An operator support system for research reactor operations and fault diagnosis through a connectionist framework and PSA based knowledge based systems

During reactor upset/abnormal conditions, emphasis is placed on the plant operator's ability to quickly identify the problem and perform diagnosis and initiate recovery action to ensure the safety of the plant. However, the reliability of human action is adversely affected at the time of crisis due to time stress and psychological factors. The availability of operational aids capable of monitoring the status of the plant and quickly identifying the deviation from normal operation is expected to significantly improve the operator reliability.The development of operator support systems using probabilistic safety assessment (PSA) techniques and information is finding wide application in nuclear plant operation. Often it is observed that most of the applications use a rule-based approach for diagnosis as well as safety status/transient conditions monitoring. A more efficient approach using artificial neural networks for safety status/transient condition monitoring and rule-based systems for diagnosis and emergency procedure generation has been applied for the development of a prototype operator adviser (OPAD) system for a 100 MW(th) heavy water moderated, cooled and natural uranium fueled research reactor. The development objective of this system is to improve the reliability of operator action and hence the reactor safety at the time of crisis as well as in normal operation. In order to address safety objectives at various stages of development of OPAD, the PSA techniques and tools have been used for knowledge representation. It has been demonstrated, with recall tests on the artificial neural network, that it can efficiently identify the reactor status in real-time scenario. This paper discusses various issues related to the development of an operator support system in a comprehensive way, right from the study of safety objectives, to data collection, to implementation of such a system.     

Multidisciplinary perspective on accident investigation

The increasing complexity of many computer-controlled application processes is placing increasing demands on the investigation of adverse events. At the same time, there is a growing realisation that accident investigators must consider a wider range of contributory and contextual factors that help to shape human behaviour in the causes of safety-related incidents. A range of techniques have been developed to address these issues. For example (as we show in this paper), task modelling techniques have been extended from human computer interaction and systems design to analyse the causes and consequences of operator ‘error’. Similarly, barrier analysis has been widely used to identify the way in which defences either protected or failed to protect a target system from potential hazards. Many barriers fail from common causes, including misconceptions that can be traced back to early stages in the development of a safety-critical system. For instance, unwarranted assumptions can be made about the impact of training on operator behaviour in emergency situations. Similarly, barrier analysis can also be used before a system has been designed to inform the system model and make it more tolerant to errors by incorporating human and technical barriers into the design. Task models often uncover deep-rooted problems, for instance, in workload allocation across many different aspects of an interactive control system. It can be difficult to use barrier and task analysis to trace these common causes that lie behind the failure of many different defences. In order to deal with this complex combination of contributory factors and systems, we promote the use of abstraction (via models) as a way of representing these components and their interrelations whether it is design, construction or investigation. We use, to formally model an abstraction of the system. Additionally, the system model (described using a dialect of high-level Petri-nets) allows to reason about the system and to check conformance with the other models (task model, safety case and barriers). This paper, therefore, shows how an analysis of safety case arguments can be used to support the application of barrier, task, error and system analysis during the investigation of a command and control failure. The intention, in this paper, is to show that if an accident involved the failure of multiple barriers, it is also possible to trace the common causes of those failures back to the assumptions and arguments that are embodied within a safety case. Many countries require that safety cases demonstrate a system is ‘acceptably safe’ before they grant regulatory approval. These documents and the associated analytical techniques, therefore, provide a rich source of information about why command and control failures occurred. We demonstrate our approach on a fatal mining accident case study.     

Development of a Structured Methodology for Knowledge Elicitation: Applications to Flexible Manufacturing Systems

While automation in the discrete parts manufacturing industry has increased productivity and improved product quality it has also significantly altered the role played by the operator of the system. The operators' role has not only become more critical to the effective functioning of the system but also causes mental overload and imposes greater demands on humans' information processing capabilities. This paper examines methods by which the mental overload experienced by operators can be alleviated while sustaining improvements in productivity and product quality. Additionally, the possibility of reducing mental overload by training and aiding the operator and effecting a more optimal allocation of function using dynamic allocation of function schemes is reviewed. It is concluded that a prerequisite to using the above methods to reduce mental overload is the ability to build appropriate decision support systems. A methodology that allows the development of such decision support systems is described and results of a study to evaluate the methodology are presented.     

A model-based approach to on-line process disturbance management: The application

A model-based methodology for developing a real-time expert system for on-line process disturbance management has been presented in the companion paper (Reliab. Engng Sys. Safety, Vol. 28, pp. 265–305). The methodology includes diverse functional aspects required for effective process disturbance management: intelligent process monitoring and alarming, sensor failure diagnosis, hardware (except sensors) failure diagnosis, and corrective measure synthesis.The application of the methodology to a target process—the main feedwater system of a pressurized water reactor (PWR) nuclear plant employing a complex control scheme—is presented in this paper. The performance tests of the real-time expert system, MOAS II, developed by the application of the methodology demonstrate that the expert system successfully carries out its intended functions: early detection of occurring disturbance, correct diagnosis of the disturbance cause, and presentation of optimal control advice to the operator. Therefore, the model-based technique lends itself to the development of a valuable operator aid for on-line process disturbance management.     

Application of the integrated safety assessment methodology to the emergency procedures of a SGTR of a PWR

This paper describes an application of the Integrated Safety Assessment (ISA) methodology to the safety and reliability assessment of emergency procedures of a nuclear power plant. The concept of ISA has been developed as a result of previous works on safety assessment and dynamic reliability. The method links the physical dynamics of the facility with its operating environment, subject to transitions between different time evolutions due to failures and/or system/operator interventions. For situations dominated by deterministic transitions (i.e. transitions upon deterministic demands as a result, for instance, of exceeding automatic actions or alarm setpoints), the methodology can be considered an extension of PSA and accident analysis techniques that replaces the static event tree with a deterministic dynamic event tree concept (DDET) based on the theory of probabilistic dynamics.In line with current studies carried out jointly by CSN and JRC-Ispra/ISEI, this paper reviews the main features of ISA and describes some of the details of its implementation in the case of a Westinghouse pressurized water reactor (PWR), in particular its application to the assessment of the emergency operating procedure (EOP) to mitigate the steam generator tube rupture (SGTR) initiating event.This application demonstrates the ISA feasibility for risk analysis of operating procedures (OP) by assessing a given set of OPs with a large PWR model of the TRETA-DYLAM-HOI software package, which is able to simulate recovery in a SGTR scenario. Some weak points in the SGTR EOP are identified and suggestions provided for their resolution.     

Footprint of knowledge acquisition improvement in failure diagnosis analysis

Fault tree analysis (FTA) as an effective and efficient risk assessment tool are widely used to analyze the reliability of a complex system. In this context, FTA can properly improve the safety performance of the system by preventing an event which may lead to occurrence of a catastrophic accident. However, traditional FTA is still suffering from dynamic structure demonstration and importantly epistemic uncertainty processing. In this study, a novel methodology is introduced using Bayesian updating mechanism to deal with dynamic structure and 2‐tuple fuzzy set named as intuitionistic fuzzy numbers are employed to cope with subjectivity of uncertainty processing. Accordingly, the most critical system components which affect the system reliability are recognized by using an appropriate sensitivity analysis method. The proposed methodology is then applied on a real case study application (a brake fluid filling system) in order to examine the effectiveness and feasibility of the approach. The results illustrated that the new methodology can have enough benefits for diagnosing the systems' faults compared with listing approaches of safety and reliability analysis. In terms of empirical case study, “electromotor failure” was evaluated as the second most critical basic event in conventional‐based approaches, whereas in the novel methodology “high pressure liquefied material” was recognized as the second one.     

Addressing dependability by applying an approach for model-based risk assessment

This paper describes how an approach for model-based risk assessment (MBRA) can be applied for addressing different dependability factors in a critical application. Dependability factors, such as availability, reliability, safety and security, are important when assessing the dependability degree of total systems involving digital instrumentation and control (I&C) sub-systems. In order to identify risk sources their roles with regard to intentional system aspects such as system functions, component behaviours and intercommunications must be clarified. Traditional risk assessment is based on fault or risk models of the system. In contrast to this, MBRA utilizes success-oriented models describing all intended system aspects, including functional, operational and organizational aspects of the target. The EU-funded CORAS project developed a tool-supported methodology for the application of MBRA in security-critical systems. The methodology has been tried out within the telemedicine and e-commerce areas, and provided through a series of seven trials a sound basis for risk assessments. In this paper the results from the CORAS project are presented, and it is discussed how the approach for applying MBRA meets the needs of a risk-informed Man–Technology–Organization (MTO) model, and how methodology can be applied as a part of a trust case development.     

Identification of causes of human errors in support of the development of intelligent computer-assisted instruction systems for plant operator training

This paper proposes a methodology to identify causes of human error in the operation of plant systems to support the development of CAI system for operator training. The target task of this methodology is goal-driven and knowledge-based planning behaviour, the cognitive process of which is assumed to be modeled as means-end analysis. The methodology uses four criteria to classify errors in an operation into eight groups, and then asks the trainee several questions to prune the causes. To confirm the usefulness of this methodology, a prototype CAI system is developed for the operation of filling up sodium into the primary coolant system of a liquid-metal-cooled fast reactor. The experimental result indicates that the system has the capability of identifying causes of the trainee's error, and consequently of figuring out the characteristics of his/her defect. As a result of this study, several issues are identified for future research.     

基于传递函数的星箭耦合载荷分析

分别对运载火箭和卫星进行频率响应分析。在取得离散形式的频率响应分析结果基础上,采用有理多项式拟合技术,将火箭和卫星的频率响应函数转化成以部分分式表示的传递函数。根据星-箭对接的力学条件,可以在Simulink平台上建立起星箭耦合载荷系统模型。对此模型进行仿真便可得到在外力作用下星箭耦合载荷系统的瞬态动力响应。分别以简单的质量-弹簧模型、以及星箭耦合载荷模型验证了方法的正确性。基于传递函数的星箭耦合载荷分析方法,将柔性结构的动力学计算纳入到系统仿真的框架之中,为进一步实现结构-气动和伺服控制系统的耦合分析奠定了基础。该方法也为将火箭和卫星实测的频响特性直接应用于星箭耦合载荷分析创造了条件。     

基于时间加权反馈控制的永磁同步风力发电机混沌振荡研究

研究基于时间加权的反馈控制方法抑制永磁同步风力发电机(PMSG)的混沌行为。以两台PMSGs作为驱动和响应的发电系统,利用相同和不同状态变量间的反馈信息建立不同的动力学方程,分析相同状态变量反馈控制和不同状态变量反馈控制对PMSGs系统混沌振荡行为的影响。发现了相同状态变量反馈控制对PMSGs系统可实现混沌同步行为,而不同状态变量反馈控制对PMSGs系统具有抑制混沌振荡的作用。在周期时间内把这两种反馈控制结合在一起,分析不同时间加权下PMSGs系统的动力学行为,发现时间分数因子和耦合参数的不同取值可使PMSGs系统产生混沌、混沌同步和混沌抑制等动力学行为。数值仿真验证了基于时间加权的反馈控制器对抑制PMSGs系统混沌行为的有效性。研究结果对提高风能利用率,保证电力系统的安全稳定运行具有重要的参考价值。     

Human and organizational biases affecting the management of safety

Management of safety is always based on underlying models or theories of organization, human behavior and system safety. The aim of the article is to review and describe a set of potential biases in these models and theories. We will outline human and organizational biases that have an effect on the management of safety in four thematic areas: beliefs about human behavior, beliefs about organizations, beliefs about information and safety models. At worst, biases in these areas can lead to an approach where people are treated as isolated and independent actors who make (bad) decisions in a social vacuum and who pose a threat to safety. Such an approach aims at building barriers and constraints to human behavior and neglects the measures aiming at providing prerequisites and organizational conditions for people to work effectively. This reductionist view of safety management can also lead to too drastic a strong separation of so-called human factors from technical issues, undermining the holistic view of system safety. Human behavior needs to be understood in the context of people attempting (together) to make sense of themselves and their environment, and act based on perpetually incomplete information while relying on social conventions, affordances provided by the environment and the available cognitive heuristics. In addition, a move toward a positive view of the human contribution to safety is needed. Systemic safety management requires an increased understanding of various normal organizational phenomena - in this paper discussed from the point of view of biases - coupled with a systemic safety culture that encourages and endorses a holistic view of the workings and challenges of the socio-technical system in question.     

Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization

This paper is a result of a research with the primary purpose of extending Probabilistic Risk Assessment (PRA) modeling frameworks to include the effects of organizational factors as the deeper, more fundamental causes of accidents and incidents. There have been significant improvements in the sophistication of quantitative methods of safety and risk assessment, but the progress on techniques most suitable for organizational safety risk frameworks has been limited. The focus of this paper is on the choice of “representational schemes” and “techniques.” A methodology for selecting appropriate candidate techniques and their integration in the form of a “hybrid” approach is proposed. Then an example is given through an integration of System Dynamics (SD), Bayesian Belief Network (BBN), Event Sequence Diagram (ESD), and Fault Tree (FT) in order to demonstrate the feasibility and value of hybrid techniques. The proposed hybrid approach integrates deterministic and probabilistic modeling perspectives, and provides a flexible risk management tool for complex socio-technical systems. An application of the hybrid technique is provided in the aviation safety domain, focusing on airline maintenance systems. The example demonstrates how the hybrid method can be used to analyze the dynamic effects of organizational factors on system risk.     

面向协调的区域"经济-环境"系统管理模型

从管理的动态性特征出发,用复合子f、协调机制c、评价标准g来描述面向协调的管理的概念模型.在此基础上,按照系统分析、系统评价、系统调控三个步骤建立了面向协调的区域"环境-经济"系统管理模型.提出了基于系统功能和效益(率)的系统发展状态评价指标体系,应用灰色关联分析法遴选出与该复合系统在发展过程中联系最紧密的系统要素.最后对西安市的经济-环境进行了实证分析.     

Dispatch control of a fleet of remote-controlled/automatic load-haul-dump vehicles in underground mines

Recently, a concept for automating load-haul-dump (LHD) vehicles has stimulated considerable interest in the world mining industry. In this concept, the tramming and dumping operations of an LHD should be automatic. During loading, an operator from a control room fills the bucket of a vehicle via remote-control aided by a television system. The application of such a remote-controlled/automatic LH D (RAL) system in underground mines exhibits some operational and traffic control characteristics that have not been studied previously in mining (e.g. vehicle motion in bidirectional lane-segments, lack of alternative routes to the same destination, stochastic nature of an RAL system due to human involvement in the loading operation). This paper presents and discusses a dispatch and traffic control procedure for a fleet of RAL vehicles operating in an underground mining transport layout. The development of this procedure has been based on concepts in graph theory.     

SCAP: a new methodology for safety management based on feedback from credible accident-probabilistic fault tree analysis system

As it is conventionally done, strategies for incorporating accident--prevention measures in any hazardous chemical process industry are developed on the basis of input from risk assessment. However, the two steps-- risk assessment and hazard reduction (or safety) measures--are not linked interactively in the existing methodologies. This prevents a quantitative assessment of the impacts of safety measures on risk control.We have made an attempt to develop a methodology in which risk assessment steps are interactively linked with implementation of safety measures. The resultant system tells us the extent of reduction of risk by each successive safety measure. It also tells based on sophisticated maximum credible accident analysis (MCAA) and probabilistic fault tree analysis (PFTA) whether a given unit can ever be made 'safe'. The application of the methodology has been illustrated with a case study.     

Stochastic quasi-gradient based optimization algorithms for dynamic reliability applications

On one hand, PSA results are increasingly used in decision making, system management and optimization of system design. On the other hand, when severe accidental transients are considered, dynamic reliability appears appropriate to account for the complex interaction between the transitions between hardware configurations, the operator behavior and the dynamic evolution of the system. This paper presents an exploratory work in which the estimation of the system unreliability in a dynamic context is coupled with an optimization algorithm to determine the “best” safety policy. Because some reliability parameters are likely to be distributed, the cost function to be minimized turns out to be a random variable. Stochastic programming techniques are therefore envisioned to determine an optimal strategy. Monte Carlo simulation is used at all stages of the computations, from the estimation of the system unreliability to that of the stochastic quasi-gradient. The optimization algorithm is illustrated on a HNO₃ supply system.     

An efficient 3D implicit approach for the thermomechanical simulation of elastic–viscoplastic materials submitted to high strain rate and damage

This paper aims at presenting a general consistent numerical formulation able to take into account, in a coupled way, strain rate, thermal and damage effects on the behavior of materials submitted to quasistatic or dynamic loading conditions in a large deformation context. The main features of this algorithmic treatment are as follows:

• A unified treatment for the analysis and implicit time integration of thermo‐elasto‐viscoplastic constitutive equations including damage that depends on the strain rate for dynamic loading conditions. This formalism enables us to use dynamic thermomechanically coupled damage laws in an implicit framework.
• An implicit framework developed for time integration of the equations of motion. An efficient staggered solution procedure has been elaborated and implemented so that the inertia and heat conduction effects can be properly treated.
• An operator split‐based implementation, accompanied by a unified method to analytically evaluate the consistent tangent operator for the (implicit) coupled damage–thermo‐elasto‐viscoplastic problem.
• The possibility to couple any hardening law, including rate‐dependent models, with any damage model that fits into the present framework.

All the developments have been considered in the framework of an implicit finite element code adapted to large strain problems. The numerical model will be illustrated by several applications issued from the impact and metal‐forming domains. All these physical phenomena have been included into an oriented object finite element code (implemented at LTAS‐MN ²L, University of Liège, Belgium) named Metafor.Copyright © 2013 John Wiley & Sons, Ltd.     

Joint production and quality control of unreliable batch manufacturing systems with rectifying inspection

Production control policy and economic sampling plan design problems have been studied separately in previous research. This paper considers a joint production control policy and economic single sampling plan design for an unreliable batch manufacturing system. The production is controlled by a modified hedging point policy which consists of building and maintaining a safety stock of finished product to avoid shortages during corrective maintenance. The main objective of this paper is to determine simultaneously the economic production quantity, the optimal safety stock level and the economic sampling plan design which minimise the expected overall cost. A stochastic mathematical model is developed and solved using a simulation optimisation approach based on the response surface methodology. Simulation is used to imitate the complex dynamic and stochastic behaviour of processes as in the real-life industrial systems. The obtained results show clearly strong interactions between production quantity, inventory state and sampling plan design which confirm the necessity of jointly considering production and quality control parameters in an integrated model. Moreover, it is shown a significant impact of production system reliability on the economic sampling plan design and therefore on the quality of finished product delivered to consumers. Numerical example and sensitivity analyses are presented for illustrative purposes.     

A full Bayes before-after study accounting for temporal and spatial effects: Evaluating the safety impact of new signal installations

Recently, important advances in road safety statistics have been brought about by methods able to address issues other than the choice of the best error structure for modeling crash data. In particular, accounting for spatial and temporal interdependence, i.e., the notion that the collision occurrence of a site or unit times depend on those of others, has become an important issue that needs further research.Overall, autoregressive models can be used for this purpose as they can specify that the output variable depends on its own previous values and on a stochastic term. Spatial effects have been investigated and applied mostly in the context of developing safety performance functions (SPFs) to relate crash occurrence to highway characteristics. Hence, there is a need for studies that attempt to estimate the effectiveness of safety countermeasures by including the spatial interdependence of road sites within the context of an observational before-after (BA) study. Moreover, the combination of temporal dynamics and spatial effects on crash frequency has not been explored in depth for SPF development.Therefore, the main goal of this research was to carry out a BA study accounting for spatial effects and temporal dynamics in evaluating the effectiveness of a road safety treatment. The countermeasure analyzed was the installation of traffic signals at unsignalized urban/suburban intersections in British Columbia (Canada). The full Bayes approach was selected as the statistical framework to develop the models.The results demonstrated that zone variation was a major component of total crash variability and that spatial effects were alleviated by clustering intersections together. Finally, the methodology used also allowed estimation of the treatment’s effectiveness in the form of crash modification factors and functions with time trends.     

Misconceptions of human factors concepts

Abstract

Like many scientific topics, Human Factors, and Ergonomics concepts are susceptible to being misunderstood by people unfamiliar with the subject matter. Most of the time these misunderstandings are harmless, like when a safety poster within a work setting encourages employees to 'overcome complacency'. This misunderstanding of complacency suggests it is a motivational aspect of human behaviour correctable with encouragement, whereas the human factors approach to overcoming complacency would be to evaluate how task design could diminish the destructive consequences of unexpected changes within a routine setting. No harm comes from the message within the safety poster, other than some wasted ink and paper, but misconceptions among particular audiences can eventually result in dire consequences for the human operator. This paper presents recent evidence that the concepts are being misapplied by casual consumers of human factors, particularly in the aftermath of accidents within complex systems, in ways detrimental to the core mission of improving the well-being of the human operator. Later, because this special issue presents new ways to demonstrate value via return on investment, practical efforts we can take to overcome such misconceptions are suggested.