ML23195A134
| ML23195A134 | |
| Person / Time | |
|---|---|
| Issue date: | 07/17/2023 |
| From: | James Chang, Coyne K, Christopher Hunter, Jing Xing NRC/RES/DRA/HFRB |
| To: | |
| References | |
| Download: ML23195A134 (1) | |
Text
Base Standardized Plant Analysis Risk (SPAR)
Model Human Failure Event Application of Integrated Human Event Analysis System for Event and Condition Assessment (IDHEAS-ECA)
Christopher Hunter, Qin Pan, Y. James Chang, Jing Xing, and Kevin Coyne U.S. Nuclear Regulatory Commission Presented by Jing Xing to PSA2023 7-17-2023
Outline I. Introduction II. Overview of IDHEAS-ECA Method III. IDHEAS-ECA Example Evaluation IV. Insights and Path Forward 2
Introduction - IDHEAS-ECA
- In 2019, the U.S. Nuclear Regulatory Commission (NRC) developed a new human reliability analysis (HRA) methodIntegrated Human Event Analysis System for Event and Condition Assessment (IDHEAS-ECA).
- The method is based on state-of-the-art cognitive research and can improve the technical basis, analysis detail, and transparency of key assumptions for estimating the human error probabilities (HEPs) of human failure events (HFEs).
- The NRC has begun applying IDHEAS-ECA in various risk-informed activities.
- Have applied IDHEAS-ECA for Accident Sequence Precursor Analysis and gaining experience with its application.
3
Introduction - History of the NRCs SPAR Models
- The existing HEPs of the HFEs in the SPAR models are industry average values based on the cut set level reviews performed by Idaho National Laboratory (INL).
- NRC risk analysts sometimes need to determine whether HFE(s) need toreevaluate HFE(s) for specific ECA applications.
- These reevaluations can be difficult because there are no base HRA evaluations in the SPAR models.
- The SPAR models often use a single HFE with a single HEP to cover multiple HFE contexts of different accident sequences.
4
Introduction - Phased Approach to Transition to IDHEAS-ECA in SPAR Models
- The first step is to build a knowledge base of IDHEAS-ECA application examples.
- Initial examples are HFEs that are risk significant in the base SPAR models or have been identified as risk significant during ECAs.
- The analysis groups consists NRC risk analysts and IDHEAS-ECA developers to ensure the evaluations are properly performed and documented.
- Potential variabilities associated with different reactor designs and scenario contexts will be explored.
- Feedback from evaluations will be provided to IDHEAS-ECA developers for consideration regarding guidance and method improvements.
5
Outline I. Introduction II. Overview of IDHEAS-ECA Method III. IDHEAS-ECA Example Evaluation IV. Insights and Path Forward 6
Overview of IDHEAS-ECA
- What is IDHEAS-ECA?
- NRCs state-of-art method for all HRA applications.
- Qualitative guidance for analyzing what can go wrong with operator actions and what may cause human errors.
- Quantification model and software for calculating HEPs.
- HEP calculation is supported with many sources of human error data including those from nuclear power plant operator simulator training.
7
IDHEAS-ECA HRA Process Human Failure Event (HFE) HFE Critical tasks Critical task 1 Critical task 2 Critical task 3 Macrocognitive functions and Action Detection Understanding Decisionmaking Teamwork cognitive failure execution modes (CFMs)
Performance influencing PIFs PIFs PIFs PIFs PIFs factors (PIFs)
Human error probability HEP of a CFM = f(PIFs)
(HEP) 8
PIF Structure Environment System Personnel Task Context and Situation
- Information availability
- Staffing and reliability
- Accessibility/habitabi *Procedures,
- System and I&C *Scenario familiarity lity of workplace and guidance, and transparency to *Multitasking, PIF travel paths personnel instructions
- Workplace visibility interruptions, and
- Human system *Training distractions
- Workplace Noise *Team and interface *Task complexity Cold/heat/humidity organizational
- Equipment and *Mental fatigue
- Resistance to physical factors tools *Time pressure and movement *Work processes stress
- Physical demands
- Poor lighting in *Tools are difficult to use PIF workplace *Tools are unfamiliar to
- Procedure is inadequate *Sustained high-attributes *Glare or reflection personnel
- Procedure is difficult demand cognitive on physical *Tools do not work Note: The PIF attributes to use activities structure *Tools or parts are unavailable shown are examples and *Procedure is *Long working hours
- Smoke or fog- *Document nomenclature correspond to the PIFs available, but does *Sleep deprivation induced low does not agree with highlighted in red. not fit the situation visibility equipment labels 9
IDHEAS-ECA outputs
- IDHEAS-ECA has eight steps for a full HRA.
- Each step produces understanding of human performance challenges.
IDHEAS-ECA Steps Outputs Scenario and HFE Analysis
- Important human actions that are critical to plant safety
- Context - Situations or conditions that challenge or facilitate human performance Task Analysis and Applicable
- Cognitive failure modes - How it can go wrong Model Context with PIF
- What may cause human errors Attributes Calculation of HEPs
- What is the likelihood of an HFE Dependency and
- Dependency between human actions Uncertainty Analysis
- Uncertainties in the event itself and in the HRA process 10
Outline I. Introduction II. Overview of IDHEAS-ECA Method III. IDHEAS-ECA Example Evaluation IV. Insights and Path Forward 11
Step 1 & 2: Scenario and HFE Analysis
- HFE Name and Definition
- HPI-XHE-XM-FAB: Operators fail to initiate feed and bleed cooling prior to core damage.
- The entire HFE is considered as a single critical task.
- SPAR Model Application
- The feed and bleed cooling fault tree is queried in the event trees for most transients and small loss-of-coolant accidents (LOCAs) when there is a successful reactor trip, auxiliary feedwater (AFW) fails, and main feedwater (MFW) cannot be restored.
- The base SPAR models use a single industry-average HEP of 2x10-2 for all pressurized-water reactor (PWR) types.
This HEP is used in all internal event scenarios and contexts.
Some external hazards (e.g., seismic) use different HEPs.
- Scenario Description
- A loss of offsite power (LOOP) occurring at a Westinghouse plant was selected as the base case for this evaluation due to its relatively high likelihood.
12
Step 1 & 2: Scenario and HFE Analysis (cont.)
- Event Context
- After entering the reactor trip emergency operating procedures (EOPs), operators will be directed to enter FR-H1 when they are unable to establish adequate feedwater flow due to the failure of AFW and unavailability of MFW and condensate systems due tom the LOOP.
- When all steam SG levels drop below a certain limit (e.g., wide-range SG level less than 25 percent), operators are directed to immediately initiate feed and bleed cooling.
- Boundary Conditions
- The start of this HFE is a LOOP resulting in a subsequent reactor trip (i.e., T = 0) and the end of this HFE is either successful initiation of feed and bleed cooling that prevents core damage or the occurrence core damage.
- Success Criteria
- Operators successfully initiate feed and bleed cooling within sufficient time to prevent core damage.
- Key Cues
- Feedwater flow rates (AFW and MFW), SG levels (Narrow and Wide Ranges)
- Procedural Guidance
- E-0, Reactor Trip or SI, ES-0.1, Reactor Trip Response, FR-H.1, Response to a Loss of Secondary Heat Sink 13
Step 3: Modeling Failure of Critical Tasks
- Detection
- This task requires the operators to detect the alarms and annunciators associated with the LOOP and subsequent reactor trip along with the failure of the AFW system. In addition, operators will need to monitor whether SG levels are adequate to maintain secondary decay heat removal.
- Understanding
- This task requires the operators to understand secondary decay heat removal cannot be maintained and, therefore, must initiate feed and bleed cooling to prevent core damage.
- Decisionmaking
- Decisionmaking is not required for this task because with correct understanding of the event, the procedure requires operators to initiate feed and bleed cooling.
- Action Execution
- This task requires the operators to manually actuate SI (if automatic actuation has not occurred) and open the pressurizer PORVs from the MCR.
- Interteam Coordination
- Interteam coordination is not required for this task because multiple teams would not be involved.
14
Step 4: Assessing PIF Attributes Applicable to the CFMs
- CFM1 -Failure of Detection (Base Probability = 1x10-4)
- Scenario Familiarity - No impact because operators are routinely trained on loss of secondary decay heat removal events.
- Task Complexity - C1: Detection overload with multiple competing signals (1: Few < 7); There are at least two competing signals (1.) the annunciators/parameters associated with LOOP and reactor trip and (2.) the annunciators/parameters associated with the AFW system failure. Selection of this PIF attribute increases the probability of CFM1 from the base probability to 3x10-3.
- The other PIFs were determined to have a negligible impact on the base case HFE.
- CFM2 - Failure of Understanding (Base Probability = 1x10-3)
- Scenario Familiarity - No impact because operators are trained on loss of secondary decay heat removal events.
- Information Completeness and Reliability - No impact because MCR feedwater flow and SG level indications are sufficient to diagnose loss of secondary decay heat removal events.
- Task Complexity - No impact because the requirement of feed and bleed cooling in the event of a loss of all feedwater is basic plant operation concept that is specifically covered by plant procedures.
- The other PIFs were determined to have a negligible impact on the base case HFE.
- CFM4 - Failure of Action Execution (Base Probability = 1x10-4)
- Scenario Familiarity - No impact because the execution steps are routinely trained.
- Task Complexity - No impact because the execution steps are straight-forward (i.e., MCR switch manipulations) and proceduralized.
- The other PIFs were determined to have a negligible impact on the base case HFE. 15
Step 5: Calculate Pc the HEP due to the CFMs
- IDHEAS-ECA quantifies the HEP of a HFE in two portions: Pc accounts for the portion of the HEP attributed to cognitive failures (i.e., CFMs) assuming that there is adequate time available to perform the action. Pt accounts for the portion of the HEP attributed to the potential that there is inadequate time to perform the action.
- The quantification of Pc is performed using the assessment of the PIF attributes performed in Step 4 via the following equation:
= 1 [(1 1) x (1 2) x (1 3) x (1 4) x (1 5)]
- Using the results of the PIF evaluation results in the following Pc for the base case HPI-XHE-XM-FAB:
= 1 [(1 1) x (1 2) x (1 4)]
=1 [(1 3x103) x (1 1x103) x (1 1x104)] = 4x103 16
Steps 6 & 7: Estimate Pt and Total HEP
- IDHEAS-ECA calculates Pt based on the probabilistic distributions of the time available (Tavail) and the time required (Treqd) for the HFE.
- Extensive timing information is not currently available to NRC analysts for this operator action.
- For given Tavail, Pt is sensitive to the distribution of Treqd.
Tavail Treqd Pt Mean Error Factor (EF) Mean EF 20 min single value 5 min 3 2x10-2 20 min single value 5 min 2 5x10-4
- Calculate Total HEP
= 1 (1 )(1 ) = 1 1 4 x 103 1 5 x 104
= 4 x 103 17
Step 8: Integrative Analysis - Uncertainties, Sensitivities, Dependency
- Key Uncertainties Identified:
- The information available to select Tavail is limited.
The 20 minutes selected for the base case is conservative for most plants.
- The selection of the appropriate EF for the timing estimates can have a significant effect on the Pt and the overall HEP.
- The Decisionmaking CFM was determined to not be applicable for the base HFE.
However, there is some belief that operators could still hesitate to initiate feed and bleed cooling while attempting to restore AFW in the base case scenario.
If analysts believe this is the case, Pc could increase to 2x10-2.
- Selecting the status of the PIF attribute to C1, Detection Overload with Multiple Competing Signals for the PIF of Task Complexity in the Detection CFM is a potential uncertainty.
Revised guidance developed since this initial evaluation was completed no longer cites this as key uncertainty.
18
Outline I. Introduction II. Overview of IDHEAS-ECA Method III. IDHEAS-ECA Example Evaluation IV. Insights and Path Forward 19
Insights
- The HEPs for the same HFE calculated for scenario and technological variabilities show significant increase or decrease from the base case HEP.
- These results show that the use of the generic HEPs for SPAR model of the similar plant type can over- or under-estimate the baseline risk for a specific plant and/or context.
- However, the determination of whether these HEPs make a significant impact regularly in NRC risk assessments is unclear.
- Also note that without credit for recovery, IDHEAS-ECA calculations result in a practical minimum HEP of 1x10-3.
- The guidance for crediting recovery is still under development and was not considered as part of this evaluation.
- Therefore, future consideration of recovery could lower the HEPs calculated, especially for HFEs with significant time availability.
20
Path Forward
- One possibility is the evaluation of the FLEX HFEs.
- In addition, a better understanding of the impact of potential changes to the HEPs in the SPAR models is needed.
- Benchmarking activities with the revised HEPs can be performed by INL to determine the overall impact of the HEPs have on baseline CDFs.
- In addition, SAPHIRE calculations associated with past ECAs can be reproduced to determine if revised HEPs would have resulted in different risk-informed decisionmaking.
21