Human factors, human reliability and risk assessment in license renewal of a nuclear power plant

This paper describes human factors and human reliability assessments carried out as a part of operating license renewal of a nuclear power plant. The structure and contents of human factors assessments, the source material and the role of probabilistic safety assessment are described. Similar evaluations are recommended as an integral part of periodic safety reviews of regulated industrial facilities.The qualitative part of the human factors review is structured according to an international guide. The assessments are here enhanced with operating experience evaluations, measured by quantitative statistical data obtained from inspections and assessments made by plant safety and quality assurance personnel, by regulatory authorities and by peer reviews.The quantitative assessment is based on the roles and contributions of human errors in the accident risk of the target plant. The assessment uses importance measures quantified in probabilistic risk assessment. The scope and the quality of the risk assessment and the scope and the quality of human reliability assessments are also taken into account. Furthermore, the assessment describes how risk assessment can be used to reduce errors and improve human factors. The results tend to be very plant-specific, and the errors have very different importances in different operating states and for different initiating event categories. The results are useful for planning preventive actions, i.e. for preventing errors by developing and prioritizing human factors improvement activities.     

Extensions of the uncertainty quantification of common cause failure rates

Uncertainties in common cause event observation, documentation and interpretation are taken into account by conditional probabilities and generalized impact vector weights that separate single and double events of a specific multiplicity in a single observation. Distributions and moments of common cause failure (CCF) rates of a system are obtained in terms of the weights by using probability generating functions, combining assessment uncertainties and statistical uncertainties. These results are then used to generate effective plant-specific input data to general empirical Bayes estimation methods to combine data from many plants. The posterior output yields CCF probabilities for standby safety system fault tree analysis or probabilistic safety assessments of a target plant.     

DEPEND-HRA—A method for consideration of dependency in human reliability analysis

A consideration of dependencies between human actions is an important issue within the human reliability analysis. A method was developed, which integrates the features of existing methods and the experience from a full scope plant simulator. The method is used on real plant-specific human reliability analysis as a part of the probabilistic safety assessment of a nuclear power plant. The method distinguishes dependency for pre-initiator events from dependency for initiator and post-initiator events. The method identifies dependencies based on scenarios, where consecutive human actions are modeled, and based on a list of minimal cut sets, which is obtained by running the minimal cut set analysis considering high values of human error probabilities in the evaluation. A large example study, which consisted of a large number of human failure events, demonstrated the applicability of the method. Comparative analyses that were performed show that both selection of dependency method and selection of dependency levels within the method largely impact the results of probabilistic safety assessment. If the core damage frequency is not impacted much, the listings of important basic events in terms of risk increase and risk decrease factors may change considerably. More efforts are needed on the subject, which will prepare the background for more detailed guidelines, which will remove the subjectivity from the evaluations as much as it is possible.     

An approach for assessing human decision reliability

This paper presents a method to study human reliability in decision situations related to nuclear power plant disturbances. Decisions often play a significant role in handling of emergency situations. The method may be applied to probabilistic safety assessments (PSAs) in cases where decision making is an important dimension of an accident sequence. Such situations are frequent e.g. in accident management. In this paper, a modelling approach for decision reliability studies is first proposed. Then, a case study with two decision situations with relatively different characteristics is presented. Qualitative and quantitative findings of the study are discussed. In very simple decision cases with time pressure, time reliability correlation proved out to be a feasible reliability modelling method. In all other decision situations, more advanced probabilistic decision models have to be used. Finally, decision probability assessment by using simulator run results and expert judgement is presented.     

Dependent failures developments

Dependent failures, or multiple related failures, destroy the assumption of independence of component failures which is used in the synthesis of system reliability. To obtain an understanding of the impact of dependencies on the reliability of a system, the analyst needs to have knowledge of the root causes of related failures, the coupling mechanism that allows single failures to combine to create a dependent event, and the potential defences that could be introduced to mitigate against a dependency. An assessment of dependencies also benefits from the application of a structured analysis, combining engineering knowledge of a system, together with generic and plant-specific data into a model which will lead to the quantification of the impact of dependencies on system reliability.This paper describes some of the developments that have taken place in recent years with the objective of improving the modelling of dependencies and the classification and coding of multiple related failure data. The development of procedures to provide a structured assessment of dependent failures within a probabilistic safety assessment is also described, together with the development of a database for the storage and retrieval of multiple related failure data.     

Analysis of truncation limit in probabilistic safety assessment

A truncation limit defines the boundaries of what is considered in the probabilistic safety assessment and what is neglected. The truncation limit that is the focus here is the truncation limit on the size of the minimal cut set contribution at which to cut off. A new method was developed, which defines truncation limit in probabilistic safety assessment. The method specifies truncation limits with more stringency than presenting existing documents dealing with truncation criteria in probabilistic safety assessment do. The results of this paper indicate that the truncation limits for more complex probabilistic safety assessments, which consist of larger number of basic events, should be more severe than presently recommended in existing documents if more accuracy is desired. The truncation limits defined by the new method reduce the relative errors of importance measures and produce more accurate results for probabilistic safety assessment applications. The reduced relative errors of importance measures can prevent situations, where the acceptability of change of equipment under investigation according to RG 1.174 would be shifted from region, where changes can be accepted, to region, where changes cannot be accepted, if the results would be calculated with smaller truncation limit.     

Determination of design alternatives and performance criteria for safety systems in a nuclear power plant via simulated annealing

This study presents an efficient methodology that derives design alternatives and performance criteria for safety functions/systems in commercial nuclear power plants. Determination of the design alternatives and intermediate-level performance criteria is posed as a reliability allocation problem. The reliability allocation is performed in a single step by means of the concept of two-tier noninferior solutions in the objective and risk spaces within the top-level probabilistic safety criteria (PSC). Two kinds of two-tier noninferior solutions are obtained: desirable design alternatives and intolerable intermediate-level PSC of safety functions/systems.The weighted Chebyshev norm (WCN) approach with an improved Metropolis algorithm in simulated annealing is used to find the two-tier noninferior solutions. This is very efficient in searching for the global minimum of the difficult multiobjective optimization problem (MOP) which results from strong nonlinearity of a probabilistic safety assessment (PSA) model and nonconvexity of the problem. The methodology developed in this study can be used as an efficient design tool for desirable safety function/system alternatives and for the determination of intermediate-level performance criteria.The methodology is applied to a realistic streamlined PSA model that is developed based on the PSA results of the Surry Unit 1 nuclear power plant. The methodology developed in this study is very efficient in providing the intolerable intermediate-level PSC and desirable design alternatives of safety functions/systems.     

Optimization of safety equipment outages improves safety

Testing and maintenance activities of safety equipment in nuclear power plants are an important potential for risk and cost reduction. An optimization method is presented based on the simulated annealing algorithm. The method determines the optimal schedule of safety equipment outages due to testing and maintenance based on minimization of selected risk measure. The mean value of the selected time dependent risk measure represents the objective function of the optimization. The time dependent function of the selected risk measure is obtained from probabilistic safety assessment, i.e. the fault tree analysis at the system level and the fault tree/event tree analysis at the plant level, both extended with inclusion of time requirements. Results of several examples showed that it is possible to reduce risk by application of the proposed method. Because of large uncertainties in the probabilistic safety assessment, the most important result of the method may not be a selection of the most suitable schedule of safety equipment outages among those, which results in similarly low risk. But, it may be a prevention of such schedules of safety equipment outages, which result in high risk. Such finding increases the importance of evaluation speed versus the requirement of getting always the global optimum no matter if it is only slightly better that certain local one.     

Issues related to structural aging in probabilistic risk assessment of nuclear power plants

Structural components and systems have an important safety function in nuclear power plants. Although they are essentially passive under normal operating conditions, they play a key role in mitigating the impact of extreme environmental events such as earthquakes, winds, fire and floods on plant safety. Moreover, the importance of structural components and systems in accident mitigation is amplified by common-cause effects. Reinforced concrete structural components and systems in NPPs are subject to a phenomenon known as aging, leading to time-dependent changes in strength and stiffness that may impact their ability to withstand various challenges during their service lives from operation, the environment and accidents. Time-dependent changes in structural properties as well as challenges to the system are random in nature. Accordingly, condition assessment of existing structures should be performed within a probabilistic framework. The mathematical formalism of a probabilistic risk assessment (PRA) provides a means for identifying aging structural components that may play a significant role in mitigating plant risk. Structural condition assessments supporting a decision regarding continued service can be rendered more efficient if guided by the logic of a PRA.     

NAROAS: a neural network-based advanced operator support system for the assessment of systems reliability

We have developed and implemented a computerized reliability monitoring system for nuclear power plant applications, based on a neural network. The developed computer program is a new tool related to operator decision support systems, in case of component failures, for the determination of test and maintenance policies during normal operation or to follow an incident sequence in a nuclear power plant. The NAROAS (Neural Network Advanced Reliability Advisory System) computer system has been developed as a modularized integrated system in a C++ Builder environment, using a Hopfield neural network instead of fault trees, to follow and control the different system configurations, for interventions as quickly as possible at the plant. The observed results are comparable and similar to those of other computer system results. As shown, the application of this neural network contributes to the state of the art of risk monitoring systems by turning it easier to perform online reliability calculations in the context of probabilistic safety assessments of nuclear power plants.     

Common cause failure prediction using data mapping

To estimate power plant reliability, a probabilistic safety assessment might combine failure data from various sites. Because dependent failures are a critical concern in the nuclear industry, combining failure data from component groups of different sizes is a challenging problem. One procedure, called data mapping, translates failure data across component group sizes. This includes common cause failures, which are simultaneous failure events of two or more components in a group. In this paper, we present a framework for predicting future plant reliability using mapped common cause failure data. The prediction technique is motivated by discrete failure data from emergency diesel generators at US plants. The underlying failure distributions are based on homogeneous Poisson processes. Both Bayesian and frequentist prediction methods are presented, and if non-informative prior distributions are applied, the upper prediction bounds for the generators are the same.     

Use of risk assessment in the nuclear industry with specific reference to the Australian situation

The use of risk assessment in the nuclear industry began in the 1970s as a complementary approach to the deterministic methods used to assess the safety of nuclear facilities. As experience with the theory and application of probabilistic methods has grown, so too has its application. In the last decade, the use of probabilistic safety assessment has become commonplace for all phases of the life of a plant, including siting, design, construction, operation and decommissioning. In the particular case of operation of plant, the use of a ‘living’ safety case or probabilistic safety assessment, building upon operational experience, is becoming more widespread, both as an operational tool and as a basis for communication with the regulator. In the case of deciding upon a site for a proposed reactor, use is also being made of probabilistic methods in defining the effect of design parameters. Going hand in hand with this increased use of risk based methods has been the development of assessment criteria against which to judge the results being obtained from the risk analyses. This paper reviews the use of risk assessment in the light of the need for acceptability criteria and shows how these tools are applied in the Australian nuclear industry, with specific reference to the probabilistic safety assessment (PSA) performed of HIFAR.     

Evaluation of allowed outage time considering a set of plant configurations

Allowed outage time (AOT) is the maximum time for which certain safety equipment can be put out of the operation without the plant is put in a safer operating state. A method for risk informed evaluation of AOTs is developed, which enables consideration of a set of plant configurations in the evaluation. The method bases on risk measures obtained from probabilistic safety assessment, e.g. conditional change of core damage frequency considering selected plant configurations. The results of selected examples show that better methods and more data included into the models may reduce the conservatism in the evaluations and may contribute to increased flexibility about decisions on AOT.     

Probabilistic reliability assessment of a heritage structure under horizontal loads

This paper proposes a methodology for the probabilistic reliability assessment of heritage buildings. The procedure addresses investigation and tests on the structure and it considers the implementation of Bayesian updating techniques for a rational use of the collected information. After having described the peculiarities of ancient buildings, it is shown how probabilistic methods can be adapted to evaluate their safety. A practical application of the methodology to a relevant case study is presented, namely a historic aqueduct in Italy. The main goal is to demonstrate the effectiveness of a probabilistic approach to the reliability assessment of heritage structures.     

A quantitative analysis of a risk impact due to a starting time extension of the emergency diesel generator in optimized power reactor-1000

An emergency diesel generator (EDG) is the ultimate electric power supply source for the operation of emergency engineered safety features when a nuclear power plant experiences a loss of off-site power (LOOP). If a loss of coolant accident (LOCA) with a simultaneous LOOP occurs, the EDG should be in the state of a full power within 10 s, which is a prescribed regulatory requirement in the technical specifications (TS) of the Optimized Power Reactor-1000 (OPR-1000).Recently, the US nuclear regulatory commission (NRC) has been preparing a new risk-informed emergency core cooling system (ECCS) rule called 10 CFR 50.46. The new rule redefines the size for the design basis LOCA and it relaxes some of the requirements such as the single failure criteria, simultaneous LOOP, and the methods of analysis. The revision of the ECCS rule will provide flexibility for plant changes if the plant risks are checked and balanced with the specified criteria.The present study performed a quantitative analysis of the plant risk impact due to the EDG starting time extension given that the new rule will be applied to OPR-1000. The thermal-hydraulic analysis and OPR-1000 probabilistic safety assessment (PSA) model were combined to estimate the whole plant risk impact. Also, sensitivity analyses were implemented for the important uncertainty parameters.     

Assessment of human reliability based on evaluation of plant experience: requirements and implementation

A major problem in assessment of human failures in probabilistic safety assessment is the lack of empirical data needed for human reliability analysis (HRA). This problem is aggravated by the fact that different HRA methods use different parameters for the assessment and that HRA is currently enforced to provide data and methods for assessment of human reliability in new technical environments such as computerized control rooms, in accident management situations, or in low-power and shut down situations. Plant experience is one source to deal with this problem. In this paper, a method is presented that describes how plant experience about human failures and human performance may be used to support the process of analyzing and assessing human reliability. Based on considerations of requirements of HRA, a method is presented first which is able to describe and analyze human interactions that were observed within events. Implementation of the approach as a database application is outlined. Second, the main results of the application of the method to 165 boiling water reactor events are presented. Observed influencing factors on human performance are discussed; estimates for probabilities are calculated and compared with the data tables of the THERP handbook. An outline is given for using the presented method for the analysis of cognitive errors or organizational aspects.     

A comparison of the simplified probabilistic method in R6 with the partial safety factor approach

Probabilistic assessments are a useful aid to decision making in areas such as safety analysis, design studies and the deployment of resources on maintenance, inspection and repair. In principle, a full probabilistic assessment requires a complete knowledge of the relevant failure models and the distributions for each of the input quantities. However, in practice, these requirements cannot normally be met in full and it is necessary to employ various simplifying assumptions and approximations in order to make the analysis tractable. The partial factor method and the simplified approach in R6 provide two relatively simple and independent methods of assessing failure probabilities using R6.The two methods have been applied to a set of test cases and the results compared. In the case of the partial safety factor method target reliabilities in the range 10⁻³–10⁻⁵ were considered. Sets of partial safety factors for load, defect size, fracture toughness and yield stress were taken from BS 7910 and used for assessments covering different regions on the R6 failure assessment diagram. A calculation of the assessed failure probability was also carried out for each of these sets of conditions using a simplified probabilistic approach developed for the R6 procedure.The assessed failure probabilities were compared with the corresponding target reliability assumed for the partial safety factor calculation. It was found that the partial safety factor assessments were generally conservative compared to the simplified approach. However, in many instances the assessed probabilities were several orders of magnitude smaller than the target reliabilities suggesting that the recommended values of partial safety factors in BS7910 were excessively conservative for some of these conditions.     

A perceptual computing–based method to prioritize intervention actions in the probabilistic risk assessment techniques

Probabilistic risk assessment techniques as the systematic tools have been widely used on the different type of industrial sectors to reduce the estimated risk to an acceptable level. The fact is to design inherently safety; hazards have to be eliminated and reduced in risk as much as possible with the consideration of several interventions. In this regard, multicriteria decision making (MCDM) science is commonly integrated with the probabilistic risk assessment techniques to improve the safety performance of a system. Thus, it has been widely used to assist decision makers in controlling the identified process hazards in a different type of engineering applications. However, by increasing the complexity of industrial sectors as well as human being judgments, typical MCDM methods cannot highly guarantee their output results. According to this point, proposing MCDM methods based on mathematical programming have been interested in scholars due to high reliability and feasibility of the results. In this paper, we extended integration of MULTIMOORA approach with the Choquet integral under subjectivity circumstances to prioritize corrective actions in a typical probabilistic risk assessment technique. To illustrate the efficiency and feasibility of the proposed method, it has been applied in a real case study.     

From LESSEPS to the workstation for reliability engineers

Three Mile Island and Chernobyl in the nuclear industry, Challenger, in the space industry, Seveso and Bhopal in the chemical industry—all these accidents show how difficult it is to forecast all likely accident scenarios that may occur in complex systems. This was, however, the objective of the probabilistic safety assessment (PSA) performed by EDF at the Paluel nuclear power plant. The full computerization of this study led to the LESSEPS project, aimed at automating three different steps: generation of reliability models—based on the use of expert systems, qualitative and quantitative processing of these models using computer codes, and overall management of PSA studies. This paper presents the results obtained and the gradual transformation of this first generation of tools into a workstation aimed at integrating reliability studies at all stages of an industrial process.     

Effectiveness of maritime safety control in different navigation zones using a spatial sequential DEA model: Yangtze River case

This paper aims to analyze the effectiveness of maritime safety control from the perspective of safety level along the Yangtze River with special considerations for navigational environments. The influencing variables of maritime safety are reviewed, including ship condition, maritime regulatory system, human reliability and navigational environment. Because the former three variables are generally assumed to be of the same level of safety, this paper focuses on studying the impact of navigational environments on the level of safety in different waterways. An improved data envelopment analysis (DEA) model is proposed by treating the navigational environment factors as inputs and ship accident data as outputs. Moreover, because the traditional DEA model cannot provide an overall ranking of different decision making units (DMUs), the spatial sequential frontiers and grey relational analysis are incorporated into the DEA model to facilitate a refined assessment. Based on the empirical study results, the proposed model is able to solve the problem of information missing in the prior models and evaluate the level of safety with a better accuracy. The results of the proposed DEA model are further compared with an evidential reasoning (ER) method, which has been widely used for level of safety evaluations. A sensitivity analysis is also conducted to better understand the relationship between the variation of navigational environments and level of safety. The sensitivity analysis shows that the level of safety varies in terms of traffic flow. It indicates that appropriate traffic control measures should be adopted for different waterways to improve their safety. This paper presents a practical method of conducting maritime level of safety assessments under dynamic navigational environment.