Vtest program is to systematically evaluate human I factors concems that affect plant performance and incorporate the results into the design of I the human system interface.

I / fD g qfg I C pai;=n m

' Plan (fagilities and plant staff activities are addressed in the humarf I

[lk.dfM9? i =.1= Facilities included in the scope of # 'w^^ test program are I the main control room, technical support center, the remote shutdown facility, and local I control stations. Staff activities included are those activities required to operate under normal, abnormal and emergency conditions.

I

{ g g i V l ne ~ ,-r;;- fr S AP600 human system interfaceY ocuses f on the following human l

/7 l system interface resources: 1 4

Vl l I

  • Plant information system (including functional and physical displays of piant processes) I l = Alarm system I = Computerized procedure system I = Dedicated and soft (computer based) controls I . Wall panel information system
I
  • Qualified data processing system l }\w q, slem uY'Ie hep'5f I As illustrated in Figure 18.11-1, a two phase process is used to define th# test program. Phase I l, 1 is called issue definition. Its purpose is to integrate major operator activities with the i I human system interface resources in order to establish a set of human performance evaluation  !

I issues. Phase 2 addresses test development. The purpose of this phase is to develop testing  !

I plans for each of the evaluation issues identified in Phase 1. Reference 1 presents a i description of the methodology, analysis, and the results of executing these two phases. De i results include the identification of 17 human performance evaluation issues and a description I of the testing approach and requirements for addressing each of the evaluation issues. De l 17 human performance evaluation issues are listed in Table 18.11-1.

l l ne 17 human performance issues are organized under five headings:

l l . Evaluations for detection and monitoring l . Evaluations for interpretation and planning

("%

\ )

v Revision: 9 18.11-1 August 9,1996 Y WOS!!nghouS8

, 18. Human Factors Engineering c

Evaluations for controlling plant state Evaluations of conformance to human factors engineering design guidelines Evaluations for validation of the integrated human system interface ne first 15 issues are grouped into the first three headings above.

As described in subsection 18.8.1, man-in-the-loop concept tests are performed as pan of the human system interface design process. These concept tests are organized around the first 15 human performance issues. Reference 2 provides a description of the AP600 man-in-the-loop test plan which includes the concept tests.

Evaluation issues 16 and 17 describe evaluations that are performed as pan of the AP600 human factors verification and validation and fall under the last two headings above. A programmatic level description of the AP600 verification and validation program is provided by Reference 3. Pigure 18.8-2 shows the man-in-the-loop concept testing and the verification and validation activities condacted as part of AP600 human factors engineering program.

Using the programmatic level description, it is the responsibility of the Combined License applicant to develop an implementation plan for the AP600 human factors engineering verification and validation. The Combined License applicant is responsible for the execution and documentation of the plan.

18.11.1 Combined License Information Combined License applicants referencing the AP600 certified design will address the development, execution and documentation of an implementation plan for the verification and validation of the AP600 human factors engineering program. He programmatic level description of the AP600 verification and validation program, presented and referenced by Section 18.11, will be used by the Combined License applicant to develop the implementation plan.

18.11.2 References

1. WCAP-14701, " Methodology and Results Of Defining Evaluation Issues For the AP600 l usT1996'.

Human System Interface Design .1. Test / Program,"

7 Revision l 2. WCAP-14396, " Man-In-De-Loop Test Plan Description," Revision 2, January 1997.

3. WCAP-14401, " Programmatic Level Descriptionjf the AP600 Human Factors i Verification and Validation Plan," Revision,2, January41997.

3 ffpl Revision: 11 February 28,1997 18.11-2 T Westinghouse

\

. l

18. Human Factors Engineering 1

\

l I

i Phase 1. Issue Definition l Map HSl Define Major Define HSI y 4 Evaluation Resourtse Resourms Evaluadon l to Operator lasues as issues Activitlen Links Between I

(Model HSI Resources Employ of Support) and Operator Human pen.nana Performance l

Model Identihr Major Classes of Operator Acevees l

l 1 1 Phase 2 Test Development Develop Evalus6on Define Evaluation DeAne Evaluation Document tsoue into Testable + Approach for + Requrements for + Evaluation Concept Testmg and Concept Testing Descriptions i Hypothesis and Performance Performance Testing; and Performance I

Requrements Venfication Testmg:

.Valdation .Vertflootton i . Validation 4

5 4

~-- "

p Wi-le:eg fu D=h;' ; b.h"--J- d V "' "

%c .n u r:. f u e da s. o.1 Te >+ /r o s / s m

) ) Revision: 9 August 9,1996 3@ 18.11-5

18.' Human Factors Ezgineeri g

)

l 18.12 Inventory .

18.12.1 Inventory of Displays, Alarms, and Controls An inventory of instruments, alarms, and controls for the AP600 systems is provided in the respective system piping and instrumentation diagrams.

He AP600 system design engineers determine the specific sensors, instrumentation, controls, and alarms that are needed to operate the various plant systems. The instmments, alarms, and controls for each system are documented in the piping and instrumentation diagram. An instrument, alarm, and control is specified by the system design engineer if it is needed w control, verily, or monitor the operation of the system and its components. System functions and their respective functional requirements are considered by the system designer when determining the need for a specific instrument, alarm, or control.  % 1 The role of the Human Factors Engineering (HFE) design tesm in the determination total inventory list is one of verification. As described in Section 18.5, the iba Nm Enginx-in;; design team has functionally decomposed the plant. The top four levels of this j model for the AP600, are shown in Figure 18.5-1. Each Level 4 function has a function- I based task analysis (FBTA) performed as described in the Task Analysis Implementation Plan.

Considering the plant operating modes and emergency operations, the function-based task analysis:

  • Identifies the functions goals
  • Identifies the processes used to achieve each goal
  • Documents the performance of a cognitive task analysis of each process The cognitive task analysis of each process answers the monitoring / feedback, planning, and controlling questions. The answers to these questions identify the data for each functional process (instrumentation, indications, alarms, and controls) needed by the operator t'o make decisions. The results of the cognitive task analysis phase of each function-based task analysis are used to verify the inventory list of instruments, controls, and alarms developed y by the AP600 system designers and documented in the respective design documents.

18.12.2 Minimum Inventory of Main Control Room Fixed Displays, Alarms, and Controls

Background

e The man-machine interface system design includes the appropriate plant displays, alarms, and controls needed to support a broad range of expected power generation, shutdowTt, and accident mitigation operations. Soft control displays and plant information displays are generated by a computer and can be changed to perform different functions, allow' control of different devices, or display different information. Rese displays appear on display devices such as cathode ray tubes, flat panel screens, or visual display units. Alarms are used to direct operator attention. Soft controls are provided through devices such as a keyboard, touch screen, mouse, or other equivalent input devices. The majority of the operations for both the Revision: 10 December 20,1996 3 WeStirighouse 18.12-1

. l

. 18. Human Factors Engineering 1

, 18.12.5 References

l. WCAP-14651, " Integration of Human Reliability Analysis With Human Factors 4

l Engineering Design Implementation Plan," Revisiong September 1996.

a rthy 7

2. WCAP-13793, "The AP600 System / Event Matrix," June 1994.

,[' '

\

l l

l I

a.

Revision: 11 February 28,1997 18.12-8 W Westinghouse

o

, 18. firman Factors Ergineeri:3 Table 18.12.21 (Sheet 2 of 2)

MINIMUM INVENTORY l Parameter Control Display Alarm

  • Manual safeguards actuation x Manual CMT actuation x I Manual main control room emergency x l habitability system actuation
  • _

-~

l h u;=y M!!d!"7r;tm =:=J:n

~l Manual ADS actuation (1-3 and 4) x Manual PRHR actuation x Manual containment cooling actuation x l Manual IRWST injection actuation x I Manual containment recirculation actuation x Manual containment isolation x Manual main steamline isolation x Manual fecowater isolation x i l Manual containment hydrogen igniter -

x l (nonsafety related)

.Qt' l Notes:

I 1. Although this parameter does not satisfy any of the selection criteria of subsection 18.12.2, its importance to I manual actuation of ADS justifies its placement on this list.

I 2. These parameters are used to generate visual alerts (safety-related displays for the main control room; nonsafety-I rela:ed displays for the remote shutdown workstation) that identify cha!!cnges to the critical safety functions.

l 3. These instruments are not required after 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. (Subsection 7.5.4 includes more information on the class IE I valve position indication signals, specified as part of the post-accident monitoring instrumentation.)

l 4. This manual actuation capability is not needed at the remote shutdown workstation.

l l

l 1

1 t

3 8

Revision: 11 February 28,1997 18.12 10 $ Westingholise

Retrieved from "https://kanterella.com/w/index.php?title=NSD-NRC-97-5119,_Forwards_Rev_2_to_WCAP-14651,Rev_1_to_WCAP-14701,Rev_3_to_WCAP-14401_%26_Ssar_Chapter_18_Markups_to_Resolve_Comments_Received_in&oldid=3364941"