ML19212A737: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:}} | {{#Wiki_filter:NRC-RES Fire PRA WorkshopModule IVAugust 5-9, 2019Rockville, MDNRC-RES/EPRI FIRE PRA METHODOLOGY:Overview: Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Overview of MCRA HRASlide 2Fire PRA Workshop 2019, Rockville, MDOutline of the PresentationIntroduction to HRAOverview of the EPRI/NRC Fire HRA GuidelinesIdentification and definition of fire human failure eventsQualitative analysisOverview: | ||
-Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire EventsQuantitative analysisRecovery analysisDependency analysisUncertainty analysis Overview of MCRA HRASlide 3Fire PRA Workshop 2019, Rockville, MDPresentation ObjectivesProvide update and status on recent fire HRA research performed jointly by NRC | |||
-RES and EPRIBe aware of new resources for performing fire HRA for main control room abandonment (MCRA) scenariosUnderstand key differences between fire HRA in MCRA scenarios and that for non | |||
-MCRA scenarios such as: | |||
-Qualitative analysis | |||
-Feasibility assessment | |||
-HFE identification & definition (along with PRA scenario development) | |||
-Timing analysis | |||
-QuantificationNo learning objectives; this presentation is a summary only of recently completed research. A more complete presentation may be developed later. | |||
Overview of MCRA HRASlide 4Fire PRA Workshop 2019, Rockville, MDJoint EPRI/NRC | |||
-RES Fire HRA Research:Main Control Room AbandonmentNUREG-1921/EPRI1023001, EPRI/NRC | |||
-RES Fire Human Reliability Analysis Guidelines was published in July 2012Recognized MCRA is a special case for HRA and fire PRAIdentified MCRA as an area requiring future researchIndustry introduced Frequently Asked Question (FAQ) 13 | |||
-0002, "Modeling of Main Control Room (MCR) Abandonment on Loss of Habitability" in response to NRC's Requests for Additional Information (RAIs)In 2015, EPRI & NRC's Office of Nuclear Regulatory Research (RES) started a project to develop guidance for HRA in MCRA scenarios, working jointly under Memorandum of Understanding (MOU) To provide additional HRA/PRA guidance for MCRA scenariosTo publish guidance as joint EPRI/NRC | |||
-RES report(s) To publish guidance that supplements (not replaces) NUREG | |||
-1921To address both loss of habitability (LOH) and loss of control (LOC) | |||
Overview of MCRA HRASlide 5Fire PRA Workshop 2019, Rockville, MDTechnical Approach for Developing HRA/PRA Guidance for MCR Abandonment ScenariosStarting points for development: | |||
-NUREG-1921-Industry/NRC interactions related to FPRA | |||
-FAQ 13-0002 -NUREG/CR-6850-NFPA-805 experience (both industry and NRC)Guidance is intended for both HRA andPRA analystsGuidance is divided into two reports: | |||
-Qualitative analysis | |||
-NUREG-1921, Supplement 1/EPRI 3002009215Publicly available on EPRI's website (August 2017):https://www.epri.com/#/pages/product/000000003002009215/ | |||
-Quantification | |||
-NUREG-1921, Supplement 2/EPRI 3002013023Publicly available on EPRI's website (June 2019):https://www.epri.com/#/pages/product/000000003002013023/?lang=en | |||
-USNRC's publication of Supplements 1 and 2 is forthcoming. | |||
Overview of MCRA HRASlide 6Fire PRA Workshop 2019, Rockville, MDTechnical Approach (continued)Both Supplements 1 and 2 have been subjected to multiple reviews, such as: | |||
-ACRS PRA Subcommittee briefingsSupplement 1 | |||
-May 4, 2016Supplement 2 | |||
-April 4, 2018 | |||
-Peer reviews (with NRC and industry stakeholders, HRA/PRA experts, behavioral & cognitive scientists) | |||
-Internal reviews (e.g., NRC's Office of Nuclear Reactor Regulation (NRR), RES management, EPRI management)For MCRA scenarios, Supplements 1 and 2 should be used together with NUREG | |||
-1921-Supplements 1 and 2 explicitly state where guidance is supplants any earlier guidance | |||
-For some topics, Supplements 1 and 2 add to or replace guidance in NUREG/CR-6850 (e.g., definition of loss of control scenarios, HRA quantification) | |||
Overview of MCRA HRASlide 7Fire PRA Workshop 2019, Rockville, MDRoadmap to Supplement 1 | |||
-Qualitative AnalysisSection 2 | |||
-Overview of MCRA HRA/PRASection 3 | |||
-Modeling MCRA Scenarios in Fire PRASection 4 | |||
-Analysis of the Decision to AbandonSection 5 | |||
-Identification & Definition of HFEs for MCRAScenariosSection 6 | |||
-Feasibility Assessment for MCRA ScenariosSection 7 | |||
-Timing & Timelines for MCRA ScenariosSection 8 | |||
-Performance Shaping Factors for MCRAScenariosSection 9 | |||
-Recovery, Dependency, & UncertaintyAppendix A | |||
-MCRA Regulatory Background, Historical Events-.Appendix B | |||
-Command & ControlAppendix C | |||
-Guidance & Tips for MCRA Information Collection Overview of MCRA HRASlide 8Fire PRA Workshop 2019, Rockville, MDRoadmap to Supplement 2 | |||
-HRA Quantification GuidanceSection 2 | |||
-Development of Timing Parameters Used in MCRA HRA Quantification Section 3 | |||
-Phase I: Pre | |||
-Abandonment HFEsSection 4 | |||
-Phase II: Decision to AbandonSection 5 | |||
-Phase III: Actions Following the Decision to AbandonSection 6 | |||
-Recovery, Dependency, & Uncertainty AnalysisAppendix A | |||
-Use of Experts & Expert Judgement-.Appendix B | |||
-Development of the Technical Approach for Phase II-Appendix C | |||
-Development of the Technical Approach for Command & Control-Appendix D | |||
-Considerations for Potential Future Quantification Approaches-Overview of MCRA HRASlide 9Fire PRA Workshop 2019, Rockville, MDSelected Topics from Supplement 1 | |||
-Qualitative AnalysisOverview (or necessary mindset change for MCRA HRA)PRA aspectsFeasibility assessmentTimelinesInfluencing factors Command and control Overview of MCRA HRASlide 10Fire PRA Workshop 2019, Rockville, MDOverview (or HRA mindset change)Purpose of "Overview" (Section 2) is to help readers understand why more & different qualitative analysis activities may be necessary to address MCRA scenariosTopics:-What's unique about MCRA contexts? | |||
-Implications for HRA/PRA | |||
-What's different from NUREG | |||
-1921 for MCRA?Pointers to appendices: | |||
-Appendix A | |||
-background & historical events | |||
-Appendix B | |||
-discussion of command and control | |||
-Appendix C | |||
-guidance for collecting plant information for MCRA Overview of MCRA HRASlide 11Fire PRA Workshop 2019, Rockville, MDOverview (or mindset change) (continued)What's unique about MCRA contexts (& why a different HRA mindset)? | |||
-MCRA is a rare NPP event | |||
-MCRA is a special case of fire HRA/PRA that does not build on internal events HRA/PRA | |||
-Without MCR environment, emergency operation procedures (EOPs), etc., common HRA assumptions (e.g., all crew members working off same procedure and providing backup to other crew members) cannot be used for MCRA | |||
-MCRA HRA/HRA must address variations (even within NPP type and vendor) in, for example:Remote shutdown panel (RSDP) design & capabilitiesGeneral plant designProcedure(s) & associated strategy taken for safe shutdown Overview of MCRA HRASlide 12Fire PRA Workshop 2019, Rockville, MDQualitative Guidance: PRA AspectsExpanded MCRA process and guidance fromEPRI 1011989 / NUREG/CR | |||
-6850-Fills gaps in existing methodology where additional guidance is neededIntegrating HFEs and equipment failures in model Determine plant conditions when LOH or LOC may occur | |||
-Entry criteria for LOH based on specific thresholds and calculated from fire modeling | |||
-Entry criteria for LOC not well defined in current methodologyExpanded LOC scenario definition | |||
-Identified in MCRA procedure entry conditions or, more likely, through interviews with operationsWhat loss of function and instrumentation would lead to shutdown using RSDP?Identification is highly plant specific Overview of MCRA HRASlide 13Fire PRA Workshop 2019, Rockville, MDFeasibility Assessment for MCRANUREG-1921 established feasibility criteria for modeling HFEs in fire PRAsFour new types of guidance are discussed: | |||
-Feasibility must be assessed on a scenario level, in addition to with respect to individual human failure events (HFEs) | |||
-Two new criteria have been identified:Must have a communications planMust have a plan for command and control | |||
-Some additional guidance on assessing existing criteria | |||
-What to do if "not feasible" is not acceptableDiscussed later under Interface with Operations Overview of MCRA HRASlide 14Fire PRA Workshop 2019, Rockville, MDTiming and TimelinesNUREG-1921 established a timeline for individual HFEs | |||
-Guidance in NUREG | |||
-1921 can be applied to MCR abandonment HFEsFor MCRA, timing is even more critical, so the supplementary guidance recommends: | |||
-Developing scenario specific timelines that show who is doing what and when, all with respect to the same time origin | |||
-Accounting for command, control, and coordination of tasks by various operators stationed at different locations | |||
-Integrating the various different timing sources into a single timeline with the same time origin:fire progressionaccident progressionprocedure progression and operator response Overview of MCRA HRASlide 15Fire PRA Workshop 2019, Rockville, MDTiming and Timelines | |||
-Three Time Phases of MCRAPhase I -Time period before abandonment decisionPhase II -Time period for the decision to abandonPhase III | |||
-Time period after abandon has been made Overview of MCRA HRASlide 16Fire PRA Workshop 2019, Rockville, MDTiming and Timelines | |||
-Three Time Phases of MCRAPhase I -associated with actions taken before the decision to abandonPhase II -timing for the decision to abandon is plant | |||
-specific and requires agreement between plant operations, fire PRA modeling and fire HRA | |||
-Typically, the team will need to define conditions which require abandonment and the time at which these conditions will exist. Good example of FPRA feedback to training and/or procedures.Phase III | |||
-timeline accounts for execution time after leaving the MCR, the same as NUREG | |||
-1921-Also addresses extra time required for command & control, coordination, and communications Overview of MCRA HRASlide 17Fire PRA Workshop 2019, Rockville, MDExample of Integrated Timeline For MCRA ScenarioThere can be more than one representation of a timeline Overview of MCRA HRASlide 18Fire PRA Workshop 2019, Rockville, MDExample of Integrated Timeline For MCRA ScenarioSame scenario as previous example but this example shows timelines for individual PRA actions. | |||
Overview of MCRA HRASlide 19Fire PRA Workshop 2019, Rockville, MDPerformance Shaping Factors (PSFs)Guidance for evaluating PSFs primarily derived from: | |||
-List of PSFs developed in NUREG | |||
-1921 -Experience of PRA analysts in identifying MCRA sequences modeledThe following PSFs identified in NUREG | |||
-1921 are just as critical for MCRA (and in some cases, more so): | |||
-Complexity | |||
-Time pressure and stress | |||
-Crew dynamics | |||
-Human-machine interface | |||
-Crew communications | |||
-Environment | |||
-Cues and indications | |||
-Staffing and availability | |||
-Procedures | |||
-Special equipment | |||
-Training -Special fitness needs | |||
-TimingHowever, what is important to HRA about these PSFs is that they may be different in MCRA than in other fire scenarios Overview of MCRA HRASlide 20Fire PRA Workshop 2019, Rockville, MDPerformance Shaping Factors (Continued)In general, assessment of the PSFs for MCRA needs to consider: | |||
-Decision to abandon the MCR | |||
-Actions at the RSDP | |||
-Local actions in the plant | |||
-Command & control issues, including communication & coordinationGuidance to the analyst in this section: | |||
-Provides table of examples of the PSF impacts related to distinguishing features of MCRA scenarios | |||
-Assists the analyst in determining which PSFs are the more significant contributors to the qualitative analysis of a particular MCRA scenario by identifying the contexts that make a PSF consequential, and whyContent of these tables is considered preliminary Overview of MCRA HRASlide 21Fire PRA Workshop 2019, Rockville, MDCommand and Control (C&C)"Meta-PSF" that describes the need for a central body of authority to make decisions but have them carried out by a distributed groupC&C during in | |||
-MCR operations: | |||
-Shift supervisor is aided by reactor operators (ROs) and shift technical advisor (STA), who are monitoring and providing information input | |||
-Staff are co | |||
-located, allowing face | |||
-to-face communication and shared access to information in a relatively quiet atmosphereMCRA is more complex and person | |||
-in-charge must transition through a series of contexts: | |||
-Decision to abandon the MCR | |||
-Transition to the RSDP | |||
-Communication of instructions to staff located elsewhere, sometimes based on reports of measurements from the field Overview of MCRA HRASlide 22Fire PRA Workshop 2019, Rockville, MDDifferences between MCRA and MCR operations | |||
-communication paths, indications and controlsShift Supervisor (SS, in charge of C&C) cannot directly communicate with all operators; i.e., face | |||
-to-face, real time | |||
-Figure shows dashed lines (rather than solid lines) to represent "indirect communications" (e.g., use of radios)SS likely needs to communicate with more than the two operators (see next slide) | |||
-However, for simplicity, the figure only shows two operatorsUnlike in the MCR, the SS can "act" (i.e., directly manipulate equipment)Depending on the capability of the RSDP, the SS may be able to only indirectly (i.e., through communications with operators at local plant stations) manipulate equipment, obtain information, etc. | |||
Overview of MCRA HRASlide 24Fire PRA Workshop 2019, Rockville, MDDifferences in Control & Communications (after Moray)Non-AbandonmentAbandonment RD -request dataCF -confirmation RC -request confirmation C -command T -tell dataKeyA solid line represents direct interactions. For example, operator is located at the control station. A dashes line represents indirect interactions. There maybe distance between the operators and/or plant. For example the SS maybe at the RSDP while the operator maybe elsewhere in the plant Overview of MCRA HRASlide 25Fire PRA Workshop 2019, Rockville, MDSelected Topics from Supplement 2 | |||
-HRA QuantificationOverview of MCRA HRA quantificationPhase II quantification | |||
-decision to abandonPhase III quantification | |||
-after decision to abandonTiming inputs for MCRA HRA quantification (mostly Phase II)Future work Overview of MCRA HRASlide 26Fire PRA Workshop 2019, Rockville, MDOverview of MCRA HRA quantificationMCRA HRA guidance is different depending on phase | |||
-Phase I -before the decision to abandon | |||
-Phase II -decision to abandon (explicitly modeled for LOC only) | |||
-Phase III | |||
-after decision to abandonEach phase is characterized by: | |||
-Location for operator actions | |||
-Procedures used (i.e., EOPs versus MCRA safe shutdown) | |||
-Location for command and control (C&C)Focus for Supplement 2 MCRA HRA quantification guidance is on:-Decision to abandon for LOC scenarios | |||
-Phase III operator actions (after leaving the MCR), including impact of C&C Overview of MCRA HRASlide 27Fire PRA Workshop 2019, Rockville, MDHRA quantification for decision to abandon for LOC scenariosQualitative analysis is important, especially the feasibility assessment specific to decision to abandon, i.e.,-Abandonment procedure must contain explicit guidance on "cues" for abandonment, OR-A consensus opinion from operator interviews must match definition of LOCQuantification is based on qualitative insights from Supplement 1 (e.g., important performance shaping factors)& an expert panelExperts maintained that reluctance to leave MCR is primary driver, with procedures, training, & time available being moderating influencesAppendix D in NUREG | |||
-1921 Supplement 2 discusses, generally, HRA challenges & state of knowledge for decisions with serious consequences Overview of MCRA HRASlide 28Fire PRA Workshop 2019, Rockville, MDHEP quantification for decision to abandon on LOC Overview of MCRA HRASlide 29Fire PRA Workshop 2019, Rockville, MDHRA quantification for operator actions after the decision to abandonPhase III operator actions should be treated the same way as HRA typically addresses operator actions, e.g., -Both cognition & execution contributions should be addressed (although there is typically no additional cognition for Phase III actions, given the decision to abandon has been made) | |||
-Qualitative analysis & feasibility assessment should be performedTwo new feasibility assessment criteria for Phase III (plus all criteria from NUREG | |||
-1921): 1.Need to have a communications plan 2.Need to have a C&C planCommand and Control failures in Phase III: | |||
-Expert panel also identified the need to adda contribution from "C&C sequencing failures" in certain instances where the improper order or sequencing of operations leads to failure of an SSC-Flowchart is used to determine if a C&C contribution should be added to other failure probabilities | |||
-Two C&C sequencing failure probabilities (taken from NUREG | |||
-2199, IDHEAS at | |||
-power):HEP = 1.9E | |||
-2, with compensating measuresHEP = 9.4E | |||
-2, withoutcompensating measures Overview of MCRA HRASlide 30Fire PRA Workshop 2019, Rockville, MDPhase III C&C Sequencing FailuresHEP = 1.9E | |||
-2HEP = 9.4E | |||
-2 Overview of MCRA HRASlide 31Fire PRA Workshop 2019, Rockville, MDDeveloping Timing Inputs for Phase IISupplement 2, Section 2 discusses development of timing inputs for all Phases, but emphasis is on inputs for Phase II (i.e., quantification tool for the decision to abandon for LOC scenarios)Two main concerns for LOC scenarios: | |||
-Estimating the time required for decision to abandon is difficult (since it is not usually trained on) | |||
-Phase II (decision to abandon) and Phase III (after decision) share the same system time windowQuantification tool for decision to abandon for LOC scenarios only requires time available for decision; estimation of time required is only needed to demonstrate feasibility Overview of MCRA HRASlide 32Fire PRA Workshop 2019, Rockville, MDDeveloping Timing Inputs for Phase II (continued)Steps for developing timing inputs is: | |||
1.Calculate the system time window (T SW) for the overall MCRA scenario (i.e., for both Phase II and Phase III). | |||
2.Develop the time required (Treqd,III) to perform the initial Phase III actions.3.Set the time available for Phase III actions (Tavail,III) equal to the time required (Treqd,III) for Phase III actions (i.e., equate the time required with the time available for Phase III actions). | |||
4.Determine the time delay for Phase II (i.e., the time at which the minimumset ofcuesneeded for the decision to abandon on LOC become available) (Tdelay,LOC). 5.Calculate the time available (Tavail,LOC) for Phase II (i.e., the decision to abandon). | |||
6.Estimate the time required (Treqd,LOC) for Phase II and confirm the feasibility.Iteration may be required (e.g., may want to allocated more time for Phase III to allow recoveries) | |||
Overview of MCRA HRASlide 33Fire PRA Workshop 2019, Rockville, MDFuture WorkThe authors have developed guidance that is applicable to existing U.S. NPPsThe authors also recognize that there may be changes to how NPPs prepare for MCRAIn addition, there are topics that would benefit from future research (e.g., understanding and modeling operator "reluctance")In the meantime, concepts and tools developed for MCRA HRA are being used, expanded, and modified for use in other contexts (e.g., FLEX) | |||
Overview of MCRA HRASlide 34Fire PRA Workshop 2019, Rockville, MDCourse OutlineIntroduction to HRAOverview of the EPRI/NRC Fire HRA GuidelinesIdentification and definition of fire human failure eventsQualitative analysisOverview -Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire EventsQuantitative analysis (next training topic)Recovery analysisDependency analysisUncertainty analysis Overview of MCRA HRASlide 35Fire PRA Workshop 2019, Rockville, MDBACKUP SLIDES Stacey HendricksonSandia National Laboratories, Albuquerque, NM, USAJohn Wreathall John Wreathall & Co, Inc., Dublin, OH, USAJeffrey Julius, Erin Collins, Kaydee Kohlhepp Gunter, Paul AmicoJENSEN HUGHES, Rockville, MD, USASusan Cooper, Tammie Rivera US Nuclear Regulatory Commission, Rockville, MD, USA Mary Presley, Ashley LindemanElectric Power Research Institute, Charlotte, NC, USAInvestigating Command and Control Issues for Main Control Room Abandonment Scenarios in Fire Events PSAM-HRAS Topical Conference 2017:Human Reliability, Quantitative Human Factors and Risk ManagementMunich, GermanyJune 7-9 2017 Overview of MCRA HRASlide 37Fire PRA Workshop 2019, Rockville, MDProject OutlineHRA Guidelines for plant fire scenarios are addressed generally in NUREG | |||
-1921/EPRI 1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines (2012) Main Control Room Abandonment (MCRA) is a special case for HRA-Only briefly addressed in NUREG | |||
-1921/EPRI 1023001EPRI & NRC working jointly under Memorandum of Understanding (MOU) to develop guidance for HRA in MCRA events | |||
-Two stages: Qualitative guidance and quantitative guidanceCurrently qualitative guidance is being documented as Supplement 1 to NUREG | |||
-1921/EPRI 3002009215Development of quantitative guidance is under way, to be documented as a joint EPRI/NRC technical report Overview of MCRA HRASlide 38Fire PRA Workshop 2019, Rockville, MDCommand & ControlCommand & Control (C&C) | |||
-Developed in military settings to describe need for a central body to make decisions and have them acted upon at a distance by distributed groups | |||
-Part of macrocognitionnot normally considered for In | |||
-Main Control Room (MCR) activitiesDecision maker (e.g., Shift Supervisor or Shift Manager) is co | |||
-located with crew membersCommunication and coordination is carried out face | |||
-to-faceIn-MCR actions highly trained and rehearsedso responses are often "response | |||
-primed decisionmaking" (RPD) (Klein) | |||
-Following abandonment of MCR (MCRA) because of plant fireDecision maker is physically separate from some/all crew membersCommunication and coordination requires radios/telephones/runnersLittle training and rehearsal for actions during and after abandonment Overview of MCRA HRASlide 39Fire PRA Workshop 2019, Rockville, MDFunctional Description of Macrocognition(Smalley, 2008) | |||
Overview of MCRA HRASlide 40Fire PRA Workshop 2019, Rockville, MDMacrocognitive Differences between MCR Abandonment and Non | |||
-Abandonment for FiresDuring in-MCR Operations (typical plant)Control room team, acting as a single centralized "cognitive entity" | |||
-Coordination with fire brigade and some plant area staffShared visual cuesWell-rehearsed and tested plans and actions | |||
-Resources anticipated & available | |||
-Limited need for flexibility in response | |||
-Recognition | |||
-primed decision | |||
-making (RPD)Communications (mostly) face | |||
-to-faceRestricted interruptions during response periodDuring MCRA Operations (typical plant)Control room team distributed in plant areas | |||
-Shift supervisor alone at RSDP | |||
-Coordination with fire brigade and plant areasSingle snapshots of plant information by individualsPlans and actions occasionally rehearsed, rarely tested | |||
-Some resources anticipated & available but complete range untested | |||
-Potential need for flexibility in response | |||
-Non-RPD responseCommunications mostly via radios, phones, etc.Potential for interruptions C&C is judged unlikely to be a significant cause of crew failureC&C cannot be ignored as a potential cause of crew failure Overview of MCRA HRASlide 41Fire PRA Workshop 2019, Rockville, MDCommunicationsBefore abandonment, communications is (mostly) face | |||
-to-face and can be asynchronous | |||
-for example: | |||
-Operators know who is speaking; minimal problem of over | |||
-talking-Communications can be tightly coupled (i.e. closely coupled within the team)Reported to be associated with good performanceAfter abandonment, communications need to be structured and controlled by Shift Supervisor | |||
-Slows down interactions | |||
-Increases workload of supervisor | |||
-Communications less coupled | |||
-Interpretations of communications Overview of MCRA HRASlide 42Fire PRA Workshop 2019, Rockville, MDDifferences in Control & Communications (after Moray)Non-AbandonmentAbandonment RD -request dataCF -confirmation RC -request confirmation C -command T -tell dataKey Overview of MCRA HRASlide 43Fire PRA Workshop 2019, Rockville, MDEvaluation of C&C Structure (Draft)Identifying the person(s) leading the response, as well as each person's role and responsibility during and following MCRAIdentifying where the person(s) leading the response will be located once outside the MCREvaluating how communications are to be performed: | |||
-Physical processes, such as use of radios, sound | |||
-powered phones, or other means | |||
-Protocol, such as three | |||
-way communication, required reporting to Shift Supervisor (SS) when each step or task is performed, or waiting to report until a major function or system is restoredIdentifying how procedures will be used by the person(s) in charge and by the field operators | |||
-Example: Do field operators have their own written procedures in hand at plant locations or do they rely only on directions from person(s) in chargeIdentifying how many people require interaction and communication | |||
-Including plant staff and organizations beyond those needed only for safe shutdownIdentifying how much communication will be required to satisfy allcommunication needsIdentifying who, beyond the SS, is available to help address communication needs}} |
Revision as of 08:31, 5 September 2019
ML19212A737 | |
Person / Time | |
---|---|
Issue date: | 07/31/2019 |
From: | Office of Nuclear Regulatory Research |
To: | |
D. Stroup 415-1649 | |
Shared Package | |
ML19212A718 | List: |
References | |
Download: ML19212A737 (42) | |
Text
NRC-RES Fire PRA WorkshopModule IVAugust 5-9, 2019Rockville, MDNRC-RES/EPRI FIRE PRA METHODOLOGY:Overview: Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire Events Overview of MCRA HRASlide 2Fire PRA Workshop 2019, Rockville, MDOutline of the PresentationIntroduction to HRAOverview of the EPRI/NRC Fire HRA GuidelinesIdentification and definition of fire human failure eventsQualitative analysisOverview:
-Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire EventsQuantitative analysisRecovery analysisDependency analysisUncertainty analysis Overview of MCRA HRASlide 3Fire PRA Workshop 2019, Rockville, MDPresentation ObjectivesProvide update and status on recent fire HRA research performed jointly by NRC
-RES and EPRIBe aware of new resources for performing fire HRA for main control room abandonment (MCRA) scenariosUnderstand key differences between fire HRA in MCRA scenarios and that for non
-MCRA scenarios such as:
-Qualitative analysis
-Feasibility assessment
-HFE identification & definition (along with PRA scenario development)
-Timing analysis
-QuantificationNo learning objectives; this presentation is a summary only of recently completed research. A more complete presentation may be developed later.
Overview of MCRA HRASlide 4Fire PRA Workshop 2019, Rockville, MDJoint EPRI/NRC
-RES Fire HRA Research:Main Control Room AbandonmentNUREG-1921/EPRI1023001, EPRI/NRC
-RES Fire Human Reliability Analysis Guidelines was published in July 2012Recognized MCRA is a special case for HRA and fire PRAIdentified MCRA as an area requiring future researchIndustry introduced Frequently Asked Question (FAQ) 13
-0002, "Modeling of Main Control Room (MCR) Abandonment on Loss of Habitability" in response to NRC's Requests for Additional Information (RAIs)In 2015, EPRI & NRC's Office of Nuclear Regulatory Research (RES) started a project to develop guidance for HRA in MCRA scenarios, working jointly under Memorandum of Understanding (MOU) To provide additional HRA/PRA guidance for MCRA scenariosTo publish guidance as joint EPRI/NRC
-RES report(s) To publish guidance that supplements (not replaces) NUREG
-1921To address both loss of habitability (LOH) and loss of control (LOC)
Overview of MCRA HRASlide 5Fire PRA Workshop 2019, Rockville, MDTechnical Approach for Developing HRA/PRA Guidance for MCR Abandonment ScenariosStarting points for development:
-NUREG-1921-Industry/NRC interactions related to FPRA
-FAQ 13-0002 -NUREG/CR-6850-NFPA-805 experience (both industry and NRC)Guidance is intended for both HRA andPRA analystsGuidance is divided into two reports:
-Qualitative analysis
-NUREG-1921, Supplement 1/EPRI 3002009215Publicly available on EPRI's website (August 2017):https://www.epri.com/#/pages/product/000000003002009215/
-Quantification
-NUREG-1921, Supplement 2/EPRI 3002013023Publicly available on EPRI's website (June 2019):https://www.epri.com/#/pages/product/000000003002013023/?lang=en
-USNRC's publication of Supplements 1 and 2 is forthcoming.
Overview of MCRA HRASlide 6Fire PRA Workshop 2019, Rockville, MDTechnical Approach (continued)Both Supplements 1 and 2 have been subjected to multiple reviews, such as:
-ACRS PRA Subcommittee briefingsSupplement 1
-May 4, 2016Supplement 2
-April 4, 2018
-Peer reviews (with NRC and industry stakeholders, HRA/PRA experts, behavioral & cognitive scientists)
-Internal reviews (e.g., NRC's Office of Nuclear Reactor Regulation (NRR), RES management, EPRI management)For MCRA scenarios, Supplements 1 and 2 should be used together with NUREG
-1921-Supplements 1 and 2 explicitly state where guidance is supplants any earlier guidance
-For some topics, Supplements 1 and 2 add to or replace guidance in NUREG/CR-6850 (e.g., definition of loss of control scenarios, HRA quantification)
Overview of MCRA HRASlide 7Fire PRA Workshop 2019, Rockville, MDRoadmap to Supplement 1
-Qualitative AnalysisSection 2
-Overview of MCRA HRA/PRASection 3
-Modeling MCRA Scenarios in Fire PRASection 4
-Analysis of the Decision to AbandonSection 5
-Identification & Definition of HFEs for MCRAScenariosSection 6
-Feasibility Assessment for MCRA ScenariosSection 7
-Timing & Timelines for MCRA ScenariosSection 8
-Performance Shaping Factors for MCRAScenariosSection 9
-Recovery, Dependency, & UncertaintyAppendix A
-MCRA Regulatory Background, Historical Events-.Appendix B
-Command & ControlAppendix C
-Guidance & Tips for MCRA Information Collection Overview of MCRA HRASlide 8Fire PRA Workshop 2019, Rockville, MDRoadmap to Supplement 2
-HRA Quantification GuidanceSection 2
-Development of Timing Parameters Used in MCRA HRA Quantification Section 3
-Phase I: Pre
-Abandonment HFEsSection 4
-Phase II: Decision to AbandonSection 5
-Phase III: Actions Following the Decision to AbandonSection 6
-Recovery, Dependency, & Uncertainty AnalysisAppendix A
-Use of Experts & Expert Judgement-.Appendix B
-Development of the Technical Approach for Phase II-Appendix C
-Development of the Technical Approach for Command & Control-Appendix D
-Considerations for Potential Future Quantification Approaches-Overview of MCRA HRASlide 9Fire PRA Workshop 2019, Rockville, MDSelected Topics from Supplement 1
-Qualitative AnalysisOverview (or necessary mindset change for MCRA HRA)PRA aspectsFeasibility assessmentTimelinesInfluencing factors Command and control Overview of MCRA HRASlide 10Fire PRA Workshop 2019, Rockville, MDOverview (or HRA mindset change)Purpose of "Overview" (Section 2) is to help readers understand why more & different qualitative analysis activities may be necessary to address MCRA scenariosTopics:-What's unique about MCRA contexts?
-Implications for HRA/PRA
-What's different from NUREG
-1921 for MCRA?Pointers to appendices:
-Appendix A
-background & historical events
-Appendix B
-discussion of command and control
-Appendix C
-guidance for collecting plant information for MCRA Overview of MCRA HRASlide 11Fire PRA Workshop 2019, Rockville, MDOverview (or mindset change) (continued)What's unique about MCRA contexts (& why a different HRA mindset)?
-MCRA is a rare NPP event
-MCRA is a special case of fire HRA/PRA that does not build on internal events HRA/PRA
-Without MCR environment, emergency operation procedures (EOPs), etc., common HRA assumptions (e.g., all crew members working off same procedure and providing backup to other crew members) cannot be used for MCRA
-MCRA HRA/HRA must address variations (even within NPP type and vendor) in, for example:Remote shutdown panel (RSDP) design & capabilitiesGeneral plant designProcedure(s) & associated strategy taken for safe shutdown Overview of MCRA HRASlide 12Fire PRA Workshop 2019, Rockville, MDQualitative Guidance: PRA AspectsExpanded MCRA process and guidance fromEPRI 1011989 / NUREG/CR
-6850-Fills gaps in existing methodology where additional guidance is neededIntegrating HFEs and equipment failures in model Determine plant conditions when LOH or LOC may occur
-Entry criteria for LOH based on specific thresholds and calculated from fire modeling
-Entry criteria for LOC not well defined in current methodologyExpanded LOC scenario definition
-Identified in MCRA procedure entry conditions or, more likely, through interviews with operationsWhat loss of function and instrumentation would lead to shutdown using RSDP?Identification is highly plant specific Overview of MCRA HRASlide 13Fire PRA Workshop 2019, Rockville, MDFeasibility Assessment for MCRANUREG-1921 established feasibility criteria for modeling HFEs in fire PRAsFour new types of guidance are discussed:
-Feasibility must be assessed on a scenario level, in addition to with respect to individual human failure events (HFEs)
-Two new criteria have been identified:Must have a communications planMust have a plan for command and control
-Some additional guidance on assessing existing criteria
-What to do if "not feasible" is not acceptableDiscussed later under Interface with Operations Overview of MCRA HRASlide 14Fire PRA Workshop 2019, Rockville, MDTiming and TimelinesNUREG-1921 established a timeline for individual HFEs
-Guidance in NUREG
-1921 can be applied to MCR abandonment HFEsFor MCRA, timing is even more critical, so the supplementary guidance recommends:
-Developing scenario specific timelines that show who is doing what and when, all with respect to the same time origin
-Accounting for command, control, and coordination of tasks by various operators stationed at different locations
-Integrating the various different timing sources into a single timeline with the same time origin:fire progressionaccident progressionprocedure progression and operator response Overview of MCRA HRASlide 15Fire PRA Workshop 2019, Rockville, MDTiming and Timelines
-Three Time Phases of MCRAPhase I -Time period before abandonment decisionPhase II -Time period for the decision to abandonPhase III
-Time period after abandon has been made Overview of MCRA HRASlide 16Fire PRA Workshop 2019, Rockville, MDTiming and Timelines
-Three Time Phases of MCRAPhase I -associated with actions taken before the decision to abandonPhase II -timing for the decision to abandon is plant
-specific and requires agreement between plant operations, fire PRA modeling and fire HRA
-Typically, the team will need to define conditions which require abandonment and the time at which these conditions will exist. Good example of FPRA feedback to training and/or procedures.Phase III
-timeline accounts for execution time after leaving the MCR, the same as NUREG
-1921-Also addresses extra time required for command & control, coordination, and communications Overview of MCRA HRASlide 17Fire PRA Workshop 2019, Rockville, MDExample of Integrated Timeline For MCRA ScenarioThere can be more than one representation of a timeline Overview of MCRA HRASlide 18Fire PRA Workshop 2019, Rockville, MDExample of Integrated Timeline For MCRA ScenarioSame scenario as previous example but this example shows timelines for individual PRA actions.
Overview of MCRA HRASlide 19Fire PRA Workshop 2019, Rockville, MDPerformance Shaping Factors (PSFs)Guidance for evaluating PSFs primarily derived from:
-List of PSFs developed in NUREG
-1921 -Experience of PRA analysts in identifying MCRA sequences modeledThe following PSFs identified in NUREG
-1921 are just as critical for MCRA (and in some cases, more so):
-Complexity
-Time pressure and stress
-Crew dynamics
-Human-machine interface
-Crew communications
-Environment
-Cues and indications
-Staffing and availability
-Procedures
-Special equipment
-Training -Special fitness needs
-TimingHowever, what is important to HRA about these PSFs is that they may be different in MCRA than in other fire scenarios Overview of MCRA HRASlide 20Fire PRA Workshop 2019, Rockville, MDPerformance Shaping Factors (Continued)In general, assessment of the PSFs for MCRA needs to consider:
-Decision to abandon the MCR
-Actions at the RSDP
-Local actions in the plant
-Command & control issues, including communication & coordinationGuidance to the analyst in this section:
-Provides table of examples of the PSF impacts related to distinguishing features of MCRA scenarios
-Assists the analyst in determining which PSFs are the more significant contributors to the qualitative analysis of a particular MCRA scenario by identifying the contexts that make a PSF consequential, and whyContent of these tables is considered preliminary Overview of MCRA HRASlide 21Fire PRA Workshop 2019, Rockville, MDCommand and Control (C&C)"Meta-PSF" that describes the need for a central body of authority to make decisions but have them carried out by a distributed groupC&C during in
-MCR operations:
-Shift supervisor is aided by reactor operators (ROs) and shift technical advisor (STA), who are monitoring and providing information input
-Staff are co
-located, allowing face
-to-face communication and shared access to information in a relatively quiet atmosphereMCRA is more complex and person
-in-charge must transition through a series of contexts:
-Decision to abandon the MCR
-Transition to the RSDP
-Communication of instructions to staff located elsewhere, sometimes based on reports of measurements from the field Overview of MCRA HRASlide 22Fire PRA Workshop 2019, Rockville, MDDifferences between MCRA and MCR operations
-communication paths, indications and controlsShift Supervisor (SS, in charge of C&C) cannot directly communicate with all operators; i.e., face
-to-face, real time
-Figure shows dashed lines (rather than solid lines) to represent "indirect communications" (e.g., use of radios)SS likely needs to communicate with more than the two operators (see next slide)
-However, for simplicity, the figure only shows two operatorsUnlike in the MCR, the SS can "act" (i.e., directly manipulate equipment)Depending on the capability of the RSDP, the SS may be able to only indirectly (i.e., through communications with operators at local plant stations) manipulate equipment, obtain information, etc.
Overview of MCRA HRASlide 24Fire PRA Workshop 2019, Rockville, MDDifferences in Control & Communications (after Moray)Non-AbandonmentAbandonment RD -request dataCF -confirmation RC -request confirmation C -command T -tell dataKeyA solid line represents direct interactions. For example, operator is located at the control station. A dashes line represents indirect interactions. There maybe distance between the operators and/or plant. For example the SS maybe at the RSDP while the operator maybe elsewhere in the plant Overview of MCRA HRASlide 25Fire PRA Workshop 2019, Rockville, MDSelected Topics from Supplement 2
-HRA QuantificationOverview of MCRA HRA quantificationPhase II quantification
-decision to abandonPhase III quantification
-after decision to abandonTiming inputs for MCRA HRA quantification (mostly Phase II)Future work Overview of MCRA HRASlide 26Fire PRA Workshop 2019, Rockville, MDOverview of MCRA HRA quantificationMCRA HRA guidance is different depending on phase
-Phase I -before the decision to abandon
-Phase II -decision to abandon (explicitly modeled for LOC only)
-Phase III
-after decision to abandonEach phase is characterized by:
-Location for operator actions
-Procedures used (i.e., EOPs versus MCRA safe shutdown)
-Location for command and control (C&C)Focus for Supplement 2 MCRA HRA quantification guidance is on:-Decision to abandon for LOC scenarios
-Phase III operator actions (after leaving the MCR), including impact of C&C Overview of MCRA HRASlide 27Fire PRA Workshop 2019, Rockville, MDHRA quantification for decision to abandon for LOC scenariosQualitative analysis is important, especially the feasibility assessment specific to decision to abandon, i.e.,-Abandonment procedure must contain explicit guidance on "cues" for abandonment, OR-A consensus opinion from operator interviews must match definition of LOCQuantification is based on qualitative insights from Supplement 1 (e.g., important performance shaping factors)& an expert panelExperts maintained that reluctance to leave MCR is primary driver, with procedures, training, & time available being moderating influencesAppendix D in NUREG
-1921 Supplement 2 discusses, generally, HRA challenges & state of knowledge for decisions with serious consequences Overview of MCRA HRASlide 28Fire PRA Workshop 2019, Rockville, MDHEP quantification for decision to abandon on LOC Overview of MCRA HRASlide 29Fire PRA Workshop 2019, Rockville, MDHRA quantification for operator actions after the decision to abandonPhase III operator actions should be treated the same way as HRA typically addresses operator actions, e.g., -Both cognition & execution contributions should be addressed (although there is typically no additional cognition for Phase III actions, given the decision to abandon has been made)
-Qualitative analysis & feasibility assessment should be performedTwo new feasibility assessment criteria for Phase III (plus all criteria from NUREG
-1921): 1.Need to have a communications plan 2.Need to have a C&C planCommand and Control failures in Phase III:
-Expert panel also identified the need to adda contribution from "C&C sequencing failures" in certain instances where the improper order or sequencing of operations leads to failure of an SSC-Flowchart is used to determine if a C&C contribution should be added to other failure probabilities
-Two C&C sequencing failure probabilities (taken from NUREG
-2199, IDHEAS at
-power):HEP = 1.9E
-2, with compensating measuresHEP = 9.4E
-2, withoutcompensating measures Overview of MCRA HRASlide 30Fire PRA Workshop 2019, Rockville, MDPhase III C&C Sequencing FailuresHEP = 1.9E
-2HEP = 9.4E
-2 Overview of MCRA HRASlide 31Fire PRA Workshop 2019, Rockville, MDDeveloping Timing Inputs for Phase IISupplement 2, Section 2 discusses development of timing inputs for all Phases, but emphasis is on inputs for Phase II (i.e., quantification tool for the decision to abandon for LOC scenarios)Two main concerns for LOC scenarios:
-Estimating the time required for decision to abandon is difficult (since it is not usually trained on)
-Phase II (decision to abandon) and Phase III (after decision) share the same system time windowQuantification tool for decision to abandon for LOC scenarios only requires time available for decision; estimation of time required is only needed to demonstrate feasibility Overview of MCRA HRASlide 32Fire PRA Workshop 2019, Rockville, MDDeveloping Timing Inputs for Phase II (continued)Steps for developing timing inputs is:
1.Calculate the system time window (T SW) for the overall MCRA scenario (i.e., for both Phase II and Phase III).
2.Develop the time required (Treqd,III) to perform the initial Phase III actions.3.Set the time available for Phase III actions (Tavail,III) equal to the time required (Treqd,III) for Phase III actions (i.e., equate the time required with the time available for Phase III actions).
4.Determine the time delay for Phase II (i.e., the time at which the minimumset ofcuesneeded for the decision to abandon on LOC become available) (Tdelay,LOC). 5.Calculate the time available (Tavail,LOC) for Phase II (i.e., the decision to abandon).
6.Estimate the time required (Treqd,LOC) for Phase II and confirm the feasibility.Iteration may be required (e.g., may want to allocated more time for Phase III to allow recoveries)
Overview of MCRA HRASlide 33Fire PRA Workshop 2019, Rockville, MDFuture WorkThe authors have developed guidance that is applicable to existing U.S. NPPsThe authors also recognize that there may be changes to how NPPs prepare for MCRAIn addition, there are topics that would benefit from future research (e.g., understanding and modeling operator "reluctance")In the meantime, concepts and tools developed for MCRA HRA are being used, expanded, and modified for use in other contexts (e.g., FLEX)
Overview of MCRA HRASlide 34Fire PRA Workshop 2019, Rockville, MDCourse OutlineIntroduction to HRAOverview of the EPRI/NRC Fire HRA GuidelinesIdentification and definition of fire human failure eventsQualitative analysisOverview -Fire HRA Guidance for Main Control Room Abandonment (MCRA) Scenarios in Fire EventsQuantitative analysis (next training topic)Recovery analysisDependency analysisUncertainty analysis Overview of MCRA HRASlide 35Fire PRA Workshop 2019, Rockville, MDBACKUP SLIDES Stacey HendricksonSandia National Laboratories, Albuquerque, NM, USAJohn Wreathall John Wreathall & Co, Inc., Dublin, OH, USAJeffrey Julius, Erin Collins, Kaydee Kohlhepp Gunter, Paul AmicoJENSEN HUGHES, Rockville, MD, USASusan Cooper, Tammie Rivera US Nuclear Regulatory Commission, Rockville, MD, USA Mary Presley, Ashley LindemanElectric Power Research Institute, Charlotte, NC, USAInvestigating Command and Control Issues for Main Control Room Abandonment Scenarios in Fire Events PSAM-HRAS Topical Conference 2017:Human Reliability, Quantitative Human Factors and Risk ManagementMunich, GermanyJune 7-9 2017 Overview of MCRA HRASlide 37Fire PRA Workshop 2019, Rockville, MDProject OutlineHRA Guidelines for plant fire scenarios are addressed generally in NUREG
-1921/EPRI 1023001, EPRI/NRC-RES Fire Human Reliability Analysis Guidelines (2012) Main Control Room Abandonment (MCRA) is a special case for HRA-Only briefly addressed in NUREG
-1921/EPRI 1023001EPRI & NRC working jointly under Memorandum of Understanding (MOU) to develop guidance for HRA in MCRA events
-Two stages: Qualitative guidance and quantitative guidanceCurrently qualitative guidance is being documented as Supplement 1 to NUREG
-1921/EPRI 3002009215Development of quantitative guidance is under way, to be documented as a joint EPRI/NRC technical report Overview of MCRA HRASlide 38Fire PRA Workshop 2019, Rockville, MDCommand & ControlCommand & Control (C&C)
-Developed in military settings to describe need for a central body to make decisions and have them acted upon at a distance by distributed groups
-Part of macrocognitionnot normally considered for In
-Main Control Room (MCR) activitiesDecision maker (e.g., Shift Supervisor or Shift Manager) is co
-located with crew membersCommunication and coordination is carried out face
-to-faceIn-MCR actions highly trained and rehearsedso responses are often "response
-primed decisionmaking" (RPD) (Klein)
-Following abandonment of MCR (MCRA) because of plant fireDecision maker is physically separate from some/all crew membersCommunication and coordination requires radios/telephones/runnersLittle training and rehearsal for actions during and after abandonment Overview of MCRA HRASlide 39Fire PRA Workshop 2019, Rockville, MDFunctional Description of Macrocognition(Smalley, 2008)
Overview of MCRA HRASlide 40Fire PRA Workshop 2019, Rockville, MDMacrocognitive Differences between MCR Abandonment and Non
-Abandonment for FiresDuring in-MCR Operations (typical plant)Control room team, acting as a single centralized "cognitive entity"
-Coordination with fire brigade and some plant area staffShared visual cuesWell-rehearsed and tested plans and actions
-Resources anticipated & available
-Limited need for flexibility in response
-Recognition
-primed decision
-making (RPD)Communications (mostly) face
-to-faceRestricted interruptions during response periodDuring MCRA Operations (typical plant)Control room team distributed in plant areas
-Shift supervisor alone at RSDP
-Coordination with fire brigade and plant areasSingle snapshots of plant information by individualsPlans and actions occasionally rehearsed, rarely tested
-Some resources anticipated & available but complete range untested
-Potential need for flexibility in response
-Non-RPD responseCommunications mostly via radios, phones, etc.Potential for interruptions C&C is judged unlikely to be a significant cause of crew failureC&C cannot be ignored as a potential cause of crew failure Overview of MCRA HRASlide 41Fire PRA Workshop 2019, Rockville, MDCommunicationsBefore abandonment, communications is (mostly) face
-to-face and can be asynchronous
-for example:
-Operators know who is speaking; minimal problem of over
-talking-Communications can be tightly coupled (i.e. closely coupled within the team)Reported to be associated with good performanceAfter abandonment, communications need to be structured and controlled by Shift Supervisor
-Slows down interactions
-Increases workload of supervisor
-Communications less coupled
-Interpretations of communications Overview of MCRA HRASlide 42Fire PRA Workshop 2019, Rockville, MDDifferences in Control & Communications (after Moray)Non-AbandonmentAbandonment RD -request dataCF -confirmation RC -request confirmation C -command T -tell dataKey Overview of MCRA HRASlide 43Fire PRA Workshop 2019, Rockville, MDEvaluation of C&C Structure (Draft)Identifying the person(s) leading the response, as well as each person's role and responsibility during and following MCRAIdentifying where the person(s) leading the response will be located once outside the MCREvaluating how communications are to be performed:
-Physical processes, such as use of radios, sound
-powered phones, or other means
-Protocol, such as three
-way communication, required reporting to Shift Supervisor (SS) when each step or task is performed, or waiting to report until a major function or system is restoredIdentifying how procedures will be used by the person(s) in charge and by the field operators
-Example: Do field operators have their own written procedures in hand at plant locations or do they rely only on directions from person(s) in chargeIdentifying how many people require interaction and communication
-Including plant staff and organizations beyond those needed only for safe shutdownIdentifying how much communication will be required to satisfy allcommunication needsIdentifying who, beyond the SS, is available to help address communication needs