Basic Level 1. PSA course for analysts - IAEA...Event tree modelling Special aspects of scenario development Operator actions in the accident sequence Treatment of dependencies in

Basic Level 1. PSA course for analystsBasic Level 1. PSA course for analysts

Accident Sequence modellingAccident Sequence modelling

IAEA Training in level 1 PSA and PSA applications

Accident Sequence modelling

Slide 2.

ContentContent

Event tree modellingSpecial aspects of scenario developmentOperator actions in the accident sequence Treatment of dependencies in the accident sequenceExperience from reviews

Event tree modellingEvent tree modellingSpecial aspects of scenario developmentSpecial aspects of scenario developmentOperator actions in the accident sequence Operator actions in the accident sequence Treatment of dependencies in the accident Treatment of dependencies in the accident sequencesequenceExperience from reviewsExperience from reviews


Slide 3.

Event TreesEvent Trees

DISPLAY SEQUENCE PROGRESSION

DISPLAY SEQUENCE END STATES

DISPLAY SEQUENCE-SPECIFIC DEPENDENCIESPHYSICAL (SYSTEMS)FUNCTIONAL (SUCCESS CRITERIA)HUMAN

IMPROVED UNDERSTANDING OF MODELSANALYSTS / USERSPLANT PERSONNELREVIEWERS

DISPLAY SEQUENCE PROGRESSIONDISPLAY SEQUENCE PROGRESSION

DISPLAY SEQUENCE END STATESDISPLAY SEQUENCE END STATES

DISPLAY SEQUENCEDISPLAY SEQUENCE--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIESPHYSICAL (SYSTEMS)PHYSICAL (SYSTEMS)FUNCTIONAL (SUCCESS CRITERIA)FUNCTIONAL (SUCCESS CRITERIA)HUMANHUMAN

IMPROVED UNDERSTANDING OF MODELSIMPROVED UNDERSTANDING OF MODELSANALYSTS / USERSANALYSTS / USERSPLANT PERSONNELPLANT PERSONNELREVIEWERSREVIEWERS


Slide 4.

TRANSIENTTRANSIENT--INDUCED IMPACTSINDUCED IMPACTS

LOCAsPRIMARY OVERPRESSUREREACTOR COOLANT PUMP SEAL FAILUREMAKEUP / LETDOWN

OVERCOOLINGSECONDARY OVERPRESSURESTUCK-OPEN RELIEF / SAFETY VALVES

ATWS

OPERATOR ACTIONS

LOCAsLOCAsPRIMARY OVERPRESSUREPRIMARY OVERPRESSUREREACTOR COOLANT PUMP SEAL FAILUREREACTOR COOLANT PUMP SEAL FAILUREMAKEUP / LETDOWNMAKEUP / LETDOWN

OVERCOOLINGOVERCOOLINGSECONDARY OVERPRESSURESECONDARY OVERPRESSURESTUCKSTUCK--OPEN RELIEF / SAFETY VALVESOPEN RELIEF / SAFETY VALVES

ATWSATWS

OPERATOR ACTIONSOPERATOR ACTIONS


Slide 5.

TRANSIENTTRANSIENT--INDUCED INDUCED LOCAsLOCAs

ADD TO LOCA INITIATING EVENT FREQUENCYLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE DEPENDENCIESSIMPLIFIED EVENT TREESSIMPLIFIED SYSTEM MODELS

ADD SEPARATE EVENT TREE TOP EVENTRETAIN DEPENDENCIESEVENT TREES MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXBETTER UNDERSTANDING OF MODELS / RESULTS

ADD TO LOCA INITIATING EVENT FREQUENCYADD TO LOCA INITIATING EVENT FREQUENCYLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE DEPENDENCIESLOSE DEPENDENCIESSIMPLIFIED EVENT TREESSIMPLIFIED EVENT TREESSIMPLIFIED SYSTEM MODELSSIMPLIFIED SYSTEM MODELS

ADD SEPARATE EVENT TREE TOP EVENTADD SEPARATE EVENT TREE TOP EVENTRETAIN DEPENDENCIESRETAIN DEPENDENCIESEVENT TREES MORE COMPLEXEVENT TREES MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXBETTER UNDERSTANDING OF MODELS / RESULTSBETTER UNDERSTANDING OF MODELS / RESULTS


Slide 6.

OVERCOOLING SCENARIOSOVERCOOLING SCENARIOS

PRESSURIZED THERMAL SHOCK (PTS)MAY BE SIGNIFICANT PLANT-SPECIFIC PROBLEMWELD MATERIALDOCUMENTATIONINSPECTIONS

AUTOMATIC SIGNALSSECONDARY ISOLATION (STEAM AND/OR FEED)SAFEGUARDS ACTUATIONAFFECT SEQUENCE PROGRESSIONAFFECT AVAILABLE SYSTEMS

PRESSURIZED THERMAL SHOCK (PTS)PRESSURIZED THERMAL SHOCK (PTS)MAY BE SIGNIFICANT PLANTMAY BE SIGNIFICANT PLANT--SPECIFIC PROBLEMSPECIFIC PROBLEMWELD MATERIALWELD MATERIALDOCUMENTATIONDOCUMENTATIONINSPECTIONSINSPECTIONS

AUTOMATIC SIGNALSAUTOMATIC SIGNALSSECONDARY ISOLATION (STEAM AND/OR FEED)SECONDARY ISOLATION (STEAM AND/OR FEED)SAFEGUARDS ACTUATIONSAFEGUARDS ACTUATIONAFFECT SEQUENCE PROGRESSIONAFFECT SEQUENCE PROGRESSIONAFFECT AVAILABLE SYSTEMSAFFECT AVAILABLE SYSTEMS


Slide 7.

ATWS SCENARIOSATWS SCENARIOS

REACTOR SHUTDOWN SUCCESS CRITERIA

SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)

MECHANICAL FAILURES (CONTROL RODS)

ALTERNATE SHUTDOWN OPTIONSTIME WINDOWSUCCESS CRITERIAAVAILABLE SYSTEMSOPERATOR ACTIONS

REACTOR SHUTDOWN SUCCESS CRITERIAREACTOR SHUTDOWN SUCCESS CRITERIA

SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)

MECHANICAL FAILURES (CONTROL RODS)MECHANICAL FAILURES (CONTROL RODS)

ALTERNATE SHUTDOWN OPTIONSALTERNATE SHUTDOWN OPTIONSTIME WINDOWTIME WINDOWSUCCESS CRITERIASUCCESS CRITERIAAVAILABLE SYSTEMSAVAILABLE SYSTEMSOPERATOR ACTIONSOPERATOR ACTIONS


Slide 8.

ATWS MODELSATWS MODELS

CORE NUCLEAR POWER

PRIMARY / SECONDARY ENERGY BALANCE

FEEDWATER SUCCESS CRITERIA

PRIMARY PRESSURE RESPONSE

ENERGY RELEASE INTO CONTAINMENT

CORE NUCLEAR POWERCORE NUCLEAR POWER

PRIMARY / SECONDARY ENERGY BALANCEPRIMARY / SECONDARY ENERGY BALANCE

FEEDWATER SUCCESS CRITERIAFEEDWATER SUCCESS CRITERIA

PRIMARY PRESSURE RESPONSEPRIMARY PRESSURE RESPONSE

ENERGY RELEASE INTO CONTAINMENTENERGY RELEASE INTO CONTAINMENT


Slide 9.

OPERATOR ACTIONS AFTER INITIATING EVENTOPERATOR ACTIONS AFTER INITIATING EVENT

ACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURES

USE OF ALTERNATE EQUIPMENT

REALIGNMENT OF SYSTEMS

MANUAL BACKUP TO AUTOMATIC SIGNALS

REPAIR / RECOVERY OF FAILED EQUIPMENT

NO FUNDAMENTAL DIFFERENCE BETWEEN “PROCEDURE-DIRECTED” ACTIONS AND “RECOVERY” ACTIONS

ACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURESACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURES

USE OF ALTERNATE EQUIPMENTUSE OF ALTERNATE EQUIPMENT

REALIGNMENT OF SYSTEMSREALIGNMENT OF SYSTEMS

MANUAL BACKUP TO AUTOMATIC SIGNALSMANUAL BACKUP TO AUTOMATIC SIGNALS

REPAIR / RECOVERY OF FAILED EQUIPMENTREPAIR / RECOVERY OF FAILED EQUIPMENT

NO FUNDAMENTAL DIFFERENCE BETWEEN NO FUNDAMENTAL DIFFERENCE BETWEEN ““PROCEDUREPROCEDURE--DIRECTEDDIRECTED”” ACTIONS AND ACTIONS AND ““RECOVERYRECOVERY”” ACTIONSACTIONS


Slide 10.

MODELLING PROCESSMODELLING PROCESS

DEFINE THE ACTION

ADD THE ACTION TO THE PSA LOGIC MODELS

EVALUATE THE LIKELIHOOD OF HUMAN ERROR

DEFINE THE ACTIONDEFINE THE ACTION

ADD THE ACTION TO THE PSA LOGIC MODELSADD THE ACTION TO THE PSA LOGIC MODELS

EVALUATE THE LIKELIHOOD OF HUMAN ERROREVALUATE THE LIKELIHOOD OF HUMAN ERROR


Slide 11.

DEFINE THE ACTIONDEFINE THE ACTION

SUCCESS CRITERIA

BOUNDARY CONDITIONS

TIMING

SUCCESS CRITERIASUCCESS CRITERIA

BOUNDARY CONDITIONSBOUNDARY CONDITIONS

TIMINGTIMING


Slide 12.

SUCCESS CRITERIASUCCESS CRITERIA

WHAT IS THE OPERATOR REQUIRED TO DO?

HOW MANY OPERATORS ARE REQUIRED?

WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS REQUIRED?

WHERE MUST THE ACTION BE PERFORMED?

WHAT IS THE OPERATOR REQUIRED TO DO?WHAT IS THE OPERATOR REQUIRED TO DO?

HOW MANY OPERATORS ARE REQUIRED?HOW MANY OPERATORS ARE REQUIRED?

WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS REQUIRED?REQUIRED?

WHERE MUST THE ACTION BE PERFORMED?WHERE MUST THE ACTION BE PERFORMED?


Slide 13.

BOUNDARY CONDITIONSBOUNDARY CONDITIONS

WHAT IS THE INITIATING EVENT?

WHAT PRECEDING SYSTEM FAILURES (OR SUCCESSES) HAVE OCCURRED?

WHAT PRECEDING OPERATOR ACTIONS HAVE OCCURRED?

WHAT IS THE INITIATING EVENT?WHAT IS THE INITIATING EVENT?

WHAT PRECEDING SYSTEM FAILURES (OR WHAT PRECEDING SYSTEM FAILURES (OR SUCCESSES) HAVE OCCURRED?SUCCESSES) HAVE OCCURRED?

WHAT PRECEDING OPERATOR ACTIONS HAVE WHAT PRECEDING OPERATOR ACTIONS HAVE OCCURRED?OCCURRED?


Slide 14.

TIMINGTIMING

WHEN IS THE ACTION REQUIRED?

HOW MUCH TIME IS AVAILABLE TO COMPLETE THE ACTION?

HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?

WHEN IS THE ACTION REQUIRED?WHEN IS THE ACTION REQUIRED?

HOW MUCH TIME IS AVAILABLE TO COMPLETE THE HOW MUCH TIME IS AVAILABLE TO COMPLETE THE ACTION?ACTION?

HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?


Slide 15.

GENERAL RECOMMENDATIONSGENERAL RECOMMENDATIONS

EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR SCENARIOS

INITIATING EVENTTIME WINDOW FOR OPERATOR RESPONSEPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPROCEDURAL GUIDANCE AND TRAINING

BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR ACTIONS IN EVENT TREES AND/OR FAULT TREES

EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR SCENARIOSSCENARIOS

INITIATING EVENTINITIATING EVENTTIME WINDOW FOR OPERATOR RESPONSETIME WINDOW FOR OPERATOR RESPONSEPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPROCEDURAL GUIDANCE AND TRAININGPROCEDURAL GUIDANCE AND TRAINING

BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR ACTIONS IN EVENT TREES AND/OR FAULT TREESACTIONS IN EVENT TREES AND/OR FAULT TREES


Slide 16.

PROBLEM DEFINITIONPROBLEM DEFINITION

DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DURING EARLY DEVELOPMENT OF PSA MODELS

INITIATING EVENT GROUPS

FUNCTION AND SYSTEM SUCCESS CRITERIA

IDENTIFY WHERE OPERATORS MUST CONTROL FUNCTIONS AND SYSTEMS

BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)

DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DURING EARLY DEVELOPMENT OF PSA MODELSDURING EARLY DEVELOPMENT OF PSA MODELS

INITIATING EVENT GROUPSINITIATING EVENT GROUPS

FUNCTION AND SYSTEM SUCCESS CRITERIAFUNCTION AND SYSTEM SUCCESS CRITERIA

IDENTIFY WHERE OPERATORS MUST CONTROL IDENTIFY WHERE OPERATORS MUST CONTROL FUNCTIONS AND SYSTEMSFUNCTIONS AND SYSTEMS

BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)


Slide 17.

PROBLEM DEFINITIONPROBLEM DEFINITION

SPECIFY OPERATOR ACTIONS IN TERMS OF HIGH-LEVEL FUNCTIONAL DESCRIPTIONS

START BLEED AND FEED COOLING (PWR)DEPRESSURIZE REACTOR (BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)OPEN CONTAINMENT VENT (LEVEL 2)

DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA MODELS

SPECIFY OPERATOR ACTIONS IN TERMS OF HIGHSPECIFY OPERATOR ACTIONS IN TERMS OF HIGH--LEVEL FUNCTIONAL DESCRIPTIONSLEVEL FUNCTIONAL DESCRIPTIONS

START BLEED AND FEED COOLING (PWR)START BLEED AND FEED COOLING (PWR)DEPRESSURIZE REACTOR (BWR)DEPRESSURIZE REACTOR (BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)OPEN CONTAINMENT VENT (LEVEL 2)OPEN CONTAINMENT VENT (LEVEL 2)

DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA MODELSMODELS


Slide 18.

BREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENT

DETERMINE HOW PROCEDURES DIRECT OPERATOR RESPONSE

SYMPTOM-BASED VS. EVENT-BASED PROCEDURESOPTIONS DEPEND ON PLANT STATUS

DETERMINE HOW OPERATOR RESPONSE AFFECTS EVENT PROGRESSION

SUCCESSFUL PERFORMANCE OF PROCEDURAL GUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEPOSSIBLE ALTERNATE ACTIONS

DETERMINE HOW PROCEDURES DIRECT OPERATOR DETERMINE HOW PROCEDURES DIRECT OPERATOR RESPONSERESPONSE

SYMPTOMSYMPTOM--BASED VS. EVENTBASED VS. EVENT--BASED PROCEDURESBASED PROCEDURESOPTIONS DEPEND ON PLANT STATUSOPTIONS DEPEND ON PLANT STATUS

DETERMINE HOW OPERATOR RESPONSE AFFECTS DETERMINE HOW OPERATOR RESPONSE AFFECTS EVENT PROGRESSIONEVENT PROGRESSION

SUCCESSFUL PERFORMANCE OF PROCEDURAL SUCCESSFUL PERFORMANCE OF PROCEDURAL GUIDANCEGUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEPOSSIBLE ALTERNATE ACTIONSPOSSIBLE ALTERNATE ACTIONS


Slide 19.

BREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENT

IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT PROGRESSION

UNDERSTAND HOW MONITORED PARAMETERS AND ALARMS CHANGE WITH PLANT STATUS AND TIME

IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT WITH NORMAL PROCEDURAL ASSUMPTIONS

INITIATING EVENTEQUIPMENT FAILURESPRECEDING ERRORS

IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT PROGRESSIONPROGRESSION

UNDERSTAND HOW MONITORED PARAMETERS AND UNDERSTAND HOW MONITORED PARAMETERS AND ALARMS CHANGE WITH PLANT STATUS AND TIMEALARMS CHANGE WITH PLANT STATUS AND TIME

IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT WITH NORMAL PROCEDURAL ASSUMPTIONSWITH NORMAL PROCEDURAL ASSUMPTIONS

INITIATING EVENTINITIATING EVENTEQUIPMENT FAILURESEQUIPMENT FAILURESPRECEDING ERRORSPRECEDING ERRORS


Slide 20.

PSA MODEL INTEGRATIONPSA MODEL INTEGRATION

OPERATOR ACTIONS MUST ACCOUNT FOR SCENARIO-SPECIFIC DEPENDENCIES

TIME WINDOW FOR RESPONSEHARDWARE AVAILABILITYPRIOR OPERATOR ACTIONS

IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES BETWEEN MULTIPLE ACTIONS WITHIN A SCENARIO

OPERATOR ACTIONS MUST ACCOUNT FOR SCENARIOOPERATOR ACTIONS MUST ACCOUNT FOR SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIES

TIME WINDOW FOR RESPONSETIME WINDOW FOR RESPONSEHARDWARE AVAILABILITYHARDWARE AVAILABILITYPRIOR OPERATOR ACTIONSPRIOR OPERATOR ACTIONS

IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES BETWEEN MULTIPLE ACTIONS WITHIN A SCENARIOBETWEEN MULTIPLE ACTIONS WITHIN A SCENARIO


Slide 21.

DEFINITION OF OPERATOR ACTION FOR PSA DEFINITION OF OPERATOR ACTION FOR PSA QUANTIFICATIONQUANTIFICATION

IDENTIFY SPECIFIC APPLICABLE SCENARIOSINITIATING EVENTSFUNCTIONAL SCENARIO PROGRESSIONHARDWARE AVAILABILITY

TIME WINDOW FOR RESPONSE

CUE-RESPONSE STRUCTURE

PROCEDURE DIRECTIONS

DEPENDENCIES WITH OTHER ACTIONS

IDENTIFY SPECIFIC APPLICABLE SCENARIOSIDENTIFY SPECIFIC APPLICABLE SCENARIOSINITIATING EVENTSINITIATING EVENTSFUNCTIONAL SCENARIO PROGRESSIONFUNCTIONAL SCENARIO PROGRESSIONHARDWARE AVAILABILITYHARDWARE AVAILABILITY

TIME WINDOW FOR RESPONSETIME WINDOW FOR RESPONSE

CUECUE--RESPONSE STRUCTURERESPONSE STRUCTURE

PROCEDURE DIRECTIONSPROCEDURE DIRECTIONS

DEPENDENCIES WITH OTHER ACTIONSDEPENDENCIES WITH OTHER ACTIONS


Slide 22.

HUMAN ACTION DEPENDENCIESHUMAN ACTION DEPENDENCIES

COGNITIVE DEPENDENCIESCOMMON AREAS - MULTIPLE ACTIONS INITIATED BY A SINGLE CUECOMMON GOALS - MULTIPLE POSSIBLE ACTIONS TO ACHIEVE THE SAME FUNCTIONCOMMON TRAINING AND EXPERIENCE

TIME AVAILABILITYSEQUENTIAL OR COORDINATED ACTIONS LIMITED BY TIMEPARALLEL ACTIONS LIMITED BY MANPOWER

COGNITIVE DEPENDENCIESCOGNITIVE DEPENDENCIESCOMMON AREAS COMMON AREAS -- MULTIPLE ACTIONS INITIATED BY MULTIPLE ACTIONS INITIATED BY A SINGLE CUEA SINGLE CUECOMMON GOALS COMMON GOALS -- MULTIPLE POSSIBLE ACTIONS TO MULTIPLE POSSIBLE ACTIONS TO ACHIEVE THE SAME FUNCTIONACHIEVE THE SAME FUNCTIONCOMMON TRAINING AND EXPERIENCECOMMON TRAINING AND EXPERIENCE

TIME AVAILABILITYTIME AVAILABILITYSEQUENTIAL OR COORDINATED ACTIONS LIMITED SEQUENTIAL OR COORDINATED ACTIONS LIMITED BY TIMEBY TIMEPARALLEL ACTIONS LIMITED BY MANPOWERPARALLEL ACTIONS LIMITED BY MANPOWER


Slide 23.

EXAMPLE: EXAMPLE: TWO MANUALLYTWO MANUALLY--INITIATED FUNCTIONSINITIATED FUNCTIONS

CORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAIL

FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)

FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)

FUNCTION A “PREFERRED”, FUNCTION B “ALTERNATE”

NOMINAL VALUES: HDWA = 5.0E-04HDWB = 2.0E-03OPA = 1.0E-03OPB = 1.0E-02

CORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAILCORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAIL

FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)

FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)

FUNCTION A FUNCTION A ““PREFERREDPREFERRED””, FUNCTION B , FUNCTION B ““ALTERNATEALTERNATE””

NOMINAL VALUES:NOMINAL VALUES: HDWAHDWA == 5.0E5.0E--0404HDWBHDWB == 2.0E2.0E--0303OPAOPA == 1.0E1.0E--0303OPBOPB == 1.0E1.0E--0202


Slide 24.

EXAMPLE: EXAMPLE: ASSUMED COMPLETE INDEPENDENCE (GENERALLY ASSUMED COMPLETE INDEPENDENCE (GENERALLY INCORRECT)INCORRECT)

FOUR INDEPENDENT CUTSETS:

HDWA * HDWB = 1.0E-06HDWA * OPB = 5.0E-06OPA * HDWB = 2.0E-06OPA * OPB = 1.0E-05

CORE DAMAGE FREQUENCY: 1.8E-05

FOUR INDEPENDENT CUTSETS:FOUR INDEPENDENT CUTSETS:

HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606HDWA * OPBHDWA * OPB == 5.0E5.0E--0606OPA * HDWBOPA * HDWB == 2.0E2.0E--0606OPA * OPBOPA * OPB == 1.0E1.0E--0505

CORE DAMAGE FREQUENCY:CORE DAMAGE FREQUENCY: 1.8E1.8E--0505


Slide 25.

EXAMPLE: EXAMPLE: COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)

IF OPERATORS FAIL TO PERFORM “PREFERRED”ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM “ALTERNATE” ACTION OPB

ONE FUNCTIONAL ACTION: OPA = OPB = OP

TWO CUTSETS:

HDWA * HDWB = 1.0E-06OP = 1.0E-03


IF OPERATORS FAIL TO PERFORM IF OPERATORS FAIL TO PERFORM ““PREFERREDPREFERRED””ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM ““ALTERNATEALTERNATE”” ACTION OPBACTION OPB

ONE FUNCTIONAL ACTION:ONE FUNCTIONAL ACTION: OPA = OPB = OPOPA = OPB = OP

TWO CUTSETS:TWO CUTSETS:

HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606OPOP == 1.0E1.0E--0303



Slide 26.

EXAMPLE: EXAMPLE: PARTIAL DEPENDENCE (MOST TYPICAL CASE)PARTIAL DEPENDENCE (MOST TYPICAL CASE)

IF OPERATORS FAIL TO PERFORM “PREFERRED”ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO FAIL TO PERFORM “ALTERNATE” ACTION OPB

THREE FUNCTIONAL ACTIONS:

OPA (NOMINAL ACTION) 1.0E-03OPB1 (AFTER SUCCESS OF OPA) 5.0E-03OPB2 (AFTER FAILURE OF OPA) 1.0E-01

IF OPERATORS FAIL TO PERFORM IF OPERATORS FAIL TO PERFORM ““PREFERREDPREFERRED””ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO FAIL TO PERFORM FAIL TO PERFORM ““ALTERNATEALTERNATE”” ACTION OPBACTION OPB

THREE FUNCTIONAL ACTIONS:THREE FUNCTIONAL ACTIONS:

OPA (NOMINAL ACTION)OPA (NOMINAL ACTION) 1.0E1.0E--0303OPB1 (AFTER SUCCESS OF OPA)OPB1 (AFTER SUCCESS OF OPA) 5.0E5.0E--0303OPB2 (AFTER FAILURE OF OPA)OPB2 (AFTER FAILURE OF OPA) 1.0E1.0E--0101


Slide 27.

EXAMPLE: EXAMPLE: PARTIAL DEPENDENCE (MOST TYPICAL CASE)PARTIAL DEPENDENCE (MOST TYPICAL CASE)

FOUR CORRELATED CUTSETS:

HDWA * HDWB = 1.0E-06HDWA * OPB1 = 2.5E-05OPA * HDWB = 2.0E-06OPA * OPB2 = 1.0E-04


FOUR CORRELATED CUTSETS:FOUR CORRELATED CUTSETS:

HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606HDWA * OPB1HDWA * OPB1 == 2.5E2.5E--0505OPA * HDWBOPA * HDWB == 2.0E2.0E--0606OPA * OPB2OPA * OPB2 == 1.0E1.0E--0404



Slide 28.

ADD THE ACTION TO THE PSA LOGIC MODELSADD THE ACTION TO THE PSA LOGIC MODELS

REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY DIFFERENT RESPONSE SCENARIOS

GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS ON OPERATOR RESPONSE

DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP OF SCENARIOS

AVOID DIRECT COMBINATION OF OPERATOR ACTIONS WITH SYSTEM HARDWARE FAILURES

MODELS MUST ACCOUNT FOR DEPENDENCIES IN SCENARIOS THAT INCLUDE MULTIPLE ACTIONS

REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY DIFFERENT RESPONSE SCENARIOSDIFFERENT RESPONSE SCENARIOS

GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS ON OPERATOR RESPONSEON OPERATOR RESPONSE

DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP OF SCENARIOSOF SCENARIOS

AVOID DIRECT COMBINATION OF OPERATOR ACTIONS AVOID DIRECT COMBINATION OF OPERATOR ACTIONS WITH SYSTEM HARDWARE FAILURESWITH SYSTEM HARDWARE FAILURES

MODELS MUST ACCOUNT FOR DEPENDENCIES IN MODELS MUST ACCOUNT FOR DEPENDENCIES IN SCENARIOS THAT INCLUDE MULTIPLE ACTIONSSCENARIOS THAT INCLUDE MULTIPLE ACTIONS


Slide 29.

ACTIONS IN FAULT TREES: EVENT TREE LOGICACTIONS IN FAULT TREES: EVENT TREE LOGIC

A B __________________________ 1

| |________ 2|_________________ 3

|________ 4

A = OPA + (1-OPA) * (HDWA)

B = OPB + (1-OPB) * (HDWB)


Slide 30.

ACTIONS IN FAULT TREES: SEQUENCE RESULTSACTIONS IN FAULT TREES: SEQUENCE RESULTS

SEQUENCE CUTSET FORM EXPANDED FORM1 1 - (OPA + HDWA + OPB + HDWB) 1 - OPA - (1-OPA)*(HDWA) - OPB - (1-OPB)*(HDWB) +

(OPA)*(OPB) + (OPA)*(1-OPB)*(HDWB) +(1-OPA)*(HDWA)*(OPB) +(1-OPA)*(HDWA)*(1-OPB)*(HDWB)

2 OPB + HDWB OPB + (1-OPB)*(HDWB) - (OPA)*(OPB) -(1-OPA)*(HDWA)*(OPB) - (OPA)*(1-OPB)*(HDWB) -(1-OPA)*(HDWA)*(1-OPB)*(HDWB)

3 OPA + HDWA OPA + (1-OPA)*(HDWA) - (OPA)*(OPB) -(1-OPA)*(HDWA)*(OPB) - (OPA)*(1-OPB)*(HDWB) -(1-OPA)*(HDWA)*(1-OPB)*(HDWB)

4 (OPA)*(OPB) + (HDWA)*(OPB) +(OPA)*(HDWB) + (HDWA)*(HDWB)

(OPA)*(OPB) + (1-OPA)*(HDWA)*(OPB) +(OPA)*(1-OPB)*(HDWB) +(1-OPA)*(HDWA)*(1-OPB)*(HDWB)


Slide 31.

ACTIONS IN FAULT TREESACTIONS IN FAULT TREES

ADVANTAGESSIMPLER EVENT TREES

DISADVANTAGESMORE COMPLEX FAULT TREESMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIO-SPECIFIC DEPENDENCIESHOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS FOR CORRECT ACTIONS

GENERAL EXPERIENCE FROM REVIEWSPOOR TREATMENT OF OPERATOR ACTIONSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORS

ADVANTAGESADVANTAGESSIMPLER EVENT TREESSIMPLER EVENT TREES

DISADVANTAGESDISADVANTAGESMORE COMPLEX FAULT TREESMORE COMPLEX FAULT TREESMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIOMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIESHOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS HOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS FOR CORRECT ACTIONSFOR CORRECT ACTIONS

GENERAL EXPERIENCE FROM REVIEWSGENERAL EXPERIENCE FROM REVIEWSPOOR TREATMENT OF OPERATOR ACTIONSPOOR TREATMENT OF OPERATOR ACTIONSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORS


Slide 32.

ACTIONS IN EVENT TREES: EVENT TREE LOGICACTIONS IN EVENT TREES: EVENT TREE LOGIC

OPA HDWA OPB HDWB____________________________1_________________ 1

| | | | _______ 2| | | ________GF_______ 3| | ________2_________________ 4| | | _______ 5| | ________GF_______ 6| ________GF________3_________________ 7

| | _______ 8| ________GF_______ 9

"GF" DENOTES SYSTEM FAILURE IF OPERATOR ACTIONFAILS


Slide 33.

ACTIONS IN EVENT TREES: SEQUENCE RESULTSACTIONS IN EVENT TREES: SEQUENCE RESULTS

SEQUENCE CUTSET FORM EXPANDED FORM1 1 - (OPA + HDWA + OPB1 + HDWB) (1 - OPA)*(1 - HDWA)*(1 - OPB1)*(1 - HDWB)2 HDWB (1 - OPA)*(1 - HDWA)*(1 - OPB1)*(HDWB)3 OPB1 (1 - OPA)*(1 - HDWA)*(OPB1)4 HDWA (1 - OPA)*(HDWA)*(1 - OPB2)*(1 - HDWB)5 HDWA * HDWB (1 - OPA)*(HDWA)*(1 - OPB2)*(HDWB)6 HDWA * OPB2 (1 - OPA)*(HDWA)*(OPB2)7 OPA (OPA)*(1 - OPB3)*(1 - HDWB)8 OPA * HDWB (OPA)*(1 - OPB3)*(HDWB)9 OPA * OPB3 (OPA)*(OPB3)


Slide 34.

ACTIONS IN EVENT TREESACTIONS IN EVENT TREES

ADVANTAGESSIMPLER FAULT TREESEASIER FOR ANALYSTS TO IDENTIFY SCENARIO-SPECIFIC DEPENDENCIES

DISADVANTAGESMORE COMPLEX EVENT TREESBRANCH POINT CONDITIONS TO DEFINE CORRECT ACTIONS

GENERAL EXPERIENCE FROM REVIEWSIMPROVED TREATMENT OF OPERATOR ACTIONSREALISTIC QUANTIFICATION OF COMBINED ERRORS

ADVANTAGESADVANTAGESSIMPLER FAULT TREESSIMPLER FAULT TREESEASIER FOR ANALYSTS TO IDENTIFY SCENARIOEASIER FOR ANALYSTS TO IDENTIFY SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIES

DISADVANTAGESDISADVANTAGESMORE COMPLEX EVENT TREESMORE COMPLEX EVENT TREESBRANCH POINT CONDITIONS TO DEFINE CORRECT BRANCH POINT CONDITIONS TO DEFINE CORRECT ACTIONSACTIONS

GENERAL EXPERIENCE FROM REVIEWSGENERAL EXPERIENCE FROM REVIEWSIMPROVED TREATMENT OF OPERATOR ACTIONSIMPROVED TREATMENT OF OPERATOR ACTIONSREALISTIC QUANTIFICATION OF COMBINED ERRORSREALISTIC QUANTIFICATION OF COMBINED ERRORS


Slide 35.

EXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS

POOR TREATMENT OF OPERATOR ACTION DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF PROBLEMS IN HRA RESULTS

“CONSERVATIVE SCREENING ERROR RATES” DO NOT NECESSARILY SOLVE THE PROBLEM

CUTSET EDITING AND POST-QUANTIFICATION “FIXES”ARE OFTEN INCOMPLETE

CANNOT EXAMINE CUTSETS THAT ARE OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF VALUES

POOR TREATMENT OF OPERATOR ACTION POOR TREATMENT OF OPERATOR ACTION DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF PROBLEMS IN HRA RESULTSPROBLEMS IN HRA RESULTS

““CONSERVATIVE SCREENING ERROR RATESCONSERVATIVE SCREENING ERROR RATES”” DO NOT DO NOT NECESSARILY SOLVE THE PROBLEMNECESSARILY SOLVE THE PROBLEM

CUTSET EDITING AND POSTCUTSET EDITING AND POST--QUANTIFICATION QUANTIFICATION ““FIXESFIXES””ARE OFTEN INCOMPLETEARE OFTEN INCOMPLETE

CANNOT EXAMINE CUTSETS THAT ARE CANNOT EXAMINE CUTSETS THAT ARE OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF VALUESVALUES


Slide 36.

EXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS

EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF FAULT TREES

ACTIONS DISTRIBUTED AMONG SEVERAL TREESNO INFORMATION ABOUT SEQUENCE PROGRESSION

DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF CUTSETS

FUNCTIONAL IMPACTS FROM SEQUENCETIME LIMITATIONS FROM SEQUENCE PROGRESSIONHUMAN COGNITIVE DEPENDENCIES

ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR DEPENDENCIES IF THEY ARE CLEARLY DISPLAYED

EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF FAULT TREESEXAMINATION OF FAULT TREES

ACTIONS DISTRIBUTED AMONG SEVERAL TREESACTIONS DISTRIBUTED AMONG SEVERAL TREESNO INFORMATION ABOUT SEQUENCE PROGRESSIONNO INFORMATION ABOUT SEQUENCE PROGRESSION

DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF CUTSETSCUTSETS

FUNCTIONAL IMPACTS FROM SEQUENCEFUNCTIONAL IMPACTS FROM SEQUENCETIME LIMITATIONS FROM SEQUENCE PROGRESSIONTIME LIMITATIONS FROM SEQUENCE PROGRESSIONHUMAN COGNITIVE DEPENDENCIESHUMAN COGNITIVE DEPENDENCIES

ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR DEPENDENCIES IF THEY ARE CLEARLYDEPENDENCIES IF THEY ARE CLEARLY DISPLAYEDDISPLAYED

Basic Level 1. PSA course for analystsContentEvent TreesTRANSIENT-INDUCED IMPACTSTRANSIENT-INDUCED LOCAsOVERCOOLING SCENARIOSATWS SCENARIOSATWS MODELSOPERATOR ACTIONS AFTER INITIATING EVENTMODELLING PROCESSDEFINE THE ACTIONSUCCESS CRITERIABOUNDARY CONDITIONSTIMINGGENERAL RECOMMENDATIONSPROBLEM DEFINITIONPROBLEM DEFINITIONBREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENTPSA MODEL INTEGRATIONDEFINITION OF OPERATOR ACTION FOR PSA QUANTIFICATIONHUMAN ACTION DEPENDENCIESEXAMPLE: �TWO MANUALLY-INITIATED FUNCTIONSEXAMPLE: �ASSUMED COMPLETE INDEPENDENCE (GENERALLY INCORRECT)EXAMPLE: �COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)EXAMPLE: �PARTIAL DEPENDENCE (MOST TYPICAL CASE)EXAMPLE: �PARTIAL DEPENDENCE (MOST TYPICAL CASE)ADD THE ACTION TO THE PSA LOGIC MODELSACTIONS IN FAULT TREES: EVENT TREE LOGICACTIONS IN FAULT TREES: SEQUENCE RESULTSACTIONS IN FAULT TREESACTIONS IN EVENT TREES: EVENT TREE LOGICACTIONS IN EVENT TREES: SEQUENCE RESULTSACTIONS IN EVENT TREESEXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS

Documents

Basic Level 1. PSA course for analysts - IAEA...Event tree modelling Special aspects of scenario development Operator actions in the accident sequence Treatment of dependencies in