Text

OECD NEA HALDEN HUMAN-TECHNOLOGY-ORGANIZATION (HTO) PROJECT DIGITAL I&C SAFETY ASSURANCE AND HUMAN PERFORMANCE ANDREAS BYE, BJØRN AXEL GRAN, SIZARTA SARSHAR, YONAS ZEWDU AYELE

2 Digital Instrument &Control (DI&C) - Human Performance Framework Human-System Interface (HSI)

[1] O'Hara, J.M., Gunther, B., Martinez-Guridi, G., Xing, J.F., &

Barnes, V.E. (2010). The Effect of Degraded Digital Instrumentation and Control systems on Human-system Interfaces and Operator Performance.

3 Operator performance in digital vs traditional control room Research question:

Analog HSI may be used as backup for digital HSI in safety systems, e.g., for plant shutdown. What are the effects on the operators when changing between different types of interfaces?

Experimental results:

• Radical HSI transitions did not degrade human performance.

- Less workload and the overall task performance was improved when a digital HSI was substituted with a panel-based HSI during the scenario.

- No observed effects for response time, situation awareness or self-rated performance. No serious impact of the radical HSI transition on expert-rated human performance.

- Two crews considered radical HSI transitions as quite unproblematic

- given a sufficient amount of training. The third crew recognized many benefits of both HSI solutions, but they were generally sceptical to radical HSI transitions (possible acceptance challenges).

4 Diversity in Design Question: Is it technical feasible to Item A1 achieve a level of assurance at least InputsA Performs OutputsA1 comparable to current practice without Function A requiring diverse designs?

Challenge: How can we prove nothing Item A2 will go wrong? If we dont know what InputsA Performs OutputsA2 can go wrong, how can we prevent it?

Function A A1, A2 are diverse, if Problem: how to specify the The same common cause does not degrade the performance requirements and constraints in of A1, A2, e.g.: natural language.

• Latent design defects.

• Unwanted interactions.

• Shared resources.

Assume items A1, A2 are implemented on FPGA

5 Structured Safety Argumentation Approach (SSAA)

We developed a prototype tool for structured argument. In this tool, the notation can be self-defined.

The nodes can be specified to different users.

• Self-defined notation (nodes and reasoning logic)

• Specified nodes for different users

Key messages

• Digital I&C and human performance are closely linked

• Digital systems have the potential improving human performance

• Failures in digital systems may be difficult to handle for humans

• Especially failures in automation systems

• Safety assurance of digital systems is necessary; and evaluation of the roles of new digital systems should be performed together with the evaluation of human performance.