IDHEAS Suite for Human Reliability Analysis- an Overview and Recent Developmental Focuses (Presentation Slides for PSAM17/ASRAM2024 Conference)

ML24270A118
Person / Time
Issue date:	10/07/2024
From:	Chang Y NRC/RES/DRA/HFRB
To:
References
Download: ML24270A118 (25)
v • d • e

Text

IDHEAS Suite for Human Reliability Analysis

- An Overview and Recent Developmental Focuses Yung Hsien James Chang, Ph.D.

Senior Reliability and Risk Analyst U.S. Nuclear Regulatory Commission Presented at PSAM17/ASRAM2024 Conference Sendai, Japan October 7 - 11, 2024

2 Presentation Outline

• IDHEAS suite - The NRCs HRA tools

• Near-term work focuses

• An example of supporting the development of IDHEAS-ECA desktop guide

• Opportunities for collaborations

3 IDHEAS Suite - Developmental Background

• The Significance determination process (SDP) and Accident Sequence Precursor (ASP) are the NRCs human reliability Analysis (HRA) applications for reactor safety

• Require assess human error probabilities (HEPs) with specific contexts, identified by inspection findings.

• The existing methods performance influencing factors (PIFs) generally lack of adequate granularities to represent the context and data basis to assess the HEPs.

• The NRC Commission directed the NRC staff to develop HRA methods and HRA database

• Two SRMs (M061020 and M140529) on HRA methods development

• One SRM (M090204b) on HRA database development

• IDHEAS Suite is to achieve the goals of these SRMs

4 IDHEAS Suite - Functions and Products Function Products High-Level HRA guidance IDHEAS-General Methodology (NUREG-2198)

HEP quantification IDHEAS-ECA (NUREG-2256); IDHEAS-AT Power (NUREG-2199);

IDHEAS-Dependency (RIL 2021-14); Error Recovery (TBD);

Time Uncertainty (TBD); and HEP Uncertainty (TBD);

Expert elicitation (NUREG-2255, draft)

Data basis IDHEAS-DATA (in process) and SACADA, Guidance on data generalization and integration.

Software tool IDHEAS-ECA tool (present status: rev. 1.2)

Quality control IDHEAS-ECA desktop guide (in development); independent reviews IDHEAS-ECA Evaluation of SPAR HFEs (in process) - also demonstrate documentation.

NUREGs are available in https://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/index.html.

Research Information letters (RIL) are available in https://www.nrc.gov/reading-rm/doc-collections/research-info-letters/index.html.

5 The NRCs 2024 HRA Publications

• HRA R&D five-year plan (internal)

• RIL 2024-03 Integrated Human Event Analysis System (IDHEAS) - Time and Time Uncertainty.

• RIL 2024-04 Human Reliability Analysis for Calculating Effects of Performance Influencing Factors: A Review of Historical Approaches.

• RIL 2024-05 Simulator Data Analysis to Inform Digitalized Environment Impacts on Human Reliability

• RIL 2024-11 Use of Expert Elicitation Guidance to Inform a Small-Scale Knowledge Judgment Application

• NUREG-2255 Expert Elicitation Guidance (in process)

• RIL 2024-xx IDHEAS-ECA Evaluation of SPAR HFEs (in process)

• RIL 2024-xx IDHEAS-DATA Verification (in process)

• IDHEAS-ECA tool rev. 1.3 (in process)

6 Near-Term Work Focuses

• Guidance development

• Develop IDHEAS-ECA desktop guide

• Recommended by an NRC workgroup that use IDHEAS-ECA to analyze SPAR human actions

• To improve reliability and consistency of analysts applying IDHEAS-ECA

• With support of industry

• Verify IDHEAS-Dependency

• Develop IDHEAS-Error Recoveries

• Develop IDHEAS-Time Uncertainty

• IDHEAS-ECA tool rev. 1.3 - add dependency model

• Collect HRA data (continuous effort)

• Publish the in-process products

7 Develop IDHEAS-ECA Desktop Guide

• Revisit references listed in IDHEAS-DATA to

• Enhance the existing IDHEAS-ECA guidance on the selection of cognitive failure modes (CFMs) and performance influencing factor attributes (PIFAs)

• Provide adequate details about the references contents to supplement guidance to support the analysts in selecting CFMs and PIFAs

• Update the data in IDHEAS-DATA

Data Generalization and Integration 8

9 A Data Generalization and Integration Example

• Task Complexity: C1 Detection overload with multiple competing signals

• Track the states of multiple systems

• Monitor many parameters

• Memorize many pieces of information detected

• Many types or categories of information to be detected

• IDHEAS-ECA consolidates multiple data points to estimate human error probabilities (HEPs)

Task Complexity in Detection: C1

- Implemented in IDHEAS-ECA HEP range: 3E 3E-1 10

Data Sources (1/2)

There references are available in IDHEAS-DATA (Draft, ADAMS Accession #: ML20238B982).

[26] is SACADA data.

11

12 Data Sources (2/2)

[26] SACADA Detection Data

- Alarm board is dark 13 Desc.

Malfunction TOE (training objective element)

UNSAT SAT SAT SAT+

Total UNSAT Ratio(%)

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Determines 1A CCW pump has tripped 1

13 0

0 14 7.14 RCP Seal Cooling Evaluation Loss of 1A CCW Pump Per 0POP09-AN-02M3 ensures the standby CCW train starts with proper alignment 0

12 0

1 13 0

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Initiate Tech Spec actions 0

14 0

0 14 0

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Determines 1C RCP Thermal Barrier Isolation valve closed 0

14 0

0 14 0

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Per 0POP09-AN-04M7 determines the Thermal Barrier Isolation valve MOV-0390 has closed du 0

13 1

0 14 0

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Enters 0POP04-RC-0002 RCP off-normal 0

13 1

0 14 0

RCP Seal Cooling Evaluation Loss of 1A CCW Pump Briefs loss of ALL seal cooling to be ready in case Seal Injection is lost 1

13 0

0 14 7.14 RCP Seal Cooling Evaluation Loss of 1A CCW Pump Ensures Tech Specs recognition and compliance 0

14 0

0 14 0

RCP Seal Cooling Evaluation Total Loss of RCP Seal Cooling Determines total loss of RCP seal cooling 0

14 0

0 14 0

RCP Seal Cooling Evaluation Total Loss of RCP Seal Cooling Trips the Reactor and ensures Main Turbine is Tripped 0

14 0

0 14 0

RCP Seal Cooling Evaluation Total Loss of RCP Seal Cooling Trips 1C RCP within 1 minute of loss of RCP seal cooling 0

14 0

0 14 0

RCP Seal Cooling Evaluation Total Loss of RCP Seal Cooling Restores cooling with PDP prior to reaching 230 0F on the #1 seal inlet temperature 0

14 0

0 14 0

RCP Seal Cooling Evaluation Small Break LOCA Determines RCS leakage into the Containment building 0

14 0

0 14 0

RCP Seal Cooling Evaluation Small Break LOCA Ensures Safety Injection is actuated and either continues on in 0POP05-EO-EO00 or Transition 0

14 0

0 14 0

RCP Seal Cooling Evaluation Small Break LOCA Determines RCS pressure has reached RCP Trip Criteria value 1

13 0

0 14 7.14 RCP Seal Cooling Evaluation Small Break LOCA Determines that RCP Trip criteria is NOT met due to effectively NOT having a HHSI in service 3

11 0

0 14 21.43 RCP Seal Cooling Evaluation Small Break LOCA (IF time permits) Declares an ALERT due to FA1 any Loss or ANY potential Loss of Fuel Clad o 0

12 0

0 12 0

[26] An Example of SACADA Detection Data

- Alarm board is busy 14 Desc.

Malfunction TOE (training objective element)

UNSAT SAT SAT SAT+

Total UNSAT Ratio(%)

CVCS Issues RC filter 1A plugs Responds to changes in indicated letdown flow (alarm response) 0 11 1

0 12 0

CVCS Issues RC filter 1A plugs Diagnoses indications as plugged RC filter (alarm response directed) 0 12 0

0 12 0

CVCS Issues RC filter 1A plugs Directs swapping of in service RC filter per 0POP02-CV-0004 0

12 0

0 12 0

CVCS Issues RC filter 1A plugs Verifies adequate level exists for Letdown diversion prior to diverting Letdown 0

11 0

0 11 0

CVCS Issues Loss of power to PL125F Diagnoses loss of PL125F (ICS computer point - Point INFO) 0 11 1

0 12 0

CVCS Issues Loss of power to PL125F Enters 0POP04-DA-0001 Loss of Non-Class 125 vdc 0

12 0

0 12 0

CVCS Issues Loss of power to PL125F Notes power exceeding limits and reduces power per Immediate Actions of 0POP04-MS-0001 0

9 2

1 12 0

CVCS Issues Loss of power to PL125F Determines need for additional CD flow, and directs/starts an additional CD pump per 0POP04-CD-000 0

11 1

0 12 0

CVCS Issues Loss of power to PL125F Throttles DA LVL valves to <80% to prevent CP bypass and slowly controls flow to restore level. (power 2

8 2

0 12 16.67 CVCS Issues Loss of power to PL125F Notifies QSE by ring down if power reduction of more than 25Mwe is necessary.

0 12 0

0 12 0

CVCS Issues Loss of CCW to LD HX Responds to alarms/indications on CP004. Performs alarm response 4M08/C3 1

11 0

0 12 8.33 CVCS Issues Loss of CCW to LD HX Diagnoses loss of cooling to Letdown HX 0

11 1

0 12 0

CVCS Issues Loss of CCW to LD HX Dispatches PO to CC-TV-4494 to inspect 0

12 0

0 12 0

CVCS Issues Loss of CCW to LD HX Enters and directs applicable steps of 0POP04-CV-0004.

0 12 0

0 12 0

CVCS Issues Loss of CCW to LD HX Directs bypass of CC-TV-4494 or directs placing Excess letdown in service to control inventory 0

12 0

0 12 0

CVCS Issues Loss of CCW to LD HX Directs swapping CVCS seal return to the VCT due to failure 0

10 0

0 10 0

CVCS Issues Loss of CCW to LD HX Controls Excess Letdown parameters to prevent lifting of seal return relief (150#)

1 9

0 0

10 10 CVCS Issues Low Stator Cooling Water DP Turbine trip Dispatches Operator to ZLP 119 to respond to Stator Cooling TRBL alarm 0

11 0

0 11 0

CVCS Issues Low Stator Cooling Water DP Turbine trip Diagnose Turbine trip due to low Stator Cooling Water DP 0

11 0

0 11 0

CVCS Issues Low Stator Cooling Water DP Turbine trip Enters 0POP05-EO-EO00 Reactor trip response 0

11 0

0 11 0

CVCS Issues Low Stator Cooling Water DP Turbine trip Performs Immediate actions from memory 0

11 0

0 11 0

[26] An Example of SACADA Detection Data -

- Alarm board is overloaded 15 Desc.

Malfunction TOE (training objective element)

UNSAT SAT SAT SAT+

Total NSAT Ratio(%

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Determines Temperature Indicator has Failed High 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Enters 0POP09-AN-08M3 window D-2 MSR TRBL 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Dispatches a Plant Operator to investigate 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Determines that computer point BD7400 indicates trouble 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Performs Addendum 1 of 0POP09-AN-08M3 window D-2 MSR TRBL 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Places the MSR Controller in Manual and restores MSR temperature 0

13 0

0 13 0

RCS LOCA to ES12 ECW Strainer Clogging Enters 0POP09-AN-02M4 and dispatches a Plant Operator to the ECW Structure 0

13 0

0 13 0

RCS LOCA to ES12 ECW Strainer Clogging Enters 0POP04-EW-0001 and takes actions to restore ECW 0

13 0

0 13 0

RCS LOCA to ES12 ECW Strainer Clogging Directs/Places ESF DG 13 in PTS and secures C train ECW/CCW 0

13 0

0 13 0

RCS LOCA to ES12 ECW Strainer Clogging Makes Plant Page to get other licensed personnel back into the Control Room 0

12 0

0 12 0

RCS LOCA to ES12 ECW Strainer Clogging Determines Essen Chiller 12C has tripped 0

13 0

0 13 0

RCS LOCA to ES12 ECW Strainer Clogging Determines that 1C ECW pump and all the cascading Train C equipment is INOPERABLE and enters 0

13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Diagnose RCS leakage to the RCB and estimate leakage at 45 to 75 gpm.

0 11 0

2 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Enter POP04-RC-0003, Excessive RCS Leakage and transition to Addendum 3.

0 12 1

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Determine that leakage is within the capacity of charging to maintain Pressurizer level and within make 0

13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Respond to Containment Pressure Hi/Lo alarm and enter 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> action. (T.S. 3.6.1.4) 0 13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Notify Health Physics.

0 13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Remove normal letdown and charging from service.

0 13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Determine that RCS leakage is greater than Tech Spec limits. (T.S. 3.4.6.2) 0 13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Continue through POP04-RC-0003 in an attempt to identify and isolate the source of the leakage.

0 13 0

0 13 0

RCS LOCA to ES12 RCS Leakage (~60 gpm)

Declare an Unusual Event based on unidentified leakage greater than 10 gpm per SU4 EAL-1 and inclu 0

13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Determine and report that RCS leakage has exceeded charging capacity to maintain pressurizer level.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Direct a reactor trip and safety injection based on increasing RCS leakage.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Enter POP05-EO-EO00, Reactor Trip or Safety Injection.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Perform POP05-EO-EO00 immediate actions from memory.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Notifies Owners of the Rx. Trip within 15 minutes of a unit trip and updates website within an hour with 1

12 0

0 13 7.69 RCS LOCA to ES12 RCS LOCA (450 gpm)

Perform POP05-EO-EO00, Addendum 5 when directed.

1 11 1

0 13 7.69 RCS LOCA to ES12 RCS LOCA (450 gpm)

Transition to POP05-EO-EO10 based on RCS leakage to containment.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Depressurize steam generators to 1000 psig and adjust PORV set points within 45 minutes from LOC 0

12 0

1 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Initiate charging flow to restore pressurizer level.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Directs/Performs 0POP04-ZO-0003, Secondary Plant Stabilization.

0 12 0

1 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Direct a transition to POP05-EO-ES12, Post LOCA Cooldown and Depressurization.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Declare an Alert based on RCS leakage greater than the capacity of charging (FA1) and include escala 0

13 0

0 13 0

RCS LOCA to ES12 LP Turbine 11 Inlet Temperature Fails High Discusses turbine trip contingencies associated with MSR Manual mode 2

10 0

1 13 15.38 RCS LOCA to ES12 RCS LOCA (450 gpm)

CONTROLS cooldown rate less than or equal to 100 degrees/hr.

0 13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

CONTROLS depressurization and MAINTAINS greater than or equal to 35 degrees subcooling 0

13 0

0 13 0

RCS LOCA to ES12 RCS LOCA (450 gpm)

Determines that the 12B Essential Chiller has tripped, and secures EAB HVAC for that train.

3 8

2 0

13 23.08

16

[26] SACADA Statistics Against Control Board Status HEP PIFA Notes 2.1E-3 (2/953)

Alarm board is dark Other PIFAs may exist.

5.0E-3 (5/991)

Alarm board is busy Other PIFAs may exist.

3.9E-2 (6/155)

Alarm board is overloaded Other PIFAs may exist.

The scenarios and the descriptions of the training objective elements (TOE) provide additional information.

[37] THERP 17

18

[37] THERP Annunciator Response Model -

Applicability and Considerations

• "one annunciator" also refers to a set of annunciators that trained operators regard as a single unit.

• How to count the number of annunciators?

• Apply to the operator needs to attend a number of annunciators in the condition multiple annunciators activated.

• Knowledge-driven behavior instead of procedure-guided behavior

• Pr[Fi] is the failure to initiate action in response to the i-th annunciator in a group of n annunciators.

• Need to have annunciator occurrence sequence.

• Pr[F.i] is the failure to initiate action in response to a randomly selected annunciator in a group of annunciators.

• The error modes include detection, understanding, and decisionmaking.

19

[132] Cummings, Mary L. and Chris Tsonis. Deconstructing complexity in air traffic control proceeding of the Human Factors and Ergonomics Society Annual Meeting, 2005

• Students performed air traffic controller (ATC) tasks in a simple GUI:

- 10, 20, and 30 aircrafts

- Sequential and non-sequential arrival

- Number of color codes

• Test: The students were asked How many aircraft will depart in 20 minutes? The students need to

• Answer the question

• Notify the supervisor on when they first noted that a flight of a certain carrier entered the outermost control circle. Failure to provide the notification is an error of omission.

[132] GUI and Color Code 20

21

[132] Error of Omission Ratio Color #

Correct#

Error#

HEP 3

125 38 0.23 6

130 40 0.24 9

105 65 0.38

22

[132] Considerations on using [132] Data

• Additional PIFAs: high time constraint and dual tasking

• Large HEPs implies other factors contributed to the HEPs

• Student test subjects and simplified GUI

• Difficult to identify nuclear tasks having the similar challenges in information detection

23 Additional Data - HuREX Data

• APR1400 simulator data collected by Korea Atomic Energy Research Institute (KAERI)

• Digital control room and procedures

24 Data-Informed Considerations in Developing IDHEAS-ECA Desktop Guide

• The existing guidance requires the analysts to count the number of competing signals. Analysts questions:

• What is the counting unit? (THERP definition on annunciators)

• Definition of competing.

• SACADAs situational factors may be a better alternative to be incorporated into IDHEAS-ECA desktop guide

• HuREX data suggest the need to distinguish procedure-guided detection vs. self awareness detections

25 Opportunities for Collaborations

• The NRC welcomes collaborations in HRA method, data, and tool

• The NRC can provide free applications, source codes, and technical support of IDHEAS-ECA and SACADA

• Collaborations require go through the NRC approval process.

• NRCs HRA data needs

• Multiple sites: Existing data is from a nuclear site.

• BWR data: Existing data is from a PWR site.

• Field performance data: Existing data only contains control room actions. Field data, e.g., job performance measures, would expand the coverage.

• Timing data: to assess time uncertainty and the drivers