ML19212A737: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
 
(Created page by program invented by StriderTol)
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:}}
{{#Wiki_filter:NRC-RES/EPRI FIRE PRA METHODOLOGY:
Overview: Fire HRA Guidance for Main Control Room Abandonment (MCRA)
Scenarios in Fire Events NRC-RES Fire PRA Workshop Module IV August 5-9, 2019 Rockville, MD
 
Outline of the Presentation Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Overview:
  - Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Quantitative analysis Recovery analysis Dependency analysis Uncertainty analysis Overview of MCRA HRA          Slide 2          Fire PRA Workshop 2019, Rockville, MD
 
Presentation Objectives Provide update and status on recent fire HRA research performed jointly by NRC-RES and EPRI Be aware of new resources for performing fire HRA for main control room abandonment (MCRA) scenarios Understand key differences between fire HRA in MCRA scenarios and that for non-MCRA scenarios such as:
  -  Qualitative analysis
  -  Feasibility assessment
  -  HFE identification & definition (along with PRA scenario development)
  -  Timing analysis
  -  Quantification No learning objectives; this presentation is a summary only of recently completed research. A more complete presentation may be developed later.
Overview of MCRA HRA                  Slide 3          Fire PRA Workshop 2019, Rockville, MD
 
Joint EPRI/NRC-RES Fire HRA Research:
Main Control Room Abandonment NUREG-1921/EPRI1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines was published in July 2012 Recognized MCRA is a special case for HRA and fire PRA Identified MCRA as an area requiring future research Industry introduced Frequently Asked Question (FAQ) 13-0002, Modeling of Main Control Room (MCR) Abandonment on Loss of Habitability in response to NRCs Requests for Additional Information (RAIs)
In 2015, EPRI & NRCs Office of Nuclear Regulatory Research (RES) started a project to develop guidance for HRA in MCRA scenarios, working jointly under Memorandum of Understanding (MOU)
To provide additional HRA/PRA guidance for MCRA scenarios To publish guidance as joint EPRI/NRC-RES report(s)
To publish guidance that supplements (not replaces) NUREG-1921 To address both loss of habitability (LOH) and loss of control (LOC)
Overview of MCRA HRA                          Slide 4                Fire PRA Workshop 2019, Rockville, MD
 
Technical Approach for Developing HRA/PRA Guidance for MCR Abandonment Scenarios Starting points for development:
  -  NUREG-1921
  -  Industry/NRC interactions related to FPRA-FAQ 13-0002
  -  NUREG/CR-6850
  -  NFPA-805 experience (both industry and NRC)
Guidance is intended for both HRA and PRA analysts Guidance is divided into two reports:
  - Qualitative analysis - NUREG-1921, Supplement 1/EPRI 3002009215 Publicly available on EPRIs website (August 2017):
https://www.epri.com/#/pages/product/000000003002009215/
  - Quantification - NUREG-1921, Supplement 2/EPRI 3002013023 Publicly available on EPRIs website (June 2019):
https://www.epri.com/#/pages/product/000000003002013023/?lang=en-US NRCs publication of Supplements 1 and 2 is forthcoming.
Overview of MCRA HRA                        Slide 5              Fire PRA Workshop 2019, Rockville, MD
 
Technical Approach (continued)
Both Supplements 1 and 2 have been subjected to multiple reviews, such as:
  - ACRS PRA Subcommittee briefings Supplement 1 - May 4, 2016 Supplement 2 - April 4, 2018
  - Peer reviews (with NRC and industry stakeholders, HRA/PRA experts, behavioral & cognitive scientists)
  - Internal reviews (e.g., NRCs Office of Nuclear Reactor Regulation (NRR), RES management, EPRI management)
For MCRA scenarios, Supplements 1 and 2 should be used together with NUREG-1921
  - Supplements 1 and 2 explicitly state where guidance is supplants any earlier guidance
  - For some topics, Supplements 1 and 2 add to or replace guidance in NUREG/CR-6850 (e.g., definition of loss of control scenarios, HRA quantification)
Overview of MCRA HRA                Slide 6          Fire PRA Workshop 2019, Rockville, MD
 
Roadmap to Supplement 1 - Qualitative Analysis Section 2 - Overview of MCRA HRA/PRA Section 3 - Modeling MCRA Scenarios in Fire PRA Section 4 - Analysis of the Decision to Abandon Section 5 - Identification & Definition of HFEs for MCRA Scenarios Section 6 - Feasibility Assessment for MCRA Scenarios Section 7 - Timing & Timelines for MCRA Scenarios Section 8 - Performance Shaping Factors for MCRA Scenarios Section 9 - Recovery, Dependency, & Uncertainty Appendix A - MCRA Regulatory Background, Historical Events.
Appendix B - Command & Control Appendix C - Guidance & Tips for MCRA Information Collection Overview of MCRA HRA            Slide 7          Fire PRA Workshop 2019, Rockville, MD
 
Roadmap to Supplement 2 - HRA Quantification Guidance Section 2 - Development of Timing Parameters Used in MCRA HRA Quantification Section 3 - Phase I: Pre-Abandonment HFEs Section 4 - Phase II: Decision to Abandon Section 5 - Phase III: Actions Following the Decision to Abandon Section 6 - Recovery, Dependency, & Uncertainty Analysis Appendix A - Use of Experts & Expert Judgement.
Appendix B - Development of the Technical Approach for Phase II Appendix C - Development of the Technical Approach for Command & Control Appendix D - Considerations for Potential Future Quantification Approaches Overview of MCRA HRA            Slide 8          Fire PRA Workshop 2019, Rockville, MD
 
Selected Topics from Supplement 1 - Qualitative Analysis Overview (or necessary mindset change for MCRA HRA)
PRA aspects Feasibility assessment Timelines Influencing factors Command and control Overview of MCRA HRA      Slide 9        Fire PRA Workshop 2019, Rockville, MD
 
Overview (or HRA mindset change)
Purpose of Overview (Section 2) is to help readers understand why more & different qualitative analysis activities may be necessary to address MCRA scenarios Topics:
  - Whats unique about MCRA contexts?
  - Implications for HRA/PRA
  - Whats different from NUREG-1921 for MCRA?
Pointers to appendices:
  - Appendix A - background & historical events
  - Appendix B - discussion of command and control
  - Appendix C - guidance for collecting plant information for MCRA Overview of MCRA HRA            Slide 10            Fire PRA Workshop 2019, Rockville, MD
 
Overview (or mindset change) (continued)
Whats unique about MCRA contexts (& why a different HRA mindset)?
  - MCRA is a rare NPP event
  - MCRA is a special case of fire HRA/PRA that does not build on internal events HRA/PRA
  - Without MCR environment, emergency operation procedures (EOPs), etc., common HRA assumptions (e.g., all crew members working off same procedure and providing backup to other crew members) cannot be used for MCRA
  - MCRA HRA/HRA must address variations (even within NPP type and vendor) in, for example:
Remote shutdown panel (RSDP) design & capabilities General plant design Procedure(s) & associated strategy taken for safe shutdown Overview of MCRA HRA                Slide 11          Fire PRA Workshop 2019, Rockville, MD
 
Qualitative Guidance: PRA Aspects Expanded MCRA process and guidance from EPRI 1011989 / NUREG/CR-6850
  - Fills gaps in existing methodology where additional guidance is needed Integrating HFEs and equipment failures in model Determine plant conditions when LOH or LOC may occur
  - Entry criteria for LOH based on specific thresholds and calculated from fire modeling
  - Entry criteria for LOC not well defined in current methodology Expanded LOC scenario definition
  - Identified in MCRA procedure entry conditions or, more likely, through interviews with operations What loss of function and instrumentation would lead to shutdown using RSDP?
Identification is highly plant specific Overview of MCRA HRA                    Slide 12      Fire PRA Workshop 2019, Rockville, MD
 
Feasibility Assessment for MCRA NUREG-1921 established feasibility criteria for modeling HFEs in fire PRAs Four new types of guidance are discussed:
  - Feasibility must be assessed on a scenario level, in addition to with respect to individual human failure events (HFEs)
  - Two new criteria have been identified:
Must have a communications plan Must have a plan for command and control
  - Some additional guidance on assessing existing criteria
  - What to do if not feasible is not acceptable Discussed later under Interface with Operations Overview of MCRA HRA                Slide 13          Fire PRA Workshop 2019, Rockville, MD
 
Timing and Timelines NUREG-1921 established a timeline for individual HFEs
  - Guidance in NUREG-1921 can be applied to MCR abandonment HFEs For MCRA, timing is even more critical, so the supplementary guidance recommends:
  - Developing scenario specific timelines that show who is doing what and when, all with respect to the same time origin
  - Accounting for command, control, and coordination of tasks by various operators stationed at different locations
  - Integrating the various different timing sources into a single timeline with the same time origin:
fire progression accident progression procedure progression and operator response Overview of MCRA HRA                Slide 14          Fire PRA Workshop 2019, Rockville, MD
 
Timing and Timelines - Three Time Phases of MCRA Phase I - Time period before abandonment decision Phase II - Time period for the decision to abandon Phase III - Time period after abandon has been made Overview of MCRA HRA                        Slide 15            Fire PRA Workshop 2019, Rockville, MD
 
Timing and Timelines - Three Time Phases of MCRA Phase I - associated with actions taken before the decision to abandon Phase II - timing for the decision to abandon is plant-specific and requires agreement between plant operations, fire PRA modeling and fire HRA
  - Typically, the team will need to define conditions which require abandonment and the time at which these conditions will exist. Good example of FPRA feedback to training and/or procedures.
Phase III - timeline accounts for execution time after leaving the MCR, the same as NUREG-1921
  - Also addresses extra time required for command & control, coordination, and communications Overview of MCRA HRA                Slide 16          Fire PRA Workshop 2019, Rockville, MD
 
Example of Integrated Timeline For MCRA Scenario There can be more than one representation of a timeline Overview of MCRA HRA                          Slide 17 Fire PRA Workshop 2019, Rockville, MD
 
Example of Integrated Timeline For MCRA Scenario Same scenario as previous example but this example shows timelines for individual PRA actions.
Overview of MCRA HRA                          Slide 18          Fire PRA Workshop 2019, Rockville, MD
 
Performance Shaping Factors (PSFs)
Guidance for evaluating PSFs primarily derived from:
  - List of PSFs developed in NUREG-1921
  - Experience of PRA analysts in identifying MCRA sequences modeled The following PSFs identified in NUREG-1921 are just as critical for MCRA (and in some cases, more so):
  -  Complexity              - Time pressure and stress
  -  Crew dynamics            - Human-machine interface
  -  Crew communications      - Environment
  -  Cues and indications    - Staffing and availability
  -  Procedures              - Special equipment
  -  Training                - Special fitness needs
  -  Timing However, what is important to HRA about these PSFs is that they may be different in MCRA than in other fire scenarios Overview of MCRA HRA              Slide 19          Fire PRA Workshop 2019, Rockville, MD
 
Performance Shaping Factors (Continued)
In general, assessment of the PSFs for MCRA needs to consider:
  - Decision to abandon the MCR
  - Actions at the RSDP
  - Local actions in the plant
  - Command & control issues, including communication & coordination Guidance to the analyst in this section:
  - Provides table of examples of the PSF impacts related to distinguishing features of MCRA scenarios
  - Assists the analyst in determining which PSFs are the more significant contributors to the qualitative analysis of a particular MCRA scenario by identifying the contexts that make a PSF consequential, and why Content of these tables is considered preliminary Overview of MCRA HRA                  Slide 20            Fire PRA Workshop 2019, Rockville, MD
 
Command and Control (C&C)
Meta-PSF that describes the need for a central body of authority to make decisions but have them carried out by a distributed group C&C during in-MCR operations:
  - Shift supervisor is aided by reactor operators (ROs) and shift technical advisor (STA), who are monitoring and providing information input
  - Staff are co-located, allowing face-to-face communication and shared access to information in a relatively quiet atmosphere MCRA is more complex and person-in-charge must transition through a series of contexts:
  - Decision to abandon the MCR
  - Transition to the RSDP
  - Communication of instructions to staff located elsewhere, sometimes based on reports of measurements from the field Overview of MCRA HRA                  Slide 21          Fire PRA Workshop 2019, Rockville, MD
 
Differences between MCRA and MCR operations -
communication paths, indications and controls Shift Supervisor (SS, in charge of C&C) cannot directly communicate with all operators; i.e., face-to-face, real time
  - Figure shows dashed lines (rather than solid lines) to represent indirect communications (e.g., use of radios)
SS likely needs to communicate with more than the two operators (see next slide)
  - However, for simplicity, the figure only shows two operators Unlike in the MCR, the SS can act (i.e., directly manipulate equipment)
Depending on the capability of the RSDP, the SS may be able to only indirectly (i.e., through communications with operators at local plant stations) manipulate equipment, obtain information, etc.
Overview of MCRA HRA                Slide 22          Fire PRA Workshop 2019, Rockville, MD
 
Differences in Control & Communications (after Moray)
Non-Abandonment                                Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data A solid line represents direct interactions. For example, operator is located at the control station.
A dashes line represents indirect interactions. There maybe distance between the operators and/or plant. For example the SS maybe at the RSDP while the operator maybe elsewhere in the plant Overview of MCRA HRA        Slide 24                      Fire PRA Workshop 2019, Rockville, MD
 
Selected Topics from Supplement 2 - HRA Quantification Overview of MCRA HRA quantification Phase II quantification - decision to abandon Phase III quantification - after decision to abandon Timing inputs for MCRA HRA quantification (mostly Phase II)
Future work Overview of MCRA HRA          Slide 25        Fire PRA Workshop 2019, Rockville, MD
 
Overview of MCRA HRA quantification MCRA HRA guidance is different depending on phase
  - Phase I - before the decision to abandon
  - Phase II - decision to abandon (explicitly modeled for LOC only)
  - Phase III - after decision to abandon Each phase is characterized by:
  - Location for operator actions
  - Procedures used (i.e., EOPs versus MCRA safe shutdown)
  - Location for command and control (C&C)
Focus for Supplement 2 MCRA HRA quantification guidance is on:
  - Decision to abandon for LOC scenarios
  - Phase III operator actions (after leaving the MCR), including impact of C&C Overview of MCRA HRA                  Slide 26          Fire PRA Workshop 2019, Rockville, MD
 
HRA quantification for decision to abandon for LOC scenarios Qualitative analysis is important, especially the feasibility assessment specific to decision to abandon, i.e.,
        - Abandonment procedure must contain explicit guidance on cues for abandonment, OR
        - A consensus opinion from operator interviews must match definition of LOC Quantification is based on qualitative insights from Supplement 1 (e.g., important performance shaping factors) & an expert panel Experts maintained that reluctance to leave MCR is primary driver, with procedures, training, & time available being moderating influences Appendix D in NUREG-1921 Supplement 2 discusses, generally, HRA challenges & state of knowledge for decisions with serious consequences Overview of MCRA HRA                  Slide 27              Fire PRA Workshop 2019, Rockville, MD
 
HEP quantification for decision to abandon on LOC Overview of MCRA HRA    Slide 28    Fire PRA Workshop 2019, Rockville, MD
 
HRA quantification for operator actions after the decision to abandon Phase III operator actions should be treated the same way as HRA typically addresses operator actions, e.g.,
      - Both cognition & execution contributions should be addressed (although there is typically no additional cognition for Phase III actions, given the decision to abandon has been made)
      - Qualitative analysis & feasibility assessment should be performed Two new feasibility assessment criteria for Phase III (plus all criteria from NUREG-1921):
: 1. Need to have a communications plan
: 2. Need to have a C&C plan Command and Control failures in Phase III:
      - Expert panel also identified the need to add a contribution from C&C sequencing failures in certain instances where the improper order or sequencing of operations leads to failure of an SSC
      - Flowchart is used to determine if a C&C contribution should be added to other failure probabilities
      - Two C&C sequencing failure probabilities (taken from NUREG-2199, IDHEAS at-power):
HEP = 1.9E-2, with compensating measures HEP = 9.4E-2, without compensating measures Overview of MCRA HRA                                    Slide 29                          Fire PRA Workshop 2019, Rockville, MD
 
Phase III C&C Sequencing Failures HEP = 1.9E-2 HEP = 9.4E-2 Overview of MCRA HRA        Slide 30            Fire PRA Workshop 2019, Rockville, MD
 
Developing Timing Inputs for Phase II Supplement 2, Section 2 discusses development of timing inputs for all Phases, but emphasis is on inputs for Phase II (i.e., quantification tool for the decision to abandon for LOC scenarios)
Two main concerns for LOC scenarios:
  - Estimating the time required for decision to abandon is difficult (since it is not usually trained on)
  - Phase II (decision to abandon) and Phase III (after decision) share the same system time window Quantification tool for decision to abandon for LOC scenarios only requires time available for decision; estimation of time required is only needed to demonstrate feasibility Overview of MCRA HRA                Slide 31        Fire PRA Workshop 2019, Rockville, MD
 
Developing Timing Inputs for Phase II (continued)
Steps for developing timing inputs is:
: 1. Calculate the system time window (TSW) for the overall MCRA scenario (i.e., for both Phase II and Phase III).
: 2. Develop the time required (Treqd,III) to perform the initial Phase III actions.
: 3. Set the time available for Phase III actions (Tavail,III) equal to the time required (Treqd,III) for Phase III actions (i.e., equate the time required with the time available for Phase III actions).
: 4. Determine the time delay for Phase II (i.e., the time at which the minimum set of cues needed for the decision to abandon on LOC become available) (Tdelay,LOC).
: 5. Calculate the time available (Tavail,LOC) for Phase II (i.e., the decision to abandon).
: 6. Estimate the time required (Treqd,LOC) for Phase II and confirm the feasibility.
Iteration may be required (e.g., may want to allocated more time for Phase III to allow recoveries)
Overview of MCRA HRA                    Slide 32              Fire PRA Workshop 2019, Rockville, MD
 
Future Work The authors have developed guidance that is applicable to existing U.S. NPPs The authors also recognize that there may be changes to how NPPs prepare for MCRA In addition, there are topics that would benefit from future research (e.g., understanding and modeling operator reluctance)
In the meantime, concepts and tools developed for MCRA HRA are being used, expanded, and modified for use in other contexts (e.g., FLEX)
Overview of MCRA HRA          Slide 33      Fire PRA Workshop 2019, Rockville, MD
 
Course Outline Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Overview - Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Quantitative analysis (next training topic)
Recovery analysis Dependency analysis Uncertainty analysis Overview of MCRA HRA          Slide 34        Fire PRA Workshop 2019, Rockville, MD
 
BACKUP SLIDES Overview of MCRA HRA      Slide 35 Fire PRA Workshop 2019, Rockville, MD
 
Investigating Command and Control Issues for Main Control Room Abandonment Scenarios in Fire Events Stacey Hendrickson Sandia National Laboratories, Albuquerque, NM, USA John Wreathall John Wreathall & Co, Inc., Dublin, OH, USA Jeffrey Julius, Erin Collins, Kaydee Kohlhepp Gunter, Paul                                PSAM-HRAS Topical Conference 2017:
Amico JENSEN HUGHES, Rockville, MD, USA      Human Reliability, Quantitative Human Factors Susan Cooper, Tammie Rivera                                                  and Risk Management US Nuclear Regulatory Commission, Rockville, MD, USA Munich, Germany Mary Presley, Ashley Lindeman Electric Power Research Institute, Charlotte, NC, USA                                  June 7-9 2017
 
Project Outline HRA Guidelines for plant fire scenarios are addressed generally in NUREG-1921/EPRI 1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines (2012)
Main Control Room Abandonment (MCRA) is a special case for HRA
  - Only briefly addressed in NUREG-1921/EPRI 1023001 EPRI & NRC working jointly under Memorandum of Understanding (MOU) to develop guidance for HRA in MCRA events
  - Two stages: Qualitative guidance and quantitative guidance Currently qualitative guidance is being documented as Supplement 1 to NUREG-1921/EPRI 3002009215 Development of quantitative guidance is under way, to be documented as a joint EPRI/NRC technical report Overview of MCRA HRA                  Slide 37        Fire PRA Workshop 2019, Rockville, MD
 
Command & Control Command & Control (C&C)
      - Developed in military settings to describe need for a central body to make decisions and have them acted upon at a distance by distributed groups
      - Part of macrocognition not normally considered for In-Main Control Room (MCR) activities Decision maker (e.g., Shift Supervisor or Shift Manager) is co-located with crew members Communication and coordination is carried out face-to-face In-MCR actions highly trained and rehearsed so responses are often response-primed decisionmaking (RPD) (Klein)
      - Following abandonment of MCR (MCRA) because of plant fire Decision maker is physically separate from some/all crew members Communication and coordination requires radios/telephones/runners Little training and rehearsal for actions during and after abandonment Overview of MCRA HRA                      Slide 38            Fire PRA Workshop 2019, Rockville, MD
 
Functional Description of Macrocognition (Smalley, 2008)
Overview of MCRA HRA      Slide 39      Fire PRA Workshop 2019, Rockville, MD
 
Macrocognitive Differences between MCR Abandonment and Non-Abandonment for Fires During in-MCR Operations (typical plant)                          During MCRA Operations (typical plant)
Control room team, acting as a single                          Control room team distributed in plant areas centralized cognitive entity                                    -  Shift supervisor alone at RSDP
        -  Coordination with fire brigade and some plant area          -  Coordination with fire brigade and plant areas staff Single snapshots of plant information by Shared visual cues                                              individuals Plans and actions occasionally rehearsed, Well-rehearsed and tested plans and actions                      rarely tested
        -  Resources anticipated & available
                                                                          -  Some resources anticipated & available but complete
        -  Limited need for flexibility in response                        range untested
        -  Recognition-primed decision-making (RPD)                    -  Potential need for flexibility in response
                                                                          -  Non-RPD response Communications (mostly) face-to-face                            Communications mostly via radios, phones, Restricted interruptions during response                        etc.
period                                                        Potential for interruptions C&C is judged unlikely to be a significant cause of crew                                      C&C cannot be ignored as a failure                                      potential cause of crew failure Overview of MCRA HRA                                          Slide 40                        Fire PRA Workshop 2019, Rockville, MD
 
Communications Before abandonment, communications is (mostly) face-to-face and can be asynchronous - for example:
  - Operators know who is speaking; minimal problem of over-talking
  - Communications can be tightly coupled (i.e. closely coupled within the team)
Reported to be associated with good performance After abandonment, communications need to be structured and controlled by Shift Supervisor
  - Slows down interactions
  - Increases workload of supervisor
  - Communications less coupled
  - Interpretations of communications Overview of MCRA HRA                Slide 41        Fire PRA Workshop 2019, Rockville, MD
 
Differences in Control & Communications (after Moray)
Non-Abandonment                              Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data Overview of MCRA HRA        Slide 42                Fire PRA Workshop 2019, Rockville, MD
 
Evaluation of C&C Structure (Draft)
Identifying the person(s) leading the response, as well as each persons role and responsibility during and following MCRA Identifying where the person(s) leading the response will be located once outside the MCR Evaluating how communications are to be performed:
      - Physical processes, such as use of radios, sound-powered phones, or other means
      - Protocol, such as three-way communication, required reporting to Shift Supervisor (SS) when each step or task is performed, or waiting to report until a major function or system is restored Identifying how procedures will be used by the person(s) in charge and by the field operators
      - Example: Do field operators have their own written procedures in hand at plant locations or do they rely only on directions from person(s) in charge Identifying how many people require interaction and communication
      - Including plant staff and organizations beyond those needed only for safe shutdown Identifying how much communication will be required to satisfy all communication needs Identifying who, beyond the SS, is available to help address communication needs Overview of MCRA HRA                          Slide 43                Fire PRA Workshop 2019, Rockville, MD}}

Latest revision as of 11:54, 19 October 2019

04_18_Overview of Mcra HRA Guidance
ML19212A737
Person / Time
Issue date: 07/31/2019
From:
Office of Nuclear Regulatory Research
To:
D. Stroup 415-1649
Shared Package
ML19212A718 List:
References
Download: ML19212A737 (42)


Text

NRC-RES/EPRI FIRE PRA METHODOLOGY:

Overview: Fire HRA Guidance for Main Control Room Abandonment (MCRA)

Scenarios in Fire Events NRC-RES Fire PRA Workshop Module IV August 5-9, 2019 Rockville, MD

Outline of the Presentation Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Overview:

- Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Quantitative analysis Recovery analysis Dependency analysis Uncertainty analysis Overview of MCRA HRA Slide 2 Fire PRA Workshop 2019, Rockville, MD

Presentation Objectives Provide update and status on recent fire HRA research performed jointly by NRC-RES and EPRI Be aware of new resources for performing fire HRA for main control room abandonment (MCRA) scenarios Understand key differences between fire HRA in MCRA scenarios and that for non-MCRA scenarios such as:

- Qualitative analysis

- Feasibility assessment

- HFE identification & definition (along with PRA scenario development)

- Timing analysis

- Quantification No learning objectives; this presentation is a summary only of recently completed research. A more complete presentation may be developed later.

Overview of MCRA HRA Slide 3 Fire PRA Workshop 2019, Rockville, MD

Joint EPRI/NRC-RES Fire HRA Research:

Main Control Room Abandonment NUREG-1921/EPRI1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines was published in July 2012 Recognized MCRA is a special case for HRA and fire PRA Identified MCRA as an area requiring future research Industry introduced Frequently Asked Question (FAQ) 13-0002, Modeling of Main Control Room (MCR) Abandonment on Loss of Habitability in response to NRCs Requests for Additional Information (RAIs)

In 2015, EPRI & NRCs Office of Nuclear Regulatory Research (RES) started a project to develop guidance for HRA in MCRA scenarios, working jointly under Memorandum of Understanding (MOU)

To provide additional HRA/PRA guidance for MCRA scenarios To publish guidance as joint EPRI/NRC-RES report(s)

To publish guidance that supplements (not replaces) NUREG-1921 To address both loss of habitability (LOH) and loss of control (LOC)

Overview of MCRA HRA Slide 4 Fire PRA Workshop 2019, Rockville, MD

Technical Approach for Developing HRA/PRA Guidance for MCR Abandonment Scenarios Starting points for development:

- NUREG-1921

- Industry/NRC interactions related to FPRA-FAQ 13-0002

- NUREG/CR-6850

- NFPA-805 experience (both industry and NRC)

Guidance is intended for both HRA and PRA analysts Guidance is divided into two reports:

- Qualitative analysis - NUREG-1921, Supplement 1/EPRI 3002009215 Publicly available on EPRIs website (August 2017):

https://www.epri.com/#/pages/product/000000003002009215/

- Quantification - NUREG-1921, Supplement 2/EPRI 3002013023 Publicly available on EPRIs website (June 2019):

https://www.epri.com/#/pages/product/000000003002013023/?lang=en-US NRCs publication of Supplements 1 and 2 is forthcoming.

Overview of MCRA HRA Slide 5 Fire PRA Workshop 2019, Rockville, MD

Technical Approach (continued)

Both Supplements 1 and 2 have been subjected to multiple reviews, such as:

- ACRS PRA Subcommittee briefings Supplement 1 - May 4, 2016 Supplement 2 - April 4, 2018

- Peer reviews (with NRC and industry stakeholders, HRA/PRA experts, behavioral & cognitive scientists)

- Internal reviews (e.g., NRCs Office of Nuclear Reactor Regulation (NRR), RES management, EPRI management)

For MCRA scenarios, Supplements 1 and 2 should be used together with NUREG-1921

- Supplements 1 and 2 explicitly state where guidance is supplants any earlier guidance

- For some topics, Supplements 1 and 2 add to or replace guidance in NUREG/CR-6850 (e.g., definition of loss of control scenarios, HRA quantification)

Overview of MCRA HRA Slide 6 Fire PRA Workshop 2019, Rockville, MD

Roadmap to Supplement 1 - Qualitative Analysis Section 2 - Overview of MCRA HRA/PRA Section 3 - Modeling MCRA Scenarios in Fire PRA Section 4 - Analysis of the Decision to Abandon Section 5 - Identification & Definition of HFEs for MCRA Scenarios Section 6 - Feasibility Assessment for MCRA Scenarios Section 7 - Timing & Timelines for MCRA Scenarios Section 8 - Performance Shaping Factors for MCRA Scenarios Section 9 - Recovery, Dependency, & Uncertainty Appendix A - MCRA Regulatory Background, Historical Events.

Appendix B - Command & Control Appendix C - Guidance & Tips for MCRA Information Collection Overview of MCRA HRA Slide 7 Fire PRA Workshop 2019, Rockville, MD

Roadmap to Supplement 2 - HRA Quantification Guidance Section 2 - Development of Timing Parameters Used in MCRA HRA Quantification Section 3 - Phase I: Pre-Abandonment HFEs Section 4 - Phase II: Decision to Abandon Section 5 - Phase III: Actions Following the Decision to Abandon Section 6 - Recovery, Dependency, & Uncertainty Analysis Appendix A - Use of Experts & Expert Judgement.

Appendix B - Development of the Technical Approach for Phase II Appendix C - Development of the Technical Approach for Command & Control Appendix D - Considerations for Potential Future Quantification Approaches Overview of MCRA HRA Slide 8 Fire PRA Workshop 2019, Rockville, MD

Selected Topics from Supplement 1 - Qualitative Analysis Overview (or necessary mindset change for MCRA HRA)

PRA aspects Feasibility assessment Timelines Influencing factors Command and control Overview of MCRA HRA Slide 9 Fire PRA Workshop 2019, Rockville, MD

Overview (or HRA mindset change)

Purpose of Overview (Section 2) is to help readers understand why more & different qualitative analysis activities may be necessary to address MCRA scenarios Topics:

- Whats unique about MCRA contexts?

- Implications for HRA/PRA

- Whats different from NUREG-1921 for MCRA?

Pointers to appendices:

- Appendix A - background & historical events

- Appendix B - discussion of command and control

- Appendix C - guidance for collecting plant information for MCRA Overview of MCRA HRA Slide 10 Fire PRA Workshop 2019, Rockville, MD

Overview (or mindset change) (continued)

Whats unique about MCRA contexts (& why a different HRA mindset)?

- MCRA is a rare NPP event

- MCRA is a special case of fire HRA/PRA that does not build on internal events HRA/PRA

- Without MCR environment, emergency operation procedures (EOPs), etc., common HRA assumptions (e.g., all crew members working off same procedure and providing backup to other crew members) cannot be used for MCRA

- MCRA HRA/HRA must address variations (even within NPP type and vendor) in, for example:

Remote shutdown panel (RSDP) design & capabilities General plant design Procedure(s) & associated strategy taken for safe shutdown Overview of MCRA HRA Slide 11 Fire PRA Workshop 2019, Rockville, MD

Qualitative Guidance: PRA Aspects Expanded MCRA process and guidance from EPRI 1011989 / NUREG/CR-6850

- Fills gaps in existing methodology where additional guidance is needed Integrating HFEs and equipment failures in model Determine plant conditions when LOH or LOC may occur

- Entry criteria for LOH based on specific thresholds and calculated from fire modeling

- Entry criteria for LOC not well defined in current methodology Expanded LOC scenario definition

- Identified in MCRA procedure entry conditions or, more likely, through interviews with operations What loss of function and instrumentation would lead to shutdown using RSDP?

Identification is highly plant specific Overview of MCRA HRA Slide 12 Fire PRA Workshop 2019, Rockville, MD

Feasibility Assessment for MCRA NUREG-1921 established feasibility criteria for modeling HFEs in fire PRAs Four new types of guidance are discussed:

- Feasibility must be assessed on a scenario level, in addition to with respect to individual human failure events (HFEs)

- Two new criteria have been identified:

Must have a communications plan Must have a plan for command and control

- Some additional guidance on assessing existing criteria

- What to do if not feasible is not acceptable Discussed later under Interface with Operations Overview of MCRA HRA Slide 13 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines NUREG-1921 established a timeline for individual HFEs

- Guidance in NUREG-1921 can be applied to MCR abandonment HFEs For MCRA, timing is even more critical, so the supplementary guidance recommends:

- Developing scenario specific timelines that show who is doing what and when, all with respect to the same time origin

- Accounting for command, control, and coordination of tasks by various operators stationed at different locations

- Integrating the various different timing sources into a single timeline with the same time origin:

fire progression accident progression procedure progression and operator response Overview of MCRA HRA Slide 14 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines - Three Time Phases of MCRA Phase I - Time period before abandonment decision Phase II - Time period for the decision to abandon Phase III - Time period after abandon has been made Overview of MCRA HRA Slide 15 Fire PRA Workshop 2019, Rockville, MD

Timing and Timelines - Three Time Phases of MCRA Phase I - associated with actions taken before the decision to abandon Phase II - timing for the decision to abandon is plant-specific and requires agreement between plant operations, fire PRA modeling and fire HRA

- Typically, the team will need to define conditions which require abandonment and the time at which these conditions will exist. Good example of FPRA feedback to training and/or procedures.

Phase III - timeline accounts for execution time after leaving the MCR, the same as NUREG-1921

- Also addresses extra time required for command & control, coordination, and communications Overview of MCRA HRA Slide 16 Fire PRA Workshop 2019, Rockville, MD

Example of Integrated Timeline For MCRA Scenario There can be more than one representation of a timeline Overview of MCRA HRA Slide 17 Fire PRA Workshop 2019, Rockville, MD

Example of Integrated Timeline For MCRA Scenario Same scenario as previous example but this example shows timelines for individual PRA actions.

Overview of MCRA HRA Slide 18 Fire PRA Workshop 2019, Rockville, MD

Performance Shaping Factors (PSFs)

Guidance for evaluating PSFs primarily derived from:

- List of PSFs developed in NUREG-1921

- Experience of PRA analysts in identifying MCRA sequences modeled The following PSFs identified in NUREG-1921 are just as critical for MCRA (and in some cases, more so):

- Complexity - Time pressure and stress

- Crew dynamics - Human-machine interface

- Crew communications - Environment

- Cues and indications - Staffing and availability

- Procedures - Special equipment

- Training - Special fitness needs

- Timing However, what is important to HRA about these PSFs is that they may be different in MCRA than in other fire scenarios Overview of MCRA HRA Slide 19 Fire PRA Workshop 2019, Rockville, MD

Performance Shaping Factors (Continued)

In general, assessment of the PSFs for MCRA needs to consider:

- Decision to abandon the MCR

- Actions at the RSDP

- Local actions in the plant

- Command & control issues, including communication & coordination Guidance to the analyst in this section:

- Provides table of examples of the PSF impacts related to distinguishing features of MCRA scenarios

- Assists the analyst in determining which PSFs are the more significant contributors to the qualitative analysis of a particular MCRA scenario by identifying the contexts that make a PSF consequential, and why Content of these tables is considered preliminary Overview of MCRA HRA Slide 20 Fire PRA Workshop 2019, Rockville, MD

Command and Control (C&C)

Meta-PSF that describes the need for a central body of authority to make decisions but have them carried out by a distributed group C&C during in-MCR operations:

- Shift supervisor is aided by reactor operators (ROs) and shift technical advisor (STA), who are monitoring and providing information input

- Staff are co-located, allowing face-to-face communication and shared access to information in a relatively quiet atmosphere MCRA is more complex and person-in-charge must transition through a series of contexts:

- Decision to abandon the MCR

- Transition to the RSDP

- Communication of instructions to staff located elsewhere, sometimes based on reports of measurements from the field Overview of MCRA HRA Slide 21 Fire PRA Workshop 2019, Rockville, MD

Differences between MCRA and MCR operations -

communication paths, indications and controls Shift Supervisor (SS, in charge of C&C) cannot directly communicate with all operators; i.e., face-to-face, real time

- Figure shows dashed lines (rather than solid lines) to represent indirect communications (e.g., use of radios)

SS likely needs to communicate with more than the two operators (see next slide)

- However, for simplicity, the figure only shows two operators Unlike in the MCR, the SS can act (i.e., directly manipulate equipment)

Depending on the capability of the RSDP, the SS may be able to only indirectly (i.e., through communications with operators at local plant stations) manipulate equipment, obtain information, etc.

Overview of MCRA HRA Slide 22 Fire PRA Workshop 2019, Rockville, MD

Differences in Control & Communications (after Moray)

Non-Abandonment Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data A solid line represents direct interactions. For example, operator is located at the control station.

A dashes line represents indirect interactions. There maybe distance between the operators and/or plant. For example the SS maybe at the RSDP while the operator maybe elsewhere in the plant Overview of MCRA HRA Slide 24 Fire PRA Workshop 2019, Rockville, MD

Selected Topics from Supplement 2 - HRA Quantification Overview of MCRA HRA quantification Phase II quantification - decision to abandon Phase III quantification - after decision to abandon Timing inputs for MCRA HRA quantification (mostly Phase II)

Future work Overview of MCRA HRA Slide 25 Fire PRA Workshop 2019, Rockville, MD

Overview of MCRA HRA quantification MCRA HRA guidance is different depending on phase

- Phase I - before the decision to abandon

- Phase II - decision to abandon (explicitly modeled for LOC only)

- Phase III - after decision to abandon Each phase is characterized by:

- Location for operator actions

- Procedures used (i.e., EOPs versus MCRA safe shutdown)

- Location for command and control (C&C)

Focus for Supplement 2 MCRA HRA quantification guidance is on:

- Decision to abandon for LOC scenarios

- Phase III operator actions (after leaving the MCR), including impact of C&C Overview of MCRA HRA Slide 26 Fire PRA Workshop 2019, Rockville, MD

HRA quantification for decision to abandon for LOC scenarios Qualitative analysis is important, especially the feasibility assessment specific to decision to abandon, i.e.,

- Abandonment procedure must contain explicit guidance on cues for abandonment, OR

- A consensus opinion from operator interviews must match definition of LOC Quantification is based on qualitative insights from Supplement 1 (e.g., important performance shaping factors) & an expert panel Experts maintained that reluctance to leave MCR is primary driver, with procedures, training, & time available being moderating influences Appendix D in NUREG-1921 Supplement 2 discusses, generally, HRA challenges & state of knowledge for decisions with serious consequences Overview of MCRA HRA Slide 27 Fire PRA Workshop 2019, Rockville, MD

HEP quantification for decision to abandon on LOC Overview of MCRA HRA Slide 28 Fire PRA Workshop 2019, Rockville, MD

HRA quantification for operator actions after the decision to abandon Phase III operator actions should be treated the same way as HRA typically addresses operator actions, e.g.,

- Both cognition & execution contributions should be addressed (although there is typically no additional cognition for Phase III actions, given the decision to abandon has been made)

- Qualitative analysis & feasibility assessment should be performed Two new feasibility assessment criteria for Phase III (plus all criteria from NUREG-1921):

1. Need to have a communications plan
2. Need to have a C&C plan Command and Control failures in Phase III:

- Expert panel also identified the need to add a contribution from C&C sequencing failures in certain instances where the improper order or sequencing of operations leads to failure of an SSC

- Flowchart is used to determine if a C&C contribution should be added to other failure probabilities

- Two C&C sequencing failure probabilities (taken from NUREG-2199, IDHEAS at-power):

HEP = 1.9E-2, with compensating measures HEP = 9.4E-2, without compensating measures Overview of MCRA HRA Slide 29 Fire PRA Workshop 2019, Rockville, MD

Phase III C&C Sequencing Failures HEP = 1.9E-2 HEP = 9.4E-2 Overview of MCRA HRA Slide 30 Fire PRA Workshop 2019, Rockville, MD

Developing Timing Inputs for Phase II Supplement 2, Section 2 discusses development of timing inputs for all Phases, but emphasis is on inputs for Phase II (i.e., quantification tool for the decision to abandon for LOC scenarios)

Two main concerns for LOC scenarios:

- Estimating the time required for decision to abandon is difficult (since it is not usually trained on)

- Phase II (decision to abandon) and Phase III (after decision) share the same system time window Quantification tool for decision to abandon for LOC scenarios only requires time available for decision; estimation of time required is only needed to demonstrate feasibility Overview of MCRA HRA Slide 31 Fire PRA Workshop 2019, Rockville, MD

Developing Timing Inputs for Phase II (continued)

Steps for developing timing inputs is:

1. Calculate the system time window (TSW) for the overall MCRA scenario (i.e., for both Phase II and Phase III).
2. Develop the time required (Treqd,III) to perform the initial Phase III actions.
3. Set the time available for Phase III actions (Tavail,III) equal to the time required (Treqd,III) for Phase III actions (i.e., equate the time required with the time available for Phase III actions).
4. Determine the time delay for Phase II (i.e., the time at which the minimum set of cues needed for the decision to abandon on LOC become available) (Tdelay,LOC).
5. Calculate the time available (Tavail,LOC) for Phase II (i.e., the decision to abandon).
6. Estimate the time required (Treqd,LOC) for Phase II and confirm the feasibility.

Iteration may be required (e.g., may want to allocated more time for Phase III to allow recoveries)

Overview of MCRA HRA Slide 32 Fire PRA Workshop 2019, Rockville, MD

Future Work The authors have developed guidance that is applicable to existing U.S. NPPs The authors also recognize that there may be changes to how NPPs prepare for MCRA In addition, there are topics that would benefit from future research (e.g., understanding and modeling operator reluctance)

In the meantime, concepts and tools developed for MCRA HRA are being used, expanded, and modified for use in other contexts (e.g., FLEX)

Overview of MCRA HRA Slide 33 Fire PRA Workshop 2019, Rockville, MD

Course Outline Introduction to HRA Overview of the EPRI/NRC Fire HRA Guidelines Identification and definition of fire human failure events Qualitative analysis Overview - Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Quantitative analysis (next training topic)

Recovery analysis Dependency analysis Uncertainty analysis Overview of MCRA HRA Slide 34 Fire PRA Workshop 2019, Rockville, MD

BACKUP SLIDES Overview of MCRA HRA Slide 35 Fire PRA Workshop 2019, Rockville, MD

Investigating Command and Control Issues for Main Control Room Abandonment Scenarios in Fire Events Stacey Hendrickson Sandia National Laboratories, Albuquerque, NM, USA John Wreathall John Wreathall & Co, Inc., Dublin, OH, USA Jeffrey Julius, Erin Collins, Kaydee Kohlhepp Gunter, Paul PSAM-HRAS Topical Conference 2017:

Amico JENSEN HUGHES, Rockville, MD, USA Human Reliability, Quantitative Human Factors Susan Cooper, Tammie Rivera and Risk Management US Nuclear Regulatory Commission, Rockville, MD, USA Munich, Germany Mary Presley, Ashley Lindeman Electric Power Research Institute, Charlotte, NC, USA June 7-9 2017

Project Outline HRA Guidelines for plant fire scenarios are addressed generally in NUREG-1921/EPRI 1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines (2012)

Main Control Room Abandonment (MCRA) is a special case for HRA

- Only briefly addressed in NUREG-1921/EPRI 1023001 EPRI & NRC working jointly under Memorandum of Understanding (MOU) to develop guidance for HRA in MCRA events

- Two stages: Qualitative guidance and quantitative guidance Currently qualitative guidance is being documented as Supplement 1 to NUREG-1921/EPRI 3002009215 Development of quantitative guidance is under way, to be documented as a joint EPRI/NRC technical report Overview of MCRA HRA Slide 37 Fire PRA Workshop 2019, Rockville, MD

Command & Control Command & Control (C&C)

- Developed in military settings to describe need for a central body to make decisions and have them acted upon at a distance by distributed groups

- Part of macrocognition not normally considered for In-Main Control Room (MCR) activities Decision maker (e.g., Shift Supervisor or Shift Manager) is co-located with crew members Communication and coordination is carried out face-to-face In-MCR actions highly trained and rehearsed so responses are often response-primed decisionmaking (RPD) (Klein)

- Following abandonment of MCR (MCRA) because of plant fire Decision maker is physically separate from some/all crew members Communication and coordination requires radios/telephones/runners Little training and rehearsal for actions during and after abandonment Overview of MCRA HRA Slide 38 Fire PRA Workshop 2019, Rockville, MD

Functional Description of Macrocognition (Smalley, 2008)

Overview of MCRA HRA Slide 39 Fire PRA Workshop 2019, Rockville, MD

Macrocognitive Differences between MCR Abandonment and Non-Abandonment for Fires During in-MCR Operations (typical plant) During MCRA Operations (typical plant)

Control room team, acting as a single Control room team distributed in plant areas centralized cognitive entity - Shift supervisor alone at RSDP

- Coordination with fire brigade and some plant area - Coordination with fire brigade and plant areas staff Single snapshots of plant information by Shared visual cues individuals Plans and actions occasionally rehearsed, Well-rehearsed and tested plans and actions rarely tested

- Resources anticipated & available

- Some resources anticipated & available but complete

- Limited need for flexibility in response range untested

- Recognition-primed decision-making (RPD) - Potential need for flexibility in response

- Non-RPD response Communications (mostly) face-to-face Communications mostly via radios, phones, Restricted interruptions during response etc.

period Potential for interruptions C&C is judged unlikely to be a significant cause of crew C&C cannot be ignored as a failure potential cause of crew failure Overview of MCRA HRA Slide 40 Fire PRA Workshop 2019, Rockville, MD

Communications Before abandonment, communications is (mostly) face-to-face and can be asynchronous - for example:

- Operators know who is speaking; minimal problem of over-talking

- Communications can be tightly coupled (i.e. closely coupled within the team)

Reported to be associated with good performance After abandonment, communications need to be structured and controlled by Shift Supervisor

- Slows down interactions

- Increases workload of supervisor

- Communications less coupled

- Interpretations of communications Overview of MCRA HRA Slide 41 Fire PRA Workshop 2019, Rockville, MD

Differences in Control & Communications (after Moray)

Non-Abandonment Abandonment Key RD - request data CF - confirmation RC - request confirmation C - command T - tell data Overview of MCRA HRA Slide 42 Fire PRA Workshop 2019, Rockville, MD

Evaluation of C&C Structure (Draft)

Identifying the person(s) leading the response, as well as each persons role and responsibility during and following MCRA Identifying where the person(s) leading the response will be located once outside the MCR Evaluating how communications are to be performed:

- Physical processes, such as use of radios, sound-powered phones, or other means

- Protocol, such as three-way communication, required reporting to Shift Supervisor (SS) when each step or task is performed, or waiting to report until a major function or system is restored Identifying how procedures will be used by the person(s) in charge and by the field operators

- Example: Do field operators have their own written procedures in hand at plant locations or do they rely only on directions from person(s) in charge Identifying how many people require interaction and communication

- Including plant staff and organizations beyond those needed only for safe shutdown Identifying how much communication will be required to satisfy all communication needs Identifying who, beyond the SS, is available to help address communication needs Overview of MCRA HRA Slide 43 Fire PRA Workshop 2019, Rockville, MD