Level-1 probability safety assessment of the Iranian heavy water reactor using SAPHIRE software

The main goal of this review paper is to analyze the total frequency of the core damage of the Iranian Heavy Water Research Reactor (IHWRR) compared with standard criteria and to determine the strengths and the weaknesses of the reactor safety systems towards improving its design and operation. The PSA has been considered for full-power state of the reactor and this article represents a level-1 PSA analysis using System Analysis Programs for Hands-On Integrated Reliability Evaluations (SAPHIRE) software. It is specifically designed to permit a listing of the potential accident sequences, compute their frequencies of occurrence and assign each sequence to a consequence. The method used for modeling the systems and accident sequences, is Large Fault Tree/Small Event Tree method. This PSA level-1 for IHWRR indicates that, based on conservative assumptions, the total frequency of accidents that would lead to core damage from internal initiating events is 4.44E−05 per year of reactor operation.     

Combining task analysis and fault tree analysis for accident and incident analysis: A case study from Bulgaria

Understanding the reasons for incident and accident occurrence is important for an organization's safety. Different methods have been developed to achieve this goal. To better understand the human behaviour in incident occurrence we propose an analysis concept that combines Fault Tree Analysis (FTA) and Task Analysis (TA). The former method identifies the root causes of an accident/incident, while the latter analyses the way people perform the tasks in their work environment and how they interact with machines or colleagues. These methods were complemented with the use of the Human Error Identification in System Tools (HEIST) methodology and the concept of Performance Shaping Factors (PSF) to deepen the insight into the error modes of an operator's behaviour. HEIST shows the external error modes that caused the human error and the factors that prompted the human to err. To show the validity of the approach, a case study at a Bulgarian Hydro power plant was carried out. An incident – the flooding of the plant's basement – was analysed by combining the afore-mentioned methods. The case study shows that Task Analysis in combination with other methods can be applied successfully to human error analysis, revealing details about erroneous actions in a realistic situation.     

Living PRAs made easier with IRRAS

The Integrated Reliability and Risk Analysis System (IRRAS) is an integrated PRA software tool that gives the user the ability to create and analyze fault trees and accident sequences using an IBM-compatible microcomputer. This program provides functions that range from graphical fault tree and event tree construction to cut set generation and quantification.

IRRAS contains all the capabilities and functions required to create, modify, reduce and analyze event tree and fault tree models used in the analysis of complex systems and processes. IRRAS uses advanced graphic and analytical techniques to achieve the greatest possible realization of the potential of the microcomputer. When the needs of the user exceed this potential, IRRAS can call upon the power of the mainframe computer.

The role of the Idaho National Engineering Laboratory in the IRRAS program is that of software developer and interface to the user community. Version 1.0 of the IRRAS program was released in February 1987 to prove the concept of performing this kind of analysis on microcomputers. This version contained many of the basic features needed for fault tree analysis and was received very well by the PRA community. Since the release of Version 1.0, many user comments and enhancements have been incorporated into the program providing a much more powerful and user-friendly system. This version is designated ‘IRRAS 2.0’. Version 3.0 will contain all of the features required for efficient event tree and fault tree construction and analysis.     

Application of the cause–consequence diagram method to static systems

In the last 30 years, various mathematical models have been used to identify the effect of component failures on the performance of a system. The most frequently used technique for system reliability assessment is Fault Tree Analysis (FTA) and a large proportion of its popularity can be attributed to the fact that it provides a very good documentation of the way that the system failure logic was developed. Exact quantification of the fault tree, however, can be problematic for very large systems and in such situations, approximations can be used. Alternatively, an exact result can be obtained via the conversion of the fault tree into a binary decision diagram (BDD). The BDD, however, loses all failure logic documentation during the conversion process.This paper outlines the use of the cause–consequence diagram method as a tool for system risk and reliability analysis. As with the FTA method, the cause–consequence diagram documents the failure logic of the system. In addition to this the cause–consequence diagram produces the exact failure probability in a very efficient calculation procedure. The cause–consequence diagram technique has been applied to a static system and shown to yield the same result as those produced by the solution of the equivalent fault tree and BDD. On the basis of this general rules have been devised for the correct construction of the cause–consequence diagram given a static system. The use of the cause–consequence method in this manner has significant implications in terms of efficiency of the reliability analysis and can be shown to have benefits for static systems.     

Assessment of human–machine interface design for a Chinese nuclear power plant

A nuclear power plant (NPP) is a complex system but requires high reliability. The human–machine interface (HMI) design plays very important role in reactor safety. This paper describes an assessment on HMI design of a Chinese NPP, using a software system named Dynamic Interaction Analysis Support (DIAS). DIAS can give not only quantitative indices for dynamically assessing the HMI design, but also allow modify the values of these indices by taking into account human error probability during specified emergent operation procedures. The operation procedures dealing with postulated accidents and transients recorded from a full-scale plant simulator in the training center of a Chinese NPP were selected as references. According to the results of simulation and analysis, the potential problems in the HMI design and the operation procedures were detected. Suggestions to improve the HMI design and the operation procedures were addressed.     

Application of the integrated reliability analysis system (IRAS)

This paper introduces a UNIX-based computer aided reliability assessment system, IRAS, which was developed in the Brite/Euram project BE-4250. It utilises fault propagation models for automatic generation of Fault Trees, Cause–Consequence Diagrams and FMECA. Therefore, it has the following features: a Model Builder which allows the creation of the fault propagation models in a hierarchical manner; a Fault Tree Analysis module that is able to generate Fault Trees on demand and to extract minimal cut sets; an FMECA module that is able to search for and group effects of basic events according to their criticality, severity and probability; a Real Time Fault Location (RTFL) module that enables the fast detection of the most probable cause(s) of system malfunction based on information available from sensors and/or operator. This paper describes the underlying ideas and procedures of IRAS and shows an example application to a Hot Strip Steel Mill.     

基于可视化的事故树分析系统研究与开发

事故树分析是安全系统工程最重要的分析方法之一，它能对各种系统的危险性进行辨识和评价，不仅能分析出事故的直接原因，而且能深入地揭示出事故的潜在原因。用它描述事故的因果关系直观、明了，思路清晰，逻辑性强，既可定性分析，又可定量分析。基于可视化理论和技术，建立了事故树可视化模型，确定了系统功能目标，完成了系统结构设计，构造了事故树图形生成与事故树动态分析于一体的集成分析环境，开发出事故树计算机分析系统，为事故分析和安全评价提供高效、准确的技术和方法。     

A systematic approach to analysing errors of commission from diagnosis failure in accident progression

The accident scenarios of a nuclear power plant are composed of an initiating event (IE), additional events/failures and human inappropriate actions, the combinations of which lead to irreversible consequences. In such a dynamic situation, operators should diagnose the occurring events/failures (including an initiating event and additional events) and assess the related situations utilising the available resources such as operating procedures or human–machine systems to control and maintain the plant in a stable condition. The misdiagnosis or diagnosis failure of the occurring events could cause critical human inappropriate actions that aggravate the plant condition, which is termed as errors of commission (EOCs). This paper presents a methodology for analysing the potential for diagnosis failure of the initiating and additional events and the consequent EOC events, based on the operating procedures, in the accident scenarios of nuclear power plants. The method to be presented categorizes the diagnostic situations in the accident scenarios into three cases according to the structure of the emergency operating procedures (EOPs) and the time of the occurring events: (1) the diagnosis of an initiating event, (2) the diagnosis of both an initiating event and an additional event when an additional event occurs prior to the performance of the diagnosis procedure, and (3) the diagnosis of an additional event when an additional events occurs after the performance of the diagnosis procedure. The application of the method is illustrated through three case example scenarios: (1) the power-operated relief valve (PORV) or the pressurizer safety valve (PSV) LOCA, (2) the loss of all feedwater (LOAF) event (loss of main feedwater*loss of auxiliary feedwater), (3) the sequence of<the station blackout (SBO)*loss of turbine-driven (or diesel-driven) auxiliary feedwater*PSV stuck-open*recovery of AC power>.     

Comprehensive risk assessment for rail transportation of dangerous goods: a validated platform for decision support

Currently, the most advanced and well documented risk assessments for the transportation of dangerous goods by railway take into account:

(i) statistics-based loss of containment frequencies,

(ii) specification of potential consequences for a given release situations using event tree methodology as an organisational tool and

(iii) consequence calculation models to determine a risk figure known as CCDF (Complementary Cumulative Distribution Function).

Such procedures for the risk assessment (including for example decision-making on preventive measures) may offer only a limited insight into the causes and sequences leading to an accident and do not allow for any kind of predictive analysis. The present work introduces an enhanced solution, and a related software platform, which attempts to integrate loss of containment causes and consequences with system's infrastructure and its environment. The solution features:

(i) the use of a detailed Master Logical Diagram, including fault/event tree analysis to determine a loss of containment frequency based on different initiating events, scenarios and specific basic data,

(ii) the characterization of a resulting source term following a release situation, and

(iii) the calculation of various potential impacts on the neighbouring site.

Results are wrapped into a CCDF format for each selected traffic segment. The risk-related results are integrated on a software platform, structured as a decision support system using intelligent maps and a variety of GIS (Geographical Information System) data processing procedures. The introduction of the hot spot approach, allows us to focus on the most risk-relevant areas and to use information on various railway infrastructure elements (e.g. points, tunnels), are the basis of the new models employed. The software is applicable to any railway transportation system, comprising its technical infrastructure, rolling stock, human actions, regulation and management procedures. It provides the determination of the annual societal risk due to potential accident scenarios, while also revealing information on the potential causes of an accident taking into account spatial parameters. The approach and software have been validated by a case study done for a particular traffic segment of the Swiss Federal Railway company.     

Team performance modeling for HRA in dynamic situations

This paper proposes a team behavior network model that can simulate and analyze response of an operator team to an incident in a dynamic and context-sensitive situation. The model is composed of four sub-models, which describe the context of team performance. They are task model, event model, team model and human–machine interface model. Each operator demonstrates aspects of his/her specific cognitive behavior and interacts with other operators and the environment in order to deal with an incident. Individual human factors, which determine the basis of communication and interaction between individuals, and cognitive process of an operator, such as information acquisition, state-recognition, decision-making and action execution during development of an event scenario are modeled. A case of feed and bleed operation in pressurized water reactor under an emergency situation was studied and the result was compared with an experiment to check the validity of the proposed model.     

Characterization of Bonding Quality in a Multilayer Structure Using Segment Adaptive Filtering

Ultrasonic testing is widely used in detection of disbonds in multilayer structures such as solid fuel rocket motors, which consist of steel, rubber laminate, and solid fuel. However, only a small fraction of ultrasonic waves can transmit through the steel–rubber interface because of their large difference in acoustical impedance. Very little ultrasound is reflected back by the weak bond interface within the rubber laminate or from the interface between the rubber and solid fuel. Consequently, the interface bond degradation can only produce a very slight variation in the received ultrasonic echo sequences, which are too weak to be detected effectively. In this paper, ultrasonic pulse reflection from the interfaces is considered to evaluate the interface bond condition. A multilayer model with spring boundary condition is used to describe the weak bond, and ultrasonic reflection response is obtained for the structure in the immersion mode. After analysis of the ultrasonic echo sequences of the steel–rubber structure, the segment adaptive filtering method is used to separate the simulated echo sequences and to obtain the interface signals. With the separated interface signals, the weak bond of all the interfaces, including the one within the rubber laminate, can be detected. The procedure has been applied to signals measured from the steel–rubber samples, and the amplitude and envelope of various interface signals agree well with those from the corresponding simulated signal. The disbond and weak bond can be detected and evaluated by the amplitude of corresponding signal of interfaces.     

Quantifying human and organizational factors in accident management using decision trees: the HORAAM method

In the framework of the level 2 Probabilistic Safety Study (PSA 2) project, the Institute for Nuclear Safety and Protection (IPSN) has developed a method for taking into account Human and Organizational Reliability Aspects during accident management. Actions are taken during very degraded installation operations by teams of experts in the French framework of Crisis Organization (ONC). After describing the background of the framework of the Level 2 PSA, the French specific Crisis Organization and the characteristics of human actions in the Accident Progression Event Tree, this paper describes the method developed to introduce in PSA the Human and Organizational Reliability Analysis in Accident Management (HORAAM). This method is based on the Decision Tree method and has gone through a number of steps in its development. The first one was the observation of crisis center exercises, in order to identify the main influence factors (IFs) which affect human and organizational reliability. These IFs were used as headings in the Decision Tree method. Expert judgment was used in order to verify the IFs, to rank them, and to estimate the value of the aggregated factors to simplify the quantification of the tree. A tool based on Mathematica was developed to increase the flexibility and the efficiency of the study.     

事故树图形的计算机辅助绘制算法研究

提供了一种有效的算法,根据输入的各种事件的基本信息及其因果逻辑关系,利用树的深度优先遍历后序算法,实现事故树的自动绘制,体现事故树模型分析形象、直观、明了的特点.该算法能即时计算出事故树顶事件发生的概率、最小割集、概率重要度、关键重要度等参数,为对事故树进行定性、定量分析提供强有力的图形和数据支持.     

故障树分析法在某型飞机火控系统故障诊断中的应用

故障树分析法是系统安全、可靠性分析研究中常用的一种方法。基于故障树分析法与专家系统相结合的某型飞机火控系统故障诊断仪,以机载火控系统不工作为顶事件,建立了故障树,并对故障树作了定性分析,本系统不但具有故障诊断能力,还具有较强的自学习的功能。结果表明,故障树分析法是机载火控系统故障诊断的一种有效方法。     

Use of processed data to design an orderly logic gate to construct plasmids in GenoCAD

Rapid developments have been made in synthetic biology within the past two decades, particularly in combination with chemistry, computer science, and other disciplines. Genetic components and internal features have been a main focus of research for synthetic biologists. Logic gates can be applied in various disciplines, but have not yet been used for plasmid design. GenoCAD is a computer‐aided design software programme for synthetic biology that can be used to design complex structures. Thus, in this study, the authors analysed a large, commonly used data set containing over 70,000 feature sequences and eventually obtained comprehensive information for a complete data set without redundancy. By analysing the internal feature sequences, the authors input the most representative data in the GenoCAD platform, along with design rules and grammar for constructing high‐quality practical parts. Additionally, the orderly logic gate for building biological parts designed in this study may be useful for professionals and non‐professionals and may have applications in the design of a new biological computer. Finally, the authors compared the constructed plasmid with other successful examples in BLAST and PlasMapper software to demonstrate the rationality of the orderly logic gate.Inspec keywords: logic gates, genetics, bioinformatics, DNA, molecular biophysics, molecular configurations, CAD, biomolecular electronics, biocomputersOther keywords: processed data, orderly logic gate, plasmids, GenoCAD, synthetic biology, genetic components, PlasMapper software, BLAST software, biological computer, internal feature sequences, computer‐aided design software programme     

A Bayesian Belief Network modelling of organisational factors in risk analysis: A case study in maritime transportation

The paper presents an innovative approach to integrate Human and Organisational Factors (HOF) into risk analysis. The approach has been developed and applied to a case study in the maritime industry, but it can also be utilised in other sectors. A Bayesian Belief Network (BBN) has been developed to model the Maritime Transport System (MTS), by taking into account its different actors (i.e., ship-owner, shipyard, port and regulator) and their mutual influences. The latter have been modelled by means of a set of dependent variables whose combinations express the relevant functions performed by each actor. The BBN model of the MTS has been used in a case study for the quantification of HOF in the risk analysis carried out at the preliminary design stage of High Speed Craft (HSC). The study has focused on a collision in open sea hazard carried out by means of an original method of integration of a Fault Tree Analysis (FTA) of technical elements with a BBN model of the influences of organisational functions and regulations, as suggested by the International Maritime Organisation's (IMO) Guidelines for Formal Safety Assessment (FSA). The approach has allowed the identification of probabilistic correlations between the basic events of a collision accident and the BBN model of the operational and organisational conditions. The linkage can be exploited in different ways, especially to support identification and evaluation of risk control options also at the organisational level. Conditional probabilities for the BBN have been estimated by means of experts’ judgments, collected from an international panel of different European countries. Finally, a sensitivity analysis has been carried out over the model to identify configurations of the MTS leading to a significant reduction of accident probability during the operation of the HSC.     

How to avoid the generation of logic loops in the construction of fault trees

Generation of an infinite series of identical sub-trees may occur during the construction of a Fault Tree (FT) when one item of equipment in a plant is considered several times in the same sub-tree in the course of the tree extraction from a HazOp (Hazard Operability analysis) analysis.Generation of loops in the construction of an FT can be avoided by means of an ad hoc logical analysis in which certain simple rules of syntax are taken into account.A radical solution, however, can be obtained if identification of unwanted events in a process plant is not undertaken with conventional procedures, such as HazOp (Operability Analysis with guide words, failure mode and effect analysis (FMEA) etc.), but with a more modern and structured version, such as Recursive Operability Analysis (ROA), which is both systematic and complete, and allows direct extraction of logic trees, (FT, event trees, etc.) for subsequent quantification. This feature means that, by contrast with conventional operability analysis, the congruence of the ROA itself can be checked.The ROA method is illustrated in this paper with the aid of some simple examples.     

Evaluation of malignant anthrax spore dispersion in high-rise buildings

Analysis of the dispersion of malignant anthrax spores in a 50-story tower block after a terrorist act has been carried out. A computer model of the aerosol dispersion in the case of intensive small-scale convection equalizing the concentration of malignant anthrax spores in separate rooms of the building has been developed. The model permits predicting the time interval needed for the spores to disperse. It has been shown that the release of even a relatively small amount of malignant anthrax spores can lead to a dangerous contamination of the whole building.Translated from Inzhenerno-Fizicheskii Zhurnal, Vol. 77, No. 6, pp. 79–89, November–December, 2004.     

AN 0 (N log N) HEURISTIC ALGORITHM FOR THE RECTILINEAR STEINER MINIMAL TREE PROBLEM

This paper presents an 0 (n log n) heuristic algorithm for the Rectilinear Steiner Minimal Tree (RSMT) problem. The algorithm is based on a decomposition approach which first partitions the vertex set into triangles via the L₁ Delaunay triangulation, then constructs the Steiner minimal tree according to the properties of the Voronoi diagram and the Minimum Spanning Tree (MST) of the point set. The algorithm was implemented in FORTRAN-IV and tested on a number of randomly generated point sets in the plane drawn from a uniform distribution. Comparison of the 0 (n log n) algorithms with 0 (n₄) algorithms indicates that the 0 (n log n) algorithm achieves equally good reductions over the MST although the 0 (n₄) algorithms actually examine more potential Steiner points and RSMT configurations.