Rev 2 to Programmatic Level Description of AP600 Human Factors V&V Plan

ML20138J283
Person / Time
Site:	05200003
Issue date:	01/27/1997
From:	WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To:
Shared Package
ML20138J282	List: ML20138J283 ML20138J287 NSD-NRC-97-4961, Forwards Rev 2 of WCAP-14401, Programmatic Level Description of AP600 Human Factors V&V Plan, to Address Dser Open Item 18.11.3.4-1 & Rev 2 to WCAP-14396, Man-In- the-Loop Test Plan Description
References
WCAP-14401, WCAP-14401-R02, WCAP-14401-R2, NUDOCS 9702060334
Download: ML20138J283 (23)
v • d • e

Text

e -

... . :*:.. u.., . .. . . . . . ,, ;. : . o ,. . . : i ,; -  ::.3* .,,. 3 6:x ,, ;. , -l... : i . : , . w .,,.p. ,. , t. s. ,u.. y. . ..,,s. . -

.y ..u  ?:

..$;'.. ! ':.'4<. . .k.

I Y YN'Y^ $; . , ,.., . f. aav. f ,.$;g l:-. .. f.' .. ' , .;%,,,~;. ' .'.l ' :,f+ '.E. .,;.l,. ,', .;..". >-.', A. ',N.

T.). Fjk.. :. ..I:?iI ... hlr 1'1.Y_

.s L . q .:

• i,~, . E.;; i,. y,, .K 's4:. i! .n 4.^

• , h ",_ '.. y _h > ,l*A. ,

*.!;l.ff ; . %' '; .,. 4p

,,: ~

:k....sr..l'.  ;

^

A::)._  ?' : ?,k. '.f.fg - s y *

./. . Q' 3 .y L,: . . f..!,Y'; ly:.;< ll*%i.g . . , .l;ll'.:."<:*h o *22_ A '-b,',yd C t - ) .lQ _L.  ;<'. .

. . . .. . . q ! <......c,.:.'.

A

.M, - . .R. . ' . tp,!l.-*;.

_. -  :. ihv.s ::,;t. + >:. : .:;;; f.. . . . .y ,, i .t. *

.y.,...

.., :i.:. ,f.

. L ;'.

..?. .. .,j, '.-;. 4,

.' .. 9,<;; .

. . .

r,.. s .:.:. r< y '.C ^ .;,<.

. y'.p. ;4. 9 },, . s.:?._).q.v .

,..s.',a......<,~..

-.x:, ).sq.,  ;

9.:.n. .:

,if..a. .'i.- _..

.. r (.v. ., . ,; h,.

s ,: si

. . .. .,,. .~ , ..r:.., .

ir :=. '. . w. :l '

ff.i,*,fj:f. .c-., ;',%..

. . . . . . 5 .

' ' ... i

). . ~;. , G.1l- ; ,N . ._y',[ ,.:3.:

. 7. !p.s;.s ., { l:)q 'l.".,.. i,'; ':,. N' :y y"Q',y:s,;. j. Q.l f y .l;j]. ' , .l

", },'c .;.f, .'(. ..~./ :5 lO_f , :f,_3

• j'; l Q* ) ~:

),j,'Q'f.3 ff: >-

r, v'(. ' ;t g:Wh l.i.:('l..l};':Y.];.;': f,f. .'. '- '

~

. ;l- ).i ' .' ***

. , #;

lg %&_ .

..j ya ..*n um,"#.~~

* , ' .d " . ~~..;.

.

: . y .'

n. .

a

.. ' !; ; ';;;' . :y ..::: . . . . , . .. .. * ~ _ . .s. : ; * .. .. . . . c , .  :. . : ; h; 7yy a. 6:*';. .J s.: 3 ;:. + :;.a .

' ^

. .;. , . . ..:s ,

'[ . i '

.i;r . . . j. . .

.. . e

. ).k..

. . . .,.. r : . . , ..;,:*%..,,-.-

y. . ..

+.,.r .c. . :

2::..:v, .c; . 4. ~v. i. g .

n;. . .. ..: .

.y u. ',. ; .. ;., . ., +. .: .. .ps; .. , .s1.' p, y;g  ;.._.g

..w

; :%.

' ,4v. ,

. ,, l:' ' ~ . 3' A ,..:

... r . v.. . ' .

~. .. ~m.1. x :.; .>. .*) :=

,. .. .y.,:, - :Q.. ,- ..% . .. . _.,,..:.

.,, ; : , .;,, p . , . ,

l : . % * .' Ti.. : %.i.il*'.,*..'.';.Y. 6,

'h .g;1 .- i'. '. t;,-'.

. ' ;.,:.1'.'l .%9<.."**s.%. .1 * ,

..,, , .': i;?: &, ". . .,' *+,.- .rl. . , :: ;l..,:a&.?

.* j ,a.)

3.

.i /; . . .. r .e.  ; .. . ,. ~ * . j: *. ! *. .. . . s;;

,n * - - [N.7~. .:^*s,

. ': .~*. ..,'.;.,,.~<:'.* , , l'.. 'y tn a o

's

,n*. A . ,k : .,

l, ,'. .;> n.. ~ -

y  ;. -. :.i ."iti % - .-

s ..~ , s : . .f;k. . . ;. . ,;;k:y.. ". ,;.,',;.Q [,:, ' .; \ ?". -

. .$e ;

1.

7..l '. . r . .

d.;::.; [:.p..,  :: :

1. 4,.:. e. ..., ; . . .; . :, .. . ! '. . . n- .

<te. . -

.: ? . ... ., k . * . : . .. ,; t 4

?* - ,. . . *

• f:- .q

. . . os. * * ..:3's

. . -l!:! .. :l'j* .{'N'; . kw :s .l..g .,% .,_.;' . . .,,${ . .b ^]::,'.. ; ; ;,,$-

r., *

. .,..:!s .. ,s :'. 4 " * ;: .,-

,'i. , . ., %; d; , i: - .. ' . .v.,,y.,..,

..y..:.-,  :,; . ..*~

,, w'l :. . 1. ?t *

. : : s,;: . <ogs .. *. , ='.,c' f

. .t . o': r.. , '.. ,: , . . .w:.t %. .: f.

.;, , : a; ;

u:?::o g: ......t ;4., q<,? . Q O- .,;f '. ,* :y' b

' '. h..';ho ' '} i\ . , ,N' }, y,, ., ' a T al:,f,cr , A.',.'. ;l ~I':*,, il. . g.  ?,f . ll - l'{.".

f.f.;'h.'.*.  : n,.. , : .> ,,:,; ";p'fi ll*

a. <s.. G

. e

^,.; m.:

.,..).....y,...,. w* - ,

u . .. s- -

? s

'.,,. ,'l.:,s .s,;: ,, ;,..,,,.'y'.'.;.,..,lr.

?u&#.N.. . .. ;/;< *b:,_y'.: .-l'...;* Vy g.. ..._:..-

. .-* .,.,u.  ; ; ).. ': . : -  ;.- ,....- , g ye e g*, .e L:

. . *,.-'.7 9; :. : .j.'s.,

. x,.,

. 4 ' ;_

e ; ...<o  :' ; :g.-,,7.- ,:

,;n

,7 , a - ..f

v. . . , la

'.'.7

. _ <: ;e.

). . . ; '7,r ', ; l . y a ; l . ., . ;; *. .' .

z

'.: .; %, <g . a - ;

'V , r . ;.'.,.-' . . 2, ,t . -r_ . ,*, . c ,.,  ;

• G .. , . i of,' y:,,,.y, .; ie , .l : *f ,.>, , . * "-

. > .l<. . ,,.' '..,)^*, *  :

.;o .;r :~,.. ,. . 's.....:.>.'y,',:,..,'*'**  :

r:

. e , .r . .,;,,,. (,, .; : o, ' ' . '

. - .4. . .. .=..,..;, .,..,.,..t:.. 'j',,."::,.k,**'.,'.'",'.'..

t;..

• n * , ,

e

• ' , .,g.b . ..

- ., ,9

't '

• 'r. ..'l v,I 1 ': s ;,,'.o,. **- .-

l=

s.  % ;' ' . . . '

t g.

[.[.),'[... , . .d, t l.::, ,,.; f.T j...,;t. Q:... , ~... . '#' : J: :'; l/ O' J 3

". f. ,. . ., ). '/.,);' .k ,. , . ,;' 'l.;f,. }/ .- , t.: .; 0 - , 5. '."t - .

.f 8 i

,1. ,,: '.5:; 4 .:.i.

h . . . . . . . . - -

. , ; . . . J.- .

5 a.,...,.. -

. ;;, ..:*, y:,).;' ' '>;;6 ,n.:l,,,:,t'.' ',p

'Q .e.... :. .:. . .. . .

.',y',' .- _f.,

• . 6: ,;,, I,j  ;. .:; -).:.lJ :.: * '. L2.;.r,- , fey ? : ,,, ^':[.j. " d . *.. ' \..  :.

C:. .., . :Q ,3l*,;**,,7.3 .~'f 7: , .. .; , 4 . ,, . ' ..)l *: j, a <*;'.;. ;'.&. ,::,.

l ;*Y

.p,.,,  ; *C ,,:ll f3. g;s.

q

'. ,', l/ . [..,'.: .-

s ,i a , ; s y,,  :

,,.,.h .;,. ,. ;, . , r *)\.. :7 , ., .:

,, . G = l;,. '; ,,

s

r. .,. . :

, . . 3 . '= '. *: . . ' * :.

., .7

,.,; \.. ,  :',., ,; ve. y *:**,. ..;_ .,

.- J. e u .  ; .  :.r,::- . . :,: , . ;. . ' .

.f  : . ' . ,, . ,"w' e.y>

.[ . '. ; ..a , y

}e

.:ya. 's....-

'.' .. '.-. >. ,pQ. n. ..; .x,.An,:  % . '-::,'. 4,f < . ., : ;?:. :,r. ., ;......~....:q.. *:.  :.::, .[;;. n . K.1, .".

.: ..:. A. . : .. , .: , . .., : m' :.s  ::_; i \ i .' 4.]s :: : ..

. * < .. ,s ,

.g ' ;; & ,;.:

. .. s .%., ,.. . .. .:;; ~.,.,  %. . 7.  ;, ,; i.q,;;.  ;.;,ny). . ;9 . . u.:. .1., ,:;,g;!::,.k,:'.:,J

.,..b- .

, ,a . . , , , .. , g,

..,....g.n...,. e,..

..o ., ;,.. . . ..n... .

a, ,:.; ,,.J_ .j - -l ,.

e, .j .. .. ,. .

, ' " ,* ,' ' :,f , l ,; . s. le -*4,',.,,,,

.,t,, ,, . : ' ,; Q. ;

y,j' " , u . .,p l: . :. -; Y * ..;-}.,,- ,g . . ' ;* , * ;. ,4 . , .

. 1, . M l ty . e , e 7...

n";-

• ' ^

A

.=,'. ,.r. .f; . , . ' ..'

.-l

. f , ., N*

, .. . g,.  :

. . . . .. .,..'. ,Y. .. s.* hl,:.? . . .. .'

'-. ' .~

. . .u

..  ;,..1:: ' : .-

• . .. : i ,i : .~~. .e' . : , -b ,? .....s.

y.,.' .v .. ; : t. . . .

e. -.., n; .'::a'q.,,......: . :..- . . ,,. ,1..3.,*.'.'..

..s

.  : .n.

.s...' c . 4;.2. .c . ':.. .- .::.: ;.

.: 3... :. ..,:.  ::

g .

s.

. <  : .y; a . a, . , y ,i . . ,. , .., .~ . . . ,.  :

,o ..

., ..u..' :, . . : . .;.. d: - . . ye.. .q.*- - .  :. >  ;, .  : .e :- .~-:. : <."u' . :3. ,< .

~r . ..1-,;' s .

a ... .*...... *: . ..: -

.;......o-s..- . j ; ' .' w. '>9.,.  ! . ..t J-

c ' .. , '.

.,'m

. ,; r l, ' o,.,r . s: g .

a'*

. e :F:\.#

$,y's

?. !* ' b J

"l -[*f., *; ':,, ' . l'd-

. , - > 4.*'..*

1. [' * ~ .) C '- ' ,- '*' (-

r ,

.';,',',.,..,'.\;*' ..;...,s'*., .: ' ;, 4,. ' s. ' : -' .:)

z <.!. .  ; . -

. j  :; . .  :::. .

- Q:  :  : .- ' . * ' ' . .

. N,.

, .  : _ . v ,. .c tM: - *.

b. . , . +. -.. :ic'j.'.'..,'.' , _.

v ^ ,, .

'" *t ; r : . : : ,,t,,:: . ,e . ., ; . - * . s.3 .c

.; _*O..

. :, ls.:. u.

y.,.

. ;a '.;. . * ;.Q

-, . '; - - . . *. d { . '. s . s,-' * ' *!s:. :. f) - m';f

, ::.3' :T: :. t;,, :nf ' ':, %.: .4 )?!, .:n' r.,

f .-l:...l .- .

, ,' .;  :- e .

, . ,  ;; + ;, , . ;- g, - ) ; ., .y . . ( q, . . . . . :;.,j.: ,. , [,:::<.. . ;: .. .; < _ .. ._'j ; . ;:.f._ y ..;;..

_ .  ;;, .g *:5 (< -

^

";; . . . :E , ;j[. -

,n i-'a.

p. .

. . . - . % ; ;.f ;. .

. . . . c . :p; .; , .t,; -f g 3' p:r.g.-* .., .?-

4.,y.:.t .'.'t. . : : f. ..

'....*'c~

• .r; .

.. , . .; y . , , . , . .

.....t.,

s:+A ,. .%. .s.%w

,. m..;.

L. ; .s..~;.,,v..s ~o ;;,:v .\':;....: > .. . . :

9. :, : .~:.., _ .' :::( ., : .

s, s. ".  :.

~;

.s, c. . .. . ,, , .  ;. s.....- . : n.o-,.h..

.s. . 1 Wo,G,..r

.i.*.es . ::, . r:n y't .,. ~t; . *,: ,.i.g.s. . 4 . .. c .,;. . , ' w:

. u , .; . ey:. p.g.M.,.p~p

,; - -.. .t, ..;...

wr

.g;.::.: '.fr. ... q.

's : . ... .. . .

-%: .; ..y . ~; r:n .~ c :  : : . :v . w ,;  :.. A; i .. l;v ~-.

?:;, - Q 4  :

. R..g.... ..

'e, :b.:. . .z -

m i .s!.;.3,;. e :g,. ,cv f ........:

.r.;' .;. ,. ..pl.- .. . . .i .s" - ., ~;>. ' ^ .?' . ;+'t . . : . _ l* .'c ',%, .. .,y;c; X+. v.,  %,..i:'. 'w% g:d.*t.f 4. a .; i ;? ~ ..My T. m ~y ;;; .. : . f. . -

i3 s,n: :.: .

j3 ,.p,P. 1'. ..nO , .

e

c. 3

.. ,5 :

't$y.

.:. 'p)llh b,.V & @:-

hi lY48.l;glp i: .((, ; ;; g;,;,:f..;;;Q _:. (l.) .s- l. ., \ _ :_,

,f .,\.

.r:jW*  ; ;.y; j f_.;.i ;Q;;J'.

f;} f',k :!.'a ,

l',:.fr.?,,I, .{ . ..,f, .,..'.],l:., yo .,:.g' l  ?.9 ; -),h;;% y'y.

i y ;f. J. -+ ;. ;' c . :

'g., .: .,*e %, ,,~; :

.; k,y . ._ . J't *:-

' ., b . s +, . ,

'.M.. s , . ' ' ' , W ' j;:;.:n L '.f_ r;.. . .: _ ,,1:n .:~ ?"'. .4' %:5;L g.' '. .S:'. . ; 7; q

.':.J[l{j.,

..,r

' : { J.

• t *, . :,.

.s '

s. . .p_..

'Q

,t. @;:

z;. , ... .

.n  ; :

." .:': '.T, .. ; ] D;iN. . ;' ..

, z'.%if,'.-L';

. . . - .. 1

" 9 ,' i s l:;j. Q1..:.F.

)e upl; :f. ,, ;, -

. :,.; J. .,y" ; ;.,

h[h

• ( $ k ^'. 0

- h Il

.h. . eY. . 3. J. h..g*..  :

..? *1 h3..h,!$; . ;.N.. ;  :

,i w[' * . .(%5.. , :. 5 . 'l. .n.. . l\)Jm l f .h ,(7 : .: .Q.. . . h.u . ,

h', ..+..

. y .y" . .;in

-u

.; . .. t .; > l .' , ~-. .: :- -

.,.  ?

. ;;;.'. z,:;.r.,

r . . a. ;r

-..e..'.

v.:. : ..c  ?  ;'I v .: ,:y .dh / L...:...'y

%.+.

- - r .~,:*. :. . :. . . ,. -- 'y-:" :. '. .. ~. < . i '. . ..Ys .. < q. .s%W.

p. = ., n. -n:

%, .y

- fc. c.. ,:?,:r.

1,h.:... -[;;g:,.r .

.n

~n

..,.:.__ .j m.:'

- . " 4:  ; ' clta; :;:J. .

_: .;a .

.u.:.,t.

,.+; . " v ; . .) . c.<N .l,.; *, V..p:...

.%, ;' . ' . . .. ng::% Mc d:y

• t y.L; ..<n,.. ';-,

.;."c4 y 7. 9. if.4. . /, .3  ;,* * .

, '(. . .;

p . j: -

i 5 , , . .

,ye, - ,, 'g.

. . <.t h.

.. ~.,: ;t s f .s y,,:.  : 3 yy',.. .-

[ . .!,', . .. b . 'hf, 'l .

l' . .. l , N .t' (( j h. t -

Mf f [ ,

h M@-EMQW E ; . s,',$,k $< l.. ,' '.* ,, p. . :$.- c.&l( }WW;&. W ,MO

$$, . :$,c.MN.es..& y~.

j

.:1 .m

.N,, k.$.~W< v .x 4 y.

3;.kbb,

,,y,r &%5'.f.&. - 4 g,Q:, ~ : - --

Oa.lL &:a: VY .

f?

.  ; t :W .* j ."',- t *: ' .

..!$ .. s .?,

,f' , s

. p N. '{YN MM

• ?  %'. ,*[i I ' d -

' . ' ':a. ' t f', Yf;tA:.'t.[ag%.'N m: ?!';.:;?by'Q?n.'h%f5 8. *-)$ I }'D '"e! A-Ilp;%,h,:'.h . f;;s.4:$.i :y'M Mh 4',. Mig'u]::';fti(:N:: N'% 'h'y ' 9. k*Qhf Kz M. y %'d'.. ;/D -l% _ ,

- Y,.+u.Y,kg@I'-

;;9:.; , ,

',e '. [

y.  ; r. +  ; s(:.' ,,. ..

8 . ',

- s . . [, .t

a. r.g.;

4,. lh [.!?

t .

s : . .h%.' Y "'.d. 7 . .::w[ . w c:n p' .p'k.m. ,:.::  ;

.n3..c:>  : m.;;n '~:a.  :;j .v.,:n, j?hY:{l.:. . . &.;, y'$  :::$ffr. {l'  ?'$., Q :::. ' *;.fh')q:y &,..:. ...

qD, : &

.  :]*!(':\

_- ~ I;?;  : .?: .N., on &.yy?t.,p.. ,,. ,')Q s r_ .

)f(t,...~;'i .- .l? N. a,Y.9 1

• . , . s - .; . ,. - . ~ , ..n....,e4?..m ., y 4

% { .. e .s.e ,p 3 4,.,n -

,;; . .p:*

• o,a. g. ,

• . .s.: : - n-. o. ... ,*.1lt .. :, s' . f. . .o$ s: . ' ., .,..s.+.h(

s ..s..

r.

g y. _. . g. l ,  ;...,as., n...;- -

A,,.' s * .= tl  :

, , k s,b. ' ' r l'^ .

l. . ' '} . 6 '

. . . n,il%'Y::<;;[. f,. '%'A :

'$'.?:,2h*

l.g 3.

. 9) ,.'.. ] !1,:.'v : '.::;?.

..N?  % l:Ch k':':::. * $

s :r..: .,e M'. .t :.':lg,0. . d4 h i y .?'i. :.v6V".*..

'?. ;:v 1'. . :V 0 Aff:<L " .;*: ' T. f;' {' L s:

'.%. ~,;.L.'.s-'l,; *&..s- .%. ' *?f. j :.% J.a::"..M.W:fy,.g v .a y.V;:w. . ~.%.%,$,

f.'..sf q% yQ% *' t

Ih

'. f. ,'.:qW:;(.&.Qs,  %,. .Q**:;t Q;; . s. -%j)y,. .U%p,9'.%..':.*Q ey . !:45:. . :., ' ,, ,

l 74 w ..\%.y 8,h, p..=.; 4lO.n.:,.yi  ; ?. ,;v..' :, , qf.

n. ..a <;, . . jB> ,. '

.- <t,. .. m .

.p . ";?.

- V,,:s. Nils

%. ;.rN v.u,: . : ..' . ~ i p d.. ;  :'. '; dp,n:4.' . +w}- .;;y ?> dv;p*:.g.-Q f.,: :. p'%. , W: .v:*Q':? P. :

' :; '.::N:

. .k . ; - ,5 4

p: y i,p.p; . 'Ia;. . . :..> ,. :,q:yq:. .y~; ,

• r ,w,. .v

$:,  ; C. $,$':%(k.:.j ,

e : .:. .q, .a . y y . 3 :n .. c.. :.s i .!; . ,e.

. . .fg

.,y. f M4, Wf.e-  ;.s ,yl.9 ,

a ; y. ., ... .g;:e  :.: ce v ' .t.,;1,%y:>;;p :qf t.e?. y t

<.,, . . a;:o d .. e : . ..

eu. v - .

ti

l, W::.  ;;'v.. g. v M e;'L . 'Q. \ .r

. '."..l::Q;;Q(s.Wh,.e h ..

Mg,.h!N/M.& .,%v.:. U r* :g;,.. A ,: J:.;4,y: ;ib..c.w kh 7Jg$Qh,,b . ., . . s k 4.;::,

S. .':%. n2:$5 (; Y. '."..',,[.k.. l

, ..q,{. h

4. i;w%,Lg :;& ._FQ %s,d,;fdy,$,y.y

. . . M b. %;. 'p[ y.m . m.W c

.e .. J.

s y..

w' n; .. .y s

.. : .@-[.:.;.M: W . n ::.:V./: Q ;:

c. .;m .s. . . .

l pl.*;; n 4 %;..y . . gemO .t;&..:

. 4 ;

m. DM i%w$w@S$a$n;.:..;,f.TMN,p.~;4, h*:..E J. .

M sh g M:qg::.':'hM@%.

i

-Q$:

m @f $n$gmw f.; .5WM MS$p@%.r$;  :.

r% y%w. ;:.

~

u,hbh

' n .,?..h , r.u :.. k. nhh. w.h.. N . : . n .7 y . w.s. ,: m . g$ y . n e , n.,. y? '

'I k

hwM.g p.h Qgy 4p a y m m bn.w%w n*a%

mn W* pm%ewm%.@a?f?&epph.j$

.$...:gm.:.;w&;y%cv-nGV..

.y:..

n 4 m.L swv . v ':b ::6. >%%;%~ )m./ :.$MW y s. m.Vp:.M Nc

y.:

, wy .,

h W W'.$wb '-y M .Qs Yh '

~ ' a, 2

. s .y ;

%g:s iff.

1 "I MMWMessa%@$[dMMLAa Jh$$' "

M5

. Westinghouse Non-Proprietary Class 3 WC AP-144b1

$ $' $ $ $ $$ $; Revision 2 Programmatic Level Description of the AP600 Human Factors Verification an'd Validation Plan W e.s t i n g h o u s e. E n e r g y S y s t e m s f j i k if .,j

, i m

AP600 DOCUMENT COVER SHEET TDC: IDS: 1 S Form 58202G(5/94) AP600 CENTRAL FILE USE ONLY:

0058.FRM RFS#: RFS ITEM #:

AP600 DOCUMENT NO. REVISION NO. ASSIGNED TO AP600 Doc. No. OCS-GEH-00-002 1 Page 1 of ALTERNATE DOCUMENT NUMBER: WCAP-14401, Rev. 2 WORK BREAKDOWN #: 3.3.2.4.5 DESIGN AGENT ORGANIZATION: WESTINGHOUSE TITLE: Progrommatic Level Description of the AP600 Human Factors Verification and Validation Plan ATTACHMENTS: DCP #/REV. INCORPORATED IN THIS DOCUMENT REVISION:

CALCULATION / ANALYSIS

REFERENCE:

ELECTRONIC FILENAME ELECTRONIC FILE FORMAT ELECTRONIC FILE DESCRIPTION m:\3463w.wpf Wordperfect l

(C) WESTINGHOUSE ELECTRIC CORPORATION 199fL 0 WESTINGHOUSE PROPRIETARY CLASS 2  !

This document contains information proprietary to Westinghouse Electric Corporation; it is submitted in confidence and is to be used solely for the purpose for which it is fumished and retumed upon request. This document and such information is not to be reproduced, transmitted, disclosed '

or used otherwise in whole or in part without prior written authorization of Westinghouse Electric Corporation Energy Systems Business Unit, subject to the legends contained hereof.

O WESTINGHOUSE PROPRIETARY CLASS 2C This document is the property of and contains Proprietary information owned by Westinghouse Electnc Corporation and/or its subcontractors and suppliers, it is transmitted to you in confidence and trust, and you agree to treat this document in strict accordance with the terms and conditions of the agreement under which it was provided to you.

@ WESTINGHOUSE CLASS 3 (NON PROPRIETARY)

COMPLETE 1 IF WORK PERFORMED UNDER DESIGN CERTIFICATION ~OR COMPLETE 2 IF WORK PERFORMED UNDER FOAKE.

1 @ DOE DESIGN CERTIFICATION PROGRAM - GOVEPNMENT LIMIND RIGHTS STATEMENT ISee page 2)

Copyright statement A license is reserved to the U.S. Govemment under contract DE-AC03-90SF18495.

@ DOE SubjectCONTRACT DELIVERABLES (DELIV".AED DATA) to specified exceptions, disclosure of this dam is restricted until September 30,1995 or Desig 90SF18495, .vhichever is later.

EPRI CONFIDENTIAL: NOTICE: 1 N 2 3 4 5 CATEGORY: A N B C D EO F 2 O ARC FOAKE PROGRAM - ARC LIMITED RIGHTS STATEMENT [See page 2)

Copyright statement A license is reserved to the U.S. Govemment under contract DE-FCO2-NE34267 and subcontract ARC-93 3-SC-001.

i 0 ARC CONTRACT DELIVERABLES (CONTRACT DATA) l Subject to specified exceptions, disclosure of this data is restrictori under ARC Subcontract ARC-93 3-SC-001.

ORIGINATOR SIGNATURE / ATF S. P. Kirch j llgylf7 '

i AP600 RESPONStBLE MANAGER SIGNATURE

• APPROVAL DATE MAPv/4:P t,7' . A 4/-/A / 7 N

• Approval of the responsible manager sigrufies that document is cdiplete, all r4uired reviews are complete, electronic file is attached and document is released for use.

AP600 DOCUMENT COVER SHEET Page 2 Form 58202G(5/94) LIMITED RIGHTS STATEMENTS DOE GOVERNMENT LIMITED RIGHTS STATEMENT (A) These data are submitted with limited rights under govemment contract No. DE-AC03-90SF18495. These data may be reproduced and sised Dy the government with the express limitabon that they will not, without written permission of the contractor, be used for purposes vi manufacturer nor disclosed outside the govemment; except that the govemment may disclose these data outside the govemment for the following purposes, if any, provided that the govemment makes such disclosure subject to prohibition against further use and disclosure:

, (1) This ' Proprietary Data' may be disclosed for evaluation purposes under the restrictions above.

l (11) The ' Proprietary Data" may be disclosed to the Electric Power Research Insttute (EPRI), electric utility representatives and their direct consultants, excluding direct commercial compettors, and the DOE National Laboratories under the prohibitions and restrictions above. >

(B) This notice shall be marked on any reproduction of these data, in whole or in part.

ARC LIMITED RIGHTS STATEMENT:

This proprietary data, fumished under Subcontract Number ARC-93-3-SC-001 with ARC may be duplicated and used by the govemment and ARC, subject to the limitations of Article H-17.F. of that subcontract, with the express limitations that the proprietary data may not be disclosed outside the govemment or ARC, or ARC's Class 1 & 3 members or EPRI or be used for purposes of manufacture without prior permission of the Subcontractor, except that further disclosure or use rnay be made solely for the following purposes:

This proprietary data may be disclosed to other than commercial competitors of Subcontractor for evaluation purposes of this subcontract under the restriction that the proprietary data be retained in confidence and not be further disclosed, and subject to the terms of a non-disclosure agreement between the Subcontractor and that organizaton, excluding DOE and its contractors.

DEFINITIONS CONTRACT / DELIVERED DATA - Consists of docurnents (e.g. specifications, drawings, reports) which are g:nerated under the DOE or ARC contracts Which contain no background proprietary data.

EPRI CONFIDENTIALITY / OBLIGATIONNOTICES NOTICE 1: The data in this document is subject to no confidentiality obligations.

NOTICE 2: The data in this docu nent is proprietary and confidential to Westinghouse Electric Corporation and/or its Contractors. It is forwarded to recipient under an obligation of Confidence and Trust for limited purposes only. Any use, disclosure to unauthorized persons, or copying of this document or parts thereof is prohibited except as agreed '.o in advance by the Electric Power Research institute (EPRI) and Westinghouse Electnc Corporabon. Recipient of this data has a duty to inquire of EPRI and/or Westinghouse as to the uses of the information contained herein that are permitted.

NOTICE 3: The data in this document is proprietary and confidential to Westinghouse Electric Corporation and/or its Contractors. It is forwarded to recipient under an obligation of Confidence and Trust for use only in evaluation tasks specifically authorized by the Electnc Power Research Wtitute (EPRI). Any use, disclosure to unauthorized persons, or copying this document or parts thereof is prohibited except as agreed to in advance by EPRI and Westinghouse Electnc Corporabon. Recipient of this data has & Suty to inquire of EPRI and/or Westinghouse as to the uses of the information contained herein that are permitted. This document and any copies or excerpts thereof that may have been generated ar2 to be retumed to Westinghouse, directly or through EPRI, when requested to do so.

NOTICE 4: The data in this document is proprietary and confidential to Westinghouse Electric Corporation and/or its Contractor it is being revealed in confidence and trust only to Employees of EPRI and to certain contractors of EPRI for limited evaluation tasks authorized by EPRI.

Any use, disclosure to unauthorized persons, or copying of this document or parts thereof is prohibited. This Document and any copies or excerpts thereof that may have been generated are to be retumed to Westinghouse, directly or through EPRI, when requested to do so.

NOTICE 5: The data in this document is proprietary and confidential to Westinghouse Electric Corporation and/or its Contractors. Access to this data is given .n Confidence and Trust only at Westinghouse facilities for limited evaluation tasks assigned by EPRI. Any use, disclosure to unauthorized persons, or copying of this document or parts thereof is prohibited. Neither this document nor any excerpts therefrom are to be removed from Westinghouse facilities.

EPRI CONFIDENTIALITY / OBLIGATION CATEGORIES CATEGORY "A" - (See Delivered Data) Consists of CONTRACTOR Foreground Dati that is contained in an issued reported.

CATEGORY "B" -(See Delivered Data) Consists of CONTRACTOR Foreground Data mat is not contained in an issued report, except for computer programs.

CATEGORY "C" - Consists of CONTRACTOR Background Data except for compilte: 's.

CATEGORY "D"- Consists of computer programs developed in the course of r a Work.

CATEGORY *E" - Consists of computer programs developed prior to the Effective , sr the Effeebve Date but outside the scope of thi Work.

CATEGORY *F"- Consists of administrative plans and administrative reports.

I l

r l

I I

WESTINGHOUSE NON-PROPRIETARY CLASS 3 WCAP-14401 Revision 2 i

PROGRAMMATIC LEVEL DESCRIPTION OF THE AP600 HUMAN FACTORS VERIFICATION AND VALIDATION PLAN i

January 1997 1

E. Roth l S. Kerch AP600 Document No. OCS-GEH-020 l

l l

WESTINGHOUSE ELECTRIC CORPORATION Energy Systems Business Unit Nuclear Technology Division P.O. Box 355 Pittsburgh, Pennsylvania 15230-0355 C1996 Westinghouse Electric Corporation All Rights Reserved m1M63w.wpf.lb-012397

- . _ . .__ _ m. -__ . _ _ _ _ _ _. .-- - . _.~ ._.. . _. ._ _.

TABLE OF CONTENTS l

l Section Title h r  :

l

1.0 INTRODUCTION

1-1 [

1.1 AP600 V&V Activities and Objectives 1-1 l.2 General Scope of AP600 V&V _1-4 1.3 Guidance Documents for Development of V&V Implementation Plans 1-5

. 2.0 M-MIS TASK SUPPORT VERIFICATION 2-1 i

! 3.0 HFE DESIGN VERIFICATION 3-1 .

4.0 INTEGRATED SYSTEM VALIDATION 1 4.1 Methodology 4-1 4.2 Tools Used for Evaluating Dynamic Task Performance 4-1 '

4.3 Integrated System Validation Evaluations 4-2 4.4 Risk-Important Tasks 4-2  ;

4.5 Compliance with Regulatory Guide 1.33 4-2 .l 4.6 Criteria for Selection of Test Scenarios for Dynamic Evaluations 4-3 l l

4.7 Realistic Validation Scenarios 4-4

• 4.8 Performance Measures and Acceptance Criteria 4-4 1 5.0 ISSUE RESOLUTION VERIFICATION 5-1 6.0 FINAL PLANT HFE DESIGN VERIFICATION 6-1 1

7.0 REFERENCES

7-1 l

l l

l i

m:\3463w.wpf:Ib.012397

i k

LIST OF FIGURES  :

i Fimt ,I[gg p, gg 1-1 AP600 Concept Testing and Verification and Validation Activities 1-3 l

t t

{

i i

l 1

l 1

4 I

i I

m:\3463w.wpf:Ib-012397 )

I I

m _ _ - _ . _ ._ , . , _ ~ . . _ . . - - _ . - . . . . . - . ,, . ._. _,

i

1.0 INTRODUCTION

This document provides a programmatic level description of the AP600 Human Factors Verification I and Validation (V&V) plan. It specifies at a high-level the activities to be performed as part of the l AP600 V&V. Individual implementation plans that provide more detailed descriptions of the tests to l be performed, and acceptance criteria to be used, will be developed for each V&V activity specified in ,

this report. Individual V&V implementation plans will be developed after design certification.

1.1 AP600 V&V Activities and Objectives ,

The Human Factors Engineering Program Review Model (PRM) developed under the sponsorship of the U. S. NRC (NUREG-0711) specifies that an HFE V&V program should include five activities with the following objectives:

1. Task Support Verification: Verifies that the man-machine interface system (M-MIS) design provides all necessary alarms, displays, and controls to support plant personnel tasks i

2. HFE Design Verification: Verifies that the M-MIS design conforms to human factors engineering (HFE) principles, guidelines, and standards  ;

l

3. Integrated System Validation: Validates that the M-MIS design can be effectively operated by personnel within all performance requirements

4. Issue Resolution Verification: Verifies that the M-MIS design resolves all identified HFE i issues in the tracking system l l

5. Final Plant HFE Verification: Verifies that the final at-built product conforms to the verified and validated design that resulted from the M-MIS design process The AP600 V&V will include all five of these activities. Figure 1-1 presents the AP600 V&V activities and sequence in which these activities shall be performed. The sequence for completing these V&V activities will be as follows:

1. M-MIS Task Support Verification i

2. HFE Design Verification

3. Integrated System Validation

4. Issue Resolution Verification l

5. Final Plant HFE Design Verification l

l l l

m:\3463w.wpf:lb-012397 11

Figure 1-1 shows that additional Man-in-the-Loop concept tests will be performed as part of the M-MIS design process. Concept testing is performed as pan of the functional design phase of the M-MIS design process. It is during the functional design phase that the core conceptual design for an M-MIS resource and corresponding functional requirements are developed. An integral part of this l phase is rapid prototyping and design concept testing. Concept testing during the functional design phase serves two purposes. It: j

• Provides input to help designers resolve design issues that have no well established human factors guidance Establishes the adequacy of the design concept and functional requirements that are produced in the functional design stage. Concept testing establishes that the conceptual design resulting from the functional design stage is adequate to suppon operator performance in the range of situations anticipated to arise.

Concept tests slated to be performed as part of the AP600 M-MIS design process are described in WCAP-14396. While these concept tests are not part of the formal AP600 V&V, they provide early feedback on the adequacy of AP600 M-MIS design elements.

m:\3463w wpf:ltw012397 1-2

_ _ ___ .. __ _. . . . _ _ - _ _ . . _ . ~ _ . . _ . . . _ .___ . . . . . . . _ _ .

B kw y .

s e ar$

2 fi[*

5 c m

C

• 4

.a 1

l_______________________________________________________

I M-Mis l Verincation and v udation  ! <

' ~'

n M-MIS 4 M. MIS Task l (1 & ware) ye,ine,,;o, Issue NNE  !

, . Insegrated System + Resolution + Verificamon- l Q h l Vahdemn Veri 6 cation

• Factory l g

• Desige

• Resolve design issues M%n + - ;- p---z a e W

e

[- e Verification g l so .p,,ci;o :

• Establish adequacy of l e . Site e desise concept and a

$ "I""""**" rueceiones . - _ _ _ _

l  !~ wM iest a 7 4 y

• l w < ' AI W specinc a e e, a e near full-scope, ,

3 Cosacept Tests l high fidelity,  ;

n l

1. e training simulator ,

Man-in-the-loop test of concrete s e,

{-

a example of functional design: '______________________________________________________,s e

y

• Rapidprototypes a

• Part-tasksloculations g

• Nearfull-s<xpe,bifidelity simulator for sienilar plant a)

C.

o 3 7 n

C.  !

3. t C. i e

m i

--. - . - - - - - . .-. .-- _-_ _- - - =. - - - - .

i 1.2 General Scope of AP600 V&V The AP600 V&V scope is defined with respect to M-MIS resources included in the V&V. The PRM

! scope descriptic, includes trained personnel and communication. Personnel training requirements and communication requirement., will be addressed in the integrated system validation.

f 4

The scope of the AP600 V&V will include:

M-MIS hardware M-MIS software

, Procedures Workstation and console configurations Design of the overall work environment

Specifically included in the AP600 V&V is verification and validation of the AP600 Emergency Operating Procedures (EOPs). ,

The AP600 EOPs will be computerized. A backup will be available to handle the unlikely situation l

)

where the Computerized Procedure System is lost. Verification and validation will be conducted primarily on the computerized procedures. The back-up will be evaluated as part of the integrated I system validation by including test scenarios that examine the use of the back-up following the simulated loss of the Computerized Procedure System.  !

l A set of representative and important tasks will be identified as part of task analysis activities, l i Element 4 (Task Analysis). This set of tasks will detine and bound the scope of the AP600 V&V activities. Tasks will be drawn from the areas of:

Operations

• Maintenance

• Test, inspection, and surveillance Tasks for in.clusion in the task analysis and V&V will be identified based on consideration of the importance of human actions for function achievement, and the impact of task failure on safety. Tasks in the areas of maintenance, test, inspection, and surveillance, will be limited to those determined to be risk-important based on the probabilistic risk assessment (PRA) threshold criteria specified in the j 4

Implementation Plan for Integration of Human Reliability Analysis (HRA) and HFE Design. j i

Selected tasks will cover the full range of plant operating modes, including:

l

• Startup Normal operations Abnormal and emergency operations mA3463w.wpf:lb-012397 l-4

Transient conditions Low-power 4

Shutdown conditions The V&V scope will be limited to those facilities required for scenario evaluation that involve risk.imponant tasks as defined by the PRA threshold criteria. Facilities included in the V&V scope are:

4

• Main Control Room

• Remote shutdown workstations Technical Support Center (TSC)

The AP600 design does not require risk-important actions to be taken from local control stations, so local control stations are not included in the V&V scope. If, as a result of further analysis, risk-important tasks or critical actions are identified at local control stations, those stations, with respect to the identified tasks or actions, will be included in the V&V.

1.3 Guidance Documents for Development of V&V Implementation Plans Implementation plans providing detailed test procedures and acceptance criteria will be develeped for each of the five V&V activities identified in Figure 1-1.

V&V implementation plans will be developed using accepted industry standards, guidelines, and practices. Documentation to develop the V&V implementation plans will include:

CElllEC 964 Design for Control Rooms of Nuclear Power Plants. International Electrotechnical Commission,1989.

IEEE Std. 845-198R IEEE Guide to Evaluation of Man-Machine Perfomiance in Nuclear Power Generating Station Control Rooms and Other Peripheries. Insteute of Electrical and Electronics Engineers,1988.

NUREG-0899 Guidelinesfor the Preparation of Emergency Operating Procedures. US Nuclear Regulatory Commission, Washington, D. C., August 1982.

NUREG-1358 Lessons Learnedfrom the SpecialInspection Programfor Emergency. US Nuclear Regulatory Commission, Washington, D. C., April,1989.

NUREG-0711 Human Factors Engineering Program Review Model. US Nuclear Regulatory Commission, Washington, D.C., July,1994.

mA3463w.wpf:Ib-012397 1-5

1 i

I.

NUREG-0700 Human-System Interface Design Review Guideline, Rev. l, Draft Report. US Nu: lear ?

Regulatory Commission, Washington, D.C., February,1995.

Regulatory Guide 1.33, Quality Assurance Program Requirements. Revision 2 US Nuclear '

Regulatory Commission Washington, D. C.

t t

l I

f

[

l J

l 1

l 1

l i

m:\3463w.wpf:M12397 1-6

2.0 M MIS TASK SUPPORT VERIFICATION An implementation plan shall be developed specifying a methodology for M-MIS task support verification. The M-MIS task support verification objective will be to verify all aspects of the M-MIS design (e.g., controls, displays, alarms, procedures, and data processing) that are required to accomplish personnel tasks and actions as defined by task analyses, EOPs, and risk-important human tasks identified by the PRA.

The M-MIS Task Support Verification implementation plan will include a methodology description by which the M-MIS design will be checked against the information and control requirements identified i by the:

1 Function-based task analyses Operational sequence task analyses performed for important and representative tasks as !

defined in Element 4 (Task Analysis) )

Operational sequence task analyses performed for risk-important personnel tasks as I defined by the PRA I

Operational sequence task analyses performed for the complete set of EOPs I I

The M-MIS Task Support Verification methodology will describe how, in each case, the M-MIS resources will be verified to ensure that all alarms, displays, controls, procedures, and data-processing required for task performance are available, and that the characteristics of the M-MIS (e.g., units of l measure, accuracy, precision, and dynamic response) match task requirements.

The M-MIS Task Support Verification implementation plan will also describe a process by which the M MIS design will be verified to ensure that the M-MIS does not include information, displays, or controls that do not support operator tasks. The information and controls provided on the M-MIS resourres will be checked against display and control requirements generated from the function-based and operational sequence task analyses. Any information, display, or control appeanng on an M-MIS resource not identified as required by any of the task analyses, will be flagged, requiring further analysis and review. If the information, display, or control is shown to be necessary to support operator performance, it will be documented, and the task analyses will be revised accordingly. If, after review, no explanation can be found for how the information, display, or control supports operator performance, it will be removed and the documentation will be revised accordingly.

m:\3463w.wpf:lt412397 2-1

3.0 HFE DESIGN VERIFICATION An implementation plan that specifies a methodology for HFE design verification will be developed.

The objective of the HFE design verification will be to verify that all aspects of the M-MIS (e.g.,

controls, displays, procedures, and data processing) are consistent with accepted HFE guidelines, standards, and principles.

The HFE design verification implementation plan will specify a process by which deviations from accepted HFE guidelines, standards, and pinciples will be identified and acceptably justified based on i a documented rationale, such as trade study results, literature-based evaluations, demonstrated operational experience, and tests or experiments. l The HFE design verification will include all M-MIS in the control room, remote shutdown workstations, and the TSC. Local control stations will be reviewed to the extent that they are required for risk-important human actions as defined by the PRA.

l The HFE design verification specification plan will describe a procedure by which M-MIS resources will be verified, ensuring conformance to AP600-specific M-MIS standards and convention guideline documents that will be prepared to cover all M-MIS resources and their integration. The AP600-specific standards and convention guidelines will include:

l Alarm guidelines 1 Display guidelines

• Controls guidelines

• Computerized procedures guidelines Anthropometric guidelines The AP600-specific M-MIS standards and convention guidelines will provide:

• A specification of accepted HFE guidelines, standards, and principles to which the M-MIS will conform a A specification of particular design conventions (e.g., particular coding conventions) to which the M-MIS will conform

• Documentation of any deviations from accepted HFE guidelines, standards and principles, and justification based on documented rationale such as trade study results, literature-based evaluaticns, demonstrated operational experience, and tests and experiments mM463w wpt,Ib 012397 3-1

1 I

An illustrative subset of accepted HFE guideline documents that will be used in compiling accepted i HFE guidelines, standards, and principles to be included in the AP600-specific standards and j convention guideline documents are:

American National Standards Institute, ANSI HFS-100-1988, American Standardfor Human tactors Engineering of Visual Display Tenninal Workstations. Santa Monica, California,1988.

l i

CElllEC 964 Design for Control Rooms of Nuclear Power Plants. International Electrotechnical l Commission, Geneva, Switzerland,1989. I NUREG-0899 Guidelinesfor the Preparation of Emergency Operating Procedures.

U. S. Nuclear Regulator Commission, Washington, D. C., August 1982.

NUREG-1358 Lessons Learnedfrom the SpecialInspection Programfor Emergency. US Nuclear Regulatow Commission, Washington, D. C., April,1989. I 1

NUREG-0700 Human-System Interface Design Review Guideline, Rev.1, Draft Report. US Nuclear Regulatory Commission, Washington, D.C., February,1995.

NUREGICR-5908 Advanced Human-System Interface Design Guidelines. US Nuclear Regulatory Commission, Washington, D. C., July,1994.

NUREGICR-6501 Human Factors Engineering Guidelinesfor the Review of Advanced Alann Systems. US Nuclear Regulatory Commission, Washington, DC., September,1994.

US Department of Defense, DOD-HDBK-761 A, Human Engineering Guidelinesfor Management l Information Systems. Office of Management and Budget, Washington, D.C.,1990.

1 1

All aspects of the M-MIS, including information, displays, controls, data processing, navigation mechanisms, and workstation and console configurations, will be verified against the standards and conventions specified in the applicable AP600-specific guideline documents.

The HFE design verification implementation plan will specify procedures for identifying, reviewing, and correcting deviations from the standards and conventions specified in the guideline documents.

Included in the scope of the HFE design verification will be the identification of nonfunctional I decorative details (borders and shadowing on graphic displays) not specified in the guideline documents that do not support operator task performance.

l All deviations from standards and conventions specified in the guideline documents will be flagged for review. If there is adequate justification for the deviation, the justification will be documented.

Otherwise, a change will be made to bring the M-MIS resource into compliance with the guideline documents.

m:\3463w.wpf.It412397 3-2

4.0 INTEGRATED SYSTEM VALIDATION An implementation plan will be developed specifying a methodology for integrated system validation.

The objective of integrated system validation is to ensure that the functions and tasks allocated to the plant personnel can be accomplished with the M-MIS design implementation. Explicitly included in the integrated system validation is validation of the AP600 EOPs.

4.1 Methodology The integrated system validation implementation plan will include a methodology section that addresses:

• Objectives Personnel performance issues Test methodology and procedures Test participants Test conditions (incloding plant conditions, operating sequences, accident scenarios) ,

M-MIS description Performance measures i

• Data analysis

• Acceptance criteria Process by which results will be used to determine whether changes to the M-MIS are required, and the process by which change requirements are tracked and verified 4.2 Tools Used for Evaluating Dynamic Task Performance Integrated system validation will be performed using an AP600-specific, near full-scope, high-fidelity, training simulator that satisfies the general requirements of Sections 3 and 4 of ANSI /ANS-3.5-1993.

The near full-scope, high-fidelity simulator of the AP600 control room will display high physical fidelity (the testbed will physically resemble the actual hardware to be implemented in the AP600 control room), as well as high-fidelity with respect to information content (containing AP600-specific  ;

displays and controls), and underlying process dynamics (it shall be driven by an AP600-specific plant simulation). Near is used to indicate that features of the simulation not relevant to the test being made may not be full-fidelity.  ;

Operator actions at non-control room facilities, such as remote shutdown panels, and the TSC, may be evaluated using static mock-ups, or prototypes.

l mA3463w.wpf.lb-012397 41

l l

4.3 Integrated System Validation Etaluations I

The implementation plan will specify the objectives of the integrated system validation to:

Establish the adequacy of the integrated M-MIS for achieving HFE program goals Confirm allocation of function and the structure of tasks assigned to personnel Validate the EOPs Confirm the dynamic aspects of the M-MIS for task accomplishment Evaluate and demonstrate error tolerance to human and system failures Establish the adequacy of staffing and the M-MIS to support staff to accomplish their tasks i

The implementation plan will specify how the integrated system validation will fulfill these evaluation 1 objectives.

4.4 Risk-Important Tasks  !

The integrated system validation will include test scenarios designed to validate the adequacy of staffing and the M-MIS to support personnel performance for:

l Important and representative tasks as defined in Element 4 (Task Analysis)

Risk-important tasks as defined by the PRA threshold criteria Design-basis apd beyond-design-basis accident scenarios covered by the EOPs I

4.5 Compliance vdth Regulatory Guide 1.33 i Regulatory Guide 1.33, Appendix A lists categories of activities that should be covered by written procedures, such as administrative procedures, general plant operating procedures, procedures for control of measuring and test equipment and for surveillance, procedures for performing maintenance, and chemistry and radiochemical control procedures. As indicated in Reg. Guide 1.33, the procedures may be combined, separated, or deleted to conform to procedure plans.

Complete validation of all classes of procedures identified in Regulatory Guide 1.33 is beyond the scope of the integrated system validation. As stated in Subsection 1.2, the V&V scope in the areas of maintenance, test, inspection, and surveillance, will be limited to tasks determined as risk-important based on PRA threshold criteria l l

i Integrated validation will include test scenarios simulating situations govemed by sample procedures from selected Regulatory Guide 1.33 categories, for the purposes of increased realism, and to ensure that the AP600 control room design, in conjunction with such procedures, can achieve their intended functions without interfering with plant operations. Test scenarios will be developed that include select maintenance, test, and surveillance activities conducted in the main control room while the plant m:\3463w.wpf:Ib-012397 4-2

,._.__. _ _ _._... - _ ._ . _ . . _ . . - . . _ _ _ _ _ _ _ . _ . _ . _ _ _ ~ . _ . . . . . _ _ _ . _ . . . _ . . . . _

l c is being operated to show that these tasks can be accomplished without interfering with operator tasks f

necessary for monitoring and controlling the plant 4.6 Criteria for Selection of Test Scenarios for Dynamic Evaluations '

A multi-dimensional set of criteria will be used to define a set of test scenarios to be included in the l integrated system validation. Dimensions to be considered will include covering:

j A range of operational modes including normal plant evolutions (startap, full power, i l and shutdown) -

Transients (reactor trip, turbine trip)

Design-basis and beyond design-basis accidents covered by the EOPs  ;

AP600-specific design features (the Automatic Depressurization System, the Diverse Actuation System)  !

Scenarios that include human performance actions identified to be risk-important by the PRA Instmment failures M-MIS equipment and processing failures, including failure of the computerized procedure system, establishing the ability to use the back-up Reactor shutdown and cooldown from remote shutdown panel Situations that produce cognitive challenges, including situations that complicate:

Situation assessment by providing degraded or conflicting plant state information l 1

1 Response (require balancing of multiple goals, require manual takeover of automatic systems)

Performance by increasing personnel communication / coordination requirements or  ;

I l

l j' m:\3463w.wpf:Ib-012397 4-3

i Increase workload by introducing additional tasks or distractions (Subsection 4.5 & 4.7)

The set of test scenarios specified will be sufficient to validate the EOPs as implemented in computerized procedures.

They will also include scenarios to validate key HRA modeling assumptions for event sequences that involve risk-important human actions. Examples of assumptions to be confirmed are that particular human actions that need to be performed are satisfactorily completed within the time-window specified in the PRA.

The set of test scenarios included in integrated system validation will be defined by a multi-disciplinary team that includes input from EOP developers, M-MIS designers, human factors specialists, and human reliability analysis /PRA analysts.

4.7 Realistic Validation Scenarios i

The implementation plan will specify how test scenarios will be realistic with respect to plant conditions that are likely to hold for the situations being represented (number of personnel in the ,

control room, communication requirements with personnel outside the control room, requirements for i notification to outside organizations, noise level and temperature).

Selected scenarios will include environmental condit. ions, such as noise and distractions, which may affect human performance in an actual nuclear power plant.

For actions outside the control room that are within the scope of the integrated system validation, performance impacts of potentially harsh environments that require additional time will be realistically simulated (for example, time to don protecti.ie clothing and access hot areas).

4.8 Performance Measures and Acceptance Criteria The implementation plan will specify performance measures used to establish that mission goals and operator performance requirements are achieved. Performance measures will include:

• System measures relevant to plant safety Personnel primary task performance a Personnel errors l

• Situation awareness I

1 l mA346%.wpf.lb-Cl2397 4-4

l 4

4 2

• Workload Personnel commw.ications and coordination l Dynamic anthropometry evaluations (such as reach and dexterity)  ;

4 1'

• Physical positioning and interaction with M-MIS d

For each measure, the measurement approach and instmment to be used will be specified, and

objective acceptance criteria will be defined. Measurement approaches may range from objective

measures of crew performance to subjective measures of performance obtained through post-scenario

) questionnaires and rating forms administered to test participants, to evaluations made by an evaluation

{ team participating in the validation exercises as expert observers.

i b

t i

E i

I f

1 s

i 4

I s

1 4

I a

na:\3463w.wpf:lb.012397 4-5

I l

l . 5.0 ISSUE RESOLUTION VERIFICATION f

An implementation plan will be developed specifying a methodology for human factors issues resolution verification.

The implementation plan will specify a procedure to ensure that all issues documented in the human i factors issue tracking system are verified to be adequately addressed in the final M-MIS. The I

implementation plan will include a procedure for identifying and tracking human factors issues that cannot be resolved until a plant is built. The procedure will specify how verification of these human factors issues will be incorporated into the process for final plant HFE verification.

l I

l

- nt\3463w.wpf:Ib-012397 5-1

6.0 FINAL PLANT HFE DESIGN VERIFICATION An implementation plan will be developed specifying a methodology for verifying that the in-plant  !

HFE conforms to the M-MIS design that resulted from the HFE design process and V&V activities. l

In the Westinghouse design process, mechanisms for insuring that systems conform to the final 1

! functional requirements and design descriptions, are factory acceptance tests conducted on the actual

{

system hardware at the factory, and the site acceptance test conducted after the hardware is installed at I the plant site.

The implementation plan for the final plant HFE design verification will specify the verifications that will be conducted as part of the factory acceptance test, and site acceptance test, ensuring that the in-plant HFE conforms to the M-MIS design that resulted from the HFE design process and V&V activities.

The implementation plan will include procedures 20, identifying aspects of the M-MIS that were not addressed in the design process V&V, and procedures for evaluating them using appropriate V&V methods. Aspects of the M-MIS design that fall in this category include design features that could not )

be evaluated in a simulator, and design modifications that occurred subsequent to the M MIS design j V&V, such as hardware upgrades. l

)

m:\3463w.wpf:lb 012397 6-1

e i

7.0 REFERENCES

ANSI HFS-100-1988, American Standardfor Human Frtors Engineering of Visual Display Terminal Workstations. American National Standards Institute, Santa Monica, Califomia,1988.

CEllIEC 964 Design for Control Rooms of Nuclear Power Plants. International Electrotechnical Commission, Geneva, Switzerland,1989.

DOD-HDBK-761 A Human Engineering Guidelinesfor Management Information Systems.

US Department of Defense, Office of Management and Budget, Washington, D.C.,1990.

IEEE Std. 845-1988 IEEE Guide to Evaluation of Man-Machine Performance in Nuclear Power Generating Station Control Rooms and Other Peripheries. Institute of Electrical and '

Electronics Engineers,1988.

OCS-TS-001 Roth, E. & Mumaw, R. J. Man-in-the Loop Test Plan Description, Rev. B.

March,1994.  !

NUREG-0899 Guidelinesfor the Preparation of Emergency Operating Procedures. US Nuclear Regulatory Commission, Washington, D. C., August 1982. ,

1 NUREG-1358 Lessons Learnedfrom the SpecialInspection Program for Emergency. US Nuclear Regulatory Commission, Washir gton, D. C., April,1989. ,

I NUREG-0711 Human Factors Engmeering Program Review Model. US Nuclear Regulatory Commission, Washington, D.C., July,1994.

NUREG-0700 Human System Interface Design Review Guideline, Rev.1, Draft Report. US Nuclear Regulatory Commission, Washington, D.C., Febniary,1995. ,

i NUREGICR-5908 Advanced Human-System Interface Design Guidelines. US Nuclear Regulatory Commission, Washington, D. C., July,1994.

NUREGICR-6501 Human Factors Engineering Guidelines for the Review of Advanced Alarm Systems. US Nuclear Regulatory Commission, Washington, DC., September,1994. I Regulatory Guide 1.33, Quality Assurance Program Requirements. Revision 2, US Nuclear ,

Regulatory Commission Washington, D. C.

ANSI /ANS-3.5-1993, Nuclear Power Plant Simulators for Use in Operator Training and Examination, approved March 29,1993.

m:\3463w.wpf:!b-012397 7-1 a.. - . - . . - . .. .- . , . . , - - ~