|
|
| Line 19: |
Line 19: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:LO-130882 December 31, 2022 Docket No. 52-050 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738 | | {{#Wiki_filter:}} |
| | |
| ==SUBJECT:==
| |
| NuScale Power, LLC Submittal of the NuScale Standard Design Approval Application Part 2 - Final Safety Analysis Report, Chapter 18, Human Factors Engineering, Revision 0
| |
| | |
| ==REFERENCES:==
| |
| : 1. NuScale letter to NRC, NuScale Power, LLC Submittal of Planned Standard Design Approval Application Content, dated February 24, 2020 (ML20055E565)
| |
| : 2. NuScale letter to NRC, NuScale Power, LLC Requests the NRC staff to conduct a pre-application readiness assessment of the draft, NuScale Standard Design Approval Application (SDAA), dated May 25, 2022 (ML22145A460)
| |
| : 3. NRC letter to NuScale, Preapplication Readiness Assessment Report of the NuScale Power, LLC Standard Design Approval Draft Application, Office of Nuclear Reactor Regulation dated November 15, 2022 (ML22305A518)
| |
| : 4. NuScale letter to NRC, NuScale Power, LLC Staged Submittal of Planned Standard Design Approval Application, dated November 21, 2022 (ML22325A349)
| |
| NuScale Power, LLC (NuScale) is pleased to submit Chapter 18 of the Standard Design Approval Application, Human Factors Engineering, Revision 0. This chapter supports Part 2, Final Safety Analysis Report, (FSAR) of the NuScale Standard Design Approval Application (SDAA), as described in Reference 1. NuScale submits the chapter in accordance with requirements of 10 CFR 52 Subpart E, Standard Design Approvals. As described in Reference 4, the enclosure is part of a staged SDAA submittal. NuScale requests NRC review, approval, and granting of standard design approval for the US460 standard plant design.
| |
| From July 25, 2022 to October 26, 2022, the NRC performed a pre-application readiness assessment of available portions of the draft NuScale FSAR to determine the FSARs readiness for submittal and for subsequent review by NRC staff (References 3 and 4). The NRC staff reviewed draft Chapter 18. The NRC did not identify readiness issues with the chapter. contains SDAA Part 2 Chapter 18, Human Factors Engineering, Revision 0, proprietary version. NuScale requests that the proprietary version (Enclosure 1), be withheld from public disclosure in accordance with the requirements of 10 CFR § 2.390. The enclosed affidavit (Enclosure 3) supports this request. Enclosure 1 has also been determined to contain Export Controlled Information. This information must be protected from disclosure per the requirements of 10 CFR § 810. Enclosure 2 contains the nonproprietary version.
| |
| NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com
| |
| | |
| LO-130882 Page 2 of 2 12/31/2022 This letter makes no regulatory commitments and no revisions to any existing regulatory commitments.
| |
| If you have any questions, please contact Mark Shaver at 541-360-0630 or at mshaver@nuscalepower.com.
| |
| I declare under penalty of perjury that the foregoing is true and correct. Executed on December 31, 2022.
| |
| Sincerely, Carrie Fosaaen Senior Director, Regulatory Affairs NuScale Power, LLC Distribution: Brian Smith, NRC Michael Dudek, NRC Getachew Tesfaye, NRC Bruce Bavol, NRC David Drucker, NRC Enclosure 1: SDAA Part 2 Chapter 18, Human Factors Engineering, Revision 0, (proprietary)
| |
| Enclosure 2: SDAA Part 2 Chapter 18, Human Factors Engineering, Revision 0, (nonproprietary)
| |
| Enclosure 3: Affidavit of Carrie Fosaaen AF-131833 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com
| |
| | |
| LO-130882 :
| |
| Chapter 18, Human Factors Engineering, Revision 0, (proprietary)
| |
| NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com
| |
| | |
| LO-130882 :
| |
| Chapter 18, Human Factors Engineering, Revision 0, (nonproprietary)
| |
| NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com
| |
| | |
| LO-130882 Contents Section Description A Chapter 18, Human Factors Engineering, Revision 0, nonproprietary B Technical Reports NuScale Nonproprietary
| |
| | |
| LO-130882 Section A NuScale Nonproprietary
| |
| | |
| NuScale US460 Plant Standard Design Approval Application Chapter Eighteen Human Factors Engineering Final Safety Analysis Report Revision 0
| |
| ©2022, NuScale Power LLC. All Rights Reserved
| |
| | |
| COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| | |
| NuScale Final Safety Analysis Report Table of Contents TABLE OF CONTENTS CHAPTER 18 HUMAN FACTORS ENGINEERING . . . . . . . . . . . . . . . . . . . . . . . . 18.0-1 18.0 Human Factors Engineering - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.0-1 18.1 Human Factors Engineering Program Management . . . . . . . . . . . . . . . . . . 18.1-1 18.1.1 Human Factors Engineering Program Goals and Scope . . . . . . . . . . . . 18.1-1 18.1.2 Human Factors Engineering Team and Organization . . . . . . . . . . . . . . 18.1-4 18.1.3 Human Factors Engineering Process and Procedures . . . . . . . . . . . . . 18.1-5 18.1.4 Tracking Human Factors Engineering Issues . . . . . . . . . . . . . . . . . . . . 18.1-7 18.1.5 Human Factors Engineering Technical Program . . . . . . . . . . . . . . . . . . 18.1-8 18.1.6 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.1-9 18.2 Operating Experience Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-1 18.2.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-1 18.2.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-2 18.2.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-6 18.2.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-6 18.3 Functional Requirements Analysis and Function Allocation . . . . . . . . . . . 18.3-1 18.3.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-1 18.3.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-1 18.3.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-5 18.3.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-5 18.4 Task Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-1 18.4.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-1 18.4.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-2 18.4.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-6 18.4.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-6 18.5 Staffing and Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-3 18.5.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-4 18.6 Treatment of Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 18.6.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 18.6.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 NuScale US460 SDAA i Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Table of Contents TABLE OF CONTENTS 18.6.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-4 18.6.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-4 18.7 Human-System Interface Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-11 18.7.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-11 18.8 Procedure Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.8-1 18.9 Training Program Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.9-1 18.10 Human Factors Verification and Validation . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.3 Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-14 18.10.4 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-14 18.11 Design Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.3 Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-3 18.12 Human Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.12-1 NuScale US460 SDAA ii Revision 0
| |
| | |
| NuScale Final Safety Analysis Report List of Tables LIST OF TABLES Table 18.1-1: Human Factors Engineering Program and Design Activity Milestones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.1-10 NuScale US460 SDAA iii Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering - Overview CHAPTER 18 HUMAN FACTORS ENGINEERING 18.0 Human Factors Engineering - Overview This chapter describes the Human Factors Engineering (HFE) Program for the NuScale Power, LLC (NuScale) Power Plant. The HFE Program uses proven technology and incorporates accepted HFE standards and guidelines, including the applicable guidance provided in NUREG-0711, Revision 3.
| |
| The HFE Program incorporates 12 HFE elements under four general activities in NUREG-0711:
| |
| * planning and analysis HFE Program management operating experience review functional requirements analysis and function allocation task analysis staffing and qualifications treatment of important human actions
| |
| * design human-system interface design procedure development training program development
| |
| * verification and validation human factors verification and validation
| |
| * implementation and operation design implementation human performance monitoring The HFE Program is developed and validated to support a plant including up to 12 NuScale Power Modules. The NuScale Power Plant US460 standard design consists of a plant with up to six NuScale Power Modules, which is within the limits of the HFE Program described in this chapter. The work done for the US460 standard design uses the information completed for the US600 design.
| |
| Section 18.1 describes the plan for the management of the overall HFE Program.
| |
| Sections 18.2 through 18.12 describe the remaining elements of the HFE Program.
| |
| These sections demonstrate that the HFE Program is
| |
| * developed by a qualified HFE Design Team, using a comprehensive HFE Program plan.
| |
| NuScale US460 SDAA 18.0-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering - Overview
| |
| * derived from proven HFE studies and analyses that provide complete and accurate results.
| |
| * documented using software that allows consistent application of the HFE analysis results to the human-system interface design, procedure development, and training program development.
| |
| * designed via proven technology incorporating accepted HFE standards and guidelines.
| |
| * evaluated with a thorough verification and validation test program.
| |
| * implemented such that it effectively supports operations.
| |
| * monitored during operations to detect changes that have the potential to impact human performance.
| |
| Section 18.11, Design Implementation, is performed in accordance with the associated Inspections, Tests, Analyses, and Acceptance Criteria.
| |
| In the scope of HFE work, the term unit refers to the structures, systems, and components necessary to generate electricity, which includes a primary side containing a NuScale Power Module (as defined in Section 1.1), its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems. This usage is consistent with 10 CFR Part 50 Appendix A and the HFE technical reports that support FSAR Chapter 18.
| |
| NuScale US460 SDAA 18.0-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1 Human Factors Engineering Program Management The program management element of the Human Factors Engineering (HFE) Program ensures that HFE principles are effectively incorporated into the development, design, and evaluation of the human-system interface (HSI), procedures, and training program.
| |
| This section addresses the following aspects of the program management plan:
| |
| * HFE Program goals and scope
| |
| * HFE team, member qualifications, and organization
| |
| * HFE process and procedures
| |
| * HFE issues tracking
| |
| * HFE technical program Sections 18.1.1 through 18.1.5 summarize these aspects of the plan. A more detailed description of the program management plan is contained in the Human Factors Engineering Program Management Plan (Reference 18.1-1).
| |
| 18.1.1 Human Factors Engineering Program Goals and Scope 18.1.1.1 Human Factors Engineering Program Goals The HFE Program is designed utilizing a human-centered approach. The program's primary goals are to
| |
| * ensure that tasks are performed in accordance with the defined performance criteria and within the required time frame.
| |
| * ensure that HSI, procedures, staffing and qualifications (S&Q), training, management, and organizational arrangements support a high degree of personnel performance and situational awareness.
| |
| * support personnel in maintaining vigilance over plant operations and provide acceptable workload levels.
| |
| * minimize personnel errors and enhance error detection and recovery capability.
| |
| As the HFE Program develops, the program objectives are further defined and used as the basis for HFE tests and evaluations.
| |
| 18.1.1.2 Assumptions and Constraints The assumptions and constraints used as inputs to the HFE Program reflect the following aspects of the design:
| |
| Passive Features
| |
| * Reactor coolant flow is accomplished by natural circulation to eliminate the need for reactor coolant pumps.
| |
| * Decay heat removal to the ultimate heat sink is accomplished without the use of pumps or the need for electric power.
| |
| NuScale US460 SDAA 18.1-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management
| |
| * No operator actions are necessary for a minimum of 72 hours following a design-basis event.
| |
| Modular Design
| |
| * Operation of the first module can begin before successive modules are installed.
| |
| * Refueling of individual modules can occur with others online.
| |
| * Common systems support up to six units.
| |
| * Up to six units are controlled from a single main control room (MCR).
| |
| High Degree of Automation
| |
| * The HSIs support monitoring and management of automated actions and sequences by the operator.
| |
| * Steady-state routine operating tasks are automated to the extent that human interactions to start, stop, or abort automated sequences do not distract the operator.
| |
| * Shutdown functions are automated to the extent that one operator at the controls can maneuver a unit from power operations to safe shutdown within a short period of time.
| |
| * Operability surveillance tests include automated functions such as system configuration verified, test conditions verified, data collected, and results checked against acceptance criteria.
| |
| * Administrative tasks are integrated into an electronic information and records management system that is available to operators.
| |
| * Computer-based procedures for normal, abnormal, and emergency operations and alarm response are text-based.
| |
| Main Control Room Operators
| |
| * Staffing evaluations are based on activities performed by licensed control room operators.
| |
| * Staffing analyses for maintenance or refueling activities, activities completed by craft and technical personnel (e.g., mechanical, electrical, or instrumentation and controls maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility or other Emergency Response facilities are included only if licensed operator workload is impacted.
| |
| * When licensed operator workload is impacted, the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload or staffing. If necessary, HSI or staffing adjustments are developed to address the specific task and associated staffing requirements.
| |
| NuScale US460 SDAA 18.1-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.1.3 Human Factors Engineering Program Duration The HFE Program is in effect from the start of the plant conceptual design through completion of startup testing. The Human Performance Monitoring Program (Section 18.12) maintains the HFE Program following startup.
| |
| 18.1.1.4 Applicable Facilities The scope of the HFE Program includes the MCR. The HSI of the Technical Support Center, the Emergency Operations Facility, and local control stations are derivatives of the MCR human-system interface.
| |
| 18.1.1.5 Applicable Human-System Interfaces, Procedures, and Training The HSI design inputs and interfaces include the following:
| |
| * operating experience review
| |
| * functional requirements analysis (FRA) and function allocation (FA)
| |
| * task analysis (TA)
| |
| * staffing and qualifications (S&Q)
| |
| * treatment of important human actions (TIHAs)
| |
| * concept of operations
| |
| * instrumentation and controls systems design
| |
| * system requirements
| |
| * HSI Style Guide The HFE Program supports procedure and training program development for normal, abnormal, and emergency operations, as well as alarm response, and accident management activities performed or supervised by operational personnel.
| |
| The HFE Program provides inputs to the training programs for the personnel identified in 10 CFR 50.120, as appropriate.
| |
| 18.1.1.6 Applicable Operations Personnel The HFE Program analyzes and defines the minimum number and qualifications of licensed control room operators. Section 18.5, Staffing and Qualifications, further discusses this element of the HFE Program.
| |
| 18.1.1.7 Effects of Modifications on Personnel Performance The HFE design process evaluates the effects of plant modifications, performed before completion of startup testing, on personnel performance, HSI design, procedures, and training. The Human Performance Monitoring Program NuScale US460 SDAA 18.1-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management (Section 18.12) evaluates modification impacts on human performance following startup.
| |
| 18.1.2 Human Factors Engineering Team and Organization 18.1.2.1 Human Factors Engineering Team Responsibility The HFE team is responsible for
| |
| * developing HFE plans and procedures.
| |
| * ensuring HFE activities comply with the HFE plans and procedures.
| |
| * overseeing and reviewing activities in HFE design, development, test, and evaluation, including the initiation, recommendation, and provision of solutions through designated channels for problems identified in implementing the HFE work.
| |
| * verifying that the team's recommendations are implemented.
| |
| * scheduling work and milestones.
| |
| 18.1.2.2 Human Factors Engineering Organizational Placement and Authority The HFE team consists of a core group of human factors engineers with formal HFE training and experienced operators reporting directly to the HFE supervisor.
| |
| The HFE team also includes a broader group of members from operations and engineering organizations that do not report directly to the HFE supervisor. The broader team members are distributed throughout the organization, providing expertise to the core HFE group on an as-needed basis.
| |
| The HFE supervisor reports to a Plant Operations manager or director, who in turn reports to an Executive.
| |
| Each of the HFE elementsoperating experience review, FRA and FA, TA, S&Q, TIHA, HSI, and human factors verification and validationhas a team lead responsible for managing that elements activities. The HFE supervisor is responsible for the Human Factors Engineering issue tracking system (HFEITS) database, and oversight and scheduling of HFE activities. The HFE supervisor or other members of the HFE team elevate HFE issues within the management chain, as necessary, utilizing appropriate programs and tools.
| |
| 18.1.2.3 Human Factors Engineering Design Team Composition The HFE Design Team composition is described in Section 18.1.2.2. The qualifications of the personnel are consistent with Appendix A of NUREG-0711, Revision 3.
| |
| 18.1.2.4 Human Factors Engineering Design Team Staffing The HFE supervisor assigns the team members to HFE activities across various elements of the HFE Program in accordance with their expertise.
| |
| NuScale US460 SDAA 18.1-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3 Human Factors Engineering Process and Procedures 18.1.3.1 General Process and Procedures The HFE supervisor assigns personnel to the HFE team to ensure the needed expertise, knowledge, and experience are applied to the activities of each HFE Program element. The HFE supervisor has responsibility for
| |
| * assigning HFE tasks to members of the HFE team and supervising their performance of the tasks.
| |
| * scheduling and overseeing various HFE activities.
| |
| * reviewing and approving HFE team products.
| |
| * making management decisions related to HFE activities.
| |
| * design of MCR equipment and control of design changes to MCR equipment.
| |
| While the HFE supervisor is responsible for the design of MCR equipment and for controlling changes, Design Engineering is responsible for the design of HSIs throughout the plant. Design changes to HSI and other equipment are governed through a design change process.
| |
| Where design decisions require input from multiple organizations, the HFE supervisor may elevate HFE issues within the management chain utilizing tools and programs including HFEITS, the design decision procedure, design review boards, and the Corrective Action Program.
| |
| Any member of the HFE team may identify problems and propose solutions using the HFEITS tool. The HFE supervisor has authority to make decisions regarding the resolution of HFEITS items, including human engineering discrepancies (HEDs).
| |
| 18.1.3.2 Process Management Tools The HFE activities are documented and controlled in accordance with the Quality Assurance Program (QAP), as applicable, and subordinate plans and procedures, including design control processes. The design process includes provisions to control design inputs, outputs, changes, interfaces, records, and organizational interfaces within the organization and with suppliers. These provisions ensure that design inputs are correctly translated into design outputs so that the final design output can be related to the design input in sufficient detail to permit verification.
| |
| Design change processes and the division of responsibilities for design-related activities are detailed in procedures. Design control includes interfaces necessary to control the development, verification, approval, release, status, distribution, and revision of design inputs and outputs. Design changes and disposition of nonconforming documents are reviewed and approved by applicable design organizations or by other authorized supplier organizations.
| |
| NuScale US460 SDAA 18.1-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3.3 Integration of Human Factors Engineering and Other Plant Design Activities The HFE design process is iterative, and the design activities are integrated. The iterative design process includes review and feedback from other engineering and design groups.
| |
| Reference 18.1-1 contains details on the HFE team integration into the iterative design process.
| |
| 18.1.3.4 Human Factors Engineering Program Milestones Table 18.1-1, Human Factors Engineering Program and Design Milestones, shows the relationship of HFE Program elements to the design and licensing phases, and general plant design activities.
| |
| The project schedule, including HFE milestones, is integrated into the overall project design development schedule.
| |
| 18.1.3.5 Human Factors Engineering Documentation An implementation plan (IP) describes the methodology for conducting an HFE element. An IP is not prepared for the procedure development, training program development, or HPM elements. A results summary report (RSR) is prepared for the S&Q (Section 18.5) and TIHA (Section 18.6) elements and contains a methodology section for the respective element and precludes the need for an IP.
| |
| These IPs as well as the S&Q and TIHA result summary reports are prepared by NuScale and submitted with the SDAA.
| |
| Upon completion of the associated HFE activities, RSRs are prepared for the following HFE elements:
| |
| * operating experience review (Section 18.2)
| |
| * FRA and FA (Section 18.3)
| |
| * TA (Section 18.4)
| |
| * HSI design (Section 18.7)
| |
| * human factors verification and validation (Section 18.10)
| |
| The RSRs contain sufficient detail to demonstrate that the results are derived from implementing the methodology. The RSR scope is consistent with the applicable guidance of NUREG-0711, Revision 3.
| |
| The HFE documents that support the design are quality records and are retained in accordance with the QAP, which is described in Section 17.5. The HFE documentation includes design verification checklists, HFEITS records (Section 18.1.4), HFE element IPs, RSRs, and applicable documentation identified in the IPs and RSRs.
| |
| NuScale US460 SDAA 18.1-6 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3.6 Subcontractor Human Factors Engineering Efforts Subcontractors may be utilized in the HFE Program. The HFE team verifies that subcontractors performing HFE activities are properly trained and comply with the QAP and the applicable subordinate plans and procedures. The Quality Assurance organization verifies that the subcontractors conduct work in accordance with the QAP or the subcontractor's QAP, as approved and contracted.
| |
| 18.1.4 Tracking Human Factors Engineering Issues 18.1.4.1 Availability of Human Factors Engineering Issue Tracking System If identified HFE issues cannot be immediately resolved, they are included and tracked in the HFEITS database. The database is available to the HFE team members. The HFE issues may include recognized industry HFE issues, HEDs identified during HFE design, and issues identified throughout the life cycle of the HFE Program. Details on the HFEITS process are contained in Reference 18.1-1.
| |
| 18.1.4.2 Human Factors Engineering Issue Tracking Method Identified HFE issues that cannot be immediately resolved are entered into the HFEITS database and assigned a unique tracking number. Supporting documentation in electronic format is attached to the database item. Each issue is screened and evaluated for potential degradation in human performance. Issues that are found to not degrade human performance are either closed or transferred to more appropriate corrective action processes.
| |
| For the HFE issues that are found to degrade human performance, proposed corrective action to resolve each issue is identified and assigned. Schedules for the overall evaluation or for each corrective action are established by the HFEITS administrator. Issue close-out and transfer with proper documentation is approved by both the HFEITS administrator and the HFE supervisor. The HFE supervisor may obtain support from the HFE team to resolve and approve the closure of HFEITS database items.
| |
| 18.1.4.3 Documentation of Human Factors Engineering Issues For each identified HFE issue, the following information is documented in the HFEITS:
| |
| * issue identification date
| |
| * supporting information, such as attachments documenting the issue
| |
| * assigned issue owner and evaluator
| |
| * whether or not the issue involves an HED
| |
| * proposed issue resolution
| |
| * HFE team acceptance or rejection with detailed justification NuScale US460 SDAA 18.1-7 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management
| |
| * detailed description of issue resolutions
| |
| * actions taken
| |
| * affected document(s) 18.1.4.4 Responsibility for Tracking Human Factors Engineering Issues The HFE team members are responsible for identifying, logging, evaluating, and tracking HFE issues to resolution.
| |
| The HFE supervisor has the overall responsibility for administering and managing HFEITS. This responsibility includes oversight of HFE issue tracking, approval of HFE issue resolution, and approval of changes to issue resolution schedule.
| |
| The HFEITS administrator is responsible for managing the software component of the HFEITS database. This responsibility includes database security management, maintenance of hardware and software, controlling changes to database, and tracking the issue resolution and corrective actions.
| |
| The issue evaluator is responsible for identifying the extent and significance of the identified HFE issues, and providing recommendations for issue owner assignment, corrective actions, and issue resolution schedule.
| |
| The issue owner is responsible for resolving the issues, updating HFEITS with proposed or completed actions, and updating design documentation as appropriate.
| |
| An HFEITS review committee is responsible for verifying that the HFEITS issues and HEDs are resolved before final closure. Details on the HED resolution process are provided in Reference 18.1-1.
| |
| 18.1.5 Human Factors Engineering Technical Program 18.1.5.1 Applicability and Status of Human Factors Engineering Elements In addition to the HFE Program management plan addressed in Section 18.1, the other elements of the HFE Program outlined in NUREG-0711, Revision 3 and listed in Section 18.0, Human Factors Engineering - Overview, are applicable to the HFE Program. These other elements are described in Sections 18.2 through 18.12.
| |
| 18.1.5.2 Human Factors Engineering Activity Completion Schedules The HFE activity completion schedules are addressed in Table 18.1-1.
| |
| 18.1.5.3 Standards and Specifications The HFE standards and specifications, which are sources of HFE requirements imposed on the design process are developed per the HSI Style Guide.
| |
| NUREG-0700, Human-System Interface Design Review Guidelines, forms the NuScale US460 SDAA 18.1-8 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management basis of the style guide, while NUREG-0711 contains the basis and requirements for the HFE Program. The controls for design and documentation are governed by the QAP description (Section 17.5).
| |
| 18.1.5.4 Human Factors Engineering Facilities, Equipment, Tools, and Techniques Section 18.1.1.4 addresses the facilities that are part of the HFE Program scope.
| |
| Tools and techniques used to support the HFE Program elements include
| |
| * design guidelines.
| |
| * design verification checklists.
| |
| * low-fidelity aids such as mock-ups (computer-aided drawings or physical representations of HSI).
| |
| * multi-unit control room simulator (capable of supporting single, shared, and multi-unit HSI, as well as procedures and S&Q analysis).
| |
| * relational requirements management software.
| |
| 18.1.6 Reference 18.1-1 NuScale Power, LLC, "Human Factors Engineering Program Management Plan," TR-130414, Revision 0.
| |
| NuScale US460 SDAA 18.1-9 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Engineering Program Management Table 18.1-1: Human Factors Engineering Program and Design Activity Milestones HFE and Design Activities Activity Milestones Standard Design Type of Activities Approval Before Fuel Load Activities Application Operating Experience Review (IP) X Operating Experience Review (RSR) X Functional Requirements Analysis and Function X
| |
| Allocation (IP)
| |
| Functional Requirements Analysis and Function X
| |
| Allocation (RSR)
| |
| Task Analysis (IP) X Task Analysis (RSR) X Staffing & Qualifications (RSR) (Note 1) X HFE Element Treatment of Important Human Actions (RSR)
| |
| Evaluation X (Note 1)
| |
| Human-System Interface Design (IP) X Human-System Interface Design (RSR) X Procedure Development Note 2 Training Program Development Note 2 Verification & Validation (IP) X Verification & Validation (RSR) X Design Implementation (IP) (Note 3) X Human Performance Monitoring (IP) (Note 4) X Note 1: Each RSR issued without a corresponding IP includes a description of the methodology used for the HFE element.
| |
| Note 2: Training and Procedure Development are managed per Chapter 13.
| |
| Note 3: No RSR is required for this element because conformance of the as-built design to the verified and validated design is confirmed by an ITAAC.
| |
| Note 4: An IP for Human Performance Monitoring is provided after the plant becomes operational.
| |
| NuScale US460 SDAA 18.1-10 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review 18.2 Operating Experience Review The operating experience review (OER) element of the NuScale Power, LLC (NuScale)
| |
| Human Factors Engineering (HFE) Program ensures that the lessons learned from the review of applicable operating experience from nuclear and non-nuclear industries are incorporated into the design of the NuScale Power Plant.
| |
| The OER is conducted and implemented in accordance with the applicable NUREG-0711, Revision 3 guidance. This section provides a summary of the HFE operating experience review objectives, scope, and methodology. The implementation of the OER is provided in the OER implementation plan (Reference 18.2-1), and results are documented in an OER results summary report (RSR).
| |
| 18.2.1 Objectives and Scope The purpose of the OER program is to identify and document safety issues and lessons learned from applicable operating experience from nuclear and non-nuclear industries. Positive features are incorporated into the design, and negative issues are avoided. The lessons learned are also applied to the development and implementation of human-system interfaces (HSIs), operating procedures, and operator training; thereby improving reliability of plant operations and reducing human errors and risk.
| |
| The design utilizes a simple passive design with a highly automated digital control system with an advanced digital HSI. Operating experience is taken broadly from the existing commercial nuclear power industry, including significant events such as Three Mile Island, Chernobyl, and Fukushima. Reviews also include a focus on specific operating experience related to systems similar to those used in the NuScale design. In addition, operating experience is obtained from other industries on the basis of their similarities with the design, technologies, and concept of operations.
| |
| These other industries include
| |
| * nuclear installations that do not produce power.
| |
| * the non-nuclear power industry.
| |
| * U.S. military platforms, such as nuclear-powered submarines and aircraft carriers.
| |
| * the petrochemical industry.
| |
| * the airline industry, including air traffic controller operator experience data.
| |
| * automotive industry and railroad industry.
| |
| The design also allows operation of multiple units from one control room. Additional operating experience is obtained in the following areas:
| |
| * highly automated digital control systems
| |
| * monitoring and control of multiple units in one control room
| |
| * initial plant testing of one or more units concurrent with operating units
| |
| * refueling a unit concurrent with operating units NuScale US460 SDAA 18.2-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review
| |
| * incident and accident management of a unit concurrent with operating units In addition to these data sources, the OER also considers the following:
| |
| * results from the HFE element treatment of important human actions (Section 18.6)
| |
| * review of issues identified in NUREG/CR-6400
| |
| * operator interviews
| |
| * nuclear industry websites and databases (U.S. Nuclear Regulatory Commission and Institute of Nuclear Power Operations) 18.2.2 Methodology 18.2.2.1 Operating Experience Review Process The OER methodology establishes the process and procedures for identifying, evaluating, and tracking relevant nuclear and various non-nuclear industry design, construction, and operating experience to ensure applicable experience data are provided to design personnel in a timely manner. The OER process is conducted in accordance with written procedures and administrative instructions.
| |
| The OER team is responsible for conducting the OER and dispositioning the individual review items. The qualifications of the OER team are stipulated in the HFE Program Management Plan (Reference 18.2-2). Specific team member responsibilities include
| |
| * reviewing OER issues for identification of human performance issues, sources of human error, and design elements that support or enhance human performance.
| |
| * screening OER issues for applicability using criteria established in the HFE operating experience review procedure.
| |
| * summarizing and documenting screening results, including a statement of applicability.
| |
| * identifying additional sources and topics for OER.
| |
| * collecting, preparing, and documenting new sources of applicable OE.
| |
| * conducting operator interviews.
| |
| * identifying needs for action on OER issues.
| |
| * entering actions resulting from OER into the Human Factors Engineering issues tracking system (HFEITS).
| |
| An initial screening is performed on each OER issue to determine if further evaluation is necessary to identify potential HFE issues related to the design. If the screening reveals that the issue is not applicable, the issue is closed. If an OER issue is determined to be applicable to the HFE scope, but the current design documents do not address the issue, the OER issue becomes an HFE issue for tracking in the HFEITS database. The OER issues are categorized to NuScale US460 SDAA 18.2-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review show which of the 12 HFE Program elements are affected, as seen in Section 18.1, Human Factors Engineering Program Management. This categorization facilitates future searches of the OER database by HFE Program elements.
| |
| The OER team includes senior reactor operators and other personnel with commercial and U.S. Navy experience in the operation of nuclear power plants.
| |
| These personnel are integrated into the HFE and OER teams. In addition to identifying and dispositioning issues during dedicated OER activities, the OER team applies their knowledge and operating experience during the review of design documents and recommend design improvements and refinements. These personnel are integrated into the inter-disciplinary reviews of documents, as appropriate, which allows application of their operating experience directly into the design and design documents.
| |
| Specific topics covered in the review and analysis of operating experience are discussed in Sections 18.2.2.2 through 18.2.2.7.
| |
| 18.2.2.2 Predecessor Plants and Systems Because features such as passive safety systems, no reliance on safety-related alternating current or direct current power, and modular design that relies on automation and digital HSI technology are not found in the existing commercial nuclear reactors, existing designs are not considered direct predecessors.
| |
| However, many of the NuScale systems and components are found in existing designs. Therefore, commercial nuclear power plant experience is reviewed and used appropriately in the development of the design.
| |
| Due to the limited use of digital HSI technology in the current U.S. operating nuclear fleet, as well as limited operating experience with multi-unit operation, the OER program extends its review to non-nuclear industries.
| |
| 18.2.2.3 Recognized Industry Issues The design addresses the HFE issues identified in NUREG/CR-6400. The categories of issues addressed in NUREG/CR-6400 are
| |
| * unresolved safety issues and generic safety issues.
| |
| * Three Mile Island issues.
| |
| * NRC Generic Letters and Information Notices.
| |
| * operating experience reports reviewed in the NUREG-1275 series, Volumes 1 through 14.
| |
| * low power and shutdown operations.
| |
| * operating plant event reports.
| |
| In addition to the industry issues addressed in NUREG/CR-6400, the lessons learned are incorporated from applicable issues identified subsequent to 1996 (NUREG/CR-6400 publication date), including lessons learned from the NuScale US460 SDAA 18.2-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review Chernobyl event and the seismic and tsunami events at the Fukushima Daiichi power station.
| |
| 18.2.2.4 Related Human-System Interface Technology The design addresses OER related to
| |
| * highly automated, digitally-controlled process systems.
| |
| * computerized procedures systems.
| |
| * use of flat panel displays.
| |
| * use of touchscreens.
| |
| * multi-unit control rooms.
| |
| In addition to information from the nuclear industry, pertinent information is obtained from other industries and facilities.
| |
| The related HSI technology experience data are collected by visits to sites of selected installations, personnel interviews, and literature searches on HSI technology.
| |
| 18.2.2.5 Issues Identified by Plant Personnel The OER team conducts interviews of nuclear and non-nuclear industry personnel, and collects data based on their experience with applicable systems or technology. Interviews are conducted in accordance with written procedures. The interview topics are tailored to the job description of the individuals being interviewed and include the following:
| |
| * plant operations normal plant evolutions (startup, full power, and shutdown) instrument and control system degraded conditions and failures HSI equipment failures and processing failures transients and accidents reactor shutdown and cooldown using remote shutdown systems
| |
| * HFE design topics alarm and annunciation displays control and automation (including highly automated control systems) information processing and job aids real-time communications with plant personnel and with other organizations procedures, training, staffing qualifications, and job design multi-unit control room design effect on plant operation NuScale US460 SDAA 18.2-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review Data obtained from interviews are reviewed for positive and negative design aspects and evaluated for incorporation into the design. Potential issues identified in the interviews are entered into the OER database and evaluated in accordance with written procedures.
| |
| HFE team members are integrated into the inter-disciplinary review process utilized during the review and approval of design documents. Therefore, there is a mechanism for personnel with plant experience to formally provide their input to improve and refine the design utilizing their knowledge and experience.
| |
| 18.2.2.6 Important Human Actions Using preliminary results from the Probabilistic Risk Assessment, important human actions (IHAs) are identified early in the design process and recorded in the OER database to make the information available while analyzing operating experience. The OER database is updated as necessary regarding IHAs.
| |
| The purpose of evaluating IHAs as part of OER is to determine if other operating nuclear plants or systems with similar HSI technology have experienced related error-causing conditions.
| |
| In examining the operating experience data, both the successful completion of applicable IHAs, and errors that may have occurred in the execution of those IHAs are identified and considered.
| |
| The consideration and evaluation of potential IHAs is discussed in Section 18.6.
| |
| The evaluation of the NuScale Probabilistic Risk Assessment, as well as deterministic engineering analyses performed as part of Chapter 7, Instrumentation and Controls, and Chapter 15, Accident Analyses identify no IHAs.
| |
| 18.2.2.7 Issue Analysis, Tracking, and Review The OER items identified as potential human performance issues or sources of human error, or identified as design elements that support or enhance human performance, are captured in HFEITS. The HFEITS entries are evaluated during the design process.
| |
| During the OER, if an issue is determined to be not applicable, the justification for its non-applicability is written and reviewed by the OER team. Once the justification is approved, the issue is closed but retained in the OER database.
| |
| If an issue is determined to be applicable, but not within the HFE Program scope, a justification for the scope determination is prepared. Upon approval of the justification, the issue is transferred to the appropriate engineering discipline for consideration. The OER issue is then closed but retained in the OER database.
| |
| The applicable engineering disciplines use appropriate methods for assimilation and disposition of these issues.
| |
| NuScale US460 SDAA 18.2-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Operating Experience Review If an OER issue is determined to be applicable and within the HFE Program scope, but is resolved by the current design, documentation of that resolution is prepared and captured in the OER database. Documentation includes reference to appropriate approved design documents. The resolved-by-design documentation is reviewed, and the issue is closed but retained in the OER database.
| |
| An OER issue that is determined to be applicable and within the HFE Program, but not resolved by the current design, is documented as such in the OER database. The OER team member analyzing the issue proposes a design modification to resolve the OER issue. The OER team reviews the documentation and the proposed design modification. If approved, the OER issue is closed and retained in the OER database, and the associated documentation and proposed modification are captured in the HFEITS database.
| |
| If a justification or set of documentation for closure of an OER issue is rejected, the OER team and HFE supervisor either reassign the issue to another team member or resolve the issue as a team.
| |
| 18.2.3 Results The results of the OER activities are compiled in an RSR. The contents of the RSR are consistent with the methodology described in Human Factors Engineering Operating Experience Review Implementation Plan (Reference 18.2-1) and the applicable NUREG-0711, Revision 3 guidance.
| |
| 18.2.4 References 18.2-1 NuScale Power, LLC, "Human Factors Engineering Operating Experience Review Implementation Plan," TR-130409, Revision 0.
| |
| 18.2-2 NuScale Power, LLC, "Human Factors Engineering Program Management Plan," TR-130414, Revision 0.
| |
| NuScale US460 SDAA 18.2-6 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation 18.3 Functional Requirements Analysis and Function Allocation Functional requirements analysis (FRA) and function allocation (FA) is a key element of the Human Factors Engineering (HFE) Program. The FRA identifies and analyzes functions that must be performed to satisfy the plant safety and power generation goals.
| |
| The plant safety goals include prevention or mitigation of the consequences of postulated accidents that could cause undue risk to the health and safety of the public.
| |
| Function allocation is the process of assigning the functions identified by FRA to personnel and machines (automation) in a way that takes advantage of human strengths and avoids human limitations.
| |
| The FRA and FA activities are implemented and conducted consistent with applicable guidance in NUREG-0711, Revision 3. This section summarizes the FRA and FA objectives and scope, and methodology.
| |
| 18.3.1 Objectives and Scope The purpose of FRA and FA is to ensure functions necessary to accomplish plant safety and power generation goals are sufficiently defined, analyzed, and allocated.
| |
| Functions are allocated to personnel (manual), automation (machine), or a combination of personnel and automation, to take advantage of human and machine strengths, and to avoid human and machine limitations. These allocations support other elements of the HFE Program:
| |
| * HFE task analysis
| |
| * operating experience review
| |
| * staffing and qualifications
| |
| * human-system interface design
| |
| * treatment of important human actions
| |
| * procedure development
| |
| * training development The FRA and FA apply to activities performed by licensed operators in the main control room during normal, abnormal, and emergency operating conditions. They do not apply to maintenance or refueling activities performed by craft or technical personnel or activities associated with facilities other than the main control room.
| |
| 18.3.2 Methodology The FRA and FA incorporate HFE Program principles and practices, and are performed using a structured and documented methodology. The process is iterative in nature and system design change reviews are incorporated in the FRA, FA, and TA database.
| |
| NuScale US460 SDAA 18.3-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation 18.3.2.1 Functional Requirements Analysis Methodology The broad, plant-level functions are:
| |
| * reactivity control
| |
| * maintain containment integrity
| |
| * remove fuel assembly heat
| |
| * power generation
| |
| * maintain reactor coolant pressure boundary integrity
| |
| * radioactivity control
| |
| * emergency response
| |
| * human habitability
| |
| * protection of plant assets
| |
| * plant security The HFE team reviews the preliminary list of structures, systems, and components functions derived from design documentation. Based on this review, the plant functions are grouped into the categories discussed above.
| |
| Function decomposition is analyzed from the plant functions to the system component level to ensure the plant function is satisfied.
| |
| The identified subfunctions, system functions, processes, and components necessary to accomplish the function are documented in the FRA and FA database. The types of information documented in the database include the following:
| |
| * purpose of the function
| |
| * predecessor designs
| |
| * subject matter expert input
| |
| * differences from functions for systems similar to those used in other pressurized water reactor designs
| |
| * supporting system functions
| |
| * supporting components, instrumentation, controls, automation, and alarms
| |
| * support systems The FRA is performed when the function decomposition is complete. To conduct this analysis, the HFE team determines the conditions and parameters necessary for monitoring and control. This analysis reveals success paths for accomplishing all or part of the function.
| |
| NuScale US460 SDAA 18.3-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation Following decomposition and FRA, the HFE team documents the following information for each function in the FRA and FA database:
| |
| * plant goal supported
| |
| * conditions that indicate the need for the function
| |
| * parameters that indicate the availability and operating status of the function
| |
| * parameters that indicate whether the function is achieving its purpose(s)
| |
| * parameters that indicate when the operations of the function can or should be terminated The HFE team members review the FRA and verify high-level functions necessary to achieve safe operation are identified and analyzed along with the requirements for each of the identified functions. The verification is documented in the FRA and FA database.
| |
| The development of functional requirements includes comparing the plant goals, functions, processes, and systems to those of existing plants, as applicable.
| |
| Differences and technical bases for changes are noted in the Human Factors Engineering issue tracking system. Success paths for carrying out the safety and other plant functions are defined. The functions are decomposed into lower levels.
| |
| 18.3.2.2 Function Allocation Methodology Plant- and system-level functions are allocated to personnel, machine, or shared ownership. The ranges of possible allocations are grouped into the following types:
| |
| * fully-manual operation
| |
| * shared operation between manual and automation
| |
| * operation by consent (automation when directed by operator)
| |
| * operation by exception (automation until reaching a critical automation step or obtaining a system response identified by automation)
| |
| * fully-automatic operation Function allocation is determined by reviewing one or more of the following:
| |
| * operating experience
| |
| * human capabilities
| |
| * likelihood of human error
| |
| * technical feasibility or cost
| |
| * requirement for precise control
| |
| * the need for human knowledge and judgment Criteria for function allocation to automation include personnel responsibility to monitor automatic functions and to assume manual control in the event of an NuScale US460 SDAA 18.3-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation automatic system failure. Functions requiring human knowledge and judgment to ensure reliable performance are allocated to personnel.
| |
| Determining the level of automation during design is an iterative process.
| |
| Balancing the needs of the operator, the capabilities of the instrumentation and controls architecture, and the design of the system requires communication between designers and operators. The following guidance is considered when making the decision to use automation.
| |
| * Automation is used to aid the operator and avoid human error.
| |
| * For routine tasks, it is preferred that automation identify initiating conditions and prerequisites, and prompt the operator to perform the task instead of requiring the operator to select the appropriate automation to perform. For example, to perform a dilution on the correct unit, the automation monitors parameters and requests the operator to concur with selected automation.
| |
| * Efforts are taken to design the automation so that it prevents the operator from performing an undesired action through use of interlocks, prompts, and intuitive displays.
| |
| * Information displays for automation are consistent in terms of location, arrangement, and functionality in order to optimize operator to system interaction and to reduce potential error.
| |
| * Automation controls are standard and intuitive to understand. These controls simplify training and provide the operator with a base level of comprehension regardless of the specific automated task.
| |
| * Automated processes are incorporated into the task analysis and procedures so they can be referenced for pre-job discussions. Automated tasks are described in a relational database and accessed similarly as other procedures.
| |
| Based on the above considerations, most functions are automated to aid operators in managing the workload for multiple units, which allows the operator to remain situationally aware and to be engaged during automated tasks.
| |
| Functions with one or more of the following attributes are allocated to automation:
| |
| * tasks involved with major plant evolutions (e.g., unit shutdown, unit power escalation)
| |
| * system operations that require continuous monitoring, are repetitive, or require quick response (e.g., temperature, pressure, or level control; standby pump start; or routine rotation of operating equipment)
| |
| * component operation that has certain requirements or restrictions (e.g., valves need to close upon pump stop, prerequisites to be met to open valve)
| |
| * tasks that are routine, repetitive, or both (e.g., 12-hour surveillance checks, rod movement testing)
| |
| * personnel safety or dose reduction
| |
| * complex sequencing
| |
| * time critical tasks NuScale US460 SDAA 18.3-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation
| |
| * implementation cost seems reasonable for the automation benefit
| |
| * subject matter expert determines that automation would aid the operator based on operating experience 18.3.3 Results The results of the FRA and FA activities are compiled in a results summary report.
| |
| The contents of the results summary report are consistent with the methodology described in Reference 18.3-1 and the applicable NUREG-0711, Revision 3 guidance.
| |
| 18.3.4 Reference 18.3-1 NuScale Power, LLC, Human Factors Engineering Functional Requirements, Analysis, and Function Allocation Implementation Plan, TR-124333, Revision 0.
| |
| NuScale US460 SDAA 18.3-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis 18.4 Task Analysis The task analysis (TA) element of the Human Factors Engineering (HFE) Program identifies specific tasks (human actions) that are required to satisfy the plant safety and power generation goals as determined from the process described in Section 18.3, Functional Requirements Analysis and Function Allocation. The results of the TA establish the number of personnel needed to complete each task, the human-system interface (HSI) inventory requirements, including alarms, controls, displays, procedures, and knowledge and abilities needed to support the performance of tasks.
| |
| The TA is conducted and implemented in accordance with the applicable guidance provided in NUREG-0711, Revision 3. This section provides a summary of the TA objectives, scope, methodology, and results.
| |
| 18.4.1 Objectives and Scope The TA encompasses a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions. The TA also includes
| |
| * important human actions (IHAs).
| |
| * tasks that have negative consequences if performed incorrectly.
| |
| * tasks related to the monitoring of automated systems.
| |
| * tasks related to the use of automated support aids for personnel such as computer-based procedures.
| |
| * tasks related to identifying the failure or degradation of automation and implementing backup responses.
| |
| * tasks anticipated to impose high demands on personnel.
| |
| The tasks to be analyzed include those performed by licensed control room operators. Maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or I&C maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities are considered in the TA if those activities are determined to impact licensed operator workload.
| |
| The operating experience review, functional requirements analysis, and treatment of IHA elements of the HFE Program provide inputs to the TA.
| |
| The output from the TA includes
| |
| * definition of roles and responsibilities for individuals analyzed in the staffing and qualifications HFE element.
| |
| * a list of HSI inventory and characteristics for HSI design.
| |
| NuScale US460 SDAA 18.4-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis
| |
| * information and controls needed for task support that are used for procedure development.
| |
| * determination of required knowledge and abilities of personnel.
| |
| The HSI inventory and its characteristics generated by the TA include the alarms, controls, displays, and procedures needed to monitor plant functions and monitor and control their success paths. Section 18.7, Human-System Interface, describes the HSI design that uses the detailed TA results and inventory of alarms, controls, and indications to establish alarm logic, display and control designs, and grouping of HSI inventory, especially for task-oriented screens.
| |
| 18.4.2 Methodology The TA process includes the following steps:
| |
| * identify tasks
| |
| * develop detailed task narrative
| |
| * decompose tasks
| |
| * develop operational sequence diagram
| |
| * verify IHA(s)
| |
| * identify task attributes
| |
| * identify high-workload tasks
| |
| * identify task job position
| |
| * determine knowledge and abilities
| |
| * define task support requirements
| |
| * assess the workload
| |
| * determine inventory of alarms, displays, and controls to support performance of tasks Not all steps are needed for each task, and the level of detail for the tasks depends on the complexity of the task.
| |
| 18.4.2.1 Task Identification Methodology All tasks, regardless of importance, are analyzed so that the full extent of the work load can be determined. Examples of tasks that are analyzed include
| |
| * important human actions determined through the human reliability portion of the Probabilistic Risk Assessment and deterministic means (i.e., transient and accident analyses, diversity and defense-in-depth coping analyses). The methodology for determining important human action is discussed in Section 18.6, Treatment of Important Human Actions.
| |
| * tasks that have negative consequences if performed incorrectly.
| |
| NuScale US460 SDAA 18.4-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis
| |
| * tasks that are new or performed significantly differently from those in plants with similar systems and components.
| |
| * tasks related to monitoring and interacting with automated systems, automated-by-consent systems, and the use of automated support aids for personnel (such as computer-based procedures and adaptive automation features, e.g., the critical safety function displays).
| |
| * tasks related to identifying the failure or degradation of automation, and other I&C computer-based systems, and those tasks required for implementing backup responses.
| |
| * tasks anticipated to impose high demands on personnel (such as administrative tasks that contribute to workload and challenge the operators' ability to monitor the plant).
| |
| * tasks with potential concerns for personnel safety.
| |
| Identification of tasks to be analyzed is performed by subject matter experts on the basis of their experience at commercial nuclear plants. The process includes review of operating experience and available system design material.
| |
| 18.4.2.2 Task Narrative For the tasks that are identified for TA as described in Section 18.4.2.1, detailed task narratives (descriptions) are prepared. The task narratives provide
| |
| * a description of the objectives of a specific system's operator tasks.
| |
| * an overview of the activities personnel are expected to accomplish to complete the task.
| |
| * a definition of alarms, information, controls, and task support needed to accomplish the task.
| |
| * a basic outline of the procedure steps.
| |
| The task narratives contain requisite detail for a reviewer to correlate the described task objectives to the results of the completed task analysis. The length of the narrative is commensurate with the complexity of the task it describes.
| |
| Task narratives are revised as relationships among tasks are better defined.
| |
| 18.4.2.3 Relationships Among Tasks A task may include multiple subtasks that are needed to complete a task. In order to identify the stimulus and response relationship for each lowest level task, each task is decomposed by identifying the parent task, subtasks, and task elements.
| |
| The lowest level task (element) is a discrete human action, cognitive or physical, executed to support a task.
| |
| An operational sequence diagram is created and used for certain tasks, as necessary, to aid in evaluating the flow of information between the operators and the HSI from the beginning to the end of the task. Information flow includes NuScale US460 SDAA 18.4-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis operator decisions, operator and control activities, and the transmission of data.
| |
| Operator actions are identified in a top-down, sequential format. The sequencing of the tasks provides input for the plant operating procedures and defines the activities that plant personnel are trained to execute.
| |
| Depending on their types and complexity, tasks may be performed sequentially, in parallel, or in any order. Tasks may also be conditional and coordinated among crew members or local personnel.
| |
| 18.4.2.4 Time Required for Performing Tasks The time required to complete a task is a combination of cognitive processing time, physical movement time, and HSI response time (e.g., screen navigation, control operation, I&C platform processing, plant system response). Calculations of time required for task performance consider decision-making (which may or may not be part of cognitive processing depending on task complexity),
| |
| communications with the operations team, task support requirements, situational and performance-shaping factors, and workplace factors and hazards for each step of a task.
| |
| The analysis of time required is also based on a documented sequence of operator actions.
| |
| Time estimates for individual task components (e.g., acknowledging an alarm, selecting a procedure, verifying that a valve is open, starting a pump), and the basis for the estimates are established through a method applicable to the HSI characteristics of digital computer-based I&C.
| |
| The time available to perform the actions is based on analysis of the plant response to the anticipated operational occurrences, accidents, and infrequent and special events, in accordance with the applicable regulatory guidance.
| |
| 18.4.2.5 Personnel Required for Performing Tasks The number of personnel required to perform each task is determined by the task narrative, complexity of the task, time required to perform the task, and the time available.
| |
| The task narrative defines job functions for personnel who perform the tasks, requirements for communication with other operations personnel while performing tasks, and the impact of staffing levels on task performance.
| |
| 18.4.2.6 Required Knowledge and Abilities In addition to the attributes included in the detailed task narrative, each task is analyzed to determine the knowledge and abilities needed for success of the task.
| |
| The knowledge and abilities are benchmarked against a modern pressurized water reactor using NUREG-2103, and a gap analysis is performed. The results of this analysis are used to develop the specific knowledge and abilities catalog to address the unique characteristics of the design.
| |
| NuScale US460 SDAA 18.4-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis Tasks are allocated to personnel in accordance with the identified knowledge and abilities required to perform each task.
| |
| Learning objectives are developed from knowledge and abilities and are used to develop training program content in support of personnel qualifications.
| |
| 18.4.2.7 Iterative Nature of Task Analysis The TA is iterative in nature. The HFE Program is also iterative in that elements of the program provide inputs to other elements and some design issues are only resolved by changing assumptions or re-analyzing based on new data.
| |
| When problems arise during HFE Program activities after TA, human engineering discrepancies are initiated whose resolution may result in changes to or rework of the TA.
| |
| Task analysis subject matter experts revise the TA as details of the plant, system, and component designs change.
| |
| 18.4.2.8 Analysis of Feasibility and Reliability for Important Human Actions Analysis of feasibility and reliability for important human action addresses
| |
| * time available and time required to perform actions.
| |
| * use of techniques to minimize bias.
| |
| * sequence of actions.
| |
| * estimated time for operators to complete credited actions.
| |
| The time available to perform actions is the length of time from the initiation of the task to when the task needs to be completed as defined in the analysis that identifies the IHA. Applicable regulatory guidance is considered for the analyses that determine each IHA and for any task that industry experience identifies as a potential IHA. The time available is based on plant response to the anticipated operational occurrence or accident.
| |
| As discussed in Section 18.4.2.4, the time required to complete a task considers cognitive processing time, physical movement time, and HSI response time. The time-required calculation is based on an understanding of the sequence of operator actions and takes into account secondary tasks. Time-required estimates for IHAs are simulated and measured when feasible, or obtained through operator and expert interviews and operating experience reviews.
| |
| The estimated time for operators to complete the credited action is sufficient to allow successful execution of applicable steps in the emergency operating procedures.
| |
| Estimates of time required to perform IHAs are obtained whenever feasible using table-top walkthroughs and simulator scenarios. Other techniques used for deriving the time required include interviews of operators and experts and NuScale US460 SDAA 18.4-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Task Analysis operating experience reviews. If measurements are not feasible, independent assessments of time required for IHAs are developed by at least two different subject matter experts.
| |
| 18.4.3 Results The results of the TA activities are compiled in a results summary report. The contents of the results summary report are consistent with the methodology described in Reference 18.4-1 and the applicable NUREG-0711, Revision 3 guidance.
| |
| 18.4.4 Reference 18.4-1 NuScale Power, LLC, "Human Factors Engineering Task Analysis Implementation Plan," TR-130413, Revision 0.
| |
| NuScale US460 SDAA 18.4-6 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Staffing and Qualifications 18.5 Staffing and Qualifications This section provides a summary of the methodology used in performing the licensed operator staffing and qualifications (S&Q) analysis and the results of the analysis. The S&Q methodology and the results are documented in the Human Factors Engineering Staffing and Qualifications Results Summary Report (Reference 18.5-1).
| |
| 18.5.1 Objectives and Scope The objective of the S&Q element of the Human Factors Engineering (HFE) Program is to determine the number and qualification of licensed operations personnel required for safe and reliable plant operation.
| |
| The plant operations personnel considered in the S&Q analysis include licensed control room operators as defined in 10 CFR 55, and the licensed personnel in the categories listed in 10 CFR 50.120, including shift supervisors.
| |
| COL Item 18.5-1: An applicant that references the NuScale Power Plant US460 standard design will address the staffing and qualifications of non-licensed operators.
| |
| The NuScale Power Plant is designed to operate multiple modules from a single main control room (MCR). This configuration is not addressed in 10 CFR 50.54(m).
| |
| NuScale uses design-specific staffing levels as an alternative to 10 CFR 50.54(m).
| |
| This approach involves use of applicable NRC guidance contained in NUREG-0800, Chapter 18, Revision 3; NUREG-0711, Revision 3; NUREG-1791 (July 2005);
| |
| SECY-11-0098 (July 22, 2011); SECY-021-0039 (April 5, 2021); and NUREG/
| |
| CR-6838 (February 2004). The technical basis for the alternative approach and minimum staffing requirements are located in the NuScale Control Room Staffing Plan, TR-0420-69456-NP-A (Reference 18.5-2).
| |
| The organizational structure is described in Section 13.1.
| |
| 18.5.2 Methodology The analysis to determine the number and qualification of licensed operators is performed in a systematic manner, taking into account inputs from other applicable HFE elements and in accordance with regulatory guidance.
| |
| The plant is operated with a minimum MCR shift contingent of one licensed reactor operator and two licensed senior reactor operators.
| |
| The staffing analysis begins with an assumed MCR shift contingent of three licensed reactor operators and three licensed senior reactor operators. These initial staffing levels are established on the basis of inputs from the task analysis (TA) and other relevant HFE elements as discussed below. The S&Q analysis then confirms or modifies the baseline assumptions to achieve the final licensed MCR shift staffing and qualifications. This analysis is accomplished in an iterative fashion as information from the analyses of other HFE elements becomes available. The MCR shift contingent is one licensed reactor operator and two licensed senior reactor operators.
| |
| NuScale US460 SDAA 18.5-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Staffing and Qualifications The staffing analysis includes activities performed by licensed control room operators.
| |
| Staffing analysis for other activities (activities completed by craft or technical personnel [e.g., mechanical, electrical, or instrumentation and controls maintenance; health physics; chemistry; engineering; or information technology], or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities) are included only if the activities are determined to impact licensed operator workload. When licensed operator workload is impacted, the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload or staffing, and is developed with any human-system interface or staffing adjustments required to address the specific task and associated staffing requirements.
| |
| The basis for S&Q levels includes consideration of specific staffing-related issues identified in the following HFE elements:
| |
| * Operating experience review: Section 18.2 discusses the use of current commercial nuclear power plant operating experience along with other operating experience relevant to the design. The initial staffing levels and qualification goals are based, in part, on staffing levels and qualifications from commercial nuclear power plants, taking into account the passive features and degree of automation.
| |
| * Functional requirements analysis and function allocation: As discussed in Section 18.3, the functions that must be performed to satisfy plant safety and power generation goals are allocated to personnel and automation. The S&Q analysis involves review of initial function allocation to ensure that the requirements for performing actions allocated to humans do not exceed the qualifications of the assigned staff or cause an overload.
| |
| * Task analysis: As discussed in Section 18.4, TA provides early definition of individual roles, responsibilities, and qualifications, and identifies time needed to perform a task, the workload involved, and the number of personnel needed to complete each task. The S&Q analysis considers tasks from a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions.
| |
| * Treatment of important human actions: Section 18.6 discusses the identification and treatment of IHAs. The staffing plan validation conducted as part of the S&Q analysis includes IHAs and confirms that the IHAs can be conducted within the time available by the minimum licensed MCR staff for the applicable plant operating modes and conditions. The staffing plan validation also confirms the availability, degree of clarity, and indication cues for manipulation of the human-system interface related to IHAs.
| |
| * Procedure development: The S&Q analysis uses task sequencing from the TA element as preliminary procedures, assumes specific personnel numbers, and assumes a certain level of secondary tasks such as communication. The S&Q analysis also considers task sequencing during concurrent use of multiple procedures. Procedures are discussed in Section 13.5.
| |
| * Training program development: The S&Q analysis provides input to the training program development related to knowledge, skills, and abilities to be attained and maintained. As the S&Q analysis encompasses licensed operations staff, the NuScale US460 SDAA 18.5-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Staffing and Qualifications analysis provides input essential to coordinating actions among individuals inside and outside the MCR. The training program includes this set of coordination knowledge, skill, and abilities. Human engineering discrepancies identified during S&Q or other HFE activities that have impacts to training program are entered into the human engineering discrepancy database and dispositioned by the training program. Training program development is discussed in Section 13.2.
| |
| Staffing plan levels and personnel qualifications are validated using performance-based testing focused on operator performance, workload, and situational awareness during challenging plant operating conditions. These tests are performed on a simulator that is capable of supporting the scenarios required for the staffing plan validation. Multiple validation exercises consisting of various challenging and workload-intensive scenarios are selected based on inputs from HFE elements operating experience review, functional requirements analysis and function allocation, TA, and treatment of IHAs. Section 18.5.3 discusses staffing plan validations.
| |
| 18.5.3 Results Both staffing plan validations were conducted using guidance in NUREG-0711, Revision 3; NUREG-1791 (July 2005); and NUREG/CR-6838 (February 2004). The staffing plan validations included performance-based tests using a simulator focused on operator performance, workload, and situational awareness during challenging plant operating conditions. The tests included design-basis events, beyond-design-basis events, multi-module events, and events in series and parallel.
| |
| Two independent crews trained and qualified to conduct three challenging and workload-intensive scenarios utilizing conduct of operations guidance that was reflective of the current industry standards with respect to communication and use of human performance tools. A team of trained and qualified observers consisting of operations, management, and HFE personnel observed and analyzed the performance of the crews utilizing multiple methods of monitoring crew performance, workload, and situational awareness.
| |
| Performing the S&Q analysis, using the methods described above, confirms that a NuScale Power Plant, including the associated plant facilities, may be operated safely and reliably by a minimum staffing contingent of one licensed reactor operator and two licensed senior reactor operators from a single control room during normal, abnormal, and emergency conditions. The analysis uses design-specific staffing levels as an alternative to 10 CFR 50.54(m), and is in accordance with the applicable NRC guidance contained in NUREG-0800, Chapter 18, Revision 3; NUREG-0711, Revision 3; NUREG-1791 (July 2005); SECY-11-0098 (July 22, 2011); and NUREG/
| |
| CR-6838 (February 2004).
| |
| The first staffing plan validation resulted in comprehensive data that support the initial staffing plan (i.e., six licensed operators). The second staffing plan validation resulted in comprehensive data that support the revised staffing plan (i.e., three licensed operators). In both cases, the simulator supported the scenarios effectively without significant issues. The test and evaluation team was effective in administering the test and analyzing the test results. Both crews for both validations completed all required tasks within the required time limits while maintaining acceptable levels of situational awareness and workload. All evaluation criteria were met.
| |
| NuScale US460 SDAA 18.5-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Staffing and Qualifications The staffing plan validation methodology and results are in Reference 18.5-1.
| |
| 18.5.4 References 18.5-1 NuScale Power, LLC, "Human Factors Engineering Staffing and Qualifications Results Summary Report," TR-130412, Revision 0.
| |
| 18.5-2 NuScale Power, LLC, "NuScale Control Room Staffing Plan,"
| |
| TR-0420-69456-NP-A, Revision 1.
| |
| NuScale US460 SDAA 18.5-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Treatment of Important Human Actions 18.6 Treatment of Important Human Actions Treatment of important human actions (TIHA) is an element of the Human Factors Engineering (HFE) Program that ensures important human actions (IHAs) are identified and addressed throughout the HFE Program.
| |
| This section provides a summary of the TIHA objectives, scope, methodology, and results. The TIHA methodology and the results are documented in the Treatment of Important Human Actions Results Summary Report (Reference 18.6-1). The TIHA approach is consistent with the applicable provisions of NUREG-0711, Revision 3.
| |
| 18.6.1 Objectives and Scope The TIHA element of the HFE Program identifies IHAs and addresses them in designing HFE aspects to minimize the likelihood of personnel errors, and help ensure personnel can detect and recover from errors that might occur.
| |
| The IHAs are identified by a combination of probabilistic and deterministic analyses, as discussed in the following sections. Specific treatment of the IHAs in the applicable elements of the HFE Program is addressed in Section 18.6.2.3.
| |
| 18.6.2 Methodology The IHAs consist of risk-important and deterministically important human actions.
| |
| 18.6.2.1 Risk-Important Human Actions Risk-important human actions are identified from the human reliability analysis (HRA) as part of the Probabilistic Risk Assessment (PRA) in Chapter 19. The methodology for identifying risk-important human actions is consistent with the applicable provisions of NUREG/CR-1278, and includes the following characteristics:
| |
| * actions identified in Level 1 (core damage) and Level 2 (release from containment) PRAs for power operation, low power and shutdown, including both internal and external events (Chapter 19)
| |
| * actions identified using selected importance measures and PRA sensitivity analyses to provide reasonable assurance that an important action (or multiple actions in the same scenario) is not overlooked as a result of the selection of the measure or the use of a particular assumption in the analysis The list of risk-important human actions is determined through consideration of risk-important measures, HRA and PRA sensitivity analyses, and threshold criteria (with bases). The risk-important human actions are identified through iteratively analyzing HRA and PRA results and the potentially risk-important human interactions.
| |
| The methodology for identifying risk-important structures, systems, and components is consistent with the NuScale Topical Report, TR-0515-13952-NP-A, Risk Significance Determination (Reference 18.6-2).
| |
| NuScale US460 SDAA 18.6-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Treatment of Important Human Actions Risk-important human actions are those human actions to operate systems or components that are above the risk-significance thresholds described in the topical report.
| |
| The approach for identifying candidate risk-important human actions consists of
| |
| * identifying situations in the PRA where an operator can function as a backup to an automatic actuation.
| |
| * identifying situations where an operator can place in-service a nonsafety backup to a safety-related system.
| |
| * understanding the context for successful execution of the action.
| |
| * assessing the time available for the operator to accomplish the action using thermal-hydraulic simulations of bounding scenarios.
| |
| * verifying accessibility of the equipment needed.
| |
| * quantifying the likelihood of the operator failing to accomplish the human action.
| |
| * evaluating the importance of the human action in the full-scope, all operating modes PRA.
| |
| As the PRA model is updated, the resulting risk-important human actions are reviewed and task analysis (TA) is performed.
| |
| 18.6.2.2 Deterministically Important Human Actions Deterministically important human actions are identified from the operator actions credited in the transient and accident analyses (Chapter 15), and from operator actions identified in the diversity and defense-in-depth (D3) coping analyses (Chapter 7).
| |
| Some actions identified in the transient and accident analysis or D3 coping analysis are not considered deterministically important human actions because these operator actions are not required to ensure reactivity control, core heat removal, or containment isolation and integrity. Examples of these are:
| |
| * actions performed to confirm automatic actions
| |
| * actions required for long-term decay heat removal or reactivity control
| |
| * actions needed to maintain a stable plant condition for the long term Subject matter experts review each event scenario described in the transient and accident analyses and D3 coping analyses and extract the deterministically important human actions.
| |
| 18.6.2.3 Consideration of Important Human Actions in Human Factors Engineering Program Elements To minimize the likelihood of human error and facilitate error-detection and recovery capability, the IHAs are addressed during development of the HFE NuScale US460 SDAA 18.6-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Treatment of Important Human Actions Program elements including operating experience review (OER), functional requirements analysis and function allocation, TA, HSI design, procedure development, training program development, and human factors verification and validation.
| |
| * OER: Potential IHAs identified early in the design process are evaluated during the issue analysis and review portion of the OER (Section 18.2). Each operating experience item analyzed and entered into the OER database is evaluated against the list of potential IHAs. Operating experience review issues that indicate a potential to impact IHAs are tracked as HFE issues in the HFE issues tracking system for resolution during appropriate HFE Program elements.
| |
| * Functional Requirements Analysis and Function Allocation: Functional requirements analysis and function allocation (Section 18.3) evaluate IHAs.
| |
| * TA: Tasks involving IHAs receive detailed TA (Section 18.4). The TA confirms the assumptions used in the PRA to determine human error probabilities, and confirms the assumptions used in accident and transient analyses and D3 coping analysis to conclude that operators can execute deterministically important human actions within the time available. The TA also assesses the operator workload when conducting the IHA (for individual or overall operating crew, as appropriate) and provides additional assurance that the IHA can be carried out within the time available. Human engineering discrepancies are generated for IHAs that result in excessive workload conditions and for IHAs that cannot be executed with adequate margin between the time available and the time required.
| |
| * Staffing and Qualifications: During staffing and qualifications analyses (Section 18.5), potential IHAs are evaluated to ensure staffing levels and qualifications are sufficient to successfully execute the potential IHAs, including within specified time requirements. During control room staffing plan validation, potential IHAs are included in the scenarios that evaluate task performance, cognitive and physical workload, and situational awareness.
| |
| * HSI Design: Assumptions regarding HSI characteristics for IHAs are verified during HSI design (Section 18.7). To reduce the probability of human errors for IHAs, the HSI design includes the following considerations:
| |
| A minimum of two actions are required for the video display unit controls (e.g., an action to call up the control function on the video display unit and an action to actuate the control).
| |
| Tasks associated with a single IHA are conducted from a single display screen wherever possible; task-based displays are created to achieve this, as necessary.
| |
| When a local control station is required for conducting an IHA, that local control station HSI is designed using the same style guide as the main control room HSIs. This use of a common style guide ensures HSI design consistency, training efficiency, clear labeling, and easy accessibility.
| |
| After the HSI design for the alarms, indications, controls, and procedures are developed based on input from the plant design and the TA, NuScale US460 SDAA 18.6-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Treatment of Important Human Actions performance-based testing is conducted to assess those designs in support of the IHAs.
| |
| * Procedure Development: Operating procedures (Section 18.8) are developed to meet the operation sequences and guidance contained in plant design specifications. The design implementation element of NUREG-0711 ensures consistency between the procedures used in integrated system validation (ISV) with those in place in the completed plant, including for IHAs.
| |
| * Training Program Development: A licensed operator training program (Section 18.9) ensures personnel are qualified to operate and maintain the facility in a safe and efficient manner, as well as keep the facility in compliance with its license, technical specifications, and applicable regulations. Training includes normal, abnormal, and emergency operating procedures that contain IHAs.
| |
| * Human Factors Verification and Validation: The adequacy of the HSI design to support operator performance of IHAs is confirmed in the ISV process (Section 18.10). Consideration of IHAs during ISV involves defining simulator scenario initiating events with system and component failures that challenge the operators to bring the plant to a safe state following appropriate procedures. The scenarios used in the ISV address the IHAs dominant sequences, systems, and events. The ISV assesses the presence of the necessary task-support HSIs and HSI compliance with governing HFE guidelines to support successful performance of IHAs. The ISV assesses the successful performance of the integrated crew and the HSI for IHAs.
| |
| 18.6.3 Results The PRA and HRA evaluation identifies no risk-important human actions. No operator action is identified that is assumed to mitigate an Anticipated Operational Occurrence, Infrequent Event, Accident, Special Event, or design-basis event.
| |
| Evaluation of the plant transient and accident analysis, as well as the D3 coping analysis, identifies no deterministically important human actions.
| |
| The results of the evaluations of the PRA, transient and accident analysis, and D3 coping analysis for risk-important and deterministically important human actions are documented in Reference 18.6-1.
| |
| 18.6.4 References 18.6-1 NuScale Power, LLC, "Human Factors Engineering Treatment of Important Human Actions Results Summary Report," TR-130416, Revision 0.
| |
| 18.6-2 NuScale Power, LLC, Risk Significance Determination, TR-0515-13952-NP-A, Revision 0.
| |
| NuScale US460 SDAA 18.6-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design 18.7 Human-System Interface Design The human-system interface (HSI) design element of the Human Factors Engineering (HFE) Program provides design of interfaces between plant personnel and plant systems and components. The HSI design process represents the translation of function and task requirements identified in upstream HFE Program elements into HSI characteristics and functions. The HSI Style Guide ensures consistency in applying HFE principles.
| |
| This section summarizes the methodology used in the HSI design and is consistent with the applicable provisions of NUREG-0711, Revision 3, and NUREG-0700, Revision 3.
| |
| 18.7.1 Objectives and Scope The objective of the HSI design element is to translate the requirements identified in Section 18.3, Functional Requirements Analysis and Function Allocation, as well as Section 18.4, Task Analysis, into HSI design requirements and detailed design of alarms, indications, controls, and other aspects of the HSI. This objective is accomplished by systematically applying HFE principles and criteria.
| |
| The HSI design activities include those in the main control room (MCR) that support important human actions (IHAs). The main control room HSI development process includes consideration of other activities that are determined to impact licensed operator workload, including maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical maintenance, electrical maintenance, radiation protection, chemistry, engineering, information technology, instrumentation and controls (I&C) maintenance), or activities associated with the Emergency Response facilities. The HSI for locations outside the MCR are derived from the main control room HSI.
| |
| 18.7.2 Methodology The HSI design process uses a structured methodology for the iterative design of the overall HSI, translating the function allocation and task analysis (TA) into detailed HSIs for the plant.
| |
| 18.7.2.1 Human-Systems Interface Design Inputs Inputs to HSI design include analyses of personnel task requirements, system requirements, and the HSI Style Guide, which incorporates regulatory requirements.
| |
| 18.7.2.1.1 Analyses of Personnel Task Requirements Analyses of personnel task requirements performed in operating experience review (OER), functional requirements analysis (FRA) and function allocation, TA, staffing and qualifications (S&Q), and treatment of IHAs are used to identify and establish design requirements for the HSIs.
| |
| During OER (Section 18.2), issues from other plants and similar HSI designs are evaluated for applicability and for inclusion or exclusion in the HSI design.
| |
| NuScale US460 SDAA 18.7-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design The issues identified during OER are tracked in the Human Factors Engineering issue tracking system and resolved within the HSI design element as applicable.
| |
| The FRA and function allocation (Section 18.3) analyze the plant functions and define the success paths for controlling those functions, along with the key parameters and components used to monitor them. Safety functions are used as an input for the design of the overview screens within the HSI inventory. Automation criteria established during function allocation define the levels of automation anticipated for the HSI design. The allocation of functions to humans, machine, or a combination of the two largely defines the scope of HSI design. The issues in the Human Factors Engineering issue tracking system that were initiated in FRA and function allocation are resolved during HSI design.
| |
| The TA (Section 18.4) provides the information needed to build a complete HSI inventory and the characteristics necessary to monitor and control critical functions during normal, abnormal, and accident conditions. While building the HSI inventory during the TA, characteristics such as alarm conditions, indication range and resolution, control function modes and accuracy, procedure applicability conditions, and backup controls for automated functions are established. Grouping of HSI elements in the TA leads to HSIs that are designed for specific tasks and reduces reliance on system-based HSIs and navigation between screens. Task support requirements are defined in the TA and may be implemented during HSI design or tracked in the Human Factors Engineering issue tracking system for resolution by appropriate engineering disciplines.
| |
| The S&Q analyses (Section 18.5) are used to provide input to the HSI design by influencing the HSI hierarchy and navigation concepts, allocation of controls and indications to individual video display units (VDUs), and overall MCR layout. The S&Q analyses also validate the MCR crew complement and individual responsibilities.
| |
| Important human actions (Section 18.6) identified from the Probabilistic Risk Assessment and deterministic analyses are considered in the HSI design to minimize the probability that errors could occur and maximize the probability that any error made will be detected.
| |
| 18.7.2.1.2 System Requirements The HSI design incorporates pertinent design considerations based on accepted HFE principles and industry standards. In addition, the design incorporates high-level design considerations identified during preliminary analyses, such as maintaining situational awareness with a highly automated system, and acceptable workload levels with multiple units assigned to a single operator.
| |
| There are no known I&C platform system constraints related to the MCR layout optimization for monitoring and control of multiple units.
| |
| NuScale US460 SDAA 18.7-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design 18.7.2.1.3 Regulatory and Other Requirements The HSI design is consistent with the guidance in NUREG-0711, Revision 3, and NUREG-0700, Revision 3, which are incorporated into the HSI Style Guide.
| |
| 18.7.2.2 Concept of Operations The concept of operations describes how the design, systems, and operational characteristics of the plant relate to the organizational structure, staffing, and management framework. The concept of operations informs and guides the design and engineering effort as it relates to the HSI and supporting equipment. It provides an overview of the individual roles, operations staffing, crew structure, and operating techniques that are used by the operating crews. The concept of operations is refined as the design, engineering, and simulator evaluation associated with safety analysis, system design, control system automation, and HSI progresses.
| |
| The concept of operations specifies the following:
| |
| * staffing levels and crew composition
| |
| * roles and responsibilities of each crew member
| |
| * information available to individual operators and the entire crew
| |
| * division of tasks and supporting HSIs between the MCR and local control stations (LCSs)
| |
| * main control room and workstation layout and the implications for operations and tasks
| |
| * crew coordination and communication
| |
| * relationship and interaction of crew, computer-based procedures, and plant automation through the HSI 18.7.2.3 Human-Systems Interface Concept Design 18.7.2.3.1 Concept of Use Licensed operators in the MCR and operating crews outside the MCR are responsible for power production and safe operation of each unit as well as the overall NuScale Power Plant. To achieve these objectives, the operators assume the following roles and responsibilities:
| |
| * monitoring structures, systems, and components performance
| |
| * operating local and remote structures, systems, and components
| |
| * commanding automated sequences
| |
| * directing subordinate operators to perform procedures
| |
| * monitoring the performance of automated sequences and procedures
| |
| * interrupting and reprioritizing automated sequences or procedures NuScale US460 SDAA 18.7-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design
| |
| * summoning additional resources to expand capabilities
| |
| * monitoring and evaluating technical specification conditions
| |
| * surveillance testing
| |
| * reviewing trends
| |
| * responding to off-normal conditions
| |
| * responding to plant notifications
| |
| * establishing plant conditions to support preventative or corrective maintenance
| |
| * maneuvering the plant
| |
| * performing emergency response duties such as off-site notifications
| |
| * performing non-emergency off-site reporting
| |
| * maintaining a narrative log of events and activities relevant to the plant site
| |
| * communicating plant status, constraints, and planned actions to the appropriate stakeholders The HSIs facilitate the operators' abilities to perform these activities and provide the controls, indications, alarms, and procedures necessary for the operators to carry out their responsibilities.
| |
| Automation performs functions associated with parameter and process monitoring, defined sequence functions, continuous process control, alert and alarm monitoring, safety limit monitoring, and automatic safety functions.
| |
| Operators interface with automated functions via a digital control screen in most aspects of operation. Operators employ automation to place equipment into service, conduct tests, and control processes.
| |
| Operators monitor and evaluate automated functions, and intervene when it becomes apparent that the automation has failed or is no longer appropriate for the current or planned plant conditions. Operators may also elect to share control with the automation or assume control of the automated function.
| |
| Operators communicate with crew members routinely to share information, confirm receipt of information, recommend actions, and give direction. The means of communication is commensurate with the type of information that is being communicated (e.g., basic information to be passed to a single teammate, or urgent information to be passed to multiple crew members).
| |
| Technologies to support teamwork and communication include individual and group HSI notification techniques as well as verbal, phone, and email.
| |
| The design provides for the operation and control of multiple units and common plant systems from a single control room. The control room layout provides for the following:
| |
| * a bank of VDUs configured with spatially-dedicated, continuously visible HSIs (e.g., post-accident monitoring variables)
| |
| NuScale US460 SDAA 18.7-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design
| |
| * a minimum of four sit-down operator workstations, each providing access to HSIs for all units
| |
| * a dedicated stand-up control panel for each unit allowing for focused operation
| |
| * a dedicated stand-up control panel for shared or common systems The HSIs displayed on the sit-down workstations and selected stand-up control panel VDUs are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage any unit chosen by the operator during normal, abnormal, emergency, shutdown, and refueling operations.
| |
| 18.7.2.3.2 Human-System Interface Conceptual Design Overview Iterative Methodology The HSI conceptual design is developed using an iterative methodology incorporating the HSI design inputs discussed in Section 18.7.2.1. The iterative design and evaluation approach serves to
| |
| * guide the selection of one design from multiple candidate designs.
| |
| * answer open HFE questions related to situational awareness, workload, and staffing.
| |
| * identify and eliminate HFE issues from the design early in the process.
| |
| Feedback from the results of testing on HSI prototypes (Section 18.7.2.5) is also incorporated in the detailed design. This feedback incorporation provides a high degree of confidence in the HSI design before implementation and verification and validation activities (Section 18.10).
| |
| The iterative nature of the HSI design is closely connected with other HFE Program activities. As part of the design effort, the HFE team presents findings to and solicits input from other design disciplines, as appropriate.
| |
| Survey of State-of-the-Art Human-System Interface Technologies The state-of-the-art HSI technology is established with an emphasis on adaptability, principles, and design patterns and serves the needs of the NuScale Power Plant. Various options are evaluated for human usability and technical feasibility. Specific software and hardware development is not the scope of the survey; however, an understanding of the state-of-the-art software and hardware technologies provides insight for development of the functional and procurement specifications for the HSI platform.
| |
| NuScale US460 SDAA 18.7-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design Human-System Interface Conceptual Design Documentation The Concept of Operations (Section 18.7.2.2) and the Human-System Interface Style Guide (Section 18.7.2.3.3) are developed during the HSI conceptual design stage.
| |
| These documents are revised, as necessary, during detailed design consistent with findings from testing and analyses.
| |
| Conceptual Sketches A template screen (conceptual screen sketch) is developed for each major portion of the HSI (e.g., task-based screens, computer-based procedure screens, and overview type screens). Representative screens and task sequences are selected for demonstrating key concepts, features, and interactions and for providing grounds for analysis and feedback from other disciplines. Screen sketches incorporate the best current understanding of design principles as outlined in the HSI Style Guide. Conceptual sketches are produced for multiple candidate approaches and are maintained as design records.
| |
| Rapid Prototyping Based on the latest conceptual sketches and feedback from other disciplines, mock-ups or prototype screens, integrated with a software simulator of the system, are developed for evaluation. While the prototype provides a realistic user experience with the system, this effort focuses on testing design concepts and soliciting feedback. Rapid development aims for code modifiability and reusability for fast subsequent development iterations.
| |
| 18.7.2.3.3 Human-System Interface Style Guide The HSI design employs a style guide for various types and formats of HSIs.
| |
| The HSI Style Guide applies to the MCR, the Emergency Response facilities, and other HSIs throughout the plant.
| |
| The style guide addresses the form, function, and operation of the HSIs included in the design. For screen-based HSIs, design considerations include the environment in which the HSIs are to be used (e.g., colors, brightness and contrast, ambient lighting, and element spacing). Factors such as accessibility, lighting, air quality, heat and humidity, and radiation zones are also considered in the design of HSIs.
| |
| A style guide section is specifically developed for the different types of HSIs at the applicable stage in the design process. NUREG-0700, Revision 3, serves as the initial source for the development of the style guide. New sections are added or existing sections revised as more details or new guidance are needed, or if analyses such as OER, FRA and function allocation, or TA determine a need for further guidance. The Human Factors Engineering issue tracking system is used to track the specific needs.
| |
| NuScale US460 SDAA 18.7-6 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design The style guide section for VDU-based HSIs is used for the MCR, facilities that use HSIs derived from the MCR, and LCS human-system interfaces. The HSIs on the VDU-based LCSs are MCR derivatives. For vendor-supplied LCSs, the HFE Program scope is limited to ensuring that those interfaces adhere as closely as possible to applicable guidelines from NUREG-0700.
| |
| Inputs from the vendor-supplied LCSs are replicated on the VDU-based HSI on an as-needed basis.
| |
| In the initial stages of HSI design, while the number of screens and complexity of interaction between screens are low, individual guidelines in the style guide are stated in general terms. As the HSI design progresses, style guide details increase and use precise, easily observable guidance statements for consistency and supplement with graphical examples, as needed. The guidance includes specific definition of colors in the color palette, equipment symbols, and size and type of text font.
| |
| The style guide is in a format that is readily accessible and usable. It is also easily modified as the design progresses or new guidance emerges. The reference section in the style guide provides the guides source documents.
| |
| 18.7.2.4 Human-System Interface Detailed Design and Integration The objective of the detailed design and integration phase is to validate, using performance-based tests, that the integrated system design (e.g., hardware, software, procedures and personnel elements) supports the safe operation of the plant.
| |
| The HSI detailed design and integration is performed using outputs from the planning and analysis phase of the HFE Program (e.g., HFE Program elements OER, FRA and function allocation, TA, S&Q, and analysis for treatment of IHAs, as seen in Sections 18.2 through 18.6). In addition to these HFE Program elements, the HSI Design Team also takes into consideration the design features discussed in the following section.
| |
| 18.7.2.4.1 General Considerations Minimizing Errors in Performance of Important Human Action The HSI design incorporates features to minimize the probability of operator error in the performance of IHAs and to provide for early detection of errors, should they occur. For example, one of the features requires a minimum of two actions for VDU controls (i.e., an action to call up the control function on the VDU [a pop-up window] and an action to actuate the control). This two-step actuation process reduces the potential for erroneous operator actions that could cause a transient.
| |
| Bases for Human-System Interface Layout The layout of workstations (number and location of VDUs) in the MCR, the arrangement or hierarchy of the individual HSI screens for each workstation, NuScale US460 SDAA 18.7-7 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design and the arrangement of the workstations within the MCR are based on job analysis, frequency and sequence of use, and the roles of operators defined during S&Q analysis.
| |
| The concept of operations provides an operating strategy of one reactor operator monitoring multiple units and transfers responsibility for units to other operators when events occur that challenge the operator's ability to monitor the remaining units. Each licensed operator is able to monitor any unit.
| |
| Because any sit-down station may be required to monitor multiple units, a minimum equivalent of four VDUs is necessary to effectively monitor the status of all units, alarms, and procedures or processes.
| |
| Each of the stand-up workstations has a minimum equivalent of five VDUs and the ability to manually initiate protective functions. The uppermost display provides an overview for that unit so that other MCR personnel can quickly determine unit status. The HSIs displayed on the lower displays are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage the corresponding unit during normal, abnormal, emergency, and shutdown operations.
| |
| The HSI layout in the MCR is designed to support minimum, nominal, and enhanced staffing levels during a range of operating plant modes. Shared system displays and overview VDUs can be observed from multiple locations within the MCR. Unit workstations are spaced to allow sufficient room for side-by-side operation at adjacent unit workstations.
| |
| The Emergency Operations Facility and Technical Support Center HSIs are derived from the main control room HSIs and designed to support various staffing arrangements within those facilities.
| |
| Human-System Interface Support for Inspection, Maintenance, and Testing The HSI design supports inspection, maintenance, test, and repair of plant equipment. The information records management system is used to control work and manage component tagging for out-of-service conditions. The information records management system is also used to communicate status information with the plant HSI, which uses shading and a color scheme to alert the operators of equipment status conditions on the system display VDU.
| |
| Human-System Interface Support for Staffing Conditions The HSIs support minimum staffing. The passive features, modular design, and high degree of automation incorporated in the design result in a reduction in the number of alarms, controls, displays, and procedures. The automation, along with the reduced task burden of managing the HSIs, enhances the ability of operators to maintain situational awareness of overall plant conditions. The use of minimum staffing to operate the plant safely is confirmed through the S&Q element of the HFE Program.
| |
| NuScale US460 SDAA 18.7-8 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design The HSI design activity includes the MCR facility, which is sized to accommodate enhanced staffing needed during crew meetings, shift turnover, and additional staffing during operating conditions such as refueling and accident conditions.
| |
| Reducing Human Performance Errors and Fatigue The features incorporated into the design enhance human performance by reducing operator fatigue. Automation of plant functions reduces operator repetitive tasks. Simplified plant design and increased automation result in a reduced need for navigation between individual screens. The arrangement or hierarchy of individual screens is based on job analysis, the frequency and sequence of use, and operator role to increase the simplicity of navigation.
| |
| Task-based displays are incorporated to reduce navigation steps during procedure use. Video display units are designed for pointing device (mouse) operation.
| |
| In addition, the detailed design of the MCR facility optimizes facility attributes that are known to affect fatigue, such as lighting, ergonomics, and physical layout.
| |
| Environmental Conditions for Optimal Operator Performance Environmental conditions in the MCR including temperature, humidity, air quality, and radiation protection are controlled using Regulatory Guide 1.196.
| |
| Design of auxiliary systems such as heating, ventilation, and air conditioning systems, and lighting systems incorporate inputs from the HFE team.
| |
| Human-System Interface Modifications in an Operating Plant The Human Performance Monitoring Program (Section 18.12) evaluates HSI design change proposals against the analyses and design bases established for the as-built design.
| |
| 18.7.2.4.2 Main Control Room The HSI design addresses the following parameters in accordance with the guidance provided in NUREG-0711, Revision 3. Reference 18.7-1 documents the means by which the HSIs related to these parameters are displayed, as follows:
| |
| * safety display and indication system
| |
| * bypassed and inoperable status indication
| |
| * relief and safety valve position monitoring
| |
| * containment monitoring
| |
| * core cooling
| |
| * post-accident monitoring NuScale US460 SDAA 18.7-9 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design
| |
| * leakage control
| |
| * radiation monitoring
| |
| * manual initiation of protective actions
| |
| * diversity and defense-in-depth
| |
| * important human actions
| |
| * computer-based procedure platform The computer-based procedures are designed in accordance with the guidance of NUREG-0700, Revision 3, Section 8, and Section 1 of Digital Instrumentation and Controls Interim Staff Guidance (DI&C ISG-5). Paper copies of selected procedures are available as backup.
| |
| 18.7.2.4.3 Technical Support Center, Emergency Operating Facility, Waste Management Control Room, and Module Maintenance Center The Emergency Operations Facility and Technical Support Center comply with the guidance in NUREG-0696, Functional Criteria for Emergency Response Facilities. The HSIs in the Technical Support Center and Emergency Operating Facility are derivatives of the main control room HSIs and comply with the HSI Style Guide; however, these HSIs are for information display only. No control functions are provided in any of the Emergency Response facilities. Similarly, the HSIs in the Waste Management Control Room and Module Maintenance Center are also derivatives of the main control room HSIs. These locations provide both monitoring and control capabilities.
| |
| 18.7.2.4.4 Local Control Stations The HSIs on the VDU-based LCSs are derived from main control room HSIs.
| |
| For vendor-supplied LCSs, the HFE Program scope is limited to ensuring that those interfaces adhere to guidelines from NUREG-0700, Revision 3, as closely as possible. Inputs from the vendor-supplied LCSs are replicated on the VDU-based HSI on an as-needed basis.
| |
| 18.7.2.4.5 Degraded Instrumentation and Controls and Human-System Interface Conditions The HSI is designed to accommodate I&C and HSI system failures.
| |
| Procedures govern operator identification of and response to the various failure modes.
| |
| Failures of I&C sensors are accounted for in the diversity and defense-in-depth coping analysis as discussed in Section 7.1, Fundamental Design Principles. Redundant sensors are provided within system trains and safety systems have multiple trains. Alarm response procedures guide trouble shooting activities by the operator.
| |
| NuScale US460 SDAA 18.7-10 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human-System Interface Design Failures of individual VDUs are accommodated by use of other VDUs at the workstation for the affected unit. Hardware failures that lead to loss of all VDUs at a workstation are accommodated by monitoring of redundant MCR workstations. If all MCR workstations are lost, all units can be shutdown either from hardwired controls in the MCR or at the module protection system cabinets. Monitoring of these shutdown units may be performed at any location with a suitable HSI.
| |
| Selected automated functions have manual backup at the MCR workstation, LCSs, or a combination of the two. Failures of automation sequences are alarmed in the MCR. Operators also monitor automation for expected plant response and detect automation failures when plant response is not as anticipated.
| |
| The design incorporates multiple communication systems, as described in Section 9.5.
| |
| Task analysis includes consideration of loss of HSIs that support IHAs.
| |
| 18.7.2.5 Human-System Interface Tests and Evaluations Human-system interface design tests and evaluations include trade-off evaluations and performance-based tests.
| |
| Trade-off evaluations pertain to comparing HSI design approaches and consideration of alternatives. In comparing HSI design approaches, consideration is given to techniques that enhance human performance for performance of tasks, including IHAs.
| |
| Performance-based tests are performed to validate that the integrated system design (e.g., hardware, software, procedures, and personnel elements) supports the safe operation of the plant. The staffing plan validation is a performance-based test that is discussed in Section 18.5.
| |
| 18.7.3 Results The results of HSI activities are compiled in an RSR that is consistent with the methodology described in Reference 18.7-1 and the guidance in the applicable portion of NUREG-0711, Revision 3.
| |
| 18.7.4 Reference 18.7-1 NuScale Power, LLC, "Human Factors Engineering Human-System Interface Design Implementation Plan," TR-130417, Revision 0.
| |
| NuScale US460 SDAA 18.7-11 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Procedure Development 18.8 Procedure Development Procedures are essential to plant safety because they support and guide personnel interactions with plant systems and personnel responses to plant-related events. The procedure development program incorporates human factors engineering principles and criteria, along with other design requirements, to ensure that procedures are technically accurate, comprehensive, explicit, easy to use, validated, and in conformance with 10 CFR 50.34(f)(2)(ii).
| |
| The design supports both hard-copy and computer-based procedures.
| |
| The infrastructure and functionality for the computer-based procedure content is integrated into the human-system interface design. The NuScale Power Plant concept of operations specifies the relationship and interaction of crew, computer-based procedures, and plant automation through the human-system interface. The concept of operations is further discussed in Section 18.7.
| |
| Section 13.5 provides additional information on procedure development.
| |
| NuScale US460 SDAA 18.8-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Training Program Development 18.9 Training Program Development Training of plant personnel is an important factor in ensuring safe and reliable operation of a nuclear power plant. The training program provides reasonable assurance that plant personnel have the knowledge, skills, and abilities to properly perform their roles and responsibilities.
| |
| Section 13.2 describes the licensed operator training program.
| |
| NuScale US460 SDAA 18.9-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10 Human Factors Verification and Validation The human factors verification and validation (V&V) element of the Human Factors Engineering (HFE) Program confirms that the final HFE design conforms to accepted HFE design practices and principles, and supports plant personnel in the safe and reliable operation of the plant.
| |
| This section summarizes the methodology for performing the V&V activities contained in the Human Factors Engineering Verification and Validation Implementation Plan (Reference 18.10-1). The methodology is consistent with the applicable provisions of NUREG-0711, Revision 3.
| |
| Upon completion of the V&V activities, the results are summarized in a results summary report (RSR).
| |
| 18.10.1 Objectives and Scope The objective of the human factors V&V program is to verify that the final HFE design conforms to accepted HFE design practices and principles, while enabling plant personnel to successfully perform their tasks to ensure plant safety and operational goals. Specifically, the V&V program confirms that the final HFE design
| |
| * conforms to the specified design.
| |
| * conforms to appropriate design criteria.
| |
| * performs within acceptable limits under analyzed operating modes and conditions.
| |
| * provides the complete set of alarms, controls, indications, and procedures needed to support the personnel tasks as identified in the task analysis (TA).
| |
| * supports plant personnel in the safe and reliable operation of the plant.
| |
| The scope of the program includes the alarms, controls, indications, and procedures applicable to the main control room (MCR). The Emergency Operations Facility and the Technical Support Center comply with the guidance of NUREG-0696, Functional Criteria for Emergency Response Facilities. The human-system interfaces (HSIs) in the Technical Support Center and the Emergency Operations Facility are derivatives of the main control room HSI and comply with the HSI Style Guide; however, these HSIs are for information display only. No control functions are provided in the Emergency Response facilities. For these facilities, the V&V program scope is limited to defining the plant data and voice communication requirements.
| |
| 18.10.2 Methodology The V&V methodology addresses the following four major V&V activities:
| |
| * sampling of operational conditions
| |
| * design verification
| |
| * integrated system validation (ISV)
| |
| * human engineering discrepancy (HED) resolution NuScale US460 SDAA 18.10-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation These activities are discussed in the following sections.
| |
| 18.10.2.1 Sampling of Operational Conditions The sampling of operational conditions process is used to identify a broad range of operating conditions to guide selection of the HSIs reviewed during HSI design verification and ISV activities (Section 18.10.2.2 and Section 18.10.2.3). The sample is deemed representative of the operating conditions if the conditions' safety significance, risk, and challenges to the operating crew are within the range of events that operators are expected to encounter during the plant's life.
| |
| The sampling of operational conditions process includes defining the sampling dimensions and scenarios.
| |
| 18.10.2.1.1 Sampling Dimensions A range of plant operating conditions, personnel tasks, and situational factors are considered in the sampling process. Plant operating conditions considered in the sampling process include
| |
| * normal operating conditions including startup, shutdown, applicable portions of refueling, low-power operation, and significant power changes.
| |
| * instrumentation and controls and HSI failures, and degraded conditions.
| |
| * transients and accidents.
| |
| The sampling process considers personnel tasks, including
| |
| * important human actions (IHAs) and factors contributing to risk (Section 18.6).
| |
| * protective functions initiated by manual meanseither planned or as backup to automation.
| |
| * monitoring of automation sequences.
| |
| * tasks identified as problematic during operating experience review (Section 18.2).
| |
| * procedure-guided tasks from normal, abnormal, emergency, and alarm response procedures.
| |
| * tasks not well-defined by detailed procedures (e.g., knowledge-based tasks).
| |
| * tasks requiring diverse use of human cognitive abilities.
| |
| * tasks requiring a range of interactions among plant personnel (e.g.,
| |
| personnel interactions within the MCR and among MCR operators and personnel at other locations such as the Technical Support Center and the Emergency Operations Facility) and among MCR operators and non-plant personnel.
| |
| NuScale US460 SDAA 18.10-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation The sampling process considers situational factors, especially those known to challenge human performance. These factors include
| |
| * high-workload and multi-tasking situations.
| |
| * varying-workload or workload transition situations (e.g., abrupt increase or decrease in number of alarms or indications needing monitoring).
| |
| * fatigue-inducing situations (e.g., repetitive and high frequency tasks, night shift).
| |
| * environmental factors (e.g., noise, temperature, normal expected variation in MCR lighting).
| |
| 18.10.2.1.2 Identification of Scenarios The selected scenarios are those that
| |
| * have both positive and negative outcomes.
| |
| * require varying degrees of administrative burden (e.g., simulator set-up, instructor input).
| |
| * minimize the use of well-known and well-structured sequences (e.g.,
| |
| textbook design-basis accident mitigation).
| |
| * can be performed on a simulator.
| |
| To avoid or minimize bias, goals and conditions are established and incorporated for each scenario to be selected.
| |
| 18.10.2.1.3 Scenario Definition Scenarios are performed on a simulator for design verification, and to perform ISV. Simulator scenarios provide a consistent, objective, and high fidelity environment. The scenarios are selected during the sampling of operational conditions and development processes. The scenarios involve major plant evolutions or transients, reinforce team concepts, and identify the role of each individual within the crew. Tasks performed by operators remote from the MCR are modeled in the ISV scenario and realistically simulate effects on personnel performance due to potentially harsh environments.
| |
| Scenarios are selected to confront the crew with challenging normal conditions and abnormal events containing multiple and unanticipated failures.
| |
| Scenario definition is complete when each sampling of operational conditions criterion is addressed at least once in at least one scenario.
| |
| 18.10.2.2 Design Verification Human-system interface design verification includes HSI inventory and characterization, HSI task support verification, and HFE design verification.
| |
| NuScale US460 SDAA 18.10-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10.2.2.1 Human-System Interface Inventory and Characterization Human-system interface characterization defines the functionality of the HSI.
| |
| The scope of HSI inventory includes alarms, controls, indications, procedures, and automation for the HSI that personnel require to complete the tasks covered in the validation scenarios identified by the sampling of operational conditions. The list of HSI inventory includes aspects of the HSI used for managing the interface, such as navigation and retrieving displays, use of automation, use of embedded procedures, management of notifications and alarms, as well as the aspects that control the plant.
| |
| The HSI inventory and characterization information is verified using the control room simulator. The simulator advances the HSI characterization by providing the verifier with a desktop interface that simulates indications, controls, alarms, procedures, and control panels as well as the means of navigation between elements. The simulator also supports inventory and characterization of non-screen-based HSI (e.g., voice communication). The simulator allows the verifier to confirm the visual aspects of the HSI during HSI task support verification, including conformance to the HSI Style Guide during HFE verification. Human-system interface task support verification related to performance (e.g., accuracy and dynamic response) is also supported by the simulator.
| |
| 18.10.2.2.2 Human-System Interface Task Support Verification Human-system interface task support verification confirms that the HSI design accurately reflects the HSI inventory and characterizations required by the TA.
| |
| The HSI support verification is based on the TA results that define the inventory and characterization for the alarms, controls, indications, procedures, automation, and task support needed to execute operator tasks, including manual tasks, automation support tasks, and automation monitoring tasks. The most recent TA results provide the basis for task support verification.
| |
| In addition to the most recently completed TA, the task support verification is based on
| |
| * the HSI inventory characterization including detailed descriptions of the final HSI design.
| |
| * review of the alarms, controls, indications, procedures, automation, and system navigation capabilities.
| |
| * HSI screen shots and drawings, as applicable.
| |
| The HFE team conducting HSI task support verification performs a comparison of the personnel task requirements identified by the TA with the available alarms, controls, indications, and procedures in the HSI inventory.
| |
| The team uses a verification procedure to control bias and improve consistency.
| |
| NuScale US460 SDAA 18.10-4 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Results of the task support verification are documented in the V&V results summary report (Section 18.10.3).
| |
| An HED is written when an HSI
| |
| * is needed for completion of a task and is not identified or not available.
| |
| * is identified as available but is not needed for any task.
| |
| * does not meet the established requirements for the task.
| |
| The HSI deficiency is evaluated and corrected using the HED process.
| |
| 18.10.2.2.3 Human Factors Engineering Design Verification Human Factors Engineering design verification is conducted to confirm that HSI characteristics conform to HFE guidelines as represented in the HSI Style Guide (Section 18.7). The style guide contains guidelines that are tailored so they describe the implementation of HFE guidance for the design.
| |
| The style guide provides the criteria for HFE design verification.
| |
| To ensure consistency of results and to control analyst bias, HFE design verification is conducted in accordance with written procedures.
| |
| Human engineering discrepancies are created for HSIs that do not meet the HFE design criteria. Subsequent HED evaluation determines the extent of the discrepancy and potential indicators of additional issues across the HSI. The sampling based on operational conditions is expanded to encompass other display and control formats of the HSI, if determined to be necessary.
| |
| 18.10.2.3 Integrated System Validation Integrated system validation confirms that the integrated system design (e.g.,
| |
| hardware, software, procedures, and personnel elements) supports the safe operation of the plant. Validation is achieved using performance-based tests and by performing the ISV scenarios using a fully-developed simulator. Development of scenarios is discussed in Section 18.10.2.1. Performance measures used for assessing ISV results are described in Section 18.10.2.3.5.
| |
| The ISV is performed after HEDs identified during verification reviews are resolved and resulting design changes implemented on the simulator.
| |
| 18.10.2.3.1 Validation Team The validation team performing the ISV consists of the test team (test administrators, operations and HFE observers, and simulator operators) and operating crews. The test team administers the ISV and collects data via questionnaires, post-scenario debriefing, personal observations, and simulator-archived data. The operating crews are assigned to roles appropriate to their skill and knowledge level within each scenario.
| |
| NuScale US460 SDAA 18.10-5 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Operating crews are prevented from obtaining advanced knowledge of the specific ISV scenarios, as appropriate. Bias is reduced by obtaining results by consensus of the test team, rather than individual observations.
| |
| 18.10.2.3.2 Test Objectives The objectives of the ISV are to validate
| |
| * the acceptability of the shift staffing level for all plant conditions, assignment of tasks to crew members, and crew coordination within the MCR, among the MCR and local control stations and support centers, and with individuals performing tasks locally.
| |
| * the design capability for alerting, informing, controlling, and feedback to enable successful completion of personnel tasks during normal plant evolutions, transients, design-basis accidents, and under selected risk-significant events beyond-design-basis, as defined by sampling of operational conditions.
| |
| * personnel tasks can be accomplished within the time and performance criteria, with effective situational awareness and acceptable workload levels that balance vigilance and personnel burden.
| |
| * the HSI minimizes personnel error and ensures error detection and recovery capability if errors do occur.
| |
| * the assumptions about performance of IHAs.
| |
| 18.10.2.3.3 Validation Testbeds The principal validation testbed for the ISV is the control room simulator. The fidelity of the simulator model and HSI is verified to represent the current, as-designed NuScale Power Plant before use of the simulator as the testbed for the validation.
| |
| Discrepancies found during the simulator verification are corrected before starting the ISV. Alternately, if the simulator represents a more recent version of the HSI than was previously verified, the verification is reconfirmed on the simulator.
| |
| The validation testbed attempts to accurately simulate the plant MCR environment. Where this is not achievable by the testbed, an exception is taken and noted in the human factors V&V results summary report. If necessary, changes are also made to the ISV test procedure to reflect the alternate testbed configuration. In the event the validation team considers testbed discrepancies to affect specific aspects of the validation results, an HED is generated to document the discrepancy. The HED is resolved in accordance with the HED resolution process (Section 18.1).
| |
| The testbed represents a complete and integrated system with HSI and procedures not specifically required in the test scenarios. The testbed further NuScale US460 SDAA 18.10-6 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation represents interfaces (e.g., communications) with other remote locations and local control stations to provide an integrated system.
| |
| The testbed's HSI and procedure functionality is represented by
| |
| * a high degree of physical fidelity in the HSI and procedures, including accurate presentation of alarms, controls, indications, procedures, automation, job aids, communications, interface management tools, layout, and spatial relationships.
| |
| * a testbed, which is a replica in form, appearance, and layout of the MCR design implemented in the physical plant.
| |
| * a high degree of functional fidelity in the HSI and procedures so the HSI functions are available and the HSI component modes of operation, types of feedback, and dynamic response characteristics operate in the same way as designed in the plant.
| |
| The testbed's environmental fidelity is such that it is representative of the physical plant with regard to lighting, noise, temperature, humidity, and ventilation characteristics. In cases where the testbed cannot accurately simulate the environment, the ISV captures Human Factors Engineering issue tracking system entries for further evaluation and resolution.
| |
| The testbed's high degree of fidelity for data completeness, content, and dynamics is demonstrated by
| |
| * information and data provided to personnel represent the complete set of plant systems monitored and controlled from that facility.
| |
| * the alarms, controls, indications, and procedures presented are based on an underlying model that accurately reflects the plant design.
| |
| * the plant model provides input to the HSI in a manner such that information flow and control responses occur accurately and in the correct response time. Information is provided to personnel with the same delays that occur in the plant.
| |
| The design has no IHAs that are conducted outside of the MCR. In the event that a remote IHA is required, the testbed uses mock-ups to verify human performance requirements for IHAs conducted at HSIs remote from the MCR.
| |
| 18.10.2.3.4 Plant Personnel Individual operating crews participating in the ISV (Section 18.10.2.3) as test subjects may be previously licensed commercial reactor or senior reactor operators, operators with U.S. Navy nuclear experience, or independent design engineering staff familiar with the design. The personnel participating in ISV are trained, qualified, and are assigned to roles commensurate with their experience, skill, and knowledge level.
| |
| NuScale US460 SDAA 18.10-7 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Crew participants do not include those who supported the ISV test development and pilot test, are involved in the design of the HSI, or are part of the V&V team.
| |
| Crew size for the validation tests ensures that the HSI supports operations and event management. This range includes the minimum, nominal, and higher operating crew levels, as defined during the HFE Program staffing and qualifications element (Section 18.5) for positions such as senior reactor operator and reactor operator, for all plant modes. The crew size for each scenario is identified in the ISV test procedure.
| |
| The ISV includes at least one scenario with more than minimum crew staffing as defined in the staffing and qualifications element (e.g., additional licensed operators to complete a complex evolution) to simulate conditions during times of high control room traffic, distractions, and environmental loading. The roles of the additional personnel and their interaction with the operating crew are determined by the scenario developers based on meeting the test objectives and goals, and by applying the sampling of operational conditions criteria.
| |
| 18.10.2.3.5 Performance Measurement Performance measures for ISV include plant performance, personnel task performance, situational awareness, cognitive and physical workload, and anthropometric or physiological factors. Test acceptance criteria are associated with clear and objective measures whereas diagnostic measures are associated with supporting details or additional insight into observations and conclusions.
| |
| 18.10.2.3.5.1 Types of Performance Measures Plant performance resulting from operator action or inaction includes plant process data and component status (e.g., on or off; open or closed) as a function of time at as many locations in the plant simulation as possible.
| |
| Plant components that provide plant process data or component status in the plant are simulated with full fidelity. The testbed has the ability to record plant process data and component status (including state changes) for the duration of the ISV scenarios.
| |
| For each scenario, primary and secondary tasks that are required to be performed are identified and assessed. Primary tasks are those involved with function and task completion including detection, assessment, planning, and response. Performance measures for tasks are assessed based on the complexity of the task. For example, simpler, rule-based tasks measure time and accuracy. More complex knowledge-based tasks (e.g., detection, seeking additional data, making decisions, or taking actions) use more detailed performance measures.
| |
| Secondary task performance measures reflect the workload associated with HSI manipulations for maintaining the overall plant. Test personnel NuScale US460 SDAA 18.10-8 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation evaluate secondary tasks in conjunction with primary tasks to observe effects on overall performance and workload, both at individual and operations crew level.
| |
| Personnel task performance measurements are selected to reflect those aspects of the task that are important to system performance (e.g., time, accuracy, frequency) and are used depending on the particular scenario.
| |
| For knowledge-based tasks, more detailed data (e.g., number of navigational steps, accuracy of actions) are collected in order to assess the complexity of the crew actions.
| |
| Objective measures of individual and crew performance are also collected during validation scenarios and are used in the evaluation. These include
| |
| * video recordings of operator performance.
| |
| * the alarm history log.
| |
| * operator control interactions.
| |
| * plant variable control interactions (resulting from operator controls).
| |
| * component status change.
| |
| * the HSI use log (display screen request history and operational history).
| |
| Video recording documents operator actions as they are performed, thus allowing comparison to what is expected. Comparison of actual to expected actions is an important method to identify errors of omission and commission.
| |
| To measure situational awareness, ISV applies a combination of objective measures and subjective post-scenario questionnaire methods.
| |
| Performance measures for situational awareness are obtained using non-intrusive human performance measures as well as subjective questionnaires.
| |
| To measure cognitive workload, the ISV monitors crew performance and employs questionnaires and observations of operators' ability to gather specific plant information.
| |
| Anthropometric and physiological performance measures are employed during ISV to assess those aspects of the design that cannot be evaluated during design verification. Anthropometric and physiological performance measures evaluate how well the HSI supports plant personnel in monitoring and controlling the plant. Anthropometric challenges are collected through observations by test personnel during the scenarios or during review of video recordings.
| |
| NuScale US460 SDAA 18.10-9 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10.2.3.5.2 Performance Measure Information and Validation Criteria Subjective assessments of the HSI and its impact on performance, including self-ratings of workload, situational awareness, and teamwork, are conducted by the validation team. Operator feedback on the HSI is collected via post-scenario debriefs and questionnaires. Operator feedback includes scale rating questions and open feedback (long answer) questions.
| |
| Objective data (e.g., video recording, administrator observations) collected during test scenarios are analyzed, as necessary, to assess impacts of operator actions on plant processes and equipment states. The analysis compares the performance derived from parameters and times collected by the simulator to the evaluation criteria for operator actions and for overall plant process behavior developed for each scenario.
| |
| The test team documents its observations on post-scenario observer forms after the scenarios. Observations include individual assessment of crew performance (including observed performance issues), technical and teamwork performance, crew size sufficiency, and potential HEDs.
| |
| The operating crews also document their feedback on a post-scenario observer form, similar to that used by the test team, after the scenario.
| |
| The data collected from subjective and objective sources are analyzed by the test team to determine the sufficiency of the HSI design.
| |
| 18.10.2.3.6 Test Design Test design is a process of developing scenarios, test planning, and conducting ISV with a goal of permitting the observation of integrated system performance while minimizing bias.
| |
| The test design characteristics that are important to support ISV validity include scenario sequencing, test procedures, test personnel training, participant training, and pilot testing.
| |
| 18.10.2.3.6.1 Scenario Sequencing For selection of crew or the order of scenario presentation, the industry standard guidance of NUREG/CR-6393, January 1997, is used.
| |
| 18.10.2.3.6.2 Test Procedures Before the start of ISV, detailed test procedures are prepared to manage the tests, ensure consistency, control test bias, support repeatable results, and focus the test on the specific scenario objectives. Scenario developers use test procedures to build the scenario set, and the test team uses them to set up each scenario, manage the scenario, and analyze the test results.
| |
| NuScale US460 SDAA 18.10-10 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Integrated system validation test procedures are designed to minimize the introduction of bias by both the test team and operating crews.
| |
| 18.10.2.3.6.3 Training Test Personnel Before the start of ISV, the test team is trained on plant systems, the HSI, and ISV test procedures. Training consists of both classroom and simulator time with well-defined training goals and emphasis on the use of test procedures, documenting the problems identified during testing, and the bias and errors that test personnel may introduce into the data.
| |
| 18.10.2.3.6.4 Training Test Participants Test participants training topics are similar to those for plant operators, including plant systems, the HSI, plant events, and operating procedures.
| |
| Test participants are not privy to the test scenarios before commencement of the scenarios.
| |
| To ensure near-asymptotic performance and a consistent level of proficiency among individuals making up the operating crews, only participants who have successfully completed the training program and have reached an acceptable level of proficiency are considered qualified for operating crew assignment.
| |
| 18.10.2.3.6.5 Pilot Testing A pilot test, or pre-validation test, is conducted to
| |
| * assess the adequacy of the test design, performance measures, and data collection methods.
| |
| * give observers and administrators experience in running the test.
| |
| * ensure that the ISV runs smoothly and correctly.
| |
| The pilot test is conducted by a test crew that does not participate in an ISV.
| |
| 18.10.2.3.7 Data Analysis and Human Engineering Discrepancy Identification Test data are analyzed using both quantitative and qualitative methods. The analysis identifies the relationship between the observed and measured performance and the established acceptance criteria described in Section 18.10.2.3.5.
| |
| The broad-reaching testing and number of performance measures to be evaluated limit the ability to perform statistical analyses. Testing of multiple scenarios with multiple crews (generally, each crew develops a different strategy) makes it impractical to arrive at conclusions based on performance of the population or deviations from a norm. Therefore, the test team NuScale US460 SDAA 18.10-11 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation determines causal factors by evaluating instances of performance measures not being met.
| |
| Design-related deficiencies identified for indications, controls, alarms, or procedures are documented in an HED. Previous HFE Program elements may need to be evaluated to resolve the deficiency. The HSI design is not considered validated until priority 1 or priority 2 HEDs initiated as a result of ISV are resolved. Test-related deficiencies are documented in the Human Factors Engineering issue tracking system and may result in changes to the test procedure or scenario definition.
| |
| Human engineering discrepancies resulting from ISV are prioritized according to importance.
| |
| * Priority 1 HEDs are those that have a potential direct or indirect impact on plant safety and are resolved before HFE verification and validation is considered complete. Human engineering discrepancies initiated as a result of a performance measure not being met (pass or fail performance measures) are priority 1 HEDs. Cross-cutting issues determined through HED analysis or performance measure analysis are priority 1 HEDs due to their potentially broad impact on the HSI design performance.
| |
| * Priority 2 HEDs are those that have a direct or indirect impact on plant performance and operability. Priority 2 HEDs are determined through V&V analysis.
| |
| * Priority 3 HEDs are those that do not classify as priority 1 or priority 2 HEDs.
| |
| Some HEDs are not resolved during HFE Program activities and may be ongoing due to anticipated technology or other advancements; however, all priority 1 HEDs and priority 2 HEDs are closed before design implementation completion. Priority 3 HEDs generated during and after completion of V&V that are determined to require resolution are resolved during the HFE design implementation element. Additionally, all priority 3 HEDs that require resolution are resolved by closing, or passing to the licensee as appropriate.
| |
| The HEDs are resolved and closed after further analysis by either identifying changes to the plant design, by changes to the procedures, providing training to the staff, by other administrative means, or by justifying the deviation as acceptable.
| |
| Assessments attained by different means, intended to measure the same or similar performance measures, are compared. When differing conclusions are reached, more detailed cause analysis is performed, including the review of simulator logs, and video and audio tapes, if necessary. Measuring convergence can be necessary for a single team and single scenario or for multiple teams and across several scenarios depending on the performance measure.
| |
| NuScale US460 SDAA 18.10-12 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Expert judgment is employed to infer a margin of error from the observed performance or data analysis. This method allows for the possibility that actual performance may vary slightly more than ISV test results.
| |
| Integrated system validation data analysis is reviewed to verify the correctness of the analyses of the data. Data and data-analysis tools (e.g.,
| |
| equations, measures, spreadsheets, expert opinions, resulting HEDs) are documented and available for review during HFE Program elements design integration or human performance monitoring.
| |
| 18.10.2.3.8 Validation Conclusions Conclusions from the ISV are documented in the RSR. The report includes the bases for determining that the integrated system performance is acceptable, as well as the limitations in the validation tests, their possible effects on validation conclusions, and their impact on implementing the design.
| |
| 18.10.2.4 Human Engineering Discrepancy Resolution To determine if the HEDs require correction, the HEDs are categorized into three principal categories (priorities 1, 2, and 3) on the basis of their impact on personnel tasks and functions, plant systems, cumulative effects, and as indications of broader issues. Section 18.10.2.3.7 contains a discussion of the three principal priorities.
| |
| Design solutions are developed and evaluated to address those HEDs that require correction. A design solution for a given HED demonstrates resolution of that HED. Consideration is given to inter-relationships of individual HEDs as part of a design solution. Evaluation of the design solution also ensures that no new HEDs are introduced.
| |
| Resolution of HEDs resulting from task support verification, design verification, and ISV is included in the human factors V&V element. Human engineering discrepancy resolution follows the general process described in Section 18.1 with the following additional requirements:
| |
| * Priority 1 and priority 2 HEDs generated during task support verification are resolved (with resulting design changes completed) prior to completion of task support verification. Sampling is expanded if a significant number of HEDs are generated during task support verification to include additional TA input requirements beyond ISV scenarios.
| |
| * Priority 1 and priority 2 HEDs resulting from design verification are resolved (and any resulting HSI design changes implemented in the test facility) prior to the start of the ISV. This resolution assures that ISV tests the final HSI design.
| |
| * Human engineering discrepancies resulting from ISV are resolved within ISV, when practical, based on importance level and before additional testing. At the point of documenting an ISV human engineering discrepancy, completed tests are evaluated to determine the need for retesting.
| |
| NuScale US460 SDAA 18.10-13 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Factors Verification and Validation Human engineering discrepancies that are unresolved may be found to be acceptable following evaluation by the HFE team in the context of the integrated design. The decision for accepting an HED without change in the integrated design is based on accepted HFE practices, current published HFE literature, trade-off studies, tests, or engineering evaluations.
| |
| Human engineering discrepancy resolution is performed iteratively with V&V; that is, an HED identified during one V&V activity may be addressed before conducting other V&V activities, depending on the HED priority and its potential impact on the next phase of the V&V.
| |
| The HED resolution process involves evaluation of the HEDs to determine if they require correction, identification of design solutions to address HEDs that must be corrected, and verification that the design solutions are implemented.
| |
| As described in Section 18.1, HED evaluations are documented in the Human Factors Engineering issue tracking system. The documentation includes
| |
| * related personnel tasks and functions.
| |
| * related plant systems.
| |
| * cumulative effects of HEDs.
| |
| * HEDs as indications of broader issues.
| |
| * design changes made for individual HEDs and their status.
| |
| * compliance of design change with V&V evaluation criteria.
| |
| * the basis for not correcting an HED.
| |
| 18.10.3 Results The results of the V&V activities are compiled in an RSR. The contents of the RSR are consistent with the methodology described in Reference 18.10-1 and the applicable NUREG-0711, Revision 3 guidance.
| |
| 18.10.4 References 18.10-1 NuScale Power, LLC, "Human Factors Engineering Verification and Validation Implementation Plan," TR-130415, Revision 0.
| |
| NuScale US460 SDAA 18.10-14 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Design Implementation 18.11 Design Implementation The design implementation element of the Human Factors Engineering (HFE) Program verifies that the implemented (as-built) HFE design accurately reflects the verified and validated design resulting from the HFE design process. Design implementation activities also include an evaluation of the design features that are not addressed in the human factors verification and validation (V&V) process (Section 18.10).
| |
| Design implementation is completed when plant construction is complete. Following startup, the Human Performance Monitoring Program (Section 18.12) evaluates impacts of design changes on human performance.
| |
| This section provides a summary of the design implementation methodology. A more detailed description of the methodology is provided in the Human Factors Engineering Design Implementation Implementation Plan (Reference 18.11-1). The design implementation methodology is consistent with the applicable provisions of NUREG-0711, Revision 3.
| |
| The completion of design implementation activities is confirmed by an Inspections, Tests, Analyses, and Acceptance Criteria item. This confirmation ensures that the as-built design conforms to the verified and validated design resulting from the HFE design process.
| |
| 18.11.1 Objectives and Scope The objectives of design implementation are to
| |
| * evaluate those aspects of the design that are not addressed in human factors V&V (Section 18.10).
| |
| * confirm that the final (as-built) human-system interfaces (HSIs), procedures, and training program conform to the design HSIs, procedures, and training program.
| |
| * confirm that the remaining human engineering discrepancies (HEDs) and open items in the Human Factors Engineering issues tracking system are appropriately addressed and resolved.
| |
| The HSIs, procedures, and training program evaluated for conformance apply to the main control room (MCR), Technical Support Center (TSC), Emergency Operations Facility (EOF), and certain local control stations (LCSs).
| |
| 18.11.2 Methodology The methodology described in Reference 18.11-1 addresses the objectives described above and ensures that the as-built design is in conformance with the verified and validated standard design.
| |
| NuScale US460 SDAA 18.11-1 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Design Implementation 18.11.2.1 Aspects of the Human Factors Engineering Design not Verified During Verification and Validation Aspects of the HFE design that are not addressed in the HFE verification and validation include HFE aspects that cannot be performed in the simulated environment. Aspects not simulated include design characteristics, such as new or modified displays for plant-specific design features.
| |
| Features not accurately simulated include ergonomic considerations, such as background noise, as well as HSIs outside the MCR but within the HFE Program scope.
| |
| 18.11.2.2 Verification of As-Built Human-System Interfaces, Facility Configuration, Procedures, and Training The methods used to verify conformance of the final HSIs, facility configuration, procedures, and training program to the final as-designed configuration (that resulted from the HFE design process and V&V activities) include configuration control, HFE review, plant walkdowns, and reviews of design changes.
| |
| For the MCR, TSC, EOF, and certain LCSs, the evaluation for conformance addresses the as-built aspects of the software and hardware configurations, facility configurations, and other aspects of the facility that are not simulated but are relevant to the overall HFE Program.
| |
| The conformance evaluation of software, hardware, and facility configurations confirms clear configuration-controlled design traceability for the HSIs (alarms, controls, indications, and procedures) and peripheral equipment. The as-built configuration is compared to drawings, specifications, and other final design documents used for integrated system validation (Section 18.10) to determine conformance. If the configuration does not conform, further HFE review is conducted to determine if the as-built design is equivalent to the verified and validated design.
| |
| Conformance assessment of facility configuration is conducted by plant walkdown and includes
| |
| * physical configuration of workstations, panels, and displays.
| |
| * visibility and sight lines.
| |
| * accommodations for communication.
| |
| * inclusion of emergency plans and personal protection equipment.
| |
| * lighting.
| |
| * background noise.
| |
| * environmental controls and conditions (e.g., temperature and humidity).
| |
| NuScale US460 SDAA 18.11-2 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Design Implementation Evaluation of aspects of the facility that are not simulated (e.g., LCSs) but are relevant to the overall HFE Program includes
| |
| * a walkdown to confirm conformance to the documentation approved by the HFE team (e.g., results of HFE analyses, style guides) and to human factors V&V conclusions.
| |
| * a subject matter expert review of suitability for use of operating procedures for LCSs.
| |
| * a subject matter expert evaluation of training material used for MCR, TSC, EOF, and LCS human-system interfaces.
| |
| Where the evaluation cannot confirm that the as-built HSIs, procedures, and training design are the-same-as or equivalent-to the planned design, an HED is generated and tracked as discussed below.
| |
| 18.11.2.3 Verification that Human Factors Engineering Issues in Issue Tracking System are Addressed Human engineering discrepancies identified during design implementation activities are documented, evaluated, and tracked by the Quality Assurance Program and processes. The HEDs from other HFE Program elements and those generated during human factors V&V activities are addressed as follows:
| |
| * HEDs affecting the integrated system validation are closed before the integrated system validation.
| |
| * priority 1 HEDs are closed before submitting the V&V results summary report.
| |
| * priority 2 and new priority 1 HEDs are closed prior to conducting the design implementation review.
| |
| 18.11.2.4 Addressing Important Human Actions The process for identifying and evaluating potential important human actions is described in Section 18.6. The HSI design is described in Section 18.7.
| |
| 18.11.3 Reference 18.11-1 NuScale Power, LLC, Human Factors Engineering Design Implementation Implementation Plan, TR-130418, Revision 0.
| |
| NuScale US460 SDAA 18.11-3 Revision 0
| |
| | |
| NuScale Final Safety Analysis Report Human Performance Monitoring 18.12 Human Performance Monitoring COL Item 18.12-1: An applicant that references the NuScale Power Plant US460 standard design will provide a description of the Human Performance Monitoring Program in accordance with applicable NUREG-0711 or equivalent criteria.
| |
| NuScale US460 SDAA 18.12-1 Revision 0
| |
| | |
| LO-130882 Section B NuScale Nonproprietary
| |
| | |
| LO-130882 TR Number TR Title Human Factors Engineering Functional Requirements Analysis
| |
| : 1. TR-124333-NP, Revision 0 and Function Allocation Implementation Plan Human Factors Engineering Design Implementation
| |
| : 2. TR-130418-NP, Revision 0 Implementation Plan
| |
| : 3. TR-130413-NP, Revision 0 Human Factors Engineering Task Analysis Implementation Plan
| |
| : 4. TR-130414-NP, Revision 0 Human Factors Engineering Program Management Plan Human Factors Engineering Staffing and Qualification Results
| |
| : 5. TR-130412-NP, Revision 0 Summary Report Concept of Operations
| |
| : 6. TR-130408-NP, Revision 0 Human Factors Engineering Operating Experience Review
| |
| : 7. TR-130409-NP, Revision 0 Implementation Plan Human Factors Engineering Human-System Interface Design
| |
| : 8. TR-130417-NP, Revision 0 Implementation Plan Human Factors Engineering Treatment of Important Human
| |
| : 9. TR-130416-NP, Revision 0 Actions Results Summary Report Human Factors Engineering Verification and Validation
| |
| : 10. TR-130415-NP, Revision 0 Implementation Plan NuScale Nonproprietary
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Licensing Technical Report Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgment and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 Functional Requirements Analysis and Function Allocation Process Overview . . . . . . . 5 3.0 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2 Functional Requirement Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.3 Function Allocation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.4 System-Level Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.5 Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.6 Automation Philosophy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.7 Automation Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.0 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 3-1 NuScale Plant Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Table 3-2 Levels of Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Abstract The functional requirements analysis and function allocation is a significant element of the Human Factors Engineering Program. The purpose of this element is to verify that those functions that must be carried out to satisfy the plant's safety and commercial goals, and that the assignment of responsibilities for those functions (function allocation) to personnel and automation, takes advantage of human and machine strengths and avoids human and machine limitations. This implementation plan describes the process that ensures the NuScale Power Plant design, including design changes, is incorporated into the task analysis, training program, and process library from a Human Factors Engineering perspective.
| |
| The methodology used in the functional requirements analysis and function allocation Human Factors Engineering element conducted by NuScale is consistent with the applicable provisions of Section 4 of NUREG-0711, Reference 5.1.1.
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Executive Summary Consistent with the guidance of NUREG-0711, Reference 5.1.1, Section 4, the scope of the functional requirements analysis and function allocation (FRA/FA) performed by NuScale includes a method to ensure that the functions necessary to accomplish plant goals are defined and analyzed so that the allocation of functions to personnel and machine resources takes advantage of human and machine strengths and avoids human and machine limitations.
| |
| The FRA/FA analysis is done in two phases for the NuScale Power Plant design; an initial analysis for the Design Certification Application (DCA) was documented in a results summary report, which led to a revised implementation plan to support the NuScale Power Plant US460 standard design. The FRA process performed for the DCA identified plant functions that must be performed to satisfy the plant's overall safety and operating objectives and goals. NuScale established plant functions to meet those objectives and goals. NuScale also established system level functions that are designed to support the plant functions.
| |
| The FRA/FA effort for the NuScale DCA was based on high-level plant functions, which were defined during the initial Design Reliability Assurance Program analysis, as described in Section 17.4 of the DCA. This effort ensured these high-level functions were addressed with respect to plant design. Upon completion of the FRA/FA work, the results were incorporated into the Human Factors Engineering (HFE) task analysis, which were then used during the development of the NuScale Power Plant operating procedures. As a result, the updated HFE task analysis database was tied to system-level functions and tasks, rather than high-level plant functions. During this alignment, the operator training program task analysis and task-to-training matrix was added to the HFE task analysis and operating procedure set. Going forward, the HFE task analysis will be cross referenced to the FRA/FA database to ensure that interrelated items remain aligned and can be managed in one interlinked database. NuScale maintains the HFE, training, and operating procedure database until the licensee assumes responsibility.
| |
| The FA determines if tasks are performed by personnel, automation, or a combination of both.
| |
| Each system function is analyzed to determine the tasks, how the tasks are performed (manual, automated, or both), the technical basis, and the role of the operator. The analysis and allocation results for the FRA/FA are maintained in the FRA/FA & task analysis database.
| |
| This report describes the revised implementation methodology of the HFE Program FRA and FA analysis. The foundation for this implementation plan was first documented to support the DCA in Human Factors Engineering Functional Requirements Analysis and Function Allocation Results Summary Report, RP-0316-17615, Rev. 0 (Reference 5.2.1).
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 1.0 Introduction 1.1 Purpose The purpose of this document is to describe the process to implement and maintain the functional requirements analysis and function allocation (FRA/FA) database for the NuScale Power Plant (NPP) for the Standard Design Approval. A standalone FRA/FA database was initially documented as part of the Design Certification Application process.
| |
| To support US460 Standard Design Approval Application activities, NuScale maintains a single database to address FRA/FA and task analysis (TA) Human Factors Engineering (HFE) elements.
| |
| 1.2 Scope The scope of the FRA/FA includes activities performed by licensed operators in the main control room during normal, abnormal, and emergency operating conditions. It also includes activities performed by the non-licensed operators assigned to each crew, and activities performed by the specifically assigned refueling senior reactor operator, which are directly related to licensed operators. Analysis for maintenance activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or instrumentation and controls, health physics, chemistry, engineering, or information technology), the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities, unless they are determined to impact licensed operator responsibilities, are outside the scope of this report. When licensed operator responsibilities are impacted, the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator functional responsibilities, human-system interface (HSI) design, and associated allocation of functions.
| |
| Design changes to NuScale systems that require direct operator interaction, relative to the plant design, are evaluated for HFE impact. Each task is analyzed to ensure plant goals and desired performance is accomplished. This includes determining that the system components, instrumentation, controls, automation, and alarms are sufficient.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 1.3 Abbreviations Table 1-1 Abbreviations Term Definition DCA Design Certification Application D-RAP Design Reliability Assurance Program FA function allocation FRA functional requirements analysis HFE Human Factors Engineering HSI human-system interface NPP NuScale Power Plant RCPB reactor coolant pressure boundary SDAA Standard Design Approval Application SSC structures, systems, and components TA task analysis Table 1-2 Definitions Term Definition D-RAP The purpose of Design Reliability Assurance Program (D-RAP) is to guide NuScale Power, LLC (NuScale) personnel through the process of identifying risk-significant structures, systems, and components (SSC).
| |
| These identified SSC are controlled under a number of programs and are cataloged in the D-RAP report.
| |
| FRA/FA The identification of functions that must be performed to satisfy the nuclear power plants overall goals. Function allocation determines which tasks are manual, automatic, or a combination of the two.
| |
| FRA/FA & TA database The FRA/FA & TA database is a relational database that is used to store the FRA/FA, task analysis, staffing and qualifications analysis, development of HSI, procedures, and training data. In this document it may be referred to as the FRA/FA & TA database or database.
| |
| Plant functions The plant functions describe how the plant meets NuScales mission statement of safe, scalable, affordable, electrical generation using nuclear power.
| |
| Subject matter expert An individual with appropriate knowledge in a specific area or discipline that has sufficient experience and education to competently develop or review a licensing topical report in that discipline.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 2.0 Implementation 2.1 Functional Requirements Analysis and Function Allocation Process Overview The FRA/FA incorporates HFE Program principles and practices and is performed using a structured and documented methodology. The process is iterative in nature and is kept current over the plant's life cycle, from design development through decommissioning.
| |
| During the design process, the NuScale Power Plant SSC are evaluated to ensure that the plant's overall safety and operating objectives continue to be met. Additional evaluation is performed to determine if the changes being made impact the original functional allocation. For example, if a design change creates a more complicated series of actions, it may be beneficial to include automatic controls for the new function.
| |
| The product of the FRA is a complete set of functional requirements necessary to satisfy NPP functions. The product of the FA is the identification of how personnel and automatic controls perform the functions.
| |
| The original FRA/FA scope involved analyzing each system that requires direct operator interaction. Each system function was analyzed to ensure NuScale's high-level goals and desired performance is accomplished. This process included determining that the system components, instrumentation, controls, automation, and alarms are sufficient.
| |
| The plant functions evolve as the system design matures and can be found in the system design description and the functional specification. These data, along with the input from the subject matter expert, is used to determine the tasks that need to be completed and the appropriate role for each task. These data provide the basis to ensure that the plant functions are satisfied.
| |
| During the original FA process, each system function was analyzed to determine the tasks based on the conditions or components required for that function and was entered into an FA table. In this table, the determination was documented whether the task was automatic, manual or shared, the technical basis for the allocation was documented, and the role of the operator was identified. The information obtained during the FRA/FA process provided a foundation for the task analysis.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 The process undertaken to maintain FRA/FA integrity feeds into the following end products:
| |
| tasks allocated to human control, automation, or a combination of human and automation inputs to the following elements:
| |
| - HFE task analysis
| |
| - operating experience review
| |
| - staffing & qualifications
| |
| - human-system interface design
| |
| - treatment of important human actions
| |
| - procedure development
| |
| - training development
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 3.0 Methodology 3.1 General Information The HFE Program includes FRA/FA as part of a series of analyses that relies primarily on design documents and subject matter experts. Functional requirements analysis is a resource for task analysis, staffing & qualifications, and the development of HSI, procedures, and training; there is feedback to FRA/FA from treatment of important human actions for the identification of important human actions and operating experience review.
| |
| The FRA/FA methodology remains the same whether conducted as the first step in a series or when the task is revisited as part of the natural evolution of updating the plant design as it matures. Rigid sequencing is not practical for HFE analyses as the iterative nature of both the design and the HFE process necessitates flexibility. For example, new or modified tasks in the task analysis would require updating the FA table; conversely, changes to the FA table may need to be reflected in the task analysis. Those changes are made as part of the NuScale design development process, or the necessary changes become HFE issues to be tracked using the Human Factors Engineering issues tracking system.
| |
| 3.2 Functional Requirement Analysis Plant-level functions are defined, which, when successfully executed, accomplish the plant functional goals: 1) to ensure the health and safety of the public by preventing or mitigating the consequences of postulated accidents, and 2) to generate electricity. For the NuScale design, the plant functions are shown in Table 3-1.
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Table 3-1 NuScale Plant Functions Plant Function NuScale Design Features to Support Plant Function Remove Fuel Assembly Design features used to remove heat from the fuel assemblies via passive Heat convection and conduction.
| |
| Maintain Containment Design features used to maintain containment integrity to prevent fission product Integrity from escaping the containment boundary.
| |
| Maintain Reactor Design features used to maintain RCPB integrity to prevent fission products from Coolant Pressure escaping the RCPB.
| |
| Boundary (RCPB)
| |
| Integrity Reactivity Control Design features used to maintain reactivity within required limits.
| |
| Radioactivity Control Design features used to control the spread of radioactive contamination.
| |
| Emergency Response Design features used to identify and communicate plant conditions to internal and external organizations during emergencies.
| |
| Human Habitability Design features used to maintain comfortable and safe environmental conditions for personnel habitability by providing adequate air quality, air temperature, humidity, fire and radiation protection, illumination, and sanitary and potable water supplies.
| |
| Protection of Plant Design features used to protect plant assets from degradation due to plant Assets environmental conditions or external environmental conditions.
| |
| Plant Security Design features used to protect the physical security of the plant.
| |
| Power Generation Design features used to perform startup, normal operations, shutdown, and refueling.
| |
| The original functional analysis process included a team review of SSC functions derived from design documentation. Based on the team review of the SSC functions (documented in the D-RAP report for each associated system), a determination was made to ensure the SSC can support the plant functions (e.g., reactivity control and containment integrity).
| |
| The function decomposition process addressed plant functions and processes, specific plant systems and components, and appropriate human actions. The team members verified that plant level functions and associated requirements necessary to achieve safe and reliable operation have been analyzed and documented in the database.
| |
| As the NuScale Power Plant design evolves, the system design descriptions and the functional specifications, along with the input from the subject matter expert, are used to determine the tasks that need to be completed and the appropriate role for each task.
| |
| The data are maintained in the FRA/FA & TA database and provides the basis to ensure that the plant functions are satisfied.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 3.3 Function Allocation The FA assigns task responsibilities to personnel and automation, taking advantage of human and machine strengths and avoiding human and machine limitations. Each system function is analyzed at the component level (e.g., pumps, control valves) and plant conditions (e.g., system startup or shutdown). The tasks that need to be performed are identified, then for each task a determination is made for the technical basis, the allocation (automatic, manual, or shared), and the role of the operator.
| |
| The technical bases for determining the FA is as follows:
| |
| operating experience (major plant evolutions or subject matter expert determination that automation would aid the operator) whether human error is likely (complex sequence or performing tasks within the available time) whether human capabilities are exceeded technical feasibility or cost whether precise control is required, for example:
| |
| - quick response
| |
| - routine or repetitive tasks
| |
| - continuous monitoring
| |
| - temperature, pressure, or level control
| |
| - standby pump starts whether human knowledge and judgment is needed 3.4 System-Level Analysis In the event a system design is revised, the design change documentation is reviewed to ensure that the system function supports the plant functions. The results of system design change reviews are contained and updated in the FRA/FA & TA database.
| |
| 3.5 Validation In order to confirm the subject matter expert selections for FA, simulation of the function is tested using the HSI or tabletop procedure walkthrough. In the event that the allocation negatively impacts operator workload or situational awareness, the FA may be adjusted based on these results. Overall changes to operator workload also may impact integrated systems validation testing and are considered separately.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 3.6 Automation Philosophy Determining the level of automation during design is an iterative process. Balancing the needs of the operator, the capabilities of the instrumentation and controls architecture, and the design of the system requires solid communication among work groups. When making the decision to use automation, the following guidance is considered.
| |
| Automation is utilized to aid the operator and to avoid human error.
| |
| For routine tasks, it is preferred that the automation identifies initiating conditions and prerequisites and prompts the operator to perform the task instead of requiring the operator to select the appropriate automation to perform. As an example, to perform the correct dilution amount on the correct unit, the automation monitors parameters and request the operator to concur with the selected automation.
| |
| Automation is designed to prevent the operator from performing an undesired action through use of interlocks, prompts, and intuitive displays.
| |
| Information display for automation is as consistent as possible in terms of location, arrangement, and functionality in order to optimize operator-to-system interaction and reduce potential error.
| |
| Automation controls are standard and intuitive to understand. This simplifies training and provides the operator with a base level of comprehension regardless of the specific automated task.
| |
| Automated processes are incorporated into the task analysis and procedures, so that they can be referenced for pre-job discussions. Automated tasks are described in the database and accessed similarly to other procedures.
| |
| 3.7 Automation Criteria There are many facets that must be evaluated when determining when to use automation, and the proper level of automation to accomplish specific tasks. The subject matter experts develop the initial tasks, which may be system based, integrated, or for abnormal or emergency tasks. During the performance of FA, functions are identified as assigned to human action (manual), system (automatic), or shared between human and system. During the performance of FA determination, each human action is selected for the expected level of automation as listed in Table 3-2.
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Table 3-2 Levels of Automation Levels of Automation (Concept of Description Automation)
| |
| Fully Automatic An automated sequence that once initiated continues to perform a desired function without additional operator input. A parameter or set of parameters is controlled within specified bands, and the operator performs periodic monitoring.
| |
| Failures may require operators to take manual action to establish control.
| |
| Examples: (1) a temperature controller is set to modulate flow through a heat exchanger to maintain a setpoint temperature; (2) pressurizer heater power modulates to maintain a desired saturation condition in the pressurizer; (3) module protection system monitors and performs actions when predetermined setpoints are reached.
| |
| Operation by Exception The automation monitors and provides the operator the ability to stop automation during specified conditions. If no operator action is taken, the automation continues as programmed. For example, automation initiates an action within 120 seconds of an event. The operator may stop the automation within that time period, but if no action is taken, the automation proceeds.
| |
| Operation by Consent An automated sequence that does not initiate unless specifically approved by operator action. This also applies to an automated process that is in progress, but needs operator approval or input at specific hold points. For example, performing a routine boron dilution of the reactor coolant system. The automation monitors for conditions to request the dilution but does not perform without approval from the operator.
| |
| Shared Operation Tasks or portions of tasks are performed by the automation and portions are performed manually. For example, manual alignment and start of the reactor pool cooling system, but standby pump starts automatically when conditions are met.
| |
| Manual Control No level of automation. All actions are performed manually. Examples: (1) performing a valve line-up in the field and (2) manipulating components one at a time using the HSI.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 Most functions are automated in the NPP to aid the operators in managing the workload for multiple units. This aids the operator to remain situationally aware of the plant status and to be engaged at the level appropriate during performance of the automated task.
| |
| The following criteria are used during FA and are considered as preferred for automation, in determining if automation should be used, and at what level.
| |
| Major plant evolutions (e.g., unit shutdown, unit power escalation)
| |
| System operations that require continuous monitoring, are repetitive, or require quick response (e.g., temperature, pressure, or level control; standby pump start; or routine rotation of operating equipment)
| |
| Component operation that has special requirements or restrictions (e.g., valves need to close upon pump stop, prerequisites must be met to open valve)
| |
| Routine or repetitive tasks (e.g., 12-hour surveillance checks, rod movement testing)
| |
| Personnel safety or dose reduction Sequence is complex Time to perform task challenges in the time available Implementation cost seems reasonable for the automation benefit Subject matter expert determines that automation would aid the operator based on operating experience
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 4.0 Conclusion NuScale's integrated design approach resulted in a close collaboration among safety analysis engineers, design engineers, Operations personnel, and human factors engineers. This collaboration drove multi-disciplinary analyses to complex design decisions early in the conceptual design.
| |
| The FA determined which tasks are performed by personnel, automation, or a combination of both. Each system function was analyzed to determine the tasks, how the tasks are performed (manual, automated, or both), the technical basis, and the role of the operator. The analysis and allocation results are maintained in the FRA/FA & TA database.
| |
| As the NPP design evolves, the FRA/FA and TA are reviewed and updated to ensure consistency with plant functions. The results of the initial FRA/FA were captured in the FRA/FA & TA database and is updated as the design evolves. The results of this review will be summarized in a results summary report, in accordance with NUREG-0711, Reference 5.1.1, The FRA/FA process information is used to support the task analysis, automation, HSI development, staffing and qualifications analysis, the treatment of important human actions, procedure development, and training program development.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan TR-124333-NP Revision 0 5.0 References 5.1 Source Documents 5.1.1. U.S. Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model," NUREG-0711, Rev. 3, 2012.
| |
| 5.2 Referenced Documents 5.2.1. Human Factors Engineering Functional Requirements Analysis and Function Allocation Results Summary Report, RP-0316-17615, Rev. 0.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Licensing Technical Report Human Factors Engineering Design Implementation Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Configuration Control of HSIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.0 Design Implementation Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 Human System Interface Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2 Facility Configuration Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.0 Human Factors Engineering Issue Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.0 Addressing Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6.0 Additional Considerations for Human Factors Engineering Aspects of Control Room Modifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.0 Results Summary Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 8.0 NUREG-0711 Conformance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 9.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 8-1 Conformance with NUREG-0711 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Abstract This implementation plan describes the methodology for conducting the design implementation element of the Human Factors Engineering Program. Design implementation is an element of the Human Factors Engineering Program that verifies conformance of the as-built design to the planned design. The design implementation element is complete once the Human Factors Engineering Inspections, Tests, Analyses, and Acceptance Criteria item is closed.
| |
| The methodology described is consistent with the applicable provisions of Section 12 of U.S.
| |
| Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model,"
| |
| NUREG-0711, Revision 3 (Reference 9.1.1).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Executive Summary The methodology for design implementation ensures that the as-built Human Factors Engineering (HFE) design of the NuScale Power Plant accurately reflects the verified and validated design resulting from the HFE design process. This implementation plan describes how ownership of the HFE Program is transferred from NuScale to a licensee and the actions a licensee completes in order to close the HFE Inspections, Tests, Analyses, and Acceptance Criteria. Design implementation activities include evaluation of those aspects of the design that are not addressed during human factors verification and validation. The methods used to verify that the final human-system interfaces and facility configuration conform to the planned design include subject matter expert reviews and plant walkdowns. The HFE issues identified during these activities are documented, evaluated, and resolved in the licensee's Quality Assurance Program Description.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 1.0 Introduction 1.1 Purpose This document provides the implementation plan (IP) for design implementation (DI) within the Human Factors Engineering (HFE) Program. Design implementation demonstrates that the HFE Program "as-built" design of the human-system interface (HSI) and facility configuration accurately reflects the verified and validated design resulting from the HFE design process. Design implementation activities also include an evaluation of those aspects of the design that are not addressed during the human factors verification and validation (V&V), including modifications to the standard design and new human engineering discrepancies (HEDs) identified after completion of the V&V.
| |
| Features evaluated during DI include those that cannot be accurately simulated. Features not simulated include ergonomic considerations (e.g., lighting and background noise) as well as HSIs outside of the main control room (MCR) but within the licensee's HFE Program scope.
| |
| Human engineering discrepancies identified during V&V and HEDs identified after completion of the V&V are tracked and resolved in accordance with Section 3.0 or Section 4.0 of this document.
| |
| Completion of DI activities ensures the as-built HFE design conforms to the verified and validated design resulting from the HFE design process (the final as-designed HSI configuration). The HFE Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) tracks completion of DI activities and, therefore, a results summary report (RSR) is not prepared for the DI element of the HFE Program.
| |
| 1.2 Scope For the MCR and each local control station (LCS), the DI element confirms that the as-built design conforms to the verified and validated design resulting from the HFE design process.
| |
| other aspects of the facility that are not simulated but are relevant to the overall HFE Program are evaluated using an appropriate V&V method.
| |
| HFE design changes made subsequent to completion of the V&V have been properly integrated into the final as-built HSI configuration.
| |
| The HSIs evaluated for conformance apply to the MCR and certain LCSs during normal, abnormal, and emergency operating conditions. This IP does not apply to maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or instrumentation and controls maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or any other Emergency Response facilities (Reference 9.2.1), with the exception of Reactor Building crane operation. This IP does not specifically review procedures as they are subject to the licensee's Quality
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Assurance Program (QAP) and that includes verification and validation of new and changed procedures. It also does not specifically review training as the licensee has its own program that is required to use the systematic approach to training. New or changed training would be controlled and evaluated by the licensee's program.
| |
| 1.3 Abbreviations Table 1-1 Abbreviations Term Definition DI design implementation HED human engineering discrepancy HFE Human Factors Engineering HSI human-system interface IHA important human action IP implementation plan ISV integrated system validation ITAAC Inspections, Tests, Analyses, and Acceptance Criteria LCS local control station MCR main control room QAP Quality Assurance Program QAPD Quality Assurance Program Description RSR results summary report V&V verification and validation
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 2.0 Configuration Control of Human-System Interfaces Changes to the HSI design are controlled under the NuScale Appendix B programs and processes and the applicable 10 CFR 52 Appendix, Section VIII.B.5 (50.59-like process).
| |
| NuScale is responsible for maintaining HFE design configuration control until the turnover requirements are met.
| |
| NuScale is prepared to turnover responsibility for HFE program implementation to the licensee when a licensee is granted a license and the licensee's Quality Assurance Program Description (QAPD) is approved by the NRC.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 3.0 Design Implementation Assessments Design implementation uses HFE and Operations subject matter expert review and plant walkdowns to verify that the as-built HSIs and facility configurations conform to the final as-designed HSI configuration.
| |
| The licensee is responsible for completing the following:
| |
| resolve priority 1 and priority 2 HEDs satisfactorily complete retests for priority 1 and priority 2 HEDs assess conditions that cannot be accurately simulated in the integrated system validation (ISV) resolve negative findings in the comparison of the as-built configuration to the final as-designed HSI configuration resolve or track open priority 3 HEDs resolve new HEDs identified as the design matures issue RSRs for HFE elements as required where IPs are submitted for the NuScale Standard Design Approval Application Each of these elements could potentially identify the need for an HFE design change. The licensee's programs and processes determine when such changes are implemented. It is expected that some HFE design changes do not have sufficient priority to be implemented before the ITAAC closure. For those that do, the design change amends the as-designed HSI configuration post V&V Human Factors Engineering design. The amended design is used as the standard for verifying that the as-built configuration is consistent with the design. Closure of ITAAC is designed to ensure the verified and validated HFE design is properly integrated with the final as-designed HSI configuration.
| |
| To accomplish this integration, the licensee performs the following actions:
| |
| The as-built design is compared to the final as-designed HSI configuration. Deviations are documented.
| |
| Each deviation is justified. If the deviation is caused by implementing an approved modification then the deviation is considered justified.
| |
| Deviations that cannot be justified are resolved in accordance with Section 4.0.
| |
| When all deviations are justified, the deviations as a group are evaluated to determine if there is any collective significance that would invalidate the ISV conclusions.
| |
| 3.1 Human System Interface Assessment The DI assessments for software and hardware configurations confirm clear configuration-controlled design traceability for HSI components (alarms, controls, and indications) and peripheral equipment.
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 The DI assessment for HSI configuration is conducted by plant walkdowns and subject matter expert reviews and includes conformance with HFE design documents such as the HFE style guide, display schematics, drawings, and specifications.
| |
| screen navigation.
| |
| control functionality.
| |
| automation functionality.
| |
| alarm and notification functionality.
| |
| procedure interface functionality.
| |
| 3.2 Facility Configuration Assessment The DI assessment for facility configuration is conducted by performing plant walkdowns that include the physical configuration of workstations, panels, and displays.
| |
| visibility and sight lines.
| |
| accommodations for communication.
| |
| inclusion of emergency plan and personal protection equipment.
| |
| lighting.
| |
| background noise.
| |
| environmental controls and conditions (e.g., temperature and humidity).
| |
| The evaluation of aspects of the facility not simulated (e.g., LCSs) but relevant to the overall HFE program include a walkdown to confirm conformance to the latest approved HFE design documentation including the HFE style guide.
| |
| a subject matter expert review of
| |
| - the suitability of the LCS for executing the operating procedures where operating procedures direct use of that LCS (i.e., typically not computer-based procedures).
| |
| - the suitability of those procedures.
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 4.0 Human Factors Engineering Issue Resolution The HEDs identified during the DI activities described in Section 3.0 are tracked and resolved in accordance with the licensee's QAPD. Some HEDs may be ongoing because of anticipated technology or other advancements.
| |
| For each HED, an evaluation is conducted to determine if the configuration is equivalent to the V&V Human Factors Engineering design. If equivalent, the basis for the equivalency is documented and design documentation revised as necessary.
| |
| if a design change is needed to correct the as-built configuration so it conforms to the final as-designed HSI configuration.
| |
| if the as-built configuration is different from the final as-designed HSI configuration but potentially acceptable. If potentially acceptable, a design change review is conducted to determine the significance of the differences between final as designed HSI configuration and as-built configuration. If the design change review concludes that the design change is acceptable and has no impact on the completed ISV results, then a specific validation method (e.g., tabletop walkthrough, mockup, part-task simulator, or plant walkdown) is determined. If the ISV results are impacted by the design changes, the applicable portion(s) of ISV are repeated.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 5.0 Addressing Important Human Actions Important human actions (IHAs) are identified, addressed, and tracked by the treatment of important human actions element of the HFE program. Features that provide for reliable implementation of potential IHAs are incorporated into the HSI design (e.g.,
| |
| alarms, controls, indications, and procedures).
| |
| As described in the human factors V&V implementation plan (Reference 9.2.2), IHAs are considered among the significant conditions, personnel tasks, and situational factors sampled during V&V activities as the ISV scenarios are developed. The ISV assesses the successful performance of the integrated crew and the HSI for potential IHAs. During V&V, HEDs are processed when discrepancies are found for any IHA. A description of how the HFE program addressed IHAs is submitted as part of the V&V results summary report.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 6.0 Additional Considerations for Human Factors Engineering Aspects of Control Room Modifications The licensee's responsibilities for HFE Program implementation begin when the licensee is granted a license by the NRC and the licensee's QAPD is approved. Approval of the QAPD establishes programs and processes comparable to those used in the NuScale HFE Program. After assuming HFE Program responsibility, a licensee institutes a Human Performance Monitoring Program to evaluate impacts on human performance going forward. The Human Performance Monitoring Program evaluates design change proposals for HSI design, procedures, or training against the design bases established for the as-built design.
| |
| The licensee's HFE Program should implement the guidance of NUREG-0711, Human Factors Engineering Program Review Model, Revision 3 (Reference 9.1.1).
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 7.0 Results Summary Report Completion of DI activities is tracked and confirmed by an ITAAC item. This confirmation ensures that the as-built design conforms to the final as-designed HSI configuration resulting from the HFE design process. Therefore, an RSR is not prepared for the DI element of the HFE program.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 8.0 NUREG-0711 Conformance Evaluation Table 8-1 indicates where each NUREG-0711, Rev. 3 (Reference 9.1.1) criterion is met in this IP.
| |
| Table 8-1 Conformance with NUREG-0711 Review Criteria Stated in NUREG-0711, Rev. 3 DI IP Section No. and paragraph 12.4 Review Criteria Section 1.2, all paragraphs 12.4.1 Final HFE Design Verification for New Plants and Section 3.0 Control Room Modifications
| |
| : 1. The applicant should evaluate aspects of the design that were not addressed in V&V by an appropriate V&V method.
| |
| Additional Information- Aspects of the design addressed by this criterion may include design characteristics, such as new or modified displays for plant-specific design features.
| |
| : 2. The applicant should compare the final HSIs, procedures, Section 4.0, all paragraphs.
| |
| and training with the detailed description of the design to The Human Factors Engineering verify that they conform to the planned design resulting from process does not review procedures as the HFE design process and V&V activities. This verification they are subject to the licensees QAP, should compare the actual HSI, procedures, and training that includes verification and validation materials to design descriptions and documents. Any of new and changed procedures.
| |
| identified discrepancies should be corrected, or justified.
| |
| The Human Factors Engineering Additional Information- Final design means the design existing in process does not review training as the the actual plant. licensee has its own program that is required to use the systematic approach to training. New or changed training is controlled and evaluated by the licensees program.
| |
| : 3. The applicant should verify that all HFE-related issues in the Section 2.0, all paragraphs issue-tracking system (Section 2.4.4) are adequately Section 4.0, all paragraphs addressed.
| |
| : 4. The applicant should provide a description of how the HFE Section 5.0, all paragraphs program addressed each important HA.
| |
| 12.4.2 Additional Considerations for Reviewing the HFE The remaining criteria are not applicable Aspects of Control Room Modifications to the NuScale HFE Program.
| |
| They are addressed as part of the In addition to any of the criteria above that are relevant to the licensee HFE Program in Section 6.0.
| |
| modification being reviewed, the following should be addressed.
| |
| 12.4.2.1 General Criteria for Plant Modifications
| |
| : 1. The applicant should provide reasonable assurance that the reactor fuel is safely monitored during the shutdown period while physical modifications to the control room are being made.
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Table 8-1 Conformance with NUREG-0711 (Continued)
| |
| Review Criteria Stated in NUREG-0711, Rev. 3 DI IP Section No. and paragraph
| |
| : 2. The applicant should verify that modifications in the plants The Human Factors Engineering procedures and training reflect changes in plant systems, process does not review procedures as personnel roles and responsibilities, and in HSIs resulting they are subject to the licensees QAP, from the new systems. that includes verification and validation of new and changed procedures.
| |
| The Human Factors Engineering process does not review training as the licensee has its own program that is required to use the systematic approach to training. New or changed training is controlled and evaluated by the licensees program.
| |
| : 3. Installation should be planned to minimize disruptions to work Section 6.0 of plant personnel.
| |
| : 4. The applicant should verify that operations and maintenance Section 6.0 personnel are fully trained and qualified to operate and maintain all modifications made to the plant before starting up with the new systems and HSIs in place.
| |
| : 5. The applicant should have a plan to monitor start-up and Section 6.0 initial operations after the modification to reasonably assure that:
| |
| * operational and maintenance problems arising from personnels interactions with the new systems, HSIs, and procedures are identified and addressed
| |
| * personnel are sufficiently familiar with the new systems, HSIs, and procedures to support safe operations and maintenance
| |
| * any negative transfer of training from the old removed HSIs to the corresponding new ones was identified and corrected
| |
| * no new problems are created by coordinating tasks between the remaining old HSIs and new HSIs
| |
| * no unanticipated negative effects on personnel interaction and teamwork have surfaced 12.4.2.2 Modernization Programs Consisting of Many Small Section 6.0 Modifications
| |
| : 1. The applicant should assure that each modification follows an HFE program that provides standardization and consistency (1) between old and new equipment, and (2) across the new systems being implemented.
| |
| : 2. The applicant should verify that new modifications fulfill a Section 6.0 clear operational need, and do not interfere with existing systems.
| |
| Additional Information- For example, the auditory alerts in a new HSI should not distract operators from addressing more important alarms.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Table 8-1 Conformance with NUREG-0711 (Continued)
| |
| Review Criteria Stated in NUREG-0711, Rev. 3 DI IP Section No. and paragraph 12.4.2.3 Modernization Programs Consisting of Large Section 6.0 Modifications during Multiple Outages
| |
| : 1. Interim configurations may exist for long times (e. g., a refueling cycle), and therefore, applicants should verify that they are acceptable from both engineering and operations perspectives and that they meet regulatory requirements. The applicants evaluations should include:
| |
| * PRA evaluations to ensure minimizing high-risk situations
| |
| * FSAR evaluations to assure defense against design basis accidents
| |
| * technical-specifications evaluations to determine if changes are needed
| |
| * defense in depth evaluations to ensure meeting the criteria in RG 1.174
| |
| : 2. The applicant should perform task analysis for each interim Section 6.0 configuration to verify that any task demands are known and do not degrade personnel performance.
| |
| : 3. The applicant should update the HRA to address any unique Section 6.0 tasks that may impact risk, as well as any changes to existing tasks due to the interim configuration.
| |
| : 4. The applicant should verify that the HSIs needed to perform Section 6.0 important tasks (as defined in Section 6) are consistent and standardized. Personnel should not have to use both old and new HSIs for different aspects of the same task.
| |
| : 5. The applicant should develop procedures for temporary Section 6.0 configurations of systems and HSIs that personnel use when the plant is not shutdown.
| |
| : 6. The applicant should develop training for temporary Section 6.0 configurations of systems, HSIs, and procedures that personnel can use when the plant is not shutdown.
| |
| : 7. The applicant should consider the following aspects of V&V: Section 6.0
| |
| * HFE Design Verification - Temporary configurations of the systems, HSIs, and procedures that operations and maintenance personnel employ when the plant is not shutdown should be reviewed to verify that their design is consistent with the principles of good HFE design (e.g.,
| |
| conforms to a plant-specific style guide or NUREG-0700).
| |
| * HSI Task-Support Verification - Temporary configurations of the systems, HSIs, and procedures, which operations and maintenance personnel may use when the plant is not shutdown, should be reviewed to verify that their design supports the intended tasks.
| |
| - Additional Information- For example, if a temporary configuration of plant systems introduces special monitoring requirements, then the HSIs should give the necessary information.
| |
| * ISV - Interim configurations should be validated if so warranted by the risk significance of the personnel tasks affected by them.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 Table 8-1 Conformance with NUREG-0711 (Continued)
| |
| Review Criteria Stated in NUREG-0711, Rev. 3 DI IP Section No. and paragraph 12.4.2.4 Modernization Programs Where both Old and New Section 6.0 Equipment are Left in Place
| |
| : 1. The applicant should identify and address negative effects on personnel performance due to control room or HSI clutter resulting from using old and new HSIs in parallel.
| |
| : 2. The applicant should identify and address negative effects on Section 6.0 personnel performance resulting from the simultaneous presence of parallel alarms.
| |
| : 3. The applicant should identify and address negative effects on Section 6.0 personnel performance resulting from differences in information from old and new systems on the same parameter or equipment.
| |
| : 4. The applicant should identify and address any safety Section 6.0 concerns from providing controls that operators can access from two different HSIs.
| |
| Additional Information- For example, a switch may be installed to select which HSI will control the equipment, thus preventing simultaneous control inputs.
| |
| 12.4.2.5 Modernization Programs Where New Non-functional Section 6.0 HSIs are in Place in Parallel with Old Functional HSIs
| |
| : 1. The applicant should evaluate the potential for negative effects on personnel performance due to control room or HSI clutter resulting from having old and new HSIs available in parallel. Where safety concerns are identified, the applicant should take measures to improve the HSIs.
| |
| : 2. The applicant should ensure that the non-functional state of Section 6.0 HSIs is clearly indicated.
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Design Implementation Implementation Plan TR-130418-NP Revision 0 9.0 References 9.1 Source Documents 9.1.1. U.S. Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model," NUREG-0711, Rev. 3, November 2012.
| |
| 9.2 Referenced Documents 9.2.1. Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| 9.2.2. Human Factors Engineering Verification and Validation Implementation Plan, TR-130415, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Licensing Technical Report Human Factors Engineering Task Analysis Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Task Analysis Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Task Analysis Team Composition and Responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.0 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1 Task Analysis Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Task Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.3 Task Determination Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.3.1 Normal, Abnormal, Emergency, and Alarm Response Procedure Tasks . . . . . 12 3.3.2 Surveillance, Test, Inspection, and Maintenance Procedure Tasks. . . . . . . . . . 13 3.3.3 Tasks with Potentially Negative Consequences (Not Identified as Important Human Actions) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.4 Operational Sequence Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.5 Detailed Task Narratives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.5.1 Time Required for Performing Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.5.2 Personnel Required for Performing Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.5.3 Task Support Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.5.4 Task Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.5.5 Inventory of Alarms, Controls, and Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.5.6 Knowledge and Abilities Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.6 Iterative Nature of Task Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.6.1 Functional Requirements Analysis and Function Allocation and Task Analysis Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.6.2 New Task Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.7 Analysis of Feasibility and Reliability for Important Human Actions. . . . . . . . . . . . . . . . 23 4.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Table of Contents 4.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 3-1 Task Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Table 3-2 VISION Icon Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 List of Figures Figure 2-1 Database Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Figure 3-1 Task Analysis Flow Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Figure 3-2 Operational Sequence Diagram Task Decomposition Example . . . . . . . . . . . . 15
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Abstract The task analysis is a significant element of the Human Factors Engineering Program. The purpose of the task analysis is to analyze human actions that are allocated to personnel during the function allocation process.
| |
| The functions allocated to plant personnel define the roles and responsibilities that can be accomplished via human actions or tasks. The results of the task analysis provide inputs to the following Human Factors Engineering activities: staffing and qualifications, human-system interface design, procedure development, training program development, treatment of important human actions, and task support verification (human factors verification and validation).
| |
| This implementation plan documents the methodology used in the task analysis process. The process used is consistent with the applicable provisions of Section 5 of NUREG-0711 (Reference 4.1.1).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Executive Summary Consistent with the guidance of NUREG-0711 (Reference 4.1.1) Section 5, the scope of the task analysis (TA) performed by NuScale includes a method to identify: the specific tasks, the personnel required to perform the tasks, and the alarms, displays, controls, and task support needed to perform those tasks.
| |
| Functions allocated to human and system resources are determined during the function allocation process and made into tasks. The tasks are arranged into specific job categories and assigned to staff positions (e.g., licensed and non-licensed operators). The alarms, displays, controls and task support needed are design inputs for developing staffing and qualifications, human-system interface design, procedure development, training program development, treatment of important human actions, and task support verification (human factors verification and validation).
| |
| This implementation plan is organized into four major sections and appendices. Section 1.0 describes the purpose and scope of the TA. Section 2.0 provides an overview of the TA implementation process and a description of the TA team composition and responsibilities.
| |
| Section 3.0 describes the methodology and specifies the criteria for performing the task analysis.
| |
| The source and referenced documents applicable to and used in the TA effort are listed in Section 4.0.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 1.0 Introduction 1.1 Purpose This implementation plan (IP) describes a methodology for the task analysis (TA) for the NuScale Power Plant as part of the Human Factors Engineering (HFE) Program. This IP also includes the methodology used to achieve the results. The inputs from the HFE Program elements are described and the outputs from the TA elements are identified.
| |
| 1.2 Scope This IP is focused on TA for activities performed by licensed operators in the main control room during normal, abnormal, and emergency operating conditions. Maintenance or refueling activities, activities completed by craft and technical personnel (e.g.,
| |
| mechanical, electrical, or instrumentation and control (I&C) maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities are not included in the TA focus unless those activities are determined to impact licensed operator workload.
| |
| The tasks selected for analysis represent a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions. The methodology for selection of the tasks is described in Section 3.2.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 1.3 Abbreviations Table 1-1 Abbreviations Term Definition D3CA diversity and defense-in-depth coping analysis DHRS decay heat removal system FA function allocation FRA/FA functional requirements analysis and function allocation HFE Human Factors Engineering HSI human-system interface I&C instrumentation and controls IHA important human action IP implementation plan KA knowledge and abilities MSIV main steam isolation valve OER operating experience review OSD operational sequence diagram PRA Probabilistic Risk Assessment RSR results summary report SME subject matter expert S&Q staffing and qualifications TA task analysis TIHA treatment of important human actions Table 1-2 Definitions Term Definition Element A discrete human action executed to support a task.
| |
| FRA/FA The identification of functions that must be performed to satisfy the nuclear power plants overall goals. Function allocation determines which tasks are manual, automatic, or a combination of the two.
| |
| FRA/FA & TA database The VISION Developer application is a relational database that is used to store the FRA/FA, task analysis, staffing and qualifications analysis, development of human-system interfaces (HSI), procedures, and training data. In this document it is also referred to as the FRA/FA & TA database or database.
| |
| Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| Plant functions The plant functions describe how the plant meets NuScales mission statement of safe, scalable, affordable, electrical generation using nuclear power.
| |
| SME An individual with appropriate knowledge in a specific area or discipline that has sufficient experience and education to competently develop or review a licensing topical report in that discipline.
| |
| Task A group of activities with a common purpose, often undertaken in close temporal proximity.
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Table 1-2 Definitions (Continued)
| |
| Term Definition Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 2.0 Implementation 2.1 Task Analysis Process Overview The purpose of TA is to systematically determine the requirements for information, control, and task support. The TA results establish HSI inventory requirements, including alarms, controls, displays, procedures, and training programs to support accomplishment of tasks. The TA encompasses a range of plant operating conditions, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions.
| |
| Input to TA from HFE Program elements include the following:
| |
| Tasks identified in the operating experience review (OER) as human performance issues are evaluated for similarity with tasks identified for the plant. The TA confirms that the human performance issues are resolved by the plant design or HSI. The TA also resolves task-related human engineering issues identified during OER.
| |
| Human actions, as determined in the functional requirements analysis and function allocation (FRA/FA) process (Reference 4.2.2), are decomposed during TA to identify control tasks and related monitoring tasks. Actions allocated to a machine (automation) are decomposed to identify tasks for monitoring and then TA confirms the allocations.
| |
| Important human actions (IHAs) identified by the Probabilistic Risk Assessment (PRA), transient and accident analysis, and diversity and defense-in-depth coping analyses (D3CA) are analyzed for feasibility and reliability in the TA. Time constraints on IHAs are analyzed to allow for performance-shaping factors and the necessary added time margins for completion of the task.
| |
| Output from TA to other HFE Program elements includes the following:
| |
| The HSI inventory and its characteristics generated by the TA include the alarms, controls, displays, and procedures needed to monitor plant-critical functions, as well as to monitor and control their success paths. The HSI design uses the detailed TA results and inventory of alarms, controls, and displays to establish alarm logic, display and control designs, procedure step acceptance criteria, and grouping of HSI inventory, especially for task-oriented screens. Staffing assumptions related to roles and responsibilities of operators and crew size are developed for the concept of operations portion of the HSI design.
| |
| Tasks are arranged into specific job categories and assigned to staff positions (e.g.,
| |
| licensed operators, non-licensed operators). These assignments are analyzed in the staffing and qualifications (S&Q) HFE element.
| |
| Tasks are assigned knowledge and abilities (KA) required to perform the tasks. These KA requirements provide the foundation for the Operator Training Program development.
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 The TA information is captured in the FRA/FA & TA database that contains the FRA/FA information and is described in further detail in Section 3.6.1. The database is divided into three hierarchies: analysis, objective design, and program development.
| |
| ((
| |
| }}2(a),(c)
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Figure 2-1 Database Structure
| |
| ((
| |
| }}2(a),(c) 2.2 Task Analysis Team Composition and Responsibilities The TA is conducted and supported by an experienced team that includes input from the HFE team and from the System Engineering, Safety Analysis, and Operations organizations. The qualifications of the HFE team members are as stipulated in the NuScale HFE Program Management Plan (Reference 4.2.1).
| |
| The TA team lead and the remainder of the team are selected by the HFE supervisor from the HFE team members. As described in the HFE Program Management Plan, the HFE supervisor has the authority and organizational placement to reasonably ensure that the tasks assigned to the TA personnel who do not directly report to the supervisor are completed.
| |
| The TA team includes an FRA/FA & TA database coordinator. Assigned by the team lead, the database coordinator is responsible for managing the information that is recorded in the FRA/FA & TA database.
| |
| The TA team includes senior reactor operators and other personnel with experience in the operation of commercial nuclear power plants.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 A TA team and TA team lead are selected by the HFE supervisor from available HFE team members to conduct TA. The TA team lead is responsible for organizing the TA team.
| |
| directing the development of the FRA/FA & TA database.
| |
| assigning team member responsibilities.
| |
| managing resources and review schedule.
| |
| ensuring that TA issues are completed with supporting documentation and entered into the Human Factors Engineering issue tracking system as necessary.
| |
| production of the FRA/FA & TA database reports.
| |
| Responsibilities of TA team members conducting the reviews and completing disposition of the individual review items include reviewing TA documentation for identification of
| |
| - accuracy of the functional requirements analysis.
| |
| - task determination.
| |
| reviewing the database and using reports to cross examine the results.
| |
| continuing revisions to the data as necessary.
| |
| The FRA/A & TA database coordinator is responsible for ensuring the data are properly entered in the database. The database coordinator is also responsible for formatting and running reports to provide output from the database.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.0 Methodology The HFE Program includes TA as part of a series of analyses that relies primarily on design documents, subject matter experts (SME), and operating experience. The TA is a resource for S&Q, development of HSI, procedures, and training programs. For efficiency, the team conducts the FRA/FA and TA in sequence or in parallel, depending on the complexity of the functions and associated tasks. Where functions and tasks are not complex, have low safety significance, or are not expected to vary significantly from how other commercial nuclear power plants conduct them, the FRA, FA, and TA sequence may extend further to include preliminary development of HSI, procedures, and training.
| |
| The TA methodology remains the same whether conducted alone or as the first step in a series. Rigid sequencing is not practical for HFE analyses as the iterative nature of both the design and the HFE process necessitates flexibility. For example, new or modified tasks in the task analysis would require updating the function allocation table; conversely, changes to the function allocation table are reflected in the task analysis. Those changes are made or the necessary changes become HFE issues and are tracked using Human Factors Engineering issues tracking system.
| |
| 3.1 Task Analysis Development The step sequence for TA development (Figure 3-1) is as follows:
| |
| : 1. screen for applicable tasks
| |
| : 2. develop detailed task narrative
| |
| : 3. decompose tasks
| |
| : 4. develop operational sequence diagram
| |
| : 5. verify IHAs
| |
| : 6. identify task attributes
| |
| : 7. identify high workload tasks
| |
| : 8. identify task job position
| |
| : 9. determine KAs
| |
| : 10. define task support requirements
| |
| : 11. identify performance shaping factors (assess workload)
| |
| : 12. determine inventory of components, alarms, displays, and controls to support accomplishment of tasks
| |
| : 13. output to HSI usability testing, control room staffing plan validation, procedures, and training
| |
| : 14. review modified tasks or new tasks for TA development
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Not all steps are conducted for each task. The TA is iterative and higher levels of analysis are conducted as the plant design progresses. Also, as noted below, more complex tasks result in more detailed task narratives and involve more aspects of the overall TA. The TA steps may be omitted or conducted out of sequence during some iteration. The overall TA process is shown in Figure 3-1.
| |
| Figure 3-1 Task Analysis Flow Path Task Analysis Inputs Representative modes of operation considered (non-inclusive list):
| |
| * FRA/FA
| |
| * operating experience
| |
| * safety analyses
| |
| * administrative processes New or Modified Tasks
| |
| * maintenance and surveillances
| |
| * design basis transients
| |
| * operations procedures, operational scenarios, integrated evolutions
| |
| * SME input Type of Tasks
| |
| * IHAs
| |
| * Plant operations (e.g., startup, normal operations, shutdown)
| |
| * Abnormal, transient, emergency, and severe accident conditions
| |
| * Alarm responses Task Screening
| |
| * Tasks with potentially negative consequences (not IHAs)
| |
| * New tasks or tasks performed differently in past designs
| |
| * Automation monitoring; automation failure or degradation
| |
| * Tasks anticipated to impose high demands on personnel (e.g.,
| |
| little time or high workload)
| |
| * Surveillance, test, inspection and maintenance procedures Develop Task Narratives
| |
| * Tasks with potential concerns for personnel safety Task Decomposition Create OSD when
| |
| * safety-related system failures Operational Sequence would result in challenge to a high Diagrams level function
| |
| * IHA Verify IHAs High workload tasks include: Define Task Support Identify Task Attributes
| |
| * IHA Requirements
| |
| * High stress
| |
| * High consequence Identify High Workload Tasks
| |
| * High coordination and communication Identify Performance Shaping
| |
| * High cognitive or physical Factors
| |
| * High frequency
| |
| * High time pressure or short response time Identify Task Job Position
| |
| * Abnormal and emergency conditions Determine Inventory Define Knowledges & Abilities Output to HSI Usability Testing, Workload Analysis, Procedures and Training
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.2 Task Identification Tasks to be analyzed represent a range of plant operating modes including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions.
| |
| All tasks, regardless of importance, are analyzed so that the full extent of the work load can be determined. Examples of tasks to be analyzed include, but are not limited to, the following:
| |
| The IHAs determined through the human reliability portion of the PRA and deterministic means (e.g., transient and accident analysis, D3CA). The TA for IHAs assumes use of the alarms, controls, displays, automation, and procedures that are normally available and operable during the scenario being analyzed.
| |
| Tasks not identified as IHAs through probabilistic or deterministic means but that have negative consequences if performed incorrectly.
| |
| Tasks that are identified to be new, compared to operating nuclear plants.
| |
| Tasks that, while not new, are performed differently from operating nuclear plants.
| |
| Tasks related to monitoring and control of automated systems that have augmented quality requirements, and to the use of automated support aids for personnel, such as computer-based procedures.
| |
| Tasks related to identifying the failure or degradation of automation, and implementing backup responses.
| |
| Tasks anticipated to impose high demands on personnel (e.g., administrative tasks that contribute to workload and challenge ability to monitor the plant).
| |
| Tasks that are undertaken during maintenance, tests, inspections, and surveillances.
| |
| Tasks with potential concerns for personnel safety.
| |
| Identification of tasks to be analyzed is performed by SMEs on the basis of their experience at operating nuclear plants. The process includes review of operating experience and available system design material.
| |
| 3.3 Task Determination Methodology 3.3.1 Normal, Abnormal, Emergency, and Alarm Response Procedure Tasks All tasks within scope are analyzed for normal, abnormal, and emergency response operating procedures. Tasks based on use of operating procedures are analyzed in greater detail in later iterations as the plant design progresses. Personnel performing the analyses include former operators of commercial U.S. nuclear power plants and other SMEs. Procedures are not available for initial TA; therefore, the tasks analyzed may be based on procedures from similar systems and processes.
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.3.2 Surveillance, Test, Inspection, and Maintenance Procedure Tasks Tasks related to surveillance, test, inspection, and maintenance procedures in the main control room performed by the control room staff are screened for applicability.
| |
| Human errors during the performance of surveillance, test, inspection, and maintenance procedures may result in components being in a state that induces a plant transient or triggers a precursor to a plant transient. In both cases, the surveillance, test, inspection, and maintenance actions are selected for task analysis to identify defenses against these errors. The process is iterative in nature and is kept current over the plant's life cycle, from design development through decommissioning.
| |
| Safety-related surveillance, test, inspection, and maintenance tasks are identified.
| |
| The SME reviews the design material available, including system design packages, piping and instrument diagrams, logic diagrams, and electrical schematics for each system the task involves, and determines the tasks necessary to perform the surveillance, test, inspection, and maintenance functions of the system. Surveillance, test, inspection, and maintenance activities identified through SME judgment as having challenged operating crews at commercial U.S. operating nuclear plants, or which potentially impact the ability of a NuScale Power Plant operating crew to manage up to six units in one control room, are selected for TA.
| |
| The SME documents the safety-related surveillance, test, inspection, and maintenance activities for each system using the technical specifications as the basis.
| |
| Systems are distributed among SMEs for this selection process.
| |
| 3.3.3 Tasks with Potentially Negative Consequences (Not Identified as Important Human Actions)
| |
| Negative consequences are defined as any action, task, or condition that places personnel, equipment, or the plant in jeopardy. Examples include a condition requiring an unplanned down power.
| |
| a condition requiring a reactor trip or initiation of emergency equipment.
| |
| an emergency action level declaration.
| |
| a condition that places the plant in an unplanned technical specification action statement entry that requires plant shutdown.
| |
| When selecting human actions that are not identified as IHAs but have potentially negative consequences (such as precursors to plant transients), SMEs review the OER, the PRA, and use their own experience. Activities related to transients or PRA that according to SME judgment were caused by challenges to operating crews at commercial U.S. operating nuclear plants or which potentially impact the ability of a NuScale Power Plant operating crew to manage multiple units in one control room are selected for TA. The SME documents the basis for selecting these activities for TA.
| |
| These tasks that have potentially negative consequences are considered; abnormal, emergency and annunciator response tasks and are covered in these procedures.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.4 Operational Sequence Diagrams An operational sequence diagram (OSD) is created for safety-related tasks and used to aid in evaluating the flow of information from the point where the operator first becomes involved with the system to the completion of the task. Information flow includes operator decisions, operator control activities, and the transmission of data. Operator actions are identified in a top-down sequential format. The objective is to show how the information flows between the operators and the HSI from the beginning to the end of the task. The sequencing of the tasks provides input for the plant operating procedures and defines the activities that plant personnel are trained to execute.
| |
| The functional allocation and task description provide the objective and operating parameters for operator tasks. In order to identify the stimulus and response relationship for each lowest level task, each task is decomposed by identifying the parent task, subtasks, and task elements.
| |
| Depending on their types and complexity, tasks may be performed sequentially, in parallel, or in any order. Tasks may also be conditional, may involve coordinated actions among crew members, or among crew members and local personnel.
| |
| Figure 3-2 is a simplified OSD example for the decay heat removal system (DHRS) showing how the task "Actuate DHRS" is decomposed into its tasks. The figure demonstrates the sequence and decision points the operator follows to verify DHRS is achieving the function of removing fuel bundle heat. The table at the bottom of the drawing identifies the tasks by number, which corresponds to the tasks in the drawing.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Figure 3-2 Operational Sequence Diagram Task Decomposition Example Safety Function:
| |
| DHRS Actuation Remove Fuel Assembly Heat (Safety Related)
| |
| Task 5b Task Functional Operate Individual Valves 3
| |
| * Close MSIVs DHRS actuate Requirement: No Task Task
| |
| * Close Feedwater isolations successfully?
| |
| Actuate DHRS
| |
| * Open DHRS actuation valves 11 1 No Transition to other methods of Yes core cooling DHRS actuate Yes Task successfully? Task 5a 6 Task Manually Initiate Verify DHRS is achieving 10 Stop DHRS DHRS by placing the function Close DHRS Actuation Valves DHRS Actuation switches to ACTUATE Task Task DHRS 9 4 achieving No Cool until DHRS Recognize Auto purpose? termination initiation has criteria met failed Yes No Task Task 7 8 Task No Task Cooldown rate Stop one loop 2 Yes 3 need reduced? of DHRS Automatically DHRS actuate Yes Initiated successfully?
| |
| Tasks Identified from function decomposition (1) Recognize DHRS actuation is needed (6) Verify DHRS is achieving function (2) Recognize DHRS has automatically initiated (7) Evaluate cooldown rate (3) Determine if DHRS successfully actuated (8) Stop one loop of DHRS cooling (4) Recognize DHRS failed to automatically initiate (9) Determine when DHRS should be terminated (5) Manually initiate DHRS (10) Stop DHRS operations (5a) Manually initiate DHRS (Actuation switches) (11) Determine the need to transition to other forms of core cooling (5b) Manually initiate DHRS with individual valve operation 3.5 Detailed Task Narratives For tasks that are screened in for TA, a detailed task narrative is written. The purpose of the narrative is to provide a description of the objectives of a specific system's operator tasks.
| |
| an overview of the activities personnel are expected to accomplish to complete the task.
| |
| a description of alarms, information, controls, and task support needed to accomplish the task.
| |
| a basic outline of the procedure steps.
| |
| Narrative descriptions of operator activities contain detail for an operator to correlate the described task to the results of the completed task analysis. The length of the narrative is
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 commensurate with the complexity of the task it describes. Each task narrative includes the following details:
| |
| task title and identifier alarms and cautions associated with the task or that aid in the completion of the task parameters the operator must know or be able to locate during performance of the task and a means of knowing if actions taken to attain parameters are adequate (feedback) decisions the operator must make in performing the task (the type of decision and how the operator evaluates choices before reaching a decision) action(s) expected of the operator, accuracy requirements for the action(s), time available for the action(s), and ergonomic properties of the controls for completion of the action communication needs for the operator and associated teammates and alternative communication methods workload (the anticipated or measured cognitive and physical workload needed to complete the task) tools, equipment, protective clothing, job aids, or procedures needed for the task workspace needed to perform the task and environmental conditions applicable for the task situational considerations (ways that situations affect the outcome of the task such as time pressure, extreme environments, and team staffing shortages) hazards and the means for identification and mitigation of hazards for completion of the task Task narratives are revised as relationships among tasks are better defined. The order and sequence of tasks selected for TA are crucial to understanding workload and communication needs.
| |
| 3.5.1 Time Required for Performing Tasks The time required to perform a task is a combination of cognitive processing time, physical movement time, and HSI response time (e.g., screen navigation, control operation, I&C platform processing, plant system response). Calculations of time required for task performance factor in decision making (which may or may not be part of cognitive processing depending on task complexity), communications with the operations team, task support requirements, situational and performance-shaping factors, and workplace factors and hazards for each step of a task.
| |
| The analysis of time required for IHAs is also based on a documented sequence of operator actions. The estimated time for operators to complete the credited action is sufficient to allow successful execution of applicable steps in the emergency operating procedure. Time estimates for individual task components (e.g.,
| |
| acknowledging an alarm, selecting a procedure, verifying that a valve is open, starting
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 a pump), and the basis for the estimates are established through a method applicable to the HSI characteristics of digital computer-based I&C.
| |
| The time available to perform the actions is based on analysis of the plant response to the anticipated operational occurrences, accidents, and infrequent and special events, in accordance with NUREG-0711 (Reference 4.1.1).
| |
| 3.5.2 Personnel Required for Performing Tasks The number of personnel required to perform each task is determined by the task narrative, complexity of the task, time required to perform the task, and the time available. The task narrative developed for basic TA includes such information as:
| |
| job function(s) or title(s) of person(s) who performs the task requirements for communication with other Operations personnel while performing the task how different levels of staffing affect the performance of a task the task time estimate Where detailed TA determines that workload for an individual task or analyzed sequence of tasks is excessive, an HFE issue is entered into the Human Factors Engineering issues tracking system database. Designers then have options such as re-allocation of functions, changes to operator roles and responsibilities, changes to the number of operators, and changes to the HSI design to address the issue.
| |
| 3.5.3 Task Support Requirements Task support requirements are defined during the early TA. However, if not known, a later TA iteration captures additional considerations, such as:
| |
| written job aids reference material calculation sheets tools equipment protective clothing instrument range instrument units instrument resolution - typically 1 percent of the range, but the SME may specify if other instrument refresh or update rate - considering limitations of the I&C platform instrument display characteristics
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 instrument trend requirements calculation automation requirements 3.5.4 Task Considerations Each task is evaluated to identify situational and performance-shaping factors that increase the cognitive workload and may influence human reliability. Examples include stress, reduced staffing, time pressure, and extreme environmental conditions. Table 3-1 shows how the HFE team compares the NUREG-0711 (Reference 4.1.1) with the NuScale attributes.
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Table 3-1 Task Considerations Topic Examples (NUREG-0711) Task Attribute (NuScale)
| |
| Alerts
| |
| * alarms and warnings
| |
| * alarms and warnings (alerts)
| |
| Information
| |
| * parameters (units, precision, and
| |
| * parameters (units, precision, and accuracy) accuracy)
| |
| * feedback needed to indicate adequacy of
| |
| * feedback needed to indicate adequacy of actions taken actions taken Decision-making
| |
| * decision type (relative, absolute,
| |
| * decision type (relative, absolute, probabilistic) evaluations to be performed probabilistic) evaluations to be performed Response
| |
| * actions to be taken
| |
| * actions to be taken (element steps)
| |
| * task frequency and required accuracy
| |
| * task frequency and required accuracy
| |
| * time available and temporal constraints
| |
| * time available (IHAs); task time (non-IHA)
| |
| (task ordering)
| |
| * time constraints
| |
| * physical position (stand, sit, squat, etc.)
| |
| * physical position (such as sit, stand)
| |
| * biomechanics
| |
| * biomechanics force required
| |
| * movements (lift, push, turn, pull, crank,
| |
| * biomechanics description (such as turn, etc.) pull)
| |
| * forces needed Teamwork and
| |
| * coordination needed between the team
| |
| * coordination needed between the team Communication performing the work performing the work
| |
| * personnel communication for monitoring
| |
| * communication with other groups information or taking control actions
| |
| * communication reporting
| |
| * external communication Workload
| |
| * cognitive workload
| |
| * cognitive workload
| |
| * physical workload
| |
| * physical workload
| |
| * overlap of task requirements (serial vs.
| |
| * overlap of task requirements (procedure parallel task elements) development)
| |
| * task relationships and task type Task Support
| |
| * special and protective clothing
| |
| * special and personnel protective
| |
| * job aids, procedures or reference equipment materials needed
| |
| * procedures
| |
| * tools and equipment needed
| |
| * job aids
| |
| * job aid description
| |
| * procedures
| |
| * procedure description
| |
| * reference material
| |
| * reference material description
| |
| * tools, materials, and equipment needed Workplace
| |
| * ingress and egress paths to the worksite
| |
| * ingress and egress paths to the worksite Factors
| |
| * workspace needed to perform the task (work paths)
| |
| * typical environmental conditions (such as
| |
| * workspace needed to perform the task lighting, temp, noise)
| |
| * typical environmental conditions (such as lighting, temp, noise)
| |
| Situational and
| |
| * stress
| |
| * stress Performance
| |
| * time pressure
| |
| * time pressure Shaping Factors
| |
| * extreme environmental conditions
| |
| * extreme environmental conditions
| |
| * reduced staffing
| |
| * staffing conditions Hazard
| |
| * identification of hazards involved, e.g.,
| |
| * hazards Identification potential personal injury
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.5.5 Inventory of Alarms, Controls, and Displays Plant operations SMEs determine the HSI inventory by reviewing the detailed task analysis results for each task and identifying the alarms, controls, and displays required on the appropriate HSI to execute the task. The HSI inventory and characterization process is described in Human Factors Engineering Human-System Interface Design Implementation Plan (Reference 4.2.3).
| |
| For alarms and displays, the SME conducting TA for that task considers and documents the following:
| |
| parameter - description and instrument number (if available) range units resolution - typically 1 percent of the range, but the SME may specify, if other refresh or update rate - considering limitations of the I&C platform display characteristics trend requirements calculation automation requirements alarms - criteria for and levels of alarms are established during HSI design; descriptions rather than setpoints are acceptable for earlier TA iterations For controls, the SME conducting TA for that task considers and documents the following:
| |
| equipment control requirements control function type and description indication of status alarm functionality - such as loss-of-power, mismatch between signal and position, thermal or high power overload, high vibration conditions when the controls will be interlocked, blocked, or overridden Note that the TA subject matter expert uses qualitative language to define alarm and control setpoints (e.g., high, low), but actual setpoint determination is made by the plant designers.
| |
| 3.5.6 Knowledge and Abilities Identification In addition to the attributes included in the detailed task narrative, each task is analyzed to determine the KA needed for success of the task. The KA is used to complete other HFE activities such as the training program content and S&Q. The NuScale KAs are benchmarked against a modern pressurized water reactor using NUREG-2103 "Knowledge and Abilities Catalog for Nuclear Power Plant Operators:
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 Westinghouse AP1000 Pressurized Water Reactors - Final Report" (Reference 4.2.5), and a gap analysis is performed. The results of this analysis are used to develop the NuScale-specific KA catalog to address the unique characteristics of the NuScale Power Plant design.
| |
| The results of this analysis are used to develop the NuScale-specific KA catalog written to specifically address the unique nature of the design (e.g., the design does not include reactor coolant pumps so the NuScale KA catalog contains no KAs related to operation of reactor coolant pumps, but does include KAs related to monitoring natural circulation of core flow).
| |
| 3.6 Iterative Nature of Task Analysis The HFE Program itself is iterative in that elements of the program provide inputs to other elements and some design issues are only resolved by changing assumptions or re-analyzing based on new data. For example, applicable human engineering discrepancies initiated during OER and FRA/FA are resolved in TA, while TA output includes:
| |
| early definition of roles and responsibilities for individuals that are analyzed in S&Q for an overall Operations team view.
| |
| a list of HSI inventory and characteristics for HSI design.
| |
| information and controls needed for task support that are used for procedure development.
| |
| determination of required KA, which leads to learning objectives for training program development.
| |
| When problems arise during HFE Program activities after TA, human engineering discrepancies are initiated; resolution of those human engineering discrepancies may result in changes to or re-work of the TA.
| |
| In addition, since TA is conducted for some plant systems before other system designs have commenced, system and component design changes may result in changes to systems previously designed. In these cases, TA input assumptions are likely to change.
| |
| Task analysis SMEs revise the TA as details of the plant, system, or component designs emerge.
| |
| 3.6.1 Functional Requirements Analysis and Function Allocation and Task Analysis Database The VISION developer application is a relational database that is used to store the FRA/FA, TA, and staffing and qualifications data. In this document it is also referred to as the FRA/FA & TA database, or database. The TA results of NuScale systems are available in the database.
| |
| Example screenshots from the database are provided below. The letters and icons in the hierarchy used in the database are described in Table 3-2. Database hierarchy is
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 arranged in such a way to lay a foundation for training, task analysis, staffing and qualifications, and HSI. The image inset in the database screenshot is an illustration of the cross-reference table, where the data are stored for each item in the hierarchy.
| |
| The cross-reference tables allow for retrieval of the data in many different forms and allows for the data to be changed in one location and used for different outputs.
| |
| Table 3-2 VISION Icon Descriptions Icon Icon Title Description Organizer Top level of a Project Responsibility Area The NuScale system Introduction & FRA/FA Design categories (FRA/FA)
| |
| Function Designates a system level function (Task Analysis)
| |
| Phase Aspects of the FRA/FA A well-defined unit of work having an identifiable beginning and end, which is Task a measurable component of a specific job (Task Analysis)
| |
| Element Steps in the procedure (Task Analysis)
| |
| Job Position A way to determine the roles and responsibilities of a task (Task Analysis)
| |
| Skills & Knowledge Describes knowledges and abilities required to perform a task 3.6.2 New Task Criteria New tasks are developed if they are identified as tasks for new systems compared to existing nuclear plants or tasks that, while not new, are performed significantly differently from existing plants. NuScale uses the following criteria for determining if a task should be considered new.
| |
| The system is unique or modified significantly for NuScale or not commonly used in the commercial industry.
| |
| Any component or feature that is unique or modified significantly to NuScale or not commonly used in the commercial industry.
| |
| Any component or feature that has a high reliance on automation.
| |
| Tasks that are considered new to NuScale are linked to the New Task table in VISION.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 3.7 Analysis of Feasibility and Reliability for Important Human Actions The feasibility and reliability analysis for IHAs addresses the following:
| |
| time available and time required to perform actions use of techniques to minimize bias sequence of actions estimated time for operators to complete credited actions Time available to perform actions is the length of time from the initiation of the task to the time the task needs to be completed as defined in the analysis, which identifies the IHA (e.g., PRA, D3CA, and transient and accident analysis). Applicable regulatory guidance is considered for the analyses that determine each IHA, and for a task that industry experience identifies as a potential IHA. The time available is based on plant response to the anticipated operational occurrence or accident.
| |
| As discussed in Section 3.5.1, the time required to complete a task considers cognitive processing time, physical movement time, and HSI response time. The time-required calculation is based on an understanding of the sequence of operator actions and takes into account secondary tasks. Time-required estimates for IHAs are simulated and measured when feasible, or obtained through operator and expert interviews, software modeling of human behavior during tasks, and OERs. The NuScale Power Plant US460 standard design does not include IHAs. The Treatment of Important Human Actions Results Summary Report contains more information (Reference 4.2.4).
| |
| © Copyright 2022 by NuScale Power, LLC 23
| |
| | |
| Human Factors Engineering Task Analysis Implementation Plan TR-130413-NP Revision 0 4.0 References 4.1 Source Documents 4.1.1. U.S. Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model," NUREG-0711, Rev. 3, 2012.
| |
| 4.2 Referenced Documents 4.2.1. Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| 4.2.2. Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan, TR-124333, Revision 0.
| |
| 4.2.3. Human Factors Engineering Human-System Interface Design Implementation Plan, TR-130417, Revision 0.
| |
| 4.2.4. Human Factors Engineering Treatment of Important Human Actions Results Summary Report, TR-130416, Revision 0.
| |
| 4.2.5. U.S. Nuclear Regulatory Commission, "Knowledge and Abilities Catalog for Nuclear Power Plant Operators: Westinghouse AP1000 Pressurized Water Reactors - Final Report," NUREG-2103
| |
| © Copyright 2022 by NuScale Power, LLC 24
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Licensing Technical Report Human Factors Engineering Program Management Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.0 Human Factors Engineering Program Goals and Scope . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Program Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Program Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 Assumptions and Constraints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.2 HFE Program Duration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.3 Applicable Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.4 Applicable Human-System Interfaces, Procedures, and Training . . . . . . . . . . . . 6 2.2.5 Applicable Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.6 Effects of Modifications on Personnel Performance. . . . . . . . . . . . . . . . . . . . . . . 7 2.3 Abbreviations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.0 Human Factors Engineering Team, Qualifications, and Organization . . . . . . . . . . 10 3.1 Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Organizational Placement and Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3 Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.4 Team Staffing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.0 Human Factors Engineering Processes and Procedures . . . . . . . . . . . . . . . . . . . . 14 4.1 General Process Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.1 Human Factors Engineering Team Assignment. . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.2 Internal Management of the HFE Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.3 Making Decisions on Management of the HFE Program . . . . . . . . . . . . . . . . . . 14 4.1.4 Making HFE Design Decisions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.5 Controlling Changes in Design of Equipment. . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.1.6 Review of Human Factors Engineering Products. . . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Process Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.3 Integration of Human Factors Engineering and Other Plant Design Activities. . . . . . . . 15 4.4 Human Factors Engineering Program Milestones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.5 Human Factors Engineering Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.6 Subcontractor HFE Efforts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table of Contents 5.0 Human Factors Engineering Issue Tracking System . . . . . . . . . . . . . . . . . . . . . . . . 18 5.1 Availability of Human Factors Engineering Issue Tracking System . . . . . . . . . . . . . . . . 18 5.2 Human Factors Engineering Issues Tracking Methodology. . . . . . . . . . . . . . . . . . . . . . 18 5.3 Human Factors Engineering Issues Tracking Documentation . . . . . . . . . . . . . . . . . . . . 19 5.4 Human Factors Engineering Issues Tracking Responsibilities . . . . . . . . . . . . . . . . . . . 19 5.4.1 Supervisor, Human Factors Engineering Team . . . . . . . . . . . . . . . . . . . . . . . . . 19 5.4.2 Human Factors Engineering Issue Tracking System Team Lead . . . . . . . . . . . 19 5.4.3 Human Factors Engineering Issues Tracking System Administrator . . . . . . . . . 20 5.4.4 HFE Team Member Issue Evaluator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.4.5 Issue Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.4.6 HFEITS Review Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.4.7 Human Engineering Discrepancy Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.4.8 HED Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6.0 Human Factors Engineering Technical Program Elements. . . . . . . . . . . . . . . . . . . 24 6.1 Operating Experience Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.2 Functional Requirements Analysis and Function Allocation . . . . . . . . . . . . . . . . . . . . . 25 6.3 Task Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 6.4 Staffing and Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 6.5 Treatment of Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 6.6 Human-System Interface Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 6.7 Procedure Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.8 Training Program Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.9 Human Factors Verification and Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.10 Design Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6.11 Human Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 7.0 NUREG-0711 Conformance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 8.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 8.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Appendix A NuScale HFE Program Design Integration. . . . . . . . . . . . . . . . . . . . . . . . . . .A-1
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 List of Tables Table 2-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Table 2-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Table 3-1 Human Factors Engineering Team Member Qualifications . . . . . . . . . . . . . . . . 12 Table 4-1 Human Factors Engineering Program and Design Activity Milestones . . . . . . . 16 Table 7-1 Conformance with NUREG-0711 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 List of Figures Figure 5-1 Human Factors Engineering Issues System Process . . . . . . . . . . . . . . . . . . . . 21 Figure 5-2 Human Engineering Discrepancy Resolution Process. . . . . . . . . . . . . . . . . . . . 23 Figure A-1 NuScale and Human Factors Engineering Program Design Integration . . . . . .A-2 Figure A-2 Human Factors Engineering Program Process . . . . . . . . . . . . . . . . . . . . . . . . .A-4
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Abstract NuScale Power, LLC (NuScale) has developed a Human Factors Engineering (HFE) Program for the NuScale Power Plant utilizing proven HFE technology and incorporating accepted HFE principles, standards, and guidelines. The overall HFE Program incorporates twelve HFE elements under four general activities including planning and analysis, design, verification and validation, and implementation and operation. The planning and analysis activity includes an HFE Program management element for the management of the overall HFE Program to ensure that the HFE Program is properly developed, executed, overseen, and documented. This program management plan describes the HFE Program management element, and is consistent with the applicable guidelines of Section 2 of NUREG-0711, Revision 3 (Reference 8.1.1).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Executive Summary The Human Factors Engineering (HFE) Program incorporates 12 HFE elements under four general activities in accordance with the guidance of NUREG-0711:
| |
| planning and analysis
| |
| - HFE Program management
| |
| - operating experience review
| |
| - functional requirements analysis and function allocation
| |
| - task analysis
| |
| - staffing and qualifications
| |
| - treatment of important human actions design
| |
| - human-system interface design
| |
| - procedure development
| |
| - training program development verification and validation
| |
| - human factors verification and validation implementation and operation
| |
| - design implementation
| |
| - human performance monitoring The HFE Program management element falls under the planning and analysis activity, and its purpose is to ensure that the HFE Program is properly developed, executed, overseen, and documented. This program management plan describes NuScale's overall plan to accomplish this goal. Consistent with the guidance of NUREG-0711, the topics of discussions in this program management plan include the HFE Program scope, team, processes and procedures, and tracking of HFE issues.
| |
| This program management plan also provides a summary of the remaining eleven HFE elements, and identifies the elements that are beyond the scope of the standard design.
| |
| Specifically, activities associated with procedure development, training program development, and human performance monitoring elements are the responsibility of a licensee. Additional details on the implementation methodology and the results of analyses for the applicable HFE elements are contained in the associated implementation plans or the results summary reports.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 1.0 Purpose This NuScale Human Factors Engineering (HFE) Program management plan (PMP) describes how HFE is incorporated into the design of human-system interfaces (HSIs),
| |
| procedures, and training. Human factors engineering is also applied to aspects of the overall plant design as described in Section 2.2.1. As part of the Operations organization, the HFE team ensures that the processes detailed in this plan are integrated into the analysis, development, design, and operation of the NuScale Power Plant.
| |
| The purpose of this Human Factors Engineering PMP is to describe the following:
| |
| HFE Program goals and scope HFE team, qualifications, and organization HFE processes and procedures HFE Issues Tracking System (HFEITS)
| |
| HFE technical program elements The scope of this Human Factors Engineering PMP is consistent with the applicable guidance of Section 2 of NUREG-0711, Revision 3.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 2.0 Human Factors Engineering Program Goals and Scope 2.1 Program Goals The goal of this PMP is to describe how the overall NuScale HFE Program implementation is conducted to comply with regulatory requirements 10 CFR 50.34(f)(2)(iii) (Reference 8.2.1) and 10 CFR 52.47(a)(8) (Reference 8.2.2) regarding the use of state-of-the-art human factors principles.
| |
| The primary goal of the NuScale HFE Program is to provide a "human-centered" approach for plant operators and technicians to control plant processes and equipment safely and reliably so that the tasks can be accomplished by personnel within the required time frame and according to defined performance criteria (e.g., HSI navigation and system response time, human-human interaction).
| |
| HSI, procedures, staffing and qualifications (S&Q), training, management, and organizational arrangements support optimum performance and situational awareness.
| |
| design supports personnel in maintaining vigilance over plant operations and provides acceptable workload levels (i.e., minimize periods of under- and over-load).
| |
| design of the HSI serves to minimize personnel errors and supports error detection and recovery capability.
| |
| As the program develops, the program goals are further defined and used as a basis for HFE tests and evaluations.
| |
| 2.2 Program Scope 2.2.1 Assumptions and Constraints The following assumptions and constraints shape the HFE Program:
| |
| Passive Features The NuScale Power Plant is designed with passive features to make it inherently safe and to reduce the need for operator interaction.
| |
| Reactor coolant flow is circulated without the use of reactor coolant pumps enabling passive cooling.
| |
| Safety systems are designed with passive and fail-safe features.
| |
| Decay heat is removed to the ultimate heat sink without the use of pumps or the need for electric power.
| |
| No operator actions are necessary for a minimum of 72 hours following a design basis event.
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Modular Design The NuScale Power Plant is capable of operating up to six units. The NuScale Power Plant is considered a modular design because operation of the first module can begin before successive modules are installed.
| |
| refueling of individual modules can occur with others online.
| |
| systems (e.g., pool cooling water, instrument air, ventilation, radioactive waste, and component cooling water, fire protection, the alternating current electrical) are shared across up to six units.
| |
| up to six units are controlled from a single main control room (MCR).
| |
| High Degree of Automation The NuScale Power Plant is highly automated to reduce the need for operator actions and allow for monitoring multiple units simultaneously.
| |
| Steady state routine operating tasks are automated to the extent that human interactions to start, stop, or suspend automated sequences do not distract the operator.
| |
| The HSIs support operator monitoring and management of automated actions and sequences. Within limits, automated actions and sequences may be altered or suspended by the operator. Automated actions or sequences initiated in response to off-normal conditions or emergencies also make available to the operator information on why the actions were required and what actions have been or must be performed.
| |
| Shutdown functions are automated to the extent that one operator at the controls can maneuver a unit from power operations to cold shutdown within a finite period of time. In off-normal conditions requiring unit shutdown, the operating crew may suspend nonessential activities, to provide appropriate resources to address the off-normal condition. Note: One operator at the controls is a design goal, rather than a constraint. The HFE analyses and HSI design activities determine if this is possible while still meeting the HFE Program goals.
| |
| Most operability surveillance tests are sequences initiated by operators or executed (i.e.,configuration verified, test conditions verified, data collected, and results checked against acceptance criteria) by automation. Note: The design goal is to automate as much surveillance testing as is feasible considering technical specifications, regulation, and operator situational awareness.
| |
| Computer-based procedures for normal, abnormal, and emergency operations and alarm response are text-based.
| |
| Main Control Room Operators The staffing evaluations are based on activities performed by licensed control room operators. Staffing analysis for maintenance or refueling activities; activities completed by craft or technical personnel (e.g., mechanical, electrical, or
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 instrumentation and controls (I&C) maintenance; health physics; chemistry; engineering; or information technology); or activities associated with the Technical Support Center (TSC), Emergency Operations Facility (EOF), or other Emergency Response facilities are included only if they are determined to impact licensed operator workload. When licensed operator workload is impacted, then the area of concern is analyzed to quantify the impact to licensed operator workload or staffing, and develop HSI or staffing adjustments required to address the specific task and associated staffing requirements.
| |
| The numbers and qualifications of non-licensed operator personnel, including technicians and maintenance staff, are the responsibility of a licensee, and are not analyzed by the NuScale HFE Program.
| |
| Reference 8.2.9 provides more information on the methodology and results of staffing evaluations.
| |
| 2.2.2 HFE Program Duration The NuScale HFE Program is applicable from the start of conceptual design through turnover to the licensee. After plant turnover to the owner, an established Human Performance Monitoring Program maintains the HFE Program design data and appropriate processes.
| |
| 2.2.3 Applicable Facilities The scope of the NuScale HFE Program includes the alarms, controls, indications, and procedures applicable to the MCR and other operator enabled workstations connected to the module control system and plant control system. The HSIs at any other operator enabled workstation are an extension of the controls available in the MCR. Access may be limited based on location and operator login, or fully enabled in the event of MCR evacuation. The HSIs of the TSC, the EOF, and local control stations (LCS) are also included implicitly because their HSIs are derivatives of the main control room human-system interface. The EOF and the TSCwill comply with the guidance of NUREG-0696, Functional Criteria for Emergency Response Facilities.
| |
| The HSI in the TSC and EOF are derivatives of the main control room human-system interface and comply with the HSI Style Guide; however, these HSIs are for information display only. No control functions are provided in any of the Emergency Response facilities. For these facilities, the program scope is limited to defining the plant data and their HSIs impact on licensed operator workload.
| |
| 2.2.4 Applicable Human-System Interfaces, Procedures, and Training The HSI design process represents the translation of function, allocation, and task requirements into HSI characteristics and implementation strategies. The HSI design inputs include the following:
| |
| operating experience review (OER) functional requirements analysis and function allocation (FRA/FA)
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 task analysis (TA)
| |
| S&Q treatment of important human actions (TIHA) concept of operations I&C systems design system requirements HSI Style Guide The HFE Program supports procedure and training program development for normal operating, abnormal operating, emergency operating, alarm response, and accident management activities performed or supervised by licensed operators.
| |
| In addition, the program provides appropriate inputs to the training programs for the personnel identified in 10 CFR 50.120 (Reference 8.2.3), including I&C technicians.
| |
| electrical and mechanical maintenance personnel.
| |
| radiological protection personnel.
| |
| chemistry technicians.
| |
| engineering support personnel.
| |
| other personnel who perform tasks directly related to plant safety, such as information technology technicians who troubleshoot and maintain support systems and their HSIs.
| |
| 2.2.5 Applicable Personnel The number and qualifications of operators including licensed control room operators as defined in 10 CFR 55 (Reference 8.2.4) and the control room supervisor and shift manager, are analyzed and defined by the NuScale HFE Program as described in Section 6.4.
| |
| 2.2.6 Effects of Modifications on Personnel Performance The HFE design process described in program elements up to and including design implementation (DI) evaluates the effect on personnel performance for modifications in the plant design performed before completion of startup testing that affect HSI design, procedures, or training. These evaluations occur directly or through the resolution of human engineering discrepancies (HEDs).
| |
| The licensee institutes a Human Performance Monitoring (HPM) Program to continuously evaluate impacts on human performance going forward. The HPM Program is described in Section 6.11.
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Separate from HPM, licensees conduct plant modifications in accordance with regulatory requirements such as 10 CFR 50.59, Changes, Tests, and Experiments.
| |
| These requirements invoke additional HFE analysis or testing as deemed necessary by the licensee's site-specific HFE team. The plant modification process is outside the scope of HPM.
| |
| 2.3 Abbreviations and Definitions Table 2-1 Abbreviations Term Definition CFR U.S. Code of Federal Regulations DI design implementation DIHA deterministically important human actions EOF Emergency Operations Facility FRA/FA functional requirements analysis and function allocation HA human action HED human engineering discrepancy HFE Human Factors Engineering HFEITS Human Factors Engineering Issues Tracking System HPM human performance monitoring HRA human reliability analysis HSI human-system interface I&C instrumentation and control IP implementation plan ISV integrated system validation ITAAC Inspections, Tests, Analyses, and Acceptance Criteria LCS local control stations MCR main control room NRC U.S. Nuclear Regulatory Commission OE operating experience OER operating experience review PMP program management plan PRA Probabilistic Risk Assessment QAPD Quality Assurance Program Description QMP quality management plan RIHA risk-important human actions RSR results summary report S&Q staffing and qualifications SME subject matter expert SRO senior reactor operator TA task analysis TIHA treatment of important human actions TSC Technical Support Center V&V verification and validation
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 2-2 Definitions Term Definition Simulator Review Board The Simulator Review Board reviews the results of simulator testing and compares them to analysis and engineering calculations to certify that the simulator reflects the plant design. This board consists of representatives from Safety Analysis, Probabilistic Risk Assessment (PRA), Engineering, and Operations. Their review is focused on realism to the operator and model validity.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| HFE Design Team The HFE Design Team reviews HEDs and determines the appropriate design changes to the HSI or plant design to resolve the HED. This group consists of members of the HFE team.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 3.0 Human Factors Engineering Team, Qualifications, and Organization 3.1 Responsibility Before HFE Program turnover, the NuScale HFE team is the primary organization that is responsible for the overall HFE Program. Specifically, the HFE team is responsible for developing HFE implementation plans (IP), procedures, and results summary reports (RSR), and ensuring HFE activities' compliance with the HFE plans and procedures.
| |
| scheduling and overseeing HFE activities in HFE design, development, test, and evaluation as appropriate, and verifying that the team's recommendations are implemented.
| |
| HFE reviews of documents produced by other engineering disciplines.
| |
| initiating, evaluating, resolving or ensuring resolution of, and maintaining tracking records for HFE issues noted during design activities for all engineering disciplines (Section 5.0, Human Factors Engineering Issue Tracking System [HFEITS]).
| |
| 3.2 Organizational Placement and Authority The HFE team consists of two groups. The core group comprises those members who report to the HFE supervisor. The other group is not a specific organization. This group includes simulator engineers and various members of the Design Engineering organization such as System Engineering, Probabilistic Risk Assessment, Safety Analysis, and Mechanical Engineering. These members do not report to the HFE supervisor from a functional organizational perspective; rather, they are distributed throughout the design organization and represent expertise available to the core HFE team on an as-needed basis. Although these personnel do not report to the HFE supervisor, they are part of the HFE team, and take direction from the HFE supervisor while performing HFE activities. Accordingly, the HFE supervisor exercises sufficient authority and control over these personnel to reasonably ensure HFE tasks assigned to them are completed. The list and qualifications of the HFE team members are discussed in Section 3.3.
| |
| The HFE team members that report directly to the HFE supervisor are a diverse group that includes human factors engineers that have received formal HFE training.
| |
| experienced operators that have held NRC-issued reactor operator and senior reactor operator licenses with varying backgrounds in areas such as training, engineering, maintenance, and licensing.
| |
| NuScale has integrated human factors engineers and operators into a group reporting to the HFE supervisor. This supervisor reports to a Plant Operations manager or director, who in turn reports to an Executive. The result is a diverse team with common interests that have significant authority to influence, establish design standards, and advise design engineers. This influence ensures the integration of systems into an operationally safe design.
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 The HFE supervisor has ultimate responsibility for scheduling and oversight of the various HFE activities and is the owner of the HFEITS database. The HFE supervisor or other members of the HFE team elevate issues within the management chain as necessary utilizing appropriate NuScale programs and tools.
| |
| The HFE Program is applicable from the start of conceptual design through completion of plant startup testing. Changes to the HFE organization and responsibilities may occur during construction and startup. A licensee is responsible for ensuring that transitions among responsible organizations are made as necessary and appropriate.
| |
| 3.3 Composition As discussed in Section 3.2, the HFE team includes personnel that report directly to the HFE supervisor, and various other personnel distributed throughout the organization who do not directly report to the HFE supervisor. The HFE team incorporates, at a minimum, the expertise described in the appendix of NUREG-0711, Revision 3 (Table 3-1). The experience and education levels of the members of the core HFE team meet many of the requirements listed in Table 3-1; however, both the core HFE team and the HFE team members distributed throughout the organization combined together meet the required experience and qualifications as listed in Table 3-1.
| |
| Alternative personal credentials may be accepted as the basis for satisfying these specific minimum qualifications for team membership. Acceptance of such credentials is evaluated on a case-by-case basis and approved, documented, and retained by the applicant in auditable files. The following factors are examples of alternative credentials that may be considered acceptable:
| |
| Successful completion of technical portions of an engineering, technology, or related science baccalaureate program may be substituted for the bachelor's degree.
| |
| Successful completion is be determined by a transcript or other certification by an accredited institution. For example, completion of 80 semester credit hours may be substituted for the baccalaureate requirement. The courses must be in technical subjects appropriate and relevant to the skill areas of the HFE Design Team for which the individual will be responsible.
| |
| Related experience may be substituted for education at the rate of six semester credit hours for each year of experience, up to a maximum of 60 credit hours.
| |
| Where course work is related to job assignments, post-secondary education may be substituted for experience at the rate of two years of education for one year of experience. Total credit for post-secondary education can not exceed two years of experience credit.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 3-1 Human Factors Engineering Team Member Qualifications Technical Discipline Minimum Qualifications Technical Project
| |
| * Bachelors degree Management
| |
| * 5 years of experience in nuclear power plant design or operations
| |
| * 3 years of management experience Systems Engineering
| |
| * Bachelor of Science degree
| |
| * 4 years of cumulative experience in at least three of the following areas of systems engineering:
| |
| *design
| |
| *development
| |
| *integration
| |
| *operation
| |
| *test and evaluation Nuclear Engineering
| |
| * Bachelor of Science degree
| |
| * 4 years of nuclear design, development, test, or operations experience HSI or I&C Engineering
| |
| * Bachelor of Science degree
| |
| * 4 years of experience in design of hardware and software aspects of process control systems
| |
| * Experience in at least one of the following areas of engineering:
| |
| *design
| |
| *power plant operations
| |
| *test and evaluation
| |
| * Familiarity with the theory and practice of software quality assurance and control HFE
| |
| * Bachelor's degree in HFE, engineering psychology, or related science
| |
| * 4 years of cumulative experience related to the human factors aspects of human-computer interfaces. Qualifying experience should include at least the following activities within the context of large-scale human-machine systems (e.g., process control):
| |
| *design
| |
| *development
| |
| *test and evaluation
| |
| * 4 years of cumulative experience related to the human factors aspects of workplace design. Qualifying experience should include at least two of the following activities:
| |
| *design
| |
| *development
| |
| *test and evaluation Plant Operations
| |
| * Has, or has held, an SRO license
| |
| * 2 years of experience in relevant nuclear power plant operations Computer System or
| |
| * Bachelor's degree in electrical engineering or computer science, or graduate Simulator Engineering degree in another engineering discipline (e.g., mechanical engineering or chemical engineering)
| |
| * 4 years of experience in the design of digital computer systems and real-time systems applications
| |
| * Familiarity with the theory and practice of software quality assurance and control Plant Procedure
| |
| * Bachelor's degree Development
| |
| * 4 years of experience in developing nuclear power plant operating procedures Personnel Training
| |
| * Bachelor's degree
| |
| * 4 years of experience in the development of personnel training programs for power plants
| |
| * Experience in the application of systematic training development methods
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 3-1 Human Factors Engineering Team Member Qualifications (Continued)
| |
| Technical Discipline Minimum Qualifications Safety Analysis
| |
| * Bachelor of Science degree
| |
| * 4 years of experience in system safety engineering Maintainability/
| |
| * Bachelor of Science degree Inspectability
| |
| * 4 years of cumulative experience in at least two of the following areas of power Engineering plant maintainability and inspectability engineering activity:
| |
| *design
| |
| *development
| |
| *integration
| |
| *test and evaluation
| |
| * Experience in analyzing and resolving plant system and equipment-related maintenance problems Probabilistic Risk
| |
| * Bachelor's degree Assessment
| |
| * 4 years of cumulative experience in at least two of the following areas of power plant reliability engineering activity:
| |
| *design
| |
| *development
| |
| *integration
| |
| *test and evaluation
| |
| * knowledge of computer-based, human-interface systems 3.4 Team Staffing The HFE supervisor assigns members of the HFE team (including personnel from outside the Plant Operations organization) to HFE activities to ensure that the necessary expertise is applied in performing those activities. Members of the core HFE team are assigned as leads and owners of various HFE related areas. For example, each core HFE team member is assigned a group of systems and is the primary interface and representative with engineering for that system. Additionally, this person is responsible for completing the work in support of FRA/FA, TA, HSI, procedures, and training development for the systems assigned. This person also performs the system design document and functional specification reviews for the assigned group of systems.
| |
| Members of the core HFE team are also assigned as functional leads for nonsystem areas such as PRA, emergency planning, and simulator design.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 4.0 Human Factors Engineering Processes and Procedures 4.1 General Process Procedures 4.1.1 Human Factors Engineering Team Assignment The HFE supervisor assigns personnel from throughout the organization so that the required expertise, knowledge, and experience are applied to each HFE activity. The IPs and RSRs describe the expertise utilized for each activity within the HFE Program element.
| |
| 4.1.2 Internal Management of the HFE Team The HFE supervisor assigns members of the HFE team (within the Plant Operations organization, Design Engineering, and other organizations) and supervises them during performance of HFE tasks.
| |
| 4.1.3 Making Decisions on Management of the HFE Program The HFE supervisor has ultimate responsibility for scheduling and oversight of the various HFE activities.
| |
| 4.1.4 Making HFE Design Decisions The HFE supervisor has primary authority to make management decisions for HFE activities. Where design decisions require input from multiple organizations, the HFE supervisor may elevate issues within the management chain utilizing NuScale tools and programs including HFEITS, the applicable NuScale internal procedures, design review boards (who perform design reviews as part of design), and the Corrective Action Program.
| |
| Any member of the HFE team may identify problems and propose solutions using the HFEITS tool. The HFE supervisor has authority to make decisions regarding resolution of HFEITS items (including HEDs).
| |
| 4.1.5 Controlling Changes in Design of Equipment The HFE supervisor is responsible for the design of and changes to MCR equipment.
| |
| Design Engineering is responsible for the design of HSIs throughout the plant. Design changes to HSI and other equipment that have major input from HFE are governed through a design change process. As discussed in Section 3.4, the HFE team members perform reviews of the assigned system design documents and have the authority to approve the documents. They also participate in key meetings such as system design phase reviews. This involvement ensures that the HFE team members have the authority to influence and control design changes.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 4.1.6 Review of Human Factors Engineering Products The HFE supervisor has ultimate responsibility for scheduling and oversight of the various HFE activities including reviews of HFE team products. Where independent reviews (outside the overall HFE team) are necessary, the HFE supervisor retains approval authority for HFE team products.
| |
| 4.2 Process Management Tools Human Factors Engineering, like other NuScale engineering discipline activities, is conducted in accordance with the NuScale Quality Management Plan (QMP) and subordinate plans and procedures, including the design control process. The QMP establishes controls to ensure that provisions and commitments contained in NuScale Quality Assurance Program Description (QAPD) have been implemented appropriately.
| |
| The design process includes provisions to control design inputs, outputs, changes, interfaces, records, and organizational interfaces within NuScale and with suppliers.
| |
| These provisions ensure that design inputs (e.g., design bases and the performance, regulatory, quality, and quality verification requirements) are correctly translated into design outputs (e.g., analyses, specifications, drawings, procedures, and instructions).
| |
| This translation ensures that the final design output can be related to the design input in sufficient detail to permit verification. Design change processes and the division of responsibilities for design-related activities are detailed in NuScale and supplier procedures. The Design Control Program includes interface controls necessary to control the development, verification, approval, release, status, distribution, and revision of design inputs and outputs. Design changes and disposition of nonconforming documents are reviewed and approved by the NuScale design organization or by other organizations authorized by NuScale.
| |
| The HFE Program tools and techniques used to fulfill responsibilities are also available to support the HFE elements. Specific tools and techniques used for each HFE element are described in the respective IPs or RSRs. HFE Program tools and techniques used include design guidelines.
| |
| design verification checklists.
| |
| low fidelity aids such as mockups (computer aided drawings or physical representations of HSI).
| |
| multi-unit control room simulator (capable of supporting single, shared, and multi-unit HSI, as well as training, procedure, and S&Q analysis).
| |
| 4.3 Integration of Human Factors Engineering and Other Plant Design Activities Appendix A describes the HFE team integration into the iterative design process through the design review process.
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 4.4 Human Factors Engineering Program Milestones Table 4-1 shows the relationship of HFE Program element design activities to the activity milestones. The IP and RSR shown parenthetically in the activities column represent the type of submittal associated with a given activity or HFE element.
| |
| An HFE relative project schedule with milestones is integrated into the project design development schedule and is available for review.
| |
| Table 4-1 Human Factors Engineering Program and Design Activity Milestones HFE and Design Activities Activity Milestones Standard Design Type of Activities Approval Before Fuel Load Activities Application Operating Experience Review (IP) X Operating Experience Review (RSR) X Functional Requirements Analysis and Function X
| |
| Allocation (IP)
| |
| Functional Requirements Analysis and Function X
| |
| Allocation (RSR)
| |
| Task Analysis (IP) X Task Analysis (RSR) X Staffing & Qualifications (RSR) (Note 1) X HFE Element Treatment of Important Human Actions (RSR)
| |
| Evaluation X (Note 1)
| |
| Human-System interface Design (IP) X Human-System interface Design (RSR) X Procedure Development Note 2 Training Program Development Note 2 Verification & Validation (IP) X Verification & Validation (RSR) X Design Implementation (IP) (Note 3) X Human Performance Monitoring (Note 4) X NOTE 1: Each RSR issued without a corresponding IP includes a description of the methodology used for the HFE element.
| |
| NOTE 2: Training and Procedure Development are managed per Chapter 13.
| |
| NOTE 3: No RSR is required for this element because conformance of the as-built design to the verified and validated design is confirmed by an ITAAC.
| |
| NOTE 4: The Licensee will provide an IP for Human Performance Monitoring after the plant becomes operational.
| |
| 4.5 Human Factors Engineering Documentation The HFE documents that support design are quality records and retained in accordance with the NuScale QMP. The HFE documentation includes design verification checklists, HFEITS records, documentation identified in the HFE element technical reports (e.g.,
| |
| RSRs, guides, and training programs), and information stored in the HFE database.
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 4-1 provides a tabulation of HFE milestones and corresponding activity timeline for the associated documentation.
| |
| 4.6 Subcontractor HFE Efforts If a subcontractor is involved in HFE activities, the HFE team verifies that the subcontractor is properly trained and complies with the NuScale QMP and subordinate plans and procedures. The QMP establishes controls to ensure that provisions and commitments contained in NuScale's QAPD have been implemented appropriately. The QAPD requires that NuScale subcontractors establish a qualification program that is applied to individuals performing quality inspections regardless of the functional group where they are assigned. The NuScale Quality Assurance organization verifies that the subcontractors conduct work in accordance with the NuScale QMP or the subcontractor's Quality Assurance Program as contracted.
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 5.0 Human Factors Engineering Issue Tracking System 5.1 Availability of Human Factors Engineering Issue Tracking System The HFE issues are identified and tracked in the HFEITS database. An HFE issue is any issue that has not been resolved in the NuScale HFE Program process. Issues are those items that need to be addressed at some later date and thus need to be tracked to provide reasonable assurance that they are not overlooked.
| |
| The HFEITS database is available to any member of the HFE team and identification of issues is part of the NuScale safety-conscious work environment.
| |
| HFE issues may include recognized industry HFE issues.
| |
| issues identified throughout the life cycle of the HFE project.
| |
| human engineering discrepancies found during HFE design.
| |
| deficiencies with operating procedures.
| |
| discrepancies noted with the HSI.
| |
| simulator modeling issues.
| |
| simulator (control room) ergonomics.
| |
| The HFEITS database is maintained by NuScale, and updated as new issues are identified. Upon HFE Program turnover to a licensee, open items are communicated to the licensee for duplication in the licensee's tracking system. The HFEITS process is depicted in Figure 5-1.
| |
| 5.2 Human Factors Engineering Issues Tracking Methodology Because the HFE team is imbedded into the design engineering process, most potential HFE issues can be resolved immediately. This resolution is accomplished through direct feedback to design engineers, at engineering design phase review meetings, and during design document review and comment resolution. If the issue cannot be immediately resolved, it is entered into the HFEITS database and is assigned a unique tracking number. Supporting documentation in electronic format is attached to the database item.
| |
| The HFE issue is screened and evaluated to confirm potential degradation in human performance. Issues found that do not degrade human performance are either closed or transferred to more appropriate corrective action processes. Proposed corrective action to resolve the HFE issue is identified and assigned as necessary. Due dates for resolution of the overall evaluation or for each corrective action are established by the HFEITS administrator. Issue close-out and transfer with proper documentation is approved by both the HFEITS administrator and the HFE supervisor. The HFE supervisor may obtain support from the HFE team to resolve and approve the closure of items in the HFEITS database. At HFE Program milestones (completion of certain activities), the HFEITS database is reviewed for items to be resolved or closed.
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 5.3 Human Factors Engineering Issues Tracking Documentation For each HFE issue, the following information is documented in the HFEITS database:
| |
| issue date supporting information (e.g., attachments documenting the issue) assigned issue owner and evaluator whether or not the issue involves a human engineering discrepancy
| |
| - Note: Management and closure of human engineering discrepancies are discussed in the HFE Program technical reports and RSRs (Section 6.0).
| |
| proposed resolution HFE team acceptance or rejection and detailed justification implemented resolutions (e.g., changes to design)
| |
| - Note: Descriptions of resolutions are sufficiently detailed to provide traceability and promote third party review.
| |
| actions taken (e.g., programmatic or administrative changes determined appropriate to address larger issues) affected document(s) 5.4 Human Factors Engineering Issues Tracking Responsibilities HFE team members are responsible for identifying, logging, evaluating, and tracking HFE issues to resolution.
| |
| 5.4.1 Supervisor, Human Factors Engineering Team The HFE supervisor has overall responsibility for administering and managing the HFE ITS team and review committee.
| |
| 5.4.2 Human Factors Engineering Issue Tracking System Team Lead The HFEITS team lead is responsible for requesting resolution and verification resources from the responsible manager, in order to resolve open HFEITS issues.
| |
| The HFEITS team lead is responsible for providing oversight of HFE issue tracking.
| |
| coordinating appropriate resources across the company including operations subject matter experts (SMEs), software developer SMEs, and plant system SMEs to identify and implement resolution solution.
| |
| approving resolution of HFE issues with support from HFE team as needed.
| |
| coordinating the HFEITS review committee.
| |
| coordinating with the software review board.
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 adding and removing users authorized to modify the database.
| |
| negotiating initial issue evaluator and owner assignments.
| |
| negotiating initial resolution and corrective action due dates.
| |
| tracking the issue resolution and corrective action due dates.
| |
| approving issue evaluator and owner changes.
| |
| approving due date changes.
| |
| 5.4.3 Human Factors Engineering Issues Tracking System Administrator The HFEITS administrator is assigned responsibility for managing the software component of the database. The administrator will not necessarily be a member of the HFE team (e.g., an information technology specialist). The HFEITS administrator's responsibilities include managing the integrity of the HFEITS database.
| |
| maintaining hardware and software for optimum performance.
| |
| managing database security.
| |
| 5.4.4 HFE Team Member Issue Evaluator An HFE team member issue evaluator's responsibilities include evaluating issues.
| |
| identifying the extent and significance of issues.
| |
| recommending selection of issue owners.
| |
| recommending corrective actions.
| |
| recommending resolution due dates.
| |
| 5.4.5 Issue Owner The issue owner's responsibilities include resolving issues.
| |
| updating HFEITS with proposed or completed actions.
| |
| updating design documentation where appropriate.
| |
| 5.4.6 HFEITS Review Committee A HFEITS review committee reviews the HFE issues and HEDs submitted following an established internal NuScale procedure to evaluate designation, impact, priority, alignment with current development phases, and assignment to appropriate implementers. The HFE review committee is responsible for reviewing the full
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 documentation to verify the resolution is completed on HFEITS issues and HEDs before final closure.
| |
| Figure 5-1 Human Factors Engineering Issues System Process 5.4.7 Human Engineering Discrepancy Resolution An HED is an issue discovered during the verification and validation phase of the HFE Program and may require engineering changes and verification. The HEDs are identified as personnel task requirements (as defined in the task analysis) that are not fully supported by the HSI, and the presence of HSI components that may not be needed to support personnel tasks. The HEDs are also identified if the design is
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 inconsistent (does not accommodate human capabilities and limitations) with HFE guidelines, such as NUREG-0700, or the NuScale HSI Style Guide.
| |
| The HEDs are identified, documented, and resolved throughout the verification and validation process.
| |
| The HED resolution process involves evaluation of the HEDs to determine if they require correction, development and evaluation of design solutions to address HEDs that must be corrected, and verification that the design solutions have been implemented. These topics are discussed in Reference 8.2.12.
| |
| The HEDs may not always be resolved; HEDs may be found acceptable after an evaluation in the context of the integrated design. The basis for a decision for accepting an HED without a change in the integrated design is documented. It may be based on accepted HFE practices, current published HFE literature, trade-off studies, tests, or engineering evaluations.
| |
| 5.4.8 HED Process Flow During verification and validation, HEDs are analyzed by the HFEITS team for priority selection and design category placement (e.g., HSI or simulator). Once the HED has been received, a discrepancy entry is created in the HFEITS database and the HED is prioritized as priority 1, priority 2, or priority 3 HEDs according to their importance as follows.
| |
| Priority 1 HEDs have a potential direct or indirect impact on plant safety and are resolved before V&V is considered complete. The HEDs initiated as a result of a performance measure not being met (pass or fail performance measures) are priority 1 HEDs. Cross-cutting issues determined through HED analysis or performance measure analysis are priority 1 HEDs due to their global impact on the HSI design performance.
| |
| Priority 2 HEDs have a direct or indirect impact on plant performance and operability and are resolved before the plant design is completed.
| |
| Priority 3 HEDs are those that do not classify as priority 1 or priority 2.
| |
| Priority 3 HEDs do not have to be resolved. If resolution of priority 3 HEDs is determined to be needed, they are resolved by NuScale or turned over to a licensee as appropriate.
| |
| The HED is then routed to the appropriate group for resolution. The HEDs related to the HSI are sent to the HFE Design Team, and HEDs related to simulator modeling are sent to the simulator review board. It is possible for HEDs to be routed to both groups.
| |
| The HED is then resolved, and the discrepancy entry closed. The HED resolution is reviewed for final closure in the HFEITS database by an HFE review committee. The HED resolution process is depicted in Figure 5-2.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure 5-2 Human Engineering Discrepancy Resolution Process
| |
| © Copyright 2022 by NuScale Power, LLC 23
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 6.0 Human Factors Engineering Technical Program Elements The NuScale HFE Program comprises the elements described below. The elements and associated activities are included in the integrated project development. Each element's IP or RSR provides description of the scope, inputs, analyses to be performed, outputs, and documentation.
| |
| description of the applicable methodology.
| |
| appropriate tools and facilities to be employed.
| |
| description of the review and documentation requirements for subordinate documents that support HFE products.
| |
| The following sections provide a summary of each HFE element. A more detailed discussion is contained in the associated IPs or RSRs.
| |
| 6.1 Operating Experience Review The NuScale HFE Program includes an OER. As shown in Table 4-1, the OER activity documentation consists of an IP. The IP (Reference 8.2.6) describes the OER process and methodology. The findings from the OER must be incorporated in a future RSR. The RSR must document the specific types of OER conducted and the incorporation of applicable findings into the NuScale design.
| |
| The OER scope includes review of recognized industry HFE issues contained in NUREG/CR-6400 (Reference 8.2.5).
| |
| review of recognized industry HFE issues identified since January 1996, one year before NUREG/CR-6400 was issued.
| |
| review of operating experience related to the proposed NuScale design.
| |
| identification of HFE issues obtained through interviews with plant personnel.
| |
| identification of important human actions in the NuScale design.
| |
| The HFE team is responsible for conducting the OER. The qualifications of the HFE team members supporting OER are specified in the operating experience review implementation plan.
| |
| The OER methodology includes the following considerations:
| |
| team and team lead responsibilities OER information review criteria OER database data entry OER item analysis approval
| |
| © Copyright 2022 by NuScale Power, LLC 24
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 results output to requisite NuScale engineering organizations OER database field descriptions OER plant personnel interview criteria coordination between the OER database and the HFE issues tracking database If an OER issue is determined to be applicable to NuScale and HFE, but cannot be resolved at the current point in the design, it becomes an HFE issue. The HFE issues are tracked in the HFEITS database throughout the lifecycle of the HFE Program for the NuScale design project. The HFEITS database is described in Section 5.0.
| |
| 6.2 Functional Requirements Analysis and Function Allocation The NuScale HFE Program includes an FRA/FA. As shown in Table 4-1, the FRA/FA activity documentation consists of an IP. The IP (Reference 8.2.7) describes the FRA/FA process and methodology of the FRA/FA. The findings from the FRA/FA must be incorporated in a future RSR.
| |
| For each plant function, the HFE team documents purpose.
| |
| predecessor functions of systems.
| |
| relevant operating experience.
| |
| differences from predecessor functions or systems.
| |
| supporting sub-functions, processes, components, and systems.
| |
| safety and risk significance.
| |
| To support the functional analysis, the HFE team then documents supported plant goal.
| |
| conditions that indicate the need for the function.
| |
| parameters that indicate the availability and operating status of each function, whether the function is achieving its purpose, and whether the operations of the function must be terminated.
| |
| alternative success paths for the function.
| |
| Once the FRA is complete, the FA is conducted. A set of automation criteria is developed to allocate each function to manual, automatic, or shared execution. The HFE team allocates each function to optimize relevant automation criteria as follows:
| |
| analyze predecessor function allocations and operating experience analyze upstream, downstream, and related functions in the overall plant design to assess indirect consequences
| |
| © Copyright 2022 by NuScale Power, LLC 25
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 evaluate relevant criteria impacting safety, reliability, situational awareness and cost effectiveness evaluate the aggregate impact to personnel considering the set of functions assigned to them allocate the function to a discrete allocation criteria to improve overall design consistency Tools for the FRA/FA process include an FRA/FA database that produces a functional requirements hierarchy chart.
| |
| 6.3 Task Analysis The NuScale HFE Program includes a TA. As shown in Table 4-1, the TA activity documentation consists of an IP. The IP (Reference 8.2.8) describes the TA process and methodology. The findings from the TA must be incorporated in a future RSR.
| |
| Tasks are evaluated. From the wide range of plant operating conditions, tasks that meet the following criteria receive a more detailed task analysis:
| |
| tasks that include important human actions as determined from safety analysis, PRA, and diversity and defense-in-depth coping analysis for I&C systems tasks that, if performed incorrectly, could impact nuclear safety or power generation tasks that are new or performed in a manner significantly different from similar tasks in the existing industry tasks related to monitoring automated systems tasks related to recognizing the failure or degradation of automated equipment and performance of associated tasks that implement backup responses administrative tasks and support aids such as reference materials, hard copy graphs, and calculators that place a large burden on the control room personnel maintenance or testing tasks that have augmented quality requirements tasks with potential effects on personnel safety (such as maintenance tasks performed in the containment)
| |
| After categorization, a task narrative is written to describe the objectives of a specific system's operator tasks and provide an overview of the activities personnel are expected to accomplish to complete the task. Narrative descriptions of operator activities contain requisite detail for a reviewer to correlate the described task objectives to the results of the completed TA. The narrative is brief for simple tasks but has greater detail from more complex tasks.
| |
| The detailed TA involves decomposition of task elements.
| |
| preparation of the operational sequence diagram.
| |
| © Copyright 2022 by NuScale Power, LLC 26
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 determination of task attributes and completion of the task table.
| |
| identification of knowledge and abilities.
| |
| assignment of tasks to roles.
| |
| analysis of the feasibility and reliability for important human actions.
| |
| A database is used to capture data from the TA process. The database contains the results from the TA and can be used to facilitate searches and reviews of previous analyses. The database also contains a list of the tasks reviewed, the task attributes, and the knowledge and abilities identified for each task.
| |
| 6.4 Staffing and Qualifications As discussed in Section 2.2.1, NuScale's HFE Program S&Q analysis addresses only the activities performed by licensed control room operators. The staffing and qualifications results summary report (Reference 8.2.11) describes the S&Q analysis process, the output documentation requirements, and the findings from the S&Q analysis.
| |
| As described in Section 2.2.1, the NuScale Power Plant uses passive safety systems and is highly automated to reduce the need for operator actions and allow for monitoring multiple units simultaneously. This level of automation impacts HSI design from the aspect of the number of physical interfaces, data processing, operating procedures, display screens, alarms, controls, and support aids needed for the accomplishment of tasks. The acceptability of staffing levels for the NuScale operating concept for identified modes and for the aggregate of tasks assigned to operating personnel is confirmed in the S&Q analysis.
| |
| The S&Q analysis also provides the staffing plan validation.
| |
| 6.5 Treatment of Important Human Actions The NuScale HFE Program includes provision for TIHA. The treatment of important human actions results summary report describes the process for determining and treatment of important human actions and includes the output documentation requirements. The treatment of important human actions results summary report (Reference 8.2.10) describes the findings from the analysis and resolutions.
| |
| The TIHA analysis identifies risk-important human actions (RIHA) from the PRA. The treatment of important human actions results summary report describes the PRA methodology, the method for determining human error probability, and the method used to determine the risk significance of those potential errors. Other PRA activities are outside the scope of the HFE Program.
| |
| The TIHA analysis also describes the methodology used to extract deterministically important human actions (DIHA) from the transient and accident analyses and the diversity and defense-in-depth coping analysis. The HFE personnel assess DIHAs to confirm with reasonable confidence that they can be carried out within the time available.
| |
| © Copyright 2022 by NuScale Power, LLC 27
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 An additional detailed quantitative analysis of workload and time constraints is performed for both RIHAs and DIHAs in the TA, the S&Q, and in a performance-based test using the simulator, independent operating crews, and challenging scenarios. These important human actions are also included in ISV scenarios.
| |
| 6.6 Human-System Interface Design The NuScale HFE Program includes HSI design. An HSI design IP (Reference 8.2.11) describes the HSI methodology. The outputs of the HSI design element must be incorporated in a future RSR.
| |
| The HSI design element generates the main control room human-system interfaces, MCR derivative HSIs, and local control station human-system interfaces after translating HFE analysis outputs into the inventory of alarms, displays, controls, and operating procedures. A key output of the HSI design program element is a complete set of HSIs that are implemented in the control room simulator for subsequent V&V. The simulator includes the functions of the MCR and MCR derivative HSIs used in the waste management control room, module maintenance center, TSC, and EOF. The HSI design also generates the local control station human-system interface design and the requirements for their physical locations.
| |
| The OER identifies issues addressed by similar HSI designs. Assessments are made by the HFE team at the time the OER is conducted. The HSI design confirms that the OER issues remain addressed despite changes during plant design.
| |
| The TIHA element identifies assumptions regarding the characteristics of the HSI used for RIHAs and DIHAs. The HSI design element ensures these assumptions are implemented in the HSI (e.g., control accessibility from the MCR and spatially-dedicated continuously-visible HSI to reduce time required for human actions).
| |
| The HSI design uses the HSI inventory and characteristic outputs from TA to establish alarm priority and applicability logic, display and control designs, and procedure step acceptance criteria. The HSI design also uses these TA outputs to establish the grouping of HSI inventory for task-based display screens.
| |
| The S&Q analysis confirms the MCR operating staff numbers and qualifications for identified plant modes. The HSI design includes layout of the operator workstations and displays for the MCR. The HSIs at the waste management control room and module maintenance center are extensions of the HSI used in the MCR. Other local facilities are derivatives of the main control room human-system interfaces.
| |
| The HSI design uses plant operating procedures developed as part of the plant design (i.e., procedure development is integrated with HFE activities but not considered HFE Program scope) to generate computer-based procedures, which are necessary tools to support the ISV of the V&V program element. Other procedures (e.g., surveillance and test procedures) are also outside the scope of the HSI design element because they have their own development and V&V program.
| |
| © Copyright 2022 by NuScale Power, LLC 28
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 The HFE issues generated during HSI design or from prior program elements are resolved during HSI design so that the final output is a complete HSI design suitable for V&V.
| |
| 6.7 Procedure Development Procedure development is the responsibility of the licensee. No IP or RSR for procedure development is submitted as part of the NuScale HFE Program. The Final Safety Analysis Report Chapter 13, Conduct of Operations, contains information related to procedure development.
| |
| 6.8 Training Program Development Operators who support the human factors V&V program element are trained in accordance with the NuScale Training Program.
| |
| Training program development is the responsibility of an applicant that references the NuScale Power Plant US460 standard design. No IP or RSR for training program development is submitted as part of the NuScale HFE Program. The Final Safety Analysis Report Chapter 13, Conduct of Operations, contains information related to Training Program development.
| |
| 6.9 Human Factors Verification and Validation The NuScale HFE Program includes human factors V&V. The verification and validation implementation plan (Reference 8.2.12) describes the human factors V&V process and includes the output documentation requirements. Following V&V activities, an RSR must be prepared to describe the outputs of human factors V&V.
| |
| Human factors V&V evaluations comprehensively determine that the HSIs, procedures, and training program conform to HFE design principles and that the HSIs enable plant personnel to successfully perform their tasks to achieve plant safety and other operational goals. Demonstrating conformance to the acceptance criteria defined in the human factors verification and validation implementation plan for the ISV is the final design acceptance milestone for the HSIs. Human factors V&V of the EOF is outside the scope of the human factors V&V program.
| |
| Verification and validation is conducted using a control room simulator that reflects the output of HSI design, procedures, and training program.
| |
| 6.10 Design Implementation The NuScale HFE Program includes design implementation. The design implementation implementation plan describes the DI process and includes the output documentation requirements. No RSR is required for this element because conformance of the as-built design to the verified and validated design is confirmed by ITAAC.
| |
| © Copyright 2022 by NuScale Power, LLC 29
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 The DI demonstrates that the implemented design accurately reflects the verified and validated design. If the DI program element identifies differences (e.g., site-specific aspects that were not included in V&V or design changes that occur after V&V), those differences are evaluated to determine impacts to the analysis results from previous HFE Program elements, including V&V.
| |
| Priority 3 HEDs generated during V&V that are determined to require resolution, as well as HEDs generated after completion of V&V are resolved by NuScale or turned over to a licensee as appropriate.
| |
| 6.11 Human Performance Monitoring The HPM Program begins after DI is completed and continues for the life of the plant. The HPM Program is intended to detect degradation in operator performance compared to the performance observed during integrated system validation. Degradation may be due to many factors that occur during the life of the plant, including changes in personnel, changes in plant culture, changes in training methods, or changes in the HSI design itself.
| |
| The HPM Program includes monitoring and investigating perceived or documented reduced human performance.
| |
| analyzing causes of reduced human performance.
| |
| developing corrective action plans for improvement.
| |
| maintaining a culture of continuous monitoring of human performance through operating experience review.
| |
| training and qualification.
| |
| change management (modification process, configuration management).
| |
| use of the plant simulator.
| |
| independent reviews and audits.
| |
| The HPM Program is a catalyst for corrective actions during the life of the plant; the licensee manages its own Corrective Actions Program. The HPM Program is a responsibility of the licensee.
| |
| © Copyright 2022 by NuScale Power, LLC 30
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 7.0 NUREG-0711 Conformance Evaluation Table 7-1 provides a mapping of the sections in this PMP where each NUREG-0711, Revision 3 criterion is met.
| |
| Table 7-1 Conformance with NUREG-0711 HFE PMP Section Review Criteria No. and paragraph 2.4.1 General HFE Program Goals and Scope Section 2.1, All (1) HFE Program Goals - The applicant should state the general objectives of the program in human-centered terms. As the HFE program develops, they should be further defined and used as a basis for HFE tests and evaluations.
| |
| Additional Information- Generic human-centered HFE design goals include the following:
| |
| * personnel tasks can be accomplished within time and performance criteria
| |
| * the HSIs, procedures, staffing/qualifications, training, and management and organizational arrangements support personnel situation awareness
| |
| * the design will support personnel in maintaining vigilance over plant operations and provide acceptable workload levels, i.e., minimize periods of under- and over-load
| |
| * the HSIs will minimize personnel error and will support error detection and recovery capability (2) Assumptions and Constraints - The applicant should identify the design Section 2.2.1, All assumptions and constraints.
| |
| Additional Information- An assumption or constraint is an aspect of the design, such as a specific staffing plan or a specific HSI technology that is an input to the HFE program rather than the result of HFE analyses and evaluations.
| |
| (3) HFE Program Duration - The applicants HFE program should be in effect at least Section 2.2.2, All from the start of the design cycle through completion of initial plant startup test program.
| |
| (4) Facilities - The applicants HFE program should cover the main control room Section 2.2.3, All (MCR), remote shutdown facility (RSF), technical support center (TSC),
| |
| emergency operations facility (EOF), and local control stations (LCSs). The 12 HFE elements should be applied to each of them, unless otherwise noted for a specific HFE element. However, applicants may apply the elements of the HFE program in a graded fashion to facilities other than the MCR and RSF, providing justification in the HFE program plan.
| |
| (5) HSIs, Procedures and Training - The applicants HFE program should address the Section 2.2.4, All design of HSIs and identify inputs to the development of procedures and training for all operations, accident management, maintenance, test, inspections, and surveillance tasks that operational personnel will perform or supervise. In addition, the HFE design process should identify training program input for the following personnel identified in 10 CFR 50.120- instrument and control technician, electrical maintenance personnel, mechanical maintenance personnel, radiological protection technician, chemistry technician, and engineering support personnel. In addition, any other personnel who perform tasks directly related to plant safety should be included, such as information technology technicians who troubleshoot and maintain support systems and their HSIs.
| |
| © Copyright 2022 by NuScale Power, LLC 31
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE PMP Section Review Criteria No. and paragraph (6) Personnel - The applicants HFE program should consider operations staffing and Section 2.2.5, All qualifications, including licensed control-room operators as defined in 10 CFR Part 55, and the following categories of personnel- non-licensed operators, shift supervisor, and shift technical advisor.
| |
| (7) Additional Considerations for Reviewing the HFE Aspects of Plant Modifications - Section 2.2.6 All In addition to any of the criteria above that relate to the modification being reviewed, the applicant should address the following considerations:
| |
| * The goals of the applicants HFE program should address the potential effects of a modification on the performance of personnel. The transition from the existing plant configuration to the modified one can pose different demands on human performance than either the initial or the final configurations. Therefore, the modification and its implementation should be planned to minimize the effects of the change on personnel performance. The HFE program for the modification should consider:
| |
| - planning the installation to minimize disruptions to work
| |
| - coordinating changes in training and procedures when implementing the modification
| |
| - conducting training to maximize personnels knowledge and skill with the new design before implementing it
| |
| * The applicants HFE program should involve plant personnel to ensure that the following are considered from a users perspective in establishing the requirements for the modification, and evaluating the outputs of the design process:
| |
| - users understanding of how plant systems are structured and behave
| |
| - task demands and constraints of the existing work environment and work processes 2.4.2 HFE Team and Organization Section 3.1, All In this document, the term HFE team means the primary organization(s) responsible for the applicants HFE program. However, we do not assume that HFE is the responsibility of a single organizational unit, or that there is an organizational unit called the HFE team.
| |
| Responsibility - The applicants team should be responsible for:
| |
| * developing all HFE plans and procedures
| |
| * overseeing and reviewing all activities in HFE design, development, test, and evaluation, including the initiation, recommendation, and provision of solutions through designated channels for problems identified in implementing the HFE work
| |
| * verifying that the teams recommendations are implemented
| |
| * assuring that all HFE activities comply with the HFE plans and procedures
| |
| * scheduling work and milestones
| |
| © Copyright 2022 by NuScale Power, LLC 32
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE PMP Section Review Criteria No. and paragraph Organizational Placement and Authority - The applicant should describe the primary Section 3.2, All HFE organization(s) or function(s) within the engineering organization designing the plant or modification. The organization should be illustrated to show organizational and functional relationships, reporting relationships, and lines of communication. The applicant also should address the following:
| |
| * When more than one organization is responsible for HFE, such as instrumentation and control (I&C) and operations, the lead organizational unit answerable for the HFE program plan should be identified. If organization changes are expected over time (e.g., from design through construction to startup) necessary transitions between responsible organizations should be described.
| |
| * The team should have the authority and organizational placement to reasonably assure that all its areas of responsibility are completed, and to identify problems in establishing the overall plan or modifying its design.
| |
| * The team should have the authority to control further processing, delivery, installation, or use of HFE products until the disposition of a nonconformance, deficiency, or unsatisfactory condition is resolved.
| |
| Composition - The applicants HFE team should include the expertise described in Section 3.3, All the appendix to this report.
| |
| Team Staffing - The applicant should describe team staffing in terms of job Section 3.4, All descriptions and assignments of team personnel.
| |
| 2.4.3 HFE Process and Procedures Section 4.1, All (1) General Process Procedures - The applicant should identify the process through which the team will execute its responsibilities. It should include procedures for the following:
| |
| * assigning HFE activities to individual team members
| |
| * governing the internal management of the team
| |
| * making decisions on managing the HFE program
| |
| * making HFE design decisions
| |
| * controlling changes in design of equipment
| |
| * reviewing of HFE products (2) Process Management Tools - The applicant should identify the tools and Section 4.2, All techniques (e.g., review forms) the team uses to verify that they fulfilled their responsibilities.
| |
| (3) Integration of HFE and Other Plant or Modification Design Activities - The Section 4.3, All applicant should describe the process for integrating the design activities (i.e., the inputs from other design work to the HFE program, and the outputs from the HFE program to other plant design activities). The applicant should also discuss the iterative aspects of the HFE design process.
| |
| (4) HFE Program Milestones - The applicant should identify HFE milestones that Section 4.4, All show the relationship of the elements of the HFE program to the integrated plant design, development, and licensing schedule. A relative program schedule of HFE tasks should be available for the NRC staffs review showing relationships between the HFE elements and the activities, products, and reviews.
| |
| Additional Information- A milestone might include, for example, the date when a simulator will be available for integrated system validation and operator training.
| |
| © Copyright 2022 by NuScale Power, LLC 33
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE PMP Section Review Criteria No. and paragraph HFE Documentation - The applicant should identify the HFE documentation items, Section 4.5, All such as RSRs and their supporting materials, and briefly describe them, along with the procedures for their retention and for making them available to the NRC staff for review.
| |
| Subcontractor HFE Efforts - The applicant should include HFE requirements in each Section 4.6, All subcontract contributing to the HFE program. The applicant should periodically verify the subcontractors compliance with HFE requirements. The HFE plan should describe milestones and the methods used for this verification.
| |
| 2.4.4 Tracking HFE Issues Section 5.1, All (1) Availability - The applicant should have a tracking system to address human factors issues that are:
| |
| * known to the industry (defined in the Operating Experience Review element, see Section 3)
| |
| * identified throughout the life cycle of the HFE aspects of design, development, and evaluation deemed by the HFE program as human engineering discrepancies (HEDs) (see Section 11.4.4)
| |
| Additional Information: Issues are those items that need to be addressed later, and hence must be tracked to assure that they are not overlooked. Establishing a new system to track HFE issues independent from the rest of the design effort is unnecessary; rather, an existing one can be adapted for this purpose (such as a plants corrective-action program).
| |
| (2) Method - The applicants method should: Section 5.2, All
| |
| * establish criteria for when issues are entered into the system
| |
| * track issues until the potential for negative effects on human performance is reduced to an acceptable level.
| |
| (3) Documentation - The applicant should document the actions taken to address Section 5.3, All each issue in the system; if no action is required, this should be justified.
| |
| Additional Information- The description of the final resolution of the issue should be sufficiently detailed so that a third party can understand how it was resolved.
| |
| (4) Responsibility - After identifying an issue, the applicants tracking procedures Section 5.4, All should describe individual responsibilities for logging, tracking, and resolving it, along with the acceptance of the outcome.
| |
| 2.4.5 Technical Program Section 6.0, All (1) The applicant should describe the applicability and status of each of the following HFE elements-Operating Experience Review Section 6.1 Functional Requirements Analysis and Function Allocation Section 6.2 Task Analysis Section 6.3 Staffing and Qualifications Section 6.4 Treatment of Important Human Actions Section 6.5 HSI Design Section 6.6 Procedure Development (Described in SRP, Chapter 13 submittal) Section 6.7 Training Program Development (Described in SRP, Chapter 13 submittal) Section 6.8 Human Factors Verification and Validation Section 6.9 Design Implementation Section 6.10
| |
| © Copyright 2022 by NuScale Power, LLC 34
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE PMP Section Review Criteria No. and paragraph Human Performance Monitoring Section 6.11 Additional Information: The applicant should identify each applicable element of the HFE program. If the applicant determines that an HFE element is not applicable to the HFE program, the applicant should give a rationale. For example, if an applicants HFE program involves modifying a control room HSI wherein the level of automation is not affected, then the Functional Requirements Analysis and Function Allocation element might not be included.
| |
| The applicant should describe the status of each element in the HFE plan (i.e., will the element be enacted in the future, is it currently being performed, or is it completed).
| |
| The applicant should clearly identify the use of past analyses that the NRC has not reviewed (i.e., analyses originally undertaken for another design) and justify their use in the current application.
| |
| The criteria for the technical review of each element in the HFE program are presented in Sections 3 to 13 of this document.
| |
| (2) The applicant should identify the approximate schedule for completing any HFE Table 4-1 activities that are unfinished at the time of the application.
| |
| Additional Information: For example, if an applicant for design certification has not finished V&V, the applicant should give an approximate schedule for its completion.
| |
| (3) The applicants plan should identify and describe the standards and specifications Referenced that are sources of the HFE requirements. Documents, Section 8.2 (4) The applicants plan should specify HFE facilities, equipment, tools, and Section 4.2, techniques (such as laboratories, simulators, rapid prototyping software) that the Associated IPs and HFE program will employ. RSRs
| |
| © Copyright 2022 by NuScale Power, LLC 35
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE PMP Section Review Criteria No. and paragraph (5) Additional Considerations for Reviewing the HFE Aspects of Plant Not applicable for Modifications - The applicant should provide assurance that a modification to the Standard Design control room or a change to risk-important human actions does not compromise Approval defense in depth in accordance with RG 1.174. The applicant should assure the Application following important aspects of defense in depth: submittal HFE
| |
| * A reasonable balance is preserved among prevention of core damage, Program prevention of containment failure, and consequence mitigation.
| |
| * There is no over-reliance on programmatic activities to compensate for weaknesses in plant design. This may be pertinent to changes in credited human actions (HAs).
| |
| * System redundancy, independence, and diversity are preserved commensurate with the expected frequency, consequences of challenges to the system, and uncertainties (e.g., no risk outliers).
| |
| * Defenses against potential common cause failures are preserved, and the potential for the introduction of new common cause failure mechanisms is assessed. Caution should be exercised in crediting new HAs to verify that the possibility of significant common cause errors is not created.
| |
| * Independence of barriers is not degraded.
| |
| * Defenses against human errors are preserved. For example, establish procedures for a second check or independent verification for risk-important HAs to determine that they have been performed correctly.
| |
| The intent of the General Design Criteria (GDC) in Appendix A to 10 CFR Part 50 is maintained. GDC that may be relevant are:
| |
| * 3 - Fire Protection
| |
| * 13 - Instrumentation and Control
| |
| * 17 - Electric Power Systems
| |
| * 19 - Control Room
| |
| * 34 - Residual Heat Removal
| |
| * 35 - Emergency Core Cooling System
| |
| * 38 - Containment Heat Removal
| |
| * 44 - Cooling Water Safety margins often used in deterministic analyses to account for uncertainty and provide an added margin to provide adequate assurance that the various limits or criteria important to safety are not violated. Such safety margins are typically not related to HAs, but the reviewer should take note to see if there are any that may apply to the particular case under review. It is also possible to add a safety margin (if desired) to the HA by demonstrating that the action can be performed within some time interval (or margin) that is less than the time identified by the analysis.
| |
| Additional Information: Defense in depth, described in RG 1.174, is one of the fundamental principles upon which a plant is designed and built. It uses multiple means to assure safety functions and to prevent the release of radioactive materials.
| |
| Defense in depth is important in accounting for uncertainties in equipment and human performance, and for ensuring some protection remains, even in the face of significant breakdowns in particular areas, such as safety systems, training, and quality assurance. Whereas an applicant may change a specific defense in depth strategy, defense in depth must be maintained overall. These types of defense in depth evaluations may be done as part of the 10 CFR 50.59 evaluation for modifying the plant.
| |
| © Copyright 2022 by NuScale Power, LLC 36
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 8.0 References 8.1 Source Documents 8.1.1 U.S. Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model," NUREG-0711, Rev. 3, November 2012.
| |
| 8.2 Referenced Documents 8.2.1 U.S. Code of Federal Regulations, "Contents of Applications; Technical Information," Section 50.34(f)(2)(iii), Part 50, Chapter I, Title 10, "Energy," (10 CFR 50.34(f)(2)(iii)).
| |
| 8.2.2 U.S. Code of Federal Regulations, "Contents of Applications; Technical Information," Section 52.47(a)(8), Part 52, Chapter I, Title 10, "Energy," (10 CFR 52.47(a)(8)).
| |
| 8.2.3 U.S. Code of Federal Regulations, "Training and Qualifications of Nuclear Power Plant Personnel," Section 50.120, Part 50, Chapter 1, Title 10 "Energy," (10 CFR 50.120).
| |
| 8.2.4 U.S. Code of Federal Regulations, "Operators' Licenses", Part 55, Chapter I, Title 10, "Energy," (10 CFR 55).
| |
| 8.2.5 U.S. Nuclear Regulatory Commission, "Human Factors Engineering (HFE)
| |
| Insights for Advanced Reactors Based Upon Operating Experience,"
| |
| NUREG/CR-6400, January 1997.
| |
| 8.2.6 NuScale Power, LLC, Human Factors Engineering Operating Experience Review Implementation Plan, TR-130409, Rev. 0.
| |
| 8.2.7 NuScale Power, LLC, Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan, TR-124333, Rev. 0.
| |
| 8.2.8 NuScale Power, LLC, Human Factors Engineering Task Analysis Implementation Plan, TR-130413, Rev. 0.
| |
| 8.2.9 NuScale Power, LLC, Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412, Rev. 0.
| |
| 8.2.10 NuScale Power, LLC, Human Factors Engineering Treatment of Important Human Actions Results Summary Report, TR-130416, Rev. 0.
| |
| 8.2.11 NuScale Power, LLC, Human-System Interface Design Implementation Plan, TR-130417, Rev. 0.
| |
| 8.2.12 NuScale Power, LLC, Human Factors Verification and Validation Implementation Plan, TR-130415, Rev. 0.
| |
| © Copyright 2022 by NuScale Power, LLC 37
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Appendix A NuScale HFE Program Design Integration As illustrated in Figure A-1, the HFE team is integrated into the iterative design process through the design review process.
| |
| Figure A-1, Point 1 illustrates the HFE Program integration at the start of the design process through the Human Factors Engineering Issue Tracking System (HFEITS). Unresolved HFE issues identified by the HFE Program and the HFE team are accumulated and tracked to resolution in the HFEITS database (Section 5.0 discusses more details on HFEITS). Early in the design planning process, applicable design inputs are identified. These inputs include requirements (e.g., Utility Requirements Document, Owners Requirements Document and codes and standards), proposed design solutions and unresolved issues (e.g., action tracking system and HFEITS). Starting with those initial design inputs, the design engineering team establishes design requirements, which evolve to detailed designs.
| |
| © Copyright 2022 by NuScale Power, LLC A-1
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-1 NuScale and Human Factors Engineering Program Design Integration General Design Document Development Utility Owners Codes & Other Action Item HFEITS Operating Requirements Document Requirements Document Standards Documents Tracking &
| |
| HFEITS 1 Experience Plan Engineering Design HFE Program Design Team HFE Design Team Design Feedback Evaluation Internal Revise Document Subject Matter Document Resolve Comments Experts Check HFE Design Team 2 Revise Document Interdisciplinary Resolve Comments Review Other Design Disciplines NuScale Design Documents Revise Document Approval Review Resolve Comments Mechanical Electrical PRA/HRA Documents Documents Documents Engineering Document Approval Other I&C Concept of Documents Documents Operations
| |
| © Copyright 2022 by NuScale Power, LLC A-2
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-1 Point 2 represents the HFE team's direct participation in the interdisciplinary review process. When a design document has gone through internal document check, the design discipline manager identifies appropriate disciplines to participate in an interdisciplinary review.
| |
| In addition to the interdisciplinary review, an HFE team member is assigned to perform reviews of the system design documents. This review allows the HFE team to identify emerging human factors problems in the design and monitor effective resolution of human factors problems. For example, the HFE team participated in the NuScale reactor building interdisciplinary review. As a direct result of that HFE team review, the control room envelope was enlarged to ensure adequate space for required control room equipment and personnel.
| |
| As illustrated in Figure A-2, the HFE Program process has three primary inputs:
| |
| the operating experience the subject matter experts the NuScale design documents Figure A-2 Point 1 (consistent with Figure A-1 Point 1), illustrates the HFE Program's integration into the design process through HFEITS.
| |
| Figure A-1 Point 2 impacts the interdisciplinary review process and is not represented in Figure A-2.
| |
| © Copyright 2022 by NuScale Power, LLC A-3
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Human Factors Engineering Program Process HFE Issue can impact Design Documents Operating Experience NuScale Design Documents Nuclear Other Mech Elect PRA/HRA I&C Other Concept of NRC Industries Safety Documents Operations Industry Designs Designs Analysis Designs Subject Matter Experts 4
| |
| 5 OER 9
| |
| FRA/FA Treatment of 11 Important Human Actions TA 10 12 21 S&Q 1 HFE Issue can 8 3
| |
| HFEITS impact one or more HFE 13 7
| |
| Elements 16 Other 14 Tracking HSI Programs Development 17 Procedure Development 19 6 15 Training Development 18 20 HFE Verification & Validation (HEDs)
| |
| HFE Design Team Design Implementation evaluations at points 14, 17, 19 and the HFE V&V generate HFE Issues and Human Performance Monitoring HEDs which are tracked by HFEITS at point 6.
| |
| © Copyright 2022 by NuScale Power, LLC A-4
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Point 3 represents the resolution of HFE issues within the HFE Program. Issues within HFEITS may impact any of the HFE Program elements. For example, an HFE issue associated with a particular system may impact OER and require investigation to determine if relevant lessons had been applied to predecessor systems. Similarly, an HFE issue could impact a portion of an analyzed task (TA) conducted on an important human action. Because HFE issues may impact any or several of the HFE elements, Point 3 terminates at a bracket enveloping the HFE elements.
| |
| Figure A-2 Point 4 represents the OE input to the HFE Program via the OER element. The OE from the NRC, the nuclear industry, and other industries is reviewed to identify lessons learned from comparable operating concepts. The OE review results typically conclude that the particular operating experience falls into one of the following categories:
| |
| OE is not applicable to the NuScale design OE is applicable and adequately addressed in the NuScale design OE may be applicable but further investigation is required (Point 5)
| |
| A prescreened OE item that has been included in the OER database and requiring further evaluation is determined to be not applicable is documented in the OER database along with the basis for that conclusion. An OE determined to be applicable and adequately addressed in the design is similarly documented in the OER database with the basis and reference to the implementing design document.
| |
| Figure A-2 Point 5 represents the OE that may be applicable but requires further investigation.
| |
| These issues are presumed to be HFE issues and entered into HFEITS for resolution. In some cases, the HFE issue screening may determine that all or portions of these issues are not HFE issues. Reference 8.2.6 contains more details on the screening process.
| |
| Figure A-2 Point 6 represents the collective input of HFE issues into HFEITS, excluding those from OER. While many HFE issues originate in the OER process (Point 5) or from the HFE elements associated with analysis, implementation or operation, the bulk of HFE issues originate through the HFE team's evaluation of HSI development, procedure development, training development, and HFE verification and validation (HFE team evaluation points ). These evaluations generate the HFE team's feedback regarding the development products (HSIs, procedures, and training program). In most cases, the issues identified in the development evaluation are resolved as part of the iterative development process. However, problems that cannot or will not be resolved through product development become HFE issues. Additionally, HFE issues identified during the HFE verification and validation are generally designated as HEDs. Both HFE issues and HEDs are entered into HFEITS as illustrated by Point 6.
| |
| © Copyright 2022 by NuScale Power, LLC A-5
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Point 7 represents issues entered into the HFEITS that contain some action or issue resolution outside of the HFE Program. Such non-HFE issues requiring corrective action or follow-up are entered into an action tracking system.
| |
| Figure A-2 Point 8 represents an important facet of SMEs input to the HFE Program. These experts, along with the HFE team participants, generate innovative and creative ideas regarding HSIs, procedures, and training program development. The ideas are often derived from nontraditional activities and do not depend on other HFE elements. Individuals may begin contemplating the HSI before they join the team and may sustain this creativity for the duration of their participation in the program. Consequently, the HSIs, procedures, and training program development may begin and progress before the influence of other HFE elements shape the development.
| |
| Figure A-2 Point 9 represents direct input of TIHA to the FRA/FA. The TIHA represents the graded approach of focusing HFE efforts on specific human actions and types of human actions based on the importance of the action to the public's health and safety as identified through PRA, human reliability analysis (HRA), and transient and accident safety analysis design documents.
| |
| The TIHA input focuses FRA/FA on the functions associated with important human actions and ensures that functional allocation reconciles with human actions assumed in the designed documents. As with Points 10 and 21, Point 9 also represents the iterative feedback from TIHA as a result of revisions to design documents (PRA/HRA) or the results of HFE verification and validation.
| |
| Figure A-2 Point 10 represents the direct input of TIHA to TA. Similar to the TIHA input to FRA/FA illustrated in Point 9, TIHA input focuses TA on those important human actions to ensure each receives comprehensive analysis and is both feasible and reliable. As with Points 9 and 21, Point 10 also represents the iterative feedback from TIHA as a result of revisions to design documents (PRA/HRA) or the results of HFE verification and validation.
| |
| Figure A-2 Point 11 represents the availability of FRA/FA results, which enable the start of TA.
| |
| The FRA/FA is accomplished in two steps: functional requirements analysis, and function allocation (assignment of automation level). The primary inputs to the functional requirements analysis are the various design documents. Through analysis and SME interviews, the HFE team identifies those functions that must be carried out to satisfy the plant's operating and safety goals. Function allocation is the assignment of functions to manual control, automatic control, or a combination of both. An additional input to the FRA/FA element is illustrated by Point 9, TIHA.
| |
| The HFE Program takes a graded approach in focusing efforts on human actions, placing the greatest emphasis on those human actions considered to be most important. Thus, Point 11 represents the functions allocated to humans, which is the primary input to TA.
| |
| © Copyright 2022 by NuScale Power, LLC A-6
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Point 12 represents the results of TA, which, along with influence of the concept of operations, are inputs to the S&Q analysis. Assumptions in the concept of operations follow the division of task responsibility traditionally found in commercial nuclear facilities. Those assumptions place control room management, supervision, and oversight responsibilities with senior reactor operators. Reactor operators are assumed to have responsibility for monitoring and control of safety related and augmented quality functions. Non-licensed operators, I&C technicians, electrical maintenance personnel, mechanical maintenance personnel, radiological protection technicians, chemistry technicians, and engineering support personnel provide operating support as requested and conduct nonimpacting inspections and surveys. The S&Q analysis evaluates the conformity and conflict between the TA results and the concept of operations to associate tasks with jobs. Minor conflicts are resolved through the iterative design process or changes to the concept of operations. In most cases, Points 12 and 13 differ little except that the TA must be iteratively focused to conform to traditional SRO, reactor operator and non-licensed operator roles and responsibilities and the concept of operations must be refined as task details are incorporated.
| |
| Figure A-2 Point 13 represents the working results of the HFE Program analysis elements that shape the development of HSI, procedures, and training. In concert with the innovative HSI, procedure and training concepts represented by Point 8, Point 13 drives development to meet functional, task, and qualification requirements.
| |
| Figure A-2 Point 14 represents the iterative design and development of HSI. The structured development methodology translates the innovative ideas, the concept of operations, HFE principles, functional requirements, task requirements, qualification requirements into HSI display characteristics, and control functions. The HFE team evaluation (signified by this symbol
| |
| ) of the HSI is based on HFE principles, intuitive functionality, and NUREG-0700 using a variety of validation methods (e.g., table top analysis, walk through using event scenarios, and control room simulation) to refine and optimize the HSI. Early HSI development and HFE team evaluation is performed without use of accompanying operational procedures to drive the HSI towards intuitive displays and controls. As the iterative design process evolves towards a final design, the HSI development evaluation process increasingly emulates the formal verification and validation process.
| |
| Figure A-2 Point 15 represents the HSI design maturation from development to HFE verification and validation. In general terms, the iterative HSI development continues at Point 14 until the design evolution slows, indicating the design has matured and is ready for integrated validation in concert with available procedures and training. This V&V ensures the HSI, procedure, and training support the task defined in TA, the S&Q requirements, the concept of operations, and HFE principles.
| |
| © Copyright 2022 by NuScale Power, LLC A-7
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Point 16 represents the iterative feedback from the HFE verification and validation element to the treatment of important human actions and to the iterative development processes for HSI, procedures and training. That feedback comes from the verification of the HSI design and integrated system validation. The integrated system validation tests the design assumptions made in early PRA/HRA, FRA/FA and TA regarding the performance of important human actions and the capability of operators to properly execute those important human actions. The resultant feedback (signified by this symbol ) comes through direct communication across the HFE team as well as through HFE issues and HEDs, which are entered and tracked to resolution in HFEITS.
| |
| Figure A-2 Point 17 represents the iterative development of operating, alarm response, abnormal, and emergency response procedures. The structured development methodology translates the innovative ideas, the concept of operations, HFE principles, functional requirements, task requirements, and qualification requirements into required procedures and technical guidelines for emergency procedures. The HFE team evaluation (signified by this symbol ) of procedures is based on HFE principles, intuitive functionality, and NUREG-0700 (for computer-based procedures) using a variety of validation methods (e.g., tabletop analysis, walk-through using event scenarios, and control room simulation) to refine and optimize the procedures. As the iterative procedure development process evolves towards mature procedures, development evaluation increasingly emulates the formal verification and validation process.
| |
| Plant procedures may be developed outside of the HFE Program. For example, an applicant may elect to do so in order to develop operational elements using licensee personnel. When procedures are developed outside the HFE Program, relevant function, task, staffing and qualification, important human action, and HSI development information must be available to the procedure developer. Conversely, relevant procedures must be available to support the HFE verification and validation along with the attendant feedback mechanisms.
| |
| Figure A-2 Point 18 represents the procedure development maturation and transition to HFE verification and validation. In general terms, the iterative procedure development continues at Point 17 until the procedure is ready for integrated validation in concert with available HSI and training. This verification and validation ensures the HSI, procedure, and training supports the task defined by task analysis, staffing and qualifications requirements, concept of operations, and HFE principles.
| |
| © Copyright 2022 by NuScale Power, LLC A-8
| |
| | |
| Human Factors Engineering Program Management Plan TR-130414-NP Revision 0 Figure A-2 Point 19 represents the iterative development of training. The structured training development methodology translates the HFE principles, concept of operations, task requirements, qualification requirements, HSI development, and procedure development into appropriate Licensing and Non-Licensed Training Programs. These training programs identify methodologies (e.g., systematic approach to training) for development of learning objectives, conduct of training, training on the use of simulators, lectures, on-the-job training, training evaluation, and training duration. The HFE team evaluation (signified by this symbol ) of training development is based on HFE principles and industry guidelines for accredited training programs using a variety of validation methods (e.g., tabletop analysis or assist visits from operating plant training experts) to refine Training Program development. As the iterative training development process evolves towards maturity, development evaluation increasingly emulates the formal verification and validation process. In parallel with the training development but not shown in Figure A-2, the Training Program accreditation processes must iteratively influence Training Program development and content.
| |
| Plant Training Programs may be developed outside of the HFE Program. For example, an applicant may elect to develop operational elements using licensee personnel. When training programs are developed outside the HFE Program, relevant function, task, staffing and qualification, important human action, HSI development, and procedure development information must be available to the Training Program developer. Conversely, relevant Training Program job needs and learning objectives must be available to support the HFE verification and validation along with the attendant feedback mechanisms.
| |
| Figure A-2 Point 20 represents the maturation of the Licensed and Non-Licensed Training Program development, and transition to HFE verification and validation. In general terms, the iterative Training Program development continues at Point 19 until the Training Programs are ready for integrated validation in concert with available HSI and procedures. This verification and validation ensures the HSI, procedure, and training supports the task defined by task analysis, the staffing and qualifications requirements, the concept of operations and HFE principles. In parallel with HFE verification and validation not shown in Figure A-2, the Training Program accreditation processes must iteratively influence Training Program development and content.
| |
| Figure A-2 Point 21 (along with Points 9 and 10) represent the iterative feedback generated by the treatment of important human actions based on revisions to design documents (PRA/HRA) and the results of HFE verification and validation. Such feedback to the HFE verification and validation process ensures that new or changing important human actions are appropriately supported by the HSI, procedures and training. Similarly, such feedback to the design implementation and human performance monitoring elements ensures they appropriately prioritize important human actions.
| |
| © Copyright 2022 by NuScale Power, LLC A-9
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Licensing Technical Report Human Factors Engineering Staffing and Qualification Results Summary Report December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This report has been prepared by NuScale Power, LLC and bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this report, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in this report that is necessary for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding. Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of copies necessary for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations.
| |
| Copies made by the NRC must include this copyright notice and contain the proprietary marking if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 Staffing and Qualification Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.1 Staffing Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2 Task Analysis Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.3 Determining the Number and Qualifications of Licensed Operator Personnel. . . 6 2.1.4 Iterative Nature of Staffing Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Staffing and Qualification Team Composition and Responsibilities . . . . . . . . . . . . . . . . . 7 2.3 Applicable Regulatory Guidance for Staffing and Qualifications . . . . . . . . . . . . . . . . . . . 7 2.3.1 Standard Review Plan Guidance on Staffing and Qualifications . . . . . . . . . . . . . 7 2.3.2 Requirements on Staffing and Qualifications (10 CFR 50.54(m)) . . . . . . . . . . . . 7 3.0 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1 Establishing the Basis for Staffing and Qualification Levels . . . . . . . . . . . . . . . . . . . . . . 9 3.1.1 Operating Experience Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1.2 Functional Requirements Analysis and Function Allocation. . . . . . . . . . . . . . . . 11 3.1.3 Task Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1.4 Treatment of Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1.5 Procedure Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.6 Training Program Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2 Baseline Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.0 Evaluation of Staffing Levels and Operator Qualifications . . . . . . . . . . . . . . . . . . . 14 4.1 Staffing Plan Validation Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1.1 Staffing Plan Validation Methodology Overview. . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1.2 Staffing Plan Validation Scenario Development. . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1.3 Data Collection during Staffing Plan Validation Exercises . . . . . . . . . . . . . . . . . 17 4.1.4 Simulator Scenario-Based Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.2 Simulator Readiness for Staffing Plan Validation Exercises . . . . . . . . . . . . . . . . . . . . . 18
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Table of Contents 4.3 Simulator Scenario-Based Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.4 Simulator Human-System Interface Testing for Staffing Plan Validation . . . . . . . . . . . . 20 4.4.1 Inventory and Characterization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.4.2 Human-System Interface Task Support Verification before Staffing Plan Validation Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.4.3 Human Factors Engineering Design Verification before Staffing Plan Validation Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.5 Data Collection during Staffing Plan Validation Exercises . . . . . . . . . . . . . . . . . . . . . . . 21 5.0 Results Summary of Revised Staffing Plan Validation Testing. . . . . . . . . . . . . . . . 22 5.1 Revised License Operator Staffing Levels, Position Descriptions, and Qualifications Used during Revised Staffing Plan Validation Trials . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.2 Participants in Revised Staffing Plan Validation Trials. . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.3 Participants Training for Revised Staffing Plan Validation Trials . . . . . . . . . . . . . . . . . . 22 5.4 Revised Staffing Plan Validation Test Design Summary . . . . . . . . . . . . . . . . . . . . . . . . 23 5.5 Workload and Situational Awareness Data for Revised Staffing Plan Validation Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.6 Summary of Revised Staffing Plan Validation Test Results. . . . . . . . . . . . . . . . . . . . . . 25 6.0 Staffing and Qualification Results as Compared to NUREG-0711 Review Criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 7.0 Analysis Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 8.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 8.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 5-1 Revised Staffing Plan Validation Average Workload Data . . . . . . . . . . . . . . . . . 24
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 List of Figures Figure 5-1 Revised Staffing Plan Validation Situational Awareness Scores . . . . . . . . . . . . 24
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Abstract Staffing and qualifications is a significant element of the Human Factors Engineering Program. In support of this program, NuScale Power, LLC (NuScale) staffing and qualifications activities determine the number and qualifications of licensed operator personnel required for safe and reliable NuScale Power Plant operation. The staffing and qualifications analysis considers tasks from a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions. The Concept of Operations Technical Report (Reference 8.2.11) establishes minimum main control room staffing levels as well as operator roles and responsibilities for the NuScale Power Plant.
| |
| NuScale utilized the collective operating experience of its design staff, initial functional requirements analysis and function allocation and task analysis results, tabletop activities, and preliminary simulator observations to determine initial staffing levels, and then made iterative changes to those levels using the Human Factors Engineering Program elements. Because of the NuScale Power Plant's passive safety systems, simple operation, automation, expected reduced licensed operator workload, and limited number of important human actions, the final staffing level for operating a NuScale Power Plant is a minimum main control room shift contingent of one licensed reactor operator and two licensed senior reactor operators.
| |
| The NuScale staffing plan was validated utilizing the processes consistent with NUREG-1791 (Reference 8.2.17) and the applicable provisions of NUREG-0711 (Reference 8.1.1).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Executive Summary The staffing and qualifications (S&Q) analysis was performed by NuScale to determine the number and qualifications of licensed operator personnel required for safe and reliable plant operation. Licensed operator personnel include licensed operators and senior operators as defined by Code of Federal Regulations (CFR) 10 CFR 55.4 (Reference 8.1.3) and main control room (MCR)-specific personnel subject to the training program as described by 10 CFR 50.120 (Reference 8.1.5), as applicable. These S&Q activities are consistent with those of the overall Human Factors Engineering Program described in the Human Factors Engineering Program Management Plan (Reference 8.2.10).
| |
| Staffing level goals and staffing roles and responsibilities are evaluated and modified, as required, in an iterative fashion through the NuScale design change control process, through the use of the human engineering discrepancy process, and as information from other Human Factors Engineering elements and S&Q analyses, evaluations, and tests becomes available.
| |
| The NuScale Power Plant, as described in the Design Certification Application, is designed for operating up to 12 units from a single MCR, which is not specifically addressed in 10 CFR 50.54(m) (Reference 8.1.3). The staffing level for the Design Certification Application was a minimum MCR shift contingent of three licensed reactor operators and three licensed senior reactor operators which was discussed in the earlier revision to this document (Reference 8.2.6).
| |
| The staffing and qualifications results in this report are derived from the HFE analysis work completed for the NuScale Power Plant design documented in the Design Certification Application. The US460 is designed with up to six modules operated from a single MCR. The HFE work performed for the US460 design builds upon the earlier design and analysis completed under the Design Certification Application. The S&Q analysis documented herein yields an updated minimum MCR shift contingent for the NuScale Power Plant US460 standard design of one licensed reactor operator and two licensed senior reactor operators. Changes to the staffing levels are done using the analyses described with this document.
| |
| The Control Room Staffing Plan Methodology (Reference 8.2.12) incorporated guidance contained in NUREG-1791, Section 10, Review the Staffing Plan Validation. The methodology was successfully used during testing to provide the technical justification for the S&Q results summary report and subsequently the NuScale Control Room Staffing Plan Topical Report (Reference 8.2.15).
| |
| This report is organized into six major sections and appendices. Section 1.0 describes the purpose and scope of S&Q. Section 2.0 provides an overview of the S&Q implementation process and a description of the S&Q Team composition and responsibilities. Section 3.0 describes the methodology and specifies the criteria for performing the staffing and qualifications evaluations. Section 4.0 provides a detailed summary of the results of S&Q activities (i.e., the staffing levels, staff qualifications, staff roles and responsibilities, and the results of staffing plan validation). Section 5.0 provides a high-level conclusion derived from the experience of performing the S&Q activities. Section 6.0 describes conformance with NUREG-0711.
| |
| Section 7.0 summarizes the S&Q work and conclusions. The source and referenced documents applicable to and used in the S&Q effort are listed in Section 8.0.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 1.0 Introduction 1.1 Purpose This document provides the Human Factors Engineering (HFE) staffing and qualifications (S&Q) results summary report (RSR) for the NuScale Power Plant documented in the NuScale Power Plant US460 standard design.
| |
| The S&Q analysis determines the minimum number and qualifications of licensed operator personnel required for safe and reliable NuScale Power Plant operation under all operating conditions based on task and regulatory requirements. For the purposes of this RSR, licensed operator personnel include reactor operators (ROs) and senior reactor operators (SROs) as defined by Code of Federal Regulations (CFR) 10 CFR 55.4 (Reference 8.1.4) and main control room (MCR)-specific personnel subject to the training program as described by 10 CFR 50.120 (Reference 8.1.5), as applicable to the NuScale design.
| |
| 1.2 Scope The staffing and qualifications RSR includes staffing evaluations for activities performed by licensed control room operators for the NuScale Power Plant. The work performed utilizes the design and analysis completed under the Design Certification Application.
| |
| Staffing analysis for non-licensed operators, maintenance activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or instrumentation and controls (I&C) maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities are included only if they are determined to impact licensed operator workload. When licensed operator workload is impacted, then the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload or staffing and to develop human-system interface (HSI) or staffing adjustments required to address the specific task and associated staffing requirements.
| |
| 1.3 Abbreviations Table 1-1 Abbreviations Term Definition ANSI/ANS American National Standards Institute/American Nuclear Society CFR Code of Federal Regulations CRS control room supervisor DCA Design Certification Application FA function allocation FRA functional requirements analysis HED human engineering discrepancy HFE Human Factors Engineering HFEITS Human Factors Engineering issues tracking system HSI human-system interface I&C instrumentation and controls
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Table 1-1 Abbreviations (Continued)
| |
| Term Definition IHA important human action ISV integrated system validation MCR main control room NPP NuScale Power Plant NRC Nuclear Regulatory Commission NSIDE NuScale simulator interface development environment OER operating experience review RO reactor operator RSPV revised staffing plan validation RSR results summary report S&Q staffing and qualifications SDAA Standard Design Approval Application SME subject matter expert SM shift manager SMR small modular reactor SPV staffing plan validation SRO senior reactor operator TA task analysis TIHA treatment of important human actions TLX Task Load Index V&V verification and validation Table 1-2 Definitions Term Definition Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| Subject Matter Expert A person that has completed the NuScale HFE or Operations Initial company Training Program, has previous licensed operating nuclear plant experience, and has performed TA or NuScale system reviews and is familiar with the NuScale Power Plant design.
| |
| The definition of SME for staffing plan validation testing purposes is a person who has completed the Simulator Participant qualification, has previous licensed operating nuclear plant experience, and has worked at NuScale in some capacity to be familiar with the design, such as performing TA, NuScale system reviews, or operating the NuScale Integral Systems Test (NIST) facility.
| |
| Situation (or Situational) An individual's mental model of what has happened, the current status of Awareness the system, and what will happen in the next brief time period.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| Workload The cognitive and physical demands placed on plant personnel.
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 2.0 Implementation 2.1 Staffing and Qualification Process Overview 2.1.1 Staffing Levels Minimum MCR staffing levels as well as operator roles and responsibilities are described in detail in Concept of Operations (Reference 8.2.11). ((
| |
| }}2(a),(c) Because of the NuScale Power Plant's passive safety systems, simple operation, automation, expected reduced licensed operator workload, and no important human actions (IHAs), a NuScale Power Plant of up to six units is operated with a minimum MCR shift contingent of one licensed RO and two licensed SROs .
| |
| The NuScale Power Plant uses design-specific staffing levels as an alternative to 10 CFR 50.54(m). In order to evaluate and justify the staffing levels, NuScale implemented an approach to establishing the basis for staffing levels and qualification, including operator roles and responsibilities, in accordance with the Control Room Staffing Plan Validation Methodology (Reference 8.2.12). Section 2.3.2 contains more information on the NuScale approach. Section 5.0 and the Revised Staffing Plan Validation Test Report (Reference 8.2.14) contain a summary of the results for the final staffing levels.
| |
| 2.1.2 Task Analysis Inputs Task Analysis results are used to determine the crew roles and responsibilities and are used as input to the initial licensed operator staffing level. Personnel tasks, addressed in TA, are assigned to staffing positions considering task characteristics, such as the knowledge and abilities required, relationships among tasks, time available, and time required to perform the task.
| |
| the operator's ability to maintain situational awareness within the area of assigned responsibility.
| |
| teamwork and team processes, such as peer checking.
| |
| workload associated with each job within the crew.
| |
| For this report, the TA as described in the initial Human Factors Engineering Task Analysis Results Summary Report (Reference 8.2.3) was used as an input to updated staffing goals. No significant difference to the TA in the SDAA and DCA task analysis results are expected. This assumption will be confirmed using the process described in the Human Factors Engineering Task Analysis Implementation Plan (Reference 8.2.4) and documented in the final task analysis RSR, and gaps will be evaluated for impact on the S&Q results.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 The relationship between TA and S&Q with respect to the process for validation of the NuScale staffing plan is described in Reference 8.2.12.
| |
| 2.1.3 Determining the Number and Qualifications of Licensed Operator Personnel The scope of S&Q analyses includes determining both the number of licensed operator personnel and their qualifications. For the purposes of this RSR, licensed operator personnel include operators and senior operators as defined by 10 CFR 55.4 (Reference 8.1.4) and MCR-specific personnel subject to the training program as described by 10 CFR 50.120 (Reference 8.1.5), as applicable to the NuScale design.
| |
| Licensed operators' roles include those of SM, CRS, and RO. The role of SM and CRS can be combined as one watch-stander when desired. An SRO license is required to fill these roles. There are normally two RO watch-standers. This position requires an RO license as a minimum; however, one of these watch-standers must also have an SRO license to provide short-term relief for the combined SM and CRS position.
| |
| Staffing and qualifications analyses define numbers and qualifications of licensed personnel for a range of conditions and tasks, including operational tasks (under normal, abnormal, and emergency conditions).
| |
| ((
| |
| }}2(a),(c) 2.1.4 Iterative Nature of Staffing Analysis Initial staffing level goals and staffing roles and responsibilities are evaluated and modified, as required, in an iterative fashion through NuScale design change control procedures, through the use of the human engineering discrepancy (HED) process, and as information from other HFE elements and S&Q analyses, evaluations, and tests becomes available.
| |
| Human engineering discrepancies are generated during human factors verification and validation (V&V) activities within the NuScale HFE Program as described in the Human Factors Engineering Program Management Plan (Reference 8.2.10). Design discrepancies identified during HFE design development activities are resolved as part of the NuScale design process, whenever possible. Those HFE issues that cannot be immediately resolved or that potentially change the initial staffing goals for the MCR or potentially impact their roles and responsibilities are captured in the Human Factors Engineering issues tracking system (HFEITS) for evaluation and resolution.
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 2.2 Staffing and Qualification Team Composition and Responsibilities The HFE team is responsible for conducting the S&Q analysis. The qualifications of the HFE team members supporting this HFE Program element are stipulated in the NuScale HFE Design Implementation Implementation Plan (Reference 8.2.9).
| |
| An S&Q Team and S&Q Team lead are selected by the HFE supervisor to conduct the S&Q element. The S&Q Team lead is responsible for organizing the S&Q Team.
| |
| assigning team member responsibilities.
| |
| managing resources.
| |
| developing schedules.
| |
| receiving access to activities and results from other HFE elements.
| |
| ensuring that S&Q issues are completed with supporting documentation and entered into HFEITS as necessary.
| |
| production of the validation trial results report and the staffing and qualifications RSR.
| |
| Staffing goals for the MCR crew for the NuScale Power Plant documented in the SDAA are an input to the HFE Program elements and are confirmed using the process described in the Control Room Staffing Plan Validation Methodology (Reference 8.2.12).
| |
| The results of the validation exercises applicable to the SDAA are documented in the Revised Control Room Staffing Plan Validation Results, RP-0419-65209 (Reference 8.2.14).
| |
| The S&Q process is detailed in Section 3.0, Methodology. Further details are provided in the Control Room Staffing Plan Validation Methodology (Reference 8.2.12).
| |
| 2.3 Applicable Regulatory Guidance for Staffing and Qualifications 2.3.1 Standard Review Plan Guidance on Staffing and Qualifications The NUREG-0800 Standard Review Plan (Reference 8.1.2), Section 13.1.1 Management and Technical Support Organization, and Sections 13.1.2-13.1.3 Operating Organization, provide guidance for addressing the management and technical support organization, and operating organization. A license applicant that references the NuScale Power Plant (NPP) standard design will address the management and technical support organization, operating organization, and qualifications of non-licensed operators and other plant personnel. The qualification of licensed operators is addressed in this report.
| |
| 2.3.2 Requirements on Staffing and Qualifications (10 CFR 50.54(m))
| |
| The NuScale Power Plant US460 standard design is designed for the operation of up to six units from a single MCR, which is not addressed by 10 CFR 50.54(m). Because of NuScale's passive safety systems, simple operation, automation, reduced licensed
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 operator workload, no identified IHAs, and ample time to complete operator actions, the NuScale Power Plant uses design-specific staffing levels as an alternative to 10 CFR 50.54(m).
| |
| SECY-11-0098 (Reference 8.1.15) provides the Nuclear Regulatory Commission (NRC) staff's proposed approach to resolving the issue of the appropriate number of on-site licensed operators for multi-module nuclear power plants, and potential requests for exemptions from the on-site operator staffing requirements in 10 CFR 50.54(m).
| |
| SECY-11-0098 recommends "a two step approach to address operator staffing requirements for SMRs. In the near-term, applicants can request exemptions to the current operator staffing requirements in 10 CFR 50.54(m) and the staff will review the request using existing or modified guidance. Once experience is gained, the staff would initiate the long-term solution, which is to revise the regulations to provide specific control room staffing requirements for SMRs." Consistent with SECY-11-0098 and NUREG-0711 Section 6.4, NuScale is using the existing guidance in NUREG-0800 (Reference 8.1.2), NUREG-0711 (Reference 8.1.1), NUREG-1791 (Reference 8.1.17), and NUREG/CR-6838 (Reference 8.1.19) to develop the methodology to justify an alternate staffing solution. This report and its supporting documents provide the technical justification for the alternate licensed operator staffing of a NuScale Power Plant. A license applicant that references the US460 standard plant design will seek an exemption from 10 CFR 50.54(m) to implement the alternate staffing levels at a facility.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 3.0 Methodology 3.1 Establishing the Basis for Staffing and Qualification Levels The staffing levels for the MCR crew are identified in Section 2.1.1 and further described in the Concept of Operations (Reference 8.2.11). Staffing goals for the MCR crew are an input to or have an impact on many of the HFE Program elements and are confirmed using the revised Control Room Staffing Plan Validation Methodology (Reference 8.2.12).
| |
| The staffing goals are subject to revision based on the results of HFE analyses, including operating experience review (OER), FRA/FA, TA, HSI design, and S&Q. The methodologies used in the analyses of these HFE elements are described in the corresponding RSRs and implementation plans, as applicable. These analyses provide the basis for the staffing levels, including subsequent changes. This Staffing and Qualification Results Summary Report is developed with the assumption that those HFE elements supporting the NuScale US460 standard design, and where implementation plans are being submitted, will require confirmation of the staffing and qualification levels once the results of those elements are developed and analyzed. Gaps identified at that time may require revisions to this document. Those HFE elements that will be submitted as implementation plans as part of the SDAA submittal are Human Factors Engineering Operating Experience Review Implementation Plan (Reference 8.2.1).
| |
| Human Factors Engineering Functional Requirements Analysis and Functional Allocation Implementation Plan (Reference 8.2.2).
| |
| Human Factors Engineering Task Analysis Implementation Plan (Reference 8.2.4).
| |
| Human Factors Engineering Human System Interface Design Implementation Plan (Reference 8.2.7).
| |
| Human Factors Engineering Verification and Validation Implementation Plan (Reference 8.2.8).
| |
| Human Factors Engineering Design Implementation Implementation Plan (Reference 8.2.9).
| |
| The following sections describe NuScale methodology for performing the S&Q analyses to determine and change staffing levels, staffing qualifications, and roles and responsibilities for safe operation of a multi-module nuclear power plant.
| |
| A top criterion for staffing is individual and crew task performance. Successful task performance is the main criterion for evaluating a proposed staffing level. However, crew task performance can be negatively impacted by other factors. High workload and poor situational awareness are examples of factors that can lead to poor task performance and are addressed during the S&Q analyses. The S&Q analyses include periodic tests conducted at increasing levels of design maturity, procedure development, simulator fidelity, and operator training. These testing methodologies and results are described below and in Reference 8.2.12 and Reference 8.2.14.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 3.1.1 Operating Experience Review The NuScale Power Plant is a new and innovative modular, passive design with no commercial nuclear reactor power plant considered as a direct predecessor.
| |
| Nonetheless, the operating experience of current commercial nuclear power plants is analyzed as described in the Human Factors Engineering Operating Experience Review Implementation Plan (Reference 8.2.1) and in the Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan (Reference 8.2.2) because many systems and components similar to those in the NuScale design are also found in operating nuclear power plants. The roles and responsibilities of the SROs, specifically the SM and CRS, in existing commercial nuclear plants is considered effective in establishing and maintaining command and control and technical oversight during normal and off-normal conditions. Therefore, staffing for the MCR crew levels and qualifications are based, in part, on staffing levels and qualifications from commercial nuclear power plants, while taking into account the passive features and a high degree of automation of the NuScale Power Plant.
| |
| Operating experience at commercial nuclear power plants is reviewed as described in Reference 8.2.1. Initial staffing goals for the NPP were developed in consideration of the following factors based on subject matter expert (SME) knowledge and experience, and were considered as a part of OER, FRA/FA, and TA:
| |
| operational strengths and weaknesses resulting from staffing levels initial staffing goals for the MCR crew and their bases, including a description of significant similarities and differences staffing considerations described in NRC Information Notice 95-48, "Results of Shift Staffing Study" (Reference 8.1.6) possible impact on staffing because of work hour limits, required break times, and required days off, as specified in 10 CFR 26.205, Work Hours, (Reference 8.1.7) as part of the Fitness-For-Duty rule Regulatory Issue Summary 2009-10, Communications between the NRC and Reactor Licensees during Emergencies and Significant Events (Reference 8.1.8) automatic action crediting described in NRC Information Notice 97-78, "Crediting of Operator Actions in Place of Automatic Actions and Modifications of Operator Actions, Including Response Times" (Reference 8.1.9)
| |
| NUREG/IA-0137, A Study of Control Room Staffing Levels for Advanced Reactors (Reference 8.1.16)
| |
| The OER focus is on the unique features of the NuScale design that include multi-module applications, use of digital control systems, heavy use of automation, and use of computer-based procedures. The OER identifies human performance errors that may indicate strengths or weaknesses in commercial nuclear power plant S&Q. Human performance errors are evaluated to determine if strengths are maintained and weaknesses are resolved by the NuScale design. The OER bases related to S&Q are re-confirmed during S&Q analyses to ensure they remain valid.
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 3.1.2 Functional Requirements Analysis and Function Allocation The FRA determines plant functions performed to satisfy plant safety objectives and identifies the preferred normal and emergency success paths used to control those functions. The FA assigns these success paths to human (manual), machine or system (automation), or shared actions. The process for assigning or allocating success paths is described in the Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan (Reference 8.2.2) and includes consideration of the complexity and time criticality of controlling these success paths. The FA considers not only primary task allocation to personnel but also the responsibility to monitor automatic functions, to detect I&C and HSI degradations and failures, and to assume manual control when necessary.
| |
| The FA to an individual operator is based on HFE criteria and may not fully consider the operating crew as a whole. ((
| |
| }}2(a),(c)
| |
| During S&Q analyses, HFEITS items may be generated in order to bring about changes to FRA/FA during successive iterations.
| |
| 3.1.3 Task Analysis The functions assigned to licensed operator personnel from FRA/FA define their roles and responsibilities for both manual actions and monitoring of or backup to automation. Human actions performed to accomplish these functions are grouped to obtain common objectives or goals. Task analysis helps to define operator S&Q for each task and includes an assessment of workload and time margins for task execution. The Task Analysis Implementation Plan (Reference 8.2.4), provides more detail on TA.
| |
| Initially, tasks are identified via system-task level analysis, and systems tasks are combined into system level functional groups. As the TA progresses, multi-system functions are combined.
| |
| The results of TA are used to develop and mature the HSI, define the roles and responsibilities of personnel, develop the draft operating procedures, capture knowledge, skills, and abilities, and identify training needs.
| |
| The TA inputs to S&Q analyses include time available and time required to perform a task.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 SME estimates of the workload involved.
| |
| high-workload personnel tasks.
| |
| knowledge, skills, and abilities for personnel.
| |
| personnel communication and coordination, including interactions among individuals for diagnosing, planning, and controlling the plant, and interactions among personnel for administrative, communications, and reporting activities.
| |
| the job requirements resulting from the sum of tasks allocated to each individual inside the MCR.
| |
| The TA may identify required workload outside of the MCR, such as fire brigade support; however, licensed operators who fill a minimum shift staffing role are not assigned other duties that prevent them from fulfilling their licensed operator duties within the MCR. Further information on operator roles is available in the Concept of Operations (Reference 8.2.11).
| |
| The S&Q analyses consider tasks from the full scope of TA (e.g., a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions) (Reference 8.2.3).
| |
| The S&Q-related issues that may be generated during TA are tracked in the HFEITS and resolved during human factors V&V activities.
| |
| It is recognized that the control room staff is responsible for implementing the initial emergency response per 10 CFR 50.47, Emergency Plans (Reference 8.1.10),
| |
| using the guidance contained in NUREG-0654, Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants (Reference 8.1.11). This responsibility includes diagnosis, assessment, mitigation, emergency declaration, off-site notifications, and implementing emergency measures within the site boundary, including protective measures and aid for on-site personnel. ((
| |
| }}2(a),(c) 3.1.4 Treatment of Important Human Actions The Treatment of Important Human Actions (TIHA) Results Summary Report (Reference 8.2.5) describes the method that is used to identify important human actions and consider them in the overall control room design. Detailed TA determines the feasibility and reliability of performing the mitigating actions of IHAs, if any are identified. Task analysis would also perform a workload assessment, time margin assessment, and determine the number of people required to accomplish a task as well as the knowledge and abilities that determine qualifications. No important human
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 actions were identified for the NuScale Power Plant, thus no further evaluation was needed.
| |
| 3.1.5 Procedure Development Staffing and qualifications analyses use task sequencing from TA as preliminary procedures and assume specific personnel numbers, and a certain level of secondary tasks such as communication. The S&Q analyses also consider when task sequencing suggests the concurrent use of multiple procedures. Computer-based procedures are used during scenario-based testing of operator and crew performance tests, workload analysis, and situational awareness assessments.
| |
| Procedure development is a licensee activity. Issues identified during S&Q or other HFE activities performed by NuScale during the design development process that have impacts to procedure development are entered into the HFEITS database.
| |
| Training program development related issues are then passed to the licensee for disposition by their training program, as applicable.
| |
| 3.1.6 Training Program Development Staffing and qualifications analyses provide input to the training program development related to knowledge, skills, and abilities to be attained and maintained.
| |
| As S&Q analyses encompass licensed operator personnel, they provide input essential to coordinating actions between individuals inside and outside the MCR.
| |
| The training program includes this set of knowledge, skills, and abilities.
| |
| Training program development is a licensee activity. Any issue identified during S&Q or other HFE activities performed by NuScale during the design development process that have impacts to training program development are entered into the HFEITS database. Training program development related issues are then passed to the licensee for disposition by their training program, as applicable.
| |
| 3.2 Baseline Assumptions Before completion of the initial S&Q analyses, a NuScale Power Plant of up to 12 units was assumed to be operated with an MCR shift contingent of three licensed ROs and three licensed SROs covering the roles of SM, shift technical advisor, and CRS. Staffing and qualifications analyses were conducted to validate the initial staffing goals for the MCR crew. These initial staffing goals for the MCR crew reflect the inputs from OER, FRA/FA, TA, and TIHA. The staffing goals were then adjusted and validated as described throughout this document. The MCR shift continent for the NuScale SDAA plant is assumed to be a minimum of one licensed RO and two licensed SROs, as described in the Concept of Operation technical report (Reference 8.2.11).
| |
| Qualification requirements (education and job experience) and the training program for the licensed operator personnel at a NuScale Power Plant are expected to be similar to those described in ACAD 10-001, Guidelines for Initial Training and Qualification of Licensed Operators (Reference 8.1.20).
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 4.0 Evaluation of Staffing Levels and Operator Qualifications The bases for licensed operator personnel staffing are established as described in Section 3.1 using input from other HFE Program elements to support the staffing goals for the MCR crew (numbers and qualifications baseline) described in Section 3.2. Staffing and qualifications evaluations then confirm or modify the baseline to achieve the final staffing and qualification levels. For the NuScale Power Plant design described in the SDAA the Revised Control Room Staffing Plan Validation Test Report (Reference 8.2.14) was performed to confirm the staffing levels. A summary of that report, and the Control Room Staffing Plan Validation Methodology (Reference 8.2.12) are provided in this section.
| |
| ((
| |
| }}2(a),(c)
| |
| These tests and assessments are performed to gain a high level of confidence in the adequacy of licensed operator staffing levels and their qualifications, roles, and responsibilities.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 4.1 Staffing Plan Validation Methodology 4.1.1 Staffing Plan Validation Methodology Overview The Control Room Staffing Plan Validation Methodology (Reference 8.2.12) was developed following a review of numerous regulatory and research studies on staffing, situational awareness, and workload measurements. ((
| |
| }}2(a),(c)
| |
| The Control Room Staffing Plan Validation Methodology (Reference 8.2.12) consists of the following elements:
| |
| Identify Challenging Operating Conditions Identify Primary and Dependent Tasks Identify Independent Tasks Construct Scenarios and Assign Operator Responsibilities Operating Staff Assignments Staffing Assumptions Scenarios Development Input Scenario Development Content Goals Creation of Scenario Guides Scenario Test Plan Analyze Workload 4.1.2 Staffing Plan Validation Scenario Development
| |
| ((
| |
| }}2(a),(c)
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 Scenarios selected for staffing plan validation exercises are also identified using input from other HFE Program elements:
| |
| OER (Reference 8.2.1) identifies situations and technologies that affect human performance. These factors are evaluated during TA for effects on crew size or qualifications.
| |
| FRA/FA (Reference 8.2.2) identifies success paths to determine the best allocation of functions. The FRA/FA also identifies associated workload to control those success paths while maintaining critical functions (including monitoring of automatic functions).
| |
| TA (Reference 8.2.3) identifies constraints where time required to conduct a task is less than time available. Secondary tasks, distractions, and process delays (e.g., valve stroke time or digital processing time) are considered within time required constraints. Licensed operator workload is determined by the collective time required vs. time available calculation. Staffing and qualifications identifies the tasks that have the highest workload conditions for evaluation as part of the staffing plan validation exercises (Reference 8.2.12).
| |
| TIHA (Reference 8.2.4) identifies both probabilistic and deterministic IHAs, however, no IHAs are identified for the NuScale US460 design.
| |
| Human factors V&V (Reference 8.2.8) identifies the need to identify a range of operational conditions to guide task support verification, HFE design verification, and integrated system validation (ISV) by means of performing sampling of operational conditions. The need to use sampling of operational conditions as a means to support the development of challenging scenarios for evaluating workload as part of the staffing plan validation exercises is promoted in Brookhaven National Laboratory Technical Report No. 20918-1-2015 (Reference 8.1.18).
| |
| The scenario selection includes those items that are unique to NuScale such as situations evaluating changing conditions on multiple modules, common system interface failures and their effect on multiple modules, high levels of automation, and beyond-design-basis events. For workload considerations, certain plant evolutions that are planned and executed with additional staff beyond the minimum proposed are not included. For example, a reactor startup is not an activity that is performed as an unplanned evolution or needs to be done in an expeditious manner with a minimum crew; therefore, it is not considered. A reactor startup is more appropriately tested during ISV activities. Refueling operations are also not considered (except as a potential distraction) in the workload assessment. They are performed by a dedicated staff (including an SRO) separate from the MCR operating staff. The control room operators, with the exception of the SM, have little direct interaction with the refueling team.
| |
| Staffing plan validation exercises are also conducted for scenarios that, in SME judgment, challenge the initial staffing levels for the MCR in terms of numbers or qualifications. (( }}2(a),(c)
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0
| |
| ((
| |
| }}2(a),(c) 4.1.3 Data Collection during Staffing Plan Validation Exercises
| |
| ((
| |
| }}2(a),(c) Evaluation criteria, as described in Reference 8.2.13, are established and used to determine the acceptability of operator performance and the adequacy of the HSI to permit operators to correctly diagnose and mitigate high-workload scenarios and to ensure the proposed staffing plan is acceptable.
| |
| Reference 8.2.12 contains a detailed description of the methodology for performing staffing plan validation exercises, including the criteria and method for scenario development, qualification of the test bed, test conditions and evaluation criteria, test participants, and participant training.
| |
| ((
| |
| }}2(a),(c)
| |
| The testing plan results are evaluated and included in Section 4.0 and Reference 8.2.13. As each test is performed, lessons learned are captured and incorporated as needed to enhance the ability of the operators to identify key parameters and to manage the workload demands.
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 The results included in Section 4.0 document the changes made to the HSI, conduct of operations, or design as appropriate. By utilizing an integrated, systematic approach to evaluate the workload conditions for an operating crew, validation of the minimum licensed operator staffing for a multi-unit NuScale Power Plant is established.
| |
| 4.1.4 Simulator Scenario-Based Testing The simulator is able to support the scenarios required for staffing plan validation exercises. Reference 8.2.12 contains additional information about the status of the simulator. The validation environment is based on the control room design to the extent practicable.
| |
| Scenario-based testing is performed in accordance with the NuScale Simulator Scenario-Based Testing Procedure described in detail in Reference 8.2.12.
| |
| The testing is conducted by determining a set of key parameters and ensuring those parameters behave as expected for the developed SPV scenarios. The American National Standards Institute/American Nuclear Society (ANSI/ANS)-3.5-2009 Nuclear Power Plant Simulators for Use in Operator Training and Examination (Reference 8.1.21) is referenced to select steady state and transient parameters.
| |
| 4.2 Simulator Readiness for Staffing Plan Validation Exercises Simulator readiness to support staffing plan validation exercises is essential for reliable, credible testing. The simulator provides operators with the HSI necessary to interact with working models of the plant design, thus putting the NuScale concepts of operation into practice. ((
| |
| }}2(a),(c)
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0
| |
| ((
| |
| }}2(a),(c) 4.3 Simulator Scenario-Based Testing Scenario based testing was performed in accordance with the NuScale Simulator Scenario-Based Testing Procedure before validation testing exercises.
| |
| The testing was conducted by determining a set of key parameters and ensuring those parameters behaved as expected for the developed staffing plan validation scenarios.
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 The ANSI/ANS-3.5-2009 Nuclear Power Plant Simulators for Use in Operator Training and Examination (Reference 8.1.21) was referenced for a draft list to select steady state and transient parameters.
| |
| ((
| |
| }}2(a),(c)
| |
| Reference 8.2.12 contains more information about simulator testing criteria.
| |
| 4.4 Simulator Human-System Interface Testing for Staffing Plan Validation The following sections describe the HSI testing performed to ensure the integrity of the HSI used during staffing plan validation exercises.
| |
| 4.4.1 Inventory and Characterization This section describes the method NuScale used to develop the inventory and characterization of the HSI displays, controls, and related equipment needed for the scope defined by the scenarios discussed in the Control Room Staffing Plan Validation Methodology (Reference 8.2.12).
| |
| ((
| |
| }}2(a),(c)
| |
| A sample form is provided in Appendix A of Reference 8.2.12, Table 8-1.
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 4.4.2 Human-System Interface Task Support Verification before Staffing Plan Validation Exercises
| |
| ((
| |
| }}2(a),(c)
| |
| A sample form is provided in Appendix B of Reference 8.2.12, Table 8-2.
| |
| 4.4.3 Human Factors Engineering Design Verification before Staffing Plan Validation Exercises The HFE design verification was conducted to confirm that HSI characteristics conform to HFE guidelines as represented in the style guide. The style guide consists of procedures for use, general considerations, and system-specific guidance for screen-based HSIs.
| |
| ((
| |
| }}2(a),(c)
| |
| A sample form is shown in Appendix C of Reference 8.2.12, Table 8-3 and Table 8-4.
| |
| 4.5 Data Collection during Staffing Plan Validation Exercises
| |
| ((
| |
| }}2(a),(c)
| |
| Reference 8.2.13 contains further information on data collected.
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 5.0 Results Summary of Revised Staffing Plan Validation Testing After reviewing the HFE analysis results, the initial validation effort (Staffing Plan Validation Testing (Reference 8.2.13)), and the ISV testing, an additional study was conducted entitled the Revised Control Room Staffing Plan Validation Test Report (Reference 8.2.14). The crew complement during this testing was revised to one licensed RO and two licensed SROs. The full report of the results of this testing is described in the Revised Control Room Staffing Plan Validation Results (Reference 8.2.14). The report contains the following information:
| |
| test purpose, scope, acceptance criteria and diagnostic measures test participants control room simulator used during the testing scenarios data collection results of validating the revised staffing levels 5.1 Revised License Operator Staffing Levels, Position Descriptions, and Qualifications Used during Revised Staffing Plan Validation Trials The crew complement for the revised staffing plan validation (RSPV) consisted of three licensed operators. The following staff and license levels were used during testing as part of the on-shift operating crew:
| |
| dual role shift manager and control room supervisor - senior reactor operator license reactor operator one - reactor operator license or senior reactor operator license reactor operator two - reactor operator license or senior reactor operator license 5.2 Participants in Revised Staffing Plan Validation Trials The three-person crew members were chosen based on previous experience as crew members during integrated systems validation testing.
| |
| 5.3 Participants Training for Revised Staffing Plan Validation Trials The participants in the RSPV were selected from the ISV crews who had previously attended the ISV Program training. This training consisted of the following:
| |
| 260 hours of classroom training that included an overview of NuScale design, system interactions, normal and abnormal conditions, technical specifications, emergency action levels, and applicable administrative processes four quizzes to assess individual comprehension 120 hours of simulator familiarization of system tasks, normal and abnormal conditions, IHAs, teamwork, communications, and formality two program dynamic simulator scenario tests to assess crew performance
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 one final dynamic simulator audit test Additional training before the start of the second validation testing consisted of four hours of classroom refresher training followed by 30 hours of simulator practice.
| |
| Classroom training consisted of the following topics:
| |
| purpose of RSPV testing results of ISV testing description of simulator differences from ISV conduct of operations refresher assumed operator timed actions 5.4 Revised Staffing Plan Validation Test Design Summary The original SPV scenarios performed in 2016 were not used for this validation because the previous scenario information was published both internally and submitted to the NRC for review. Therefore, it could not be ensured that participants would be unaware of the contents of the previous validation test. For this reason, new scenarios were generated using the same method as used to generate the original SPV scenarios in accordance with Control Room Staffing Validation Methodology (Reference 8.2.12). The scenarios were developed using the following inputs:
| |
| challenging operating conditions listed in Section 3.0 of Control Room Staffing Validation Methodology (Reference 8.2.12) sampling of operational conditions derived from Section 11.4.1 of NUREG-0711 high-workload tasks identified by the TA Three potentially higher-workload themes for the NuScale design were incorporated into three different scenarios:
| |
| performing potential IHAs to add inventory to the reactor vessel or containment vessel in beyond-design-basis, low-probability events multi-module transients or events higher levels of automation and incorporation of various automation-related failures or loss of nonsafety controls Three validation scenarios were created using a framework designed around the three potentially high-workload themes listed above. One scenario included the performance of an IHA that is no longer designated as an IHA in the NuScale US460 design. Two scenarios were designed to test varying multi-module events. Automation failures were then incorporated into these scenarios. A comprehensive sampling-of-conditions approach was then used to ensure that a representative high-workload sample was tested. A review of the current TA concluded there was no change in required workload tasks previously identified in Control Room Staffing Plan Validation Methodology (Reference 8.2.12). The list of required high-workload tasks from Appendix F of the
| |
| © Copyright 2022 by NuScale Power, LLC 23
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 methodology document was input into a computer-generated randomizer. The randomizer was used to provide the initial population of scenario events.
| |
| The scenarios were then developed being informed by the random high-workload tasks and the high-workload themes. Details were added to support scenario tasks and acceptance criteria was applied based on timing criteria used during ISV testing.
| |
| NUREG-0711 provides a list of sample conditions that were referenced with the goal of including 70 percent of the listed conditions within the three scenarios in total.
| |
| 5.5 Workload and Situational Awareness Data for Revised Staffing Plan Validation Test The range of average workload for each 2019 RSPV test crew member is as follows:
| |
| Table 5-1 Revised Staffing Plan Validation Average Workload Data Crew Member Avg. Lowest Avg. Workload Highest Avg. Workload RO1 21 15 20 RO2 13 10 15 CRS 18 11 25 The maximum workload value measured during the trials was a raw score of 80. This score was tied to a scenario event that was designed so that the crew would not be successful. During this event, reactor coolant inventory was leaking from the module and the crew had to take action to inject additional inventory. Subsequently, the crew had indications of fuel clad degradation. In this scenario their actions were not allowed to be successful. Both CRSs stated that this no-win situation was very stressful, which was reflected in their higher TLX scores.
| |
| Situational awareness questionnaires were used at predetermined points administered in conjunction with TLX workload measures. The figure below shows the actual scores for scenarios 1, 2, and 3 from left to right on the x-axis.
| |
| Figure 5-1 Revised Staffing Plan Validation Situational Awareness Scores
| |
| © Copyright 2022 by NuScale Power, LLC 24
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 The range of scores were 90 to 100 percent. The average situational awareness score was 97 percent. There was no trend to indicate that one position or person had a deviation of results from any other person or position. No situational awareness comments were generated during the RSPV.
| |
| 5.6 Summary of Revised Staffing Plan Validation Test Results The results of the RSPV confirmed that an NPP and the associated plant facilities can be operated safely and reliably by a minimum staffing contingent of three licensed operators from a single control room during high-workload conditions.
| |
| The RSPV tests demonstrate that, like the SPV test results, the minimum NuScale licensed operator staffing is sufficient to protect public health and safety, while operating up to a 12-module NPP from a single control room. The RSPV tests are applicable to the US460 standard design for an up to six module plant.
| |
| The completion times for the required tasks were performed within the scenario acceptance criteria, with margin. Diagnostic criteria were used to identify potentially high-workload tasks using a holistic approach using convergence of measured results. For example, the TLX data collection methodology and the data analysis approach were designed to identify potential high workload by examining deviations in data with less emphasis on absolute value. This analysis was done so that even small deviations at low workload levels would be identified. When workload met predetermined criteria then other tools such as direct questioning, observations, and self-critiques were used to validate or gather further evidentiary information. Actual or perceived level of workload and stress was related to the impact on performance.
| |
| The trial scenarios included evaluation criteria that could have warranted additional testing if not met. However, the evaluation criteria were met during each scenario testing and trials, thus no additional tests were required, nor additional validation performed.
| |
| During the tests, no discrepancies were identified that warranted being entered into the NuScale Corrective Action Program. No identified HEDs were designated as nuclear safety concerns that would require retest (category priority 1). Some discrepancies were identified and categorized as improvements to the process, HSI, procedures, or conduct of operations (category priority 2 or 3). Identified HEDs were documented in the HFEITS database.
| |
| Further information about the second validation trial is documented in the Revised Control Room Staffing Plan Validation Test Report (Reference 8.2.14).
| |
| © Copyright 2022 by NuScale Power, LLC 25
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 6.0 Staffing and Qualification Results as Compared to NUREG-0711 Review Criteria As stated in Section 2.3.1, an applicant that references the NuScale Power Plant US460 standard design will provide a description of the corporate or home office management and technical support organizations.
| |
| Task analysis is used for the development of scenarios as described in Section 3.0 and Appendices E and F of the Control Room Staffing Plan Validation Methodology (Reference 8.2.12). The following criteria as demonstrated in the Staffing Plan Validation Results (Reference 8.2.13) and the Revised Staffing Plan (Reference 8.2.14) are also included in the validation measurement criteria:
| |
| the task characteristics, such as the knowledge and abilities required, relationships among tasks, time required to perform the task, and estimated workload the operators ability to maintain situational awareness within the area of assigned responsibility teamwork and team processes (e.g., peer checking)
| |
| The number and qualifications of operations personnel for a range of plant conditions and operational tasks under normal, abnormal, and emergency conditions from the initial staffing goals were validated as demonstrated in the Staffing Plan Validation Results (Reference 8.2.13).
| |
| NuScale's staffing analysis methodology is iterative as described in Section 2.1.4.
| |
| Staffing levels have changed from initial goals, as they have been continuously evaluated throughout the HFE analysis and design process as demonstrated, for example in Human Factors Engineering Task Analysis Results Summary Report (Reference 8.2.3), and roles and responsibilities have evolved as described in the NuScale Concept of Operations (Reference 8.2.10). The revised number and qualifications of operations personnel were validated as demonstrated in the Revised Staffing Plan Validation Results (Reference 8.2.14).
| |
| The basis for NuScale staffing and qualification levels were established and have been optimized as a result of the specific staffing-related issues included in the HFE elements listed in Section 3.1 and their respective RSRs and implementation plans (Reference 8.2.1 through Reference 8.2.6). The basis is also established in the process described in the Control Room Staffing Plan Methodology (Reference 8.2.12), and the results as described in the Control Room Staffing Plan Validation Results (Reference 8.2.13) and Revised Staffing Plan Validation Results (Reference 8.2.14).
| |
| © Copyright 2022 by NuScale Power, LLC 26
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 7.0 Analysis Conclusions The NPP is innovative in both design and staffing requirements. The passive systems operate with no operator actions required for design-basis events. At the time RSPV was conducted, two IHAs had been identified. Reference 8.2.5 describes the US460 standard design TIHA, which reflects the updated analysis identifying zero important human actions. NuScale Power Plant design features provide operators large time margins to complete tasks that historically would need to be performed without delay.
| |
| The HSI design provides at-a-glance assessment of plant conditions and facilitates early detection of degrading conditions. The features of the HSI such as design of the overview screens, safety function displays, ease of navigation, and universal display of active processes promote high levels of situational awareness.
| |
| The Concept of Operations (Reference 8.2.11) specifies that one operator has the primary focus to monitor the NPP as demonstrated in the SPV testing. One person is able to monitor multiple modules and quickly detect changing trends and off-normal conditions. This designated monitoring allows other operators to be focused on specific task completion. During the RSPV, the shift technical advisor position was eliminated, and the test successfully validated the functionality of the upgraded HSI, the effectiveness of the embedded safety function monitoring, and the backup validation by the crew members. These results demonstrated an equivalent and effective level of plant safety monitoring.
| |
| Staffing plan validations have been conducted using guidance in NUREG-0711, NUREG-1791, and NUREG/CR-6838 as well as other industry guidance. The SPV and RSPV testing included performance-based tests using a simulator focused on operator performance, workload, and situational awareness during challenging plant operating conditions, including design-basis-events, beyond-design-basis events, multi-module events, and events in series and parallel.
| |
| Two independent crews were trained and qualified to conduct three challenging and workload-intensive scenarios utilizing conduct of operations guidance that was reflective of the current industry standards with respect to communications and use of human performance tools. Three scenarios were designed to be challenging and reasonably bounding. By using those tasks from TA that were not only high workload, but also could not be ignored, operators were required to confront and manage issues affecting multiple units, beyond-design-basis events, and large scale loss of controls and indications. As was expected because of the scenario design, the testing tools (such as TLX) showed that, at certain points in the scenarios, operators experienced higher levels of workload.
| |
| However, when examining the aggregate results from various testing tools, the levels of workload were found acceptable for both individuals and the crew as a whole.
| |
| A team of trained and qualified observers consisting of operations, management, and HFE personnel observed and analyzed the crew performances utilizing multiple methods of monitoring crew performance, workload, and situational awareness.
| |
| © Copyright 2022 by NuScale Power, LLC 27
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 The test and evaluation team was effective in administering the test and analyzing the test results.
| |
| The results of the analysis, performed using the methods described above, confirm that an NPP may be operated safely and reliably by a minimum staffing contingent of three licensed operators from a single control room during high-workload conditions. The staffing level requires that at least two of the control room staff are licensed at the senior license level to allow for any crew member to leave the control room.
| |
| © Copyright 2022 by NuScale Power, LLC 28
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 8.0 References 8.1 Source Documents 8.1.1. U.S. Nuclear Regulatory Commission, "Human Factors Engineering Program Review Model," NUREG-0711, Rev. 3, November 2012.
| |
| 8.1.2. U.S. Nuclear Regulatory Commission, "Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition," NUREG-0800, March 2007.
| |
| 8.1.3. U.S. Code of Federal Regulations, "Conditions of licenses," Section 50.54, Part 50, Title 10, "Energy," (10 CFR 50.54).
| |
| 8.1.4. U.S. Code of Federal Regulations, "Definitions," Section 55.4, Part 55, Title 10, "Energy," (10 CFR 55.4).
| |
| 8.1.5. U.S. Code of Federal Regulations, "Additional Standards for Licenses, Certifications, and Regulatory Approvals," Section 50.120, Part 50, Title 10, "Energy," (10 CFR 50.120).
| |
| 8.1.6. U.S. Nuclear Regulatory Commission, "Results of Shift Staffing Study,"
| |
| Information Notice 95-48, 1995.
| |
| 8.1.7. U.S. Code of Federal Regulations, "Work Hours," Section 26.205, Part 26, Title 10, "Energy," (10 CFR 26.205).
| |
| 8.1.8. Regulatory Issue Summary 2009-10, Communications between the NRC and Reactor Licensees during Emergencies and Significant Events.
| |
| 8.1.9. U.S. Nuclear Regulatory Commission, "Crediting of Operator Actions in Place of Automatic Actions and Modifications of Operator Actions, Including Response Times," Information Notice 97-78, 1997.
| |
| 8.1.10. U.S. Code of Federal Regulations, "Emergency Plans," Section 50.47, Part 50, Title 10, "Energy," (10 CFR 50.47).
| |
| 8.1.11. U.S. Nuclear Regulatory Commission, "Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants," NUREG-0654, Rev. 1, November 1980.
| |
| 8.1.12. U.S. Nuclear Regulatory Commission, "Review of Findings for Human Performance Contribution to Risk in Operating Events," NUREG/CR-6753, March 2002.
| |
| 8.1.13. American National Standards Institute/American Nuclear Society, ANSI/ANS 3.1-2014, "Selection, Qualification, and Training of Personnel for Nuclear Power Plants," ANS, LaGrange Park, IL.
| |
| © Copyright 2022 by NuScale Power, LLC 29
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 8.1.14. U.S. Nuclear Regulatory Commission, "Human Factors Engineering (HFE)
| |
| Insights for Advanced Reactors Based Upon Operating Experience,"
| |
| NUREG/CR-6400, 1996.
| |
| 8.1.15. SECY-11-0098, Operator Staffing for Small or Multi-Module Nuclear Power Plant Facilities, July 2011.
| |
| 8.1.16. U.S. Nuclear Regulatory Commission, "A Study of Control Room Staffing Levels for Advanced Reactors," NUREG/IA-0137, November 2000.
| |
| 8.1.17. U.S. Nuclear Regulatory Commission, "Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in10 CFR 50.54(m)," NUREG-1791, July 2005.
| |
| 8.1.18. Technical Report No. 20918-1-2015, Methodology to Assess the Workload of Challenging Operational Conditions In Support of Minimum Staffing Level Reviews, March 2015.
| |
| 8.1.19. U.S. Nuclear Regulatory Commission, "Technical Basis for Regulatory Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in 10 CFR 50.54(m),"
| |
| NUREG/CR-6838, February 2004.
| |
| 8.1.20. ACAD 10-001, Guidelines for Initial Training and Qualification of Licensed Operators, Revision 2.
| |
| 8.1.21. ANSI/ANS-3.5-2009 Nuclear Power Plant Simulators for Use in Operator Training and Examination.
| |
| 8.2 Referenced Documents 8.2.1. Human Factors Engineering Operating Experience Review Implementation Plan, TR-130409, Revision 0.
| |
| 8.2.2. Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan, TR-124333, Revision 0.
| |
| 8.2.3. Human Factors Engineering Task Analysis Results Summary Report, RP-0316-17616.
| |
| 8.2.4. Human Factors Engineering Task Analysis Implementation Plan, TR-130413, Revision 0.
| |
| 8.2.5. Human Factors Engineering Treatment of Important Human Actions Results Summary Report, TR-130413, Revision 0.
| |
| 8.2.6. Human Factors Engineering Staffing and Qualification Results Summary Report, RP-0316-17617, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 30
| |
| | |
| Human Factors Engineering Staffing and Qualification Results Summary Report TR-130412-NP Revision 0 8.2.7. Human Factors Engineering Human System Interface Design Implementation Plan, TR-130417, Revision 0.
| |
| 8.2.8. Human Factors Engineering Verification and Validation Implementation Plan, TR-130415, Revision 0.
| |
| 8.2.9. Human Factors Engineering Design Implementation Implementation Plan, TR-130417.
| |
| 8.2.10. Human Factors Engineering Program Management Plan, TR-130414.
| |
| 8.2.11. Concept of Operations, TR-130408, Revision 0.
| |
| 8.2.12. Control Room Staffing Plan Validation Methodology, RP-1215-20253, Revision 3.
| |
| 8.2.13. Control Room Staffing Plan Validation Results, RP-0516-49116, Revision 1.
| |
| 8.2.14. Revised Control Room Staffing Plan Validation Results, RP-0419-65209, Revision 2.
| |
| 8.2.15. NuScale Control Room Staffing Plan Topical Report, TR-0420-69456, Revision 1.
| |
| © Copyright 2022 by NuScale Power, LLC 31
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Licensing Technical Report Concept of Operations December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This report has been prepared by NuScale Power, LLC and bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this report, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in this report that is necessary for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding. Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of copies necessary for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations.
| |
| Copies made by the NRC must include this copyright notice and contain the proprietary marking if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Table of Contents 1.0 General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 Abbreviations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.0 How Personnel Work with Human-System Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Plant Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.1 Key Plant Design Features to Inform the Design of the Human-System Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.2 Key Plant Design Features to Inform Operator Roles . . . . . . . . . . . . . . . . . . . . . 5 2.2 Operations Crew Composition, Qualifications, Training, and Command and Control . . . 5 2.2.1 Operating Crew Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.3 Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3 Operator Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.1 Direct Component Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.2 Operations Crew Interaction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3.3 Document Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4 Machine Agent and Shared Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4.1 High Cognitive Burden Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4.2 Continuous Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4.3 Parameter Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4.4 Repetitive Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4.5 Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4.6 Power Maneuvering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4.7 Primary System Process Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4.8 Other Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.5 Communications Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.5.1 Phone and Radio Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.5.2 Public Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.0 Overview of the Human-System Interface and Supporting Equipment . . . . . . . . . 14 3.1 Facility Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2 Workstations, Displays, and Working Positions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Table of Contents 3.2.1 Safety Display and Indication System Display Panels . . . . . . . . . . . . . . . . . . . . 15 3.2.2 Sit-Down Operator Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.3 Stand-Up Unit Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.4 Stand-Up Common Systems Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2.5 Arrangement of Human-System Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.2.6 Work Control Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3 Human-System Interface Design Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.1 Features That Support Operating Crew Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.2 Features That Support Human Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.3 Features That Consider Environmental Conditions . . . . . . . . . . . . . . . . . . . . . . 21 3.3.4 Features That Support Situational Awareness. . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.3.5 Other Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4 Interaction with Human-System Interface during Normal Operations . . . . . . . . . . . . . . 22 3.4.1 Tasks Performed during Normal Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.5 Interaction with Human-System Interface during Off-Normal, and Emergency Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.5.1 Off-Normal and Emergency Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.5.2 Procedures for Off-Normal Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.6 Interaction with Human-System Interface during Maintenance and Modifications. . . . . 26 3.6.1 Operator Tasks Supporting Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.6.2 Automated Tasks Supporting Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.6.3 Human-System Interfaces and Procedures for Maintenance. . . . . . . . . . . . . . . 27 3.6.4 Human-System Interfaces and Procedures for Modifications . . . . . . . . . . . . . . 28 4.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Table 2-1 NuScale Unique Design Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 List of Figures Figure 2-1 Safety and Operating Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Figure 3-1 NuScale Main Control Room Layout Example . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Figure 3-2 Sit-Down Operator Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Figure 3-3 A Stand-Up Unit Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Figure 3-4 Common Systems Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 1.0 General Information 1.1 Purpose The purpose of this report is to describe the concept of operations for the NuScale Power Plant US460 standard design. This report describes how the design, systems, and operational characteristics of the plant relate to the organizational structure, staffing, and management framework.
| |
| Commercial plant owners or operators define the operations governing the overall administrative behavior of the plant crew based on the operating preferences. For new designs, a concept of operations document describes human-system interfaces (HSIs) and supporting equipment from the perspective of the operators.
| |
| This NuScale concept of operations document informs and guides the NuScale design and engineering effort as it relates to the HSI and supporting equipment.
| |
| 1.2 Scope The concept of operations provides an overview of the individual roles, operations staffing, crew structure, and operating techniques that will be used by the operating crews of a NuScale facility to achieve safety and production goals. Consistent with NUREG-0711 (Reference 4.2.1), the concept of operations includes the following topics:
| |
| Description of operator roles and responsibilities
| |
| - how personnel work with HSIs
| |
| - plant mission including key plant design features that affect the HSI and supporting equipment and operator roles
| |
| - operations crew composition, qualifications, training, command and control
| |
| - operator roles
| |
| - machine agent roles and shared roles
| |
| - communications Overview of the HSI and supporting equipment
| |
| - facility layouts
| |
| - workstations, displays, and working positions
| |
| - HSI design features
| |
| - crew interaction with HSI during normal, off-normal, and emergency operations
| |
| - crew interaction with HSI during management of maintenance and modifications
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 1.3 Abbreviations and Definitions Table 1-1 Abbreviations Term Definition CRS control room supervisor HSI human-system interface MCR main control room NLO non-licensed operator NPP NuScale Power Plant NRC Nuclear Regulatory Commission RO reactor operator SDI safety display and indication SM shift manager SRO senior reactor operator SSC structures, systems, and components VDU visual display unit Table 1-2 Definitions Term Definition Anticipated operating Those conditions of normal operations that are expected to occur one or occurrence more times during the life of the nuclear power unit and include, but are not limited to, loss of power to all recirculation pumps, tripping of the turbine generator set, isolation of the main condenser, and loss of all off-site power.
| |
| Automation The term refers to automatic machine agents. Automatic machine agents are tasked or initiated by an operator or other automatic machine agent to perform an action or program following a predefined sequence. Levels of automation vary. Some tasks require little or no operator interaction; other tasks incorporate only partial automation and include high levels of operator involvement.
| |
| Boundary conditions The conditions that clearly identify the operating envelope of the design (i.e., the general performance characteristics within which the design is expected to operate), such as temperature and pressure limits. Clearly identifying boundary conditions helps define the designs scope and interface requirements.
| |
| Distracting task A task of sufficient complexity or duration such that, when engaged in the distracting task, the operator is likely distracted from routine monitoring duties. This term is defined to support the concept of operations and explanation of the at-the-controls operator duties.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Table 1-2 Definitions (Continued)
| |
| Term Definition Human-system interface The HSI is that part of the system through which personnel interact to perform their functions and tasks. In this document, system refers to a nuclear power plant. Major HSIs include alarms, information displays, controls, and procedures. Use of HSIs can be influenced directly by factors such as, (1) the organization of HSIs into workstations (e.g.,
| |
| consoles and panels) (2) the arrangement of workstations and supporting equipment into facilities such as a main control room (MCR), local control station, Technical Support Center, and Emergency Operations Facility and (3) the environmental conditions in which the HSIs are used, including temperature, humidity, ventilation, illumination, and noise.
| |
| HSI use can also be affected indirectly by other aspects of plant design and operation such as crew training, shift schedules, work practices, and management and organizational factors.
| |
| Information and record This integrated digital system represents the composite features management system commonly associated with document control, work management, data and information historian, configuration management, and records management.
| |
| Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| Off-normal condition Conditions to include operating in emergency response procedures, abnormal operating procedures, and alarm response procedures.
| |
| Operator The term refers to a human agent. Typically, the human agent is a licensed reactor operator (RO) but may be a licensed senior reactor operator (SRO) or a non-licensed operator (NLO).
| |
| Procedure The term refers to a series of actions performed by a human agent. The series of actions may initiate other procedures or sequences.
| |
| Repetitive task A potentially error-likely activity when performed by a human, which involves performing the same action multiple times, because of fatigue or distraction.
| |
| Remote plant interfaces A personnel interface for process control that is not located in the MCR.
| |
| Sequence The term refers to a series of actions, programs, subprograms, or subroutines performed by an agent (machine or human). The series of actions may include parallel actions and may interact with other sequences or agents at any time.
| |
| Time-sensitive task An activity performed by a human, which if not completed in the prescribed time, constitutes failure. For example, if there are adverse process consequences should a supply tank go empty, then the manual action to refill that supply tank at low level is a time-sensitive task.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| Video display unit An electronic device for the display of visual information in the form of text or graphics.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 2.0 How Personnel Work with Human-System Interfaces 2.1 Plant Mission The plant mission is the safe, reliable, and cost effective generation of electricity and is supported by this concept of operations.
| |
| The NuScale Power Plant (NPP) functions are as follows:
| |
| remove fuel assembly heat maintain containment integrity maintain reactor coolant pressure boundary integrity reactivity control radioactivity control emergency response human habitability protection of plant assets plant security power generation Table 2-1 NuScale Unique Design Features NuScale Design Feature Eliminated System or Components Buoyancy forces drive natural circulation of the Reactor coolant pumps primary coolant Reactor core, steam generator, and pressurizer Reactor coolant system piping pressurizer surge contained within the reactor pressure vessel line Reactor pressure vessel housed in a steel Residual heat removal system pumps with containment immersed in water that provides an associated piping and heat exchangers auxiliary effective passive heat sink for long-term Feedwater system emergency cooling Safety injection system 2.1.1 Key Plant Design Features to Inform the Design of the Human-System Interface Given the unique design features of the NPP, operations are simplified and design goals for the HSI include high levels of automation - Optimize the use of automation to reduce human error and free operators to perform higher level control and management functions.
| |
| Expand the traditional use of remote automatic operation and control into an integrated distributed control system to optimize the human actions and decisions required to achieve and sustain plant safety and reliable power generation.
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 monitor and control - Monitor and control multiple units in one MCR.
| |
| integrated HSI - Optimize the use of information management, automation, alarms, controls, indications, and computer-based procedures to support effective, efficient control in normal, abnormal, and emergency operating conditions as well as during maintenance and modification activities.
| |
| optimized MCR staff size - Considering the passive safety systems, fail-safe design features, high levels of automation, and minimal important human actions, the staffing level is selected to be safe and reliable when operating an NPP.
| |
| 2.1.2 Key Plant Design Features to Inform Operator Roles High levels of automation Monitoring and control of the NPP from one MCR with acceptable workload levels Integrated HSI Optimized MCR staff size - roles, qualifications, and communication techniques 2.2 Operations Crew Composition, Qualifications, Training, and Command and Control Control room staffing size is influenced by the use of automation, digital operator interfaces, and an efficient plant notification management system. The crew shall always have at least two SRO licensed individuals on shift.
| |
| An overview of the NuScale staffing is shown below and used to facilitate HSI and MCR design.
| |
| 2.2.1 Operating Crew Composition Shift Manager (SM) - Each shift has an SM who is in charge of overall shift operations. This individual is knowledgeable in plant disciplines and ensures that the duties of the chemistry, health physics, instrumentation, and other maintenance support services are performed as needed for safe plant operation. The SM is the senior licensed individual assigned to the MCR team and acts as the senior manager on site when the plant manager and operations manager are not available. The SM is the initial person-in-charge to implement the Emergency Plan. The Emergency Plan responsibilities are maintained until relieved in accordance with the station Emergency Plan requirements. The SM acts as the conduit between station management and the on-shift plant staff. The SM holds a Nuclear Regulatory Commission (NRC) senior reactor operator license and meets the requirements of ANSI 3.1-2014 for the SM position. This position is combined with the control room supervisor (CRS) when there are only three licensed operators on site.
| |
| Control Room Supervisor - Command and control of the MCR resides with the CRS.
| |
| The CRS is responsible for the NPP and directs and oversees the activities of the licensed operators and NLOs. The CRS is also responsible for authorizing activities that impact plant operations. The CRS is responsible for ensuring the appropriate staff is available in the MCR to manage the available workload. The CRS has the
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 authority to shut down units that are presenting an undue burden to the crew as a tool to manage workload. The CRS always has the authority to direct resources or activities associated with operation of the plant. The CRS maintains and enforces the standards of conduct in the MCR. The CRS holds an NRC senior reactor operator license.
| |
| Reactor Operator 1 (RO1) - Reactor Operator 1 is the primary operator responsible for monitoring up to six units, depending on the plant configuration, and the balance-of-plant systems. Reactor Operator 1 is responsible for prioritization of notifications and normal reactivity changes including power changes and power maintenance. This operator maintains situational awareness of the NPP under the authority of the control room and performs routine tasks to maintain steady state operation. Reactor Operator 1 provides the initial response to unexpected off-normal conditions.
| |
| Reactor Operator 1 is able to perform simple tasks that do not significantly detract from the overall monitoring function. Reactor Operator 1 generally responds to notifications and determines the appropriate level of action. Reactor Operator 1 peer checks manipulations performed by the other ROs but does not become involved in activities that require longer-term focused attention. Reactor Operator 1 holds an RO or SRO license.
| |
| Additional Reactor Operator - An additional licensed operator is assigned to the control room to perform the shift surveillances and support required testing and maintenance for the NPP. This role includes supporting maintenance activities that require control room manipulations. The RO1 will delegate an unexpected alarm response to an additional licensed operator. The additional RO holds an RO or SRO license.
| |
| Non-Licensed Operators - NLOs are dispatched from the MCR and the Work Control Center and work throughout the plant. The NLOs are responsible for operation outside of the MCR including system line-ups, tagging, and investigation as directed by the MCR staff.
| |
| 2.2.2 Qualifications For the following positions, programs are developed, established, implemented, and maintained using a systematic approach to training as defined by 10 CFR 55.4 and ANSI/ANS-3.1-2014, Selection, Qualification, and Training of Personnel for Nuclear Power Plants, (Reference 4.2.3) as endorsed by Regulatory Guide 1.8, Qualification and Training of Personnel for Nuclear Power Plants, Rev. 4 (Reference 4.2.2):
| |
| reactor operator senior reactor operator shift manager
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 2.2.3 Training Training programs incorporate instructional requirements to qualify personnel to operate and maintain the facility in a safe manner in all modes of operation to protect the health and safety of the public. The programs are developed and maintained in compliance with the facility license and applicable regulations. The training programs are periodically evaluated and revised to reflect industry experience and to incorporate changes to the facility, procedures, regulations, and quality assurance requirements, and are periodically reviewed by management for effectiveness. These training programs are described in site or corporate procedures, as appropriate.
| |
| Records are maintained and kept available for NRC and accreditation organizations inspection to verify adequacy of the programs.
| |
| 2.3 Operator Roles and Responsibilities The MCR licensed operators and operating crews outside the MCR are responsible for safe operation and power production. To achieve these objectives, the operators perform a variety of activities:
| |
| structures, systems, and components (SSC) performance monitoring local and remote SSC operation commanding automated sequences directing subordinate operators to perform activities monitoring the performance of sequences and procedures interrupting and reprioritizing sequences or procedures monitoring and evaluating technical specification conditions surveillance testing reviewing trends responding to off-normal conditions responding to notifications establishing plant conditions to support preventative or corrective maintenance maneuvering the plant to support load demand summoning additional resources to expand capabilities Operators are guided and directed in the performance of these activities by regulations, procedures, guidelines, training, and experience. The conduct of operations document provides detailed guidance for operation of plant equipment and associated tasks.
| |
| 2.3.1 Direct Component Operation When plant and unit SSC conditions permit, operators utilizing procedures operate components in the field, operate components remotely from the MCR, and direct
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 automation to perform steps, sub-steps, and sequences to support operation. As more systems and processes are placed into service, operation transitions from a component and system emphasis towards integrated operation.
| |
| Automation Interface - Operators interface with automated functions via a visual display unit (VDU) in most aspects of operation. Operators employ automation to place equipment into and out of service, conduct tests, and control processes. The specific intent of functional and operability testing is to demonstrate that SSC and automation perform properly. On successful completion of testing, the integrated SSC and associated automation remain in (or available for) service during day-to-day operation of the plant. While the SSC remain in service, operators interact and respond to notifications and recommended sequences.
| |
| Operators either directly monitor automation while performing a sequence or rely on limits incorporated within the automation. As illustrated in Figure 2-1, process variables are bounded by automatic control limits and may be bounded by more restrictive operator adjustable limits. If a process parameter reaches an operator-adjustable limit, depending on the automatic control and the operator's instruction, the sequence may terminate, pause, or alert the operator to the condition.
| |
| If a process parameter reaches an automatic control limit, a notification is generated and, depending on the nature of the process, other remedial automatic sequences may be initiated.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Figure 2-1 Safety and Operating Limits Unsafe Operation Safety Limit Traditional Safety System Transient Response Region Setpoints (Scram/Turbine Trip)
| |
| Operational Limit & Hard Wired Safety Response Operator Abnormal Response Abnormal / Off-Normal Condition Traditional Alert/
| |
| Automatic Control Limits Alarm Annunciator Operator adjustable variable Operator Adjustable Envelope 2.3.2 Operations Crew Interaction The operations crew members interact with each other as necessary to accomplish assigned and emergent tasks. Operators communicate with teammates to share information, confirm receipt, recommend actions, and give direction.
| |
| While working as members of an integrated multi-unit team, operators perform differing tasks. Consequently, each operator on the team has unique situational information. An operator performing tasks on a specific unit typically responds to off-normal conditions on that unit depending on the nature and severity of the condition. The CRS ensures the appropriate operator responds based on the current resource loading.
| |
| When basic information is passed to a single teammate, communications are conducted in a non-distracting fashion. For example, if a teammate neglected to document a completed task, another operator prompts the teammate to correct the
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 oversight. When urgent information must be passed to multiple teammates, operators make official announcements to the crew.
| |
| Operators interface with other licensed and non-licensed members of the plant organization. This interaction includes support for maintenance activities, performance of surveillance activities, planning, tagging, training, troubleshooting of issues, request for support of plant issues from plant organizations (e.g., chemistry, engineering, health physics) and other activities.
| |
| 2.3.3 Document Review Operators access the information and record management system to review technical documents, reports, test results, and other work documents to confirm the readiness of the NPP for operations.
| |
| 2.4 Machine Agent and Shared Roles There are differing levels of automation, from fully automated to manual assist. Human interaction or monitoring is necessary when automation is used to perform a task. Human interaction with automation can include setting control parameters, initiating actions, securing automation, and manual adjustments of automated processes.
| |
| Inherent in the automation's support role is providing the supporting basis for recommendations, thereby facilitating the operator's evaluation of the recommendation given the operator's knowledge of upcoming activities.
| |
| 2.4.1 High Cognitive Burden Functions The design employs automation to facilitate continuous monitoring, plant maneuvering, and performing repetitive tasks.
| |
| Key parameter monitoring is supported by intuitive HSI display of values and recent historical trends. Key safety function parameters are automatically evaluated and displayed in simple color coded displays to allow operators to prioritize and manage workload.
| |
| 2.4.2 Continuous Monitoring The design relies on automation to control basic intermittent and continuous processes (e.g., hotwell level control or turbine speed control) and provide continuous process parameter notification monitoring. The advantage of the digital MCR and higher levels of automation is to provide operators displays with expanded monitoring capabilities.
| |
| A key HSI feature associated with automated operation is to enable performance monitoring by operators. The HSI enables operators to manage automation by providing necessary information, displays and controls to enable observation, independent verification and operator intervention. For example, if automation is
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 monitoring or controlling a parameter, operators have access to observe the setpoints for action and consequential actions should the setpoint be reached. As illustrated in Figure 2-1, if the setpoint allows for operator adjustment, the operator may intervene and adjust appropriate setpoints within allowable limits.
| |
| 2.4.3 Parameter Monitoring Automation performs functions associated with parameter and process monitoring, including defined sequence functions, continuous process control, notifications monitoring, safety function monitoring, and automatic safety actuations. Operators monitor and evaluate automated functions, intervening as required. Operators also elect to share control with the automation or assume control of the automated function.
| |
| Operators observe process parameters being monitored by automation. This shared role of process monitoring supports situational awareness and enables the operator to evaluate automated system performance. Operators increase attention to performance monitoring when transients are anticipated.
| |
| sustained normal automated operation needs to be confirmed.
| |
| degraded automation is suspected.
| |
| Operator Intervention - Operators intervene when it becomes apparent that the automation has failed or when the automation is no longer appropriate for the current or planned plant conditions.
| |
| 2.4.4 Repetitive Tasks Repetitive tasks are those that involve multiple identical component manipulations.
| |
| Repetitive tasks can be error-likely tasks for operators, making these tasks more appropriately assigned to automation. This type of automation typically has no auto-initiation capability and must be initiated by an operator. Provided the prerequisite conditions are satisfied, the sequence proceeds to perform the repetitive task, logging each action while continuously monitoring key parameters. In the event of a malfunction, the HSI alerts the operator of the condition and logs the event. On successful completion of the task, the automation alerts the operator of the successful completion and logs the event.
| |
| 2.4.5 Startup and Shutdown Operational evolutions such as startup and shutdown are supported by automation. In these evolutions, automation performs continuous monitoring of key parameters, and recommends measures to adjust for power and temperature.
| |
| Significant evolutions begin with operators and automation sharing the task of verifying that prerequisite conditions are satisfied. An operator then directs the start of
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 the evolution, at which point other operators or automation perform their designated tasks. Regardless of the evolution, operators and automation communicate progress and problems to the MCR staff.
| |
| 2.4.6 Power Maneuvering Automation supports unit maneuvering including raising and lower power. Several off-normal conditions will direct the operator to initiate automated unit downpower.
| |
| 2.4.7 Primary System Process Control Key reactor coolant parameters are continuously monitored by automation. When one of these parameters approaches an administrative limit, the automation responds.
| |
| Depending on the parameter, the associated automation may respond with or without operator involvement.
| |
| Reactor pressure control at normal operating pressure is an example of primary system process control without operator involvement. As described above, under continuous monitoring operators may elect to monitor the pressure controlling automation performance at any time. The automation controlling pressure does so without direct operator involvement. The operator is able to take manual control, such as for drawing or collapsing the pressurizer steam bubble or changing the control pressure during automatic operation.
| |
| Boron concentration control is an example where a level of automation by consent allows operator control to be used efficiently. The automation monitors key parameters to generate recommendations for dilution or boration. When the automation detects conditions warranting a dilution or boration, the automation alerts the operator with an action recommendation and recommended limits. The automation provides the supporting basis for this recommendation, thereby facilitating the operator's evaluation of the recommendation. The operator may elect to take no action, accept the recommendation, or modify the recommended dilution or boration actions within the recommended limits. Once the automation begins performing the sequence, the operator may abort or alter the sequence at any time.
| |
| 2.4.8 Other Automation The design employs advanced levels of automation interfaces to unburden operators from repetitive, complex, and time-sensitive tasks. The automation processes in conjunction with the plant notification system alert the operator of plant conditions and recommend the appropriate response. Depending on the nature of the condition and recommended response, the automation may automatically perform the sequence without operator involvement, or engage the operator to varying degrees. Operator involvement may be in response to a notification that an automatic sequence is recommended, has started, has paused pending operator direction to proceed, or the sequence has been completed. Lastly, the automation provides or makes available supporting information to monitor, evaluate, modify, or halt agent recommendations or actions.
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 2.5 Communications Equipment 2.5.1 Phone and Radio Communications For direct communication with operators outside of the MCR, various communication methods are used including phone and radio.
| |
| 2.5.2 Public Address The public address system is used to communicate important information and should be used judiciously. It is expected that personnel on site stop and listen to public address announcements. General paging is not done via the public address system.
| |
| When public announcement transmissions are warranted, they are as concise as possible, using standard phraseology for the site, and spoken in a clear, slow and emotion-neutral tone.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 3.0 Overview of the Human-System Interface and Supporting Equipment 3.1 Facility Layout The MCR contains the following equipment and features (Figure 3-1):
| |
| a bank of VDUs configured with safety display and indication system HSIs sit-down work stations for multiple licensed operators, each able to access HSIs for the NPP a dedicated stand-up control panel for each unit a dedicated stand-up control station for shared or common systems dedicated manual controls for safety system actuation, component repositioning, and overriding of specific safety signals in severe accident conditions Figure 3-1 NuScale Main Control Room Layout Example
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 3.2 Workstations, Displays, and Working Positions 3.2.1 Safety Display and Indication System Display Panels The safety display and indication system VDUs provide redundant, highly reliable indications of plant conditions. Operators rely on these indications for plant status, even when normal power and backup power have been lost for an extended period of time. The safety display and indication system VDUs used to provide plant safety information to the crew use unique interface coding to display the information (display pages) to the crew. The safety display and indication system receives input only from the module protection system and plant protection system and processes it through redundant communication hubs for display. The communication hubs send information to the safety display screens in the control room. The redundant nature of the design prevents a single failure from preventing information display to reach the operator. This information is used by operators to assess current plant conditions and the status of actuation devices controlled by either the module protection system or the plant protection system. The safety display and indication system is equipped with redundant 72 hour battery backup to continue to provide indications when alternating current power is lost.
| |
| 3.2.2 Sit-Down Operator Workstations Each of the operator workstations shown in Figure 3-1 includes four VDUs. It is understood that display technology changes and the function of the four VDUs may be accomplished by other means; for example, a single monitor that can be divided into the same functional displays. The HSIs displayed on the VDUs are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage the NPP during normal, abnormal, emergency, and shutdown.
| |
| The MCR operators and supervisors interface with the plant at their designated workstations using HSI software located on the plant control system and module control system networks. Multiple units may be controlled by a single operator at any workstation simultaneously because of high levels of automation and passive safety functions. Additionally, common or shared plant systems are able to be fully monitored and managed from each workstation. The capability of the HSI and the supporting plant control system and module control system network architecture structure allows the operator workstations to support oversight and control activities.
| |
| 3.2.3 Stand-Up Workstations Figure 3-1 shows an example configuration of six unit workstations. The exact number of workstations will be varied, according to the station configuration. Each stand-up workstation has five VDUs, a keyboard, a mouse, and "manual" switch backups for protective functions. The five VDUs are arranged with one large upper VDU and four lower VDUs that are arranged in a two by two pattern.
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 The HSIs displayed on the four lower VDUs are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage that particular unit during normal, abnormal, emergency, and shutdown operations.
| |
| Similar to the sit-down operator workstations, the function of the five VDUs may be accomplished by other means; for example, a single monitor that can be divided into the same functional displays.
| |
| During most operating conditions, the upper large stand-up workstation VDU provides an overview display for that unit so other MCR personnel can quickly determine status.
| |
| The synchronized data control capabilities of the unit control system allow an operator to perform more dedicated activities on each of the stand-up workstations. The stand-up workstations are specific to each unit (e.g., only unit three's components can be operated from workstation three).
| |
| Each stand-up workstation also includes hard-wired safety system actuation switches that ensure comprehensive manual safety system actuation can be accomplished.
| |
| 3.2.4 Stand-Up Common Systems Panel The common systems panel includes VDUs that provide HSIs for alarms, controls, indications, and procedures for systems common to all units (e.g., reactor pool cooling, instrument air, Reactor Building and Radwaste Building ventilation, radioactive waste systems). The common systems stand-up panel can only access and control components for common systems. The seven VDUs that make up the stand-up common systems panel are arranged with one large upper VDU and six small lower VDUs in a two by three pattern.
| |
| The large upper VDU is used as an overview display that provides a plant-wide overview with specifically selected plant-wide monitoring items visible to any operator in the MCR. Similar to the stand-up workstations, the function of the VDUs may be accomplished by other means.
| |
| 3.2.5 Arrangement of Human-System Interfaces The HSI layout in the MCR is designed to support minimum, nominal, and enhanced staffing during various operating plant modes. Shared system VDUs and overview VDUs are located such that they can be observed from multiple locations within the MCR. Stand-up workstations are spaced so that side-by-side operation at adjacent workstations allows sufficient room to maneuver.
| |
| Local Control Stations - Provided to facilitate subsystem startup, shutdown, refueling activities, maintenance, post-maintenance testing, or operational flexibility.
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Other Stations - Includes such stations as the Technical Support Center and Emergency Operations Facility. This also may include alternate work stations located within or outside of the MCR to support potentially complex operations and maintenance activities that supplemental staff would perform.
| |
| 3.2.6 Work Control Center The Work Control Center supports operations and maintenance by providing a location outside of the MCR for administrative tasks associated with day-to-day activities.
| |
| 3.3 Human-System Interface Design Features 3.3.1 Features That Support Operating Crew Size As shown in Figure 3-1, the concave MCR layout provides the operators a panoramic view of each of the overview displays and the common systems overview display.
| |
| Overview displays are designed to provide information in a way that supports intuitive access to integrated plant status based on the respective functional divisions. The proximity of the sit-down operator workstations promotes cooperation and communication while the viewing angle from the sit-down workstations to the stand-up workstations allows operators to direct the focus of others.
| |
| Plant information and control capabilities are available for all units at the sit-down workstations, allowing each operator to perform assigned duties while maintaining situational awareness of the overall plant. Critical safety function and defense-in-depth monitoring and display provide direct links to response procedures.
| |
| A tiered alarm scheme and computer-based alarm response procedures are directly linked to assist the operator in efficiently locating the correct instruction.
| |
| Overview displays are designed to support monitoring of multiple automated functions while allowing a focus on high-significance parameters.
| |
| 3.3.2 Features That Support Human Performance Consistent workstation and individual screen layout design aspects such as text size, use of color, icon development, general information arrangement, navigational requirements, notification placement, and the use of animation support operator awareness and provide a predictably intuitive interface. This consistency ensures that operators are able to quickly orient themselves regardless of the unit or system that they are interfacing. Required indications for each system are displayed in a consistent manner that also provides an overview of expected values and ranges for those indications.
| |
| The NPP notification system aids operator understanding of plant status and enhances the ability to make a judgment based on experience and skill.
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 The type of notification defines the order of response. Notifications normally provide recommendations and parameters for the recommended actions. Interaction with the plant notification system is specific to the role of the operator. The hierarchy of the plant notification system supports diagnosis of issues while providing the optimum number of notifications needed to support situational awareness.
| |
| 3.3.3 Features That Consider Environmental Conditions Consistent workspace design aspects related to ergonomics and environment (e.g.,
| |
| height, viewing distance, reach, lighting, temperature, humidity) support operator comfort in order to limit distractions and minimize fatigue. The standards developed in the HSI Style Guide are applicable to HSIs throughout the plant and include standards for design features such as the overall layout of the workstations and other equipment such as group-view displays within the workplace, but also consider support equipment such as ladders or tools, and environmental characteristics including temperature, ventilation, illumination, and noise.
| |
| 3.3.4 Features That Support Situational Awareness Situational awareness is supported by features that also support human performance, such as consistent workstation and individual screen layout and the plant notification system design.
| |
| Automation is designed to enhance situational awareness. Operators interact with automation by providing limits, ensuring prerequisites, initiating changes, and securing evolutions.
| |
| Computer-based procedures interface with automation in many cases, but also facilitate mobility and operator use while providing parameters, ranges, and recommended actions to the operator. These recommended actions are accomplished via interactive features of the HSI. During the use of computer-based procedures, peer checking, placekeeping, and the need to transition to manual procedures are integrated on-screen.
| |
| The majority of plant logs are recorded automatically and allow operations staff to search or filter historic data to identify trends that indicate developing issues or to troubleshoot.
| |
| 3.3.5 Other Features Communication between the MCR and outside the MCR is normally by secure telephone or radio. Normal incoming and outgoing calls are made by ROs and SROs not "at-the-controls." The MCR telephones are portable, allowing the operators freedom of movement during communications. Depending on the nature and urgency of the communication, operators may communicate using the public address system, secure cell phones, pagers, text messages, or e-mail, as appropriate.
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 3.4 Interaction with Human-System Interface during Normal Operations During routine operations, the MCR staff monitors and controls both operating and shutdown units that are the responsibility of the control room (once a module is disconnected in preparation for refueling it is the responsibility of the refueling SRO).
| |
| Units are monitored and controlled to ensure safe operation. Scheduled plant evolutions can be supported by additional staffing such that the normal MCR staff is not overloaded.
| |
| The additional manpower, if needed, enables the crew to appropriately focus on monitoring and control of the remaining units while the augmented staff attends to the designated evolutions.
| |
| 3.4.1 Tasks Performed during Normal Operations Automated Parameter and Condition Monitoring - Automation is assigned to continuously monitor, display, record, and communicate identified plant, process, and computed parameters or values as appropriate. Automation monitors various limits, variables, and administrative inputs providing appropriate notification and process control adjustments as required.
| |
| Automated Tasks and Evolutions - Automation, when directed by an operator or prompted by an automated process, provides information on component, subsystem, or system status and configuration. Information is used for post-maintenance testing, system lineup, operational readiness, periodic maintenance, identified deficiencies, lockouts, temporary setpoints, and operational history.
| |
| Automated Reactivity Control - Automation continuously monitors and updates recommended reactivity manipulations based on process parameters and plant conditions. This allows operators to evaluate and plan reactivity adjustments before reaching operational limits. Additionally, the automation recommends actions to maintain steady state conditions based on pre-approved parameter levels or proposes modifications that are within limits. These actions may be controlled by the automated sequence or may be directed by the RO and require procedural support.
| |
| Conversely, actions not recommended by an automatic machine agent or outside of recommendation limits require additional procedural support.
| |
| Automated Plant Power Maneuvering - Automation continuously monitors key process parameters (main turbine, steam generator, steam, feedwater, and reactor coolant system temperatures and flows, components, and controls) enabling operators to control and adjust power. Operators select a desired power and electric load target, then direct automation to maneuver the unit from its current power level to the target level.
| |
| Automated Testing - Automation, when directed by an operator and when prerequisite conditions are satisfied, manipulates the subsystem, system, or process controls to establish test conditions. Once test conditions are met, the automation alerts operators of the upcoming test activity via the plant notification system and plant activity log so that activity is visible. Most portions of periodic testing run in the background (i.e., not immediately visible to the operator) because component
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 movements are minute and of very short duration. At any point in the test or activity, if an unexpected condition is encountered or limit violated, the automation alerts the operator of the problem so they may evaluate the issue. Depending on the nature of the problem, the test may be completed, partially completed, or aborted and the component, subsystem, or system designated as operable, nonconforming, degraded, or inoperable.
| |
| Procedures - Normal operating procedures are provided to guide operators during startup, shutdown, and steady state power operations. Startup operation begins with shared automation and transitions to more fully automated control when steady state power operations are established. With power operations established, unit control is accomplished with operator monitoring and management of automation. Shutdown operations begin from power operation with higher automatic control, then transition to operator shared control. Normal operating procedures provide for those necessary tasks and evolutions to establish and maintain normal full power operation. Normal operating procedures address the following:
| |
| normal lineup and configuration operational precautions and limitations instructions for startup and shutdown instructions for power maneuvering instructions for operating the system in normal modes instructions for routine evolutions infrequent non-routine activities Normal operating procedures are integrated in HSI screens used to monitor and control the plant. Most processes and plant transitions are controlled by the plant automation.
| |
| Operators interact with this automation by providing limits, ensuring prerequisites, initiating changes, and securing evolutions. These actions are accomplished via interactive HSI features.
| |
| 3.5 Interaction with Human-System Interface during Off-Normal, and Emergency Operations 3.5.1 Off-Normal and Emergency Functions Parameter and Process Monitoring - In addition to those tasks required for normal operations, automation continuously monitors operational limits, automation limits, and operator adjustable variables. When pre-defined conditions are detected, automatically generated notifications, process parameters adjustments, and safety functions are initiated.
| |
| Abnormal and off-normal conditions are detected by automated monitoring of plant conditions. When a condition is detected outside operational limits, the automated
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 plant notification system notifies the operator of the abnormal or off-normal condition.
| |
| Notifications allow the operator to intervene and return conditions within limits using operator actions or other automation.
| |
| Operational Limits - An operational limit of a plant parameter is the boundary of allowed operation. Exceeding an operational limit is an off-nomal condition that must be resolved by automation, operator action, or safety function actuation. Safety functions are discrete actions to place systems and subsystems in a safe condition.
| |
| Safety functions initiate discrete systems, such as reactor scram, containment isolation, decay heat removal, or emergency core cooling, and do not control processes nor do they modulate to control conditions or parameters.
| |
| In parallel with actions by automation, when predetermined protection limits have been exceeded, operators initiate emergency procedures as appropriate. Emergency procedures direct operator and supervisory actions. The operator actions stabilize the plant. The CRS actions support and direct the operations staff, marshal additional plant manpower, and inform designated regulatory and government bodies of the emergency.
| |
| 3.5.2 Procedures for Off-Normal Operations Transition from Normal to Off-Normal Operations - Operators monitor automation to detect the transition from normal to off-normal operations. When process parameters, automation sequences, or plant conditions depart from normal conditions, the plant notification system alerts the operator to an off-normal condition. In most situations, off-normal conditions are a result of component, system, or automation malfunctions.
| |
| The nature and extent of the conditions are seldom fully understood at the onset of the event and the operating crew objective is to safely stabilize the unit and investigate the condition with the goal of safely restoring normal operation.
| |
| If the operator's judgment is that continued operation of an automated process would be adverse to safe operation of the plant, then the operator may assume control of the automation. If possible, the operator obtains CRS permission beforehand.
| |
| When an off-normal condition is detected, depending on the condition, other automatic processes take preset action to stabilize the unit. Operators verify that the automation properly identified off-normal conditions and is taking or has completed the required action.
| |
| Event Based Off-Normal Procedures - Off-normal procedures are approved directions operators follow in response to a specific event. The directions provide planned and approved operator preventive or remedial actions to stabilize conditions. These actions may duplicate or expand upon functions performed by automation.
| |
| Off-normal procedures are integrated with the alarm response procedures. The majority of upset conditions are either restored or recovered by automation or result in a module shutdown.
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Computer-based procedures facilitate mobility and operator use. Paper-based procedures are available as backups in the event of computer difficulties. Examples of event-based, off-normal procedures include turbine trip.
| |
| fire.
| |
| loss of alternating current or direct current electric bus.
| |
| high winds and tornado.
| |
| flooding.
| |
| Symptom-Based Emergency Procedures - Emergency procedures are approved directions operators perform in direct response to specific entry conditions associated with off-normal conditions. Emergency procedures take priority with respect to resource allocation and urgency. Emergency procedures provide planned and approved operator actions in response to specific plant symptoms (conditions, process parameters, or indications) to stabilize conditions and protect the health and safety of the public.
| |
| Examples of off-normal conditions leading to emergency procedures include Reactor Building high radiation.
| |
| anticipated transient without scram.
| |
| loss-of-coolant accident.
| |
| Emergency procedures and post-trip safety function displays direct operator response to restore and maintain important control functions. Examples of important control functions the procedures address include reactivity control.
| |
| core heat removal.
| |
| containment isolation.
| |
| The NPP and safety system design is simplistic with respect to emergency responses, therefore emergency procedures are not complex. Most emergency responses involve ensuring that plant response is within the expected performance envelope and taking actions when necessary to ensure that the limits of that envelope are not threatened.
| |
| 3.6 Interaction with Human-System Interface during Maintenance and Modifications 3.6.1 Operator Tasks Supporting Maintenance Work documents are prepared by the maintenance organization to identify prerequisite conditions (de-energize, depressurize, and lockout), the scope of work, and post-maintenance testing. Maintenance personnel have access to work documents and procedures in an electronic format on a device such as a tablet.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 Operators review maintenance work documents to identify necessary changes to plant configurations and the regulatory impact of removing equipment from service.
| |
| Based on the review, a work boundary is established and boundary components (e.g., valves, blind flanges, vents, drains, circuit breakers, fuses) are identified to separate workers from hazards. ((
| |
| }}2(a),(c)
| |
| Operators facilitate maintenance lockout of equipment to ensure maintenance lockouts are applied to the proper equipment. When lockouts are established and checks completed to verify safe working conditions, the maintenance activities are performed. On completion of the work, lockouts are removed and the systems are reconfigured for post-maintenance testing.
| |
| 3.6.2 Automated Tasks Supporting Maintenance Boundary components identified and established by operators to protect maintenance personnel from hazards are recorded in a database.
| |
| ((
| |
| }}2(a),(c) 3.6.3 Human-System Interfaces and Procedures for Maintenance Maintenance activities seldom require active component manipulation. When such manipulation is required, evolutions are conducted using normal procedures. For example, when a valve stem must be stroked to adjust packing, lockouts will be removed and maintenance personnel coordinate with operations staff to stroke the valve. When the necessary manipulations are complete, the necessary lockouts are restored.
| |
| © Copyright 2022 by NuScale Power, LLC 23
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 3.6.4 Human-System Interfaces and Procedures for Modifications Modifications are managed as a maintenance activity. Depending on the scope and nature of the modification, the activities may be inconsequential or significant. For example, modifying automation unique to a particular and infrequent activity may be implemented and tested during power operations. Conversely, modification to automation that controls a critical process requires extensive testing before implementation. At the time of implementation, the plant or unit may require reconfiguration to a safe condition where malfunction of the modified automation can do no harm. After post-modification testing, the reconfiguration for normal operations occurs.
| |
| © Copyright 2022 by NuScale Power, LLC 24
| |
| | |
| Concept of Operations TR-130408-NP Revision 0 4.0 References 4.1 Source Documents 4.1.1. U.S. Code of Federal Regulations, Domestic Licensing of Production and Utilization Facilities, Part 50, Chapter 1, Title 10, Energy, (10 CFR 50).
| |
| 4.1.2. U.S. Code of Federal Regulations, Operators Licenses, Part 55, Chapter 1, Title 10, Energy, (10 CFR 55).
| |
| 4.1.3. International Atomic Energy Agency (IAEA), Conduct of Operations at Nuclear Power Plants, Safety Guide NS-G-2.14, 2008.
| |
| 4.1.4. U.S. Nuclear Regulatory Commission, Human-System Interface Design Review Guidelines, NUREG-0700, Rev. 3.
| |
| 4.1.5. U.S. Nuclear Regulatory Commission, Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in 10 CFR 50.54(m), NUREG-1791.
| |
| 4.1.6. U.S. Nuclear Regulatory Commission, Human Performance Issues Related to the Design and Operation of Small Modular Reactors, NUREG/CR-7126.
| |
| 4.1.7. Human Factors Aspects of Operating Small Reactors. OHara & Higgins, 2010.
| |
| BNL-93943-2010-CP.
| |
| 4.1.8. Draft Function Allocation Framework and Preliminary Technical Basis for Advanced SMR Concept of Operations, INL/BNL 28601/TR-2013/02, Rev 1.
| |
| 4.2 Referenced Documents 4.2.1. U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model, NUREG-0711, Rev. 3, November 2012.
| |
| 4.2.2. U.S. Nuclear Regulatory Commission, Qualification and Training of Personnel for Nuclear Power Plants, Regulatory Guide 1.8, Rev. 4, June 2019.
| |
| 4.2.3. American Nuclear Society, ANSI/ANS-3.1-2014, Selection, Qualification, and Training of Personnel for Nuclear Power Plants.
| |
| © Copyright 2022 by NuScale Power, LLC 25
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Licensing Technical Report Human Factors Engineering Operating Experience Review Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Operating Experience Review Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Operating Experience Review Team Composition and Responsibilities . . . . . . . . . . . . . 7 3.0 Operating Experience Review Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1 Review of Predecessor and Related Plants and Systems . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Review of Recognized Industry Human Factors Engineering Issues . . . . . . . . . . . . . . 15 3.3 Review of Related Human-System Interface Technology . . . . . . . . . . . . . . . . . . . . . . . 16 3.4 Review of Issues Identified by Plant Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.5 Review of Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.6 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.6.1 Human Factors Engineering Issue Tracking System Database - Operating Experience Review Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 3-1 Comparison of Commercial Pressurized Water Reactor Systems to NuScale Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Table 3-2 Examples of Systems and Components Eliminated in the NuScale Design . . . 13 Table 3-3 Operating Experience Review Scope, Predecessor Determination, and Relevance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Table 3-4 NUREG-1275 Human Performance Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Abstract Operating experience review (OER) is a key element of the Human Factors Engineering (HFE)
| |
| Program. As part of its HFE program, NuScale Power, LLC (NuScale) conducted an extensive OER effort to identify HFE-related safety issues, and incorporate lessons learned as appropriate from previous designs, in both nuclear and non-nuclear industries, that may be applicable to NuScale Power Plant design. This report documents methodology to be used in the reviews of operating experience to support the NuScale Power Plant US460 standard design. The process established in this OER implementation plan is consistent with the applicable provisions of Section 3 of Human Factors Engineering Program Review Model, NUREG-0711 (Reference 4.2.1).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Executive Summary As part of the Human Factors Engineering (HFE) Program, NuScale performed an extensive review of operating experience (OE) in multiple industries and facilities. The reviewed industries and facilities included the operating nuclear power plants, nuclear facilities that do not produce power, non-nuclear power plants, a U.S. military platform, the petrochemical industry, automotive industry, railway industry, and the airline industry. The purpose of the review was to identify HFE-related safety issues and incorporate identified positive features in the NuScale Power Plant design while avoiding negative features. Human Factors Engineering Operating Experience Review Results Summary Report, RP-0316-17614 (Reference 4.2.11) documented the results of the operating experience review (OER) using OE up to the Design Certification Application submittal date. This implementation plan documents the methodology used in the reviews of OE in support of the NuScale Power Plant US460 standard design.
| |
| Consistent with the guidance of NUREG-0711, Section 3, the scope of the OER performed by NuScale included reviews of predecessor or related plants and systems, recognized industry HFE issues, related human-system interface technology, issues identified by plant personnel, and important human actions. The OER goals are met by reviews of related source documents and literature, nuclear industry websites and databases. The obtained data is documented in a database and evaluated for their applicability to the design. Applicable positive issues are also incorporated or tracked for incorporation into the design.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 1.0 Introduction 1.1 Purpose The NuScale operating experience review (OER) process conducts an extensive review of operating experience (OE). The purpose of the OER is to identify and document safety issues and lessons learned from the applicable OE.
| |
| address applicable lessons learned in the design of systems in order to reduce human errors and their impact on risk and reliability of plant operation.
| |
| apply the lessons learned to plant operations, operational procedures, training of plant operators, and human performance monitoring programs.
| |
| avoid negative features in previous designs while retaining positive features.
| |
| The OER scope, methodology, and the results that supported the Design Certification Application (DCA) are documented in Reference 4.2.11 consistent with the applicable guidance of NUREG-0711 (Reference 4.2.1), Section 3, and have been accepted as part of the NuScale DCA. This document outlines the implementation plan for OER to support the NuScale Power Plant US460 standard design.
| |
| 1.2 Scope The OER scope includes reviews of the following:
| |
| predecessor and related plants and systems recognized industry Human Factors Engineering (HFE) issues related human-system interface (HSI) technology issues identified by plant personnel important human actions (IHAs)
| |
| NuScale Power Plants unique design features include multi-module applications.
| |
| use of digital control systems.
| |
| heavy use of multiple levels of automation.
| |
| use of computer-based procedures.
| |
| The combination of these design features and the extent of their use in the design is not found in the existing commercial nuclear reactors. Therefore, the OER effort focuses on multiple industry experience in monitoring and control of multiple units in one control room.
| |
| construction and construction testing of one or more units coincident with operating units.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 initial plant testing (preoperational and start-up testing) coincident with operating units.
| |
| refueling of a unit coincident with operating units.
| |
| incident and accident management of a unit coincident with operating units.
| |
| The OER of nuclear industry experience is limited to activities performed by licensed control room operators during normal, abnormal, and emergency operating conditions.
| |
| Maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or instrumentation and controls (I&C) maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities are only considered when those activities are determined to impact licensed operator workload.
| |
| If licensed operator workload is impacted, then the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload and develop HSI required to address the specific task. Evaluation results for these HFE elements for the licensed control room operators provide assurance that the control room staffing is accommodated by the Control Building design with sufficient margin for additional staffing (Reference 4.2.2).
| |
| The results of the OER contribute to the basis for the determination of control room staffing and qualification levels for a future operator. Specifically, initial staffing goals for staffing and qualification levels are based, in part, on the staffing and qualification levels at the related plants and systems. Review of OE at related plants and systems includes investigation of operational problems and strengths and weaknesses resulting from staffing levels, and resulting changes to the initial staffing goals. The OER of recognized industry HFE issues included review of staffing considerations described in Nuclear Regulatory Commission (NRC) Information Notice 95-48: Results of Shift Staffing Study, October 10, 1995 (Reference 4.2.12), and work hour requirements of 10 CFR 26.205 and their impact on staffing. Use of OER in the determination of staffing and qualification levels is further discussed in Reference 4.2.2.
| |
| 1.3 Abbreviations and Definitions Table 1-1 Abbreviations Abbreviation Definition AC alternating current CNV containment vessel DC direct current DCA Design Certification Application FRA/FA functional requirements analysis and function allocation HFE Human Factors Engineering HFEITS Human Factors Engineering issue tracking system HSI human-system interface
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Table 1-1 Abbreviations (Continued)
| |
| Abbreviation Definition I&C instrumentation and controls IHA important human action LWR light water reactor NRC Nuclear Regulatory Commission OE operating experience OER operating experience review PWR pressurized water reactor RSR results summary report TIHA treatment of important human actions Table 1-2 Definitions Term Definition HFE issue An HFE issue that has not been resolved in the NuScale HFE Program process.
| |
| Issues are those items that need to be addressed at some later date and thus need to be tracked to provide reasonable assurance that they are not overlooked.
| |
| HFE team A core group of human factors engineers with HFE training (or equivalent experience), experienced operators, and simulator engineers.
| |
| HFE issue tracking An electronic database used for tracking HFE issues within the scope of the system database NuScale Power Plant HFE Program. The OER items are a subcategory within HFEITS.
| |
| Important human The actions that meet either risk or deterministic criteria. The risk-important human actions actions are identified by the Probabilistic Risk Assessment and human reliability analysis processes. The deterministically important human actions are derived from the transient and accident analysis, and diversity and defense-in-depth coping analysis.
| |
| Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| OE item Any operating experience issue identified by the OER that is potentially applicable to the NuScale design and that needs further evaluation.
| |
| OER team Team performing the OER activities whose members are qualified representatives from the HFE, Systems Engineering, Safety Analysis, and Operations Organizations.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 2.0 Implementation 2.1 Operating Experience Review Process Overview The OER process undertaken for the DCA established uniform practices for performing and documenting OER for the HFE Program. The process encompassed activities for OE screening and reviewing, providing recommendations, and documenting review results.
| |
| The process to support the NuScale US460 design is built upon previous OER results.
| |
| The categories of sources for review includes U.S. Nuclear Regulatory Commission, Human Factors Engineering (HFE) Insights for Advanced Reactors Based Upon Operating Experience, NUREG/CR-6400, 1996 (Reference 4.2.6).
| |
| similar technology from other industries.
| |
| operator interviews.
| |
| site visits.
| |
| literature.
| |
| nuclear industry databases.
| |
| results from treatment of important human actions (TIHA).
| |
| The OER team lead identifies the specific OE items for initial screening in order to determine whether the item is applicable to the NuScale Power Plant. The items found to be applicable receive a full review. The purpose of the full review is to determine if a particular aspect of the NuScale design has already captured or provided a resolution of the issue described by the OE item.
| |
| If the full review concludes that the NuScale design must determine a mitigating design solution within the scope of the HFE Program, the OE item is forwarded to the Human Factors Engineering issue tracking system (HFEITS). If the full review concludes that NuScale must determine a mitigating design solution outside the scope of the HFE Program, the item is forwarded to the appropriate engineering discipline (Section 3.6).
| |
| The OER process includes four major decision points:
| |
| Potential human performance issues are determined through review of the OER item causal factors. Where the OER item describes root or apparent cause, or human performance, key words such as time, stress, training, workload, management, and organization are indicative.
| |
| Applicability to the NuScale design is established by review of available NuScale design documents for the system (or like system) in question. Other HFE team members or appropriate subject matter experts are consulted as appropriate.
| |
| Applicability determination comprises the initial screening of the issues to determine whether a complete review is needed.
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Determination of HFE Program scope is conducted by review of applicable NuScale design documents or implementation documents for HFE Program elements such as program management plan, human performance monitoring, TIHA, and functional requirements analysis and function allocation (FRA/FA).
| |
| The OER reviewer determines if the OER item is resolved by the current design by review of HSI design documents.
| |
| The OER team is involved in decisions regarding disposition of OE items. At OER team decision points, each HFE member involved in the OER is consulted after having reviewed the available OE item, design information, and qualifying explanation.
| |
| If an OE item is determined to be relevant and applicable to the NuScale HFE scope, but the current design documents do not address the item, the OE item becomes an HFE issue for tracking in the HFEITS database. The OE items tracked in the HFEITS are categorized to show which HFE elements they affect. This categorization facilitates future searches of the database by HFE element.
| |
| Applicable OE items identified are entered into the HFEITS database for evaluation and disposition.
| |
| The OER results are used as inputs in the analysis of other HFE elements, including FRA/FA, task analysis, staffing and qualifications, TIHA, and human factors verification and validation. Specifically, the OER results are used in supporting the determination of the requirements for and allocation of functions in the FRA/FA element. There are several experienced operators included as part of the HFE team (Section 2.2). These operators provide supplementary OE information related to any IHAs identified (Reference 4.2.4),
| |
| which is incorporated in the task analysis, TIHA, and staffing and qualifications elements.
| |
| Additionally, experienced operators provide valuable insights and lessons learned in selecting challenging and workload-intensive plant operating conditions performed on a simulator as part of staffing and qualifications analyses and in performing verification and validation.
| |
| 2.2 Operating Experience Review Team Composition and Responsibilities The OER is conducted and supported by an experienced team of members that includes representatives from the HFE and Operations organizations, who are supported by the Systems Engineering and Safety Analysis staff. The qualifications of the HFE team members are as stipulated in the NuScale Human Factors Engineering Program Management Plan (Reference 4.2.5), and are consistent with the guidance of NUREG-0711 Appendix.
| |
| The OER team lead and the remainder of the OER team are selected by the HFE supervisor from the HFE team members. As described in Reference 4.2.5, the HFE supervisor has the authority and organizational placement to ensure that the tasks assigned to the OER personnel who do not directly report to the HFE supervisor are completed.
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 The OER team includes an HFEITS database coordinator. Assigned by the team lead, the database coordinator is responsible for managing the integrity of the information that is recorded, screened, reviewed, and dispositioned in the HFEITS database.
| |
| Responsibilities of the OER team lead include organizing the OER team.
| |
| assigning team member responsibilities.
| |
| managing resources and schedule.
| |
| ensuring that OER issues are completed with supporting documentation and entered into HFEITS as necessary.
| |
| production of OER reports as needed.
| |
| Responsibilities of OER team members conducting the reviews and dispositioning the individual review items include reviewing OER issues for identification of human performance issues, sources of human error, and design elements that would support or enhance human performance.
| |
| screening of OER issues for applicability to the NuScale design using criteria in accordance with established procedures and as discussed in Section 3.1 through Section 3.6.
| |
| summarizing and documenting screening results with an explanation of the applicability to the NuScale design.
| |
| identification of further sources and topics for OER.
| |
| collection, preparation, and documentation of new sources of OE applicable to the NuScale design.
| |
| conducting operator interviews using a questionnaire template.
| |
| identifying need for NuScale design action on OER issues.
| |
| entering actions resulting from OER into HFEITS.
| |
| Upon completion of the OER, the team lead performs the following functions:
| |
| resolves and closes applicable OE items in the HFEITS database collects documentation for:
| |
| - sources of OE data
| |
| - screening methods
| |
| - screening results
| |
| - interview facilities
| |
| - interview results including personal information for each interviewee
| |
| - results of reviews
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0
| |
| - resolution of OE items tracked by HFEITS or engineering database ensures that the HFEITS operating experience database entries are complete and consistent and verify correct closure of OE items documents location of OER results to ensure availability of:
| |
| - OE item-related systems
| |
| - list of OE documents reviewed
| |
| - results of reviewing relevant HSI technology
| |
| - complete description and findings from interviews
| |
| - list of OER-identified issues incorporated into the design
| |
| - list of open issues still being tracked in the HFEITS
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 3.0 Operating Experience Review Methodology The following sections describe the methodology used to address OE within the HFE Program. These sections address the applicable review criteria in NUREG-0711, Section 3, Operating Experience Review.
| |
| 3.1 Review of Predecessor and Related Plants and Systems The NuScale Power Plant design incorporates features such as passive safety systems, no reliance on safety-related alternating current (AC) or direct current (DC) power, and modular design that relies on automation and digital HSI technology. The combination of these design features and the extent to which they are utilized in the NuScale Power Plant design is not found in the existing commercial nuclear reactors; therefore, existing designs are not considered direct predecessors to the NuScale Power Plant design.
| |
| However, many of the NuScale systems and components are found in existing designs.
| |
| Therefore, operating commercial nuclear power plant experience is reviewed and used appropriately in the development of the NuScale Power Plant design.
| |
| The NPP has achieved improvements in safety over existing plants through simplicity of design, reliance on passive safety systems, small fuel inventory, and use of additional barriers to the release of fission products to the environment. The integrated design of the NuScale Power Module eliminates external reactor coolant loop piping and resulting large loss of coolant accidents, and the use of natural circulation as the prime driver for the reactor coolant system removes the operating challenges posed by reactor coolant pumps and associated seals.
| |
| The availability of passive safety systems for decay heat removal, emergency core cooling system, containment heat removal, and control room habitability eliminates the need for AC or DC power in a Fukushima-like event. This design removes the requirement for reliance on off-site power, safety-related AC or DC power systems, and emergency power sources, and technical specification-related issues that have caused significant OE items in the existing commercial fleet.
| |
| Each NuScale Power Module consists of a steel reactor pressure vessel within a steel containment vessel (CNV). ASME-rated pressure relief valves for the pressurizer relieve directly into the CNV, where it can be reutilized by the emergency core cooling system to allow flow back into the RPV to maintain core cooling. This innovative design provides a solution to overcome the loss of coolant accident suffered by the Three Mile Island Unit 2 as a result of a stuck open power operated relief valve.
| |
| The small CNV and evacuated annulus eliminate the need for thermal insulation around the reactor vessel, thereby reducing Generic Safety Issue 191 concerns.
| |
| The evacuated CNVs are partially immersed in an ultimate heat sink within the Reactor Building. The location of the ultimate heat sink eliminates the requirement for safety-related pumps and associated emergency power supplies, piping, valves, and coolers. This design feature removes the technical specifications requirements normally
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 associated with the above components, as well as limited conditions of operations for excessive sediment, algae, ice, and more.
| |
| The integration of the decay heat removal system with the steam generators, main steam, condensate and feedwater systems eliminates the requirement for an auxiliary or emergency feedwater system. This integration also alleviates the maintenance and technical specification requirements for such systems.
| |
| These design improvements over existing plants were in place before the formal OER Program was established. Considering this fact, NuScales challenge is to improve the HSI, worker environments, and plant and equipment layout to reduce human error potential and worker injuries.
| |
| Table 3-1 provides a cross-reference among systems contained in operating commercial nuclear power plants and NuScale systems. Table 3-2 lists examples of systems and components in commercial nuclear power plants that are eliminated in the NuScale design, and the NuScale design features that allow their elimination. If the initial screening identifies no correlation between the OE related to these eliminated systems and components and the NuScale design, the OER record is closed as not applicable.
| |
| An initial screening is performed on each OE item to determine applicability to the NuScale design, and to determine whether further evaluation is necessary to identify potential HFE issues related to the NuScale design. Operating experience items identified from previous light water reactor (LWR) systems design with high relevance (greater than approximately 60 percent) to the NuScale design are candidates for detailed review, and are entered into the HFEITS database. Relevance is determined on the basis of comparison between the NuScale Power Plant and previous similar designs, and expressed in degrees of relevance. Table 3-3 provides such a comparison and the associated relevance expressed as HIGH, MEDIUM, or LOW, where MEDIUM relevance would be considered 40-60 percent relevant, and LOW would be less than 40 percent relevant.
| |
| The need for further screening is established by the following criteria:
| |
| similarity of designed systems, technology, and concept of operations designs with multi-modular monitoring and control designs with multiple identical systems monitoring in same control room designs with highly automated control designs that use digital I&C and video display units HFE issues that can affect NuScale design lessons learned that apply to NuScale The OER boundaries for this technology are extended beyond the experience of these existing plants because of the limited use and experience of the digital HSI technology in the current U.S. operating commercial nuclear power plants. Section 3.3 discusses the OER of the new HSI technology in other industries.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Table 3-1 Comparison of Commercial Pressurized Water Reactor Systems to NuScale Systems System Category Commercial PWR Systems Corresponding NuScale System Primary Systems containment system containment vessel (part of reactor module) chemical and volume control chemical and volume control system system reactor coolant system reactor coolant system (part of reactor module) pressurizer (part of reactor module) steam generator (part of reactor module) reactor pressure vessel (part of reactor module) reactor vessel internals (part of reactor module) steam generator system steam generator (part of reactor module)
| |
| Control Systems reactor protection system reactor protection system engineered safety features engineered safety features actuation system actuation system diverse actuation system diverse protection system plant control module process computer rod control rod control and information system control rod drive system control rod drive system Monitoring Systems neutron monitoring system neutron monitoring system Main Power Cycle and main steam system main steam system Auxiliaries main turbine system turbine generator system condensate system feedwater and condensate system feedwater system feedwater and condensate system demineralized water transfer and demineralized water system storage system Cooling Systems passive containment cooling ultimate heat sink system (passive) system passive core cooling system emergency core cooling system (passive) decay heat removal system (passive) normal residual heat removal ultimate heat sink system system containment flood and drain system spent fuel pool cooling system pool cooling water system AC & DC Power On-site standby power system backup diesel generator Systems AC power system medium voltage AC electrical distribution system low voltage AC electrical distribution system Fire Protection fire protection system fire protection system Systems HVAC Systems normal control room HVAC normal control room HVAC containment recirculation cooling not a NuScale system - NuScale containment system does not require a recirculation cooling system control room habitability system control room habitability system containment air filtration system not a NuScale system - NuScale containment does not require air filtration containment hydrogen control not a NuScale system - NuScale containment system does not require a hydrogen control system
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Table 3-1 Comparison of Commercial Pressurized Water Reactor Systems to NuScale Systems (Continued)
| |
| System Category Commercial PWR Systems Corresponding NuScale System Fuel Handling fuel handling and refueling fuel handling equipment Systems system refueling monitoring station spent fuel storage system Table 3-2 Examples of Systems and Components Eliminated in the NuScale Design System or Component Eliminated NuScale Design Feature in NuScale Design reactor coolant pumps buoyancy forces drive natural circulation of the primary coolant reactor coolant system piping reactor core, steam generator, and pressurizer contained within the pressurizer surge line reactor pressure vessel residual heat removal system reactor pressure vessel housed in a steel containment partially pumps with associated piping and immersed in water that provides an effective passive heat sink for heat exchangers long-term emergency cooling auxiliary feedwater system safety injection system Table 3-3 Operating Experience Review Scope, Predecessor Determination, and Relevance
| |
| ((
| |
| NuScale Plant, System, or System Similar Plant, System, or Technology Technology Code NuScale Power Module N/A None Reactor Pressure Vessel A011 PWR plants Pressurizer A012 PWR plants Containment Vessel A013 PWR plants Steam Generator A014 Ansaldo and Siet test facilities, Otto Hahn Reactor Module Support A015 None Control Rod Drive A022 PWR plants Reactor Vessel Internals A023 Ansaldo and Siet test facilities, PWR plants Reactor Fuel Assembly A025 PWR plants Control Rod Assembly A026 PWR plants Chemical and Volume Control B010 PWR plants Boron Addition System B011 PWR plants Oregon State University NuScale Integral Emergency Core Cooling B020 effects test facility GE SBWR and SWBR, KEPCO SMART Decay Heat Removal B030 testing Containment Heat Removal B040 None Control Room Habitability B060 PWR plants Normal Control Room HVAC B080 PWR plants Fuel Handling Equipment B140 PWR plants
| |
| }}2(a),(c)
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Table 3-3 Operating Experience Review Scope, Predecessor Determination, and Relevance (Continued)
| |
| ((
| |
| NuScale Plant, System, or System Similar Plant, System, or Technology Technology Code Spent Fuel Storage B160 PWR plants Pool Cooling and Cleanup B170 PWR plants System Pool Leakage Detection B180 PWR plants Containment Evacuation B190 None Main Steam C010 LWR plants Condensate and Feedwater C020 LWR plants Demineralized Water C140 LWR plants Fire Protection C190 LWR plants, Other Industries Medium Voltage AC Electrical D020 LWR plants, Other Industries Distribution Low Voltage AC Electrical D030 LWR plants, Other Industries Distribution Augmented DC Power D040 LWR plants Distribution Backup Diesel Generator D060 Other Industries Reactor Protection E011 PWR plants Neutron Monitoring E013 LWR plants Rod Control and Information E040 PWR plants Refueling Monitoring E070 PWR plants Reactor Building F010 LWR plants Digital I&C N/A LWR plants, Other Industries All video display units N/A LWR plants, Other Industries High level of automation N/A LWR plants, Other Industries Controlling more than one unit or process from same control N/A Other Industries room
| |
| }}2(a),(c)
| |
| In the table above, digital I&C, all video display units, high level of automation, and controlling more than one unit or process from same control room are listed as either MEDIUM or LOW. While this may seem incongruent with the importance of these topics to the NuScale design, they do accurately depict the relative OE relevance in these areas with the existing commercial reactors. Existing plants have performed individual system digital upgrades, which leaves their control rooms with a majority of analog panels and components, with an interspersing of digital control systems and video displays added on. While some automation has been utilized in existing plants (e.g., engineered safety features actuation system trips, load sequencing), no plant has utilized automation to the same degree as the NPP. Finally, while there are several dual control room plants in the U.S., and the CANDU fleet operates four reactors from the same control room, the NuScale design is novel in the control of up to six individual units from the same control room.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 3.2 Review of Recognized Industry Human Factors Engineering Issues NUREG/CR-6400 (Reference 4.2.6) provides a detailed list of HFE-relevant OE pertinent to the HSI design process for advanced nuclear power plants. Six categories of issues and experience are addressed:
| |
| unresolved safety issues/generic safety issues Three Mile Island issues NRC generic communications (generic letters, information notices and Part 21 reports)
| |
| Office for Analysis and Evaluation of Operational Data issues lower power and shutdown operations operating plant event reports Sections 2 and 3 of NUREG/CR-6400 (Unresolved Safety Issues/Generic Safety Issues and Three Mile Island Issues) are summarized in Table II and Appendix B of NUREG-0933 (Reference 4.2.7). The issues listed in NUREG-0933 Appendix B are derived from the NRCs analysis of the issues listed in NUREG-0933 Table II. Therefore, the issues in NUREG-0933 Appendix B are a subset of the items in Table II. For this reason, NUREG-0933 Table II is used in the NuScale OER process instead of NUREG-0933 Appendix B.
| |
| The results of the NRCs Office for Analysis and Evaluation of Operational Data Program to identify human factors and human performance issues from mid-1980s through the year 2000 were published in Volumes 1 through 14 of NUREG-1275 (Section 5 of NUREG/CR-6400) (Reference 4.2.6). NuScales OER includes review of the items contained in these volumes (Table 3-4). The potential issues identified from initial screening of NUREG-1275 Volumes 1 through 14 are entered into the HFEITS database and evaluated using the method described in Section 3.6.
| |
| The OER issues from sources other than NUREG/CR-6400 (published in January 1997) and NUREG-1275 are also reviewed for potential human performance issues or for identifying design elements that might support or enhance human performance. This includes reviews of additional literature and nuclear industry websites and databases (e.g., U.S. Nuclear Regulatory Commission, Institute of Nuclear Power Operations).
| |
| In addition to nuclear industry sources, literature, and websites of non-nuclear industries (U.S. military platform such as an aircraft carrier or submarine, the petrochemical industry, automotive industry, railway industry, and the airline industry) are also reviewed.
| |
| The events at Chernobyl and at the Fukushima Daiichi power station preceded the design of the NuScale Power Plant. Therefore, as the development of NuScale Power Plant design is ongoing, the lessons learned from these events are considered, and the
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 applicable lessons learned incorporated in the design. With regard to the Fukushima event, the following documents are considered:
| |
| U.S. Nuclear Regulatory Commission, Issuance of Order to Modify Licenses with Regard to Requirements for Mitigation Strategies for Beyond-Design-Basis External Events, EA-12-049, March 12, 2012 (Reference 4.2.8)
| |
| NEI 12-02, Industry Guidance for Compliance with NRC Order EA-12-051, To Modify Licenses with Regard to Reliable Spent Fuel Pool Instrumentation, Revision 1 (Reference 4.2.9)
| |
| NEI 12-06, Diverse and Flexible Coping Strategies (FLEX) Implementation Guide, Revision 2 (Reference 4.2.10)
| |
| Table 3-4 NUREG-1275 Human Performance Studies NUREG-1275 NUREG Operating Experience Feedback Report Title Publication Date Volume No.
| |
| 1 Operating Experience Feedback Report - New Plants July 1987 2 Air Systems Problems December 1987 3 Service Water System Failures and Degradations November 1988 4 Technical Specifications March 1989 5 Progress in Scram Reduction March 1989 6 Operated Valve Problems February 1991 Experience with Pump Seals Installed in Reactor Coolant Pumps September 1992 7
| |
| Manufactured by Byron Jackson 8 Human Performance in Operating Events December 1992 9 Pressure Locking and Thermal Binding of Gate Valves March 1993 10 Reliability of Safety-Related Steam Turbine-Driven Standby Pumps October 1994 11 Turbine-Generator Overspeed Protection Systems April 1995 12 Assessment of Spent Fuel Cooling February 1997 13 Evaluation of Air-Operated Valves at U.S. Light-Water Reactors February 2000 Causes and Significance of Design-Based Issues at U.S. Nuclear November 2000 14 Power Plants 3.3 Review of Related Human-System Interface Technology The NuScale design uses a modern HSI design to control up to six units from one control room. Nuclear industry OE in multi-unit operation from a single control room is limited.
| |
| Therefore, the review of operating experience in these areas is expanded to other facilities and industries including nuclear installations that do not produce power, non-nuclear power plants, a U.S. military platform, the petrochemical industry, automotive industry, railway industry, and the airline industry (including air traffic controller operator experience data).
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 Operating experience research of HSI technology in these facilities and industries focuses specifically on highly automated, digitally-controlled process systems.
| |
| computerized procedures systems.
| |
| use of flat panel displays (video display units).
| |
| use of touch screens (as a design enhancement).
| |
| multi-unit control rooms.
| |
| 3.4 Review of Issues Identified by Plant Personnel The review of issues identified by plant personnel was performed for the DCA, and documented in a results summary report (RSR) (Reference 4.2.11). This aspect of the OER is incorporated into the predecessor design. As this report documents methodology to be used in the reviews of OE subsequent to the completion of the DCA, OER issues identified during the DCA Human Factors Engineering work will be evaluated against design changes implemented in the Standard Design Approval Application for the US460 standard design.
| |
| Telephone or in-person interviews of plant personnel (nuclear and non-nuclear industries) were conducted for the DCA based on their experience with systems or technology applicable to the NuScale design. Personnel that were included are those with experience and knowledge in plant design documents, plant operations, and HFE topics discussed below. The personnel interviewed included operators (non-nuclear) or reactor operators.
| |
| supervisors (non-nuclear) or senior reactor operators.
| |
| maintenance technicians.
| |
| supervisors and managers from Operations, Maintenance, and Work Control.
| |
| operations administrators, particularly those who handle condition reports.
| |
| procedure developers.
| |
| training staff.
| |
| Interview questions and topics were developed by the OER team lead and tailored to the job description of the individual being interviewed.
| |
| The interviews cover the following topics:
| |
| plant operations
| |
| - normal plant evolutions (start-up, full-power, and shutdown)
| |
| - instrument and control system degraded conditions and failures
| |
| - HSI equipment failures and processing failures
| |
| - transients
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0
| |
| - accidents
| |
| - reactor shutdown and cool down using remote shutdown systems HFE design topics
| |
| - alarm and annunciation
| |
| - display
| |
| - control and automation (highly automated control systems) information processing and job aids
| |
| - real-time communications with plant personnel, real-time communications with other organizations
| |
| - procedures, training, staffing qualifications, and job design
| |
| - multi-unit control room design effect on plant operation The data obtained from each interview was reviewed for positive or negative aspects and further evaluated for incorporation into the NuScale design. Each potential issue identified in an interview was entered into the HFEITS database and evaluated in a manner similar to the process outlined in Section 3.6.
| |
| In addition to obtaining data from outside plant personnel, the expertise of NuScales HFE team members was utilized to perform reviews of NuScale design documents and provide recommendations for improvements and refinements to the design as appropriate. These personnel possess experience in the operation of commercial nuclear power plants, and are an integral part of the HFE team. Inputs related to OE provided by these personnel were provided to the appropriate system design engineers and addressed by an inter-disciplinary review process.
| |
| 3.5 Review of Important Human Actions Important human actions include risk-important human actions and deterministically important human actions. Risk-important human actions are identified early in the design process by the probabilistic risk assessment, and human reliability analysis processes.
| |
| Deterministically important human actions are derived from the transient and accident analysis, and diversity and defense-in-depth coping analysis. If IHAs are identified, they are recorded in the HFEITS database so that this information is available while analyzing OE. The HFEITS database is updated as necessary with IHAs as the PRA is updated during design. The OER issues that indicate a potential to impact NuScale-specific IHAs can be tracked as HFE issues in the HFEITS for resolution during appropriate HFE Program elements.
| |
| Reference 4.2.4 contains further information on IHAs. The purpose of evaluating IHAs as part of OER is to determine whether other operating nuclear plants or systems with similar HSI technology have experienced related error-causing conditions. The IHAs are used in succeeding HFE Program elements (task analysis, staffing and qualifications, and HSI design) to define the roles and responsibilities of plant personnel and to produce interfaces designed to minimize human error probabilities. More details on the IHAs are contained in the treatment of important human actions RSR (Reference 4.2.4).
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 In examining the OE data, both the successful completion of IHAs applicable to NuScale and the errors that may have occurred in the execution of those IHAs are identified and considered. Treatment of IHAs is further discussed in Reference 4.2.4.
| |
| The human actions that are not identified as IHAs for the NuScale design but, if not performed correctly, could potentially have negative consequences are also selected for task analysis (Reference 4.2.3). This selection is accomplished with multiple subject matter experts by reviewing the OER and using their personal experience.
| |
| 3.6 Documentation 3.6.1 Human Factors Engineering Issue Tracking System Database - Operating Experience Review Issues The HFEITS database is used for tracking HFE issues within the scope of the NuScale Power Plant HFE Program that are identified using the screening process described in this section. These include issues identified as potential human performance issues and sources of human error and design elements that might support or enhance human performance.
| |
| If a potential HFE issue has been identified and cannot be resolved immediately, the issue is entered into the HFEITS database and tracked. Only the issues that are within the HFE Program scope but not incorporated by the current design are captured in HFEITS. The HFEITS issues can be evaluated for incorporation during the analyses or design of the HFE elements performed later as described in the implementation plans or RSRs for those elements, as applicable.
| |
| The OER items that are preliminarily screened as applicable are entered into the HFEITS database. The database is designed to provide complete details of the collected data, and is maintained as an electronic database. Items are categorized to show which HFE elements they affect. This categorization facilitates future OE searches of the HFEITS database by HFE element.
| |
| The HFEITS database is administered by the HFE team lead. Consistency of entries is monitored during data entry and checked periodically by the OER team lead.
| |
| If an OER issue is determined to be not related to HFE scope, or not applicable to the NuScale design, a justification is written and reviewed by the OER team. Following approval of the justification, the OE item is closed, but retained in the HFEITS database.
| |
| If an OE item is determined to be applicable to the NuScale design but not applicable to the HFE Program scope, a justification is written and reviewed by the OER team.
| |
| Following approval of the justification, the OE item is transferred to the appropriate engineering discipline. The OE item is then closed, but retained in the HFEITS database.
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 If an OE item is determined to be applicable to the NuScale HFE Program scope, but is resolved by the current design, documentation of that resolution is captured in the database. Documentation includes reference to appropriate approved design documents. The OER team reviews the resolved-by-design documentation and closes and retains the OE item in the database.
| |
| An OE item that is determined to be applicable to the HFE Program scope and not resolved by the current design is documented as such in the HFEITS database. The OER team member proposes a design modification to incorporate the OE item. The OER team reviews the documentation and proposed design modification. If approved, the OE item is assigned to the greater HFE team. The HFEITS issues not resolved as part of the OER are evaluated during later stages of analyses or design for incorporation as described in the RSRs for those HFE Program elements.
| |
| In the event the OER team disapproves a justification or set of documentation for closure of an OE item, the OER team and HFE supervisor have the discretion to either reassign the OE item to another team member or resolve the item as a team.
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 4.0 References 4.1 Source Documents 4.1.1. U.S. Nuclear Regulatory Commission, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (NUREG-0800),
| |
| Formerly issued as NUREG-75/087, Chapter 18, Human Factors Engineering.
| |
| 4.1.2. U.S. Nuclear Regulatory Commission, Shutdown and Low-Power Operation at Commercial Nuclear Power Plants in the United States, NUREG-1449, September 1993.
| |
| 4.1.3. U.S. Code of Federal Regulations, Contents of Applications; Technical Information, Section 52.47, Part 52, Chapter 1, Title 10 Energy (10 CFR Part 52.47).
| |
| 4.2 Referenced Documents 4.2.1. U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model, NUREG-0711, Revision 3, November 2012.
| |
| 4.2.2. NuScale Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412, Revision 0.
| |
| 4.2.3. NuScale Human Factors Engineering Task Analysis Implementation Plan, TR-130413, Revision 0.
| |
| 4.2.4. NuScale Human Factors Engineering Treatment of Important Human Actions Results Summary Report, TR-130416, Revision 0.
| |
| 4.2.5. NuScale Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| 4.2.6. U.S. Nuclear Regulatory Commission, Human Factors Engineering (HFE)
| |
| Insights for Advanced Reactors Based Upon Operating Experience, NUREG/CR-6400, 1996.
| |
| 4.2.7. U.S. Nuclear Regulatory Commission, Resolution of Generic Safety issues, NUREG-0933 (Supplements 1 - 34), 2011.
| |
| 4.2.8. U.S. Nuclear Regulatory Commission, Issuance of Order to Modify Licenses with Regard to Requirements for Mitigation Strategies for Beyond-Design-Basis External Events, EA-12-049, March 12, 2012.
| |
| 4.2.9. NEI 12-02, Industry Guidance for Compliance with NRC Order EA-12-051, To Modify Licenses with Regard to Reliable Spent Fuel Pool Instrumentation, Revision 1.
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Operating Experience Review Implementation Plan TR-130409-NP Revision 0 4.2.10. NEI 12-06, Diverse and Flexible Coping Strategies (FLEX) Implementation Guide, Revision 2.
| |
| 4.2.11. Human Factors Engineering Operating Experience Review Results Summary Report, RP-0316-17614, Revision 0.
| |
| 4.2.12. NRC Information Notice 95-48: Results of Shift Staffing Study, October 10, 1995.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Licensing Technical Report Human Factors Engineering Human-System Interface Design Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Human-System Interface Design Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Human-System Interface Design Team Composition and Responsibilities . . . . . . . . . . . 6 2.2.1 Human-System Interface Design Team Composition . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 Simulator Development Responsibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.3 Human-System Interface Development Responsibility . . . . . . . . . . . . . . . . . . . . 7 2.2.4 General Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.5 Special Considerations for the Human-System Interface Design . . . . . . . . . . . . 8 3.0 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1 Human-System Interface Design Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1.1 Personnel Task Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 Simulator Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3 Human-System Interface Design Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3.1 Survey of State-of-the-Art in Human-System Interface Technologies . . . . . . . . 12 3.3.2 Preparation of Human-System Interface Design Support Documentation . . . . . 12 3.3.3 Conceptual Sketches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.3.4 Rapid Prototyping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.3.5 Tests and Evaluations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.4 Human-System Interface Concept of Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.4.1 Operator Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.4.2 Automation Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.4.3 Shared Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.4.4 Document Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.4.5 Main Control Room Layout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.5 Human Factors Engineering and Human-System Interface Design Guidance . . . . . . . 17 3.5.1 Human-System Interface Style Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Table of Contents 3.5.2 Concept of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.5.3 Conduct of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.6 Human-System Interface Detailed Design and Integration . . . . . . . . . . . . . . . . . . . . . . 18 3.7 Human-System Interface Tests and Evaluation Overview. . . . . . . . . . . . . . . . . . . . . . . 18 3.7.1 Internal Review of Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.7.2 Testing and Evaluation of Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.7.3 Iteration Decision Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.7.4 Human Engineering Discrepancy Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 3-1 Iterative Human-System Interface Design and Evaluation Plan. . . . . . . . . . . . . 19
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 List of Figures Figure 3-1 NuScale Main Control Room Simulator Development Venn Diagram . . . . . . . . 10
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Abstract This document provides the human-system interface (HSI) design implementation plan for the NuScale Power Plant. This implementation plan defines a structured methodology for the iterative design of the overall HSI, translating the functional and task requirements into the detailed HSI for the plant. The process produces a unique HSI Style Guide and a consistent state-of-the-art HSI design to be used by operators of the NuScale Power Plant to carry out the plants goals under normal, abnormal, and emergency operating conditions. The process used is consistent with the applicable provisions of Section 8 of U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model, NUREG-0711, Rev. 3 (Reference 4.1.2).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Executive Summary The NuScale human-system interface (HSI) design is developed by a multi-faceted Human Factors Engineering (HFE) Design Team that brings unique skills and knowledge to the effort and works collaboratively and cohesively to reach the project goals. The NuScale HFE Design Team includes former nuclear plant operators and supervisors, plant system engineers, instrumentation and controls engineers, a simulator plant model, HSI software developers, and human factors engineers.
| |
| The plant functions, operator tasks, and concepts of use are incorporated into the NuScale HSI Style Guide for use by the HFE Design Team to produce a consistent state-of-the-art HSI design.
| |
| The design team follows the NuScale HSI design and validation process to create and analyze the HSI the operators use to satisfy the plants overall safety and operating objectives and goals.
| |
| The HSI is analyzed to verify that in-scope tasks can be performed in a consistent and timely manner.
| |
| the design takes advantage of human and machine strengths to avoid human error and machine limitations.
| |
| the HSI is consistent with the HSI Style Guide.
| |
| the HSI satisfies the guidance in Section 8 of NUREG-0711 (Reference 4.1.2).
| |
| Staffing validation confirms the main control room layout and HSI design meet the needs of the staffing and qualification effort discussed in the Human Factors Engineering Staffing and Qualifications Results Summary Report (Reference 4.2.6).
| |
| This report is organized as follows. Section 1.0 and Section 2.0 provide an introduction to the HSI process and the HSI implementation process, respectively. Section 3.0 describes the methodology followed by the HFE Design Team during the development of the HSI. The source and referenced documents applicable to and used in the HSI effort are listed in Section 4.0.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 1.0 Introduction 1.1 Purpose The purpose of this implementation plan (IP) is to document the methodology of an iterative human-system interface (HSI) design process. This process translates the functional and task requirements to the HSI design requirements and to the detailed design of alarms, displays, controls, and other aspects of the HSI, which are based on systematically applying state-of-the-art Human Factors Engineering (HFE) principles and the criteria to support the safe and reliable operation of the NuScale Power Plant.
| |
| 1.2 Scope This IP includes a summary of the research, design, and testing efforts performed by the NuScale HFE Design Team that produced a coherent and consistent screen-based HSI design for the licensed operators located in the main control room (MCR) during normal, abnormal, and emergency operating conditions.
| |
| This IP encompasses the design activities for HSIs including those in the MCR.
| |
| derived from the MCR-designed HSIs (including the Technical Support Center and Emergency Operations Facility.
| |
| local control stations used by operators as described in the NuScale HFE Program Management Plan (Reference 4.2.9).
| |
| The HSIs include alarms, indications, controls, and embedded procedures. The HSI design also includes those systems used to communicate with personnel outside the MCR.
| |
| The NuScale HSI design and validation process addresses the guidance documents used for the HSI detailed design.
| |
| the in-scope facilities and HSIs within those facilities covering form, function, and performance characteristics.
| |
| required inputs to the HSI design process.
| |
| the concept of how HSIs are used and an overview of the HSI design process.
| |
| alarms, cautions, status indications, controls, and computer-based procedures.
| |
| systems used to communicate with personnel outside the MCR.
| |
| how the design minimizes the effects of degraded instrumentation & controls (I&C) and HSI conditions on the performance of personnel.
| |
| the outcomes of tests and evaluations undertaken to support the HSI design.
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 1.3 Abbreviations and Definitions Table 1-1 Abbreviations Term Definition FRA/FA functional requirements analysis and function allocation HED human engineering discrepancy HFE Human Factors Engineering HSI human-system interface I&C instrumentation & control IHA important human action IP implementation plan MCR main control room NSE non-safety enable OER operating experience review S&Q staffing and qualification SA situational awareness TA task analysis
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Table 1-2 Definitions Term Definition Embedded Procedure A computer-based procedure that is part of the NuScale HSI system that allows the operators to safely monitor and control the plant. An embedded procedure has bidirectional connection to the control networks.
| |
| HFE Design Team Generic term for the Plant Operations organization that consists of operators, human factor engineers, and simulator developers. The HFE Design Team does not include plant personnel. The HFE Design Team is responsible for the HFE associated with the NuScale design. The HFE team is also referred to as the design team.
| |
| Human-System Interface The HSI is that part of the system that personnel interact with to perform their functions and tasks. In this document, "system" refers to a nuclear power plant. Major HSIs include alarms, information displays, controls, and procedures. Use of HSIs can be influenced directly by factors such as: (1) the organization of HSIs into workstations (e.g., consoles and panels): (2) the arrangement of workstations and supporting equipment into facilities such as: an MCR, local control station, Technical Support Center, and Emergency Operations Facility; and (3) the environmental conditions in which the HSIs are used, including temperature, humidity, ventilation, illumination, and noise. Human-system interface use can also be affected indirectly by other aspects of plant design and operation such as crew training, shift schedules, work practices, and management and organizational factors.
| |
| Module A NuScale module consists of the containment vessel, reactor pressure vessel, and all components internal and external to each vessel, up to the disconnect flanges.
| |
| Process Library NuScale HSI interface that allows plant operators to view embedded procedures and automated processes.
| |
| Screen-based HSI A defined set of information that is intended to be displayed as a single unit. Typical nuclear power plant display pages may combine several different formats on a single display screen, such as putting bar charts and digital displays in a graphic piping and instrumentation diagram format. Display pages typically have a label and designation within the computer system so they can be assessed by operators as a single "display."
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| Video Display Unit An electronic device for the display of visual information in the form of text or graphics.
| |
| FRA/FA & TA database The functional requirements analysis and function allocation (FRA/FA) &
| |
| task analysis (TA) database is a relational database that is used to store the FRA/FA, TA, staffing and qualifications (S&Q) analysis, development of HSIs, procedures, and training data. In this document it may be referred to as the FRA/FA & TA database or database.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 2.0 Implementation 2.1 Human-System Interface Design Process Overview The analyses performed in the early stages of the HFE Program are important steps in establishing the inputs to the design requirements for the NuScale HSIs. The HSI design inputs that are analyzed and developed include the following:
| |
| operating experience review (OER) functional requirements analysis and function allocation task analysis staffing and qualifications treatment of important human actions (IHAs) concept of operations l&C systems design alarm management system requirements HSI Style Guide Once the inputs are established, the design effort follows the NuScale HSI process steps listed below when designing the MCR, conceptual workstations, and screen-based HSIs needed to complete the design effort.
| |
| : 1. Follow the appropriate chapters of the NuScale HSI Style Guide needed to establish a safe, user-friendly work location.
| |
| : 2. Follow the appropriate chapters of the NuScale HSI Style Guide needed to establish safe, user-friendly workstations.
| |
| : 3. Design and develop the HSI needed to accomplish safe and reliable operation of the plant.
| |
| : 4. Test and evaluate the HFE and HSI design of the simulator and products developed to support plant operations.
| |
| The HSI design products are the physical HSI screens, the embedded procedure functionality, and the plant notification functionality maintained within the MCR and simulator control room hardware and software.
| |
| 2.2 Human-System Interface Design Team Composition and Responsibilities 2.2.1 Human-System Interface Design Team Composition The NuScale HFE and HSI design process is instituted by a multi-faceted HFE Design Team that brings unique skills and knowledge to the effort and works collaboratively and cohesively to reach project goals. The HFE Design Team includes
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 former nuclear plant operators and supervisors, plant system engineers, instrumentation and controls engineers, human factors engineers and software developers that work collaboratively and cohesively to reach project goals. This unique membership combination provides representation from both user and designer perspectives.
| |
| 2.2.2 Simulator Development Responsibility The HFE Design Team begins by designing an MCR simulator. An MCR simulator (also referred to as the simulator) is a computer-based, interactive work location that brings the operators as close as practicable to a true representation of the NuScale Power Plant responses and user interfaces located in the MCR. The simulator is where the HFE Design Team carries out rapid development, tests the evolving HSI design, and validates the NuScale MCR concepts and staffing goals. The simulator is also an effective tool for demonstrating plant operating and control concepts.
| |
| 2.2.3 Human-System Interface Development Responsibility The NuScale HSI design incorporates results of the OER, literature reviews, informal trade-off evaluations, informal consideration of multiple alternatives, and tests and evaluations. These aspects support the technical basis for demonstrating that the design supports personnel performance.
| |
| 2.2.4 General Considerations The following design goals are emphasized during the HSI design and evaluation process:
| |
| high display-control compatibility (recognition) prompt feedback and accurate status indication for operator-initiated system actions selection of a data update rate that best meets the needs of operator tasks informative presentation of subsystem boundaries support for operator error detection and recovery informative, perceptually salient plant notifications that do not overwhelm the operator minimal interference of HSI maintenance and testing with operations (minimal distraction of operators) consistent application of styles, conventions, and information layout to support orientation and efficient navigation optimal balance between providing a flexible HSI that can be tuned to future operator needs while minimizing operator effort devoted to HSI management and possible confusion
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 2.2.5 Special Considerations for the Human-System Interface Design The following special high-level design considerations identified as part of a preliminary analysis of the essential and desirable features of an HSI for the NuScale Power Plant are emphasized during the HSI design and evaluation process:
| |
| improved situational awareness with a highly automated system acceptable workload levels with responsibility for control of multiple units assigned to a single operator at-a-glance top-level awareness with periodic lower-level active monitoring
| |
| - information is presented in levels of detail based on task needs through an abstraction hierarchy (the work domain is modeled to determine what kinds of information should be displayed and how it should be arranged) process and information visualization techniques that take advantage of visual perception to offload demands from cognitive processing proper situational awareness with multiple units
| |
| - interface and task design that seeks to avoid perceptual or cognitive tunneling on a particular condition or display at the expense of awareness of other systems or units user-system interaction paradigm that avoids memorization and recall of codes and commands interface that provides early detection of plant conditions that may lead to an alarm or caution condition integration of procedures with automated process control embedded into the HSI support for incident diagnosis after a plant trip
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.0 Methodology 3.1 Human-System Interface Design Inputs 3.1.1 Personnel Task Requirements The analyses discussed below are performed in the early stages of the HFE Program and are used to establish design requirements for the NuScale HSIs.
| |
| During OER (Reference 4.2.3), issues from other plants and similar HSI designs are evaluated for inclusion or exclusion in the NuScale HSI design. The HSI design element confirms that the issues found during OER remain adequately addressed as the HSI design progresses. Discovered OER issues are resolved within the HSI design element or tracked in the Human Factors Engineering issues tracking system as applicable.
| |
| During FRA/FA (Reference 4.2.4), the NuScale Power Plant system functions that support safety are defined. Each system function is analyzed to determine the tasks, how each task is performed (manual, automated, or both), the technical basis, and the role of the operator. Safety functions are used as inputs to the design of the overview screens within the HSI inventory. The HSIs for lower level functions are further analyzed during TA. Automation criteria established during function allocation define the levels of automation anticipated for the HSI design. The HSI design issues initiated in FRA/FA are also resolved during HSI design.
| |
| The TA (Reference 4.2.5) provides the information needed to build a complete HSI inventory and the characteristics of that inventory needed to monitor and control critical functions during normal and abnormal operating conditions. Alarms, indications, procedures, and backup control for automated functions are also defined during TA. While building the HSI inventory during TA, characteristics such as alarm conditions, indication range and resolution, control function modes and accuracy, and procedure applicability conditions are established. Grouping of HSI elements in TA leads to HSIs designed for specific tasks and reduces both reliance on system-based HSIs and navigation between screens. Task support requirements are defined in TA and may be implemented during HSI design or as issues tracked for resolution by other engineering disciplines.
| |
| The HSI design considers IHAs identified in the Probabilistic Risk Assessment and from deterministic analyses to verify the assumptions regarding HSI characteristics for IHAs are implemented in the HSI. The following are examples of HSI characteristics that affect IHAs:
| |
| reduction of time required for human actions via simplified or reduced navigation development of dedicated HSI developing alarms associated with IHAs
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 The MCR layout considers providing workstations and video display units needed for the monitoring and control of multiple units and the common systems associated with them. Staffing and qualification analyses (Reference 4.2.6) are used to provide input to the HSI design by influencing the HSI hierarchy and navigation concepts, allocation of controls and displays to individual visual display units, and overall MCR layout. The S&Q analyses also validate the MCR crew complement and responsibilities of each member of the crew.
| |
| 3.2 Simulator Development The development of the simulator is at the center of three major NuScale work efforts.
| |
| The various aspects of the simulator design processes are interlinked as shown in Figure 3-1.
| |
| Figure 3-1 NuScale Main Control Room Simulator Development Venn Diagram Page Animation Human Factors Engineering
| |
| - HSI Design Plant Models Display Pages
| |
| - Control Panel Design
| |
| - Room Layout Simulator Plant Interface Model Requirements Requirements HSI Design Inputs
| |
| - Concept of Operations
| |
| - Task Analysis
| |
| -IHA
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 The elements shown are needed to design the simulator and are defined below:
| |
| HSI design input - discussed in Section 3.1.
| |
| Plant model requirements - functionality needed from the plant models to support the HSI and simulator design efforts. The appropriate HSI design inputs are used to help determine the needs.
| |
| Plant models - set of models used to closely model and predicted behavior of the NuScale design.
| |
| Page animation - HSI software that provides the operators an interface to the plant models.
| |
| HFE - design effort discussed in this IP.
| |
| Interface requirements - includes the NuScale HSI Style Guide as well as the inputs information that drives HSI display page information (e.g., FRA/FA and TA).
| |
| The HSI process discussed in this IP is highlighted in orange in Figure 3-1. The other elements shown are discussed at a high level and are needed to develop the simulator and accomplish the goals discussed in Reference 4.2.9.
| |
| The HFE Design Team ensures that the partnerships among various NuScale plant design groups and the use of the appropriate guidance documents drive the simulator and HSI design to support:
| |
| minimizing the probability that errors occur.
| |
| maximizing the probability that any error made is detected.
| |
| analyses of personnel roles (job analysis).
| |
| systematic strategies for organization, such as arrangement by importance, and frequency and sequence of use.
| |
| the inspection, maintenance, test, and repair of (1) plant equipment and (2) the HSIs.
| |
| personnel task performance under identified staffing conditions (minimum, typical, and high-level or maximum).
| |
| consistent design for the HSIs.
| |
| philosophy for updating the HSIs.
| |
| procedures.
| |
| automation.
| |
| 3.3 Human-System Interface Design Overview An iterative methodology incorporating the HSI design inputs (Section 3.1), analysis of personnel task requirements, system and regulatory requirements, concept of use, and general requirements, is used to develop the HSI conceptual design. The iterative design and evaluation approach serves to guide the selection of one from multiple candidate designs.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 answer open HFE questions related to situational awareness (SA), workload, and staffing.
| |
| identify and eliminate HFE issues from the design early in the process.
| |
| Feedback from users on HSI prototypes is incorporated before the detailed design effort.
| |
| The iterative design of the HSI is closely connected with other HFE activities. As a part of each design effort, the HFE team presents findings and solicits input from the following design disciplines:
| |
| instrumentation and controls and computer systems - considers whether the design concepts are technically feasible, with a special emphasis on performance requirements human reliability analysis process - considers plant conditions, risk-important human actions and HSIs identified as being important to plant safety and reliability or operator actions credited for achieving plant stabilization when automatic actions are not triggered staffing and qualification plan efforts - determines deficiencies or features of the design that are incompatible with the proposed staffing model procedure development - HSI design supports clear, reasonable procedures and vice versa training program development - considers the feasibility of the operator skills, rules, and knowledge necessitated by the proposed design 3.3.1 Survey of State-of-the-Art in Human-System Interface Technologies The state-of-the-art HSI technology is established with an emphasis on adaptability, principles, and design patterns that serve the needs of the NuScale Power Plant.
| |
| Options are evaluated for human usability and technical feasibility. Specific software and hardware development is not in the scope of the survey; however, an understanding of the state-of-the-art software and hardware technologies provides insight for development of the functional and procurement specifications for the HSI platform.
| |
| 3.3.2 Preparation of Human-System Interface Design Support Documentation The Concept of Operations and HSI Style Guide documents have the potential to be updated during HSI conceptual design because of the iterative nature of the NuScale design process.
| |
| Note that these documents are revised as necessary throughout the design process as findings from testing and analyses are developed.
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.3.3 Conceptual Sketches Conceptual screen sketches are aimed at creating a template page of a system or process that conforms to a subset of the HSI functional requirements. A template page is developed for each major portion of the HSI (e.g., task-based screens, computer-based procedures interfaces, overview displays). The level of detail of the template coincides with the maturity of the plant design for that type of interface.
| |
| Representative screens and task sequences are selected for depiction, demonstrating key concepts, features and interactions, and for providing concrete grounds for analysis and feedback. Conceptual sketches incorporate the best understanding of design principles as outlined in the latest HSI Style Guide.
| |
| Screen designers produce multiple candidate approaches for the conceptual sketches. Major components that are initially investigated in this manner include:
| |
| template for screen layout(s) navigation schema information visualization approaches advanced alarm system interface computer-based procedures integration If elements of the conceptual sketches, once reviewed, bring positive features to the overall design, changes to the HSI Style Guide are made accordingly.
| |
| 3.3.4 Rapid Prototyping Based on the latest conceptual sketches and feedback from interfacing with other disciplines, mock-ups or prototype screens integrated with a software simulator of the system are developed for review and evaluation. While the prototype provides a realistic user experience with the system, the focus is on testing design concepts and soliciting feedback, rather than producing an engineering-quality software architecture and user interface.
| |
| 3.3.5 Tests and Evaluations The HSI design tests and evaluations are conducted and include trade-off evaluations and performance-based tests.
| |
| Trade-off evaluations pertain to comparing HSI design approaches and consideration of alternatives. In comparing HSI design approaches, consideration is given to ways to enhance human performance for performance of tasks, including IHAs.
| |
| Performance-based tests are performed to validate that the integrated system design (e.g., hardware, software, procedures, and personnel elements) supports the safe operation of the plant.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.4 Human-System Interface Concept of Use 3.4.1 Operator Roles and Responsibilities The MCR licensed operators and operating crews outside of the MCR are responsible for safe operation of the common plant, for each individual unit, and for maintaining power production. To achieve these objectives, the operators perform a variety of activities such as:
| |
| monitoring the performance of structures, systems, and components operation of local and remote structures, systems, and components commanding automated sequences directing subordinate operators to perform procedures monitoring the performance of sequences and procedures interrupting and reprioritizing sequences or procedures summoning additional resources to expand capabilities monitoring and evaluating technical specification conditions surveillance testing reviewing trends responding to off-normal conditions responding to alerts and alarms establishing plant conditions to support preventative or corrective maintenance, testing, and inspections maneuvering the plant performing emergency response duties such as off-site notifications performing non-emergency off-site reporting maintaining a narrative log of events and activities that are relevant to the plant site communicating plant status, constraints, and planned actions to the appropriate stakeholders Operators are guided in the performance of these activities by regulations, procedures, guidelines, training, and experience.
| |
| Operators follow procedures for equipment operation. Procedures direct the operation of components in the field, remote operation of components from the MCR, and the monitoring of automation to perform sub-steps, steps, and sequences to support the systems operation. Designing an integrated system for operation and monitoring roles at any location is a goal of the HFE Design Team.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.4.2 Automation Roles Automation plays a key role in the control of a NuScale Power Plant. Beyond controlling plant functions and systems, automation is applied to a wide range of other functions, including monitoring and notification, situational assessment, response planning, response implementation, and interface management. Automation is a critical component of the HSI design and supports operators in operation of the plant.
| |
| The following are examples of automation as a function of the HSI design:
| |
| placing equipment in service, conducting tests, and controlling processes automated notifications and recommended sequences performance of sequences not suited to manual operation (description of process control roles below) 3.4.2.1 Process Control Roles The control system continuously monitors key plant parameters. When one of these parameters approaches a control limit, the process control responds automatically to adjust the process. Depending on the parameter, the associated automation (process control) may respond with or without operator consent depending on the task. The criteria used to develop the process control systems roles are discussed below:
| |
| continuous monitoring - automation controls basic intermittent and continuous processes (such as hot well level control or turbine speed control) and provides continuous process parameter monitoring repetitive tasks - those that involve multiple identical component manipulations, which can be error-likely tasks for operators high cognizant burden functions - such as plant maneuvering, control rod exercising and valve testing, pressurizer level and coolant temperature control startup and shutdown support power maneuvering evolution support plant notifications - monitoring of plant parameters to provide visual and audible cues to the operator to maintain SA and support the need to take manual control data historian review - monitors parameters and evolutions to safely operate and report on the condition of the plant embedded procedures - a procedure system that assists control room operators by allowing control of plant components from within the procedure that is embedded into the HSI 3.4.3 Shared Roles The HFE Design Team uses the following set of criteria to provide the information necessary to coordinate the shared activity when developing the HSI.
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.4.3.1 Parameter Monitoring Automation performs functions associated with parameter and process monitoring, defined sequence functions, continuous process control, alert and alarm monitoring, safety limit monitoring, and automatic safety functions including monitoring. Operators monitor and evaluate automated functions, intervening as required.
| |
| Properly providing the operators with the ability to monitor process parameters that are controlled by automation supports SA and enables the operator to evaluate automated system performance and intervene, as necessary. Operators increase attention to system performance monitoring when transients are anticipated.
| |
| sustained normal automated operation needs to be confirmed.
| |
| degraded automation is suspected.
| |
| 3.4.3.2 Operator Intervention Operators intervene when the automation is asking for consent or when it becomes apparent that the automation has failed or is no longer appropriate for the current or planned plant conditions.
| |
| 3.4.4 Document Review When appropriate, operators access an information and records management system to review technical documents, reports, test results, and other work documents to confirm the readiness of structures, systems, and components for operations.
| |
| 3.4.5 Main Control Room Layout The list below outlines the MCR layout design concepts used to develop the HSI features discussed in this document. Original design concepts were based on OER from operating nuclear power plants and control rooms from various industries in which fewer operators operate multiple units.
| |
| The MCR concept includes the following attributes:
| |
| a bank of visual display units configured with spatially dedicated continuously visible HSIs (e.g., post-accident monitoring variables, manual backups for protective functions) a minimum of four sit-down operator workstations, each providing access to HSIs for all units a dedicated unit stand-up workstation for each unit to allow focused operation a dedicated workstation for shared or common systems
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 technologies to support teamwork and communications including individual and group plant notification techniques and non-wireless communication such as standard phone, verbal and e-mail protocols 3.5 Human Factors Engineering and Human-System Interface Design Guidance 3.5.1 Human-System Interface Style Guide The NuScale HSI Style Guide applies to pertinent HSIs throughout the plant. The style guide includes a description of applicability for the included guidance. The HSI designers consider the environment in which the HSIs are to be used, for example, colors, brightness and contrast, and element spacing.
| |
| The NuScale HSI design employs an inclusive HSI Style Guide for various types and formats of HSIs. The design criteria listed below illustrate how the style guide is used during HSI design. The topics in the style guide address the scope of HSIs included in the design, and address their form, function, and operation.
| |
| The HFE guidance and the HSI design-related analyses are used to develop the guidance in the style guide. The style guide influences the design decisions that address specific goals of the HSI design. The style guide expresses precisely and describes easily observable HSI characteristics, such as Alarms are shown in red.
| |
| The style guide contains sufficient detail so that design personnel deliver a consistent, verifiable design.
| |
| The style guide is maintained in a form that is readily accessible and usable by designers, and is easily modified and updated as needed. Each guidance statement includes a reference(s) to the source upon which it is based. The style guide is consistent with the guidance of NUREG-0700 (Reference 4.1.1) 3.5.2 Concept of Operations The concept of operations provides an overview of the supporting processes, individual roles, overall staffing, organizational values, crew structure, and operating techniques used by the crews of a NuScale Power Plant to achieve a high level of safety and production.
| |
| The concept of operations is refined as the design, engineering and simulator evaluation associated with safety analysis, system design, control system automation, and HSI progresses.
| |
| 3.5.3 Conduct of Operations The conduct of operations provides a set of standards to influence operator behaviors to ensure high quality, consistent task performance that supports the safe and reliable operation of the NuScale Power Plant. The conduct of operations is applicable to on-shift operations staff.
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 The conduct of operations is refined as the design, engineering and simulator evaluation associated with safety analysis, system design, control system automation, and HSI progresses.
| |
| 3.6 Human-System Interface Detailed Design and Integration In addition to the input elements discussed in Section 3.1. the HFE Design Team also takes into consideration the design elements listed below during the HSI design process.
| |
| The team addresses each area individually and applies the results to the overall HSI design:
| |
| IHA HSI layout bases HSI support for inspection, maintenance, and testing support for staffing conditions human performance and fatigue environmental conditions HSI updates of plant modifications 3.7 Human-System Interface Tests and Evaluation Overview This section describes the method NuScale uses to verify and document the review of the HSI displays, controls, and related equipment lying within the scope defined by the sampling of operational conditions discussed in the Control Room Staffing Plan Validation Methodology, RP-1215-20253 (Reference 4.2.8).
| |
| Detailed design is a stage of development for a certain portion of the HSI. Different portions of the overall HSI are in conceptual design or detailed design depending on their level of development. Detailed design applies to the information gained from the iterative conceptual design phases to the production of a comprehensive HSI design.
| |
| During detailed design, the limited HSI library is evaluated against the style guide to ensure interface predictability across the system. In addition, the HSI is evaluated against a limited portion of the system TA to verify the needs of the operator. The pertinent information within each screen during staffing validation sampling of operational conditions is verified during simulator based testing. The navigational structure and links that tie groups of related screens together is evaluated for usability during detailed design. The individual screens and their evaluations are archived in hard copy and electronic form.
| |
| Throughout the detailed design, the analysis of personnel task requirements is considered to ensure special attention to safety-related HSI elements (e.g., hard-wired backups for safety functions).
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.7.1 Internal Review of Design Before performing tests on a hardware or software implementation, the design is subject to review. The review identifies HFE issues to be addressed before experimental evaluation and ensures that the design maturity is commensurate with the current design phase. Review of the design may also generate HFE questions or identify design trade-offs that cannot be resolved by static analysis, and should be considered for inclusion in subsequent tests.
| |
| The review steps include at least one of the following efforts for a particular iteration of the design:
| |
| verification that design process inputs have been adequately considered and addressed in developing requirements and the design verification that the design conforms to the requirements inspection for close agreement between the design and the HSI Style Guide identification of usability issues based on human factors expert inspection and heuristic evaluation walk-through of representative tasks for ensuring compatibility of the design with the associated procedures and the I&C system 3.7.2 Testing and Evaluation of Design Testing and evaluation consists of several stages.
| |
| Table 3-1 shows anticipated testing and evaluation efforts with respect to design phase.
| |
| Table 3-1 Iterative Human-System Interface Design and Evaluation Plan Design Phase Detailed Design and Conceptual Design Detailed Design Integration Desired Identify best qualities of each Identify error-prone or Investigate crew Outcome approach counter-intuitive HSI communication and elements coordination under normal, Select either best candidate or abnormal, and emergency hybrid approach Investigate workload, SA, conditions and performance Identify process information assessment with multiple Investigate workload and SA displays, alarm presentation, units in simulated environment navigation, and computer-based procedure Ensure that the HSI design integration avoids confusability of units In particular, identify basic stylistic choices
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 Table 3-1 Iterative Human-System Interface Design and Evaluation Plan (Continued)
| |
| Design Phase Detailed Design and Conceptual Design Detailed Design Integration Tasks Basic system related tasks Complex integrated tasks System monitoring Considered (e.g., borating, diluting, pump across systems (e.g.,
| |
| operation) alarm response) Start-up, shut down, incident detection and response, Start-up, shut down Start-up, shut down, including plant-wide Incident detection and conditions (e.g., emergency Incident detection and response response for individual operating procedures module(s) execution)
| |
| Monitoring the balance-of-plant for multiple units Multiple challenging scenarios Test Single operator Partial and full crews Full crew with training in Configuration simulated MCR environment Single unit Variable number of modules All units Multiple operators Variable number of Multiple units scenarios Evaluation Task observation Inventory and Task observation Metric(s) characterization Performance metrics (response Performance metrics time, accuracy) Performance metrics (response time, accuracy)
| |
| (response time, accuracy)
| |
| Design Team meetings SA metrics Task support verification Mental workload metric HFE design verification Post-test interviews and Design team meetings questionnaires The following criteria are used to select the design approach. Once a design approach is advanced enough to be tested, these criteria are used to determine whether or not a design approach is part of detailed design.
| |
| Are personnel-task requirements considered?
| |
| Does the design approach take advantage of human-performance capabilities and limitations?
| |
| Does the design approach enhance HSI system performance requirements?
| |
| Does the design approach unduly increase inspection and testing needs or maintenance demands?
| |
| Is proven technology used in the design approach?
| |
| Has the design approach taken into account the OER findings?
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 3.7.3 Iteration Decision Point The HFE team conducts a design review following completion of the testing and compilation of the results to determine the next steps. The HSI design tested may be accepted as is, re-designed, or tabled pending further development or testing.
| |
| 3.7.4 Human Engineering Discrepancy Resolution Human engineering discrepancies (HEDs) are identified throughout the HSI design process to ensure that HEDs are being discovered, documented, and resolved accordingly. NuScale begins to record HEDs after the completion of the staffing plan validation. At this point in the HSI design process, the HFE team can use the HSI used for staffing plan validation as a baseline to work from for recording HEDs.
| |
| The HEDs may not always be resolved; HEDs may be found acceptable after an evaluation in the context of the integrated design. The basis for a decision for accepting an HED without change in the integrated design is documented. This decision may be based on accepted HFE practices, currently published HFE literature, trade-off studies, tests, or engineering evaluations.
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Human-System Interface Design Implementation Plan TR-130417-NP Revision 0 4.0 References 4.1 Source Documents 4.1.1. U.S. Nuclear Regulatory Commission, "Human-System Interface Design Review Guidelines, NUREG-0700, Rev. 3. July 2020.
| |
| 4.1.2. U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model, NUREG-0711, Rev. 3. November 2012.
| |
| 4.2 Referenced Documents 4.2.1. Concept of Operations, TR-130408, Revision 0.
| |
| 4.2.2. Human Factors Verification and Validation Implementation Plan, TR-130415, Revision 0.
| |
| 4.2.3. Human Factors Engineering Operating Experience Review Implementation Plan TR-130409, Revision 0.
| |
| 4.2.4. NuScale Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan, TR-124333, Revision 0.
| |
| 4.2.5. NuScale Human Factors Engineering Task Analysis Implementation Plan, TR-130413, Revision 0.
| |
| 4.2.6. NuScale Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412, Revision 0.
| |
| 4.2.7. NuScale Human Factors Engineering Treatment of Important Human Actions Results Summary Report, TR-130416, Revision 0.
| |
| 4.2.8. Control Room Staffing Plan Validation Methodology, RP-1215-20253, Revision 3.
| |
| 4.2.9. Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Licensing Technical Report Human Factors Engineering Treatment of Important Human Actions Results Summary Report December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.0 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Treatment of Important Human Actions Process Overview . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Treatment of Important Human Actions Team Composition and Responsibilities . . . . . . 6 3.0 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.1 Risk-Important Human Action Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 Deterministically Important Human Action Identification . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3 Addressing Important Human Actions in Other Human Factors Engineering Program Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3.1 Addressing Important Human Actions during Operating Experience Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3.2 Addressing Important Human Actions during Functional Requirements Analysis and Function Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.3.3 Addressing Important Human Actions during Task Analysis . . . . . . . . . . . . . . . 12 3.3.4 Addressing Important Human Actions during Staffing and Qualifications . . . . . 12 3.3.5 Addressing Important Human Actions during Human-System Interface Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.3.6 Addressing Important Human Actions during Procedure Development . . . . . . . 13 3.3.7 Addressing Important Human Actions during Training Program Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.3.8 Addressing Important Human Actions during Human Factors Engineering Verification and Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.0 Summary of Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1 Identification of Risk Important Human Actions from the Probabilistic Risk Assessment and Human Reliability Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Identification of Deterministically-Important Human Actions from Transient and Accident Analysis and from the Diversity and Defense-in-Depth Coping Analysis . . . . 15 4.2.1 Transient and Accident Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.2.2 Diversity and Defense-in-Depth Coping Analysis. . . . . . . . . . . . . . . . . . . . . . . . 15
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Table of Contents 4.3 Treatment of Important Human Actions in Human Factors Program Activities . . . . . . . 15 5.0 Analysis of Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 List of Figures Figure 3-1 Role of Important Human Actions in the Human Factors Engineering Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
| |
| © Copyright 2022 by NuScale Power, LLC vii
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Abstract Treatment of important human actions is an important element of the Human Factors Engineering (HFE) Program. As part of its HFE Program, NuScale Power, LLC (NuScale) considers risk-important human actions contained in the Probabilistic Risk Assessment, and deterministic-important human actions derived from the transient and accident analysis and diversity and defense-in-depth coping analysis, to determine if any important human actions have been identifed. For the NuScale Power Plant US460 standard design, no IHAs are identified. This results summary report documents that no IHAs were identified at the time of the Standard Design Approval Application submittal. This report also discusses the process for the treatment of important human actions within the HFE Program. The process used in the treatment of important human actions analysis as an input to plant HFE design is consistent with the applicable provisions of Section 7 of NUREG-0711 (Reference 6.1.2).
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Executive Summary As part of its Human Factors Engineering (HFE) Program, NuScale Power, LLC (NuScale) evaluated the results of the NuScale Probabilistic Risk Assessment and the human reliability analysis for the NuScale Power Plant to identify if risk-important human actions are identified in the full-power internal events Probabilistic Risk Assessment. NuScale also evaluated the results of the plant safety analyses, which provides the basis for the transient accident analyses that are used as inputs to Chapter 15 of the Standard Design Approval Application and evaluated the results of the diversity and defense-in-depth coping analysis (Reference 6.2.9) to identify deterministic important human actions.
| |
| Consistent with the guidance of NUREG-0711 Section 7 (Reference 6.1.2), the treatment of important human actions (TIHA) analysis includes specific consideration of identified important human actions (IHAs) in designing the HFE aspects of the plant in the various elements of NUREG-0711, as described in the implementation plans and results summary reports for the following HFE Program elements: operating experience review, functional requirements analysis/function allocation, task analysis, staffing and qualifications, and human-system interface design. Important human actions are addressed by the various elements of the NuScale HFE Program, to ensure that the design minimizes the likelihood of human error and facilitates error-detection and recovery capability. This report documents NuScales TIHA effort including the methodology used to determine the adequacy of how an IHA, if identified, is treated within the elements of the NuScale HFE Program. The process used in the TIHA is consistent with the applicable provisions of Section 7 of NUREG-0711. No IHAs are identified as part of the NuScale Power Plant US460 standard design.
| |
| This report is organized into six major sections and appendices. Section 1.0 describes the purpose and scope of TIHA. Section 2.0 provides an overview of the TIHA implementation process and a description of the TIHA team composition and responsibilities. Section 3.0 describes the methodology and specifies the criteria for performing an analysis of the TIHA.
| |
| Section 4.0 provides a detailed summary of how the results of TIHA would be described if IHAs are identified. Section 5.0 provides a high-level conclusion derived from the experience of performing the TIHA analysis activities. The source and referenced documents applicable to and used in the TIHA effort are listed in Section 6.0. This report specifically covers the HFE analysis for the NuScale Power Plant US460 standard design.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 1.0 Introduction 1.1 Purpose This results summary report (RSR) provides the results for the treatment of important human actions (TIHA) element of the NuScale Power, LLC Human Factors Engineering (HFE) Program and includes the implementation approach for addressing the TIHA element and the methodology used to achieve the results. The inputs from other HFE Program elements are described, and the outputs from the TIHA element are identified.
| |
| The objective of the TIHA element is to identify and analyze how important human actions (IHAs) are treated within the plant design. The IHAs collectively include risk-important human actions (RIHAs) contained in the Probabilistic Risk Assessment (PRA) and deterministic-important human actions (DIHAs) derived from the transient accident analysis (TAA), and diversity and defense-in-depth coping analysis (D3CA).
| |
| Human actions (HA) are determined from the function allocation (FA) process. Related HAs are combined into groups to form a task. The HAs include manual controls, supervision of automated functions, manual back up of automated functions, and in some cases, communications.
| |
| Typically, inputs to task analysis (TA) include IHAs, which are evaluated as part of operating experience review (OER) to determine if other operating nuclear plants or systems with similar human-system interface (HSI) technology have experienced related error-causing conditions. The IHAs are used in succeeding HFE Program elements (e.g.,
| |
| TA, staffing and qualification (S&Q), and HSI design) to define the roles and responsibilities of plant personnel and to produce interfaces designed to minimize human error probabilities.
| |
| 1.2 Scope The scope of the HFE Program element TIHA is the identification and treatment of IHAs in the overall HFE Program. Specific treatment of IHAs in the HFE Program elements of OER, functional requirements analysis/function allocation (FRA/FA), TA, S&Q, and HSI design is described in the implementation plans and RSRs associated with those elements (Reference 6.2.2 through Reference 6.2.6). NuScale is not producing RSRs for the Procedure Development and Training Program Development elements, as described in NUREG-0711, Sections 9 and 10.
| |
| This RSR includes the methodology used to evaluate and treat IHAs within the overall scope of the HFE Program (Section 3.0), as well as a description of the results of evaluation of the TAA and D3CA (Section 4.2).
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 1.3 Abbreviations Table 1-1 Abbreviations Term Definition DBE design-basis event DI design implementation DIHA deterministically-important human actions D3CA diversity and defense-in-depth coping analysis FA function allocation FRA/FA functional requirements analysis / function allocation HA human action HED human engineering discrepancy HFE Human Factors Engineering HFEITS Human Factors Engineering issue tracking system HRA human reliability analysis HSI human-system interface I&C instrumentation & control IHA important human action ISV integrated system validation LCS local control station NRC Nuclear Regulatory Commission OER operating experience review PRA Probabilistic Risk Assessment RIHA risk-important human action RSR results summary report S&Q staffing and qualifications SDAA Standard Design Approval Application SME subject matter expert TA task analysis TAA transient accident analysis TIHA treatment of important human actions V&V verification and validation
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 Table 1-2 Definitions Term Definition basic event An element of the PRA model for which no further decomposition is performed, because it is at the limit of resolution consistent with available information. There are typically two types of basic events: equipment unavailabilities and human errors.
| |
| subject matter expert (SME) A person that has completed the NuScale HFE and Operations initial company training program, has previous licensed operating nuclear plant experience, and has performed task analysis or NuScale system reviews to establish familiarity with the NuScale Power Plant design.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 2.0 Implementation 2.1 Treatment of Important Human Actions Process Overview Important human actions are identified during PRA and human reliability analysis (HRA) as described in Section 3.1, and in the D3CA and TAA, as described in Section 3.2. For the purposes of the HFE Program and treatment of IHAs, no distinction is made between RIHAs from the PRA and DIHAs from the D3CA and TAA.
| |
| As previously mentioned, IHAs are considered during OER, FRA/FA, TA, HSI design, S&Q, procedure development, training program development, and HFE verification and validation (V&V). Section 3.3 (3.3.1 through 3.3.8) describes how IHAs are treated during the relevant HFE Program elements. Section 4.0 provides a summary of the results of those activities.
| |
| The HFE Program itself is iterative in that elements of the program are inputs to other elements and some design issues are only resolved by changing assumptions or re-analyzing based on new data.
| |
| The HFE Program activities, including TIHA, fall within the design control process as described in the Human Factors Engineering Program Management Plan, TR-130414 (Reference 6.2.1), which includes provisions for design changes and revision control for NuScale Power Plant systems. Proposed design changes are screened for acceptability and processed in accordance with department and project procedures. The design change request process includes an evaluation of the impact on the HFE analyses and directs modification as appropriate.
| |
| 2.2 Treatment of Important Human Actions Team Composition and Responsibilities The HFE team is responsible for the TIHA. The qualifications of the HFE team members supporting this HFE Program element are stipulated in the current NuScale HFE Program Management Plan (Reference 6.2.1).
| |
| A TIHA team and TIHA team lead are selected by the HFE supervisor from available HFE team members to conduct the TIHA analysis. The TIHA team lead is responsible for organizing the TIHA team.
| |
| assigning team member responsibilities.
| |
| managing resources and schedule review.
| |
| ensuring that TIHA issues are completed with supporting documentation and entered into the Human Factors Engineering issues tracking system (HFEITS) as necessary.
| |
| ensuring that TIHA results are provided to other HFE Program element teams and design organizations.
| |
| The TIHA team members conduct and support the analyses or evaluate the analyses performed by other engineering disciplines (e.g., PRA, HRA, Safety Engineering, and Instrumentation and Control (I&C) Engineering) and identify the IHAs. Their
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 responsibilities include evaluating the results of the HRA, TAA, and D3CA. They also interface with other HFE Program element teams and design organizations to ensure that IHAs are addressed (e.g., impacts are considered in TA and are accorded appropriate attention in HSI design and Human Factors Engineering V&V activities).
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 3.0 Methodology The following section describes the methodology used to identify, evaluate, and address how important human actions are treated within the NuScale HFE Program. The methodology is designed to implement an approach that conforms to the guidance described in NUREG-0711, Section 7 (Reference 6.1.2), as represented in the overview provided in Figure 3-1, below.
| |
| Figure 3-1 Role of Important Human Actions in the Human Factors Engineering Program
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 3.1 Risk-Important Human Action Identification Risk-important human actions (or risk-significant human actions) are those human actions that meet the criteria specified in the Risk Significance Determination Topical Report (Reference 6.2.8).
| |
| The methodology for identifying RIHAs is in conformance with the Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278 (Reference 6.1.10), in that RIHAs have the following characteristics:
| |
| developed from the Level 1 (core damage) PRA and Level 2 (release from containment) PRA, for power operation and low power and shutdown operations, including both internal and external events developed using selected importance measures and PRA sensitivity analyses to provide reasonable assurance that an important action (or multiple actions in the same scenario) is not overlooked because of the selection of the measure or the use of a particular assumption in the analysis Risk-importance measures, HRA and PRA sensitivity analyses, and threshold criteria (including bases) are used to identify the risk-important HAs. The initial PRA and HRA results and the potentially risk-important human interactions are analyzed to identify RIHAs. The initial PRA and HRA and the set of important HAs are updated as the design progresses, and finalized when the design of the plant and HSI are complete.
| |
| Specific criteria for determining RIHAs are in accordance with Risk Significance Determination, TR-0515-13952-NP-A (Reference 6.2.8), which defines a basic event as, An element of the PRA model for which no further decomposition is performed, because it is at the limit of resolution consistent with available information. There are typically two types of basic events: equipment unavailabilities and human errors.
| |
| In combination, the approach used for identifying candidate RIHAs consists of identifying situations in the PRA where an operator can function as a backup to an automatic actuation.
| |
| identifying situations where an operator can place into service a nonsafety backup to a safety-related system.
| |
| understanding the context for successful execution of the action.
| |
| assessing the time available for the operator to accomplish the action using thermal-hydraulic simulations of bounding scenarios.
| |
| verifying accessibility of the equipment needed to be accessed.
| |
| quantifying the likelihood of the operator failing to accomplish the human action.
| |
| evaluating the importance of the human action in the full-scope, all operating modes PRA.
| |
| The results summary is provided in Section 4.0.
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 The RIHAs are developed in a collaborative manner with the PRA group. As the PRA model matures and is updated, the resulting potential RIHAs are reviewed with the Operations group and TA is performed. Depending on the complexity and location of a task, the following reviews are performed:
| |
| tabletop reviews with HFE engineers, Operations subject matter experts (SMEs),
| |
| system engineers, and PRA engineers simulator walkthroughs modeling of in-plant transit times based on expected locations, transit distances, doors and stairs, and other access requirements These reviews provide task context for the PRA group to develop valid assumptions with regards to operator actions and for the Operations group to provide input as to the feasibility and difficulty of the proposed actions.
| |
| Early in the design process, the Plant Operations and PRA groups agreed upon actions assumed in the PRA that were the most likely candidates for RIHAs. The I&C and Safety Analysis engineering groups were also consulted, and it was determined, based on preliminary analysis, that the NuScale design would not rely on any DIHAs; therefore, no DIHAs were included in this list. Task analysis was performed on these potential RIHAs so that they could be more thoroughly investigated. Some of these actions were eliminated from the PRA assumptions as they were judged not to be significant compared to their capability to reduce risk.
| |
| 3.2 Deterministically Important Human Action Identification Deterministically important human actions are identified as part of the TAA and D3CA.
| |
| The DIHAs are operator actions that are directly credited in the plant safety analyses or TAA, to prevent or mitigate an abnormal event and achieve plant stabilization and those human actions credited in the D3CA for accomplishing required safety functions.
| |
| Branch Technical Position 7-19 for Chapter 7 of NUREG-0800, (Reference 6.1.3) addresses software common cause failures of digital I&C in a nuclear power plant. A D3CA is performed to demonstrate that the NuScale design adequately addresses vulnerabilities to common cause failures. Additional best-estimate defense-in-depth analyses are performed by Safety Engineering to address the impact of potential Type 3 sensor failures. The D3CA may identify backup systems or HAs necessary for accomplishing the required safety functions. These HAs are treated as important human actions in the HFE Program.
| |
| Operator actions to confirm automatic actions, required for long-term decay heat removal or reactivity control, or needed to maintain a stable plant condition for the long term, are not DIHAs even though they may be identified in the TAA or D3CA. None of these operator actions are required to ensure reactivity control, core heat removal, or containment integrity.
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 The HFE team SMEs review each event scenario described in the TAA and D3CA to identify DIHAs.
| |
| 3.3 Addressing Important Human Actions in Other Human Factors Engineering Program Elements Important human actions, if identified are considered during OER, FRA/FA, TA, S&Q, HSI design, procedure development, training program development, and Human Factors Engineering V&V. The following sections (3.3.1 through 3.3.8) explain how IHAs are addressed in the other HFE Program elements. Further details on their methodologies are provided in IPs and RSRs for the specific program elements (Reference 6.2.2, Reference 6.2.3, Reference 6.2.4, Reference 6.2.5, and Reference 6.2.6, respectively).
| |
| Procedure development and training program development are the responsibility of a license applicant. Activities similar to those used for procedure and training program development are included in the NuScale HFE Program during TA and S&Q analysis to evaluate IHAs in detail. The applicant evaluates IHAs in their procedure development and training program development activities in accordance with NUREG-0800 Chapter 13.
| |
| Human Factors Engineering V&V methodology, is described in the Human Factors Engineering Verification and Validation Implementation Plan (Reference 6.2.7).
| |
| The HFE Program itself is iterative in that elements of the program are input to other elements and some design issues are only resolved by changing assumptions or re-analyzing based on new data. The IHA-related issues discovered during HFE analyses are tracked in HFEITS as HFE issues, resolved during HFE design activities (e.g., HSI design, procedure development, and training program development), and verified during HFE verification and validation and design implementation (DI) activities. Resolution of IHA-related HFE issues may result in changes to or re-work of HFE analyses.
| |
| The HFE Program activities, including TIHA, fall within the design control process as described in the Human-System Interface Design Review Guidelines, NUREG-0700 (Reference 6.2.1), which includes provisions for design changes and revision control for NuScale Power Plant systems. Proposed design changes are screened for acceptability and processed in accordance with department and project procedures. The design change request process includes an evaluation of the impact on the HFE analyses and directs modification as appropriate.
| |
| 3.3.1 Addressing Important Human Actions during Operating Experience Review Potential IHAs are determined early in the NuScale design process as described in Section 3.1. These potential IHAs are recorded in the OER database (Reference 6.2.2) so that the information is available during the issue analysis and review portion of OER. Each operating experience item analyzed and entered into the OER database is evaluated against the list of potential IHAs. The OER issues that indicate a potential to impact IHAs are tracked as HFE issues in the HFEITS for resolution during appropriate HFE Program elements.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 3.3.2 Addressing Important Human Actions during Functional Requirements Analysis and Function Allocation As described in the NuScale Human Factors Engineering Functional Requirements Analysis and Functional Allocation Implementation Plan, TR-124333 (Reference 6.2.3), FRA identifies functions to be performed to satisfy plant goals.
| |
| FRA is a top-down analysis starting with plant goals and high-level functions that are then decomposed into success paths addressing operating modes and conditions.
| |
| Function allocation is the allocation of the monitoring and control associated with each high-level function to human, machine, or shared. Function allocation is performed to ensure that the plant HSI design and the allocation of monitoring and control functions, support operator vigilance, while maintaining acceptable workload levels. Once potential IHAs are identified, their FA is revisited to determine whether the original allocation is correct, or if based on its classification as an important human action, it could be allocated to some level of automation. The FRA/FA verifies that the IHAs are appropriately allocated (e.g., manual, automatic, or shared). Human engineering discrepancies (HEDs) are generated for IHAs for which evaluation criteria such as workload and time margin are not met, in accordance with the Human Factors Engineering Verification and Validation Implementation Plan, TR-130415 (Reference 6.2.7).
| |
| 3.3.3 Addressing Important Human Actions during Task Analysis As described in the TA Implementation Plan (Reference 6.2.4), tasks involving IHAs receive detailed TA including time validation of the assumptions. The TA confirms the assumptions about human performance shaping factors (e.g., workload and adequate training), used in the PRA to determine human error probabilities and the assumptions used in the TAA and D3CA to conclude that operators can execute IHAs within the time available. The final TA results in a complete inventory of alarms, controls, and indications to be implemented on the HSIs. The availability of HSIs to conduct IHAs, the associated situation and performance-shaping factors, the action complexity, and instances where adverse effects are created by a combination of primary and secondary tasks are also confirmed during TA. The TA assesses operator workload during execution of the IHA (for individual or multiple operating crew members, as appropriate) and provides additional assurance that the IHA can be carried out within the time available. The TA generates HFEITS for any IHAs that result in excessive workload conditions or any IHA that cannot be executed with adequate margin between the time available and the time required.
| |
| 3.3.4 Addressing Important Human Actions during Staffing and Qualifications During S&Q analyses completed using the NuScale Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412 (Reference 6.2.5),
| |
| potential IHAs were evaluated to ensure that staffing levels and staff qualifications are sufficient to execute the IHAs, including consideration of time requirements.
| |
| During the performance of control room staffing plan validation activities, potential IHAs were included in the scenarios that evaluate task performance, workload, and
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 situational awareness using quantitative and qualitative criteria. Those validations confirm that potential IHAs can be carried out within the time available. The S&Q staffing analysis included examination of how effective the HSI is in support of successful staff execution of potential IHAs considering the minimum licensed main control room staff available. The analysis of potential or identified IHA task requires an evaluation for any potential negative impact on task performance from interactions with secondary tasks, high workload, or loss of situational awareness, when considering their impact to operator staffing and qualifications. As previously stated, no IHAs are identified as part of the NuScale Power Plant US460 standard design.
| |
| 3.3.5 Addressing Important Human Actions during Human-System Interface Design During HSI design (Reference 6.2.6), assumptions regarding HSI characteristics for IHAs are verified (e.g., reduction of time required for human actions via simplified or reduced navigation or by development of spatially dedicated continuously visible HSI or by establishing alarms associated with IHAs).
| |
| The following HSI design considerations are included to reduce the probability of human errors for IHAs:
| |
| A minimum of two actions are required for all visual display unit controls (e.g., an action to call up the control function on the visual display unit and an action after peer checking to actuate the control).
| |
| Tasks associated with a single IHA are conducted from a single display screen wherever possible; task-based displays are created as necessary.
| |
| When a local control station (LCS) is required for conducting an IHA, that LCS human-system interface is designed using the same HSI Style Guide as the main control room human-system interfaces. This process ensures human-system interface design consistency, training efficiency, clear labeling, easy accessibility, and avoidance of hazardous locations.
| |
| After the HSI design for the alarms, indications, controls, and procedures are developed based on input from the plant design and the TA, Operations and Human Factors Engineering SMEs conduct performance-based testing, using part-task HSI simulation or tabletop analysis (screen based or LCS) to assess those designs against the list of IHAs.
| |
| 3.3.6 Addressing Important Human Actions during Procedure Development Final procedure development is the responsibility of the applicant and includes consideration of the transition of procedure development guidance from Standard Review Plan of Safety Analysis for Nuclear Power Plants, NUREG-0800 Chapter 18 (Reference 6.1.6), Human Factors Engineering Program Review Model, NUREG-0711 Section 9 and Section 11 (Reference 6.1.2), including the requirement to address IHAs in operating procedures. The DI element of NUREG-0711 ensures consistency between the procedures used in integrated system validation (ISV) with those in place in the completed plant, including any IHAs.
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 3.3.7 Addressing Important Human Actions during Training Program Development Section 13.2.1 of NUREG-0800, Standard Review Plan, Reactor Operator Requalification Program; Reactor Operator Training (Reference 6.1.8) outlines guidance that the Licensed Operator Training Program provides qualified personnel to operate and to maintain the facility in a safe and efficient manner, as well as to keep the facility in compliance with its license, technical specifications, and applicable regulations. Training includes normal, abnormal, and emergency operating procedures, which contain any IHAs. Ultimately, training program development is the responsibility of the licensee.
| |
| 3.3.8 Addressing Important Human Actions during Human Factors Engineering Verification and Validation The adequacy of the HSI design to support operator performance of IHAs is confirmed in the ISV process (Reference 6.2.7). Consideration of IHAs during ISV involves defining simulator scenario initiating events with system and component failures, which challenge the operators to bring the plant to a safe state while following procedures. The scenarios considered in the ISV address the IHAs, dominant sequences, systems, and events.
| |
| The ISV assesses whether the necessary task-support HSIs are present and whether the HSIs comply with the governing HFE guidelines to support successful performance of IHAs. The ISV assesses the successful performance of the integrated crew and the HSI for IHAs. The HEDs are processed when discrepancies are found for any IHA.
| |
| The ability of operators to execute actions associated with a set of scenarios within the time available as defined in the analyses that identified the IHA is an ISV acceptance criterion. The V&V program element (Reference 6.2.7) is not considered complete until the ISV acceptance criteria are met. Other issues identified during the V&V related to IHAs are documented as HEDs and are resolved during V&V.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 4.0 Summary of Results 4.1 Identification of Risk Important Human Actions from the Probabilistic Risk Assessment and Human Reliability Analysis Applying the methodology described in Section 3.0, a review was performed of accident analysis associated with the transient and accident analysis to identify IHAs. No operator action is identified that is assumed to mitigate an anticipated operational occurrence, infrequent event, accident or special event. Chapter 15 states that, There are no operator actions credited in evaluation of NuScale Power Plant US460 standard design DBEs, so no further evaluation is needed.
| |
| The review also considered RIHAs contained in the PRA, or DIHAs derived from the TAA and D3CA, to determine if any IHAs have been identified. No RIHAs and no DIHAs were identified so no further evaluation is needed.
| |
| 4.2 Identification of Deterministically-Important Human Actions from Transient and Accident Analysis and from the Diversity and Defense-in-Depth Coping Analysis 4.2.1 Transient and Accident Analysis The NuScale design does not credit operator actions for accident mitigation in deterministic accident analysis. A review was performed of the accident analyses associated with the TAA to identify any IHAs. No operator action is identified that is assumed to mitigate any anticipated operational occurrence, infrequent event, accident or special event. Chapter 15 states that there are no operator actions credited in the evaluation of NuScale Power Plant US460 standard design DBEs.
| |
| After a DBE, automated actions place the module in a safe-state and it remains in the safe-state condition for at least 72 hours without operator action, even with assumed failures.
| |
| 4.2.2 Diversity and Defense-in-Depth Coping Analysis There are no IHAs resulting from the D3CA. The TIHA team SME has reviewed each event scenario described in the D3CA to identify IHAs. Based on the best-estimates analyses performed by Safety Engineering to address the impact of potential Type 3 sensor failures no additional IHAs were identified.
| |
| 4.3 Treatment of Important Human Actions in Human Factors Program Activities Each of the HFE Program elements previously described in Section 3.0 of this document contain guidance on the treatment of IHAs, however, because no IHAs were identified for the SDA, that guidance has not been exercised.
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 5.0 Analysis of Conclusions NuScales integrated design approach resulted in a close collaboration among PRA and HRA practitioners, safety analysis engineers, I&C engineers, operations personnel, and human factors engineers. This collaboration drove multidisciplinary analyses to complex design decisions early in the conceptual design. In the case of identification of IHAs, the design was developed with the goal to minimize reliance on human action.
| |
| Within the HFE Program, human factors activities such as OER, FRA / FA, TA, and HSI design were being developed as near parallel activities. This process provided the opportunity to develop and evaluate relatively mature design alternatives for evaluation of complex concepts.
| |
| This process is exemplified by the eventual result of no important human actions identified from the PRA, or from the DIHAs derived from the TAA and D3CA.
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 6.0 References 6.1 Source Documents 6.1.1. U.S. Nuclear Regulatory Commission, Human-System Interface Design Review Guidelines, NUREG-0700, Rev. 3, July 2020.
| |
| 6.1.2. U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model, NUREG-0711, Rev. 3, November 2012.
| |
| 6.1.3. U.S. Nuclear Regulatory Commission, Standard Review Plan, Chapter 7, Rev.
| |
| 6, Instrumentation and Controls, BTP 7-19, Rev. 6, Guidance for Evaluation of Diversity and Defense-in-Depth in Digital Computer-Based Instrumentation and Control Systems, NUREG-0800, July 2012.
| |
| 6.1.4. U.S. Nuclear Regulatory Commission, Standard Review Plan, Chapter 15, Rev. 3, Transient and Accident Analysis, NUREG-0800.
| |
| 6.1.5. U.S. Nuclear Regulatory Commission, Standard Review Plan, NUREG-0800, Chapter 18, Rev. 3, Human Factors Engineering.
| |
| 6.1.6. U.S. Nuclear Regulatory Commission, Standard Review Plan, NUREG-0800, Chapter 19, Rev. 3, Probabilistic Risk Assessment and Severe Accident Evaluation for New Reactors.
| |
| 6.1.7. U.S. Nuclear Regulatory Commission, Standard Review Plan, NUREG-0800, Chapter 13.5.2.1, Rev. 2, Operating and Emergency Operating Procedures.
| |
| 6.1.8. U.S. Nuclear Regulatory Commission, Standard Review Plan, NUREG-0800, Chapter 13.2.1, Rev. 4, Reactor Operator Requalification Program; Reactor Operator Training.
| |
| 6.1.9. U.S. Nuclear Regulatory Commission, Guidance for the Review of Changes to Human Actions, NUREG-1764, Rev. 1, September 2007.
| |
| 6.1.10. U.S. Nuclear Regulatory Commission, Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278, August 1983.
| |
| 6.1.11. U.S. Nuclear Regulatory Commission, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants, Regulatory Guide 1.97, Rev. 5, April 2019.
| |
| 6.2 Referenced Documents 6.2.1. Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Treatment of Important Human Actions Results Summary Report TR-130416-NP Revision 0 6.2.2. Human Factors Engineering Operating Experience Review Implementation Plan TR-130409, Revision 0.
| |
| 6.2.3. NuScale Human Factors Engineering Functional Requirements Analysis and Function Allocation Implementation Plan, TR-124333, Revision 0.
| |
| 6.2.4. NuScale Human Factors Engineering Task Analysis Implementation Plan, TR-130413, Revision 0.
| |
| 6.2.5. NuScale Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412, Revision 0.
| |
| 6.2.6. Human Factors Engineering Human-System Interface Design Implementation Plan, TR-130417, Revision 0.
| |
| 6.2.7. Human Factors Verification and Validation Implementation Plan, TR-130415, Revision 0.
| |
| 6.2.8. Risk Significance Determination, TR-0515-13952-NP-A, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Licensing Technical Report Human Factors Engineering Verification and Validation Implementation Plan December 2022 Revision 0 Docket: 52-050 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com
| |
| © Copyright 2022 by NuScale Power, LLC
| |
| © Copyright 2022 by NuScale Power, LLC i
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Licensing Technical Report COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.
| |
| The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.
| |
| Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.
| |
| © Copyright 2022 by NuScale Power, LLC ii
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.
| |
| This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.
| |
| Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
| |
| © Copyright 2022 by NuScale Power, LLC iii
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Executive Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 Abbreviations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.0 Sampling of Operational Conditions and Scenario Development. . . . . . . . . . . . . . . 8 2.1 Sampling Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Identification of Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.1 Scenario Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3 Scenario Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.0 Design Verification Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1 Human-System Interface Inventory and Characterization . . . . . . . . . . . . . . . . . . . . . . . 11 3.1.1 Human-System Interface Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1.2 Human-System Interface Characterization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1.3 Inventory Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2 Human Factors Engineering Design Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2.1 Verification Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2.2 Design Verification Evaluation Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.3 Human-System Interface Task Support Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.3.1 Human-System Interface Task Support Verification Criteria . . . . . . . . . . . . . . . 13 3.3.2 Human-System Interface Task Support Evaluation Methodology . . . . . . . . . . . 14 4.0 Integrated System Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.1 Validation Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Test Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3 Validation Test Bed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3.1 Interface Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.2 Interface Physical Fidelity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.3 Interface Functional Fidelity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.4 Environmental Fidelity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.5 Data Completeness Fidelity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.3.6 Data Content Fidelity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
| |
| © Copyright 2022 by NuScale Power, LLC iv
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table of Contents 4.3.7 Data Dynamics Fidelity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.3.8 Remote Human-System Interfaces Containing Important Human Actions . . . . 18 4.3.9 Test Bed Conformance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.4 Integrated System Validation Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.5 Performance Measurement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.5.1 Types of Performance Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.5.2 Performance Measure Information and Validation Criteria . . . . . . . . . . . . . . . . 23 4.6 Test Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.6.1 Scenario Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.6.2 Test Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.6.3 Training Test Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.6.4 Training Integrated System Validation Participants . . . . . . . . . . . . . . . . . . . . . . 28 4.6.5 Pilot Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.7 Data Analysis and Human Engineering Discrepancy Identification . . . . . . . . . . . . . . . . 28 4.8 Validation Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.0 Human Engineering Discrepancy Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5.1 Human Engineering Discrepancies Design Solution Implementation . . . . . . . . . . . . . . 31 5.2 Human Engineering Discrepancy Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.0 Verification and Validation Results Summary Report . . . . . . . . . . . . . . . . . . . . . . . 35 7.0 NUREG-0711 Conformance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 8.1 Source Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 8.2 Referenced Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
| |
| © Copyright 2022 by NuScale Power, LLC v
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 List of Tables Table 1-1 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Table 1-2 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Table 4-1 Characteristics of Performance Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Table 4-2 Basis for Performance Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Table 7-1 Conformance with NUREG-0711 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
| |
| © Copyright 2022 by NuScale Power, LLC vi
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Abstract Human factors verification and validation is a critical element of the Human Factors Engineering (HFE) Program that performs evaluations to verify that the HFE design conforms to HFE design principles and that it enables plant personnel to successfully and reliably perform their tasks to ensure plant safety and operational goals. The verification and validation HFE element consists of four major activities:
| |
| sampling of operational conditions (SOC) design verification integrated system validation human engineering discrepancy resolution NuScale employs an SOC strategy to guide the selection of human-system interface (HSI) to evaluate. This strategy is important because it is impractical to review all HSI due to the large number of tasks and combinations of HSI that are possible. Scenarios are created that sample tasks involving normal, abnormal, and emergency conditions.
| |
| Design verification involves HFE design verification, HSI inventory and characterization, and HSI task support verification. The goal of this element is to verify that the HSIs are designed in accordance with HFE design guidance. Human-system interface inventory and characterization describes all HSI displays, controls, and related equipment within the scope defined by the SOC.
| |
| Human-system interface task support verification confirms that the HSI supports task performance as defined by the task analysis.
| |
| Integrated system validation is an evaluation, using performance-based tests, to determine whether an integrated system design (e.g., hardware, software, and personnel elements) meets performance requirements and supports the plants safe operation.
| |
| Human engineering discrepancies are identified if HSI displays are discrepant when compared against design guidance or integrated system validation performance criteria are not met.
| |
| Verification and validation evaluations determine that the HFE design conforms to HFE design principles and that they enable plant personnel to perform required tasks to ensure plant safety and operational goals.
| |
| This implementation plan describes the methodology for conducting the evaluations and identifying and resolving human engineering discrepancies. The methodology described is consistent with the applicable provisions of Section 11 of NUREG-0711, Revision 3.
| |
| © Copyright 2022 by NuScale Power, LLC 1
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Executive Summary The human factors verification and validation (V&V) element of the Human Factors Engineering (HFE) Program consists of the following four major activities:
| |
| sampling of operational conditions design verification integrated system validation (ISV) identifying and resolving human engineering discrepancies Sampling of operational conditions identifies the conditions that are representative of the events that may be encountered during plant operation, conditions that reflect the characteristics that may contribute to variations in system performance, and conditions that consider the safety significance of the human-system interfaces (HSIs). These identified operational conditions are used in HSI inventory and characterization, HSI task support verification, HFE design verification, and ISV.
| |
| The HSI inventory and characterization describes HSI displays, controls, and related equipment lying within the scope defined by the sampling of operational conditions. The HSI task support verification confirms that the HSIs provide the alarms, information, controls, and support needed for personnel to perform their tasks as defined by the task analysis. Human Factors Engineering design verification confirms that the design of the HSIs conforms to HFE guidelines. Integrated system validation verifies, using performance-based tests, that the integrated system design (e.g., hardware, software, procedures, and personnel elements) supports the safe operation of the plant.
| |
| Human engineering discrepancies are identified during the V&V process. Human engineering discrepancy resolution may be performed iteratively. That is, the identified human engineering discrepancies are evaluated and resolved appropriately during one V&V activity before conducting other V&V activities. The preferred order of the process is HSI inventory and characterization, HSI task support verification, HFE design verification, and ISV, although iteration may be needed.
| |
| © Copyright 2022 by NuScale Power, LLC 2
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 1.0 Introduction 1.1 Purpose This document provides the human factors verification and validation (V&V) implementation plan (IP) for the NuScale Power, LLC (NuScale) plant human-system interface (HSI) design. The HSI design includes the hardware, software, and personnel elements used to operate a NuScale Power Plant.
| |
| The NuScale human factors V&V program confirms that the HSI design conforms to the specified design.
| |
| conforms to appropriate design criteria.
| |
| performs within acceptable limits under analyzed operating modes and conditions.
| |
| provides the complete set of alarms, controls, indications, and procedures needed to support the personnel tasks as identified in the task analysis (TA).
| |
| adequately supports plant personnel in the safe and reliable operation of the plant.
| |
| 1.2 Scope This IP describes the methodology for conducting the four major activities of the human factors V&V element (sampling of operational conditions (SOC), design verification, integrated system validation (ISV), and human engineering discrepancy resolution),
| |
| including identification of sampling dimensions and scenarios used for validation of the HSI.
| |
| human-system interface inventory and characterization.
| |
| the criteria used for task support verification and Human Factors Engineering (HFE) design verification.
| |
| selection and training of the Validation Team.
| |
| determination of validation test objectives.
| |
| use of the main control room (MCR) test bed for validation.
| |
| selection and training of personnel used as operating crews (i.e., ISV participants).
| |
| scenario selection and definition for the validation.
| |
| performance measures to be used in the validation.
| |
| design of testing.
| |
| data analysis methods applied to validation data.
| |
| validation of procedures.
| |
| guidance for initiation and evaluation of human engineering discrepancies (HEDs).
| |
| This IP provides a description of the methodology for the identification of scenarios for the ISV. The V&V results summary report (RSR) provides the information as discussed in
| |
| © Copyright 2022 by NuScale Power, LLC 3
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Section 6.0. A detailed ISV test report will be developed that supports the findings documented in the verification & validation results summary report.
| |
| 1.3 Abbreviations and Definitions Table 1-1 Abbreviations Abbreviation Definition HED human engineering discrepancy HFE Human Factors Engineering HFEITS human factors engineering issue tracking system HSI human-system interface I&C instrumentation & control IHA important human action IP implementation plan ISV integrated system validation MCR main control room RSR results summary report SA situational awareness SME subject matter expert SOC sampling of operational conditions TA task analysis V&V verification & validation
| |
| © Copyright 2022 by NuScale Power, LLC 4
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 1-2 Definitions Term Definition Embedded procedure An electronic procedure that is part of the NuScale HSI system that allows the operators to safely monitor and control the plant. An embedded procedure has bidirectional connection to the control networks.
| |
| Human Factors Engineering Generic term for the Plant Operations organization that consists of Design Team operators, human factor engineers, and simulator developers. The HFE Design Team does not include ISV participants. The HFE Design Team is responsible for the HFE associated with the NuScale design. Also referred to as the design team.
| |
| Human System Interface The human-system interface is that part of the system through which personnel interact to perform their functions and tasks. In this document, "system" refers to a nuclear power plant. Major HSIs include alarms, information displays, controls, and procedures. Use of HSIs can be influenced directly by factors such as
| |
| * the organization of HSIs into workstations (e.g., consoles and panels)
| |
| * the arrangement of workstations and supporting equipment into facilities such as an MCR, local control station, Technical Support Center, and Emergency Operations Facility and
| |
| * the environmental conditions in which the HSIs are used, including temperature, humidity, ventilation, illumination, and noise. The HSI use can also be affected indirectly by other aspects of plant design and operation such as crew training, shift schedules, work practices, and management and organizational factors.
| |
| ISV participants Operating crew members participating in the ISV. Participants are not part of the HFE Design Team or Validation Team.
| |
| Simulator operator Person responsible for running the simulator during design, training, and testing. During training and testing, simulator operators keep track of directions given to non-licensed operators and other personnel simulated outside the control room. Simulator operators role play as personnel outside the control room and only provide data that are allowed per the applicable scenario or training guide. Simulator operators answer questions asked by the crew but do not lead them to the correct answer or diagnosis. Simulator operators are also referred to as booth operators.
| |
| Simulator Review Board The Simulator Review Board reviews the results of simulator testing and compares them to analysis and engineering calculations to certify that the simulator reflects the plant design. The review is focused on realism to the operator and model validity.
| |
| Unit A NuScale unit consists of the components necessary to generate electricity. This includes a primary side containing a reactor power module and its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems.
| |
| Validation Team The Validation Team is responsible for administering the ISV tests. The Validation Team consists of test administrators, Operations observers, HFE observers, and simulator operators. The Validation Team administers the ISV and collects data via questionnaires, post-scenario debriefing, personal observations, and simulator-archived data. The Validation Team is also referred to as the ISV Test Team or test team.
| |
| © Copyright 2022 by NuScale Power, LLC 5
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 2.0 Sampling of Operational Conditions and Scenario Development The purpose of SOC is to identify a broad and representative range of operating conditions to be sampled during the HSI inventory and characterization (Section 3.1),
| |
| HFE design verification (Section 3.2), task support verification (Section 3.3), and ISV testing (Section 4.0). The sample is deemed representative if the samples safety significance, risk-significance, and challenges to the operating crew are considered to be within the range of events that the operators could encounter during the plant life cycle.
| |
| Subject matter experts (SMEs) select a combination of HSI features, test scenarios, plant process equipment degradations and failures, number and qualifications of operating staff members, and operating procedures to be employed, exercised, and stressed with each HSI validation test scenario.
| |
| 2.1 Sampling Dimensions A range of plant conditions, personnel tasks, and situational factors is considered within the sampling dimensions included in Section 11.4.1 of Human Factors Engineering Program Review Model, NUREG-0711, Rev. 3 (Reference 8.1.1) as applicable to the NuScale design.
| |
| In the NuScale Power Plant US460 standard design, up to six units are operated from a single control room that uses a digital control system and relies heavily on automation and computer-based procedures.The sampling dimensions include normal operational events, transients, and accidents. Due to the increased use of digital technology in the NuScale control room, scenarios must specifically provide an emphasis on instrumentation and control (I&C) and HSI failures as well as degraded conditions.
| |
| Scenario development goals are written to ensure the scenarios are comprehensive, and when taken together, cover aspects of all sampling dimensions relevant to the NuScale design.
| |
| 2.2 Identification of Scenarios Members of the NuScale HFE Design Team develop the ISV scenarios using multiple sampling dimensions to accomplish the goals and set the conditions to be included in each scenario based on the SOC.
| |
| Biases for individual dimensions are possible, but collectively, the scenarios avoid bias by representing scenarios that have both positive and negative outcomes.
| |
| require varying degrees of administrative burden to the ISV participants.
| |
| minimize the use of well-known and well-structured sequences (e.g., textbook design-basis accident mitigation).
| |
| © Copyright 2022 by NuScale Power, LLC 6
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 The ISV scenarios are reviewed by the appropriate SMEs and approved by Operations management.
| |
| 2.2.1 Scenario Security The following scenario security steps are maintained throughout the ISV entire development and testing process.
| |
| The scenario descriptions and collection of tasks are stored in a separate work area with access only granted to the scenario and testing developers.
| |
| The selected operating crew member participants (ISV participants) are not allowed to review documents associated with the completed scenarios (i.e.,
| |
| scenario guides).
| |
| Printed copies of scenario information are destroyed or placed in a secure location when not in use.
| |
| 2.3 Scenario Definition The scenarios used for ISV testing are selected during the SOC and scenario development process. Scenarios are run in the test bed to validate performance of the integrated system (e.g., hardware, software, and personnel elements) and ensure the design is consistent with the objective. The defined scenarios are designed to involve major plant evolutions or transients, reinforce team concepts, and identify the role each individual plays within the team. Tasks performed by operators outside the MCR are modeled in the ISV scenarios to realistically simulate effects on personnel performance due to potentially harsh environments. Effects such as additional time to don protective clothing, set up of radiological access control areas, and employment of damage control, emergency, or temporary equipment are described in scenarios by use of time constraints or additions.
| |
| The NuScale ISV scenarios are developed in a systematic manner and include the following applicable test attributes:
| |
| a synopsis objectives initial conditions of the plant specific initial conditions pertinent to commencement of the scenario a timeline of events to be run including initiating conditions where appropriate critical tasks to be conducted workplace factors (e.g., environmental conditions) material or knowledge-based needs to support the task to be tested staffing level
| |
| © Copyright 2022 by NuScale Power, LLC 7
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 where specific types of communications are necessary (e.g., an event notification to regulators via dedicated telephone line) details of that expected communication content scripted responses for test personnel (both in and out of the MCR) data to be collected by observers and instructors (rating scales for administrators are included where appropriate) pass or fail criteria for the scenario initial test bed set up criteria for terminating the scenario The ISV scenarios are developed to be representative of the range of events that could be encountered during the plants operation, determined by SOC as described in Section 2.1. The HFE Design Team provides variation in the scenarios developed to avoid scenarios leading to a well-structured and positive outcome. Scenarios are selected to confront the operating crew with challenging normal conditions and abnormal events containing multiple and unanticipated failures.
| |
| Test objectives are discussed in Section 4.2. An individual scenario cannot address all test objectives, but the aggregate ISV includes testing of all objectives. Each scenario tests some portion of the HSI for primary actions (control and verification via the plant response) and secondary actions (navigating the HSI for monitoring of other plant parameters); communication equipment is also verified during scenarios.
| |
| © Copyright 2022 by NuScale Power, LLC 8
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 3.0 Design Verification Methodology The design verification activity consists of the following three categories of tasks:
| |
| Inventory and Characterization - Compare the inventory of indication and controls included in the design to those presented in the HSI Design Verification - Compare the HSI with the requirements in the HSI Style Guide Task Support Verification - Evaluate a sampling of tasks identified in Section 2.0 to verify tasks can be performed successfully Discrepancies noted during the design verification are captured as an HED.
| |
| This implementation plan provides high level criteria and methods. These criteria are intended to be included in specific test plans that are used to test and obtain results. The use of consistent plans and procedures helps remove testing bias by providing clear evaluation criteria for each test.
| |
| Integrated system validation testing can involve hundreds or thousands of individual HSIs, and it is impractical and unnecessary to review all of them. Therefore, NuScale employs a sampling strategy to guide the selection of HSIs to review.
| |
| 3.1 Human-System Interface Inventory and Characterization The objective of the HSI inventory and characterization is to accurately describe the set of selected HSI displays, controls, and related equipment within the scope defined by the SOC. This check ensures that the instrumentation and controls listed in design documents are reflected in the HSI implementation.
| |
| 3.1.1 Human-System Interface Inventory The list of HSI inventory is generated from the plant design. During the TA, if an alarm, control, or indication is not available, the applicable design process will be followed to ensure the indication is added.
| |
| 3.1.2 Human-System Interface Characterization Characterization defines the functionality of each HSI selected for verification.
| |
| Human-system interface design documents such as equipment lists, design specifications, and input and output lists are produced during HSI design.
| |
| Characteristics of each HSI component are included in the associated design document that includes the minimum set of information:
| |
| a unique equipment identification code that links the HSI component to the associated plant system or subsystem associated personnel functions and sub-functions type of HSI (e.g., indication, control, alarm, procedure, hard-wired, screen-based)
| |
| © Copyright 2022 by NuScale Power, LLC 9
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 HSI characteristics and functionality (e.g., unit of measure, accuracy of variable or parameter, format, continuous or discrete (if a control), system response time)
| |
| HSI control characteristics and functionality (modes, accuracy, precision, format) method of use and associated user-aids physical or virtual (i.e., on a screen) location of HSI 3.1.3 Inventory Verification Inventory verification confirms the visual aspects (alarms, controls, indications, and the means of navigation among elements) of the HSI, including conformance to the NuScale Human System Interface Style Guide during HFE design verification. This process also includes verification of other HSI characteristics such as tag number, location, piping, and instrument diagram or logic diagram implementation.
| |
| NuScale HSI navigation and notifications are part of the spatially dedicated continuously visible main navigation bar. These elements do not need to be verified for every system HSI developed. These global elements are verified once during this verification phase for all selected HSIs following the process used during staffing plan validation.
| |
| 3.2 Human Factors Engineering Design Verification The HFE design verification is conducted to confirm that HSI characteristics conform to HFE guidelines as represented in NUREG-0700 (Reference 8.1.3) and the NuScale Human System Interface Style Guide.
| |
| Procedures describing HFE design verification include checklists and guidelines for comparison of the HFE design criteria (HSI Style Guide) to HSI components (e.g., alarms, controls, indications, procedures, navigation aids).
| |
| a description of the means of comparing HFE design criteria to HSI components in the context of the various environmental conditions or locations of those HSIs (e.g.,
| |
| noise, lighting, ambient temperature and humidity).
| |
| guidelines for determining whether the HSI is acceptable or discrepant based on the associated HFE design criteria.
| |
| methods for preparation and review of the HFE design verification as well as a course of action when reviewers do not agree on the results.
| |
| design verification HEDs are generated for HSIs that do not meet the HFE design criteria.
| |
| 3.2.1 Verification Criteria The criteria for HFE design verification is provided by the HSI Style Guide. The style guide includes guidance for determining appropriate design criteria. Deviations from
| |
| © Copyright 2022 by NuScale Power, LLC 10
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 the HSI Style Guide may be taken and documented when appropriate with consent of the design team, but normally should conform to the guidance provided.
| |
| During HFE design verification, it is not required to evaluate all guidelines applicable to the HSI in total; a characteristic (e.g., alarm prioritization) of an individual HSI component (e.g., alarm management screens) may be selected for evaluation against a guideline or a subset of a guideline as appropriate.
| |
| 3.2.2 Design Verification Evaluation Methodology The design verification evaluation is performed by the following method:
| |
| : 1. Select an SME to perform design verification that has sufficient knowledge of design criteria and HSI.
| |
| : 2. Select the sample of HSI displays or individual components to test.
| |
| : 3. Compare the HSI design to the design guide (e.g., HSI Style Guide or other authoritative document).
| |
| : 4. Document discrepancies noted during verification.
| |
| The design verification phase for all selected HSIs follows a process that provides a retest step if necessary.
| |
| 3.3 Human-System Interface Task Support Verification The purpose of HSI task support verification is to verify the HSIs support the task requirements on the selected HSI. The assessment verifies that HSIs provide the alarms, controls, indications, and task support for personnel to perform their tasks as defined by the SOC. For HSI task support verification related to performance (e.g., accuracy and dynamic response), the validation test bed is used.
| |
| 3.3.1 Human-System Interface Task Support Verification Criteria The task support verification checks that the HSI design supports the tasks within the sampling of conditions and the tasks are able to be performed correctly.
| |
| 3.3.2 Human-System Interface Task Support Evaluation Methodology The HSI task support evaluation is performed by the following method.
| |
| : 1. Select an SME to perform task verification that has sufficient knowledge of the plant design, HSI, and task intent.
| |
| : 2. Ensure the appropriate task procedure or standard is ready for performance.
| |
| : 3. Perform the selected task using the HSI.
| |
| : 4. Confirm the HSI supports all control room licensed operator steps necessary to complete task.
| |
| : 5. Document discrepancies noted during performance of the task.
| |
| © Copyright 2022 by NuScale Power, LLC 11
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 4.0 Integrated System Validation The ISV is the process by which an integrated system design (e.g., hardware, software, and personnel elements) is evaluated using performance-based tests to determine whether it acceptably supports safe operation of the plant. In most cases, the ISV is undertaken after HEDs that were identified in the upstream process, including design verification, have been resolved and the resulting changes implemented. Resolution typically includes implementing the documented changes but in cases with no safety significance and no expected impact on ISV results, exceptions are allowed provided a strong justification is documented.
| |
| Objective performance measures and success criteria are developed as part of the methodology.
| |
| This section describes the minimum requirements needed to perform an ISV activity such that there is high confidence the HSI design demonstrates it is safe for operation.
| |
| 4.1 Validation Team Validation Team members can be selected from the HFE Design Team. The Validation Team members are trained and qualified to conduct the ISV in an objective and unbiased manner. The conduct of the ISV is scheduled such that all portions are available for audit.
| |
| A detailed ISV test report is developed that supports the findings documented in the verification and validation results summary report; both documents are submitted to the NRC. The HFE Design Team developing and conducting the ISV is analogous to a commercial nuclear plants Training Department developing and conducting an NRC license exam or annual requalification exam.
| |
| The Validation Team consists of the following:
| |
| test lead plant operations experts HFE experts one lead test bed engineer (simulator operator) test bed support staff (simulator operator and communicator)
| |
| The observers (test lead, plant operations experts, and HFE experts) collect data via questionnaires, post-scenario debriefing, personal observations, review of video, and from HSI computer system logging. The observers are trained and qualified using the NuScale Training Program.
| |
| The administrators (test lead, test bed engineer, and test bed support staff) manage the ISV, control each scenario in accordance with the test procedure, maintain and set up the test bed, and collect the test bed archived data following each scenario. The Validation Team personnel act as simulated plant personnel as necessary within each scenario. The administrators are trained and qualified using the approved training program. Bias is
| |
| © Copyright 2022 by NuScale Power, LLC 12
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 further reduced by obtaining results by consensus of the Validation Team rather than individual observations.
| |
| 4.2 Test Objectives The objectives of the ISV are to validate the acceptability of the shift staffing, the assignment of tasks to operating crew members, and crew coordination within the control room, among the control room and local control stations and support centers, and with individuals performing tasks locally. This objective encompasses validating minimum shift staffing levels, nominal levels, higher levels, and shift turnover.
| |
| the design has adequate capability for alerting, informing, controlling, and feedback such that personnel tasks are successfully completed during normal plant evolutions, transients, design-basis accidents, and also during selected risk-significant events beyond-design-basis, as defined by the SOC.
| |
| specific personnel tasks can be accomplished within the time and performance criteria, with effective situational awareness (SA), and acceptable workload levels that balance vigilance and personnel burden.
| |
| the HSIs minimize personnel error and ensure error detection and recovery capability when errors occur.
| |
| the assumptions about performance on important human actions (IHAs).
| |
| 4.3 Validation Test Bed The principal validation test bed for the ISV is the control room simulator. The fidelity of the validation test beds models and HSI are verified to represent the current, as-designed NuScale Power Plant before use for the validation.
| |
| The test bed model consists of multiple modeling software packages, all based from current NuScale designs. Together, they provide a high level of fluid and reactivity modeling. Precisely modeling the predicted behavior of the reactor core, thermodynamic performance, balance-of-plant, and electrical system design is desired as NuScale does not have a comparison reference plant. Up to six units are simultaneously and independently modeled, but they also share common systems that provide input for multiple units.
| |
| The test bed is validated against the seven criteria described in Section 11.4.3.3 of Reference 8.1.1: interface completeness, interface physical fidelity, interface functional fidelity, environment fidelity, data completeness fidelity, data content fidelity, and data dynamics fidelity. These criteria are further discussed in Section 4.3.1 through Section 4.3.7 below.
| |
| The validation test bed attempts to accurately simulate a NuScale Power Plant MCR environment. When simulation is not achievable by the test bed (e.g. room temperature rise and backup lighting during a loss of all AC power), a list of discrepancies is documented in the verification and validation results summary report discussed in
| |
| © Copyright 2022 by NuScale Power, LLC 13
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Section 6.0. If necessary, changes are made to the ISV test procedure to reflect the alternate test bed configuration. In some limited cases, the Validation Team may consider the test bed discrepancies to affect specific aspects of the validation results. If so, an HED is generated to document the discrepancy and the concern. The HED is resolved in accordance with the HED resolution process described in Section 5.0.
| |
| 4.3.1 Interface Completeness The test bed represents a complete and integrated system. The HSI and procedures provide a holistic representation of the MCR and support the sample of conditions listed in the test scenarios. The test bed further represents interfaces with other control stations as appropriate (e.g., communications) to provide an integrated system.
| |
| 4.3.2 Interface Physical Fidelity High physical fidelity in the HSI and procedures is represented, including presentation of alarms, displays, controls, procedures, automation, job aids, communications, interface management tools, layout, and spatial relationships. The test bed is a replica in form, appearance, and layout of the NuScale MCR design.
| |
| 4.3.3 Interface Functional Fidelity High functional fidelity in the HSI, procedures, and automation is represented so that the HSI functions are available and the HSI component modes of operation, types of feedback, and dynamic response characteristics operate in the same way as the physical plant.
| |
| 4.3.4 Environmental Fidelity The test bed is representative of the physical NuScale Power Plant with regard to environmental features such as lighting, noise, temperature, humidity, and ventilation characteristics. In cases where the test bed cannot accurately simulate the environment, the ISV captures Human Factors Engineering issue tracking system (HFEITS) entries for evaluation and resolution.
| |
| 4.3.5 Data Completeness Fidelity In the test bed, information and data provided to personnel represent the complete set of plant systems monitored and controlled from the corresponding facility.
| |
| 4.3.6 Data Content Fidelity The test bed represents a high degree of data content fidelity. The alarms, controls, indications, procedures, and automation presented are based on an underlying plant model that accurately reflects the engineering design of the NuScale Power Plant.
| |
| The model also provides input to the HSI, such that the information matches what is presented during operations.
| |
| © Copyright 2022 by NuScale Power, LLC 14
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 4.3.7 Data Dynamics Fidelity The test bed represents a high degree of data dynamic fidelity. The plant model provides input to the HSI in a manner such that information flow and control responses occur accurately and in the correct response time. Information is provided to personnel with the same anticipated delays as would occur in the plant.
| |
| 4.3.8 Remote Human-System Interfaces Containing Important Human Actions NuScale identified no IHAs that are conducted outside of the MCR. In the event that a remote IHA is determined in a later design stage, the test bed will use mockups to verify human performance requirements for IHAs conducted at HSIs remote from the MCR. The simulation or mockup considers, for example, transit times, use of personal protective equipment, and delays associated with the need for operator precision (e.g., self-checking).
| |
| 4.3.9 Test Bed Conformance The test bed is verified to conform to required characteristics before validation tests are conducted.
| |
| 4.4 Integrated System Validation Participants Operators participating in the ISV are previously licensed reactor or senior reactor operators, operators with Navy nuclear experience, design engineering staff members familiar with the NuScale Power Plant design, previously non-licensed operators at a nuclear plant, or personnel with a technical degree. The personnel participating in ISV are trained, qualified, and are assigned to roles commensurate with their experience, skill, and knowledge level.
| |
| Participants who constitute the ISV operating crews are not part of the Human Factors Engineering Validation Team or HFE Design Team. Operating crew makeup is not intentionally varied from scenario to scenario and remains generally consistent throughout the validation (i.e., crew members are not rotated among operating crews).
| |
| To control crew bias, individual crew members are distributed across crews with consideration for age distribution.
| |
| gender distribution.
| |
| education level distribution.
| |
| experience distribution.
| |
| Operating crew size for the validation tests includes a range of expected sizes to ensure that the HSI supports operations and event management. This range includes the minimum operating crew, nominal levels, and higher levels as defined during the staffing and qualifications program element NuScale Human Factors Engineering Staffing and
| |
| © Copyright 2022 by NuScale Power, LLC 15
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Qualifications Results Summary Report (Reference 8.2.2) for a range of plant operating modes. The crew size for each scenario is identified in the ISV test procedure, and scenarios are not repeated with different crew sizes.
| |
| The ISV includes at least one scenario with more than minimum crew staffing defined in Reference 8.2.2 (e.g., additional licensed operators to complete a complex evolution) to simulate times of high control room traffic distractions, and high environmental loading.
| |
| The roles of the additional personnel and their interaction with the operating crew are determined by the scenario developers based on meeting the test objectives and goals and by applying the SOC criteria.
| |
| 4.5 Performance Measurement Performance measures for ISV include measures of plant performance, personnel task performance, SA, cognitive and physical workload, and anthropometric or physiological factors. Test acceptance criteria is associated with clear and object dispositive measures whereas diagnostic measures are associated with supporting details or providing additional insight into observations and conclusions.
| |
| 4.5.1 Types of Performance Measures 4.5.1.1 Plant Performance Measures Plant performance resulting from operator action or inaction includes plant process data (e.g., temperature, pressure) and component status (e.g., on or off; open or closed) as a function of time from multiple simulated locations. These data are obtained from various plant equipment including nuclear, fluid, structural, and electrical components. Components that provide plant process data or component status in the plant are simulated with appropriate fidelity. The test bed has the ability to record complete plant process data and component status (including state changes) for the full length of the ISV scenarios.
| |
| 4.5.1.2 Personnel Task Performance Measures For each scenario, tasks that personnel are required to perform are identified and assessed. Primary and secondary personnel tasks are evaluated.
| |
| Primary tasks are those involved with function and task completion including detection, assessment, planning, and response. The level of detail to which primary tasks are measured and performance measures selected are assessed based on the complexity of the task. Time and accuracy are measured for lower level rule-based tasks to recognize and respond, while tasks that are knowledge-based (e.g., detection, seeking additional data, making decisions, or taking actions) entail the use of more detailed performance measures.
| |
| Secondary task performance measures reflect the workload associated with HSI manipulations associated with maintaining the overall plant. Test personnel
| |
| © Copyright 2022 by NuScale Power, LLC 16
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 evaluate secondary tasks in conjunction with primary tasks to observe effects on overall performance and workload both at individual and operating crew level.
| |
| Personnel task performance measurements are selected to reflect those aspects of the task important to system performance and used depending on the particular scenario such as time.
| |
| accuracy.
| |
| frequency.
| |
| amount achieved or accomplished.
| |
| consumption or quantity used.
| |
| subjective report of participants.
| |
| behavior categorization by observers.
| |
| For knowledge-based tasks, more detailed data are collected in order to assess the complexity of the crew actions such as number of attempts.
| |
| number of navigational steps.
| |
| accuracy of actions.
| |
| frequency with which a specific action must be taken (repetitive actions).
| |
| number and severity of errors of omission or commission.
| |
| frequency with which plant parameters reach a limit before action is taken.
| |
| feelings and observations of scenario operating crews used in the ISV.
| |
| observations of test administrators.
| |
| plant performance.
| |
| Objective measures of individual or crew and system performance are also collected during validation scenarios and are used for documenting the performance and future use. They include video recordings of operator performance.
| |
| alarm history log.
| |
| operator control interactions.
| |
| plant variable control interactions (resulting from operator controls).
| |
| component status changes.
| |
| HSI use log (display screen request history and operational history).
| |
| The capturing of data using cameras enables NuScale to document the operators actions as they are performed. With the information archived, it is available for the
| |
| © Copyright 2022 by NuScale Power, LLC 17
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 life of the design for tracking purposes. The comparison between actual and expected actions is an important test criterion when identifying errors of omission and commission. NuScale performs this comparison during the V&V testing process and maintains a retrievable video library, as a contingency, for instances where observations conflict or actions come into question.
| |
| 4.5.1.3 Situational Awareness Performance Measures To measure SA, ISV applies a combination of objective measures along with subjective post-scenario questionnaire methods.
| |
| Performance measures for SA are obtained using non-intrusive human performance measures. Specific failure, malfunction, or out-of-alignment events are included in test bed scenarios to determine if the HSI adequately supports operators in detecting the event from indications and alarms and identifying the source of the problem. Observation of operator response provides an objective indication of SA. The data for this type of measurement can be collected while the scenario is dynamically running without interfering with the natural cognitive and collaborative operator crew processes.
| |
| subjective questionnaires. Post scenario self-assessments by test participants provide a complementary measure of SA that evaluates operator confidence in the HSI to provide adequate information to support SA.
| |
| 4.5.1.4 Cognitive and Physical Workload Performance Measures To measure cognitive workload, the ISV employs the following methods.
| |
| Test subjects fill out a questionnaire after each scenario. This questionnaire asks for an assessment of each subjects mental workload including mental stress and effort required. Sample questions include
| |
| - How would you rate your ability to maintain awareness of plant conditions (i.e., SA)?
| |
| - How would you rate your overall mental workload during the scenario?
| |
| - Mental workload could be measured by perceived mental and perceptual activity (e.g., remembering, thinking, searching, calculating, and deciding).
| |
| - How would you rate your physical workload overall during the scenario?
| |
| - Physical workload for purposes of evaluating the HSI performance is a subset of mental workload and measures actions (e.g., pushing, pulling, turning, controlling, activating)
| |
| The operators ability to gather specific plant information, including the amount of time it takes to gather the information, and the ability to feed it correctly back to the crew while managing the scenario are collected to measure the level of cognitive workload and reserve capacity at a given time.
| |
| © Copyright 2022 by NuScale Power, LLC 18
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Observations of crew performance during scenarios and through post-scenario verbal debriefs and interviews are documented following each scenario to provide background for interpreting results.
| |
| 4.5.1.5 Anthropometric and Physiological Factor Performance Measures The primary purpose of anthropometric and physiological performance measures during ISV is to assess those aspects of the design that cannot be evaluated during design verification. Anthropometric and physiological performance measures evaluate how well the HSI supports plant personnel in monitoring and control of the plant. Many of these design aspects are assessed as part of verifying the HFE design. Therefore, the focus is on those areas of the design that can only be addressed by testing the integrated system (e.g., the ability of personnel to effectively use the various controls, displays, workstations, or consoles while performing their tasks). Anthropometric challenges are collected during the scenarios or during review of video recordings. Observations that indicate a need for anthropometric or physiological changes to the HSI design include such concerns as visibility of displays.
| |
| accessibility of control devices.
| |
| ease of manipulating the control device.
| |
| 4.5.2 Performance Measure Information and Validation Criteria 4.5.2.1 Collection Methods Subjective assessments of the HSI and its impact on performance, including self-ratings of workload, SA, and teamwork, are conducted by ISV participant operating crews. Operator feedback on the HSI is collected via post-scenario debriefs and questionnaires, which include scale rating questions and open feedback (long answer) questions.
| |
| Objective data (e.g., video recording, administrator observations) collected during test scenarios are analyzed to assess impacts of operator actions on plant processes and equipment states. The analysis compares the performance derived from parameters and times collected by the test bed to the evaluation criteria for operator actions and for overall plant process behavior developed for each scenario.
| |
| Test observers and administrators document individual assessments of crew performance on a post-scenario observer form after the scenario. The form documents observed performance problems in the following categories:
| |
| monitoring and detecting problems errors of omission critical action delays
| |
| © Copyright 2022 by NuScale Power, LLC 19
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 errors of commission procedure deviations teamwork SA workload other problems In addition to HSI performance problems, observers and administrators rate technical and teamwork performance on the post-scenario observer form. Crew size sufficiency is rated, and potential or noticeable HEDs are identified.
| |
| Test subjects also document their feedback on a post-scenario test subject form following the scenario. The test subject form is similar to that of the observer and administrator with observations of HSI performance problems, technical and teamwork performance observations, crew size sufficiency ratings, and potential or noticeable HEDs.
| |
| The data collected from subjective and objective sources are analyzed by the HFE Design Team to determine the sufficiency of the HFE design.
| |
| 4.5.2.2 Performance Measure Characteristics and Bases Performance measures observed during ISV contain the characteristics described in Table 4-1.
| |
| Table 4-1 Characteristics of Performance Measures Characteristic Meaning Construct Validity A measure should represent accurately the aspect of performance it is intended to measure.
| |
| Reliability A measure should be repeatable (i.e., same behavior measured in exactly the same way under identical circumstances should yield the same results).
| |
| Sensitivity A measure's range (scale) and its frequency (how often data are collected) should be appropriate to that aspect of performance being assessed.
| |
| Unobtrusiveness A measure should minimally alter the psychological or physical processes that are being investigated.
| |
| Objectivity A measure should be based on easily observed phenomena.
| |
| The basis for inclusion of a performance criterion in the ISV (or a particular scenario within ISV) used to judge acceptability of that criterion is determined during the development of the scenario. Bases for performance criteria are described in Table 4-2.
| |
| © Copyright 2022 by NuScale Power, LLC 20
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 4-2 Basis for Performance Criteria Criteria Basis Meaning Requirement The observed performance of the integrated system is compared with a quantified performance requirement (i.e., the requirements for the performance of systems, subsystems, and personnel are defined through engineering analyses).
| |
| Benchmark The observed performance of the integrated system is compared with a criterion established using a benchmark system (e.g., a current system is predefined as acceptable).
| |
| Norm The observed performance of the integrated system is compared with a criterion using many predecessor systems (rather than a single benchmark system).
| |
| Expert Judgment The observed performance of the integrated system is compared with a criterion established by SMEs.
| |
| Performance measures are designated as pass, fail or diagnostic. Diagnostic is measureable and the criteria include both range and unit of measure.
| |
| 4.6 Test Design Test design refers to the process of developing scenarios, developing test plans, and conducting ISV based on the integrated HSI as described in the preceding sections. The goal of test design is to permit the observation of integrated system performance while minimizing bias.
| |
| Once the ISV test plan and scenarios are developed, they are reviewed by the appropriate SMEs and approved by operations management.
| |
| This section describes characteristics of the test design important to supporting ISV validity.
| |
| 4.6.1 Scenario Sequencing Integrated System Validation: Methodology and Review Criteria, NUREG/CR-6393 (Reference 8.1.2), is employed as the standard for selection of crew or scenario order as follows.
| |
| A minimum of two operating crews perform each scenario.
| |
| Crews perform a grouping of scenarios in a different order than other crews.
| |
| When running individual scenarios across multiple crews, the order of the crews is varied when the scenario is changed.
| |
| Integrated system validation scenarios also contain variable normal operation time before introducing events to ensure that operating crews are not pre-tuned to immediate events and actions at the beginning of each scenario or at the same time during each scenario.
| |
| © Copyright 2022 by NuScale Power, LLC 21
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 4.6.2 Test Procedures Before ISV, detailed test procedures are prepared to manage tests, ensure consistency, control test bias, support repeatable results, and focus the test on the specific scenario objectives. The test observers and administrators use the test procedures to set up each scenario, manage the scenario, and analyze the test results. Scenario developers use test procedures to build the scenario set.
| |
| Integrated system validation test procedures are designed to minimize the introduction of bias by observers, administrators, and operating crews. A standardized scenario template is part of the test procedure. Test procedures include scenario order for each crew and order of crews when running a single scenario multiple times.
| |
| detailed and standardized instructions for briefing the test participants before each scenario.
| |
| specific instructions and criteria for observers and administrators on conduct of scenarios.
| |
| scripted questions and responses for administrators acting as plant staff during the scenario.
| |
| guidance on when and how to interact with the operating crew when the test bed encounters difficulties.
| |
| specification of unique data to be collected and stored (including what, when, and how) (Section 4.5).
| |
| guidance for documenting
| |
| - operating crews and scenario details.
| |
| - deviations from the test procedure, test difficulties, and significant unusual events.
| |
| - plant data.
| |
| - observer and administrator notes.
| |
| - post-scenario and final debriefing notes.
| |
| - crew questionnaires.
| |
| - observer and administrator questionnaires.
| |
| - observer and administrator consensus notes.
| |
| - video and audio recordings.
| |
| - HEDs.
| |
| post-testing instructions for each operating crew to not discuss the scenarios and HSI with others.
| |
| © Copyright 2022 by NuScale Power, LLC 22
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 4.6.3 Training Test Personnel Before starting ISV, observer and administrators are trained and qualified on NuScale Power Plant systems, the HSI, and ISV test procedures. Training consists of both classroom and test bed time. Training goals include ensuring familiarity with test procedures and scenarios.
| |
| reduction of potential bias and errors introduced by the observers and administrators due to test-based learning, failure to follow the test procedure, or incorrect interaction with the operating crew.
| |
| use of the test procedure.
| |
| documentation needs for each test, including
| |
| - where the test did not follow the scenario.
| |
| - problems that occur during testing, even if they were due to an oversight or error of those conducting the test.
| |
| the necessity of limiting observer and administrator interaction with test personnel to what is in the scenario description.
| |
| how to conduct post-scenario debriefings.
| |
| familiarity with HFE data collection tools and techniques.
| |
| familiarity with observation techniques, goals, and responsibilities specific to each observers role.
| |
| 4.6.4 Training Integrated System Validation Participants Test participants undergo training similar to plant operators including conduct of operations, plant systems, HSI, plant events, and operating procedures. Test participants are not trained specifically on the scenarios in which they participate.
| |
| To ensure near-asymptotic performance and a consistent level of proficiency among individuals comprising the operating crews, only participants who have successfully completed the training program and have reached an acceptable level of proficiency are considered qualified for operating crew assignment.
| |
| 4.6.5 Pilot Testing A test operating crew, which does not participate in ISV, conducts a pilot test (i.e., a pre-validation test) to assess the adequacy of test design, performance measures, and data collection methods.
| |
| give the observers and administrators experience in running the test.
| |
| ensure that the ISV runs smoothly and correctly.
| |
| © Copyright 2022 by NuScale Power, LLC 23
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 4.7 Data Analysis and Human Engineering Discrepancy Identification Test data are analyzed using both quantitative and qualitative methods. The analysis identifies the relationship between the observed and measured performance and the established acceptance criteria described in Section 4.5.2. Data are analyzed for each scenario across multiple trials. The method of analysis, consistency of measure assessing performance, and criteria used to determine successful performance for a given scenario is determined by the HFE Design Team.
| |
| Data is collected from multiple sources including crew debriefs, observer debriefs, National Aeronautics and Space Administration Task Load Index questionnaires, SA questionnaires, and management observations. The data are collected and reviewed by HFE and Operations SMEs to assess performance results to identify significant adverse issues and trends. This analysis compares and contrasts data sources, data across crews, data across trials, and data across scenarios. The HFE and Operations SMEs then collaborate on trending results and HED identification. Data management is accomplished by organizing issues into related categories in a manner that can be analyzed easily (e.g., using a database with search and filter capability).
| |
| These general categories provide the structure to conduct subsequent data analysis.
| |
| Specific issues are identified within each general category. The SMEs use experience and judgment to identify these issues. In some cases a single data point is identified as an issue. An example would be failure to meet a pass or fail performance criterion. In more typical cases, multiple data points are collected to support a collective root cause.
| |
| Data from different sources, crews and scenarios (convergent measures) are used to provide reinforcement of the significance, validity and extent of the issue.
| |
| The following rules are applied to this trending process.
| |
| At least two individuals work independently to identify trends. Each person then reviews the trends identified by the other(s).
| |
| Performance data can be placed in multiple general categories, and support multiple issues.
| |
| Performance data are not excluded from continuing review just because it has been included in a trend.
| |
| Trends address all aspects of the ISV process including procedures, training, HSI design, simulator performance, and crew performance.
| |
| Positive observations are also recorded in areas where a negative trend has been identified to provide perspective on the extent of the condition.
| |
| Human engineering discrepancy identification and resolution details are discussed in Section 5.0.
| |
| 4.8 Validation Conclusions Integrated system validation conclusions are based on
| |
| © Copyright 2022 by NuScale Power, LLC 24
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 a comprehensive testing program performed by an independent ISV team using test procedures covering the scope described above.
| |
| a high-fidelity test platform representative of the actual system, model, and HSI in aspects important to the integrated systems performance; variable aspects of the integrated system are adequately sampled.
| |
| acceptance criteria are measurable, reflect proper operational practices, and are representative of important aspects of performance.
| |
| test design minimizes bias or confounding effects so as not to affect the validity of the results.
| |
| statistical conclusions, where possible, are based on convergence of multiple measures.
| |
| specific pass and fail performance criteria documented as HEDs also identify the extent of the issue.
| |
| Integrated system validation conclusions documented in the V&V results summary report include the statistical and logical bases for determining that performance of the integrated system is acceptable.
| |
| the limitations in identifying possible effects on validation conclusions and that the impact on the design integration HFE Program element is considered, including
| |
| - aspects of the tests that are not well controlled.
| |
| - potential differences between the test situation and actual operations such as the absence of productivity-safety conflicts.
| |
| - differences between test platform design and the as-built NuScale Power Plant.
| |
| © Copyright 2022 by NuScale Power, LLC 25
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 5.0 Human Engineering Discrepancy Resolution Human engineering discrepancies are identified, documented, and resolved throughout the V&V process.
| |
| Human engineering discrepancies are not always resolved; HEDs may be found acceptable after an evaluation in the context of the integrated design. The basis for a decision that accepts an HED without change in the integrated design is documented, and is based on accepted HFE practices, current published HFE literature, trade-off studies, tests, or engineering evaluations. Human engineering discrepancies are identified in the V&V process during HFE design verification (Section 3.2).
| |
| task support verification (Section 3.3).
| |
| ISV (Section 4.0).
| |
| Human Factors Engineering issues and HEDs are identified and tracked in the HFEITS database. The HFEITS database is available to members of the HFE Design Team and identification of issues is part of the NuScale safety-conscious work environment. The HFEITS database is maintained until fuel load.
| |
| A sampling of HEDs found during the V&V process is discussed in the verification and validation results summary report human engineering discrepancy evaluation documentation section and includes information on the potential cumulative effects of HEDs observed and samples of HEDs that show an indication of broader issues seen during testing.
| |
| 5.1 Human Engineering Discrepancies Design Solution Implementation During ISV testing, HEDs are analyzed for priority selection and design category placement (e.g., HSI or simulator). Once the HED has been received, a discrepancy entry is created in the HFEITS database and the HED is prioritized as priority 1, priority 2, or priority 3 HEDs according to their importance as follows.
| |
| Priority 1 HEDs have a potential direct or indirect impact on plant safety and are resolved before ISV testing is considered complete. Human engineering discrepancies initiated as a result of a performance measure not being met (pass or fail performance measures) are priority 1 HEDs. Cross-cutting issues determined through HED analysis or performance measure analysis are also priority 1 HEDs due to their global impact on the HSI design performance.
| |
| Priority 2 HEDs have a direct or indirect impact on plant performance and operability and are resolved before the plant design is completed.
| |
| Priority 3 HEDs are those that do classify as priority 1 or priority 2. Priority 3 HEDs do not have to be resolved. If resolution of priority 3 HEDs is determined to be needed, they are resolved during design implementation.
| |
| © Copyright 2022 by NuScale Power, LLC 26
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 The HED is then routed to the appropriate group for resolution. Human engineering discrepancies related to the HSI are sent to the HFE Design Team, and HEDs related to simulator modeling are sent to the Simulator Review Board. It is possible for HEDs to be routed to both groups.
| |
| The HED is then resolved, and the discrepancy entry closed. The HED resolution is reviewed for final closure in the HFEITS database by an HFE review committee.
| |
| 5.2 Human Engineering Discrepancy Analysis Human Factors Engineering verification and validation human engineering discrepancies are categorized based on their principal impact on personnel tasks and functions.
| |
| plant systems.
| |
| human-system interface features.
| |
| individual HSI components.
| |
| operating procedures.
| |
| Extent of condition and causal effect across the various HSI design features and functions are assessed as part of the HED process. Extent of condition determination considers cumulative or combined effects of multiple HEDs and human engineering discrepancies that represent a broader issue.
| |
| Extent of condition evaluation includes questionnaires and debriefings that include explicit questions for test participants about issues that appear to represent larger underlying problems with the HSI design.
| |
| administrators and observers that review each HED against other HEDs to determine relationships and overlaps among issues.
| |
| the HFE Design Team independently reviews each HED to determine relationships and overlaps among issues.
| |
| The broad-reaching testing and number of evaluated performance measures limit the ability to perform statistical analyses. Testing of multiple scenarios with multiple crews (generally, each crew will develop a different strategy) makes it impractical to make conclusions based on performance of the population or deviations from a norm.
| |
| Therefore, observer and administrators, test participants, and the Validation Team evaluate instances where a performance measure is not met to determine causal factors.
| |
| Design-related deficiencies determined for alarms, controls, indications, and procedures are documented in an HED. Previous HFE Program elements may need to be evaluated to resolve the deficiency. The HSI design is not considered validated until an HED initiated by pass or fail measures as a result of ISV is resolved. Test-related deficiencies are documented in the HFEITS and may result in changes to the test procedure or scenario definition.
| |
| © Copyright 2022 by NuScale Power, LLC 27
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Assessments attained by different means that are intended to measure the same or similar performance measures are compared. When differing conclusions are reached, more detailed cause analysis is performed, including the review of test bed logs and video and audio tapes, if necessary. Measuring convergence may be necessary for a single team and single scenario or for multiple teams and across several scenarios depending on the performance measure. In cases where multiple types of data (debriefs, questionnaires, video recording, and administrator observations) are collected and none of the measures reveal a problem, the fact that multiple measures were used to probe for a problem increases confidence that there is no deficiency.
| |
| Additional assessment to determine extent of condition and identify patterns is conducted when two or more test participant crews exhibit general performance problems in at least one of the following categories:
| |
| SA control of the plant procedure adherence error tolerance mental workload physical workload team work supervision of automated systems Expert HFE Design Team judgment is employed to infer a margin of error from the observed performance or data analysis. This judgement takes into account that actual performance may be slightly more variable than ISV test results.
| |
| Data and data-analysis tools (e.g., equations, measures, spreadsheets, expert opinions, resulting HEDs) are documented for subsequent audit and application during design integration and human performance monitoring HFE Program elements. Individual HFEITS items are maintained as auditable records in the HFEITS database.
| |
| © Copyright 2022 by NuScale Power, LLC 28
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 6.0 Verification and Validation Results Summary Report Following completion of verification and validation activities, the results are compiled in an RSR. The RSR contains a description of Human Factors Engineering and Validation Team participants and roles.
| |
| Human Factors Engineering V&V results overview and principal findings from design verification.
| |
| a list of priority 1 HEDs generated from the V&V, the analyses associated with these HEDs, and their resolutions.
| |
| Human Factors Engineering V&V execution results.
| |
| - verification:
| |
| a description of the application of the verification program verification results based on TA verification results based on the HSI Style Guide discussion of HEDs that resulted from the verification, extent of condition, resolution, and subsequent HSI design changes made before validation verification test procedures verification procedure and analysis tools used to draw conclusions and provide assurance that selected scenarios are representative of expected operational conditions (tools may include tables or checklists)
| |
| - validation:
| |
| a description of the application of the validation program validation test procedures ISV procedure, including scenarios a detailed description of the specific scenario sets used in testing including test instructions, data collection instruments, SOC versus scenario comparison table, and scenario identification summary table data analysis results and validation conclusions, as compared to the minimum set of test objectives a discussion of pass and fail HEDs that resulted from the validation, extent of condition, resolution, and subsequent HSI design changes, analyses, or retest a discussion of performance improvement measures a discussion of validation results and conclusions that pass or fail criteria have been met
| |
| © Copyright 2022 by NuScale Power, LLC 29
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 7.0 NUREG-0711 Conformance Evaluation Table 7-1 indicates where each NUREG-0711, Revision 3 criterion is addressed in this IP.
| |
| Table 7-1 Conformance with NUREG-0711 HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.1.1 Sampling Dimensions Section 2.1 The following sampling dimensions are addressed below: Plant conditions, personnel tasks, and situational factors known to challenge personnel performance.
| |
| (1) The applicant should include the following plant conditions:
| |
| * normal operational events including plant startup, shutdown or refueling, and significant changes in operating power
| |
| * I&C and HSI failures and degraded conditions that encompass:
| |
| - The I&C system, including the sensor, monitoring, automation and control, and communications subsystems; [e.g., safety-related system logic and control unit, fault tolerant controller, local "field unit" for multiplexer (MUX) system, MUX controller, and a break in MUX line]
| |
| - common cause failure of the I&C system during a design basis accident (as defined by BTP 7-19)
| |
| - HSIs including, loss of processing or display capabilities for alarms, displays, controls, and computer-based procedures
| |
| * transients and accidents, such as:
| |
| - transients (e.g., turbine trip, loss of off-site power, station blackout, loss of all feedwater, loss of service water, loss of power to selected buses or MCR power supplies, and safety and relief valve transients)
| |
| - accidents (e.g., main-steam-line break, positive reactivity addition, control rod insertion at power, anticipated transient without scram, and various-sized loss-of coolant accidents)
| |
| - reactor shutdown and cooldown using the remote shutdown system
| |
| - reasonable, risk-significant, beyond-design-basis events that should be determined from the plant-specific PRA
| |
| © Copyright 2022 by NuScale Power, LLC 30
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) The applicant should include the following types of personnel tasks: Section 2.1
| |
| * Important HAs, Systems, and Accident Sequences - The sample should include all important HAs, as determined in Section 7. Additional factors that contribute highly to risk, as defined by the PRA, also should be sampled:
| |
| - dominant accident sequences
| |
| - dominant systems (selected through PRA importance measures, such as Risk Achievement Worth or Risk Reduction Worth)
| |
| * Manual Initiation of Protective Actions - The sample should include manual system level actuation of critical safety functions.
| |
| * Automatic System Monitoring - The sample should include situations in which humans must monitor a risk-important automatic system.
| |
| * OER-Identified Problematic Tasks - The sample should include all personnel tasks identified as problematic during the applicant's review of operating experience.
| |
| * Range of Procedure Guided Tasks -The sample should include tasks that are well defined by procedures. Personnel should be able to understand and execute the specified steps as part of their rule-based decision-making. Regulatory Guide 1.33, Appendix A, contains several categories of "typical safety-related activities that should be covered by written procedures." The sample should include appropriate procedures in each category:
| |
| - administrative procedures
| |
| - general plant operating procedures
| |
| - procedures for startup, operation, and shutdown of safety-related systems
| |
| - procedures for abnormal, off-normal, and alarm conditions
| |
| - procedures for combating emergencies and other significant events (e.g., reactor accidents, and declaration of emergency-action levels)
| |
| - procedures for controlling radioactivity
| |
| - procedures for controlling measuring and test equipment and for surveillance tests, procedures, and calibration
| |
| - procedures for performing maintenance
| |
| - chemistry and radiochemical control procedures
| |
| © Copyright 2022 by NuScale Power, LLC 31
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph
| |
| * Range of Knowledge-Based Tasks - The sample should include tasks that Section 2.1 are not well defined by detailed procedures.
| |
| Additional Information: A situation may demand knowledge-based decision-making if the procedural rules do not fully address the problem, or when the selection of an appropriate rule is unclear. An example in a pressurized water reactor plant may be the difficulty in diagnosing a steam generator tube rupture (SGTR) with a failure of radiation monitors on the plants secondary side. This happens because (1) there is no main indication of the rupture (the presence of radiation in secondary side), and (2) the other effects of the rupture (i.e., slight changes in pressures and levels on the primary and secondary sides) may be attributed to other causes. While the operators may use procedures to treat the symptoms of the event, the determination that the cause is a SGTR may call for a situational assessment based on an understanding of the plant\'s design and the possible combinations of failures that entail the observed symptoms. Errors in rule-based decision-making result from selecting the wrong rule, or incorrectly applying a rule. Errors in knowledge-based decision-making result from mistakes in higher-level cognitive functions, such as judgment, planning, and analysis. The latter are more likely to occur in complex failure events wherein the symptoms do not resemble the typical case, and thus, are not amenable to pre-established rules.
| |
| * Range of Human Cognitive Activities - The sample should include the range of cognitive activities that personnel perform, including:
| |
| - detecting and monitoring (e.g., of critical safety-function threats)
| |
| - situation assessment (e.g., interpreting alarms and displays to diagnose faults in plant processes and in automated control and safety systems)
| |
| - planning responses (e.g., evaluating alternatives to recover from plant failures) response implementation (e.g., in-the-loop control of plant systems, assuming manual control from automatic control systems, and carrying out complicated control actions)
| |
| - obtaining feedback (e.g., feedback of the success of actions taken)
| |
| * Range of Human Interactions - The sample should include the range of interactions among plant personnel, including tasks performed independently by individual crew members, and those undertaken by a team of crew members. These interactions among plant personnel should include interactions between:
| |
| - main control room operators (e.g., operations, shift turnover walkdowns)
| |
| - main control room operators with auxiliary operators and other plant personnel performing tasks locally (e.g., maintenance or I&C technicians, chemistry technicians)
| |
| - main control room operators and the TSC and the EOF
| |
| - main control room operators with plant management, the NRC, and other outside organizations
| |
| © Copyright 2022 by NuScale Power, LLC 32
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (3) The applicant should include the following situational factors or error-forcing Section 2.1 contexts known to challenge human performance. It also should include situations specifically designed to create human errors to assess the systems error tolerance, and the ability of personnel to recover from any errors, should these occur, for example:
| |
| * High-Workload Situations - The sample should include situations where variations in human performance due to high workload and multitasking situations can be assessed.
| |
| * Varying-Workload Situations - The sample should include situations wherein variations in human performance due to workload transitions can be determined. These include conditions where there is (1) a sudden increase in the number of signals that must be detected and processed after a period in which signals were infrequent, and (2) a rapid reduction in the need for detecting signals and processing demands following a time of high sustained task-demand.
| |
| * Fatigue Situations - To the extent possible, the sample should include situations that may be associated with fatigue, such as work on backshifts and tasks performed frequently with repetitive actions, such as repeated inputs to a touch screen during plant operations or pulling rods.
| |
| * Environmental Factors - To the extent possible, the sample should include environmental conditions that may cause human performance to vary, e.g., poor lighting, extreme temperatures, high noise, and simulated radiological contamination.
| |
| 11.4.1.2 Identification of Scenarios Section 2.2, all (1) The applicant should combine the results of the sampling to identify a set of V&V scenarios to guide subsequent analyses.
| |
| Additional Information: A given scenario may combine many of the characteristics identified by sampling of operational conditions.
| |
| (2) The applicant should not bias the scenarios by overly representing the Section 2.2, all following:
| |
| * scenarios for which only positive outcomes are expected
| |
| * scenarios that, for ISV, are relatively easy to conduct (i.e., scenarios should not be avoided simply because they are demanding to set up and run on a simulator)
| |
| * scenarios that, for ISV, are familiar and well structured (e.g., which address familiar systems and failure modes that are highly compatible with plant procedures, such as textbook design-basis accidents)
| |
| © Copyright 2022 by NuScale Power, LLC 33
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.1.3 Scenario Definition Section 2.3, all (1) The applicant should identify operational conditions and scenarios to be used for HSI Task Support Verification, Design Verification, and ISV. The applicant should develop detailed scenarios suitable for use on a full-scope simulator. The level of detail should be comparable to what one would include in a test plan. For each one, the following information should be defined to reasonably assure that important dimensions of performance are addressed, and to allow the scenarios to be accurately and consistently presented for repeated trials:
| |
| * a description of the scenario and any pertinent prior history necessary for personnel to understand the state of the plant at the start-up of the scenario
| |
| * specific initial conditions (a precise definition of the plants functions, processes, systems, component conditions, and performance parameters, e.g., similar to that at shift turnover)
| |
| * events (e.g., failures) that will occur during the scenario and their initiating conditions, e.g., based on time, or a value of a specific parameter
| |
| * precise definition of workplace factors, (e.g., environmental conditions, such as low levels of illumination)
| |
| * needs for task support (e.g., procedures and technical specifications)
| |
| * staffing level
| |
| * details of communication content between control room personnel and remote personnel (e.g., load dispatcher via telephone)
| |
| * scripted responses for test personnel who will act as plant personnel in the test scenarios Additional Information: Test personnel act as surrogates for personnel outside the control room. To the greatest extent possible, prepare responses to questions that may be asked by operators communicating with the personnel outside the control room. There are limits to the ability to preplan communications because personnel may ask unanticipated questions or make unforeseen requests. However, efforts should be made to detail what information personnel outside the control room can provide, and script the responses to likely questions.
| |
| * the precise specification of what, when, and how data are to be collected and stored (including videotaping, questionnaires, and rating-scale administrations)
| |
| * precise specifications on simulator set up
| |
| * specific criteria for terminating the scenario
| |
| © Copyright 2022 by NuScale Power, LLC 34
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) The applicants scenarios should realistically replicate operator tasks in the Section 2.3, all tests; then, the findings from the test can be generalized to the plants actual operations.
| |
| (3) When the applicants scenarios include work associated with operations remote from the main control room, the effects on personnel performance due to potentially harsh environments (e.g., high radiation) should be realistically simulated (e.g., additional time to don protective clothing, and access radiologically controlled areas).
| |
| 11.4.1.4 Additional Considerations for Reviewing the HFE Aspects of N/A Plant Modifications In addition to any of the criteria above that relate to the modification being reviewed, the applicant should address the following considerations.
| |
| (1) The applicants operational conditions should reflect tasks that involve a modification, rather than the entire range of topics discussed in Section 11.4.1.
| |
| (2) For ISV, the applicants operational conditions should encompass the transfer of learning effects on personnel performance when modifying an old HSI or procedure.
| |
| Additional Information: Negative transfer of learning may occur when the new and old components are different and impose different demands on personnel.
| |
| (3) For ISV, when both old and new versions of the same HSIs are permanently present in the HSI but with different means of presentation and methods of operation, then the applicants evaluations should reasonably assure that personnel can alternate their use of these HSIs without degrading performance.
| |
| (4) Where old HSIs are to be deactivated but left in place in the HSI, the applicant should identify conditions for an ISV that would test the potential for their interfering with tasks.
| |
| Additional Information: For example, the presence of deactivated HSIs may cause visual clutter that interferes with the ability of personnel to locate and use other HSIs.
| |
| 11.4.2 Design Verification Review Criteria Section 3.1.1, all 11.4.2.1 HSI Inventory and Characterization (1) Scope - The applicant should develop an inventory of all HSIs that personnel require to complete the tasks covered in the validation scenarios that were identified by the applicants Sampling of Operational Conditions.
| |
| The inventory should include aspects of the HSI used for managing the interface, such as navigation and retrieving displays, as well as those that control the plant.
| |
| © Copyright 2022 by NuScale Power, LLC 35
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) HSI Characterization - The applicants inventory should describe the Section 3.1.2, all characteristics of each HSI within the scope of the verification. The following is a minimal set of information for this characterization:
| |
| * a unique identification code number or name
| |
| * associated plant system and subsystem
| |
| * associated personnel functions and tasks
| |
| * type of HSI, e.g.,
| |
| - computer-based control (e.g., touch screen or cursor-operated button and keyboard input)
| |
| - hardwired control (e.g., J-handle controller, button, and automatic controller)
| |
| - computer-based display (e.g., digital value and analog representation)
| |
| - hardwired display (e.g., dial, gauge, and strip-chart recorder)
| |
| * display characteristics and functionality [e.g., plant variables/parameters, units of measure, accuracy of variable/parameter, precision of display, dynamic response, and display format (e.g., bar chart or trend plot)]
| |
| * control characteristics and functionality [e.g., continuous versus discrete settings, number and type of control modes, accuracy, precision, dynamic response, and control format (method of input)]
| |
| * user-system interaction and dialog types (e.g., navigation aids and menus)
| |
| * location in data-management system (e.g., identification code for information display screen)
| |
| * physical location in the HSI (e.g., control panel section), if applicable The applicant should include photographs, copies of display screens, or similar samples of HSIs in the HSI inventory and characterization.
| |
| (3) Inventory Verification - The applicant should verify the inventory description Section 3.1.3, all of HSIs to ensure that it accurately reflects their current state.
| |
| 11.4.2.2 HSI Task Support Verification Section 3.2 HSI Task Support Verification addresses the availability of items needed to Section 3.2.1, all support task requirements. As stated in Section 11.2, the objective of the HSI Task Support Verification review is to ensure that the applicant verified that the HSI provides the needed alarms, information, controls, and task support for personnel to perform their tasks, defined by the task analysis.
| |
| (1) Verification Criteria - The applicant should base the HSI task support criteria on the alarms, controls, displays, and task support needed by personnel to complete their tasks as identified by the applicants task analysis.
| |
| (2) General Methodology - The applicant should compare the HSIs and their Section 3.2.2, all characteristics (as defined in the HSI inventory and characterization) to the needs of personnel identified in the task analysis for the defined sampling of operational conditions, noted in Section 11.4.1.
| |
| © Copyright 2022 by NuScale Power, LLC 36
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (3) HED Identification - The applicant should identify and document an HED Section 5.1 all when:
| |
| * An HSI needed for task performance (e.g., a necessary control or display) is unavailable.
| |
| * HSI characteristics do not match the requirements of the personnel task (e.g., a display may show the needed plant parameter but not within the range or precision needed for the task).
| |
| * HSIs are available that are not needed for any task.
| |
| Additional Information: Unnecessary HSIs introduce clutter, and can distract personnel from selecting the appropriate ones. It is important to verify that the HSI is unnecessary. Appropriate ones may not appear to be needed with personnel tasks for the following reasons:
| |
| * The HSI is essential for a task that the task analysis did not address (i.e.,
| |
| it was not within the scope of the design review).
| |
| * The task analysis was incomplete, overlooking the need for the HSI.
| |
| * The HSI only partially meets the established requirements for the personnel task.
| |
| (4) HED Documentation - The applicant should document HEDs to identify the Section 5.2, all HSI, the tasks affected, and the basis for the deficiency (what aspect of the HSI was identified as not meeting task requirements).
| |
| Additional Information: The analysis and correction of HEDs is detailed in Section 11.4.4, Human Engineering Discrepancy Resolution Review Criteria.
| |
| © Copyright 2022 by NuScale Power, LLC 37
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (5) Additional Methodology Considerations for Plant Modifications - In addition N/A to any of the criteria above that relate to the modification being reviewed, the applicant should address the following considerations:
| |
| * HSI Task Support Verification should address all aspects of HSIs described above related to the modification. For modifications to plant systems that do not include modifications of the HSIs, verification of task support should highlight any new demands for monitoring and control, and assess whether the existing HSI design adequately addresses them.
| |
| * HSI Task Support Verification should cover configurations in the modification in which old HSIs are deactivated permanently, but not removed (e.g., abandoned in place). Criterion 4 in this subsection states that the HSIs should not contain any information, displays, or controls that do not support personnel tasks. This verification should identify deactivated HSIs that might negatively affect personnel performance, such as obstructing the view of important information or adding visual clutter that could interfere with monitoring. The applicant should identify deactivated HSIs requiring further evaluation through HFE design verification or ISV.
| |
| * HSI Task Support Verification should address the temporary configurations of the HSIs and plant systems that may be created when establishing the modification, and so used by operations and maintenance personnel when the plant is not shutdown. These configurations may include:
| |
| - the use of HSIs that differ from the intended final design
| |
| - combinations of HSIs and system configurations that differ from both the original design and the intended final one For each temporary HSI configuration, the task requirements of personnel should be identified and compared to the information and control capabilities available.
| |
| Additional Information: For example, if a temporary configuration of plant systems introduces special monitoring requirements, the HSIs should provide the necessary information.
| |
| © Copyright 2022 by NuScale Power, LLC 38
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.2.3 HFE Design Verification Section 3.2 Section 3.2.1, all HFE Design Verification addresses the suitability of the HSI with regard to human capabilities and limitations. As stated in Section 11.2, the objective of the HFE Design Verification review is to evaluate the applicants verification that the design of the HSIs conforms to HFE guidelines.
| |
| (1) Verification Criteria - The applicant should base the criteria used for HFE Design Verification on HFE guidelines.
| |
| Additional Information: The choice of guidelines used in this verification depends upon whether the applicant developed a design-specific style guide. The acceptability of the style guide used by the applicant should be reviewed by the NRC staff using the review guidance in Section 8.4.3, HFE Design Guidance for HSIs. Using an NRC-reviewed style guide affords the criteria for verifying the HFE design. When no style guide is available, the guidelines in NUREG-0700 can be used by the applicant for this purpose.
| |
| However, because not all of the guidelines therein will be applicable to each review, the applicant should select those based on the characteristics of the HSIs being evaluated. Applicants should identify a subset of guidelines appropriate to a specific design based on the HSI characterization.
| |
| © Copyright 2022 by NuScale Power, LLC 39
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) General Methodology - The applicants HFE Design Verification Section 3.2.2, all methodology should include the following:
| |
| * Procedures for comparing the characteristics of the HSIs with HFE guidelines for (1) the defined sampling of operational conditions, as noted in Section 11.4.1, and (2) the general environment in which HSIs are sited, including workstations, control rooms, and environmental characteristics (e.g., lighting and noise).
| |
| Additional Information: A single guideline may apply to many HSIs. By verifying all HSIs within the scenarios defined in Section 11.4.1, the consistency of applying a guideline across multiple HSIs can be assessed.
| |
| * Procedures for determining for each guideline whether the HSI is "acceptable" or "discrepant." If discrepant, it should be designated as an HED, tracked, and evaluated (see Sections 2.4.4 and 11.4.4).
| |
| Additional Information: A judgment that an HSI is acceptable should be made only if compliance is total, i.e., only if every instance of the item is fully consistent with the criteria established by the HFE guidelines. If there is any noncompliance, full or partial, then an evaluation of discrepant should be given, and a notation made as to where it occurs.
| |
| * Procedures for evaluating whether an HED is a potential indicator of additional issues.
| |
| Additional Information: For example, identifying an inappropriate format for presenting data on an individual display should be considered a potential sign that other display formats might be used incorrectly, or that the observed format is employed inappropriately elsewhere. Then, the sampling strategy should be modified to encompass other display formats. In some cases, discovering these discrepancies will warrant further review in the identified areas of concern.
| |
| (3) HED Identification - The applicant should identify an HED when a Section 5.0 characteristic of the HSI is "discrepant" from a guideline.
| |
| (4) HED Documentation - The applicant should document HEDs in terms of the HSI involved, and how its characteristics depart from a particular guideline.
| |
| Additional Information: The analysis and correction of HEDs is addressed in Section 11.4.4, Human Engineering Discrepancy Resolution Review Criteria.
| |
| © Copyright 2022 by NuScale Power, LLC 40
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (5) Additional Considerations for Reviewing the HFE Aspects of Plant N/A Modifications - In addition to any of the criteria above that relate to the modification being reviewed, the applicant should address the following considerations:
| |
| * The scope of HFE design verification may be restricted to the modified HSIs and their interactions with the rest of the HSIs.
| |
| * When both old and new versions of similar HSIs are available, this verification should offer reasonable assurance that their means of presentation and methods of operation are compatible, such that personnel performance will not be impaired when alternating the use of each one.
| |
| * HEDs should be identified for the following:
| |
| - failure to meet "personnel-identified" functionality in addition to that specified by system designers. When a digital system replaces an existing system, it is important to ensure that all operational uses of the former system were addressed, even those that were not intended in the original design. The replacement system\'s design should consider the ways in which personnel actually used the former system
| |
| - poor integration with the rest of the HSI
| |
| - poor integration with procedures and training
| |
| * Temporary configurations of the HSIs and plant systems that operations and maintenance personnel may use when the plant is not shutdown, should be reviewed to verify that their design is consistent with the principles of good HFE design, including consistency with the rest of the HSIs.
| |
| 11.4.3 Integrated System Validation Section 4.0 11.4.3.1 Validation Team Section 4.1, all (1)The applicant should describe how the team performing the validation has independence from the personnel responsible for the actual design.
| |
| Additional Information: The members of the Validation Team should have no responsibility for the design; i.e., they should never have been part of the design team. While they may work for the same organization, their responsibilities must not include contributions to the design, other than validating it.
| |
| © Copyright 2022 by NuScale Power, LLC 41
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.2 Test Objectives Section 4.2, all (1) The applicant should develop detailed test objectives to provide evidence that the integrated system adequately supports plant personnel in safely operating the plant, to include the following considerations:
| |
| * Validate the acceptability of the shift staffing level(s), the assignment of tasks to crew members, and crew coordination within the control room, between the control room and local control stations and support centers, and with individuals performing tasks locally. This should encompass validating minimum shift staffing levels, nominal levels, maximum levels, and shift turnover (see Section 6 for definitions).
| |
| * Validate that the design has adequate capability for alerting, informing controlling, and feedback such that personnel tasks are successfully completed during normal plant evolutions, transients, design-basis accidents, and also under selected, risk significant events beyond-design basis, as defined by sampling operational conditions.
| |
| * Validate that specific personnel tasks can be accomplished within the time and performance criteria, with effective situational awareness, and acceptable workload levels that balance vigilance and personnel burden.
| |
| * Validate that the HSIs minimize personnel error and assure error detection and recovery capability when errors occur.
| |
| * Validate the assumptions about performance on important HAs.
| |
| Additional Information: For example, the HRA within the plant PRA contains several assumptions regarding the performance of risk-important HAs. These assumptions should be validated for dominant sequences, such as decision-making and diagnosis strategies, and also for the human actions. This process should be completed before the final quantification stage of the PRA.
| |
| * Validate that the personnel can effectively transition between the HSIs and procedures in accomplishing their tasks, and that interface management tasks, such as display configuration and navigation, are not a distraction or an undue burden.
| |
| (2) Additional Considerations for Reviewing the HFE Aspects of Plant N/A Modifications - In addition to any of the criteria above that relate to the modification being reviewed, the tests objectives and scenarios should be developed to encompass aspects of performance affected by the modified design (even when the HSIs are not modified), including personnel tasks.
| |
| © Copyright 2022 by NuScale Power, LLC 42
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.3 Validation Test beds Section 4.3 A test bed is the HSI representation used to perform validation evaluations. Section 4.3.1, all One approach an applicant can use to acceptably meet criteria 1 through 7 in this section is to use a test bed that is compliant with "Nuclear Power Plant Simulators for Use in Operator Training" (ANS, 2009).
| |
| (1) Interface Completeness - The applicants test bed should represent completely the integrated system. It should include HSIs and procedures not specifically required in the test scenarios.
| |
| Additional Information: Adjacent controls and displays may affect the ways in which personnel use those addressed by a particular validation scenario.
| |
| (2) Interface Physical Fidelity - The test beds HSIs and procedures should be Section 4.3.2, all represented with high physical fidelity to the reference design, including the presentation of alarms, displays, controls, job aids, procedures, communications equipment, interface management tools, layout, and spatial relationships.
| |
| (3) Interface Functional Fidelity - The test beds HSI and procedure Section 4.3.3, all functionality should be represented with high fidelity to the reference design. All HSI functions should be available.
| |
| Additional Information: High fidelity covers the HSI modes of operation (i.e.,
| |
| the changes in functionality that can be invoked by personnel selecting them), or changes in plant states.
| |
| (4) Environmental Fidelity - The test beds environmental fidelity should be Section 4.3.4, all represented with high physical fidelity to the reference design, including the expected levels of lighting, noise, temperature, and humidity. Thus, for example, the noise contributed by equipment, such as air-handling units, computers, and communications equipment should be represented in validation tests.
| |
| (5) Data Completeness Fidelity - Information and data provided to personnel Section 4.3.5, all should completely represent the plants systems they monitor and control.
| |
| (6)Data Content Fidelity - The test beds data content fidelity should be Section 4.3.6, all represented with high physical fidelity to the reference design. The presentation of information and controls should rest on an underlying model accurately mirroring the reference plant. The model should provide input to the HSI such that the information accurately matches that which is presented during operations.
| |
| (7) Data Dynamics Fidelity - The test beds data dynamics fidelity should be Section 4.3.7, all represented with high fidelity to the reference design. The process model should be able to provide input to the HSI so that information flow and control responses occur accurately and within the correct response time; e.g., information should be sent to personnel with the same delays as occur in the plant.
| |
| © Copyright 2022 by NuScale Power, LLC 43
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (8) For important HAs at complex HSIs remote from the main control room (e. Section 4.3.8, all g., a remote shutdown facility), where timely, precise actions are essential, the use of a simulator or mockup should be considered to verify that the requirements for human performance can be met. (For less important HAs, or for non-complex HSIs, human performance may be assessed on analysis, such as task analysis, rather than on simulations.)
| |
| (9) The applicant should verify the conformance of the test bed to the test Section 4.3.9, all bed-required characteristics before validation tests are conducted.
| |
| 11.4.3.4 Plant Personnel Section 4.4, all (1) Participants in the applicants validation tests should be representative of plant personnel who will interact with the HSI (e.g., licensed operators, rather than training personnel or engineers).
| |
| (2) To properly account for human variability, the applicant should use a sample of participants that reflects the characteristics of the population from which it is drawn. Those characteristics expected to contribute to variations in system performance should be specifically identified; the sampling process should reasonably assure that the validation encompasses variation along that dimension. Determining representativeness should include considering the participants license type and qualifications, skill/experience, age, and general demographics.
| |
| (3) In selecting personnel for participating in the tests, the applicant should consider the minimum shift staffing levels, nominal levels, and maximum levels, including shift supervisors, reactor operators, shift technical advisors, etc.
| |
| (4) The applicant should prevent bias in the sample of participants by avoiding the use of participants who:
| |
| * are members of the design organization
| |
| * participated in prior evaluations
| |
| * were selected for some specific characteristic, such as crews identified as good performers or more experienced 11.4.3.5 Performance Measurement Section 4.5, all ISV employs a hierarchal set of performance measures including measures of plant performance, personnel task performance, situation awareness, cognitive workload, and anthropometric/physiological factors. Errors of omission and commission also are identified. A hierarchal set of measures provides sufficient information to validate the integrated system design and affords a basis to evaluate deficiencies in performance and thereby identify needed improvements. Pass/fail measures are those used to determine whether the design is or is not validated. Diagnostic measures are used to better understand personnel performance and to facilitate the analyses of errors and HEDs.
| |
| © Copyright 2022 by NuScale Power, LLC 44
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.5.1 Types of Performance Measures Section 4.5.1.1, all (1) The applicant should identify the specific plant performance measures applicable to each ISV scenario.
| |
| Additional Information: They may address the performance of functions, systems, or component.
| |
| (2) The applicant should identify the primary task measures applicable to each Section 4.5.1.2, all ISV scenario.
| |
| * For each scenario, the applicant should identify the primary tasks operators must perform to accomplish scenario goals, so that such measures can be developed.
| |
| Additional Information: The primary tasks are those involved in carrying out the functional role of the operator in supervising the plant; i.e.,
| |
| monitoring, detection, situation assessment, response planning, and response implementation. Primary tasks should be assessed at a level of detail appropriate to the tasks demands. For example, for some simple scenarios, measuring the time to complete a task may suffice. For complicated tasks, especially those described as knowledge-based, it may be appropriate to undertake a fine-grained analysis, such as identifying the tasks components, viz., seeking specific data, making decisions, taking actions, and obtaining feedback.
| |
| * The measures chosen to evaluate personnel task performance should reflect those aspects of the task that are important to system performance, such as:
| |
| - time
| |
| - accuracy
| |
| - frequency
| |
| - amount achieved or accomplished
| |
| - consumption or quantity used
| |
| - subjective reports of participants
| |
| - behavior categorization by observers
| |
| * The analysis of primary tasks will support the identification of errors of omission (primary tasks not performed). Also, any actions and tasks that operators actually perform that deviate from the primary tasks should be identified and noted. These actions should be used to identify errors of commission.
| |
| © Copyright 2022 by NuScale Power, LLC 45
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (3) The applicant should identify the secondary task measures applicable to Section 4.5.1.2, each scenario. paragraph 3 Additional Information: Secondary tasks are those personnel must perform when interfacing with the HSI, such as navigating through computer screens to find a needed display and to configure HSIs. The measurement of secondary task performance should reflect the demands of the detailed HSI implementation, e.g., time to configure a workstation, navigate between displays, and manipulate them (e.g., changing display type and scale settings).
| |
| (4) The applicant should identify the measures of situation awareness Section 4.5.1.3, all applicable to each scenario.
| |
| Additional Information: Situation awareness is the degree to which personnels perception of plant parameters and understanding of the plant's condition corresponds to its actual condition at any given time and influences predictions about future states.
| |
| (5) The applicant should identify the workload measures obtained for each Section 4.5.1, all; scenario. Section 4.5.1.4 Additional Information: Workload is comprised of the physical, cognitive, and other demands that tasks place on plant personnel. The impact of one or many of these aspects of workload should be considered in the performance measures.
| |
| (6) The applicant should identify the anthropometric and physiological Section 4.5.1.5, all measures obtained for each scenario.
| |
| Additional Information: Anthropometric and physiological factors include such concerns as visibility of displays, accessibility of control devices, and ease of manipulating the control device. Many of these design aspects are assessed as part of verifying the HFEs design. Therefore, attention should focus on those areas of the design that only can be addressed by testing the integrated system, e.g., the ability of personnel effectively to use the various controls, displays, workstations, or consoles while performing their tasks.
| |
| 11.4.3.5.2 Performance Measure Information and Validation Criteria Section 4.5.2, all; Section 4.5.2.1 (1) The applicant should describe the methods by which these measures are obtained, e.g., by simulator data recording, participant questionnaires, or observation by subject-matter experts.
| |
| (2) The applicant should specify when each measure is obtained (recorded), Section 4.5.2.2 such as continuously, at specific points during the scenario, or after the scenario ends.
| |
| © Copyright 2022 by NuScale Power, LLC 46
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (3) The applicant should describe the characteristics (see Table 11-1) of the Section 4.5.2.2, performance measures. Table 4-1 Table 11-1 Characteristics of Performance Measures Characteristic Meaning Construct Validity A measure should represent accurately the aspect of performance it is intended to measure.
| |
| Reliability A measure should be repeatable; i.e., same behavior measured in exactly the same way under identical circumstances should yield the same results.
| |
| Sensitivity A measure's range (scale) and its frequency (how often data are collected) should be appropriate to that aspect of performance being assessed.
| |
| Unobtrusiveness A measure should minimally alter the psychological or physical processes that are being investigated.
| |
| Objectivity A measure should be based on easily observed phenomena.
| |
| (4) The applicant should identify the specific criterion for each measure used to Section 4.5.2.2, judge the acceptability of performance and describe its basis. Table 4-2 Additional Information: Table 11-2 describes the different bases for performance criteria.
| |
| Table 11-2 Basis for Performance Criteria Criteria Basis Meaning Requirement The observed performance of the integrated system is compared with a quantified performance requirement; i.e., the requirements for the performance of systems, subsystems, and personnel are defined through engineering analyses.
| |
| Benchmark The observed performance of the integrated system is compared with a criterion established using a benchmark system, e.g., a current system is predefined as acceptable.
| |
| Norm The observed performance of the integrated system is compared with a criterion using many predecessor systems (rather than a single benchmark system).
| |
| Expert Judgment The observed performance of the integrated system is compared with a criterion established by subject-matter experts.
| |
| (5) The applicant should identify whether each measure is a pass/fail one or a Section 4.5.2.2, final diagnostic one. paragraph
| |
| © Copyright 2022 by NuScale Power, LLC 47
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.6 Test Design Section 4.6 11.4.3.6.1 Scenario Sequencing Section 4.6.1, all (1) The applicant should balance scenarios across crews to provide each crew with a similar, representative range of scenarios.
| |
| Additional Information: Random assignment of scenarios to crews for ISV is undesirable. The value of using random assignment to control bias is effective only when the number of crews is quite large.
| |
| (2) The applicant should balance the order of presentation of scenarios to Section 4.6.2, bullet 1 crews to provide reasonable assurance that the scenarios are not always presented in the same sequence (e.g., the easy scenario is not always used first).
| |
| © Copyright 2022 by NuScale Power, LLC 48
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.6.2 Test Procedures Section 4.6.2, all (1) The applicant should use detailed, unambiguous procedures to govern the conduct of the tests. These procedures should include the following:
| |
| * the identification of which crews receive which scenarios, and the order in which they should be presented
| |
| * detailed and standardized instructions for briefing the participants Additional Information: The type of instructions given to participants can affect their performance on a task. This source of bias is minimized by developing standard instructions.
| |
| * specific directions for the testing personnel on conducting the test scenarios, as elaborated in Scenario Definition (Section 11.4.1.3)
| |
| * guidance on when and how to interact with participants when difficulties occur in simulation or testing Additional Information: Even when a high-fidelity simulator is used, the participants may encounter artifacts of the test environment that detract from their performance of the tasks that are the focus of the evaluation.
| |
| Guidance should be available to the test conductors to help resolve such conditions.
| |
| * instructions on when and how to collect and store data. These instructions should stipulate which data are to be recorded by:
| |
| - simulator computers
| |
| - special-purpose instruments and devices for collecting data (such as situation awareness- and workload-questionnaires, or physiological measures)
| |
| - video recorders (locations and views)
| |
| - test personnel and subject-matter experts (such as via observational checklists)
| |
| * procedures for documentation:
| |
| - identifying and maintaining files of test records including details of the crew and scenarios
| |
| - data collected
| |
| - logs created by those who conducted the tests
| |
| * The procedures should detail the types of information that should be logged (e.g., when the tests were performed, deviations from the test procedures and why they occurred, and any unusual events that may be important to understanding how a test was run or for interpreting the findings from it). The procedure also should state when the types of information should be recorded.
| |
| © Copyright 2022 by NuScale Power, LLC 49
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) The applicants test procedures should minimize the opportunity for bias in Section 4.6.2, final the test personnels expectations and in the participants responses. paragraph Additional Information: The expectancies of test personnel may introduce a bias if the expectations of the testers systematically influence the collection of data. Expectancies can influence performance in many ways (e.g., test personnel may, by giving subtle cues or communications, provide direction to participants, or they may tend to evaluate the performance of participants in ways that reflect more favorably upon the design than would an objective observer). Participant response bias means that the design of the test itself affects the data obtained from participants. It is not necessarily implied that a response bias represents any deliberate attempt by the participants to be untruthful. The test environment can influence participants in ways that have little to do with the tests objectives. Response bias can occur in four ways. First, participants may wish to influence outcomes and so be biased toward producing data consistent with their desired result. Second, participants may want to provide data that they think the test personnel want to obtain. Third, participants may try to figure out how performance should vary under different conditions, and then influence data to be consistent with such differences. Fourth, participants may want to excel because they know that they are being observed. See NUREG/CR 6393 (O'Hara et al., 1997) for additional information.
| |
| 11.4.3.6.3 Training Test Personnel Section 4.6.3, all (1) The applicant should train test personnel (those who conduct or administer the validation tests) on the following:
| |
| * the use and importance of test procedures
| |
| * bias and errors that test personnel may introduce into the data through failures to follow test procedures accurately or to interact with participants properly
| |
| * the importance of accurately documenting problems arising during testing, even if they were due to an oversight or error of those conducting the test 11.4.3.6.4 Training Participants Section 4.6.4, paragraph 1
| |
| (1) The applicants training of participants should be very similar to the training plant personnel receive. It should reasonably assure that the participants knowledge of the plants design, and operations, and the use of the HSIs and procedures represent that of experienced plant personnel. Participants should not be trained specifically to carry out the selected validation scenarios.
| |
| (2) To assure that the participants performance is representative of plant Section 4.6.4, paragraph personnel, the applicants training of participants should result in near 2 asymptotic performance (i.e., stable, not significantly changing from trial to trial) and should be tested for such before conducting the validation.
| |
| © Copyright 2022 by NuScale Power, LLC 50
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.6.5 Pilot Testing Section 4.6.5, all (1) The applicant should conduct a pilot study before the validation tests begin to offer an opportunity for the applicant to assess the adequacy of the test design, performance measures, and data-collection methods.
| |
| (2) The applicant should not use participants in the pilot testing who will then be participants in the validation tests.
| |
| 11.4.3.7 Data Analysis and HED Identification Section 5.0 (1) The applicant should use a combination of quantitative and qualitative methods to analyze data. The analysis should reveal the relationship between the observed performance and the established performance criteria.
| |
| (2) The applicant should discuss the method by which data is analyzed across Section 5.0 trials, and include the criteria used to determine successful performance for a given scenario.
| |
| (3) The applicant should evaluate the degree of convergence between related Section 5.0 measures (i.e., consistency between measures expected to assess the same aspect of performance).
| |
| Additional Information: For example, if situation assessment is measured by both a participant questionnaire, and an observer rating scale, the results should be consistent with each other. If they do not converge, the reason for this should be identified.
| |
| (4) When interpreting test results, the applicant should allow a margin of error Section 5.0 to reflect the fact that actual performance may be slightly more variable than observed validation-test performance.
| |
| (5) The applicant should verify the correctness of the analyses of the data. This Section 5.0 verification should be done by individuals or groups other than those who performed the original analysis, but may be from the same organization.
| |
| (6) The applicant should identify HEDs when the observed performance does Section 5.0 not meet the performance criteria.
| |
| Additional Information: The analysis and correction of HEDs is addressed in Section 11.4.4, Human Engineering Discrepancy Resolution Review Criteria.
| |
| (7) The applicant should resolve HEDs identified by pass/fail measures before Section 5.0 the design is accepted.
| |
| © Copyright 2022 by NuScale Power, LLC 51
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.3.8 Validation Conclusions Section 5.0 (1) The applicant should document the statistical and logical bases for determining that performance of the integrated system is, and will be acceptable.
| |
| (2) The applicant should document the limitations in the validation tests, their possible effects on the conclusions of the validation, and their impact on implementing the design.
| |
| Additional Information: Examples of possible limitations include:
| |
| * aspects of the tests that were not well controlled
| |
| * potential differences between the test situation and actual operations, such as the absence of productivity-safety conflicts
| |
| * potential differences between the validated design and the as-built plant or system (if validation is directed to a plant under construction where such information is available, or to a new design using the validation findings from a predecessor)
| |
| © Copyright 2022 by NuScale Power, LLC 52
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph 11.4.4 Human Engineering Discrepancy Resolution Review Criteria Section 5.0 (1) HED Analysis The applicants HED analyses should include the following:
| |
| * Personnel Tasks and Functions - The impact of HEDs on personnel tasks and the functions supported by those tasks.
| |
| Additional Information: The potential effects of HEDs is determined, in part, by the importance of the personnel function to plant safety (e.g.,
| |
| consequences of failure), and their cumulative effect on personnel performance (e.g., degree of impairment and types of potential errors).
| |
| * Plant Systems - The impact of HEDs on plant systems, considering the safety significance of that system(s), their effect on accident analyses, and their relationship to risk-significant sequences in the plants PRA.
| |
| Additional Information: The potential effects of these HEDs on the plants safety and personnel performance are determined, in part, by the safety significance of the plant system(s) related to the particular component.
| |
| * Cumulative Effects of HEDs - The analysis of HEDs should identify the cumulative effects that multiple HEDs may have on plant safety and personnel performance.
| |
| Additional Information: Although an individual HED might not be considered sufficiently severe to warrant correction, the combined effect of several of them on a single aspect of the design could significantly degrade plant safety, and therefore, necessitate corrective action.
| |
| Likewise, when a single plant system with multiple associated HEDs affects several HSIs, then their possible combined effect on the operation of that plant system should be considered.
| |
| * HEDs as Indications of Broader Issues - As well as addressing specific HEDs, the applicants analysis should determine whether the HEDs point to potentially broader problems.
| |
| Additional Information: For example, identifying multiple HEDs associated with one particular aspect of the HSI design, such as the remote shutdown panel, also might suggest other problems with that aspect of the design, such as inconsistent use of design procedures and style guides. In some cases, findings from evaluating HEDs could warrant further review in the identified areas of concern, e.g., when multiple cases of mislabeling are found, the reviewers may wish to do a more complete examination of labeling.
| |
| © Copyright 2022 by NuScale Power, LLC 53
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (2) Selection of HEDs to Correct Section 5.0, final paragraph The applicant should conduct an evaluation to identify which HEDs to correct. The evaluation should identify those HEDs that are acceptable as is (The Additional Information below provides examples). The remaining discrepancies should be denoted as HEDs to be addressed by the HED-resolution process.
| |
| HEDs the applicant should correct are those with direct safety consequences, namely, those that could adversely impact personnel performance such that the margin of plant safety may be reduced below an acceptable level. Unacceptability is indicated by such conditions as violations of Technical Specification safety limits, operating limits, or limiting conditions for operations, or failing an ISV pass/fail criterion.
| |
| HEDs with potential safety impact, not as severe as those described above, also should be corrected unless the applicant justifies leaving the condition as is.
| |
| The applicant should correct HEDs that may adversely impact personnel performance in a way that has potential consequences to plant performance or SSC operability, and personnel performance or efficiency.
| |
| This may include failing to meet personnel information needs or violating HFE guidelines for tasks associated with plant productivity, availability, and protecting investment.
| |
| Additional Information: HEDs could be acceptable within the context of the fully integrated design. The technical basis for such a determination could include an analysis of recent research literature, current practices, tradeoff studies, or design engineering evaluations.
| |
| (3) Development of Design Solutions Section 5.2, all Also described in The applicant should identify design solutions to correct HEDs. As part of Reference 8.2.1.
| |
| the design solution, the application should evaluate the interrelationships of individual HEDs.
| |
| Additional Information: HEDs should not be considered in isolation and to the extent possible, their potential interactions should be considered when developing and implementing solutions. For example, if the HSI for a single plant system is associated with many HEDs, then the set of design solutions should be coordinated to enhance overall performance and avoid incompatibilities between individual solutions. Similarly, if a single plant system is associated with multiple HSIs associated with HEDs, then the design of individual solutions should be harmonized so that the outcome enhances rather than detracts from that system's operation. Approaches that develop design solutions to some HEDs before all are identified in a particular V&V activity are acceptable provided that the potential interactions between HEDs are specifically considered before implementing the design solutions.
| |
| © Copyright 2022 by NuScale Power, LLC 54
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 Table 7-1 Conformance with NUREG-0711 (Continued)
| |
| HFE V&V IP Section No.
| |
| Review Criteria and paragraph (4) Design Solution Evaluation Section 5.2, all Also described in The applicant should evaluate design solutions to demonstrate the Reference 8.2.1.
| |
| resolution of that HED and to ensure that new HEDs are not introduced.
| |
| Generally, the evaluation should use the V&V method that originally detected the HED.
| |
| Additional Information: For example, if the HED was identified using HFE Design Verification, then that verification should be employed to evaluate the solution. However, there may be reasons for documenting a satisfactory resolution using other methods. For example, if an aspect of the HSI was significantly changed from the resolution of multiple HEDs, the final HSI design may be validated to ensure that the net effect of all the changes is acceptable.
| |
| (5) HED Evaluation Documentation Section 5.2 all The applicant should document each HED, including:
| |
| * the basis for not correcting an HED
| |
| * related personnel tasks and functions
| |
| * related plant systems
| |
| * cumulative effects of HEDs
| |
| * HEDs as indications of broader issues Additional Information: Some, or all, of this documentation may be included in the issues tracking system (Section 2.4.4). Other information, such as cumulative effects or indications of broader issues, may be documented separately.
| |
| © Copyright 2022 by NuScale Power, LLC 55
| |
| | |
| Human Factors Engineering Verification and Validation Implementation Plan TR-130415-NP Revision 0 8.0 References 8.1 Source Documents 8.1.1. U.S. Nuclear Regulatory Commission, Human Factors Engineering Program Review Model NUREG-0711, Rev. 3, November 2012.
| |
| 8.1.2. U.S. Nuclear Regulatory Commission, Integrated System Validation:
| |
| Methodology and Review Criteria NUREG/CR-6393, January 1997.
| |
| 8.1.3. U.S. Nuclear Regulatory Commission, Human-System Interface Design Review Guidelines NUREG-0700, Rev. 3, July 2020.
| |
| 8.2 Referenced Documents 8.2.1. NuScale Human Factors Engineering Program Management Plan, TR-130414, Revision 0.
| |
| 8.2.2. NuScale Human Factors Engineering Staffing and Qualifications Results Summary Report, TR-130412, Revision 0.
| |
| © Copyright 2022 by NuScale Power, LLC 56
| |
| | |
| LO-130882 :
| |
| Affidavit of Carrie Fosaaen, AF-131833 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com
| |
| | |
| NuScale Power, LLC AFFIDAVIT of Carrie Fosaaen I, Carrie Fosaaen, state as follows:
| |
| (1) I am the Senior Director of Regulatory Affairs of NuScale Power, LLC (NuScale), and as such, I have been specifically delegated the function of reviewing the information described in this Affidavit that NuScale seeks to have withheld from public disclosure, and am authorized to apply for its withholding on behalf of NuScale (2) I am knowledgeable of the criteria and procedures used by NuScale in designating information as a trade secret, privileged, or as confidential commercial or financial information. This request to withhold information from public disclosure is driven by one or more of the following:
| |
| (a) The information requested to be withheld reveals distinguishing aspects of a process (or component, structure, tool, method, etc.) whose use by NuScale competitors, without a license from NuScale, would constitute a competitive economic disadvantage to NuScale.
| |
| (b) The information requested to be withheld consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.), and the application of the data secures a competitive economic advantage, as described more fully in paragraph 3 of this Affidavit.
| |
| (c) Use by a competitor of the information requested to be withheld would reduce the competitors expenditure of resources, or improve its competitive position, in the design, manufacture, shipment, installation, assurance of quality, or licensing of a similar product.
| |
| (d) The information requested to be withheld reveals cost or price information, production capabilities, budget levels, or commercial strategies of NuScale.
| |
| (e) The information requested to be withheld consists of patentable ideas.
| |
| (3) Public disclosure of the information sought to be withheld is likely to cause substantial harm to NuScales competitive position and foreclose or reduce the availability of profit-making opportunities. The accompanying report reveals distinguishing aspects about the method by which NuScale develops its Human Factors Engineering.
| |
| NuScale has performed significant research and evaluation to develop a basis for this method and has invested significant resources, including the expenditure of a considerable sum of money.
| |
| The precise financial value of the information is difficult to quantify, but it is a key element of the design basis for a NuScale plant and, therefore, has substantial value to NuScale.
| |
| If the information were disclosed to the public, NuScale's competitors would have access to the information without purchasing the right to use it or having been required to undertake a similar expenditure of resources. Such disclosure would constitute a misappropriation of NuScale's intellectual property, and would deprive NuScale of the opportunity to exercise its competitive advantage to seek an adequate return on its investment.
| |
| (4) The information sought to be withheld is in the enclosed report entitled Human Factors Engineering.
| |
| The enclosure contains the designation Proprietary" at the top of each page containing proprietary information. The information considered by NuScale to be proprietary is identified within double braces, "(( }}" in the document.
| |
| (5) The basis for proposing that the information be withheld is that NuScale treats the information as a trade secret, privileged, or as confidential commercial or financial information. NuScale relies upon the exemption from disclosure set forth in the Freedom of Information Act ("FOIA"), 5 USC § AF-131833 Page 1 of 2
| |
| | |
| 552(b)(4), as well as exemptions applicable to the NRC under 10 CFR §§ 2.390(a)(4) and 9.17(a)(4).
| |
| (6) Pursuant to the provisions set forth in 10 CFR § 2.390(b)(4), the following is provided for consideration by the Commission in determining whether the information sought to be withheld from public disclosure should be withheld:
| |
| (a) The information sought to be withheld is owned and has been held in confidence by NuScale.
| |
| (b) The information is of a sort customarily held in confidence by NuScale and, to the best of my knowledge and belief, consistently has been held in confidence by NuScale. The procedure for approval of external release of such information typically requires review by the staff manager, project manager, chief technology officer or other equivalent authority, or the manager of the cognizant marketing function (or his delegate), for technical content, competitive effect, and determination of the accuracy of the proprietary designation.
| |
| Disclosures outside NuScale are limited to regulatory bodies, customers and potential customers and their agents, suppliers, licensees, and others with a legitimate need for the information, and then only in accordance with appropriate regulatory provisions or contractual agreements to maintain confidentiality.
| |
| (c) The information is being transmitted to and received by the NRC in confidence.
| |
| (d) No public disclosure of the information has been made, and it is not available in public sources. All disclosures to third parties, including any required transmittals to NRC, have been made, or must be made, pursuant to regulatory provisions or contractual agreements that provide for maintenance of the information in confidence.
| |
| (e) Public disclosure of the information is likely to cause substantial harm to the competitive position of NuScale, taking into account the value of the information to NuScale, the amount of effort and money expended by NuScale in developing the information, and the difficulty others would have in acquiring or duplicating the information. The information sought to be withheld is part of NuScale's technology that provides NuScale with a competitive advantage over other firms in the industry. NuScale has invested significant human and financial capital in developing this technology and NuScale believes it would be difficult for others to duplicate the technology without access to the information sought to be withheld.
| |
| I declare under penalty of perjury that the foregoing is true and correct. Executed on 12/31/2022.
| |
| Carrie Fosaaen AF-131833 Page 2 of 2}}
| |