Basic Level 1. PSA course for analystsBasic Level 1. PSA course for analysts
Accident Sequence modellingAccident Sequence modelling
IAEA Training in level 1 PSA and PSA applications
Accident Sequence modelling
Slide 2.
ContentContent
Event tree modellingSpecial aspects of scenario developmentOperator actions in the accident sequence Treatment of dependencies in the accident sequenceExperience from reviews
Event tree modellingEvent tree modellingSpecial aspects of scenario developmentSpecial aspects of scenario developmentOperator actions in the accident sequence Operator actions in the accident sequence Treatment of dependencies in the accident Treatment of dependencies in the accident sequencesequenceExperience from reviewsExperience from reviews
Accident Sequence modelling
Slide 3.
Event TreesEvent Trees
DISPLAY SEQUENCE PROGRESSION
DISPLAY SEQUENCE END STATES
DISPLAY SEQUENCE-SPECIFIC DEPENDENCIESPHYSICAL (SYSTEMS)FUNCTIONAL (SUCCESS CRITERIA)HUMAN
IMPROVED UNDERSTANDING OF MODELSANALYSTS / USERSPLANT PERSONNELREVIEWERS
DISPLAY SEQUENCE PROGRESSIONDISPLAY SEQUENCE PROGRESSION
DISPLAY SEQUENCE END STATESDISPLAY SEQUENCE END STATES
DISPLAY SEQUENCEDISPLAY SEQUENCE--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIESPHYSICAL (SYSTEMS)PHYSICAL (SYSTEMS)FUNCTIONAL (SUCCESS CRITERIA)FUNCTIONAL (SUCCESS CRITERIA)HUMANHUMAN
IMPROVED UNDERSTANDING OF MODELSIMPROVED UNDERSTANDING OF MODELSANALYSTS / USERSANALYSTS / USERSPLANT PERSONNELPLANT PERSONNELREVIEWERSREVIEWERS
Accident Sequence modelling
Slide 4.
TRANSIENTTRANSIENT--INDUCED IMPACTSINDUCED IMPACTS
LOCAsPRIMARY OVERPRESSUREREACTOR COOLANT PUMP SEAL FAILUREMAKEUP / LETDOWN
OVERCOOLINGSECONDARY OVERPRESSURESTUCK-OPEN RELIEF / SAFETY VALVES
ATWS
OPERATOR ACTIONS
LOCAsLOCAsPRIMARY OVERPRESSUREPRIMARY OVERPRESSUREREACTOR COOLANT PUMP SEAL FAILUREREACTOR COOLANT PUMP SEAL FAILUREMAKEUP / LETDOWNMAKEUP / LETDOWN
OVERCOOLINGOVERCOOLINGSECONDARY OVERPRESSURESECONDARY OVERPRESSURESTUCKSTUCK--OPEN RELIEF / SAFETY VALVESOPEN RELIEF / SAFETY VALVES
ATWSATWS
OPERATOR ACTIONSOPERATOR ACTIONS
Accident Sequence modelling
Slide 5.
TRANSIENTTRANSIENT--INDUCED INDUCED LOCAsLOCAs
ADD TO LOCA INITIATING EVENT FREQUENCYLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE DEPENDENCIESSIMPLIFIED EVENT TREESSIMPLIFIED SYSTEM MODELS
ADD SEPARATE EVENT TREE TOP EVENTRETAIN DEPENDENCIESEVENT TREES MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXBETTER UNDERSTANDING OF MODELS / RESULTS
ADD TO LOCA INITIATING EVENT FREQUENCYADD TO LOCA INITIATING EVENT FREQUENCYLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE ACTUAL INITIATING EVENT INFORMATIONLOSE DEPENDENCIESLOSE DEPENDENCIESSIMPLIFIED EVENT TREESSIMPLIFIED EVENT TREESSIMPLIFIED SYSTEM MODELSSIMPLIFIED SYSTEM MODELS
ADD SEPARATE EVENT TREE TOP EVENTADD SEPARATE EVENT TREE TOP EVENTRETAIN DEPENDENCIESRETAIN DEPENDENCIESEVENT TREES MORE COMPLEXEVENT TREES MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXINTERFACE WITH SYSTEMS MORE COMPLEXBETTER UNDERSTANDING OF MODELS / RESULTSBETTER UNDERSTANDING OF MODELS / RESULTS
Accident Sequence modelling
Slide 6.
OVERCOOLING SCENARIOSOVERCOOLING SCENARIOS
PRESSURIZED THERMAL SHOCK (PTS)MAY BE SIGNIFICANT PLANT-SPECIFIC PROBLEMWELD MATERIALDOCUMENTATIONINSPECTIONS
AUTOMATIC SIGNALSSECONDARY ISOLATION (STEAM AND/OR FEED)SAFEGUARDS ACTUATIONAFFECT SEQUENCE PROGRESSIONAFFECT AVAILABLE SYSTEMS
PRESSURIZED THERMAL SHOCK (PTS)PRESSURIZED THERMAL SHOCK (PTS)MAY BE SIGNIFICANT PLANTMAY BE SIGNIFICANT PLANT--SPECIFIC PROBLEMSPECIFIC PROBLEMWELD MATERIALWELD MATERIALDOCUMENTATIONDOCUMENTATIONINSPECTIONSINSPECTIONS
AUTOMATIC SIGNALSAUTOMATIC SIGNALSSECONDARY ISOLATION (STEAM AND/OR FEED)SECONDARY ISOLATION (STEAM AND/OR FEED)SAFEGUARDS ACTUATIONSAFEGUARDS ACTUATIONAFFECT SEQUENCE PROGRESSIONAFFECT SEQUENCE PROGRESSIONAFFECT AVAILABLE SYSTEMSAFFECT AVAILABLE SYSTEMS
Accident Sequence modelling
Slide 7.
ATWS SCENARIOSATWS SCENARIOS
REACTOR SHUTDOWN SUCCESS CRITERIA
SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)
MECHANICAL FAILURES (CONTROL RODS)
ALTERNATE SHUTDOWN OPTIONSTIME WINDOWSUCCESS CRITERIAAVAILABLE SYSTEMSOPERATOR ACTIONS
REACTOR SHUTDOWN SUCCESS CRITERIAREACTOR SHUTDOWN SUCCESS CRITERIA
SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)SIGNAL FAILURES (REACTOR PROTECTION SYSTEM)
MECHANICAL FAILURES (CONTROL RODS)MECHANICAL FAILURES (CONTROL RODS)
ALTERNATE SHUTDOWN OPTIONSALTERNATE SHUTDOWN OPTIONSTIME WINDOWTIME WINDOWSUCCESS CRITERIASUCCESS CRITERIAAVAILABLE SYSTEMSAVAILABLE SYSTEMSOPERATOR ACTIONSOPERATOR ACTIONS
Accident Sequence modelling
Slide 8.
ATWS MODELSATWS MODELS
CORE NUCLEAR POWER
PRIMARY / SECONDARY ENERGY BALANCE
FEEDWATER SUCCESS CRITERIA
PRIMARY PRESSURE RESPONSE
ENERGY RELEASE INTO CONTAINMENT
CORE NUCLEAR POWERCORE NUCLEAR POWER
PRIMARY / SECONDARY ENERGY BALANCEPRIMARY / SECONDARY ENERGY BALANCE
FEEDWATER SUCCESS CRITERIAFEEDWATER SUCCESS CRITERIA
PRIMARY PRESSURE RESPONSEPRIMARY PRESSURE RESPONSE
ENERGY RELEASE INTO CONTAINMENTENERGY RELEASE INTO CONTAINMENT
Accident Sequence modelling
Slide 9.
OPERATOR ACTIONS AFTER INITIATING EVENTOPERATOR ACTIONS AFTER INITIATING EVENT
ACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURES
USE OF ALTERNATE EQUIPMENT
REALIGNMENT OF SYSTEMS
MANUAL BACKUP TO AUTOMATIC SIGNALS
REPAIR / RECOVERY OF FAILED EQUIPMENT
NO FUNDAMENTAL DIFFERENCE BETWEEN “PROCEDURE-DIRECTED” ACTIONS AND “RECOVERY” ACTIONS
ACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURESACTIONS REQUIRED BY EMERGENCY OPERATING PROCEDURES
USE OF ALTERNATE EQUIPMENTUSE OF ALTERNATE EQUIPMENT
REALIGNMENT OF SYSTEMSREALIGNMENT OF SYSTEMS
MANUAL BACKUP TO AUTOMATIC SIGNALSMANUAL BACKUP TO AUTOMATIC SIGNALS
REPAIR / RECOVERY OF FAILED EQUIPMENTREPAIR / RECOVERY OF FAILED EQUIPMENT
NO FUNDAMENTAL DIFFERENCE BETWEEN NO FUNDAMENTAL DIFFERENCE BETWEEN ““PROCEDUREPROCEDURE--DIRECTEDDIRECTED”” ACTIONS AND ACTIONS AND ““RECOVERYRECOVERY”” ACTIONSACTIONS
Accident Sequence modelling
Slide 10.
MODELLING PROCESSMODELLING PROCESS
DEFINE THE ACTION
ADD THE ACTION TO THE PSA LOGIC MODELS
EVALUATE THE LIKELIHOOD OF HUMAN ERROR
DEFINE THE ACTIONDEFINE THE ACTION
ADD THE ACTION TO THE PSA LOGIC MODELSADD THE ACTION TO THE PSA LOGIC MODELS
EVALUATE THE LIKELIHOOD OF HUMAN ERROREVALUATE THE LIKELIHOOD OF HUMAN ERROR
Accident Sequence modelling
Slide 11.
DEFINE THE ACTIONDEFINE THE ACTION
SUCCESS CRITERIA
BOUNDARY CONDITIONS
TIMING
SUCCESS CRITERIASUCCESS CRITERIA
BOUNDARY CONDITIONSBOUNDARY CONDITIONS
TIMINGTIMING
Accident Sequence modelling
Slide 12.
SUCCESS CRITERIASUCCESS CRITERIA
WHAT IS THE OPERATOR REQUIRED TO DO?
HOW MANY OPERATORS ARE REQUIRED?
WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS REQUIRED?
WHERE MUST THE ACTION BE PERFORMED?
WHAT IS THE OPERATOR REQUIRED TO DO?WHAT IS THE OPERATOR REQUIRED TO DO?
HOW MANY OPERATORS ARE REQUIRED?HOW MANY OPERATORS ARE REQUIRED?
WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS WHAT LEVEL OF OPERATOR SKILL OR TRAINING IS REQUIRED?REQUIRED?
WHERE MUST THE ACTION BE PERFORMED?WHERE MUST THE ACTION BE PERFORMED?
Accident Sequence modelling
Slide 13.
BOUNDARY CONDITIONSBOUNDARY CONDITIONS
WHAT IS THE INITIATING EVENT?
WHAT PRECEDING SYSTEM FAILURES (OR SUCCESSES) HAVE OCCURRED?
WHAT PRECEDING OPERATOR ACTIONS HAVE OCCURRED?
WHAT IS THE INITIATING EVENT?WHAT IS THE INITIATING EVENT?
WHAT PRECEDING SYSTEM FAILURES (OR WHAT PRECEDING SYSTEM FAILURES (OR SUCCESSES) HAVE OCCURRED?SUCCESSES) HAVE OCCURRED?
WHAT PRECEDING OPERATOR ACTIONS HAVE WHAT PRECEDING OPERATOR ACTIONS HAVE OCCURRED?OCCURRED?
Accident Sequence modelling
Slide 14.
TIMINGTIMING
WHEN IS THE ACTION REQUIRED?
HOW MUCH TIME IS AVAILABLE TO COMPLETE THE ACTION?
HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?
WHEN IS THE ACTION REQUIRED?WHEN IS THE ACTION REQUIRED?
HOW MUCH TIME IS AVAILABLE TO COMPLETE THE HOW MUCH TIME IS AVAILABLE TO COMPLETE THE ACTION?ACTION?
HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?HOW LONG DOES IT TAKE TO COMPLETE THE ACTION?
Accident Sequence modelling
Slide 15.
GENERAL RECOMMENDATIONSGENERAL RECOMMENDATIONS
EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR SCENARIOS
INITIATING EVENTTIME WINDOW FOR OPERATOR RESPONSEPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPROCEDURAL GUIDANCE AND TRAINING
BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR ACTIONS IN EVENT TREES AND/OR FAULT TREES
EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR EVALUATE EACH ACTION IN CONTEXT OF FUNCTIONALLY SIMILAR SCENARIOSSCENARIOS
INITIATING EVENTINITIATING EVENTTIME WINDOW FOR OPERATOR RESPONSETIME WINDOW FOR OPERATOR RESPONSEPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING SYSTEM SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPRECEDING OPERATOR SUCCESSES AND FAILURESPROCEDURAL GUIDANCE AND TRAININGPROCEDURAL GUIDANCE AND TRAINING
BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR BEWARE OF INDEPENDENT COMBINATIONS OF OPERATOR ACTIONS IN EVENT TREES AND/OR FAULT TREESACTIONS IN EVENT TREES AND/OR FAULT TREES
Accident Sequence modelling
Slide 16.
PROBLEM DEFINITIONPROBLEM DEFINITION
DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DURING EARLY DEVELOPMENT OF PSA MODELS
INITIATING EVENT GROUPS
FUNCTION AND SYSTEM SUCCESS CRITERIA
IDENTIFY WHERE OPERATORS MUST CONTROL FUNCTIONS AND SYSTEMS
BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)
DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DEFINE SCOPE AND CONTEXT OF OPERATOR ACTIONS DURING EARLY DEVELOPMENT OF PSA MODELSDURING EARLY DEVELOPMENT OF PSA MODELS
INITIATING EVENT GROUPSINITIATING EVENT GROUPS
FUNCTION AND SYSTEM SUCCESS CRITERIAFUNCTION AND SYSTEM SUCCESS CRITERIA
IDENTIFY WHERE OPERATORS MUST CONTROL IDENTIFY WHERE OPERATORS MUST CONTROL FUNCTIONS AND SYSTEMSFUNCTIONS AND SYSTEMS
BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)BE AWARE OF PSA SCOPE (LEVEL 1 / LEVEL 2)
Accident Sequence modelling
Slide 17.
PROBLEM DEFINITIONPROBLEM DEFINITION
SPECIFY OPERATOR ACTIONS IN TERMS OF HIGH-LEVEL FUNCTIONAL DESCRIPTIONS
START BLEED AND FEED COOLING (PWR)DEPRESSURIZE REACTOR (BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)OPEN CONTAINMENT VENT (LEVEL 2)
DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA MODELS
SPECIFY OPERATOR ACTIONS IN TERMS OF HIGHSPECIFY OPERATOR ACTIONS IN TERMS OF HIGH--LEVEL FUNCTIONAL DESCRIPTIONSLEVEL FUNCTIONAL DESCRIPTIONS
START BLEED AND FEED COOLING (PWR)START BLEED AND FEED COOLING (PWR)DEPRESSURIZE REACTOR (BWR)DEPRESSURIZE REACTOR (BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)ALIGN HIGH PRESSURE RECIRCULATION (PWR/BWR)OPEN CONTAINMENT VENT (LEVEL 2)OPEN CONTAINMENT VENT (LEVEL 2)
DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA DETAILED ACTIONS DETERMINED BY CONTEXT OF PSA MODELSMODELS
Accident Sequence modelling
Slide 18.
BREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENT
DETERMINE HOW PROCEDURES DIRECT OPERATOR RESPONSE
SYMPTOM-BASED VS. EVENT-BASED PROCEDURESOPTIONS DEPEND ON PLANT STATUS
DETERMINE HOW OPERATOR RESPONSE AFFECTS EVENT PROGRESSION
SUCCESSFUL PERFORMANCE OF PROCEDURAL GUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEPOSSIBLE ALTERNATE ACTIONS
DETERMINE HOW PROCEDURES DIRECT OPERATOR DETERMINE HOW PROCEDURES DIRECT OPERATOR RESPONSERESPONSE
SYMPTOMSYMPTOM--BASED VS. EVENTBASED VS. EVENT--BASED PROCEDURESBASED PROCEDURESOPTIONS DEPEND ON PLANT STATUSOPTIONS DEPEND ON PLANT STATUS
DETERMINE HOW OPERATOR RESPONSE AFFECTS DETERMINE HOW OPERATOR RESPONSE AFFECTS EVENT PROGRESSIONEVENT PROGRESSION
SUCCESSFUL PERFORMANCE OF PROCEDURAL SUCCESSFUL PERFORMANCE OF PROCEDURAL GUIDANCEGUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEFAILURE TO PERFORM PROCEDURAL GUIDANCEPOSSIBLE ALTERNATE ACTIONSPOSSIBLE ALTERNATE ACTIONS
Accident Sequence modelling
Slide 19.
BREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENT
IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT PROGRESSION
UNDERSTAND HOW MONITORED PARAMETERS AND ALARMS CHANGE WITH PLANT STATUS AND TIME
IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT WITH NORMAL PROCEDURAL ASSUMPTIONS
INITIATING EVENTEQUIPMENT FAILURESPRECEDING ERRORS
IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A IDENTIFY SPECIFIC ACTIONS THAT MAY HAVE A SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT SIGNIFICANT IMPACT ON PLANT STATUS AND EVENT PROGRESSIONPROGRESSION
UNDERSTAND HOW MONITORED PARAMETERS AND UNDERSTAND HOW MONITORED PARAMETERS AND ALARMS CHANGE WITH PLANT STATUS AND TIMEALARMS CHANGE WITH PLANT STATUS AND TIME
IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT IDENTIFY CONDITIONS THAT ARE NOT CONSISTENT WITH NORMAL PROCEDURAL ASSUMPTIONSWITH NORMAL PROCEDURAL ASSUMPTIONS
INITIATING EVENTINITIATING EVENTEQUIPMENT FAILURESEQUIPMENT FAILURESPRECEDING ERRORSPRECEDING ERRORS
Accident Sequence modelling
Slide 20.
PSA MODEL INTEGRATIONPSA MODEL INTEGRATION
OPERATOR ACTIONS MUST ACCOUNT FOR SCENARIO-SPECIFIC DEPENDENCIES
TIME WINDOW FOR RESPONSEHARDWARE AVAILABILITYPRIOR OPERATOR ACTIONS
IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES BETWEEN MULTIPLE ACTIONS WITHIN A SCENARIO
OPERATOR ACTIONS MUST ACCOUNT FOR SCENARIOOPERATOR ACTIONS MUST ACCOUNT FOR SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIES
TIME WINDOW FOR RESPONSETIME WINDOW FOR RESPONSEHARDWARE AVAILABILITYHARDWARE AVAILABILITYPRIOR OPERATOR ACTIONSPRIOR OPERATOR ACTIONS
IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES IDENTIFY POTENTIAL COGNITIVE DEPENDENCIES BETWEEN MULTIPLE ACTIONS WITHIN A SCENARIOBETWEEN MULTIPLE ACTIONS WITHIN A SCENARIO
Accident Sequence modelling
Slide 21.
DEFINITION OF OPERATOR ACTION FOR PSA DEFINITION OF OPERATOR ACTION FOR PSA QUANTIFICATIONQUANTIFICATION
IDENTIFY SPECIFIC APPLICABLE SCENARIOSINITIATING EVENTSFUNCTIONAL SCENARIO PROGRESSIONHARDWARE AVAILABILITY
TIME WINDOW FOR RESPONSE
CUE-RESPONSE STRUCTURE
PROCEDURE DIRECTIONS
DEPENDENCIES WITH OTHER ACTIONS
IDENTIFY SPECIFIC APPLICABLE SCENARIOSIDENTIFY SPECIFIC APPLICABLE SCENARIOSINITIATING EVENTSINITIATING EVENTSFUNCTIONAL SCENARIO PROGRESSIONFUNCTIONAL SCENARIO PROGRESSIONHARDWARE AVAILABILITYHARDWARE AVAILABILITY
TIME WINDOW FOR RESPONSETIME WINDOW FOR RESPONSE
CUECUE--RESPONSE STRUCTURERESPONSE STRUCTURE
PROCEDURE DIRECTIONSPROCEDURE DIRECTIONS
DEPENDENCIES WITH OTHER ACTIONSDEPENDENCIES WITH OTHER ACTIONS
Accident Sequence modelling
Slide 22.
HUMAN ACTION DEPENDENCIESHUMAN ACTION DEPENDENCIES
COGNITIVE DEPENDENCIESCOMMON AREAS - MULTIPLE ACTIONS INITIATED BY A SINGLE CUECOMMON GOALS - MULTIPLE POSSIBLE ACTIONS TO ACHIEVE THE SAME FUNCTIONCOMMON TRAINING AND EXPERIENCE
TIME AVAILABILITYSEQUENTIAL OR COORDINATED ACTIONS LIMITED BY TIMEPARALLEL ACTIONS LIMITED BY MANPOWER
COGNITIVE DEPENDENCIESCOGNITIVE DEPENDENCIESCOMMON AREAS COMMON AREAS -- MULTIPLE ACTIONS INITIATED BY MULTIPLE ACTIONS INITIATED BY A SINGLE CUEA SINGLE CUECOMMON GOALS COMMON GOALS -- MULTIPLE POSSIBLE ACTIONS TO MULTIPLE POSSIBLE ACTIONS TO ACHIEVE THE SAME FUNCTIONACHIEVE THE SAME FUNCTIONCOMMON TRAINING AND EXPERIENCECOMMON TRAINING AND EXPERIENCE
TIME AVAILABILITYTIME AVAILABILITYSEQUENTIAL OR COORDINATED ACTIONS LIMITED SEQUENTIAL OR COORDINATED ACTIONS LIMITED BY TIMEBY TIMEPARALLEL ACTIONS LIMITED BY MANPOWERPARALLEL ACTIONS LIMITED BY MANPOWER
Accident Sequence modelling
Slide 23.
EXAMPLE: EXAMPLE: TWO MANUALLYTWO MANUALLY--INITIATED FUNCTIONSINITIATED FUNCTIONS
CORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAIL
FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)
FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)
FUNCTION A “PREFERRED”, FUNCTION B “ALTERNATE”
NOMINAL VALUES: HDWA = 5.0E-04HDWB = 2.0E-03OPA = 1.0E-03OPB = 1.0E-02
CORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAILCORE DAMAGE OCCURS ONLY IF BOTH FUNCTIONS FAIL
FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)FUNCTION A: HARDWARE A (HDWA) + OPERATOR ACTION A (OPA)
FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)FUNCTION B: HARDWARE B (HDWB) + OPERATOR ACTION B (OPB)
FUNCTION A FUNCTION A ““PREFERREDPREFERRED””, FUNCTION B , FUNCTION B ““ALTERNATEALTERNATE””
NOMINAL VALUES:NOMINAL VALUES: HDWAHDWA == 5.0E5.0E--0404HDWBHDWB == 2.0E2.0E--0303OPAOPA == 1.0E1.0E--0303OPBOPB == 1.0E1.0E--0202
Accident Sequence modelling
Slide 24.
EXAMPLE: EXAMPLE: ASSUMED COMPLETE INDEPENDENCE (GENERALLY ASSUMED COMPLETE INDEPENDENCE (GENERALLY INCORRECT)INCORRECT)
FOUR INDEPENDENT CUTSETS:
HDWA * HDWB = 1.0E-06HDWA * OPB = 5.0E-06OPA * HDWB = 2.0E-06OPA * OPB = 1.0E-05
CORE DAMAGE FREQUENCY: 1.8E-05
FOUR INDEPENDENT CUTSETS:FOUR INDEPENDENT CUTSETS:
HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606HDWA * OPBHDWA * OPB == 5.0E5.0E--0606OPA * HDWBOPA * HDWB == 2.0E2.0E--0606OPA * OPBOPA * OPB == 1.0E1.0E--0505
CORE DAMAGE FREQUENCY:CORE DAMAGE FREQUENCY: 1.8E1.8E--0505
Accident Sequence modelling
Slide 25.
EXAMPLE: EXAMPLE: COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)
IF OPERATORS FAIL TO PERFORM “PREFERRED”ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM “ALTERNATE” ACTION OPB
ONE FUNCTIONAL ACTION: OPA = OPB = OP
TWO CUTSETS:
HDWA * HDWB = 1.0E-06OP = 1.0E-03
CORE DAMAGE FREQUENCY: 1.0E-03
IF OPERATORS FAIL TO PERFORM IF OPERATORS FAIL TO PERFORM ““PREFERREDPREFERRED””ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM ACTION OPA, THEY WILL ALWAYS FAIL TO PERFORM ““ALTERNATEALTERNATE”” ACTION OPBACTION OPB
ONE FUNCTIONAL ACTION:ONE FUNCTIONAL ACTION: OPA = OPB = OPOPA = OPB = OP
TWO CUTSETS:TWO CUTSETS:
HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606OPOP == 1.0E1.0E--0303
CORE DAMAGE FREQUENCY:CORE DAMAGE FREQUENCY: 1.0E1.0E--0303
Accident Sequence modelling
Slide 26.
EXAMPLE: EXAMPLE: PARTIAL DEPENDENCE (MOST TYPICAL CASE)PARTIAL DEPENDENCE (MOST TYPICAL CASE)
IF OPERATORS FAIL TO PERFORM “PREFERRED”ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO FAIL TO PERFORM “ALTERNATE” ACTION OPB
THREE FUNCTIONAL ACTIONS:
OPA (NOMINAL ACTION) 1.0E-03OPB1 (AFTER SUCCESS OF OPA) 5.0E-03OPB2 (AFTER FAILURE OF OPA) 1.0E-01
IF OPERATORS FAIL TO PERFORM IF OPERATORS FAIL TO PERFORM ““PREFERREDPREFERRED””ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO ACTION OPA, IT IS MORE LIKELY THAT THEY WILL ALSO FAIL TO PERFORM FAIL TO PERFORM ““ALTERNATEALTERNATE”” ACTION OPBACTION OPB
THREE FUNCTIONAL ACTIONS:THREE FUNCTIONAL ACTIONS:
OPA (NOMINAL ACTION)OPA (NOMINAL ACTION) 1.0E1.0E--0303OPB1 (AFTER SUCCESS OF OPA)OPB1 (AFTER SUCCESS OF OPA) 5.0E5.0E--0303OPB2 (AFTER FAILURE OF OPA)OPB2 (AFTER FAILURE OF OPA) 1.0E1.0E--0101
Accident Sequence modelling
Slide 27.
EXAMPLE: EXAMPLE: PARTIAL DEPENDENCE (MOST TYPICAL CASE)PARTIAL DEPENDENCE (MOST TYPICAL CASE)
FOUR CORRELATED CUTSETS:
HDWA * HDWB = 1.0E-06HDWA * OPB1 = 2.5E-05OPA * HDWB = 2.0E-06OPA * OPB2 = 1.0E-04
CORE DAMAGE FREQUENCY: 1.1E-04
FOUR CORRELATED CUTSETS:FOUR CORRELATED CUTSETS:
HDWA * HDWBHDWA * HDWB == 1.0E1.0E--0606HDWA * OPB1HDWA * OPB1 == 2.5E2.5E--0505OPA * HDWBOPA * HDWB == 2.0E2.0E--0606OPA * OPB2OPA * OPB2 == 1.0E1.0E--0404
CORE DAMAGE FREQUENCY:CORE DAMAGE FREQUENCY: 1.1E1.1E--0404
Accident Sequence modelling
Slide 28.
ADD THE ACTION TO THE PSA LOGIC MODELSADD THE ACTION TO THE PSA LOGIC MODELS
REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY DIFFERENT RESPONSE SCENARIOS
GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS ON OPERATOR RESPONSE
DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP OF SCENARIOS
AVOID DIRECT COMBINATION OF OPERATOR ACTIONS WITH SYSTEM HARDWARE FAILURES
MODELS MUST ACCOUNT FOR DEPENDENCIES IN SCENARIOS THAT INCLUDE MULTIPLE ACTIONS
REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY REVIEW EVENT TREES AND FAULT TREES TO IDENTIFY DIFFERENT RESPONSE SCENARIOSDIFFERENT RESPONSE SCENARIOS
GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS GROUP SCENARIOS ACCORDING TO SIMILAR EFFECTS ON OPERATOR RESPONSEON OPERATOR RESPONSE
DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, DEFINE SEPARATE OPERATOR ACTIONS (TOP EVENTS, SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP SPLIT FRACTIONS, BASIC EVENTS) FOR EACH GROUP OF SCENARIOSOF SCENARIOS
AVOID DIRECT COMBINATION OF OPERATOR ACTIONS AVOID DIRECT COMBINATION OF OPERATOR ACTIONS WITH SYSTEM HARDWARE FAILURESWITH SYSTEM HARDWARE FAILURES
MODELS MUST ACCOUNT FOR DEPENDENCIES IN MODELS MUST ACCOUNT FOR DEPENDENCIES IN SCENARIOS THAT INCLUDE MULTIPLE ACTIONSSCENARIOS THAT INCLUDE MULTIPLE ACTIONS
Accident Sequence modelling
Slide 29.
ACTIONS IN FAULT TREES: EVENT TREE LOGICACTIONS IN FAULT TREES: EVENT TREE LOGIC
A B __________________________ 1
| |________ 2|_________________ 3
|________ 4
A = OPA + (1-OPA) * (HDWA)
B = OPB + (1-OPB) * (HDWB)
Accident Sequence modelling
Slide 30.
ACTIONS IN FAULT TREES: SEQUENCE RESULTSACTIONS IN FAULT TREES: SEQUENCE RESULTS
SEQUENCE CUTSET FORM EXPANDED FORM1 1 - (OPA + HDWA + OPB + HDWB) 1 - OPA - (1-OPA)*(HDWA) - OPB - (1-OPB)*(HDWB) +
(OPA)*(OPB) + (OPA)*(1-OPB)*(HDWB) +(1-OPA)*(HDWA)*(OPB) +(1-OPA)*(HDWA)*(1-OPB)*(HDWB)
2 OPB + HDWB OPB + (1-OPB)*(HDWB) - (OPA)*(OPB) -(1-OPA)*(HDWA)*(OPB) - (OPA)*(1-OPB)*(HDWB) -(1-OPA)*(HDWA)*(1-OPB)*(HDWB)
3 OPA + HDWA OPA + (1-OPA)*(HDWA) - (OPA)*(OPB) -(1-OPA)*(HDWA)*(OPB) - (OPA)*(1-OPB)*(HDWB) -(1-OPA)*(HDWA)*(1-OPB)*(HDWB)
4 (OPA)*(OPB) + (HDWA)*(OPB) +(OPA)*(HDWB) + (HDWA)*(HDWB)
(OPA)*(OPB) + (1-OPA)*(HDWA)*(OPB) +(OPA)*(1-OPB)*(HDWB) +(1-OPA)*(HDWA)*(1-OPB)*(HDWB)
Accident Sequence modelling
Slide 31.
ACTIONS IN FAULT TREESACTIONS IN FAULT TREES
ADVANTAGESSIMPLER EVENT TREES
DISADVANTAGESMORE COMPLEX FAULT TREESMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIO-SPECIFIC DEPENDENCIESHOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS FOR CORRECT ACTIONS
GENERAL EXPERIENCE FROM REVIEWSPOOR TREATMENT OF OPERATOR ACTIONSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORS
ADVANTAGESADVANTAGESSIMPLER EVENT TREESSIMPLER EVENT TREES
DISADVANTAGESDISADVANTAGESMORE COMPLEX FAULT TREESMORE COMPLEX FAULT TREESMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIOMORE DIFFICULT FOR ANALYSTS TO IDENTIFY SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIESHOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS HOUSE EVENTS OR SPECIAL LOGIC TO DEFINE CONDITIONS FOR CORRECT ACTIONSFOR CORRECT ACTIONS
GENERAL EXPERIENCE FROM REVIEWSGENERAL EXPERIENCE FROM REVIEWSPOOR TREATMENT OF OPERATOR ACTIONSPOOR TREATMENT OF OPERATOR ACTIONSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORSOPTIMISTIC QUANTIFICATION OF COMBINED ERRORS
Accident Sequence modelling
Slide 32.
ACTIONS IN EVENT TREES: EVENT TREE LOGICACTIONS IN EVENT TREES: EVENT TREE LOGIC
OPA HDWA OPB HDWB____________________________1_________________ 1
| | | | _______ 2| | | ________GF_______ 3| | ________2_________________ 4| | | _______ 5| | ________GF_______ 6| ________GF________3_________________ 7
| | _______ 8| ________GF_______ 9
"GF" DENOTES SYSTEM FAILURE IF OPERATOR ACTIONFAILS
Accident Sequence modelling
Slide 33.
ACTIONS IN EVENT TREES: SEQUENCE RESULTSACTIONS IN EVENT TREES: SEQUENCE RESULTS
SEQUENCE CUTSET FORM EXPANDED FORM1 1 - (OPA + HDWA + OPB1 + HDWB) (1 - OPA)*(1 - HDWA)*(1 - OPB1)*(1 - HDWB)2 HDWB (1 - OPA)*(1 - HDWA)*(1 - OPB1)*(HDWB)3 OPB1 (1 - OPA)*(1 - HDWA)*(OPB1)4 HDWA (1 - OPA)*(HDWA)*(1 - OPB2)*(1 - HDWB)5 HDWA * HDWB (1 - OPA)*(HDWA)*(1 - OPB2)*(HDWB)6 HDWA * OPB2 (1 - OPA)*(HDWA)*(OPB2)7 OPA (OPA)*(1 - OPB3)*(1 - HDWB)8 OPA * HDWB (OPA)*(1 - OPB3)*(HDWB)9 OPA * OPB3 (OPA)*(OPB3)
Accident Sequence modelling
Slide 34.
ACTIONS IN EVENT TREESACTIONS IN EVENT TREES
ADVANTAGESSIMPLER FAULT TREESEASIER FOR ANALYSTS TO IDENTIFY SCENARIO-SPECIFIC DEPENDENCIES
DISADVANTAGESMORE COMPLEX EVENT TREESBRANCH POINT CONDITIONS TO DEFINE CORRECT ACTIONS
GENERAL EXPERIENCE FROM REVIEWSIMPROVED TREATMENT OF OPERATOR ACTIONSREALISTIC QUANTIFICATION OF COMBINED ERRORS
ADVANTAGESADVANTAGESSIMPLER FAULT TREESSIMPLER FAULT TREESEASIER FOR ANALYSTS TO IDENTIFY SCENARIOEASIER FOR ANALYSTS TO IDENTIFY SCENARIO--SPECIFIC DEPENDENCIESSPECIFIC DEPENDENCIES
DISADVANTAGESDISADVANTAGESMORE COMPLEX EVENT TREESMORE COMPLEX EVENT TREESBRANCH POINT CONDITIONS TO DEFINE CORRECT BRANCH POINT CONDITIONS TO DEFINE CORRECT ACTIONSACTIONS
GENERAL EXPERIENCE FROM REVIEWSGENERAL EXPERIENCE FROM REVIEWSIMPROVED TREATMENT OF OPERATOR ACTIONSIMPROVED TREATMENT OF OPERATOR ACTIONSREALISTIC QUANTIFICATION OF COMBINED ERRORSREALISTIC QUANTIFICATION OF COMBINED ERRORS
Accident Sequence modelling
Slide 35.
EXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS
POOR TREATMENT OF OPERATOR ACTION DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF PROBLEMS IN HRA RESULTS
“CONSERVATIVE SCREENING ERROR RATES” DO NOT NECESSARILY SOLVE THE PROBLEM
CUTSET EDITING AND POST-QUANTIFICATION “FIXES”ARE OFTEN INCOMPLETE
CANNOT EXAMINE CUTSETS THAT ARE OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF VALUES
POOR TREATMENT OF OPERATOR ACTION POOR TREATMENT OF OPERATOR ACTION DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF DEPENDENCIES IS THE MOST IMPORTANT SOURCE OF PROBLEMS IN HRA RESULTSPROBLEMS IN HRA RESULTS
““CONSERVATIVE SCREENING ERROR RATESCONSERVATIVE SCREENING ERROR RATES”” DO NOT DO NOT NECESSARILY SOLVE THE PROBLEMNECESSARILY SOLVE THE PROBLEM
CUTSET EDITING AND POSTCUTSET EDITING AND POST--QUANTIFICATION QUANTIFICATION ““FIXESFIXES””ARE OFTEN INCOMPLETEARE OFTEN INCOMPLETE
CANNOT EXAMINE CUTSETS THAT ARE CANNOT EXAMINE CUTSETS THAT ARE OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF OPTIMISTICALLY ELIMINATED BY NUMERICAL CUTOFF VALUESVALUES
Accident Sequence modelling
Slide 36.
EXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS
EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF FAULT TREES
ACTIONS DISTRIBUTED AMONG SEVERAL TREESNO INFORMATION ABOUT SEQUENCE PROGRESSION
DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF CUTSETS
FUNCTIONAL IMPACTS FROM SEQUENCETIME LIMITATIONS FROM SEQUENCE PROGRESSIONHUMAN COGNITIVE DEPENDENCIES
ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR DEPENDENCIES IF THEY ARE CLEARLY DISPLAYED
EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXTREMELY DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF FAULT TREESEXAMINATION OF FAULT TREES
ACTIONS DISTRIBUTED AMONG SEVERAL TREESACTIONS DISTRIBUTED AMONG SEVERAL TREESNO INFORMATION ABOUT SEQUENCE PROGRESSIONNO INFORMATION ABOUT SEQUENCE PROGRESSION
DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF DIFFICULT TO IDENTIFY DEPENDENCIES BY EXAMINATION OF CUTSETSCUTSETS
FUNCTIONAL IMPACTS FROM SEQUENCEFUNCTIONAL IMPACTS FROM SEQUENCETIME LIMITATIONS FROM SEQUENCE PROGRESSIONTIME LIMITATIONS FROM SEQUENCE PROGRESSIONHUMAN COGNITIVE DEPENDENCIESHUMAN COGNITIVE DEPENDENCIES
ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR ANALYSTS RECOGNIZE AND CORRECTLY ACCOUNT FOR DEPENDENCIES IF THEY ARE CLEARLYDEPENDENCIES IF THEY ARE CLEARLY DISPLAYEDDISPLAYED
Basic Level 1. PSA course for analystsContentEvent TreesTRANSIENT-INDUCED IMPACTSTRANSIENT-INDUCED LOCAsOVERCOOLING SCENARIOSATWS SCENARIOSATWS MODELSOPERATOR ACTIONS AFTER INITIATING EVENTMODELLING PROCESSDEFINE THE ACTIONSUCCESS CRITERIABOUNDARY CONDITIONSTIMINGGENERAL RECOMMENDATIONSPROBLEM DEFINITIONPROBLEM DEFINITIONBREAKDOWN AND IMPACT ASSESSMENTBREAKDOWN AND IMPACT ASSESSMENTPSA MODEL INTEGRATIONDEFINITION OF OPERATOR ACTION FOR PSA QUANTIFICATIONHUMAN ACTION DEPENDENCIESEXAMPLE: �TWO MANUALLY-INITIATED FUNCTIONSEXAMPLE: �ASSUMED COMPLETE INDEPENDENCE (GENERALLY INCORRECT)EXAMPLE: �COMPLETE DEPENDENCE (POSSIBLE FOR SOME SCENARIOS)EXAMPLE: �PARTIAL DEPENDENCE (MOST TYPICAL CASE)EXAMPLE: �PARTIAL DEPENDENCE (MOST TYPICAL CASE)ADD THE ACTION TO THE PSA LOGIC MODELSACTIONS IN FAULT TREES: EVENT TREE LOGICACTIONS IN FAULT TREES: SEQUENCE RESULTSACTIONS IN FAULT TREESACTIONS IN EVENT TREES: EVENT TREE LOGICACTIONS IN EVENT TREES: SEQUENCE RESULTSACTIONS IN EVENT TREESEXPERIENCE FROM REVIEWSEXPERIENCE FROM REVIEWS