Text

LLC Revision 1 to Standard Design Approval Application, Part 2, Chapter 18, Human Factors Engineering
	ML23304A372
Person / Time
Site:	05200050
Issue date:	10/31/2023
From:	; NuScale
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML23306A033	List: ML23304A316; ML23304A317; ML23304A318; ML23304A320; ML23304A321; ML23304A323; ML23304A325; ML23304A327; ML23304A329; ML23304A331; ML23304A333; ML23304A335; ML23304A336; ML23304A338; ML23304A339; ML23304A341; ML23304A343; ML23304A345; ML23304A346; ML23304A348; ML23304A349; ML23304A354; ML23304A355; ML23304A357; ML23304A358; ML23304A359; ML23304A361; ML23304A363; ML23304A364; ML23304A365; ML23304A366; ML23304A368; ML23304A370; ML23304A371; ... further results
References
	LO-151262
	Download: ML23304A372 (1)
	v • d • e

NuScale US460 Plant Standard Design Approval Application Chapter Eighteen Human Factors Engineering Final Safety Analysis Report Revision 1

COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.

The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.

Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.

NuScale Final Safety Analysis Report Table of Contents TABLE OF CONTENTS CHAPTER 18 HUMAN FACTORS ENGINEERING . . . . . . . . . . . . . . . . . . . . . . . . 18.0-1 18.0 Human Factors Engineering - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.0-1 18.1 Human Factors Engineering Program Management . . . . . . . . . . . . . . . . . . 18.1-1 18.1.1 Human Factors Engineering Program Goals and Scope . . . . . . . . . . . 18.1-1 18.1.2 Human Factors Engineering Team and Organization . . . . . . . . . . . . . 18.1-4 18.1.3 Human Factors Engineering Process and Procedures . . . . . . . . . . . . 18.1-5 18.1.4 Tracking Human Factors Engineering Issues . . . . . . . . . . . . . . . . . . . 18.1-7 18.1.5 Human Factors Engineering Technical Program . . . . . . . . . . . . . . . . . 18.1-8 18.1.6 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.1-9 18.2 Operating Experience Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-1 18.2.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-1 18.2.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-2 18.2.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-6 18.2.4 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.2-6 18.3 Functional Requirements Analysis and Function Allocation . . . . . . . . . . . 18.3-1 18.3.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-1 18.3.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-1 18.3.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-5 18.3.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.3-5 18.4 Task Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-1 18.4.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-1 18.4.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-2 18.4.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-6 18.4.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.4-6 18.5 Staffing and Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-1 18.5.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-3 18.5.4 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.5-4 18.6 Treatment of Important Human Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 18.6.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 18.6.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-1 NuScale US460 SDAA i Revision 1

NuScale Final Safety Analysis Report Table of Contents TABLE OF CONTENTS 18.6.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-4 18.6.4 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.6-4 18.7 Human-System Interface Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-1 18.7.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-11 18.7.4 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.7-11 18.8 Procedure Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.8-1 18.9 Training Program Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.9-1 18.10 Human Factors Verification and Validation . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-1 18.10.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-14 18.10.4 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.10-14 18.11 Design Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.1 Objectives and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.2 Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-1 18.11.3 Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.11-3 18.12 Human Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.12-1 NuScale US460 SDAA ii Revision 1

NuScale Final Safety Analysis Report List of Tables LIST OF TABLES Table 18.1-1: Human Factors Engineering Program and Design Activity Milestones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.1-10 NuScale US460 SDAA iii Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering - Overview CHAPTER 18 HUMAN FACTORS ENGINEERING 18.0 Human Factors Engineering - Overview This chapter describes the Human Factors Engineering (HFE) Program for the NuScale Power, LLC (NuScale) Power Plant. The HFE Program uses proven technology and incorporates accepted HFE standards and guidelines, including the applicable guidance provided in NUREG-0711, Revision 3.

The HFE Program incorporates 12 HFE elements under four general activities in NUREG-0711:

planning and analysis HFE Program management operating experience review functional requirements analysis and function allocation task analysis staffing and qualifications treatment of important human actions

design human-system interface design procedure development training program development

verification and validation human factors verification and validation

implementation and operation design implementation human performance monitoring The HFE Program is developed and validated to support a plant including up to 12 NuScale Power Modules. The NuScale Power Plant US460 standard design consists of a plant with up to six NuScale Power Modules, which is within the limits of the HFE Program described in this chapter. The work done for the US460 standard design uses the information completed for the US600 design.

Section 18.1 describes the plan for the management of the overall HFE Program.

Sections 18.2 through 18.12 describe the remaining elements of the HFE Program.

These sections demonstrate that the HFE Program is

developed by a qualified HFE Design Team, using a comprehensive HFE Program plan.

NuScale US460 SDAA 18.0-1 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering - Overview

derived from proven HFE studies and analyses that provide complete and accurate results.

documented using software that allows consistent application of the HFE analysis results to the human-system interface design, procedure development, and training program development.

designed via proven technology incorporating accepted HFE standards and guidelines.

evaluated with a thorough verification and validation test program.

implemented such that it effectively supports operations.

monitored during operations to detect changes that have the potential to impact human performance.

Section 18.11, Design Implementation, is performed in accordance with the associated Inspections, Tests, Analyses, and Acceptance Criteria.

In the scope of HFE work, the term unit refers to the structures, systems, and components necessary to generate electricity, which includes a primary side containing a NuScale Power Module (as defined in Section 1.1), its specific supporting systems, and a secondary side containing a turbine generator and its specific supporting systems. This usage is consistent with 10 CFR Part 50 Appendix A and the HFE technical reports that support FSAR Chapter 18.

NuScale US460 SDAA 18.0-2 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1 Human Factors Engineering Program Management The program management element of the Human Factors Engineering (HFE) Program ensures that HFE principles are effectively incorporated into the development, design, and evaluation of the human-system interface (HSI), procedures, and training program.

This section addresses the following aspects of the program management plan:

HFE Program goals and scope

HFE team, member qualifications, and organization

HFE process and procedures

HFE issues tracking

HFE technical program Sections 18.1.1 through 18.1.5 summarize these aspects of the plan. A more detailed description of the program management plan is contained in the Human Factors Engineering Program Management Plan (Reference 18.1-1).

18.1.1 Human Factors Engineering Program Goals and Scope 18.1.1.1 Human Factors Engineering Program Goals The HFE Program is designed utilizing a human-centered approach. The program's primary goals are to

ensure that tasks are performed in accordance with the defined performance criteria and within the required time frame.

ensure that HSI, procedures, staffing and qualifications (S&Q), training, management, and organizational arrangements support a high degree of personnel performance and situational awareness.

support personnel in maintaining vigilance over plant operations and provide acceptable workload levels.

minimize personnel errors and enhance error detection and recovery capability.

As the HFE Program develops, the program objectives are further defined and used as the basis for HFE tests and evaluations.

18.1.1.2 Assumptions and Constraints The assumptions and constraints used as inputs to the HFE Program reflect the following aspects of the design:

Passive Features

Reactor coolant flow is accomplished by natural circulation to eliminate the need for reactor coolant pumps.

Decay heat removal to the ultimate heat sink is accomplished without the use of pumps or the need for electric power.

NuScale US460 SDAA 18.1-1 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management

No operator actions are necessary for a minimum of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> following a design-basis event.

Modular Design

Operation of the first module can begin before successive modules are installed.

Refueling of individual modules can occur with others online.

Common systems support up to six units.

Up to six units are controlled from a single main control room (MCR).

High Degree of Automation

The HSIs support monitoring and management of automated actions and sequences by the operator.

Steady-state routine operating tasks are automated to the extent that human interactions to start, stop, or abort automated sequences do not distract the operator.

Shutdown functions are automated to the extent that one operator at the controls can maneuver a unit from power operations to safe shutdown within a short period of time.

Operability surveillance tests include automated functions such as system configuration verified, test conditions verified, data collected, and results checked against acceptance criteria.

Administrative tasks are integrated into an electronic information and records management system that is available to operators.

Computer-based procedures for normal, abnormal, and emergency operations and alarm response are text-based.

Main Control Room Operators

Staffing evaluations are based on activities performed by licensed control room operators.

Staffing analyses for maintenance or refueling activities, activities completed by craft and technical personnel (e.g., mechanical, electrical, or instrumentation and controls maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility or other Emergency Response facilities are included only if licensed operator workload is impacted.

When licensed operator workload is impacted, the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload or staffing. If necessary, HSI or staffing adjustments are developed to address the specific task and associated staffing requirements.

NuScale US460 SDAA 18.1-2 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.1.3 Human Factors Engineering Program Duration The HFE Program is in effect from the start of the plant conceptual design through completion of startup testing. The Human Performance Monitoring Program (Section 18.12) maintains the HFE Program following startup.

18.1.1.4 Applicable Facilities The scope of the HFE Program includes the MCR. The HSI of the Technical Support Center, the Emergency Operations Facility, and local control stations are derivatives of the MCR human-system interface.

18.1.1.5 Applicable Human-System Interfaces, Procedures, and Training The HSI design inputs and interfaces include the following:

operating experience review

functional requirements analysis (FRA) and function allocation (FA)

task analysis (TA)

staffing and qualifications (S&Q)

treatment of important human actions (TIHAs)

concept of operations

instrumentation and controls systems design

system requirements

HSI Style Guide The HFE Program supports procedure and training program development for normal, abnormal, and emergency operations, as well as alarm response, and accident management activities performed or supervised by operational personnel.

The HFE Program provides inputs to the training programs for the personnel identified in 10 CFR 50.120, as appropriate.

18.1.1.6 Applicable Operations Personnel The HFE Program analyzes and defines the minimum number and qualifications of licensed control room operators. Section 18.5, Staffing and Qualifications, further discusses this element of the HFE Program.

18.1.1.7 Effects of Modifications on Personnel Performance The HFE design process evaluates the effects of plant modifications, performed before completion of startup testing, on personnel performance, HSI design, procedures, and training. The Human Performance Monitoring Program NuScale US460 SDAA 18.1-3 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management (Section 18.12) evaluates modification impacts on human performance following startup.

18.1.2 Human Factors Engineering Team and Organization 18.1.2.1 Human Factors Engineering Team Responsibility The HFE team is responsible for

developing HFE plans and procedures.

ensuring HFE activities comply with the HFE plans and procedures.

overseeing and reviewing activities in HFE design, development, test, and evaluation, including the initiation, recommendation, and provision of solutions through designated channels for problems identified in implementing the HFE work.

verifying that the team's recommendations are implemented.

scheduling work and milestones.

18.1.2.2 Human Factors Engineering Organizational Placement and Authority The HFE team consists of a core group of human factors engineers with formal HFE training and experienced operators reporting directly to the HFE supervisor.

The HFE team also includes a broader group of members from operations and engineering organizations that do not report directly to the HFE supervisor. The broader team members are distributed throughout the organization, providing expertise to the core HFE group on an as-needed basis.

The HFE supervisor reports to a Plant Operations manager or director, who in turn reports to an Executive.

Each of the HFE elementsoperating experience review, FRA and FA, TA, S&Q, TIHA, HSI, and human factors verification and validationhas a team lead responsible for managing that elements activities. The HFE supervisor is responsible for the Human Factors Engineering issue tracking system (HFEITS) database, and oversight and scheduling of HFE activities. The HFE supervisor or other members of the HFE team elevate HFE issues within the management chain, as necessary, utilizing appropriate programs and tools.

18.1.2.3 Human Factors Engineering Design Team Composition The HFE Design Team composition is described in Section 18.1.2.2. The qualifications of the personnel are consistent with Appendix A of NUREG-0711, Revision 3.

18.1.2.4 Human Factors Engineering Design Team Staffing The HFE supervisor assigns the team members to HFE activities across various elements of the HFE Program in accordance with their expertise.

NuScale US460 SDAA 18.1-4 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3 Human Factors Engineering Process and Procedures 18.1.3.1 General Process and Procedures The HFE supervisor assigns personnel to the HFE team to ensure the needed expertise, knowledge, and experience are applied to the activities of each HFE Program element. The HFE supervisor has responsibility for

assigning HFE tasks to members of the HFE team and supervising their performance of the tasks.

scheduling and overseeing various HFE activities.

reviewing and approving HFE team products.

making management decisions related to HFE activities.

design of MCR equipment and control of design changes to MCR equipment.

While the HFE supervisor is responsible for the design of MCR equipment and for controlling changes, Design Engineering is responsible for the design of HSIs throughout the plant. Design changes to HSI and other equipment are governed through a design change process.

Where design decisions require input from multiple organizations, the HFE supervisor may elevate HFE issues within the management chain utilizing tools and programs including HFEITS, the design decision procedure, design review boards, and the Corrective Action Program.

Any member of the HFE team may identify problems and propose solutions using the HFEITS tool. The HFE supervisor has authority to make decisions regarding the resolution of HFEITS items, including human engineering discrepancies (HEDs).

18.1.3.2 Process Management Tools The HFE activities are documented and controlled in accordance with the Quality Assurance Program (QAP), as applicable, and subordinate plans and procedures, including design control processes. The design process includes provisions to control design inputs, outputs, changes, interfaces, records, and organizational interfaces within the organization and with suppliers. These provisions ensure that design inputs are correctly translated into design outputs so that the final design output can be related to the design input in sufficient detail to permit verification.

Design change processes and the division of responsibilities for design-related activities are detailed in procedures. Design control includes interfaces necessary to control the development, verification, approval, release, status, distribution, and revision of design inputs and outputs. Design changes and disposition of nonconforming documents are reviewed and approved by applicable design organizations or by other authorized supplier organizations.

NuScale US460 SDAA 18.1-5 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3.3 Integration of Human Factors Engineering and Other Plant Design Activities The HFE design process is iterative, and the design activities are integrated. The iterative design process includes review and feedback from other engineering and design groups.

Reference 18.1-1 contains details on the HFE team integration into the iterative design process.

18.1.3.4 Human Factors Engineering Program Milestones Table 18.1-1, Human Factors Engineering Program and Design Milestones, shows the relationship of HFE Program elements to the design and licensing phases, and general plant design activities.

The project schedule, including HFE milestones, is integrated into the overall project design development schedule.

18.1.3.5 Human Factors Engineering Documentation An implementation plan (IP) describes the methodology for conducting an HFE element. An IP is not prepared for the procedure development, training program development, or HPM elements. A results summary report (RSR) is prepared for the S&Q (Section 18.5) and TIHA (Section 18.6) elements and contains a methodology section for the respective element and precludes the need for an IP.

These IPs as well as the S&Q and TIHA result summary reports are prepared by NuScale and submitted with the SDAA.

Upon completion of the associated HFE activities, RSRs are prepared for the following HFE elements:

operating experience review (Section 18.2)

FRA and FA (Section 18.3)

TA (Section 18.4)

HSI design (Section 18.7)

human factors verification and validation (Section 18.10)

The RSRs contain sufficient detail to demonstrate that the results are derived from implementing the methodology. The RSR scope is consistent with the applicable guidance of NUREG-0711, Revision 3.

The HFE documents that support the design are quality records and are retained in accordance with the QAP, which is described in Section 17.5. The HFE documentation includes design verification checklists, HFEITS records (Section 18.1.4), HFE element IPs, RSRs, and applicable documentation identified in the IPs and RSRs.

NuScale US460 SDAA 18.1-6 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management 18.1.3.6 Subcontractor Human Factors Engineering Efforts Subcontractors may be utilized in the HFE Program. The HFE team verifies that subcontractors performing HFE activities are properly trained and comply with the QAP and the applicable subordinate plans and procedures. The Quality Assurance organization verifies that the subcontractors conduct work in accordance with the QAP or the subcontractor's QAP, as approved and contracted.

18.1.4 Tracking Human Factors Engineering Issues 18.1.4.1 Availability of Human Factors Engineering Issue Tracking System If identified HFE issues cannot be immediately resolved, they are included and tracked in the HFEITS database. The database is available to the HFE team members. The HFE issues may include recognized industry HFE issues, HEDs identified during HFE design, and issues identified throughout the life cycle of the HFE Program. Details on the HFEITS process are contained in Reference 18.1-1.

18.1.4.2 Human Factors Engineering Issue Tracking Method Identified HFE issues that cannot be immediately resolved are entered into the HFEITS database and assigned a unique tracking number. Supporting documentation in electronic format is attached to the database item. Each issue is screened and evaluated for potential degradation in human performance. Issues that are found to not degrade human performance are either closed or transferred to more appropriate corrective action processes.

For the HFE issues that are found to degrade human performance, proposed corrective action to resolve each issue is identified and assigned. Schedules for the overall evaluation or for each corrective action are established by the HFEITS administrator. Issue close-out and transfer with proper documentation is approved by both the HFEITS administrator and the HFE supervisor. The HFE supervisor may obtain support from the HFE team to resolve and approve the closure of HFEITS database items.

18.1.4.3 Documentation of Human Factors Engineering Issues For each identified HFE issue, the following information is documented in the HFEITS:

issue identification date

supporting information, such as attachments documenting the issue

assigned issue owner and evaluator

whether or not the issue involves an HED

proposed issue resolution

HFE team acceptance or rejection with detailed justification NuScale US460 SDAA 18.1-7 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management

detailed description of issue resolutions

actions taken

affected document(s) 18.1.4.4 Responsibility for Tracking Human Factors Engineering Issues The HFE team members are responsible for identifying, logging, evaluating, and tracking HFE issues to resolution.

The HFE supervisor has the overall responsibility for administering and managing HFEITS. This responsibility includes oversight of HFE issue tracking, approval of HFE issue resolution, and approval of changes to issue resolution schedule.

The HFEITS administrator is responsible for managing the software component of the HFEITS database. This responsibility includes database security management, maintenance of hardware and software, controlling changes to database, and tracking the issue resolution and corrective actions.

The issue evaluator is responsible for identifying the extent and significance of the identified HFE issues, and providing recommendations for issue owner assignment, corrective actions, and issue resolution schedule.

The issue owner is responsible for resolving the issues, updating HFEITS with proposed or completed actions, and updating design documentation as appropriate.

An HFEITS review committee is responsible for verifying that the HFEITS issues and HEDs are resolved before final closure. Details on the HED resolution process are provided in Reference 18.1-1.

18.1.5 Human Factors Engineering Technical Program 18.1.5.1 Applicability and Status of Human Factors Engineering Elements In addition to the HFE Program management plan addressed in Section 18.1, the other elements of the HFE Program outlined in NUREG-0711, Revision 3 and listed in Section 18.0, Human Factors Engineering - Overview, are applicable to the HFE Program. These other elements are described in Sections 18.2 through 18.12.

18.1.5.2 Human Factors Engineering Activity Completion Schedules The HFE activity completion schedules are addressed in Table 18.1-1.

18.1.5.3 Standards and Specifications The HFE standards and specifications, which are sources of HFE requirements imposed on the design process are developed per the HSI Style Guide.

NUREG-0700, Human-System Interface Design Review Guidelines, forms the NuScale US460 SDAA 18.1-8 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management basis of the style guide, while NUREG-0711 contains the basis and requirements for the HFE Program. The controls for design and documentation are governed by the QAP description (Section 17.5).

18.1.5.4 Human Factors Engineering Facilities, Equipment, Tools, and Techniques Section 18.1.1.4 addresses the facilities that are part of the HFE Program scope.

Tools and techniques used to support the HFE Program elements include

design guidelines.

design verification checklists.

low-fidelity aids such as mock-ups (computer-aided drawings or physical representations of HSI).

multi-unit control room simulator (capable of supporting single, shared, and multi-unit HSI, as well as procedures and S&Q analysis).

relational requirements management software.

18.1.6 Reference 18.1-1 NuScale Power, LLC, "Human Factors Engineering Program Management Plan," TR-130414, Revision 0.

NuScale US460 SDAA 18.1-9 Revision 1

NuScale Final Safety Analysis Report Human Factors Engineering Program Management Table 18.1-1: Human Factors Engineering Program and Design Activity Milestones HFE and Design Activities Activity Milestones Standard Design Type of Activities Approval Before Fuel Load Activities Application Operating Experience Review (IP) X Operating Experience Review (RSR) X Functional Requirements Analysis and Function X

Allocation (IP)

Functional Requirements Analysis and Function X

Allocation (RSR)

Task Analysis (IP) X Task Analysis (RSR) X Staffing & Qualifications (RSR) (Note 1) X HFE Element Treatment of Important Human Actions (RSR)

Evaluation X (Note 1)

Human-System Interface Design (IP) X Human-System Interface Design (RSR) X Procedure Development Note 2 Training Program Development Note 2 Verification & Validation (IP) X Verification & Validation (RSR) X Design Implementation (IP) (Note 3) X Human Performance Monitoring (IP) (Note 4) X Note 1: Each RSR issued without a corresponding IP includes a description of the methodology used for the HFE element.

Note 2: Training and Procedure Development are managed per Chapter 13.

Note 3: No RSR is required for this element because conformance of the as-built design to the verified and validated design is confirmed by an ITAAC.

Note 4: An IP for Human Performance Monitoring is provided after the plant becomes operational.

NuScale US460 SDAA 18.1-10 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review 18.2 Operating Experience Review The operating experience review (OER) element of the NuScale Power, LLC (NuScale)

Human Factors Engineering (HFE) Program ensures that the lessons learned from the review of applicable operating experience from nuclear and non-nuclear industries are incorporated into the design of the NuScale Power Plant.

The OER is conducted and implemented in accordance with the applicable NUREG-0711, Revision 3 guidance. This section provides a summary of the HFE operating experience review objectives, scope, and methodology. The implementation of the OER is provided in the OER implementation plan (Reference 18.2-1), and results are documented in an OER results summary report (RSR).

18.2.1 Objectives and Scope The purpose of the OER program is to identify and document safety issues and lessons learned from applicable operating experience from nuclear and non-nuclear industries. Positive features are incorporated into the design, and negative issues are avoided. The lessons learned are also applied to the development and implementation of human-system interfaces (HSIs), operating procedures, and operator training; thereby improving reliability of plant operations and reducing human errors and risk.

The design utilizes a simple passive design with a highly automated digital control system with an advanced digital HSI. Operating experience is taken broadly from the existing commercial nuclear power industry, including significant events such as Three Mile Island, Chernobyl, and Fukushima. Reviews also include a focus on specific operating experience related to systems similar to those used in the NuScale design. In addition, operating experience is obtained from other industries on the basis of their similarities with the design, technologies, and concept of operations.

These other industries include

nuclear installations that do not produce power.

the non-nuclear power industry.

U.S. military platforms, such as nuclear-powered submarines and aircraft carriers.

the petrochemical industry.

the airline industry, including air traffic controller operator experience data.

automotive industry and railroad industry.

The design also allows operation of multiple units from one control room. Additional operating experience is obtained in the following areas:

highly automated digital control systems

monitoring and control of multiple units in one control room

initial plant testing of one or more units concurrent with operating units

refueling a unit concurrent with operating units NuScale US460 SDAA 18.2-1 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review

incident and accident management of a unit concurrent with operating units In addition to these data sources, the OER also considers the following:

results from the HFE element treatment of important human actions (Section 18.6)

review of issues identified in NUREG/CR-6400

operator interviews

nuclear industry websites and databases (U.S. Nuclear Regulatory Commission and Institute of Nuclear Power Operations) 18.2.2 Methodology 18.2.2.1 Operating Experience Review Process The OER methodology establishes the process and procedures for identifying, evaluating, and tracking relevant nuclear and various non-nuclear industry design, construction, and operating experience to ensure applicable experience data are provided to design personnel in a timely manner. The OER process is conducted in accordance with written procedures and administrative instructions.

The OER team is responsible for conducting the OER and dispositioning the individual review items. The qualifications of the OER team are stipulated in the HFE Program Management Plan (Reference 18.2-2). Specific team member responsibilities include

reviewing OER issues for identification of human performance issues, sources of human error, and design elements that support or enhance human performance.

screening OER issues for applicability using criteria established in the HFE operating experience review procedure.

summarizing and documenting screening results, including a statement of applicability.

identifying additional sources and topics for OER.

collecting, preparing, and documenting new sources of applicable OE.

conducting operator interviews.

identifying needs for action on OER issues.

entering actions resulting from OER into the Human Factors Engineering issues tracking system (HFEITS).

An initial screening is performed on each OER issue to determine if further evaluation is necessary to identify potential HFE issues related to the design. If the screening reveals that the issue is not applicable, the issue is closed. If an OER issue is determined to be applicable to the HFE scope, but the current design documents do not address the issue, the OER issue becomes an HFE issue for tracking in the HFEITS database. The OER issues are categorized to NuScale US460 SDAA 18.2-2 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review show which of the 12 HFE Program elements are affected, as seen in Section 18.1, Human Factors Engineering Program Management. This categorization facilitates future searches of the OER database by HFE Program elements.

The OER team includes senior reactor operators and other personnel with commercial and U.S. Navy experience in the operation of nuclear power plants.

These personnel are integrated into the HFE and OER teams. In addition to identifying and dispositioning issues during dedicated OER activities, the OER team applies their knowledge and operating experience during the review of design documents and recommend design improvements and refinements. These personnel are integrated into the inter-disciplinary reviews of documents, as appropriate, which allows application of their operating experience directly into the design and design documents.

Specific topics covered in the review and analysis of operating experience are discussed in Sections 18.2.2.2 through 18.2.2.7.

18.2.2.2 Predecessor Plants and Systems Because features such as passive safety systems, no reliance on safety-related alternating current or direct current power, and modular design that relies on automation and digital HSI technology are not found in the existing commercial nuclear reactors, existing designs are not considered direct predecessors.

However, many of the NuScale systems and components are found in existing designs. Therefore, commercial nuclear power plant experience is reviewed and used appropriately in the development of the design.

Due to the limited use of digital HSI technology in the current U.S. operating nuclear fleet, as well as limited operating experience with multi-unit operation, the OER program extends its review to non-nuclear industries.

18.2.2.3 Recognized Industry Issues The design addresses the HFE issues identified in NUREG/CR-6400. The categories of issues addressed in NUREG/CR-6400 are

unresolved safety issues and generic safety issues.

Three Mile Island issues.

NRC Generic Letters and Information Notices.

operating experience reports reviewed in the NUREG-1275 series, Volumes 1 through 14.

low power and shutdown operations.

operating plant event reports.

In addition to the industry issues addressed in NUREG/CR-6400, the lessons learned are incorporated from applicable issues identified subsequent to 1996 (NUREG/CR-6400 publication date), including lessons learned from the NuScale US460 SDAA 18.2-3 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review Chernobyl event and the seismic and tsunami events at the Fukushima Daiichi power station.

18.2.2.4 Related Human-System Interface Technology The design addresses OER related to

highly automated, digitally-controlled process systems.

computerized procedures systems.

use of flat panel displays.

use of touchscreens.

multi-unit control rooms.

In addition to information from the nuclear industry, pertinent information is obtained from other industries and facilities.

The related HSI technology experience data are collected by visits to sites of selected installations, personnel interviews, and literature searches on HSI technology.

18.2.2.5 Issues Identified by Plant Personnel The OER team conducts interviews of nuclear and non-nuclear industry personnel, and collects data based on their experience with applicable systems or technology. Interviews are conducted in accordance with written procedures. The interview topics are tailored to the job description of the individuals being interviewed and include the following:

plant operations normal plant evolutions (startup, full power, and shutdown) instrument and control system degraded conditions and failures HSI equipment failures and processing failures transients and accidents reactor shutdown and cooldown using remote shutdown systems

HFE design topics alarm and annunciation displays control and automation (including highly automated control systems) information processing and job aids real-time communications with plant personnel and with other organizations procedures, training, staffing qualifications, and job design multi-unit control room design effect on plant operation NuScale US460 SDAA 18.2-4 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review Data obtained from interviews are reviewed for positive and negative design aspects and evaluated for incorporation into the design. Potential issues identified in the interviews are entered into the OER database and evaluated in accordance with written procedures.

HFE team members are integrated into the inter-disciplinary review process utilized during the review and approval of design documents. Therefore, there is a mechanism for personnel with plant experience to formally provide their input to improve and refine the design utilizing their knowledge and experience.

18.2.2.6 Important Human Actions Using preliminary results from the Probabilistic Risk Assessment, important human actions (IHAs) are identified early in the design process and recorded in the OER database to make the information available while analyzing operating experience. The OER database is updated as necessary regarding IHAs.

The purpose of evaluating IHAs as part of OER is to determine if other operating nuclear plants or systems with similar HSI technology have experienced related error-causing conditions.

In examining the operating experience data, both the successful completion of applicable IHAs, and errors that may have occurred in the execution of those IHAs are identified and considered.

The consideration and evaluation of potential IHAs is discussed in Section 18.6.

The evaluation of the NuScale Probabilistic Risk Assessment, as well as deterministic engineering analyses performed as part of Chapter 7, Instrumentation and Controls, and Chapter 15, Accident Analyses identify no IHAs.

18.2.2.7 Issue Analysis, Tracking, and Review The OER items identified as potential human performance issues or sources of human error, or identified as design elements that support or enhance human performance, are captured in HFEITS. The HFEITS entries are evaluated during the design process.

During the OER, if an issue is determined to be not applicable, the justification for its non-applicability is written and reviewed by the OER team. Once the justification is approved, the issue is closed but retained in the OER database.

If an issue is determined to be applicable, but not within the HFE Program scope, a justification for the scope determination is prepared. Upon approval of the justification, the issue is transferred to the appropriate engineering discipline for consideration. The OER issue is then closed but retained in the OER database.

The applicable engineering disciplines use appropriate methods for assimilation and disposition of these issues.

NuScale US460 SDAA 18.2-5 Revision 1

NuScale Final Safety Analysis Report Operating Experience Review If an OER issue is determined to be applicable and within the HFE Program scope, but is resolved by the current design, documentation of that resolution is prepared and captured in the OER database. Documentation includes reference to appropriate approved design documents. The resolved-by-design documentation is reviewed, and the issue is closed but retained in the OER database.

An OER issue that is determined to be applicable and within the HFE Program, but not resolved by the current design, is documented as such in the OER database. The OER team member analyzing the issue proposes a design modification to resolve the OER issue. The OER team reviews the documentation and the proposed design modification. If approved, the OER issue is closed and retained in the OER database, and the associated documentation and proposed modification are captured in the HFEITS database.

If a justification or set of documentation for closure of an OER issue is rejected, the OER team and HFE supervisor either reassign the issue to another team member or resolve the issue as a team.

18.2.3 Results The results of the OER activities are compiled in an RSR. The contents of the RSR are consistent with the methodology described in Human Factors Engineering Operating Experience Review Implementation Plan (Reference 18.2-1) and the applicable NUREG-0711, Revision 3 guidance.

18.2.4 References 18.2-1 NuScale Power, LLC, "Human Factors Engineering Operating Experience Review Implementation Plan," TR-130409, Revision 0.

18.2-2 NuScale Power, LLC, "Human Factors Engineering Program Management Plan," TR-130414, Revision 0.

NuScale US460 SDAA 18.2-6 Revision 1

NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation 18.3 Functional Requirements Analysis and Function Allocation Functional requirements analysis (FRA) and function allocation (FA) is a key element of the Human Factors Engineering (HFE) Program. The FRA identifies and analyzes functions that must be performed to satisfy the plant safety and power generation goals.

The plant safety goals include prevention or mitigation of the consequences of postulated accidents that could cause undue risk to the health and safety of the public.

Function allocation is the process of assigning the functions identified by FRA to personnel and machines (automation) in a way that takes advantage of human strengths and avoids human limitations.

The FRA and FA activities are implemented and conducted consistent with applicable guidance in NUREG-0711, Revision 3. This section summarizes the FRA and FA objectives and scope, and methodology.

18.3.1 Objectives and Scope The purpose of FRA and FA is to ensure functions necessary to accomplish plant safety and power generation goals are sufficiently defined, analyzed, and allocated.

Functions are allocated to personnel (manual), automation (machine), or a combination of personnel and automation, to take advantage of human and machine strengths, and to avoid human and machine limitations. These allocations support other elements of the HFE Program:

HFE task analysis

operating experience review

staffing and qualifications

human-system interface design

treatment of important human actions

procedure development

training development The FRA and FA apply to activities performed by licensed operators in the main control room during normal, abnormal, and emergency operating conditions. They do not apply to maintenance or refueling activities performed by craft or technical personnel or activities associated with facilities other than the main control room.

18.3.2 Methodology The FRA and FA incorporate HFE Program principles and practices, and are performed using a structured and documented methodology. The process is iterative in nature and system design change reviews are incorporated in the FRA, FA, and TA database.

NuScale US460 SDAA 18.3-1 Revision 1

NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation 18.3.2.1 Functional Requirements Analysis Methodology The broad, plant-level functions are:

reactivity control

maintain containment integrity

remove fuel assembly heat

power generation

maintain reactor coolant pressure boundary integrity

radioactivity control

emergency response

human habitability

protection of plant assets

plant security The HFE team reviews the preliminary list of structures, systems, and components functions derived from design documentation. Based on this review, the plant functions are grouped into the categories discussed above.

Function decomposition is analyzed from the plant functions to the system component level to ensure the plant function is satisfied.

The identified subfunctions, system functions, processes, and components necessary to accomplish the function are documented in the FRA and FA database. The types of information documented in the database include the following:

purpose of the function

predecessor designs

subject matter expert input

differences from functions for systems similar to those used in other pressurized water reactor designs

supporting system functions

supporting components, instrumentation, controls, automation, and alarms

support systems The FRA is performed when the function decomposition is complete. To conduct this analysis, the HFE team determines the conditions and parameters necessary for monitoring and control. This analysis reveals success paths for accomplishing all or part of the function.

NuScale US460 SDAA 18.3-2 Revision 1

NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation Following decomposition and FRA, the HFE team documents the following information for each function in the FRA and FA database:

plant goal supported

conditions that indicate the need for the function

parameters that indicate the availability and operating status of the function

parameters that indicate whether the function is achieving its purpose(s)

parameters that indicate when the operations of the function can or should be terminated The HFE team members review the FRA and verify high-level functions necessary to achieve safe operation are identified and analyzed along with the requirements for each of the identified functions. The verification is documented in the FRA and FA database.

The development of functional requirements includes comparing the plant goals, functions, processes, and systems to those of existing plants, as applicable.

Differences and technical bases for changes are noted in the Human Factors Engineering issue tracking system. Success paths for carrying out the safety and other plant functions are defined. The functions are decomposed into lower levels.

18.3.2.2 Function Allocation Methodology Plant- and system-level functions are allocated to personnel, machine, or shared ownership. The ranges of possible allocations are grouped into the following types:

fully-manual operation

shared operation between manual and automation

operation by consent (automation when directed by operator)

operation by exception (automation until reaching a critical automation step or obtaining a system response identified by automation)

fully-automatic operation Function allocation is determined by reviewing one or more of the following:

operating experience

human capabilities

likelihood of human error

technical feasibility or cost

requirement for precise control

the need for human knowledge and judgment Criteria for function allocation to automation include personnel responsibility to monitor automatic functions and to assume manual control in the event of an NuScale US460 SDAA 18.3-3 Revision 1

NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation automatic system failure. Functions requiring human knowledge and judgment to ensure reliable performance are allocated to personnel.

Determining the level of automation during design is an iterative process.

Balancing the needs of the operator, the capabilities of the instrumentation and controls architecture, and the design of the system requires communication between designers and operators. The following guidance is considered when making the decision to use automation.

Automation is used to aid the operator and avoid human error.

For routine tasks, it is preferred that automation identify initiating conditions and prerequisites, and prompt the operator to perform the task instead of requiring the operator to select the appropriate automation to perform. For example, to perform a dilution on the correct unit, the automation monitors parameters and requests the operator to concur with selected automation.

Efforts are taken to design the automation so that it prevents the operator from performing an undesired action through use of interlocks, prompts, and intuitive displays.

Information displays for automation are consistent in terms of location, arrangement, and functionality in order to optimize operator to system interaction and to reduce potential error.

Automation controls are standard and intuitive to understand. These controls simplify training and provide the operator with a base level of comprehension regardless of the specific automated task.

Automated processes are incorporated into the task analysis and procedures so they can be referenced for pre-job discussions. Automated tasks are described in a relational database and accessed similarly as other procedures.

Based on the above considerations, most functions are automated to aid operators in managing the workload for multiple units, which allows the operator to remain situationally aware and to be engaged during automated tasks.

Functions with one or more of the following attributes are allocated to automation:

tasks involved with major plant evolutions (e.g., unit shutdown, unit power escalation)

system operations that require continuous monitoring, are repetitive, or require quick response (e.g., temperature, pressure, or level control; standby pump start; or routine rotation of operating equipment)

component operation that has certain requirements or restrictions (e.g., valves need to close upon pump stop, prerequisites to be met to open valve)

tasks that are routine, repetitive, or both (e.g., 12-hour surveillance checks, rod movement testing)

personnel safety or dose reduction

complex sequencing

time critical tasks NuScale US460 SDAA 18.3-4 Revision 1

NuScale Final Safety Analysis Report Functional Requirements Analysis and Function Allocation

implementation cost seems reasonable for the automation benefit

subject matter expert determines that automation would aid the operator based on operating experience 18.3.3 Results The results of the FRA and FA activities are compiled in a results summary report.

The contents of the results summary report are consistent with the methodology described in Reference 18.3-1 and the applicable NUREG-0711, Revision 3 guidance.

18.3.4 Reference 18.3-1 NuScale Power, LLC, Human Factors Engineering Functional Requirements, Analysis, and Function Allocation Implementation Plan, TR-124333, Revision 0.

NuScale US460 SDAA 18.3-5 Revision 1

NuScale Final Safety Analysis Report Task Analysis 18.4 Task Analysis The task analysis (TA) element of the Human Factors Engineering (HFE) Program identifies specific tasks (human actions) that are required to satisfy the plant safety and power generation goals as determined from the process described in Section 18.3, Functional Requirements Analysis and Function Allocation. The results of the TA establish the number of personnel needed to complete each task, the human-system interface (HSI) inventory requirements, including alarms, controls, displays, procedures, and knowledge and abilities needed to support the performance of tasks.

The TA is conducted and implemented in accordance with the applicable guidance provided in NUREG-0711, Revision 3. This section provides a summary of the TA objectives, scope, methodology, and results.

18.4.1 Objectives and Scope The TA encompasses a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions. The TA also includes

important human actions (IHAs).

tasks that have negative consequences if performed incorrectly.

tasks related to the monitoring of automated systems.

tasks related to the use of automated support aids for personnel such as computer-based procedures.

tasks related to identifying the failure or degradation of automation and implementing backup responses.

tasks anticipated to impose high demands on personnel.

The tasks to be analyzed include those performed by licensed control room operators. Maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical, electrical, or I&C maintenance; health physics; chemistry; engineering; or information technology), or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities are considered in the TA if those activities are determined to impact licensed operator workload.

The operating experience review, functional requirements analysis, and treatment of IHA elements of the HFE Program provide inputs to the TA.

The output from the TA includes

definition of roles and responsibilities for individuals analyzed in the staffing and qualifications HFE element.

a list of HSI inventory and characteristics for HSI design.

NuScale US460 SDAA 18.4-1 Revision 1

NuScale Final Safety Analysis Report Task Analysis

information and controls needed for task support that are used for procedure development.

determination of required knowledge and abilities of personnel.

The HSI inventory and its characteristics generated by the TA include the alarms, controls, displays, and procedures needed to monitor plant functions and monitor and control their success paths. Section 18.7, Human-System Interface, describes the HSI design that uses the detailed TA results and inventory of alarms, controls, and indications to establish alarm logic, display and control designs, and grouping of HSI inventory, especially for task-oriented screens.

18.4.2 Methodology The TA process includes the following steps:

identify tasks

develop detailed task narrative

decompose tasks

develop operational sequence diagram

verify IHA(s)

identify task attributes

identify high-workload tasks

identify task job position

determine knowledge and abilities

define task support requirements

assess the workload

determine inventory of alarms, displays, and controls to support performance of tasks Not all steps are needed for each task, and the level of detail for the tasks depends on the complexity of the task.

18.4.2.1 Task Identification Methodology All tasks, regardless of importance, are analyzed so that the full extent of the work load can be determined. Examples of tasks that are analyzed include

important human actions determined through the human reliability portion of the Probabilistic Risk Assessment and deterministic means (i.e., transient and accident analyses, diversity and defense-in-depth coping analyses). The methodology for determining important human action is discussed in Section 18.6, Treatment of Important Human Actions.

tasks that have negative consequences if performed incorrectly.

NuScale US460 SDAA 18.4-2 Revision 1

NuScale Final Safety Analysis Report Task Analysis

tasks that are new or performed significantly differently from those in plants with similar systems and components.

tasks related to monitoring and interacting with automated systems, automated-by-consent systems, and the use of automated support aids for personnel (such as computer-based procedures and adaptive automation features, e.g., the critical safety function displays).

tasks related to identifying the failure or degradation of automation, and other I&C computer-based systems, and those tasks required for implementing backup responses.

tasks anticipated to impose high demands on personnel (such as administrative tasks that contribute to workload and challenge the operators' ability to monitor the plant).

tasks with potential concerns for personnel safety.

Identification of tasks to be analyzed is performed by subject matter experts on the basis of their experience at commercial nuclear plants. The process includes review of operating experience and available system design material.

18.4.2.2 Task Narrative For the tasks that are identified for TA as described in Section 18.4.2.1, detailed task narratives (descriptions) are prepared. The task narratives provide

a description of the objectives of a specific system's operator tasks.

an overview of the activities personnel are expected to accomplish to complete the task.

a definition of alarms, information, controls, and task support needed to accomplish the task.

a basic outline of the procedure steps.

The task narratives contain requisite detail for a reviewer to correlate the described task objectives to the results of the completed task analysis. The length of the narrative is commensurate with the complexity of the task it describes.

Task narratives are revised as relationships among tasks are better defined.

18.4.2.3 Relationships Among Tasks A task may include multiple subtasks that are needed to complete a task. In order to identify the stimulus and response relationship for each lowest level task, each task is decomposed by identifying the parent task, subtasks, and task elements.

The lowest level task (element) is a discrete human action, cognitive or physical, executed to support a task.

An operational sequence diagram is created and used for certain tasks, as necessary, to aid in evaluating the flow of information between the operators and the HSI from the beginning to the end of the task. Information flow includes NuScale US460 SDAA 18.4-3 Revision 1

NuScale Final Safety Analysis Report Task Analysis operator decisions, operator and control activities, and the transmission of data.

Operator actions are identified in a top-down, sequential format. The sequencing of the tasks provides input for the plant operating procedures and defines the activities that plant personnel are trained to execute.

Depending on their types and complexity, tasks may be performed sequentially, in parallel, or in any order. Tasks may also be conditional and coordinated among crew members or local personnel.

18.4.2.4 Time Required for Performing Tasks The time required to complete a task is a combination of cognitive processing time, physical movement time, and HSI response time (e.g., screen navigation, control operation, I&C platform processing, plant system response). Calculations of time required for task performance consider decision-making (which may or may not be part of cognitive processing depending on task complexity),

communications with the operations team, task support requirements, situational and performance-shaping factors, and workplace factors and hazards for each step of a task.

The analysis of time required is also based on a documented sequence of operator actions.

Time estimates for individual task components (e.g., acknowledging an alarm, selecting a procedure, verifying that a valve is open, starting a pump), and the basis for the estimates are established through a method applicable to the HSI characteristics of digital computer-based I&C.

The time available to perform the actions is based on analysis of the plant response to the anticipated operational occurrences, accidents, and infrequent and special events, in accordance with the applicable regulatory guidance.

18.4.2.5 Personnel Required for Performing Tasks The number of personnel required to perform each task is determined by the task narrative, complexity of the task, time required to perform the task, and the time available.

The task narrative defines job functions for personnel who perform the tasks, requirements for communication with other operations personnel while performing tasks, and the impact of staffing levels on task performance.

18.4.2.6 Required Knowledge and Abilities In addition to the attributes included in the detailed task narrative, each task is analyzed to determine the knowledge and abilities needed for success of the task.

The knowledge and abilities are benchmarked against a modern pressurized water reactor using NUREG-2103, and a gap analysis is performed. The results of this analysis are used to develop the specific knowledge and abilities catalog to address the unique characteristics of the design.

NuScale US460 SDAA 18.4-4 Revision 1

NuScale Final Safety Analysis Report Task Analysis Tasks are allocated to personnel in accordance with the identified knowledge and abilities required to perform each task.

Learning objectives are developed from knowledge and abilities and are used to develop training program content in support of personnel qualifications.

18.4.2.7 Iterative Nature of Task Analysis The TA is iterative in nature. The HFE Program is also iterative in that elements of the program provide inputs to other elements and some design issues are only resolved by changing assumptions or re-analyzing based on new data.

When problems arise during HFE Program activities after TA, human engineering discrepancies are initiated whose resolution may result in changes to or rework of the TA.

Task analysis subject matter experts revise the TA as details of the plant, system, and component designs change.

18.4.2.8 Analysis of Feasibility and Reliability for Important Human Actions Analysis of feasibility and reliability for important human action addresses

time available and time required to perform actions.

use of techniques to minimize bias.

sequence of actions.

estimated time for operators to complete credited actions.

The time available to perform actions is the length of time from the initiation of the task to when the task needs to be completed as defined in the analysis that identifies the IHA. Applicable regulatory guidance is considered for the analyses that determine each IHA and for any task that industry experience identifies as a potential IHA. The time available is based on plant response to the anticipated operational occurrence or accident.

As discussed in Section 18.4.2.4, the time required to complete a task considers cognitive processing time, physical movement time, and HSI response time. The time-required calculation is based on an understanding of the sequence of operator actions and takes into account secondary tasks. Time-required estimates for IHAs are simulated and measured when feasible, or obtained through operator and expert interviews and operating experience reviews.

The estimated time for operators to complete the credited action is sufficient to allow successful execution of applicable steps in the emergency operating procedures.

Estimates of time required to perform IHAs are obtained whenever feasible using table-top walkthroughs and simulator scenarios. Other techniques used for deriving the time required include interviews of operators and experts and NuScale US460 SDAA 18.4-5 Revision 1

NuScale Final Safety Analysis Report Task Analysis operating experience reviews. If measurements are not feasible, independent assessments of time required for IHAs are developed by at least two different subject matter experts.

18.4.3 Results The results of the TA activities are compiled in a results summary report. The contents of the results summary report are consistent with the methodology described in Reference 18.4-1 and the applicable NUREG-0711, Revision 3 guidance.

18.4.4 Reference 18.4-1 NuScale Power, LLC, "Human Factors Engineering Task Analysis Implementation Plan," TR-130413, Revision 0.

NuScale US460 SDAA 18.4-6 Revision 1

NuScale Final Safety Analysis Report Staffing and Qualifications 18.5 Staffing and Qualifications This section provides a summary of the methodology used in performing the licensed operator staffing and qualifications (S&Q) analysis and the results of the analysis. The S&Q methodology and the results are documented in the Human Factors Engineering Staffing and Qualifications Results Summary Report (Reference 18.5-1).

18.5.1 Objectives and Scope The objective of the S&Q element of the Human Factors Engineering (HFE) Program is to determine the number and qualification of licensed operations personnel required for safe and reliable plant operation.

The plant operations personnel considered in the S&Q analysis include licensed control room operators as defined in 10 CFR 55, and the licensed personnel in the categories listed in 10 CFR 50.120, including shift supervisors.

COL Item 18.5-1: An applicant that references the NuScale Power Plant US460 standard design will address the staffing and qualifications of non-licensed operators.

The NuScale Power Plant is designed to operate multiple modules from a single main control room (MCR). This configuration is not addressed in 10 CFR 50.54(m).

NuScale uses design-specific staffing levels as an alternative to 10 CFR 50.54(m).

This approach involves use of applicable NRC guidance contained in NUREG-0800, Chapter 18, Revision 3; NUREG-0711, Revision 3; NUREG-1791 (July 2005);

SECY-11-0098 (July 22, 2011); SECY-021-0039 (April 5, 2021); and NUREG/

CR-6838 (February 2004). The technical basis for the alternative approach and minimum staffing requirements are located in the NuScale Control Room Staffing Plan, TR-0420-69456-NP-A (Reference 18.5-2).

The organizational structure is described in Section 13.1.

18.5.2 Methodology The analysis to determine the number and qualification of licensed operators is performed in a systematic manner, taking into account inputs from other applicable HFE elements and in accordance with regulatory guidance.

The plant is operated with a minimum MCR shift contingent of one licensed reactor operator and two licensed senior reactor operators.

The staffing analysis begins with an assumed MCR shift contingent of three licensed reactor operators and three licensed senior reactor operators. These initial staffing levels are established on the basis of inputs from the task analysis (TA) and other relevant HFE elements as discussed below. The S&Q analysis then confirms or modifies the baseline assumptions to achieve the final licensed MCR shift staffing and qualifications. This analysis is accomplished in an iterative fashion as information from the analyses of other HFE elements becomes available. The MCR shift contingent is one licensed reactor operator and two licensed senior reactor operators.

NuScale US460 SDAA 18.5-1 Revision 1

NuScale Final Safety Analysis Report Staffing and Qualifications The staffing analysis includes activities performed by licensed control room operators.

Staffing analysis for other activities (activities completed by craft or technical personnel [e.g., mechanical, electrical, or instrumentation and controls maintenance; health physics; chemistry; engineering; or information technology], or activities associated with the Technical Support Center, Emergency Operations Facility, or other Emergency Response facilities) are included only if the activities are determined to impact licensed operator workload. When licensed operator workload is impacted, the area of concern is analyzed to a degree sufficient to quantify the impact to licensed operator workload or staffing, and is developed with any human-system interface or staffing adjustments required to address the specific task and associated staffing requirements.

The basis for S&Q levels includes consideration of specific staffing-related issues identified in the following HFE elements:

Operating experience review: Section 18.2 discusses the use of current commercial nuclear power plant operating experience along with other operating experience relevant to the design. The initial staffing levels and qualification goals are based, in part, on staffing levels and qualifications from commercial nuclear power plants, taking into account the passive features and degree of automation.

Functional requirements analysis and function allocation: As discussed in Section 18.3, the functions that must be performed to satisfy plant safety and power generation goals are allocated to personnel and automation. The S&Q analysis involves review of initial function allocation to ensure that the requirements for performing actions allocated to humans do not exceed the qualifications of the assigned staff or cause an overload.

Task analysis: As discussed in Section 18.4, TA provides early definition of individual roles, responsibilities, and qualifications, and identifies time needed to perform a task, the workload involved, and the number of personnel needed to complete each task. The S&Q analysis considers tasks from a range of plant operating modes, including startup, normal operations, low-power and shutdown conditions, transient conditions, abnormal conditions, emergency conditions, and severe accident conditions.

Treatment of important human actions: Section 18.6 discusses the identification and treatment of IHAs. The staffing plan validation conducted as part of the S&Q analysis includes IHAs and confirms that the IHAs can be conducted within the time available by the minimum licensed MCR staff for the applicable plant operating modes and conditions. The staffing plan validation also confirms the availability, degree of clarity, and indication cues for manipulation of the human-system interface related to IHAs.

Procedure development: The S&Q analysis uses task sequencing from the TA element as preliminary procedures, assumes specific personnel numbers, and assumes a certain level of secondary tasks such as communication. The S&Q analysis also considers task sequencing during concurrent use of multiple procedures. Procedures are discussed in Section 13.5.

Training program development: The S&Q analysis provides input to the training program development related to knowledge, skills, and abilities to be attained and maintained. As the S&Q analysis encompasses licensed operations staff, the NuScale US460 SDAA 18.5-2 Revision 1

NuScale Final Safety Analysis Report Staffing and Qualifications analysis provides input essential to coordinating actions among individuals inside and outside the MCR. The training program includes this set of coordination knowledge, skill, and abilities. Human engineering discrepancies identified during S&Q or other HFE activities that have impacts to training program are entered into the human engineering discrepancy database and dispositioned by the training program. Training program development is discussed in Section 13.2.

Staffing plan levels and personnel qualifications are validated using performance-based testing focused on operator performance, workload, and situational awareness during challenging plant operating conditions. These tests are performed on a simulator that is capable of supporting the scenarios required for the staffing plan validation. Multiple validation exercises consisting of various challenging and workload-intensive scenarios are selected based on inputs from HFE elements operating experience review, functional requirements analysis and function allocation, TA, and treatment of IHAs. Section 18.5.3 discusses staffing plan validations.

18.5.3 Results Both staffing plan validations were conducted using guidance in NUREG-0711, Revision 3; NUREG-1791 (July 2005); and NUREG/CR-6838 (February 2004). The staffing plan validations included performance-based tests using a simulator focused on operator performance, workload, and situational awareness during challenging plant operating conditions. The tests included design-basis events, beyond-design-basis events, multi-module events, and events in series and parallel.

Two independent crews trained and qualified to conduct three challenging and workload-intensive scenarios utilizing conduct of operations guidance that was reflective of the current industry standards with respect to communication and use of human performance tools. A team of trained and qualified observers consisting of operations, management, and HFE personnel observed and analyzed the performance of the crews utilizing multiple methods of monitoring crew performance, workload, and situational awareness.

Performing the S&Q analysis, using the methods described above, confirms that a NuScale Power Plant, including the associated plant facilities, may be operated safely and reliably by a minimum staffing contingent of one licensed reactor operator and two licensed senior reactor operators from a single control room during normal, abnormal, and emergency conditions. The analysis uses design-specific staffing levels as an alternative to 10 CFR 50.54(m), and is in accordance with the applicable NRC guidance contained in NUREG-0800, Chapter 18, Revision 3; NUREG-0711, Revision 3; NUREG-1791 (July 2005); SECY-11-0098 (July 22, 2011); and NUREG/

CR-6838 (February 2004).

The first staffing plan validation resulted in comprehensive data that support the initial staffing plan (i.e., six licensed operators). The second staffing plan validation resulted in comprehensive data that support the revised staffing plan (i.e., three licensed operators). In both cases, the simulator supported the scenarios effectively without significant issues. The test and evaluation team was effective in administering the test and analyzing the test results. Both crews for both validations completed all required tasks within the required time limits while maintaining acceptable levels of situational awareness and workload. All evaluation criteria were met.

NuScale US460 SDAA 18.5-3 Revision 1

NuScale Final Safety Analysis Report Staffing and Qualifications The staffing plan validation methodology and results are in Reference 18.5-1.

18.5.4 References 18.5-1 NuScale Power, LLC, "Human Factors Engineering Staffing and Qualifications Results Summary Report," TR-130412, Revision 0.

18.5-2 NuScale Power, LLC, "NuScale Control Room Staffing Plan,"

TR-0420-69456-NP-A, Revision 1.

NuScale US460 SDAA 18.5-4 Revision 1

NuScale Final Safety Analysis Report Treatment of Important Human Actions 18.6 Treatment of Important Human Actions Treatment of important human actions (TIHA) is an element of the Human Factors Engineering (HFE) Program that ensures important human actions (IHAs) are identified and addressed throughout the HFE Program.

This section provides a summary of the TIHA objectives, scope, methodology, and results. The TIHA methodology and the results are documented in the Treatment of Important Human Actions Results Summary Report (Reference 18.6-1). The TIHA approach is consistent with the applicable provisions of NUREG-0711, Revision 3.

18.6.1 Objectives and Scope The TIHA element of the HFE Program identifies IHAs and addresses them in designing HFE aspects to minimize the likelihood of personnel errors, and help ensure personnel can detect and recover from errors that might occur.

The IHAs are identified by a combination of probabilistic and deterministic analyses, as discussed in the following sections. Specific treatment of the IHAs in the applicable elements of the HFE Program is addressed in Section 18.6.2.3.

18.6.2 Methodology The IHAs consist of risk-important and deterministically important human actions.

18.6.2.1 Risk-Important Human Actions Risk-important human actions are identified from the human reliability analysis (HRA) as part of the Probabilistic Risk Assessment (PRA) in Chapter 19. The methodology for identifying risk-important human actions is consistent with the applicable provisions of NUREG/CR-1278, and includes the following characteristics:

actions identified in Level 1 (core damage) and Level 2 (release from containment) PRAs for power operation, low power and shutdown, including both internal and external events (Chapter 19)

actions identified using selected importance measures and PRA sensitivity analyses to provide reasonable assurance that an important action (or multiple actions in the same scenario) is not overlooked as a result of the selection of the measure or the use of a particular assumption in the analysis The list of risk-important human actions is determined through consideration of risk-important measures, HRA and PRA sensitivity analyses, and threshold criteria (with bases). The risk-important human actions are identified through iteratively analyzing HRA and PRA results and the potentially risk-important human interactions.

The methodology for identifying risk-important structures, systems, and components is consistent with the NuScale Topical Report, TR-0515-13952-NP-A, Risk Significance Determination (Reference 18.6-2).

NuScale US460 SDAA 18.6-1 Revision 1

NuScale Final Safety Analysis Report Treatment of Important Human Actions Risk-important human actions are those human actions to operate systems or components that are above the risk-significance thresholds described in the topical report.

The approach for identifying candidate risk-important human actions consists of

identifying situations in the PRA where an operator can function as a backup to an automatic actuation.

identifying situations where an operator can place in-service a nonsafety backup to a safety-related system.

understanding the context for successful execution of the action.

assessing the time available for the operator to accomplish the action using thermal-hydraulic simulations of bounding scenarios.

verifying accessibility of the equipment needed.

quantifying the likelihood of the operator failing to accomplish the human action.

evaluating the importance of the human action in the full-scope, all operating modes PRA.

As the PRA model is updated, the resulting risk-important human actions are reviewed and task analysis (TA) is performed.

18.6.2.2 Deterministically Important Human Actions Deterministically important human actions are identified from the operator actions credited in the transient and accident analyses (Chapter 15), and from operator actions identified in the diversity and defense-in-depth (D3) coping analyses (Chapter 7).

Some actions identified in the transient and accident analysis or D3 coping analysis are not considered deterministically important human actions because these operator actions are not required to ensure reactivity control, core heat removal, or containment isolation and integrity. Examples of these are:

actions performed to confirm automatic actions

actions required for long-term decay heat removal or reactivity control

actions needed to maintain a stable plant condition for the long term Subject matter experts review each event scenario described in the transient and accident analyses and D3 coping analyses and extract the deterministically important human actions.

18.6.2.3 Consideration of Important Human Actions in Human Factors Engineering Program Elements To minimize the likelihood of human error and facilitate error-detection and recovery capability, the IHAs are addressed during development of the HFE NuScale US460 SDAA 18.6-2 Revision 1

NuScale Final Safety Analysis Report Treatment of Important Human Actions Program elements including operating experience review (OER), functional requirements analysis and function allocation, TA, HSI design, procedure development, training program development, and human factors verification and validation.

OER: Potential IHAs identified early in the design process are evaluated during the issue analysis and review portion of the OER (Section 18.2). Each operating experience item analyzed and entered into the OER database is evaluated against the list of potential IHAs. Operating experience review issues that indicate a potential to impact IHAs are tracked as HFE issues in the HFE issues tracking system for resolution during appropriate HFE Program elements.

Functional Requirements Analysis and Function Allocation: Functional requirements analysis and function allocation (Section 18.3) evaluate IHAs.

TA: Tasks involving IHAs receive detailed TA (Section 18.4). The TA confirms the assumptions used in the PRA to determine human error probabilities, and confirms the assumptions used in accident and transient analyses and D3 coping analysis to conclude that operators can execute deterministically important human actions within the time available. The TA also assesses the operator workload when conducting the IHA (for individual or overall operating crew, as appropriate) and provides additional assurance that the IHA can be carried out within the time available. Human engineering discrepancies are generated for IHAs that result in excessive workload conditions and for IHAs that cannot be executed with adequate margin between the time available and the time required.

Staffing and Qualifications: During staffing and qualifications analyses (Section 18.5), potential IHAs are evaluated to ensure staffing levels and qualifications are sufficient to successfully execute the potential IHAs, including within specified time requirements. During control room staffing plan validation, potential IHAs are included in the scenarios that evaluate task performance, cognitive and physical workload, and situational awareness.

HSI Design: Assumptions regarding HSI characteristics for IHAs are verified during HSI design (Section 18.7). To reduce the probability of human errors for IHAs, the HSI design includes the following considerations:

A minimum of two actions are required for the video display unit controls (e.g., an action to call up the control function on the video display unit and an action to actuate the control).

Tasks associated with a single IHA are conducted from a single display screen wherever possible; task-based displays are created to achieve this, as necessary.

When a local control station is required for conducting an IHA, that local control station HSI is designed using the same style guide as the main control room HSIs. This use of a common style guide ensures HSI design consistency, training efficiency, clear labeling, and easy accessibility.

After the HSI design for the alarms, indications, controls, and procedures are developed based on input from the plant design and the TA, NuScale US460 SDAA 18.6-3 Revision 1

NuScale Final Safety Analysis Report Treatment of Important Human Actions performance-based testing is conducted to assess those designs in support of the IHAs.

Procedure Development: Operating procedures (Section 18.8) are developed to meet the operation sequences and guidance contained in plant design specifications. The design implementation element of NUREG-0711 ensures consistency between the procedures used in integrated system validation (ISV) with those in place in the completed plant, including for IHAs.

Training Program Development: A licensed operator training program (Section 18.9) ensures personnel are qualified to operate and maintain the facility in a safe and efficient manner, as well as keep the facility in compliance with its license, technical specifications, and applicable regulations. Training includes normal, abnormal, and emergency operating procedures that contain IHAs.

Human Factors Verification and Validation: The adequacy of the HSI design to support operator performance of IHAs is confirmed in the ISV process (Section 18.10). Consideration of IHAs during ISV involves defining simulator scenario initiating events with system and component failures that challenge the operators to bring the plant to a safe state following appropriate procedures. The scenarios used in the ISV address the IHAs dominant sequences, systems, and events. The ISV assesses the presence of the necessary task-support HSIs and HSI compliance with governing HFE guidelines to support successful performance of IHAs. The ISV assesses the successful performance of the integrated crew and the HSI for IHAs.

18.6.3 Results The PRA and HRA evaluation identifies no risk-important human actions. No operator action is identified that is assumed to mitigate an Anticipated Operational Occurrence, Infrequent Event, Accident, Special Event, or design-basis event.

Evaluation of the plant transient and accident analysis, as well as the D3 coping analysis, identifies no deterministically important human actions.

The results of the evaluations of the PRA, transient and accident analysis, and D3 coping analysis for risk-important and deterministically important human actions are documented in Reference 18.6-1.

18.6.4 References 18.6-1 NuScale Power, LLC, "Human Factors Engineering Treatment of Important Human Actions Results Summary Report," TR-130416, Revision 0.

18.6-2 NuScale Power, LLC, Risk Significance Determination, TR-0515-13952-NP-A, Revision 0.

NuScale US460 SDAA 18.6-4 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design 18.7 Human-System Interface Design The human-system interface (HSI) design element of the Human Factors Engineering (HFE) Program provides design of interfaces between plant personnel and plant systems and components. The HSI design process represents the translation of function and task requirements identified in upstream HFE Program elements into HSI characteristics and functions. The HSI Style Guide ensures consistency in applying HFE principles.

This section summarizes the methodology used in the HSI design and is consistent with the applicable provisions of NUREG-0711, Revision 3, and NUREG-0700, Revision 3.

18.7.1 Objectives and Scope The objective of the HSI design element is to translate the requirements identified in Section 18.3, Functional Requirements Analysis and Function Allocation, as well as Section 18.4, Task Analysis, into HSI design requirements and detailed design of alarms, indications, controls, and other aspects of the HSI. This objective is accomplished by systematically applying HFE principles and criteria.

The HSI design activities include those in the main control room (MCR) that support important human actions (IHAs). The main control room HSI development process includes consideration of other activities that are determined to impact licensed operator workload, including maintenance or refueling activities, activities completed by craft or technical personnel (e.g., mechanical maintenance, electrical maintenance, radiation protection, chemistry, engineering, information technology, instrumentation and controls (I&C) maintenance), or activities associated with the Emergency Response facilities. The HSI for locations outside the MCR are derived from the main control room HSI.

18.7.2 Methodology The HSI design process uses a structured methodology for the iterative design of the overall HSI, translating the function allocation and task analysis (TA) into detailed HSIs for the plant.

18.7.2.1 Human-Systems Interface Design Inputs Inputs to HSI design include analyses of personnel task requirements, system requirements, and the HSI Style Guide, which incorporates regulatory requirements.

18.7.2.1.1 Analyses of Personnel Task Requirements Analyses of personnel task requirements performed in operating experience review (OER), functional requirements analysis (FRA) and function allocation, TA, staffing and qualifications (S&Q), and treatment of IHAs are used to identify and establish design requirements for the HSIs.

During OER (Section 18.2), issues from other plants and similar HSI designs are evaluated for applicability and for inclusion or exclusion in the HSI design.

NuScale US460 SDAA 18.7-1 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design The issues identified during OER are tracked in the Human Factors Engineering issue tracking system and resolved within the HSI design element as applicable.

The FRA and function allocation (Section 18.3) analyze the plant functions and define the success paths for controlling those functions, along with the key parameters and components used to monitor them. Safety functions are used as an input for the design of the overview screens within the HSI inventory. Automation criteria established during function allocation define the levels of automation anticipated for the HSI design. The allocation of functions to humans, machine, or a combination of the two largely defines the scope of HSI design. The issues in the Human Factors Engineering issue tracking system that were initiated in FRA and function allocation are resolved during HSI design.

The TA (Section 18.4) provides the information needed to build a complete HSI inventory and the characteristics necessary to monitor and control critical functions during normal, abnormal, and accident conditions. While building the HSI inventory during the TA, characteristics such as alarm conditions, indication range and resolution, control function modes and accuracy, procedure applicability conditions, and backup controls for automated functions are established. Grouping of HSI elements in the TA leads to HSIs that are designed for specific tasks and reduces reliance on system-based HSIs and navigation between screens. Task support requirements are defined in the TA and may be implemented during HSI design or tracked in the Human Factors Engineering issue tracking system for resolution by appropriate engineering disciplines.

The S&Q analyses (Section 18.5) are used to provide input to the HSI design by influencing the HSI hierarchy and navigation concepts, allocation of controls and indications to individual video display units (VDUs), and overall MCR layout. The S&Q analyses also validate the MCR crew complement and individual responsibilities.

Important human actions (Section 18.6) identified from the Probabilistic Risk Assessment and deterministic analyses are considered in the HSI design to minimize the probability that errors could occur and maximize the probability that any error made will be detected.

18.7.2.1.2 System Requirements The HSI design incorporates pertinent design considerations based on accepted HFE principles and industry standards. In addition, the design incorporates high-level design considerations identified during preliminary analyses, such as maintaining situational awareness with a highly automated system, and acceptable workload levels with multiple units assigned to a single operator.

There are no known I&C platform system constraints related to the MCR layout optimization for monitoring and control of multiple units.

NuScale US460 SDAA 18.7-2 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design 18.7.2.1.3 Regulatory and Other Requirements The HSI design is consistent with the guidance in NUREG-0711, Revision 3, and NUREG-0700, Revision 3, which are incorporated into the HSI Style Guide.

18.7.2.2 Concept of Operations The concept of operations describes how the design, systems, and operational characteristics of the plant relate to the organizational structure, staffing, and management framework. The concept of operations informs and guides the design and engineering effort as it relates to the HSI and supporting equipment. It provides an overview of the individual roles, operations staffing, crew structure, and operating techniques that are used by the operating crews. The concept of operations is refined as the design, engineering, and simulator evaluation associated with safety analysis, system design, control system automation, and HSI progresses.

The concept of operations specifies the following:

staffing levels and crew composition

roles and responsibilities of each crew member

information available to individual operators and the entire crew

division of tasks and supporting HSIs between the MCR and local control stations (LCSs)

main control room and workstation layout and the implications for operations and tasks

crew coordination and communication

relationship and interaction of crew, computer-based procedures, and plant automation through the HSI 18.7.2.3 Human-Systems Interface Concept Design 18.7.2.3.1 Concept of Use Licensed operators in the MCR and operating crews outside the MCR are responsible for power production and safe operation of each unit as well as the overall NuScale Power Plant. To achieve these objectives, the operators assume the following roles and responsibilities:

monitoring structures, systems, and components performance

operating local and remote structures, systems, and components

commanding automated sequences

directing subordinate operators to perform procedures

monitoring the performance of automated sequences and procedures

interrupting and reprioritizing automated sequences or procedures NuScale US460 SDAA 18.7-3 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design

summoning additional resources to expand capabilities

monitoring and evaluating technical specification conditions

surveillance testing

reviewing trends

responding to off-normal conditions

responding to plant notifications

establishing plant conditions to support preventative or corrective maintenance

maneuvering the plant

performing emergency response duties such as off-site notifications

performing non-emergency off-site reporting

maintaining a narrative log of events and activities relevant to the plant site

communicating plant status, constraints, and planned actions to the appropriate stakeholders The HSIs facilitate the operators' abilities to perform these activities and provide the controls, indications, alarms, and procedures necessary for the operators to carry out their responsibilities.

Automation performs functions associated with parameter and process monitoring, defined sequence functions, continuous process control, alert and alarm monitoring, safety limit monitoring, and automatic safety functions.

Operators interface with automated functions via a digital control screen in most aspects of operation. Operators employ automation to place equipment into service, conduct tests, and control processes.

Operators monitor and evaluate automated functions, and intervene when it becomes apparent that the automation has failed or is no longer appropriate for the current or planned plant conditions. Operators may also elect to share control with the automation or assume control of the automated function.

Operators communicate with crew members routinely to share information, confirm receipt of information, recommend actions, and give direction. The means of communication is commensurate with the type of information that is being communicated (e.g., basic information to be passed to a single teammate, or urgent information to be passed to multiple crew members).

Technologies to support teamwork and communication include individual and group HSI notification techniques as well as verbal, phone, and email.

The design provides for the operation and control of multiple units and common plant systems from a single control room. The control room layout provides for the following:

a bank of VDUs configured with spatially-dedicated, continuously visible HSIs (e.g., post-accident monitoring variables)

NuScale US460 SDAA 18.7-4 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design

a minimum of four sit-down operator workstations, each providing access to HSIs for all units

a dedicated stand-up control panel for each unit allowing for focused operation

a dedicated stand-up control panel for shared or common systems The HSIs displayed on the sit-down workstations and selected stand-up control panel VDUs are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage any unit chosen by the operator during normal, abnormal, emergency, shutdown, and refueling operations.

18.7.2.3.2 Human-System Interface Conceptual Design Overview Iterative Methodology The HSI conceptual design is developed using an iterative methodology incorporating the HSI design inputs discussed in Section 18.7.2.1. The iterative design and evaluation approach serves to

guide the selection of one design from multiple candidate designs.

answer open HFE questions related to situational awareness, workload, and staffing.

identify and eliminate HFE issues from the design early in the process.

Feedback from the results of testing on HSI prototypes (Section 18.7.2.5) is also incorporated in the detailed design. This feedback incorporation provides a high degree of confidence in the HSI design before implementation and verification and validation activities (Section 18.10).

The iterative nature of the HSI design is closely connected with other HFE Program activities. As part of the design effort, the HFE team presents findings to and solicits input from other design disciplines, as appropriate.

Survey of State-of-the-Art Human-System Interface Technologies The state-of-the-art HSI technology is established with an emphasis on adaptability, principles, and design patterns and serves the needs of the NuScale Power Plant. Various options are evaluated for human usability and technical feasibility. Specific software and hardware development is not the scope of the survey; however, an understanding of the state-of-the-art software and hardware technologies provides insight for development of the functional and procurement specifications for the HSI platform.

NuScale US460 SDAA 18.7-5 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design Human-System Interface Conceptual Design Documentation The Concept of Operations (Section 18.7.2.2) and the Human-System Interface Style Guide (Section 18.7.2.3.3) are developed during the HSI conceptual design stage.

These documents are revised, as necessary, during detailed design consistent with findings from testing and analyses.

Conceptual Sketches A template screen (conceptual screen sketch) is developed for each major portion of the HSI (e.g., task-based screens, computer-based procedure screens, and overview type screens). Representative screens and task sequences are selected for demonstrating key concepts, features, and interactions and for providing grounds for analysis and feedback from other disciplines. Screen sketches incorporate the best current understanding of design principles as outlined in the HSI Style Guide. Conceptual sketches are produced for multiple candidate approaches and are maintained as design records.

Rapid Prototyping Based on the latest conceptual sketches and feedback from other disciplines, mock-ups or prototype screens, integrated with a software simulator of the system, are developed for evaluation. While the prototype provides a realistic user experience with the system, this effort focuses on testing design concepts and soliciting feedback. Rapid development aims for code modifiability and reusability for fast subsequent development iterations.

18.7.2.3.3 Human-System Interface Style Guide The HSI design employs a style guide for various types and formats of HSIs.

The HSI Style Guide applies to the MCR, the Emergency Response facilities, and other HSIs throughout the plant.

The style guide addresses the form, function, and operation of the HSIs included in the design. For screen-based HSIs, design considerations include the environment in which the HSIs are to be used (e.g., colors, brightness and contrast, ambient lighting, and element spacing). Factors such as accessibility, lighting, air quality, heat and humidity, and radiation zones are also considered in the design of HSIs.

A style guide section is specifically developed for the different types of HSIs at the applicable stage in the design process. NUREG-0700, Revision 3, serves as the initial source for the development of the style guide. New sections are added or existing sections revised as more details or new guidance are needed, or if analyses such as OER, FRA and function allocation, or TA determine a need for further guidance. The Human Factors Engineering issue tracking system is used to track the specific needs.

NuScale US460 SDAA 18.7-6 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design The style guide section for VDU-based HSIs is used for the MCR, facilities that use HSIs derived from the MCR, and LCS human-system interfaces. The HSIs on the VDU-based LCSs are MCR derivatives. For vendor-supplied LCSs, the HFE Program scope is limited to ensuring that those interfaces adhere as closely as possible to applicable guidelines from NUREG-0700.

Inputs from the vendor-supplied LCSs are replicated on the VDU-based HSI on an as-needed basis.

In the initial stages of HSI design, while the number of screens and complexity of interaction between screens are low, individual guidelines in the style guide are stated in general terms. As the HSI design progresses, style guide details increase and use precise, easily observable guidance statements for consistency and supplement with graphical examples, as needed. The guidance includes specific definition of colors in the color palette, equipment symbols, and size and type of text font.

The style guide is in a format that is readily accessible and usable. It is also easily modified as the design progresses or new guidance emerges. The reference section in the style guide provides the guides source documents.

18.7.2.4 Human-System Interface Detailed Design and Integration The objective of the detailed design and integration phase is to validate, using performance-based tests, that the integrated system design (e.g., hardware, software, procedures and personnel elements) supports the safe operation of the plant.

The HSI detailed design and integration is performed using outputs from the planning and analysis phase of the HFE Program (e.g., HFE Program elements OER, FRA and function allocation, TA, S&Q, and analysis for treatment of IHAs, as seen in Sections 18.2 through 18.6). In addition to these HFE Program elements, the HSI Design Team also takes into consideration the design features discussed in the following section.

18.7.2.4.1 General Considerations Minimizing Errors in Performance of Important Human Action The HSI design incorporates features to minimize the probability of operator error in the performance of IHAs and to provide for early detection of errors, should they occur. For example, one of the features requires a minimum of two actions for VDU controls (i.e., an action to call up the control function on the VDU [a pop-up window] and an action to actuate the control). This two-step actuation process reduces the potential for erroneous operator actions that could cause a transient.

Bases for Human-System Interface Layout The layout of workstations (number and location of VDUs) in the MCR, the arrangement or hierarchy of the individual HSI screens for each workstation, NuScale US460 SDAA 18.7-7 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design and the arrangement of the workstations within the MCR are based on job analysis, frequency and sequence of use, and the roles of operators defined during S&Q analysis.

The concept of operations provides an operating strategy of one reactor operator monitoring multiple units and transfers responsibility for units to other operators when events occur that challenge the operator's ability to monitor the remaining units. Each licensed operator is able to monitor any unit.

Because any sit-down station may be required to monitor multiple units, a minimum equivalent of four VDUs is necessary to effectively monitor the status of all units, alarms, and procedures or processes.

Each of the stand-up workstations has a minimum equivalent of five VDUs and the ability to manually initiate protective functions. The uppermost display provides an overview for that unit so that other MCR personnel can quickly determine unit status. The HSIs displayed on the lower displays are navigable and contain the alarms, controls, indications, and procedures necessary to monitor and manage the corresponding unit during normal, abnormal, emergency, and shutdown operations.

The HSI layout in the MCR is designed to support minimum, nominal, and enhanced staffing levels during a range of operating plant modes. Shared system displays and overview VDUs can be observed from multiple locations within the MCR. Unit workstations are spaced to allow sufficient room for side-by-side operation at adjacent unit workstations.

The Emergency Operations Facility and Technical Support Center HSIs are derived from the main control room HSIs and designed to support various staffing arrangements within those facilities.

Human-System Interface Support for Inspection, Maintenance, and Testing The HSI design supports inspection, maintenance, test, and repair of plant equipment. The information records management system is used to control work and manage component tagging for out-of-service conditions. The information records management system is also used to communicate status information with the plant HSI, which uses shading and a color scheme to alert the operators of equipment status conditions on the system display VDU.

Human-System Interface Support for Staffing Conditions The HSIs support minimum staffing. The passive features, modular design, and high degree of automation incorporated in the design result in a reduction in the number of alarms, controls, displays, and procedures. The automation, along with the reduced task burden of managing the HSIs, enhances the ability of operators to maintain situational awareness of overall plant conditions. The use of minimum staffing to operate the plant safely is confirmed through the S&Q element of the HFE Program.

NuScale US460 SDAA 18.7-8 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design The HSI design activity includes the MCR facility, which is sized to accommodate enhanced staffing needed during crew meetings, shift turnover, and additional staffing during operating conditions such as refueling and accident conditions.

Reducing Human Performance Errors and Fatigue The features incorporated into the design enhance human performance by reducing operator fatigue. Automation of plant functions reduces operator repetitive tasks. Simplified plant design and increased automation result in a reduced need for navigation between individual screens. The arrangement or hierarchy of individual screens is based on job analysis, the frequency and sequence of use, and operator role to increase the simplicity of navigation.

Task-based displays are incorporated to reduce navigation steps during procedure use. Video display units are designed for pointing device (mouse) operation.

In addition, the detailed design of the MCR facility optimizes facility attributes that are known to affect fatigue, such as lighting, ergonomics, and physical layout.

Environmental Conditions for Optimal Operator Performance Environmental conditions in the MCR including temperature, humidity, air quality, and radiation protection are controlled using Regulatory Guide 1.196.

Design of auxiliary systems such as heating, ventilation, and air conditioning systems, and lighting systems incorporate inputs from the HFE team.

Human-System Interface Modifications in an Operating Plant The Human Performance Monitoring Program (Section 18.12) evaluates HSI design change proposals against the analyses and design bases established for the as-built design.

18.7.2.4.2 Main Control Room The HSI design addresses the following parameters in accordance with the guidance provided in NUREG-0711, Revision 3. Reference 18.7-1 documents the means by which the HSIs related to these parameters are displayed, as follows:

safety display and indication system

bypassed and inoperable status indication

relief and safety valve position monitoring

containment monitoring

core cooling

post-accident monitoring NuScale US460 SDAA 18.7-9 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design

leakage control

radiation monitoring

manual initiation of protective actions

diversity and defense-in-depth

important human actions

computer-based procedure platform The computer-based procedures are designed in accordance with the guidance of NUREG-0700, Revision 3, Section 8, and Section 1 of Digital Instrumentation and Controls Interim Staff Guidance (DI&C ISG-5). Paper copies of selected procedures are available as backup.

18.7.2.4.3 Technical Support Center, Emergency Operating Facility, Waste Management Control Room, and Module Maintenance Center The Emergency Operations Facility and Technical Support Center comply with the guidance in NUREG-0696, Functional Criteria for Emergency Response Facilities. The HSIs in the Technical Support Center and Emergency Operating Facility are derivatives of the main control room HSIs and comply with the HSI Style Guide; however, these HSIs are for information display only. No control functions are provided in any of the Emergency Response facilities. Similarly, the HSIs in the Waste Management Control Room and Module Maintenance Center are also derivatives of the main control room HSIs. These locations provide both monitoring and control capabilities.

18.7.2.4.4 Local Control Stations The HSIs on the VDU-based LCSs are derived from main control room HSIs.

For vendor-supplied LCSs, the HFE Program scope is limited to ensuring that those interfaces adhere to guidelines from NUREG-0700, Revision 3, as closely as possible. Inputs from the vendor-supplied LCSs are replicated on the VDU-based HSI on an as-needed basis.

18.7.2.4.5 Degraded Instrumentation and Controls and Human-System Interface Conditions The HSI is designed to accommodate I&C and HSI system failures.

Procedures govern operator identification of and response to the various failure modes.

Failures of I&C sensors are accounted for in the diversity and defense-in-depth coping analysis as discussed in Section 7.1, Fundamental Design Principles. Redundant sensors are provided within system trains and safety systems have multiple trains. Alarm response procedures guide trouble shooting activities by the operator.

NuScale US460 SDAA 18.7-10 Revision 1

NuScale Final Safety Analysis Report Human-System Interface Design Failures of individual VDUs are accommodated by use of other VDUs at the workstation for the affected unit. Hardware failures that lead to loss of all VDUs at a workstation are accommodated by monitoring of redundant MCR workstations. If all MCR workstations are lost, all units can be shutdown either from hardwired controls in the MCR or at the module protection system cabinets. Monitoring of these shutdown units may be performed at any location with a suitable HSI.

Selected automated functions have manual backup at the MCR workstation, LCSs, or a combination of the two. Failures of automation sequences are alarmed in the MCR. Operators also monitor automation for expected plant response and detect automation failures when plant response is not as anticipated.

The design incorporates multiple communication systems, as described in Section 9.5.

Task analysis includes consideration of loss of HSIs that support IHAs.

18.7.2.5 Human-System Interface Tests and Evaluations Human-system interface design tests and evaluations include trade-off evaluations and performance-based tests.

Trade-off evaluations pertain to comparing HSI design approaches and consideration of alternatives. In comparing HSI design approaches, consideration is given to techniques that enhance human performance for performance of tasks, including IHAs.

Performance-based tests are performed to validate that the integrated system design (e.g., hardware, software, procedures, and personnel elements) supports the safe operation of the plant. The staffing plan validation is a performance-based test that is discussed in Section 18.5.

18.7.3 Results The results of HSI activities are compiled in an RSR that is consistent with the methodology described in Reference 18.7-1 and the guidance in the applicable portion of NUREG-0711, Revision 3.

18.7.4 Reference 18.7-1 NuScale Power, LLC, "Human Factors Engineering Human-System Interface Design Implementation Plan," TR-130417, Revision 0.

NuScale US460 SDAA 18.7-11 Revision 1

NuScale Final Safety Analysis Report Procedure Development 18.8 Procedure Development Procedures are essential to plant safety because they support and guide personnel interactions with plant systems and personnel responses to plant-related events. The procedure development program incorporates human factors engineering principles and criteria, along with other design requirements, to ensure that procedures are technically accurate, comprehensive, explicit, easy to use, validated, and in conformance with 10 CFR 50.34(f)(2)(ii).

The design supports both hard-copy and computer-based procedures.

The infrastructure and functionality for the computer-based procedure content is integrated into the human-system interface design. The NuScale Power Plant concept of operations specifies the relationship and interaction of crew, computer-based procedures, and plant automation through the human-system interface. The concept of operations is further discussed in Section 18.7.

Section 13.5 provides additional information on procedure development.

NuScale US460 SDAA 18.8-1 Revision 1

NuScale Final Safety Analysis Report Training Program Development 18.9 Training Program Development Training of plant personnel is an important factor in ensuring safe and reliable operation of a nuclear power plant. The training program provides reasonable assurance that plant personnel have the knowledge, skills, and abilities to properly perform their roles and responsibilities.

Section 13.2 describes the licensed operator training program.

NuScale US460 SDAA 18.9-1 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10 Human Factors Verification and Validation The human factors verification and validation (V&V) element of the Human Factors Engineering (HFE) Program confirms that the final HFE design conforms to accepted HFE design practices and principles, and supports plant personnel in the safe and reliable operation of the plant.

This section summarizes the methodology for performing the V&V activities contained in the Human Factors Engineering Verification and Validation Implementation Plan (Reference 18.10-1). The methodology is consistent with the applicable provisions of NUREG-0711, Revision 3.

Upon completion of the V&V activities, the results are summarized in a results summary report (RSR).

18.10.1 Objectives and Scope The objective of the human factors V&V program is to verify that the final HFE design conforms to accepted HFE design practices and principles, while enabling plant personnel to successfully perform their tasks to ensure plant safety and operational goals. Specifically, the V&V program confirms that the final HFE design

conforms to the specified design.

conforms to appropriate design criteria.

performs within acceptable limits under analyzed operating modes and conditions.

provides the complete set of alarms, controls, indications, and procedures needed to support the personnel tasks as identified in the task analysis (TA).

supports plant personnel in the safe and reliable operation of the plant.

The scope of the program includes the alarms, controls, indications, and procedures applicable to the main control room (MCR). The Emergency Operations Facility and the Technical Support Center comply with the guidance of NUREG-0696, Functional Criteria for Emergency Response Facilities. The human-system interfaces (HSIs) in the Technical Support Center and the Emergency Operations Facility are derivatives of the main control room HSI and comply with the HSI Style Guide; however, these HSIs are for information display only. No control functions are provided in the Emergency Response facilities. For these facilities, the V&V program scope is limited to defining the plant data and voice communication requirements.

18.10.2 Methodology The V&V methodology addresses the following four major V&V activities:

sampling of operational conditions

design verification

integrated system validation (ISV)

human engineering discrepancy (HED) resolution NuScale US460 SDAA 18.10-1 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation These activities are discussed in the following sections.

18.10.2.1 Sampling of Operational Conditions The sampling of operational conditions process is used to identify a broad range of operating conditions to guide selection of the HSIs reviewed during HSI design verification and ISV activities (Section 18.10.2.2 and Section 18.10.2.3). The sample is deemed representative of the operating conditions if the conditions' safety significance, risk, and challenges to the operating crew are within the range of events that operators are expected to encounter during the plant's life.

The sampling of operational conditions process includes defining the sampling dimensions and scenarios.

18.10.2.1.1 Sampling Dimensions A range of plant operating conditions, personnel tasks, and situational factors are considered in the sampling process. Plant operating conditions considered in the sampling process include

normal operating conditions including startup, shutdown, applicable portions of refueling, low-power operation, and significant power changes.

instrumentation and controls and HSI failures, and degraded conditions.

transients and accidents.

The sampling process considers personnel tasks, including

important human actions (IHAs) and factors contributing to risk (Section 18.6).

protective functions initiated by manual meanseither planned or as backup to automation.

monitoring of automation sequences.

tasks identified as problematic during operating experience review (Section 18.2).

procedure-guided tasks from normal, abnormal, emergency, and alarm response procedures.

tasks not well-defined by detailed procedures (e.g., knowledge-based tasks).

tasks requiring diverse use of human cognitive abilities.

tasks requiring a range of interactions among plant personnel (e.g.,

personnel interactions within the MCR and among MCR operators and personnel at other locations such as the Technical Support Center and the Emergency Operations Facility) and among MCR operators and non-plant personnel.

NuScale US460 SDAA 18.10-2 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation The sampling process considers situational factors, especially those known to challenge human performance. These factors include

high-workload and multi-tasking situations.

varying-workload or workload transition situations (e.g., abrupt increase or decrease in number of alarms or indications needing monitoring).

fatigue-inducing situations (e.g., repetitive and high frequency tasks, night shift).

environmental factors (e.g., noise, temperature, normal expected variation in MCR lighting).

18.10.2.1.2 Identification of Scenarios The selected scenarios are those that

have both positive and negative outcomes.

require varying degrees of administrative burden (e.g., simulator set-up, instructor input).

minimize the use of well-known and well-structured sequences (e.g.,

textbook design-basis accident mitigation).

can be performed on a simulator.

To avoid or minimize bias, goals and conditions are established and incorporated for each scenario to be selected.

18.10.2.1.3 Scenario Definition Scenarios are performed on a simulator for design verification, and to perform ISV. Simulator scenarios provide a consistent, objective, and high fidelity environment. The scenarios are selected during the sampling of operational conditions and development processes. The scenarios involve major plant evolutions or transients, reinforce team concepts, and identify the role of each individual within the crew. Tasks performed by operators remote from the MCR are modeled in the ISV scenario and realistically simulate effects on personnel performance due to potentially harsh environments.

Scenarios are selected to confront the crew with challenging normal conditions and abnormal events containing multiple and unanticipated failures.

Scenario definition is complete when each sampling of operational conditions criterion is addressed at least once in at least one scenario.

18.10.2.2 Design Verification Human-system interface design verification includes HSI inventory and characterization, HSI task support verification, and HFE design verification.

NuScale US460 SDAA 18.10-3 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10.2.2.1 Human-System Interface Inventory and Characterization Human-system interface characterization defines the functionality of the HSI.

The scope of HSI inventory includes alarms, controls, indications, procedures, and automation for the HSI that personnel require to complete the tasks covered in the validation scenarios identified by the sampling of operational conditions. The list of HSI inventory includes aspects of the HSI used for managing the interface, such as navigation and retrieving displays, use of automation, use of embedded procedures, management of notifications and alarms, as well as the aspects that control the plant.

The HSI inventory and characterization information is verified using the control room simulator. The simulator advances the HSI characterization by providing the verifier with a desktop interface that simulates indications, controls, alarms, procedures, and control panels as well as the means of navigation between elements. The simulator also supports inventory and characterization of non-screen-based HSI (e.g., voice communication). The simulator allows the verifier to confirm the visual aspects of the HSI during HSI task support verification, including conformance to the HSI Style Guide during HFE verification. Human-system interface task support verification related to performance (e.g., accuracy and dynamic response) is also supported by the simulator.

18.10.2.2.2 Human-System Interface Task Support Verification Human-system interface task support verification confirms that the HSI design accurately reflects the HSI inventory and characterizations required by the TA.

The HSI support verification is based on the TA results that define the inventory and characterization for the alarms, controls, indications, procedures, automation, and task support needed to execute operator tasks, including manual tasks, automation support tasks, and automation monitoring tasks. The most recent TA results provide the basis for task support verification.

In addition to the most recently completed TA, the task support verification is based on

the HSI inventory characterization including detailed descriptions of the final HSI design.

review of the alarms, controls, indications, procedures, automation, and system navigation capabilities.

HSI screen shots and drawings, as applicable.

The HFE team conducting HSI task support verification performs a comparison of the personnel task requirements identified by the TA with the available alarms, controls, indications, and procedures in the HSI inventory.

The team uses a verification procedure to control bias and improve consistency.

NuScale US460 SDAA 18.10-4 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Results of the task support verification are documented in the V&V results summary report (Section 18.10.3).

An HED is written when an HSI

is needed for completion of a task and is not identified or not available.

is identified as available but is not needed for any task.

does not meet the established requirements for the task.

The HSI deficiency is evaluated and corrected using the HED process.

18.10.2.2.3 Human Factors Engineering Design Verification Human Factors Engineering design verification is conducted to confirm that HSI characteristics conform to HFE guidelines as represented in the HSI Style Guide (Section 18.7). The style guide contains guidelines that are tailored so they describe the implementation of HFE guidance for the design.

The style guide provides the criteria for HFE design verification.

To ensure consistency of results and to control analyst bias, HFE design verification is conducted in accordance with written procedures.

Human engineering discrepancies are created for HSIs that do not meet the HFE design criteria. Subsequent HED evaluation determines the extent of the discrepancy and potential indicators of additional issues across the HSI. The sampling based on operational conditions is expanded to encompass other display and control formats of the HSI, if determined to be necessary.

18.10.2.3 Integrated System Validation Integrated system validation confirms that the integrated system design (e.g.,

hardware, software, procedures, and personnel elements) supports the safe operation of the plant. Validation is achieved using performance-based tests and by performing the ISV scenarios using a fully-developed simulator. Development of scenarios is discussed in Section 18.10.2.1. Performance measures used for assessing ISV results are described in Section 18.10.2.3.5.

The ISV is performed after HEDs identified during verification reviews are resolved and resulting design changes implemented on the simulator.

18.10.2.3.1 Validation Team The validation team performing the ISV consists of the test team (test administrators, operations and HFE observers, and simulator operators) and operating crews. The test team administers the ISV and collects data via questionnaires, post-scenario debriefing, personal observations, and simulator-archived data. The operating crews are assigned to roles appropriate to their skill and knowledge level within each scenario.

NuScale US460 SDAA 18.10-5 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Operating crews are prevented from obtaining advanced knowledge of the specific ISV scenarios, as appropriate. Bias is reduced by obtaining results by consensus of the test team, rather than individual observations.

18.10.2.3.2 Test Objectives The objectives of the ISV are to validate

the acceptability of the shift staffing level for all plant conditions, assignment of tasks to crew members, and crew coordination within the MCR, among the MCR and local control stations and support centers, and with individuals performing tasks locally.

the design capability for alerting, informing, controlling, and feedback to enable successful completion of personnel tasks during normal plant evolutions, transients, design-basis accidents, and under selected risk-significant events beyond-design-basis, as defined by sampling of operational conditions.

personnel tasks can be accomplished within the time and performance criteria, with effective situational awareness and acceptable workload levels that balance vigilance and personnel burden.

the HSI minimizes personnel error and ensures error detection and recovery capability if errors do occur.

the assumptions about performance of IHAs.

18.10.2.3.3 Validation Testbeds The principal validation testbed for the ISV is the control room simulator. The fidelity of the simulator model and HSI is verified to represent the current, as-designed NuScale Power Plant before use of the simulator as the testbed for the validation.

Discrepancies found during the simulator verification are corrected before starting the ISV. Alternately, if the simulator represents a more recent version of the HSI than was previously verified, the verification is reconfirmed on the simulator.

The validation testbed attempts to accurately simulate the plant MCR environment. Where this is not achievable by the testbed, an exception is taken and noted in the human factors V&V results summary report. If necessary, changes are also made to the ISV test procedure to reflect the alternate testbed configuration. In the event the validation team considers testbed discrepancies to affect specific aspects of the validation results, an HED is generated to document the discrepancy. The HED is resolved in accordance with the HED resolution process (Section 18.1).

The testbed represents a complete and integrated system with HSI and procedures not specifically required in the test scenarios. The testbed further NuScale US460 SDAA 18.10-6 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation represents interfaces (e.g., communications) with other remote locations and local control stations to provide an integrated system.

The testbed's HSI and procedure functionality is represented by

a high degree of physical fidelity in the HSI and procedures, including accurate presentation of alarms, controls, indications, procedures, automation, job aids, communications, interface management tools, layout, and spatial relationships.

a testbed, which is a replica in form, appearance, and layout of the MCR design implemented in the physical plant.

a high degree of functional fidelity in the HSI and procedures so the HSI functions are available and the HSI component modes of operation, types of feedback, and dynamic response characteristics operate in the same way as designed in the plant.

The testbed's environmental fidelity is such that it is representative of the physical plant with regard to lighting, noise, temperature, humidity, and ventilation characteristics. In cases where the testbed cannot accurately simulate the environment, the ISV captures Human Factors Engineering issue tracking system entries for further evaluation and resolution.

The testbed's high degree of fidelity for data completeness, content, and dynamics is demonstrated by

information and data provided to personnel represent the complete set of plant systems monitored and controlled from that facility.

the alarms, controls, indications, and procedures presented are based on an underlying model that accurately reflects the plant design.

the plant model provides input to the HSI in a manner such that information flow and control responses occur accurately and in the correct response time. Information is provided to personnel with the same delays that occur in the plant.

The design has no IHAs that are conducted outside of the MCR. In the event that a remote IHA is required, the testbed uses mock-ups to verify human performance requirements for IHAs conducted at HSIs remote from the MCR.

18.10.2.3.4 Plant Personnel Individual operating crews participating in the ISV (Section 18.10.2.3) as test subjects may be previously licensed commercial reactor or senior reactor operators, operators with U.S. Navy nuclear experience, or independent design engineering staff familiar with the design. The personnel participating in ISV are trained, qualified, and are assigned to roles commensurate with their experience, skill, and knowledge level.

NuScale US460 SDAA 18.10-7 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Crew participants do not include those who supported the ISV test development and pilot test, are involved in the design of the HSI, or are part of the V&V team.

Crew size for the validation tests ensures that the HSI supports operations and event management. This range includes the minimum, nominal, and higher operating crew levels, as defined during the HFE Program staffing and qualifications element (Section 18.5) for positions such as senior reactor operator and reactor operator, for all plant modes. The crew size for each scenario is identified in the ISV test procedure.

The ISV includes at least one scenario with more than minimum crew staffing as defined in the staffing and qualifications element (e.g., additional licensed operators to complete a complex evolution) to simulate conditions during times of high control room traffic, distractions, and environmental loading. The roles of the additional personnel and their interaction with the operating crew are determined by the scenario developers based on meeting the test objectives and goals, and by applying the sampling of operational conditions criteria.

18.10.2.3.5 Performance Measurement Performance measures for ISV include plant performance, personnel task performance, situational awareness, cognitive and physical workload, and anthropometric or physiological factors. Test acceptance criteria are associated with clear and objective measures whereas diagnostic measures are associated with supporting details or additional insight into observations and conclusions.

18.10.2.3.5.1 Types of Performance Measures Plant performance resulting from operator action or inaction includes plant process data and component status (e.g., on or off; open or closed) as a function of time at as many locations in the plant simulation as possible.

Plant components that provide plant process data or component status in the plant are simulated with full fidelity. The testbed has the ability to record plant process data and component status (including state changes) for the duration of the ISV scenarios.

For each scenario, primary and secondary tasks that are required to be performed are identified and assessed. Primary tasks are those involved with function and task completion including detection, assessment, planning, and response. Performance measures for tasks are assessed based on the complexity of the task. For example, simpler, rule-based tasks measure time and accuracy. More complex knowledge-based tasks (e.g., detection, seeking additional data, making decisions, or taking actions) use more detailed performance measures.

Secondary task performance measures reflect the workload associated with HSI manipulations for maintaining the overall plant. Test personnel NuScale US460 SDAA 18.10-8 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation evaluate secondary tasks in conjunction with primary tasks to observe effects on overall performance and workload, both at individual and operations crew level.

Personnel task performance measurements are selected to reflect those aspects of the task that are important to system performance (e.g., time, accuracy, frequency) and are used depending on the particular scenario.

For knowledge-based tasks, more detailed data (e.g., number of navigational steps, accuracy of actions) are collected in order to assess the complexity of the crew actions.

Objective measures of individual and crew performance are also collected during validation scenarios and are used in the evaluation. These include

video recordings of operator performance.

the alarm history log.

operator control interactions.

plant variable control interactions (resulting from operator controls).

component status change.

the HSI use log (display screen request history and operational history).

Video recording documents operator actions as they are performed, thus allowing comparison to what is expected. Comparison of actual to expected actions is an important method to identify errors of omission and commission.

To measure situational awareness, ISV applies a combination of objective measures and subjective post-scenario questionnaire methods.

Performance measures for situational awareness are obtained using non-intrusive human performance measures as well as subjective questionnaires.

To measure cognitive workload, the ISV monitors crew performance and employs questionnaires and observations of operators' ability to gather specific plant information.

Anthropometric and physiological performance measures are employed during ISV to assess those aspects of the design that cannot be evaluated during design verification. Anthropometric and physiological performance measures evaluate how well the HSI supports plant personnel in monitoring and controlling the plant. Anthropometric challenges are collected through observations by test personnel during the scenarios or during review of video recordings.

NuScale US460 SDAA 18.10-9 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation 18.10.2.3.5.2 Performance Measure Information and Validation Criteria Subjective assessments of the HSI and its impact on performance, including self-ratings of workload, situational awareness, and teamwork, are conducted by the validation team. Operator feedback on the HSI is collected via post-scenario debriefs and questionnaires. Operator feedback includes scale rating questions and open feedback (long answer) questions.

Objective data (e.g., video recording, administrator observations) collected during test scenarios are analyzed, as necessary, to assess impacts of operator actions on plant processes and equipment states. The analysis compares the performance derived from parameters and times collected by the simulator to the evaluation criteria for operator actions and for overall plant process behavior developed for each scenario.

The test team documents its observations on post-scenario observer forms after the scenarios. Observations include individual assessment of crew performance (including observed performance issues), technical and teamwork performance, crew size sufficiency, and potential HEDs.

The operating crews also document their feedback on a post-scenario observer form, similar to that used by the test team, after the scenario.

The data collected from subjective and objective sources are analyzed by the test team to determine the sufficiency of the HSI design.

18.10.2.3.6 Test Design Test design is a process of developing scenarios, test planning, and conducting ISV with a goal of permitting the observation of integrated system performance while minimizing bias.

The test design characteristics that are important to support ISV validity include scenario sequencing, test procedures, test personnel training, participant training, and pilot testing.

18.10.2.3.6.1 Scenario Sequencing For selection of crew or the order of scenario presentation, the industry standard guidance of NUREG/CR-6393, January 1997, is used.

18.10.2.3.6.2 Test Procedures Before the start of ISV, detailed test procedures are prepared to manage the tests, ensure consistency, control test bias, support repeatable results, and focus the test on the specific scenario objectives. Scenario developers use test procedures to build the scenario set, and the test team uses them to set up each scenario, manage the scenario, and analyze the test results.

NuScale US460 SDAA 18.10-10 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Integrated system validation test procedures are designed to minimize the introduction of bias by both the test team and operating crews.

18.10.2.3.6.3 Training Test Personnel Before the start of ISV, the test team is trained on plant systems, the HSI, and ISV test procedures. Training consists of both classroom and simulator time with well-defined training goals and emphasis on the use of test procedures, documenting the problems identified during testing, and the bias and errors that test personnel may introduce into the data.

18.10.2.3.6.4 Training Test Participants Test participants training topics are similar to those for plant operators, including plant systems, the HSI, plant events, and operating procedures.

Test participants are not privy to the test scenarios before commencement of the scenarios.

To ensure near-asymptotic performance and a consistent level of proficiency among individuals making up the operating crews, only participants who have successfully completed the training program and have reached an acceptable level of proficiency are considered qualified for operating crew assignment.

18.10.2.3.6.5 Pilot Testing A pilot test, or pre-validation test, is conducted to

assess the adequacy of the test design, performance measures, and data collection methods.

give observers and administrators experience in running the test.

ensure that the ISV runs smoothly and correctly.

The pilot test is conducted by a test crew that does not participate in an ISV.

18.10.2.3.7 Data Analysis and Human Engineering Discrepancy Identification Test data are analyzed using both quantitative and qualitative methods. The analysis identifies the relationship between the observed and measured performance and the established acceptance criteria described in Section 18.10.2.3.5.

The broad-reaching testing and number of performance measures to be evaluated limit the ability to perform statistical analyses. Testing of multiple scenarios with multiple crews (generally, each crew develops a different strategy) makes it impractical to arrive at conclusions based on performance of the population or deviations from a norm. Therefore, the test team NuScale US460 SDAA 18.10-11 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation determines causal factors by evaluating instances of performance measures not being met.

Design-related deficiencies identified for indications, controls, alarms, or procedures are documented in an HED. Previous HFE Program elements may need to be evaluated to resolve the deficiency. The HSI design is not considered validated until priority 1 or priority 2 HEDs initiated as a result of ISV are resolved. Test-related deficiencies are documented in the Human Factors Engineering issue tracking system and may result in changes to the test procedure or scenario definition.

Human engineering discrepancies resulting from ISV are prioritized according to importance.

Priority 1 HEDs are those that have a potential direct or indirect impact on plant safety and are resolved before HFE verification and validation is considered complete. Human engineering discrepancies initiated as a result of a performance measure not being met (pass or fail performance measures) are priority 1 HEDs. Cross-cutting issues determined through HED analysis or performance measure analysis are priority 1 HEDs due to their potentially broad impact on the HSI design performance.

Priority 2 HEDs are those that have a direct or indirect impact on plant performance and operability. Priority 2 HEDs are determined through V&V analysis.

Priority 3 HEDs are those that do not classify as priority 1 or priority 2 HEDs.

Some HEDs are not resolved during HFE Program activities and may be ongoing due to anticipated technology or other advancements; however, all priority 1 HEDs and priority 2 HEDs are closed before design implementation completion. Priority 3 HEDs generated during and after completion of V&V that are determined to require resolution are resolved during the HFE design implementation element. Additionally, all priority 3 HEDs that require resolution are resolved by closing, or passing to the licensee as appropriate.

The HEDs are resolved and closed after further analysis by either identifying changes to the plant design, by changes to the procedures, providing training to the staff, by other administrative means, or by justifying the deviation as acceptable.

Assessments attained by different means, intended to measure the same or similar performance measures, are compared. When differing conclusions are reached, more detailed cause analysis is performed, including the review of simulator logs, and video and audio tapes, if necessary. Measuring convergence can be necessary for a single team and single scenario or for multiple teams and across several scenarios depending on the performance measure.

NuScale US460 SDAA 18.10-12 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Expert judgment is employed to infer a margin of error from the observed performance or data analysis. This method allows for the possibility that actual performance may vary slightly more than ISV test results.

Integrated system validation data analysis is reviewed to verify the correctness of the analyses of the data. Data and data-analysis tools (e.g.,

equations, measures, spreadsheets, expert opinions, resulting HEDs) are documented and available for review during HFE Program elements design integration or human performance monitoring.

18.10.2.3.8 Validation Conclusions Conclusions from the ISV are documented in the RSR. The report includes the bases for determining that the integrated system performance is acceptable, as well as the limitations in the validation tests, their possible effects on validation conclusions, and their impact on implementing the design.

18.10.2.4 Human Engineering Discrepancy Resolution To determine if the HEDs require correction, the HEDs are categorized into three principal categories (priorities 1, 2, and 3) on the basis of their impact on personnel tasks and functions, plant systems, cumulative effects, and as indications of broader issues. Section 18.10.2.3.7 contains a discussion of the three principal priorities.

Design solutions are developed and evaluated to address those HEDs that require correction. A design solution for a given HED demonstrates resolution of that HED. Consideration is given to inter-relationships of individual HEDs as part of a design solution. Evaluation of the design solution also ensures that no new HEDs are introduced.

Resolution of HEDs resulting from task support verification, design verification, and ISV is included in the human factors V&V element. Human engineering discrepancy resolution follows the general process described in Section 18.1 with the following additional requirements:

Priority 1 and priority 2 HEDs generated during task support verification are resolved (with resulting design changes completed) prior to completion of task support verification. Sampling is expanded if a significant number of HEDs are generated during task support verification to include additional TA input requirements beyond ISV scenarios.

Priority 1 and priority 2 HEDs resulting from design verification are resolved (and any resulting HSI design changes implemented in the test facility) prior to the start of the ISV. This resolution assures that ISV tests the final HSI design.

Human engineering discrepancies resulting from ISV are resolved within ISV, when practical, based on importance level and before additional testing. At the point of documenting an ISV human engineering discrepancy, completed tests are evaluated to determine the need for retesting.

NuScale US460 SDAA 18.10-13 Revision 1

NuScale Final Safety Analysis Report Human Factors Verification and Validation Human engineering discrepancies that are unresolved may be found to be acceptable following evaluation by the HFE team in the context of the integrated design. The decision for accepting an HED without change in the integrated design is based on accepted HFE practices, current published HFE literature, trade-off studies, tests, or engineering evaluations.

Human engineering discrepancy resolution is performed iteratively with V&V; that is, an HED identified during one V&V activity may be addressed before conducting other V&V activities, depending on the HED priority and its potential impact on the next phase of the V&V.

The HED resolution process involves evaluation of the HEDs to determine if they require correction, identification of design solutions to address HEDs that must be corrected, and verification that the design solutions are implemented.

As described in Section 18.1, HED evaluations are documented in the Human Factors Engineering issue tracking system. The documentation includes

related personnel tasks and functions.

related plant systems.

cumulative effects of HEDs.

HEDs as indications of broader issues.

design changes made for individual HEDs and their status.

compliance of design change with V&V evaluation criteria.

the basis for not correcting an HED.

18.10.3 Results The results of the V&V activities are compiled in an RSR. The contents of the RSR are consistent with the methodology described in Reference 18.10-1 and the applicable NUREG-0711, Revision 3 guidance.

18.10.4 References 18.10-1 NuScale Power, LLC, "Human Factors Engineering Verification and Validation Implementation Plan," TR-130415, Revision 0.

NuScale US460 SDAA 18.10-14 Revision 1

NuScale Final Safety Analysis Report Design Implementation 18.11 Design Implementation The design implementation element of the Human Factors Engineering (HFE) Program verifies that the implemented (as-built) HFE design accurately reflects the verified and validated design resulting from the HFE design process. Design implementation activities also include an evaluation of the design features that are not addressed in the human factors verification and validation (V&V) process (Section 18.10).

Design implementation is completed when plant construction is complete. Following startup, the Human Performance Monitoring Program (Section 18.12) evaluates impacts of design changes on human performance.

This section provides a summary of the design implementation methodology. A more detailed description of the methodology is provided in the Human Factors Engineering Design Implementation Implementation Plan (Reference 18.11-1). The design implementation methodology is consistent with the applicable provisions of NUREG-0711, Revision 3.

The completion of design implementation activities is confirmed by an Inspections, Tests, Analyses, and Acceptance Criteria item. This confirmation ensures that the as-built design conforms to the verified and validated design resulting from the HFE design process.

18.11.1 Objectives and Scope The objectives of design implementation are to

evaluate those aspects of the design that are not addressed in human factors V&V (Section 18.10).

confirm that the final (as-built) human-system interfaces (HSIs), procedures, and training program conform to the design HSIs, procedures, and training program.

confirm that the remaining human engineering discrepancies (HEDs) and open items in the Human Factors Engineering issues tracking system are appropriately addressed and resolved.

The HSIs, procedures, and training program evaluated for conformance apply to the main control room (MCR), Technical Support Center (TSC), Emergency Operations Facility (EOF), and certain local control stations (LCSs).

18.11.2 Methodology The methodology described in Reference 18.11-1 addresses the objectives described above and ensures that the as-built design is in conformance with the verified and validated standard design.

NuScale US460 SDAA 18.11-1 Revision 1

NuScale Final Safety Analysis Report Design Implementation 18.11.2.1 Aspects of the Human Factors Engineering Design not Verified During Verification and Validation Aspects of the HFE design that are not addressed in the HFE verification and validation include HFE aspects that cannot be performed in the simulated environment. Aspects not simulated include design characteristics, such as new or modified displays for plant-specific design features.

Features not accurately simulated include ergonomic considerations, such as background noise, as well as HSIs outside the MCR but within the HFE Program scope.

18.11.2.2 Verification of As-Built Human-System Interfaces, Facility Configuration, Procedures, and Training The methods used to verify conformance of the final HSIs, facility configuration, procedures, and training program to the final as-designed configuration (that resulted from the HFE design process and V&V activities) include configuration control, HFE review, plant walkdowns, and reviews of design changes.

For the MCR, TSC, EOF, and certain LCSs, the evaluation for conformance addresses the as-built aspects of the software and hardware configurations, facility configurations, and other aspects of the facility that are not simulated but are relevant to the overall HFE Program.

The conformance evaluation of software, hardware, and facility configurations confirms clear configuration-controlled design traceability for the HSIs (alarms, controls, indications, and procedures) and peripheral equipment. The as-built configuration is compared to drawings, specifications, and other final design documents used for integrated system validation (Section 18.10) to determine conformance. If the configuration does not conform, further HFE review is conducted to determine if the as-built design is equivalent to the verified and validated design.

Conformance assessment of facility configuration is conducted by plant walkdown and includes

physical configuration of workstations, panels, and displays.

visibility and sight lines.

accommodations for communication.

inclusion of emergency plans and personal protection equipment.

lighting.

background noise.

environmental controls and conditions (e.g., temperature and humidity).

NuScale US460 SDAA 18.11-2 Revision 1

NuScale Final Safety Analysis Report Design Implementation Evaluation of aspects of the facility that are not simulated (e.g., LCSs) but are relevant to the overall HFE Program includes

a walkdown to confirm conformance to the documentation approved by the HFE team (e.g., results of HFE analyses, style guides) and to human factors V&V conclusions.

a subject matter expert review of suitability for use of operating procedures for LCSs.

a subject matter expert evaluation of training material used for MCR, TSC, EOF, and LCS human-system interfaces.

Where the evaluation cannot confirm that the as-built HSIs, procedures, and training design are the-same-as or equivalent-to the planned design, an HED is generated and tracked as discussed below.

18.11.2.3 Verification that Human Factors Engineering Issues in Issue Tracking System are Addressed Human engineering discrepancies identified during design implementation activities are documented, evaluated, and tracked by the Quality Assurance Program and processes. The HEDs from other HFE Program elements and those generated during human factors V&V activities are addressed as follows:

HEDs affecting the integrated system validation are closed before the integrated system validation.

priority 1 HEDs are closed before submitting the V&V results summary report.

priority 2 and new priority 1 HEDs are closed prior to conducting the design implementation review.

18.11.2.4 Addressing Important Human Actions The process for identifying and evaluating potential important human actions is described in Section 18.6. The HSI design is described in Section 18.7.

18.11.3 Reference 18.11-1 NuScale Power, LLC, Human Factors Engineering Design Implementation Implementation Plan, TR-130418, Revision 0.

NuScale US460 SDAA 18.11-3 Revision 1

NuScale Final Safety Analysis Report Human Performance Monitoring 18.12 Human Performance Monitoring COL Item 18.12-1: An applicant that references the NuScale Power Plant US460 standard design will provide a description of the Human Performance Monitoring Program in accordance with applicable NUREG-0711 or equivalent criteria.

NuScale US460 SDAA 18.12-1 Revision 1

ML23304A372

Text

Navigation menu

Search