An Integrated Framework for Risk Assessment of High Safety Significant Safety-related Digital Instrumentation and Control Systems in Nuclear Power Plants: Methodology and Demonstration
Abstract:This report documents the activities performed by Idaho National Laboratory (INL) during Fiscal Year (FY) 2022 for the U.S. Department of Energy (DOE) Light Water Reactor Sustainability (LWRS) Program, Risk Informed Systems Analysis (RISA) Pathway, digital instrumentation and control (DI&C) risk assessment project. In FY 2019, the RISA Pathway initiated a project to develop a risk assessment strategy for delivering a technical basis to support effective and secure DI&C technologies for digital upgrades/designs… Show more
“…Table I summarizes the various HSI-related PSFs, as well as the capabilities of four different HRA methods to properly evaluate these PSFs. These four methods are the Standardized Plant Analysis Risk HRA [2], Cause-based Decision Tree (CBDT) [11], Cognitive Reliability and Error Analysis Method [12], and Integrated Human Event Analysis System for Event and Condition Assessment (IDHEAS-ECA) [13]. In HRA, practitioners review the HSIs required for human actions, determine their PSF levels, then use them to estimate the final HEPs.…”
Section: Hsi Evaluation In Existing Hra Methodsmentioning
confidence: 99%
“…RESHA's outputted summaries of HSI conditions are generated as fault trees (i.e., HSI fault trees). The quantitative values in the fault trees come from [13], as well as from the unavailability equations suggested by the fault tree theory of PRA [13]. HRA methods are used to quantify a human action in the two different HSI conditions.…”
Section: Figure 1 Extension Of Hsi Evaluation Process Via the Suggest...mentioning
confidence: 99%
“…The details of these diagrams were assumed based on the APR1400 DI&C system. First, in the figure, the QIAS-P is simplified into a diagram, having already been analyzed in our previous study [13]. The information from the QIAS-P is provided to the QIAS-N processor and the IPS server.…”
Section: Development Of An Hsi Fault Tree For the Apr1400 Diandc Systemmentioning
Human-system interfaces (HSIs) play an important role in enabling operators to communicate with the nuclear power plant (NPP) side. Getting the information required to understand a NPP's curren t status or perform necessary actions for responding to a given operational context are representati ve operator tasks performed using HSIs. To date, HSIs have been mainly evaluated in the context of human reliability analysis (HRA). However, the current HSI evaluation that occurs during HRA may be challengeable on two fronts: (1) reflecting the unique characteristics of HSI systems and ( 2) considering situations in which HSIs are poorly operated due to software/hardware malfunctions. Accordingly, this study proposes an approach for specifically evaluating HSIs for digital instrume ntation and controls (DI&C) systems, using Redundancy-guided Systems-theoretic Hazard Analys is (RESHA) and HRA. RESHA is a method for analyzing DI&C systems with redundancy feature s. In this study, we investigate how HSIs are evaluated in existing HRA methods, and what challen ges exist in the current approaches. To better evaluate HSIs for DI&C systems, this study modifies the existing HSI evaluation process by additionally modeling the HSI back-and front-ends. In thi s paper, a HSI fault tree for the APR1400 DI&C system is introduced through a piping and instru mentation diagram. It then touches upon what aspects of the suggested method must be further res earched.
“…Table I summarizes the various HSI-related PSFs, as well as the capabilities of four different HRA methods to properly evaluate these PSFs. These four methods are the Standardized Plant Analysis Risk HRA [2], Cause-based Decision Tree (CBDT) [11], Cognitive Reliability and Error Analysis Method [12], and Integrated Human Event Analysis System for Event and Condition Assessment (IDHEAS-ECA) [13]. In HRA, practitioners review the HSIs required for human actions, determine their PSF levels, then use them to estimate the final HEPs.…”
Section: Hsi Evaluation In Existing Hra Methodsmentioning
confidence: 99%
“…RESHA's outputted summaries of HSI conditions are generated as fault trees (i.e., HSI fault trees). The quantitative values in the fault trees come from [13], as well as from the unavailability equations suggested by the fault tree theory of PRA [13]. HRA methods are used to quantify a human action in the two different HSI conditions.…”
Section: Figure 1 Extension Of Hsi Evaluation Process Via the Suggest...mentioning
confidence: 99%
“…The details of these diagrams were assumed based on the APR1400 DI&C system. First, in the figure, the QIAS-P is simplified into a diagram, having already been analyzed in our previous study [13]. The information from the QIAS-P is provided to the QIAS-N processor and the IPS server.…”
Section: Development Of An Hsi Fault Tree For the Apr1400 Diandc Systemmentioning
Human-system interfaces (HSIs) play an important role in enabling operators to communicate with the nuclear power plant (NPP) side. Getting the information required to understand a NPP's curren t status or perform necessary actions for responding to a given operational context are representati ve operator tasks performed using HSIs. To date, HSIs have been mainly evaluated in the context of human reliability analysis (HRA). However, the current HSI evaluation that occurs during HRA may be challengeable on two fronts: (1) reflecting the unique characteristics of HSI systems and ( 2) considering situations in which HSIs are poorly operated due to software/hardware malfunctions. Accordingly, this study proposes an approach for specifically evaluating HSIs for digital instrume ntation and controls (DI&C) systems, using Redundancy-guided Systems-theoretic Hazard Analys is (RESHA) and HRA. RESHA is a method for analyzing DI&C systems with redundancy feature s. In this study, we investigate how HSIs are evaluated in existing HRA methods, and what challen ges exist in the current approaches. To better evaluate HSIs for DI&C systems, this study modifies the existing HSI evaluation process by additionally modeling the HSI back-and front-ends. In thi s paper, a HSI fault tree for the APR1400 DI&C system is introduced through a piping and instru mentation diagram. It then touches upon what aspects of the suggested method must be further res earched.
“…Results are obtained based on limited design information and testing data. [1], [2], [3], [4], [5]. The LWRS program, sponsored by the U.S. DOE and coordinated through a variety of mechanisms and interactions with industry, vendors, suppliers, regulatory agencies, and other industry research and development (R&D) organizations, conducts research to develop technologies and other solutions to improve economics and reliability, sustain safety, and extend the operation of nation's fleet of nuclear power plants (NPPs).…”
Section: Executive Summarymentioning
confidence: 99%
“…In other words, are there any critical failures or failure combinations existing in the system that may lead to the DI&C system completely losing its function? A seven-step process, shown in [4], illustrates the workflow of RESHA in the proposed framework for the hazard analysis of DI&C systems, especially for software CCF analysis of highly redundant safety-related DI&C systems.…”
This paper presents a reliability model for digital reactor protection systems (RPSs) in floating nuclear power plants (FNPPs) that accounts for both the internal characteristics of RPS and the external environment. The internal characteristics of RPS include independent failures and common-cause failures (CCFs) of components, repair behavior, and actuation logic degradation. For the external environment, we incorporated a parts-pressure method and used the environmental factors to describe the impact of marine environment at component level. Detailed Monte Carlo simulation (MCS) algorithm was proposed to solve the reliability models with different environmental factors, and the results showed that the maximum value of the environmental factor was 3.2 under the requirements that the probability for RPS failing to generate the trip signal does not exceed 1 × 10−5 and the spurious trip frequency does not exceed one time per year. Reliability indexes, such as failure probability and spurious trip frequency, were also derived. The 90 % confidence intervals of these two indexes were further calculated in the uncertainty analysis by using the kernel density estimation (KDE) approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.