10.1 Introduction

10.1.1 Purpose

The purpose of this chapter is to provide guidance on “how to” perform a human reliability analysis (HRA). The methodology provided is not intended to be used as a cookbook. Each situation requiring an HRA is different. The references provide more detailed instructions, alternative methods, and estimations of human error probability (HEP) values (1).

10.1.2 Background

The need for a methodical approach to perform HRAs originated from the need to perform probabilistic risk assessments (PRAs) and probabilistic safety assessments (PSAs). For this document, PRA and PSA are considered interchangeable and only PRAs will be referred to. While nuclear power plants may be the first processes to come to mind when discussing PRAs and HRAs, PRAs are performed on many processes or activities. Examples are the assembly and disassembly of nuclear weapons, petroleum refinery operations, chemical processing plants, and so on.

PRAs typically focus on equipment failures. HRAs may be used to analyze the human response to an equipment failure. The PRA may also include a section that discusses the probability of human failure being the initiating event. Even if a full-scale PRA is not performed, an HRA may be beneficial. Any process or activity that involves humans is susceptible to human error. HRAs are used to quantify the probability of human errors. HRAs can also be used to identify steps or activities in the process that can be targeted for changes that could reduce the probability of human error (2).

The basic steps to perform an HRA include:

1. bounding the system;
2. task analysis;
3. HRA modeling;
4. quantifying the HEP;
5. documentation;
6. methodology.

10.1.3 Bounding the System

Bounding of the system to be analyzed is probably one of the most important steps in the performance of an HRA. The system being discussed is not a physical system but is a series of steps or actions that involve the potential for human failure.

As stated above, HRAs are typically performed in support of a PRA. The PRA may identify an equipment or human failure that requires a human to respond to mitigate the failure. For example, the failure may be the trip of a pump and the human is required to start the other pump. While the PRA would analyze the entire failure sequence, the HRA would focus only on the human involvement (i.e., the probability of human failure, in the sequence of events).

The same holds true for the failure sequences in the PRA that are initiated by a human error. There may be automatic system responses that occur, as a result of the initiating human error, but again, the HRA would focus on the probability of human failure.

For example, one accident usually analyzed in a nuclear power plant PRA is a rupture in the reactor piping. This accident is commonly called a loss-of-coolant accident or LOCA. A small portion of the sequence of events in a LOCA would be

1. reactor coolant system rupture;
2. drywell pressure reaches 2 psig;
3. emergency core cooling system (ECCS) initiates;
4. reactor SCRAM (safety control rod axe man) signal initiated;
5. containment building isolates;
6. emergency ventilation systems start.

To help to keep track of the different HRAs, each should be given a descriptive title. The sequence of events for a LOCA is referred to as the LOCA sequence. The titles in the different sequences are identified in parentheses.

The sequences and their relationship should be laid out using logic diagrams.

The operators must take numerous actions as part of the LOCA sequence. For example, the operators must

1. verify the ECCS initiates (ECCS Initiate);
2. take the actions for the reactor SCRAM (SCRAM Actions);
3. verify that the containment building isolates (Cnmt Isolation);
4. verify that the emergency ventilation systems start (Emerg Vent Start).

In addition to verifying each of the automatic actions, if an automatic action does not occur, the operators must manually perform the action or take alternative action. For example, if the ECCS pumps do not automatically initiate, the operators must manually start the pumps. There are also numerous manual actions that must be taken such as shutting down the generator, starting the equipment to mitigate hydrogen production, and so on. Each of the sequence of steps would have a probability of failure.

As you can see, this can easily get very complex, very fast. As a rule of thumb, each individual HRA should be bounded to a series of steps that have a measurable beginning and end (i.e., the start point and successful completion of the steps can be distinctly identified). These will be broken down to the lowest level possible.

As an example, look at the SCRAM Actions sequence. This sequence breaks down into nine separate steps.

1. All control rods insert into the reactor core.
2. The operator places the reactor mode switch in the shutdown position (MS Shutdown).
3. The operator verifies all control rods fully inserted (Verify Rods Inserted).
4. The operator verifies reactor power is decreasing (Verify Rx Power).
5. The operator selects and inserts the source range and intermediate range monitors (they monitor reactor power at low power levels) (Insert SRM/IRM).
6. The operator verifies reactor vessel level to be within the correct band (Verify Rx Level).
7. The operator verifies reactor pressure to be within the correct band (Verify Rx Pressure).
8. The operator verifies the reactor coolant pumps shift to slow speed (Verify RCP Downshift).
9. The operator shifts the feed water control system to single element (FW to Single Element).

Step 1 does not require human involvement. Therefore, they are excluded from the HRA but are included for continuity. Steps 2 through 9 require the involvement of a human, the operator, to be completed. The HRA for the SCRAM Actions sequence of steps would consist of several separate HRAs (i.e., an HRA for each step). A total probability of failure for the entire SCRAM Actions sequence can then be determined. The total probability for human failure of the SCRAM Actions sequence can then be used along with the probabilities determined for the other steps to determine the probability of failure for the LOCA sequence of events.

The steps will be broken down using task analysis into the separate actions the operator must perform. The HEPs will be determined for each of these steps.

10.1.4 Summary Points

  • The system will typically be defined as an accident sequence by the PRA.
  • The accident sequence should be broken down into its separate sequence of actions and steps.
  • These sequences should be further broken down into a series of steps that have a measurable beginning and an end.
  • Task analysis will break these steps down into the separate actions the operator must perform.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.40.189