ML22070A153

From kanterella
Jump to navigation Jump to search
Ehpg Paper on IDHEAS General Methodology (IDHEAS-G)
ML22070A153
Person / Time
Issue date: 03/11/2022
From: Chang Y, Jing Xing
NRC/RES/DRA/HFRB
To:
Xing, Jing - 301 415 2410
References
Download: ML22070A153 (12)
v  d  e


Text

The General Methodology of an Integrated Human Event Analysis System (IDHEAS-G)

Y. James Chang and Jing Xing Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, Washington, DC, USA Abstract The General Methodology of the Integrated Human Event Analysis System (IDHEAS-G) is a product of the U.S. Nuclear Regulatory Commission (NRC) to provide a general framework to develop application-specific human reliability analysis (HRA) methods and analyze human events.

IDHEAS-G is based on the cognitive basis structure for HRA developed by NRC (NUREG-2114 Cognitive Basis for Human Reliability Analysis). An example of an application-specific HRA method developed from the IDHEAS-G methodology is the IDHEAS method for internal, at-power applications jointly developed by the NRC and the Electric Power Research Institute (EPRI).

IDHEAS-G uses four macrocognitive functions to represent a task demand on human cognition:

detecting information, understanding the situation, making decisions and planning the response, and executing actions. Each macrocognitive function is assumed to be performed in a team and organizational context. Therefore, the communication, supervision, and teamwork, etc. are modeled in each macrocognitive function. For each macrocognitive function, IDHEAS-Gs cognitive elements include a model of failure mechanisms where the corresponding failure modes and the performance influencing factors (PIFs) are identified. The failure mechanisms, failure modes, and PIFs are generic and comprehensive. These cognitive elements and relations are first based on the review results in NUREG-2114 then enhanced and organized as a single, comprehensive model for practical use for HRA. To develop application-specific HRA methods, application-specific terms can be used in the place of IDHEA-G generic terms. As for guidance, IDHEAS-G provides guidance for performing an HRA, step-by-step guidelines to perform a detailed qualitative task analysis, and a structure using the IDHEAS-Gs cognitive elements to estimate human error probabilities in HRA. This paper introduces the IDHEAS-Gs cognitive elements (failure mechanisms, failure modes, and PIFs) and demonstrates the use of IDHEAS-G to develop an application-specific HRA method.

1. Introduction Probabilistic risk assessment (PRA) results and insights are frequently used to support risk-informed regulatory decision making. The U. S. Nuclear Regulatory Commission (NRC) continues to improve the robustness of PRA, including human reliability analysis (HRA) through many activities (e.g., supporting and endorsing PRA standards developed by professional societies).

Improving HRA has been a focus of the NRCs research activities. To date, there have been about fifty HRA methods developed worldwide to estimate human error probabilities (HEPs). In the U.S.,

notable HRA methods include THERP, ASEP, SLIM-MOD, SPAR-H, ATHEANA, FLIM-MOD, HCR/ORE, and CBDT. Method-to-method variability and analyst-to-analyst variability in the estimates of human error probabilities (HEPs) have been observed in applying these methods.

The variability in HRA quality, in certain situations, could affect NRCs risk-informed decisions.

Human performance is strongly dependent on context. PRA is being applied in various domains (e.g., at-power, shutdown, inside the control room, outside the control room, procedure driven actions, actions taken based on knowledge, in the sense that crews would need to understand from their general plant knowledge what procedure to use). These domains have a wide range of contexts. The NRC is performing a Level III PRA study that covers the risk of all radiation sources of a nuclear power station (reactor, spent fuel pool, and dry cask) affected by both internal events and external hazards. As the application of PRA grows and covers even more contexts, HRA must Template EHPG_paper version 11 2015-09-21

be able to address the needs. Over the years, HRA was performed for context other than internal, at-power events. The studies either adapted the methods used for internal, at-power events or developed ad hoc HRA methods based on the existing methods. A consistent methodology is needed.

The NRCs Staff Requirement Memorandum SRM-M061020 requested the staff to evaluate the different human reliability models in an effort to propose a single model for the agency to use or guidance on which model(s) should be used in specific circumstances. The NRCs Office of Nuclear Regulatory Research (RES) has taken the lead in addressing SRM-M061020. The strategic approach, as illustrated in Figure 1, is described as follows:

1) Develop a cognitive basis as the foundation for HRA. The cognitive basis should address the following: How humans perform complex cognitive tasks; What enables humans to reliably perform tasks; and What causes human failures? Such a cognitive basis addresses the fundamentals of human cognition and it is applicable to human performance in any context. The cognitive basis was developed through review, synthesis and analysis of cognitive literature. The outcome is documented in NUREG-2114 Cognitive Basis for HRA [1]. This product served as the basis for the HRA method and is also useful for HRA analysts to understand HRA methods.
2) Develop a generic HRA methodology including the HRA concepts, process, and guidance to perform an HRA. This methodology should be based on the cognitive mechanisms with emphasis on how humans could fail, and be applicable for HRA. That includes integrating the strengths of existing HRA methods and practices and conforming to existing PRA/HRA standards, guidance, and good practices. The methodology is applicable to the broad context of human performance for NPP safety that is adequate to cover multiple dimensions of HRA applications (e.g., internal vs. external events, level-1 and Level-2 PRA, and at-power vs. shutdown). We refer this methodology as the General Methodology of an Integrated Human event Analysis System (IDHEAS-G) [2].
3) Implement IDHEAS-G in the context of specific HRA applications. The first application-specific IDHEAS method was the IDHEAS-G implementation in the context of internal, at-power events [3]. This was performed through the collaboration between the NRC and the Electric Power Research Institute (EPRI). While the process and guidance in IDHEAS-G cover human tasks of a broad context, this implementation has the same process as that of IDHEAS-G with specifications to address human actions in internal, at-power events.

Since human tasks in this context are well defined in operating procedures, we are able to develop specific crew failure modes and decision-trees representing the effects of contextual factors on the failure modes. This method is referred as IDHEAS Internal At-Power Application.

Scientific Cognitive basis for HRA Literature (NUREG-2114)

HRA General (IDHEAS-G) for all NPP applications IDHEAS Other application-internal at-power specific HRA models application (e.g, ex-CR actions)

Figure 1: IDHEAS strategic approach IDHEAS-G is based on what we know about human cognitive functioning, and it models human cognitive activities in a teamwork and organizational environment. The cognitive activities are described through the macrocognitive functions: detecting information, understanding the situation, making decisions and response planning, and executing actions. Therefore, IDHEAS-G is an application-independent methodology. The methodology is developed for use in any nuclear-related HRA application and human event analysis, such as Level 1 and Level 2 PRA, internal and external events, main control room (MCR) and ex-MCR actions, nuclear power plant (NPP) at-power and shutdown operations. It could also be used to develop HRA methods for non-nuclear applications such as medical equipment operation or security operation.

This paper describes the main elements in IDHEAS-G including scenario analysis, human failure event (HFE) identification and feasibility analysis, time uncertainty analysis, task analysis, basic quantification structure to calculate HEPs and its implementation for application-specific quantification models, and integral analysis. While these elements together constitute a complete HRA methodology, the guidance for each element can be used stand-alone for the analysis of human failure events.

2. Results Since IDHEAS-G is developed for NPP and non-nuclear HRA applications, we use general terminology instead of conventional NPP terminology to describe the methodology. Below are some typical terms:
  • System - the safety-critical object for operation. It can be an NPP, medical equipment, or machine.
  • Personnel or operator - An individual that operates the system; this can be a NPP operator, field operator, or technician.
  • Crew - A structured team consisting of multiple personnel each with its assigned role and responsibilities.

Overview of IDHEAS-G Figure 2 illustrates the process of IDHEAS-G. The individual elements and the outcomes of the elements are summarized in Table-1. Notice that even the elements are processed in the order of the six steps as described in the table, the actual implementation of the methodology is not necessarily in sequential order and some elements are often performed iteratively. Figure 2 shows the general structure of the analysis elements. On the top is a PRA scenario to be analysed. The HFEs of the scenario is identified for analysis. An HFE in PRA is typically a failure to achieve a plant function. An HFE may include multiple tasks to achieve the objectives that collectively achieve the plant function. The crew response tree (CRD) is used to identify these tasks and error recovery opportunities. For each task, the applicable crew failure modes (CFMs) and PIFs are identified to calculate the tasks HEP. The HFEs HEP is a function of the tasks HEPs.

Table-1 Overview of IDHEAS-G Elements Outputs of the elements Preparation: Define the HRA HRA team understanding of the issue, project plan, and issue and analysis scope expected outcomes Step 1: Scenario analysis and Initial conditions, initiating events, boundary conditions, and operational narrative consequences of interest Description of scenario: Event progression described in timeline and narrative stories.

Scenario context: Plant (systems), crew, and task context

Step 2: HFE analysis - The baseline event sequence and deviation event sequences Identification, definition and through What-If questions feasibility analysis Identification and definition of HFEs HFE feasibility analysis Step 3 -CRD, task analysis, CRD representing the expected crew response and recovery error recovery, and time paths along with the timeline of critical responses; analysis Identification and analysis of critical tasks along the CRD Time uncertainties and their contribution to HEP Step 4: Quantification model Basic Quantification Structure - A basic set of cognitive failure

- Basic Quantification modes, a comprehensive list of PIFs, and underlying cognitive Structure and development of mechanisms the application-specific quantification model Step 5: Develop application- Selection of CFMs pertinent to the application specific quantification model Selection of PIF characteristics pertinent to the CFMs and use the model to estimate HEPs Approach to HEP estimation Step 6 Integration - results Documentation of process and parameter uncertainties review, dependency analysis, HEPs after review and consideration of dependencies.

and uncertainty analysis HRA documentation Operational PRA scenario narrative HFEs HFE 1 HFE 2 HFE 3 CRD and Task 1 Task 2 Task 3 critical tasks

- Wrong detection criteria were used Crew - Data misleading or not available failure - Critical data misperceived modes -

(CFM)

PIF 1 PIFc PIF 2 and HEP CFM PIF 3 PIF 4 Figure 2: IDHEAS-G diagram: Elements and process

2.1 Scenario analysis and operational narrative The objective of this step is to develop operational narratives that adequately describe the entire context of the evolving event scenario, how that scenario affects information and stimuli in the operators' environment, and factors that may influence personnel response in that context. The purpose of scenario analysis is to understand the actions that humans must perform within the scenario and the challenges they may face. The analysis allows for HRA analysts to gain perspective on the complete spectrum of scenario-specific conditions that may require personnel attention. That perspective is essential for an analyst to perform an integrated assessment of all factors that may influence personnel performance in the context of the evolving scenario. The output of a scenario analysis is referred to as the operational narrative.

2.1.1 Document initial condition, initiating event, and boundary condition The initial condition (IC) is the status of the systems and personnel before the initiating event. It includes

  • Operational status, e.g., steady-state or stable transition
  • Significant equipment configurations and unavailable components
  • Staffing and ongoing activities An initiating event (IE) is an event originating from an internal or external hazard that caused a plant abnormality, which would require successful system automatic interventions, human interventions, or both, depending on the context, to protect plant safety.

The boundary condition (BC) is the assumptions applied to the analysis that need to be satisfied.

Clear BC specifications reduce the study uncertainty and facilitate communication between different technical disciplines. If relevant to the analysis, the BC should include general information (e.g., reactor type and containment type) and the analysis plant specific information (e.g., unique plant system and unique plant configuration).

2.1.2 Develop the baseline scenario The baseline scenario is to delineate the expected plant and human responses under the IC, IE, and BC. The plant-human interactions within the scenario are developed from the operator trainers perspective. In developing the baseline scenario, except for what is specified in the IC, IE, and BC, it is assumed that there are no additional hardware failures, and the operators respond to the event as they were trained.

The main purposes of developing the baseline scenario are for the HRA analysts to have an in-depth understanding of the scenario to analyze the event from the operator perspective and to be aware of the potential instrument and system control settings and operational limitations that may affect operators responses and scenario progression.

2.1.3 Perform Scenario Context Analysis The purpose of context analysis is to identify the context (situations and conditions) that challenge plant and human performance in the scenario. The documentation of the scenario context serves as the high-level guidance for HFE definition and analysis, although not every item in the context applies to all HFEs. The purpose of the context analysis is to provide a basis to estimate the HEPs of the HFEs of interest in the analysis.

The scenario context is divided into the following three groups:

- The system context

- The crew context

- The task context System Context The system context provides a birds-eye view of the scenario for a holistic understanding of the scenario progression before diving into the detailed analysis of specific HFEs. The scenario context description should include the following elements:

  • Initial plant conditions, including operating conditions of all the systems on the site, initiating events, and latent failures
  • Expected important structure, system, and component (SSC) responses. Pay special attention to the systems that if failed would significantly challenge plant safety. In NPPs, these typically are the plant safety systems and components and the defense-in-depth barriers to protecting radioactivity release from the fuel, reactor coolant system, and containment.
  • The conditions that challenge the SSC functions mentioned in the previous bullet include support systems, ancillary functions, and the concurrent activities to protect workers or major equipment (e.g., vent hydrogen from the main generator in certain events).
  • Key operator actions (inside and outside of the main control room) that have to be performed to ensure system safety and timing of the actions
  • Offsite support, if any
  • Component behavior and the limiting factors of operation
  • Effects of system failures and human failures Crew Context Crew context is centred on the conditions that affect human performance of key actions. This includes the information, stimuli, and conditions, etc. affecting the crews ability to perceive the information related to the plant abnormality, understanding the situation, making correct decisions, and performing the required actions in time to prevent an undesired consequence from happening.

All of the above mentioned human activities are most likely to be performed in a teamwork environment. Identification of operational challenges should be based on the understanding of how these macrocognitive functions are performed. The following are the general areas of consideration for the crew context:

  • Environmental conditions that challenge human performance
  • Significant activities outside the PRA scenario such as coordination with emergency evacuation centers
  • Work sites accessibility
  • Information availability and reliability
  • Procedures and guidance documents
  • Infrastructure for decision-making
  • Staffing
  • Training
  • Availability of equipment, tools, parts, and keys Task context Task context refers to the factors that challenge personnel tasks in HFEs. The following elements should be considered in the task context:
  • Unfamiliar / unusual scenarios
  • Multitasking
  • High distraction and interruption
  • Unpredictable dynamics
  • Cognitive complexity
  • Time pressure and stress
  • Mental fatigue 2.2 HFE Identification, Definition, and Feasibility Analysis The objective of Step 2 is to identify HFEs in the PRA scenario, define the HFEs at a high-level with respective to the PRA scenario, and assess the feasibility of the HFEs.

2.2.1 HFE Identification Identifying the HFEs to be modeled in PRA requires working with PRA analysts to develop a base event sequence in the PRA model with input from the baseline scenario developed in the previous step. Additional HFEs are identified by identifying and developing other event sequences for the scenario by asking What-If questions.

  • HFEs from the baseline scenario: This step is the identification of the key human actions from the baseline scenario to be modeled in the PRA model, e.g., as top events (HFEs) in the event trees (ET).
  • Failures of the ET top event components: component failures generate new ET event sequences. New HFEs may be identified in the new event sequences.

2.2.2 HFE Definition HFEs are typically defined in conjunction with HFE identification and, as the PRA develops, the definition is refined and revised. The ASME/ANS PRA Standard HLR-HR-F outlines the requirements for definition as the following: Human failure events shall be defined that represent the impact of not properly performing the required responses, in a manner consistent with the structure and level of detail of the accident sequences. The following information are useful for identifying HFEs:

  • Accident sequences, the initiating event, and subsequent system and operator action successes and failures preceding the HFE
  • Accident sequence-specific procedural guidance
  • The cues and other indications for detection and evaluation of errors
  • Accident sequence-specific timing of cues and the time available for successful completion
  • The time available for action
  • The high-level tasks required to achieve the goal of the response 2.2.3 HFE feasibility assessment Once the HFEs have been identified and defined, the HRA analyst needs to initially determine if the HFE is feasible in the scenario context. The purpose of the feasibility check is to ensure that the infeasible human actions are not credited in PRA models. The following are considerations to determine the action feasibility:
  • Sufficient time: By assuming that everything goes as planned without surprises, the action can be completed within the available time.
  • Credible cue(s): There must be credible cues (or information) to lead personnel to perform the action.
  • Procedures / guidance / instructions and training: Procedures or guidance should be available to perform the HFE being analyzed, and personnel should have been trained on the procedures and guidance.
  • Sufficient staffing and skills: Having sufficient numbers of personnel and all needed skills to perform the HFE.
  • Accessibility: The action location and the travel route to the action location is accessible.
  • Equipment (the human-system interface of pre-positioned systems / equipment, on-transport equipment, portable equipment, and communication devices) operability and resources: The needed component, equipment, and parts are available to complete the HFE to achieve the desired system function.

2.3 HFE Analysis - Task Analysis & Time Analysis This step is the performance and documentation of a task analysis of an HFE to identify opportunities for human errors affecting plant safety.

2.3.1 Develop Crew Response Diagram Task analysis includes identifying critical tasks and documenting them in a crew response diagram (CRD). The purpose of a CRD is to characterize the expected crew response path for the required response to the plant by describing the evolution over time of the scenario and to identify critical tasks.

Development of the CRD is performed in three stages:

  • Stage 1 - Develop the CRD along with the timeline

- Identify the procedures that are applicable to this HFE.

- Determine the relevant cues and their timing.

- Identify the crews trained responses that are required by the procedures and form a success path.

- Plot the success path with each node representing the onset of a cue, a key transition point, or a required crew response. Failure of a cue, a transition, or a required response would result in human failure.

- Develop a timeline along the CRD by indicating the timing of the onset of the cues, when a transition needs to be made, and when a required response is expected to be performed.

  • Stage 2 - Identify and analyze critical tasks

- Each node may be associated with one or several critical tasks.

- A critical task has to meet all the three criteria:

Task criticality - The systems involved in the task are safety-critical, and the task involves changes to the operating configuration.

Task difficulty - The task requires complex human involvement and has a good chance of human errors.

Recovery difficulty - The consequences of the omitted or incorrectly performed task cannot be easily detected and corrected.

  • Stage 3 - Identify potential recovery opportunities.

2.3.2 Analysis of time uncertainties The purpose of this step is to identify uncertainties in the time available and time needed to perform the human actions in an HFE and to quantify the contribution of time uncertainties to the overall HEP of the HFE. The process is as follows:

1) Identification of factors contributing to time uncertainty that include:
  • Estimation of the distribution of time available for completing the task (time available)
  • Estimation of the distribution of time needed to complete the task (time demand)
2) Calculation of the contribution of time uncertainties to the HEP HEP = Pc + Pt Pc - Probability of all the cognitive failure modes of all the critical tasks of the HFE. This is all types of operator failures other than Pt.

Pt - Error probability introduced due to the limitation of available time for response. This assumes that the crew follows their protocol or procedures correctly and there are no additional complications (e.g., equipment failures) except as specified in the initial condition, initiating event, and the boundary condition. Pt is the likelihood that the time available to perform the human action is less than the time needed for the action.

Psychological time pressure (even if there is enough time) also impairs task performance and may lead to errors, but it is treated as a PIF, so it does not contribute to Pt.

Pt is calculated with the time-reliability model as follows:

1) Estimate probabilistic distributions (the central tendency and range, e.g., 5th, 50th, and 95th percentile) of the time available and time needed to perform the action.
2) Calculate the likelihood that the time available is less than the time needed, i.e., performing the convolution of the two distribution functions.

2.4 Quantification -The Basic Quantification Structure and Development of the Application-Specific Quantification Model IDHEAS-G provides a basic quantification structure that consists of a comprehensive list of crew failure modes (CFMs) and a PIF list. These lists were developed from cognitive processes and mechanisms, thus they are generic to all HRA applications. Using this basic structure for HEP quantification can be difficult and time consuming due to the large sets of CFMs and PIFs and their

generic descriptions. Step 4 provides guidance on how to develop an application-specific quantification model from the basic quantification structure.

2.4.1 Overview of the Quantification Structure The quantification structure is the basis for application-specific quantification models and is application-independent. It consists of four parts: an HEP quantification formula, a basic set of cognition-based CFMs, a comprehensive list of PIF characteristics, and a list of cognitive mechanisms that link the CFMs and PIFs (i.e., the mechanisms about why PIFs lead to the CFM).

2.4.1.1 Crew Failure Modes The Basic Quantification Structure describes crew failures at two levels of detail.

  • The high-level cognitive failures:

The cognitive failure modes are based on the failure of the four macrocognitive functions.

The four failure modes are:

- Failure of detecting information

- Failure of understanding and assessing the situation

- Failure of making decisions or planning

- Failure of executing planned actions

  • The detailed level of failure - CFMs The CFMs are based on the failure of cognitive process steps of the macrocognitive functions. For example, the cognitive process for the Detection function consists of the following steps:

D1 - Establish the mental model and decision-criteria for information to be acquired D2 - Preparation for detection D3 - Select / identify / attend to sources of information D4 - Perceive, register, and recognize information D5 - Verify / modify detection D6 - Retain / document / communicate the information The detailed CFMs are behaviorally observable outcomes of the proximate causes. For example, the CFMs associated with D1 Establish the mental model and decision-criteria for information to be acquired include:

- D1-1 Detection not initiated (e.g., Skip steps of procedures for detection, forget to check information)

- D1-2 Wrong detection criteria were used

- D1-3 Failure to prioritize information to be detected The IDHEAS quantification structure provides a complete set of CFMs associated with each proximate cause. IDHEAS also provides links between the CFMs and cognitive mechanisms underlying the failure. These cognitive mechanisms provide HRA analysts with the cognitive basis for the failures and the root causes on why the PIFs lead to a given CFM.

2.4.1.2 PIFs Effects on HEPs The PIFs modelled in the methodology include the following:

  • Plant - event evolution, system responses, information
  • Crew - staffing, work environment and conditions, infrastructure, coordination and cooperation, organizational factors
  • Task - workload, task complexity, available time
  • Traditional PIFs - human-system interface (HSI), tools, procedures, training

The General Methodology models these factors through the detailed traits or aspects of the high level PIFs - e.g.

  • HSI - Alarm saliency, location of key information, ambiguity of indications
  • Training - Perceived urgency, frequency of training, training on I&C failure modes The basic quantification structure provides a comprehensive list of PIFs and their links to CFMs.

There are two types of PIFs: error contributing factors that directly add error probabilities to the base HEP of a cognitive function and error modification factors that act as multipliers to the base HEP. For example, the reliability of equipment needed for the human action being analysed directly contributes to the overall human error probability, while mental fatigue acts as a modifier to the base HEP. Thus, the HEP of a CFM is determined by the effect of the PIFs relevance to the failure mode.

2.4.1.3 Cognitive Mechanisms For every cognitive function, the quantification structure has a list of cognitive mechanisms that make the cognitive function work reliably. The failures of the mechanisms lead to the failure of various steps of the cognitive processes. For each step of the cognitive process of a given macrocognitive function, the quantification structure identifies the pertinent mechanisms. On the other hand, the quantification structure also identifies cognitive mechanisms that link every PIF to the associated CFMs. The mechanisms serve as an explanation or justification for why the PIFs lead to the CFMs.

2.4.2 Development of application-specific quantification model To use IDHEAS for HEP estimation, a quantification model should be developed from the quantification structure. The methodology provides a comprehensive list of CFMs and PIFs. The PIFs affect the CFMs likelihood. The CFMs are behaviourally observable outcomes of failures of the cognitive process of a macrocognitive function. Depending on the HRA application, some CFMs may not be applicable, can be merged, and may need to be split to model detailed modes to more accurately model human actions in the given application. Similarly, some PIFs can be eliminated, merged, or expanded for the application. Therefore, a specific quantification model can be developed as a subset of the quantification structure for a given, well-defined application. The model can be used to perform any HRA within the scope of the application. The quantification model of the IDHEAS Internal At-power Application is an example HRA application where human actions are performed by well-trained crews using well-developed procedures for the control room crew to respond to internal, at-power events.

The process of developing the quantification model for a given application is described as:

1) Understand the context and scope of human actions in the application and make general assumptions about the application (e.g., well-trained crews, tasks performed in the control room, actions lasting for no more than several hours)
2) Identify the limited set of CFMs

- Select applicable Proximate Causes - Some causes can be eliminated because the crew tasks do not involve the steps of the cognitive processes.

- Select applicable CFMs for the proximate causes.

- Merge, modify, or expand the CFMs for the given application.

3) For every CFM, identify the most relevant PIFs that affect the CFM; the selected PIFs can be organized in a decision-tree, with each PIF being a branch point and each path representing a combination of the PIFs.
4) Estimate the HEP of the individual or combined CFMs for the various combinations of the PIFs using existing data (if available and adequate) or expert judgment.

With the quantification model developed, HRA analysts can estimate the HEP by selecting the CFMs analyzed and decision-tree paths applicable to the critical crew tasks in the HFE being analyzed, then calculating the HEP using the pre-estimated HEP values for every decision-tree path.

While the HEP quantification structure is based on human cognition and is independent of HRA applications, a quantification model is developed for a specific application and may not be applicable to or may not be adequate for other HRA application areas. Therefore, it is important that every quantification model developed from the IDHEAS-G clearly specify its application scope and the assumptions used in developing the model.

2.4.3 Guidance for Estimating HEP Based on Data and Resources Available To estimate the HEP for various combinations of PIFs pertinent to a CFM, the quantification model developers need to first assess the available data on human error rates or error probability for the cognitive tasks. The ideal situation is that the available data allow for the calculation of the HEPs or the inference of the HEPs through mathematic or statistical data fitting. When the data is sparse, expert judgment is needed to estimate the HEPs. For eliciting expert judgment, the writers of this report recommend the use of the Senior Seismic Hazard Analysis Committee (SSHAC) Method (NUREG/CR-6372, Recommendations for Probabilistic Seismic Hazard Analysis: Guidance on Uncertainty and the Use of Experts) [4].

2.5 Use the Quantification Model to Calculate the HEP To calculate the HEP, analysts need to assess the effects of the PIFs. Compared to MCR actions, available data for ex-MCR actions is very limited. We conducted a literature search to collect data on human errors caused by one or the combination of several PIFs. The sources of data range from lab research to operational error data in various fields such as health care, aerospace, transportation, mechanical maintenance, nuclear, etc. We synthesized the data to generate a reference range for the effects of individual PIFs.

One important finding from the literature review of human error data is that the combined effect of multiple PIFs is roughly equal to the sum of the effects of the individual PIFs [5].

We adapted this finding to calculate HEPs. This is a significant difference from most of the HRA methods, where the combined effect of multiple PIFs is the multiplication of the effects of individual PIFs.

The process for calculating HEPs is as follows:

1) Identify applicable CFMs for every critical task
2) Determine the status of applicable PIFs for every critical task
3) Calculate the HEP for every critical task A critical tasks HEP is the sum of the HEP of the critical tasks CFMs and modified by a recovery factor that represents the potential error recovery. The recovery factor addresses the situation where the crew fails a critical task, yet there is an opportunity later to catch and correct the error.

The recovery opportunities are identified in the CRD. The recovery factor should be used only when all of the following conditions are met:

  • The critical task has at least one recovery path in the CRD
  • There is adequate time for recovery
  • Cues are available to prompt the crew to detect the error 1 Integral Analysis The objective of this step is to perform dependency analysis and document uncertainties for all the HFEs in the scenario. The ASME/ANS PRA standard requires that multiple human actions in an accident sequence or cutset be identified, degree of dependency assessed, and joint HEP calculated. IDHEAS-G adopted the guidance in Fire HRA (NUREG-1921, [6]) for treatment of dependency. The process includes identifying combinations of multiple operator actions in the scenario, evaluating dependencies within the scenario, and incorporating the dependency evaluation into the PRA model. One area for IDHEAS-G future improvement is to develop a dependency model based on the macrocognitive functions and cognitive mechanisms.

The HEP uncertainty assessment is a PRA requirement. N U R E G - 1 8 5 5 Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making [7] provides

guidance for treatment of three types of uncertainties in PRA: parameter uncertainty, model uncertainty, and completeness uncertainty. IDHEAS-G provides guidance on analyzing and documenting the three types of uncertainties in complying with the guidance in NUREG-1855.

3. Conclusions IDHEAS-G is a general methodology for HRA with a solid foundation in HRA technology and experience as well as with the state-of-knowledge of Human Factors and Human Performance.

The IDHEAS methodology structure and terminology is human-centred so that it can be adapted to different conditions, hazards, and application fields. In addition, DHEAS-G development closely interacts with the SACADA HRA data method development [8] in anticipation of using SACADA data to enhance the IDHEAS methodology. IDHEAS-G consists of the process and guidance for the full-cycle of HRA in the broad context of NPP operations. The guidance focuses on how to perform HRA under various conditions. It provides analysts the flexibility and scalability in conducting HRA under the constraints of resources, available information, and level of detail needed.

References

1. NRC, 2016 Cognitive Basic for Human Reliability Analysis, US Nuclear Regulatory Commission, NUREG-2114, 2016.
2. NRC, 2017 An Integrated Human Event Analysis System - The General Methodology (IDHEAS-G), US Nuclear Regulatory Commission, NUREG-2198, in preparation.
3. NRC, 2017 An Integrated Human Event Analysis System - Internal At-Power Application, US Nuclear Regulatory Commission, NUREG-2199, Vol.1, in preparation.
4. NRC, 1999 Recommendations for Probabilistic Seismic Hazard Analysis: Guidance on Uncertainty and the Use of Experts, US Nuclear Regulatory Commission , NUREG/CR-6372
5. Xing J, Chang YJ, and Siu N, 2015 Insights on human error probability from cognitive experiment literature. International Topical Meeting on Probabilistic Safety Assessment (PSA-15), Sun Valley, Idaho, USA, 2015
6. NRC, 2012 EPRI/NRC-RES Fire Human Reliability Analysis Guidelines, US Nuclear Regulatory Commission, NUREG-1921, 2012
7. NRC, 2013 Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making, NUREG-1855, Rev.1, 2013
8. Chang YJ, et. al., 2014 The SACADA database for human reliability and human performance, Reliability Engineering System Safety, 05/2014; 125:117-133.
Retrieved from "https://kanterella.com/w/index.php?title=ML22070A153&oldid=3434888"