ML22070A155

From kanterella
Jump to navigation Jump to search
Ehpg Presentation on IDHEAS-G
ML22070A155
Person / Time
Issue date: 05/13/2016
From: Chang Y, Jing Xing
NRC/RES/DRA/HFRB
To:
Xing, Jing - 301 415 2410
References
Download: ML22070A155 (37)
v  d  e


Text

The General Methodology of an Integrated Human Event Analysis System (IDHEAS-G)

Y. James Chang, Jing Xing US Nuclear Regulatory Commission Presentation to EHPG, May 8-13, 2016, Norway 1

HRA in the NRCs regulatory decision process

  • Bases for orders and generic issues
  • Rulemaking
  • Oversight
  • Licensing
  • Event analysis 2

NRCs HRA research activities Scientific foundation - HRA data -

SACADA HRA method Cognitive improvement -

Basis for HRA and others IDHEAS HRA variability and uncertainty - HRA applications-Improved methods, data Fire HRA, foundation, guidance for MCR abandonment, expert judgment FLEX 3

HRA method improvement - Development of IDHEAS (An Integrated Human Event Analysis System)

Scientific Cognitive basis for HRA (NUREG-2114)

Literature IDHEAS General Methodology (IDHEAS-G) for nuclear-related applications (NUREG-2198)

IDHEAS Internal Other application-At-power specific HRA Application models (NUREG-2199)

(e.g., Ex-CR actions) 4

IDHEAS-G key features

  • A general methodology - IDHEAS-G models the full cycle of cognitive process underlying human actions and it is application-independent.
  • Enhanced guidance for qualitative analysis
  • A Basic Quantification Structure - with a basic set of cognitive failure modes, a comprehensive list of performance influencing factors (PIFs), and cognitive mechanisms
  • Application-specific quantification models derived from the Basic Quantification Structure
  • A built-in interface with human performance data 5

Overview of IDHEAS-G Analyze scenario Operational context and develop PRA scenario operational narrative narrative Identify, define, and HFEs HFE 1 HFE 2 HFE 3 assess HFEs CRD and Identify and analyze critical Task 2 Task 3 Task 1 critical tasks of a HFE tasks

- Wrong detection criteria were used Basic Quantification Cognitive failure - Data misleading or not available Structure modes - Critical data misperceived (CFM)

Develop application-specific quantification model to calculate PIFc 1 HEP: PIFc

  • Compute or estimate HEPs of the CFMs PIFc 4 Perform integrative analysis 6

Step 1: Scenario Analysis and Operational Narrative

  • Develop a baseline scenario include the following elements:

- Initial condition

- Initiating event

- Consequences of the initiating event

- Operational narrative and timeline

  • Perform high-level scenario context analysis:

- System Context: To understand the system responses and operational constraints.

- Crew Context: To aware the conditions that may adversely affect human performance at the scenario level.

- Task context: To understand the task flows and identify the limiting factors, e.g., time criticality or operation limitations.

7

Step 2: HFE Identification, Definition, and Feasibility Analysis

  • Identify the initial set of human failure events (HFEs) from the baseline scenario

- Work with PRA analysts to specify and define the event tree top events

- Ask what-if questions to populate the event sequences and top events

  • Perform HFE feasibility analysis 8

Step 3: Task Analysis

  • Develop the crew response diagram (CRD) to represent the expected crew responses for success of the HFE Initiation of Transfer cooldown at Identify to E-1 step 7 of ES Transfer to sLOCA from E-0 1.2 ES 1.2 Success 1 2 3 4
  • Identify the critical tasks and cognitive activities required for the tasks
  • Perform time analysis and time uncertainty analysis of each HFE

- Estimate uncertainty distributions of T(Required) and T(Available)

- Provide basis to calculate Pt[T(Available) > T(Required)] 9

Step 4, 5, & 6: Quantification Step 4: Basic Quantification Structure - The HEP formula, a basic set of cognitive failure modes (CFMs),

cognitive mechanisms, and a comprehensive list of PIFs Step 5: Guidelines for developing application-specific quantification models Step 6: HFE dependency analysis and uncertainty analysis 10

Basis of HEP Quantification:

Macrocognitive functions and cognitive processes Macrocognitive Cognitive process functions D1- Establish acceptance-criteria Detection for information Operator D2 - Prepare tools needed Understanding task D3 - Identify and attend to sources of information Decision making D4 - Perceive information Action D5- Verify / modify detection D6- Retain or communicate the Teamwork information 11

Overview of Basic Quantification Structure Cognitive Macrocognitive Cognitive PIF Mechanism function failure mode Proximate Cause 1

Basic Quantification Structure 1) - The HEP formula Pc = Pc(Critical Taski) 13

Basic Quantification Structure 2) - A basic set of CFMs Cognitive process Failures of the process Behaviorally for Detection (Proximate causes) observable CFMs D1- Establish PC1- Fail to establish Three types of CFMs:

acceptance-criteria acceptance-criteria

  • Unable to do it for information
  • Didnt do it PC2 - Fail to prepare D2 - Prepare tools tools
  • Did it wrong needed D4-1 Primary information is PC3 - Fail to attend to not available D3 - Identify and the correct source of attend to sources of D4-2 Key alarm or alert not information attended to information PC4 - Fail to correctly D4-3 Key parts of D4 - Perceive information not perceived or perceive the information information monitored D5- Verify / modify PC5- Fail to verify or D4-4 Information modify detection results misperceived (information detection Incorrectly perceived, fail to D6- Retain or PC6- Fail to retain or discriminate weak signals, communicate the reading errors) communicate information Information D4-5 Parameters incorrectly 14 monitored

Basic Quantification Structure 3) - Cognitive mechanisms

  • Cognitive mechanisms make the cognitive process working reliably.
  • Errors occur when the capacity limits or vulnerabilities of the cognitive mechanisms are challenged.
  • Every proximate cause /CFMs is associated with a set of cognitive mechanisms.

Cognitive CFMs Challenges to cognitive process mechanisms D4- Perceive D4-1 Primary information is not

  • Loss of vigilance information available
  • Attention is not focused on D4-2 Key alarm or alert not attended cues to D4-3 Key parts of information not
  • Expectation is wrong or perceived or monitored biased D4-4 Information misperceived
  • Working memory failure (information Incorrectly perceived, (overflow, degraded with fail to discriminate weak signals, time, or not consolidated, or reading errors) memorizing wrong D4-5 Parameters incorrectly information )

monitored 15

Basic Quantification Structure 4) - A comprehensive list of PIFs General PIF categories:

  • System - plant condition, information, event evolution, system responses
  • Crew - staffing, crew, work environment, infrastructure of communication and coordination, organizational factors
  • Task - workload, task complexity, available time
  • Job assistance for crew - Human-system interface (HSI), tools, procedures, training, fitness-for-duty A PIF is characterized by observable and assessable traits, e.g.
  • Workload - Unfamiliar scenario, multitasking, unpredictable dynamics
  • HSI - Alarm saliency, distribution of relevant information, display format
  • Training - Perceived urgency, frequency of training, training on failure modes 16

Modeling the effect of PIFs on HEP based on cognitive research

1) A comprehensive list of PIFc
2) Two types of PIFs that affect HEPs differently - Error contributing factors and error modification factors
3) Links between PIFs - cognitive mechanisms - proximate cause /

CFMs

4) References (from cognitive literature and operational events) demonstrating the effect of PIF on macrocognitive functions or CFMs 17

PIF model: 1) A comprehensive list of PIFs

  • Most PIFs identified were reported in the literature or human event reports; A few PIFs were inferred from studies of cognitive mechanisms
  • The PIFs in existing HRA methods were included.

Examples of PIFs:

  • Unfamiliar scenarios
  • Complexity for action execution:
  • Multitasking o Number of related action sequences
  • Distraction / Interruption o Number of control actions o Durations of action sequences
  • Unpredictable system dynamics o Number of exceptions
  • Mental fatigue (time at work, o Variety of action types long-working hours) o Relation among action steps 18

PIF model: 2) Two types of PIFs Error contributing factors

  • Related to the quality of information and specificity of the criteria by which the task is judged as correctly performed. HEP
  • directly contribute to the HEPs; 1.0
  • a single PIF can change the HEP across several orders of magnitude. Modification factors Error modification factors
  • Usually do not alone lead to human errors; e.g., time pressure can increase the likelihood of errors, but the factor alone usually does not cause errors if 0 other PIFs are in nominal status.

Error contributing factors

  • modifies HEP in a relatively small range, typically less than a factor of 10 between the nominal and very poor status of a PIF.

PIF model: 3) Link between PIF - cognitive mechanisms - Proximate cause /PIFs

  • Every proximate cause is associated with a set of cognitive mechanisms.
  • Every PIF challenges one or several cognitive mechanisms.
  • The cognitive mechanisms serve as the basis for identifying and assessing PIFs.

Example: links between PIFs and cognitive mechanisms:

Decision-making: Manage the goal Cognitive mechanisms: A-Incorrect goals selected. B- Incorrect prioritization of goals. C- Incorrect judgment of goal success.

Mechanism PIFs AB Conflict goals: choosing one goal (or option) will block achieving the other goals; Multiple competing goals cannot be prioritized C Competing strategies: Multiple strategies can achieve the end goal but with different benefits and drawbacks ABC Organizational complexity in decision-making (too many levels of authorities, inter-locked authority entities, variety of entities involving in decision-making)

A No procedure/guidance available for making the decision 20

PIF model 4): References demonstrating the effect of PIFs on proximate causes / CFMs Example: The effect of long working-hours (mental fatigue)

REF: Effects of sleep loss on team situation assessment (JV Baranski, 2015)

Task: Team makes judgment of threat on a military surveillance task (situation assessment)

CFMs: Incorrectly assess situation PIF: Long working-hour; Feedback information, Supervision and peer-checking Results: Sleep loss affects assessment accuracy and time needed.

Data: Assessment error rate (%)

Day 2 Day3 Full feedback 4.2 5.5 No feedback 4.5 6 Solo 6 8 Team 4.5 5.5 21

Summary of IDHEAS Generic Methodology

  • Based on the Cognitive Basis for HRA (NURE-2114)
  • Expanded scope to address:

- Broad spectrum of human actions

- Coordination and cooperation among multiple entities

- Complicated decision-making

- Performance influencing factors in severe conditions (e.g., radiation)

  • Adaptable to broad applications such as:

- Level 2 and 3 PRA

- Reactor shutdown operations

- External events

- Fuels, materials, by-product 22

23 IDHEAS-G for Human Event Analysis -

Demonstration with the Fukushima Daiichi Event Jing Xing, James Chang US Nuclear Regulatory Commission Presentation to EHPG, May 8-13, 2016, Norway 24

Lessons, lessons, lessons, learned from Fukushima Daiichi accident To prevent severe accidents from occurring, it is important to understand how past severe accidents occurred and learn lessons from the accidents.

Background:

300+ reports, conference papers, presentations; most involve human performance and digital instrument & control (DI&C)

Purpose:

Consolidate the information regarding human performance and DI&C into one coherent story - What, How, Why

  • Method: Document and analyze information using IDHEAS-G 25

Overview of IDHEAS-G Operational PRA scenario narrative HFEs HFE 1 HFE 2 HFE 3 CRD and critical Task 1 Task 2 Task 3 tasks Cognitive CFM 1 failure CFM 1 CFM 2 CFM 5 modes CFM 3 CFM 6 (CFM)

PIF 1 PIF and PIF 2 HEP CFM PIF 3 PIF 4 26

Operational narrative (Unit 1 only)

Initial condition: Unit 1 was operating at the licensed power level; the staffing level met the normal operation requirements.

Initiating event: An earthquake followed by a beyond-design-basis tsunami flooded portions of the plant site, damaged pumps, equipment, electrical distribution panels, batteries, and emergency diesel generators, and resulted in the loss of AC and DC power.

Consequences of the event:

  • Unit 1 lost AC and DC power shortly after the tsunamis arrival. Once power was lost, the control rooms lost lighting, indicators, instrument readouts, and controls.
  • The Ucondenser (IC) and high-pressure coolant injection system (HPCI) failed due to loss of power.
  • nit 1 reactor automatically scrammed as designed.

Timeline operational narrative for the baseline scenario - Example Time Event evolution Notes T=0 Earthquake 41-51min Tsunami arrival; Damaged the site. The main Loss of onsite AC and DC power control room lost instrumentation.

51-60min I&C failed, HPCI unavailable; reactor Estimated time of core damage shutdown; RPV depressurized. was between four hours and seven hours.

Estimated time of reaching max containment pressure/design pressure was about 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.

9.7h ~ 24h Containment venting preparation 24.8h Hydrogen explosion

+15.0 - +28.8 h Initial injection of freshwater/

seawater into the reactor

Context analysis - Crew context Information availability Indicators and displays in MCR were damaged or did not work due to loss of power; gathering and interpreting the information became very difficult:

  • Primary sources of information were not available; Secondary sources of information were not reliable; Personnel lacked training, guidance, or experience in using secondary sources of information;
  • Personnel did not know how to trust and verify secondary sources of information.
  • Personnel were not aware that some I&C information was misleading.

Additional information:

  • Unit 1 lost instrumentation readouts and the safety parameter display systems; the onsite ERC and offsite center (OFC) were unable to obtain timely information about the condition of the reactor and Units 1-4 spent fuel pools. MCR personnel reported basic reactor parameters to the onsite ERC using fixed-line telephones. This information was manually recorded on whiteboards to share information within the ERC.
  • With no power for instrumentation or controls, the Unit 1 operators lost the ability to monitor plant indicators from the control room. Most critically, they were unable to check the status of the isolation condenser valves or to actuate them from the MCR.

29

Context analysis - Crew context (Cont.)

Parallel activities and responsibilities

  • Multiunit interactions - Multiunit interactions complicated the accident response.

The units competed for physical resources and attention and/or services of the onsite staff, e.g., the competition for fire trucks to pump water into the Units 1, 2, and 3 reactors.

  • Recovery actions such as cleaning debris of working areas and connecting cables.
  • Emergency evacuation.

Environmental factors Environmental factors, such as smoke, flood, noise, ambient lights, high wind, radiation, seismic, extreme cold or hot temperature, impacted personnels capability:

  • Visibility - Work in dark places
  • Mobility - Obstacles and debris spread around the field
  • Accessibility or habitability - Personnel could not access the work site or they could momentarily access the site but could not stay there to complete the work.
  • Personnel physical condition - Work performed wearing protective clothing in high dose environment; radiation indications were not reliable; lack of food, coldness, and wetness.
  • Safety limits - Environmental factors exceeded the safety limits. 30

Context analysis - Crew context (cont.)

Other crew context Coordination infrastructure and effectiveness Decision-making infrastructure (Decision-makers, authorities and hierarchy, use of innovate solutions)

Staffing - availability and qualification for required skills Procedures and Guidance Training and experience Equipment and tools Work site accessibility and habitability 31

Demonstration of task analysis: A simplified Crew Response Diagram HFE: Cooldown Unit 1 reactor Assess system and component Use IC Success status Implement Success Success Assess other Decide the the strategies strategy strategy Fail Fail Develop Implement new Success new strategy strategy HFE no longer Cues feasible or beneficial T=0 HFE Timeline 32

Task analysis - use a fire truck to inject water into the reactor Task Description context Task narrative Unit 1 isolation condenser (IC) was not working and it would only take a few hours to uncover the core. The two procedure-recommended strategies did not work; the ERC ordered the use of fire trucks to inject water into the reactor .

Goal Inject a sufficient amount of water into the reactor to cool the core Cues The two procedure-recommended strategies did not work.

Cognitive

  • Plan to use innovative solution activities
  • Prepare the tools
  • Execute the action - negotiate with subcontractors, get the fire trucks, find and connect hose connectors, inject seawater into the reactor Procedure No procedure or guidance available Personnel ERC team, shift team, subcontractors equipment Fire trucks, hose connectors Locations Debris delayed the arrival of external fire trucks (and other equipment), and also created significant obstacles to movement within the plant.

33 Environmental Visibility, Mobility, Accessibility or habitability, Radiation, Noise factors

Identification of cognitive failure modes (CFMs)

Cognitive Example CFMs function Detection

  • Unable to monitor status
  • Failure to access to sources of information - Attempts to check the status of the valves in the field were unsuccessful because of access limitations and high radiation fields.
  • Failure to assess the situation - Operators did not understand at first that the isolation Understanding condenser had stopped functioning
  • Incorrect team understanding - Operators and ERC staff had different understandings of IC status Decision-
  • Inappropriate prioritization of the goals - The site superintendent directed onsite ERC making staff to give priority to restoring plant indicators, particularly reactor water level and pressure.

Action

  • Failure of command and control - The Unit 1 operators asked the onsite ERC to execution provide batteries so that the safety relief valves could be opened from the control room.

However, the ERC team member who received this request did not understand its urgency.

Teamwork

  • Miscommunication - between the onsite ERC, headquarters ERC, and the Nuclear and Industrial Safety Agency (NISA)
  • Poor coordination of systems and equipment in monitoring, protection and decontamination
  • Lack of coordination - between shift team and firefighters because neither understood the responsibility given to them by the site superintendent 34

Identification of Performance Influencing factors for the CFMs Cognitive PIFs function

  • HSI was limited with respect to the cues, indications, and controls available Detection
  • Operator activities associated with detection and monitoring of cues and indications was distributed between the MCR and other locations in the plant under degraded environmental conditions (cold, noise, radiation, visibility, etc.)
  • Operators and decision-makers were unfamiliar with the scenarios, therefore, they did not have an existing mental model to fully understand the situation Understanding
  • Degraded sensors and indicators may be misleading
  • Sources of information may inherit great uncertainties
  • Procedures were not applicable to the situations so they did not help in diagnosing problems Decision-making
  • Decision-making complexity: Involvement of multiple teams
  • Information for decision-making may not be available
  • Difficulty in planning - A clear approach is needed from EOPs to SAMGs and the extended damage management guidelines (EDMGs)
  • Decision-making during multi-unit events, including understanding effects such as MCR configuration (common control rooms vs. separate control rooms) and distance of separation of the units
  • Difficult to prioritize limited resources
  • Distributed locations of decision- making
  • Unclear responsibility, accountability and authority for decision-making in a crisis 35

Identification of Performance Influencing factors for the CFMs (cont.)

  • HSI for action execution is limited and distributed in multiple locations in the plant under Action degraded environmental factors (heat, cold, noise, radiation, visibility, etc.)

execution

  • Equipment and tools are limited
  • Manual actions needed for degraded / damaged automation
  • More and different types of communication than if all of these activities took place in the MCR are required
  • Action scripts need to be developed (skills-of-the-craft)
  • Operators lack of knowledge of IC functions and lack of experience in its operation
  • Operators are unfamiliar with the facilities
  • Lack of instructions and coordination
  • Staffing is inadequate either in the number of personnel or the types of personnel with special skills
  • Inadequate drills and exercises to manage long-hour accident management actions
  • Complex communication configuration
  • Lack of communication requirements / strategies / protocols -
  • Unclear personnel responsibility on communication
  • Lack of redundancies for communication technologies shared by all organizations Teamwork
  • Lack of mechanisms to maintain required communication linkages when communication technology fails
  • Difficult communication between off-site and on-site - Lack of common operational picture and lack of coordination model
  • Critical Infrastructure - the on-site center may not function because no water supply, no power supply, sheltering indoors, exhaustion, and radiation.
  • Command & control may not function as expected
  • Lack of clarity in roles and responsibilities within the onsite ERC 36

Summary The documentation provides a systematic understanding of human performance in the accident:

  • The operational narrative describes what occurred from an operational perspective; The context analysis elucidates situational factors challenging human performance;
  • The task analysis delineates how personnel perform tasks for the required human actions;
  • The failure modes of the human actions and the associated performance influencing factors manifested by the context of how and why personnel may fail to perform required actions.

Together these constitute the basis for applying lessons learned to improving design of plant systems, structures, and components, as well as procedures and training.

37

Retrieved from "https://kanterella.com/w/index.php?title=ML22070A155&oldid=3434886"