PSM software

PSM software

Reliability Engineering and System Safety 22 (1988) 455-472 A Nuclear Power Plant Status Monitor: RAPID/PSM Software Boyer B. C h u & D a v i d H. W...

1MB Sizes 0 Downloads 46 Views

Reliability Engineering and System Safety 22 (1988) 455-472

A Nuclear Power Plant Status Monitor: RAPID/PSM Software

Boyer B. C h u & D a v i d H. Worledge Safety TechnologyDepartment, Nuclear Power Division, Electric Power Research Institute, PO Box 10412, Palo Alto, California 94303, USA

ABSTRACT This paper discusses Electric Power Research Institute (EPRI) newly developed software, RAPID/PSM, under the project: Use of SRA methods .for enhancing plant operational safety and productivity. An overview of this research project is provided along with a detailed discussion of the design and operation of and lessons learned from, the RAPID/PSM software development and demonstration activity.

1 INTRODUCTION Three needs of modern nuclear plants have been identified that can benefit from systems reliability techniques. Firstly, many US utilities have sponsored plant-specific system reliability studies (SRAs) and probabilistic risk assessments (PRAs) to examine the adequacies of specific system design, testing and maintenance procedures and other operational activities, and to assess overall plant risk. Regulatory plans which anticipate an 'individual plant evaluation '1 for operating plants and existing regulations requiring a full-scale PRA for new plant applications testify to increased recognition of systems analysis by the US Nuclear Regulatory Commission (NRC). However, to manually maintain a plant-specific PRA and its system logic models and data up to date is a tedious, time-consuming and sometimes impractical task. An extraordinary amount of plant-specific data in a PRA, 455 Reliability Engineering and System SaJety 0951-8320/88/$03'50 © 1988 Elsevier Applied Science Publishers Ltd, England. Printed in Great Britain

456

Boyer B. Chu, David H. Worledge

the complexity of these systems logic models as well as lack of appropriate computer software for updating PRA all contribute to the difficulties of maintaining a 'living' PRA, i.e. a PRA that keeps pace with design modifications, procedural changes and changing component reliability data. If this is not done, the quality of a plant-specific PRA will usually deteriorate rapidly after the study has been completed. These results therefore soon become obsolete, and their usefulness is limited. Secondly, many nuclear stations are installing upgraded on-site computers and developing computer-based plant information management systems. These systems are capable of collecting, processing, transmitting and storing information on virtually every piece of equipment as well as inplant, day-to-day operational and maintenance related activities. This information could be useful to support the data needs of many engineering and operational tasks. For instance, data on equipment availability status can be used to monitor plant/systems operability, to determine compliance with technical specifications and limiting conditions of operation requirements, and to assess power production reliability. Such data flow could also be used in PRA applications to update component reliability data, analyze root causes of equipment failure, and maintain configuration control regarding system design modifications and procedural changes. However, until recently, the use of on-site information management systems has been limited to assisting plant administration; its engineering applications are yet to be developed. Thirdly, power plant operation requires decisions that can affect both the availability of the plant and its compliance with operating guidelines. Taking equipment out of service may affect the ability of the plant to produce power at a certain power level and may also affect the status of the plant with regard to technical specifications. Keeping the plant at as high a possible production level and remaining in compliance with the limiting conditions for operation (LCOs) can dictate a variety of plant operation and maintenance actions and their responses. Required actions and responses depend on the actual time variant plant operational configuration and its attendant systems, trains and components. In recent years, these requirements have increased dramatically. Literally hundreds of different actions or responses may be required by the technical specifications and their associated LCOs. An appropriate action may require on-the-spot subjective interpretation of voluminous and, sometimes, ambiguous information. However, plant operators and supervisors possess few tools that can rapidly determine plant availability, system status, assess the impact on plant health (e.g. likelihood of continued operation) of having taken or taking equipment in- or out-of-service, and present information on required actions or desired alternatives.

RA PID/PSM software

457

The study Use of Probabilistic Systems Analysis for Enhancing Plant Operational Safety and Productivity 2 is a major ongoing R & D endeavor within the Risk Assessment Program of the Nuclear Power Division at EPRI. At the inception of this RAPID study, a US domestic utility steering group has been formed to guide the technical direction of this work. The group has consisted of PRA, operation and maintenance mid-level managers from nine nuclear utilities. The group has been acting as an advisor to identify the real nuclear plant's needs and as liaison to provide the feedbacks to the study. A team of seven PRA consultants was involved in the definition and design of RAPID software. The objective of this study is to develop a practical operational software tool which combines key features of a plant information management system with applications of system reliability analysis techniques and modern computer technology to satisfy the PRA maintenance, data handling, and plant status monitoring needs of plant engineering staff and operations personnel. To achieve this, the study has two major tasks: to develop user-friendly, integrated software and to demonstrate the applications and value of this software on-site. The software is named Reliability Assessment Program with In-plant Data (RAPID). This paper contains a brief overview of RAPID, but mainly emphasizes the design, operation and lessons learned during the development of the plant status monitoring (PSM) software, RAPID/PSM.

2 OVERVIEW OF RAPID SOFTWARE The RAPID software is an aggregate of many stand-alone computer codes. It is a computer host environment which is designed for engineering, operation and maintenance staff users to execute system analysis computer codes, retrieve plant-specific information, monitor plant status, and perform QA/QC and documentation of the results. Its engineering functions include both on-line and off-line applications, for example: plant status monitoring capability to perform on-line applications; plant data acquisition and analysis capability to acquire equipment status and performance data; and data aggregation and trending to serve the needs of off-line reliability and safety analysis. Figure 1 is a schematic representation of the RAPID software functions in a utility environment. Other software features include: extensive modularization at all levels of its logical hierarchy to accommodate different types of external hardware interfaces, software interface flexibility for inclusion of additional proprietary software, tools for user editing, customization of workstation screens and others. User friendliness, is emphasized in this development. On

458

Boyer B. Chu, David H. Worledge

AFFECTPLANT OPERATIONt

PLANT OPERATIONS

NEAR TERM

~,~u:=

AFFECTPLANT OPIERATIONI MfD-TO-LONO TERM

TAoo,.o

|YST|M8

DATA FOR I ENHANCING I FUTURE I PRACTICES AND] PROCEOURES j

DATA FOR [ ENHANCING PRESENT OPERATING CONDITIONS

ON-LINE J CONFIGURATION I STATUS MONITORING

OFFLINE ENGINEERING ANALYSIS

_-

Fig. 1. Perceived use of RAPID in a nuclear power plant environment.

the microcomputer workstations, both prompts-menus and help-menus have been developed. All mainframe software and its functions as well as 'remote job entry' instructions are transparent to the users. R A P I D is designed to be a totally menu-driven, self-evident system. The software consists of three interrelated elements: (1) an executive module; (2) a database module; (3) four application modules: a plant status module, a technical specification evaluation module, a reliability assessment module, and a utility module. Figure 2 is a schematic of the relationships among R A P I D modules. The executive module (EM) provides R A P I D users with a friendly environment to interface with the various database and application modules. It also provides internal control to applications software and supports the documentation and QA/QC functions, lts

RA PID/PSM software

459

EXECUTIVE MODULE DATABASE MODULE

I

APPLICATIONS MODULE 1

I

PLANT STATUS MONITORING

Fig. 2.

APPLICATIONS MODULE 2 RELIABILITY ASSESSMENTS

I I

UTILITY MODULE

PLANT DATA ACQUISITION

Overview of the initial RAPID software modules.

capabilities permit the user to: ----enter user commands; --display user information, data, models and results; --initiate, trace and control the execution of batch jobs; -----create, update and query data in the database; -----control the database module and applications modules; and --provide access security and file integrity protection for quality assurance. The database module (DBM) supports the applications and executive modules by managing the storage and access of all data, models and codes associated with the RAPID system. It provides integration and coordination of the data needs among all RAPID's modules with minimum data set redundancy and maximum consistency, integrity and quality. The general functional capabilities of the DBM include: - - t o store and provide access to all files containing data, codes, models and RAPID programs required to support RAPID; - - t o provide security from unauthorized read and/or write access to RAPID files; - - t o provide backup and archive of files; and - - t o provide a host environment and interface with the database management system.

Boyer B, Chu, David H. Worledge

460

RAPID DBMS'

It

Fig. 3.

RESULTS DATA TABLES

RAPID/'UM database manager and data tables.

I

RA PID/PSM software

461

The DBM is comprised of three main elements: mass storage files, model database, and component database. Figure 3 shows the available data tables which have been implemented in the RAPID/DBM. As an example, the model database supports the modeling activities by tracking the use and status of the models. Tables have been developed to link the data identification code in the models to that in the component database. Automated procedures have been developed for aggregating component data to reliability data as well as applying these aggregated data to quantify the model. NASA's RIM relational database management system 3 has been adopted in RAPID. It can directly interface with the commercial R-4000 or R-5000 microcomputer database management systems. This is a significant feature for future growth of RAPID. The application modules, which include the plant status module (PSM), reliability assessment module (RAM), technical specification evaluation module (TSEM) and utility module (UM), have been or are now under development. A brief description of each module, except PSM, is outlined below. The reliability assessment module (RAM) has been developed to provide a computerized environment for performing a broad range of basic system reliability analysis functions. It utilizes the general functions of the EM and DBM to automate standard analysis routines involving data, models and computer codes. Thus the RAM software enables the R A P I D / R A M users to access a set of prescribed computerized procedures for performing reliability analysis tasks, such as using EPRI's CAFTA code 4 for model editing, WAMBAM code s. or Sandia's SETS code 6 to quantify a fault tree, or EPRI's GO code 7 for e.g. INPO's safety system unavailability monitoring study. The R A P I D / R A M software provides three primary functions, which are: - - t o conduct topical system modeling and data analyses; - - t o maintain and upkeep system models and data; and - - t o ensure traceability and quality control. Figure 4 is an outline of currently available elements employed by the R A P I D / R A M . R A P I D / R A M interfaces with EM to receive users' commands; to develop, modify and edit component data and system models; to execute built-in procedures and instructions for performing specific analysis; and to provide QA/QC documentation control etc. It interfaces with DBM to access appropriate databases such as the component and model database. These EM and DBM functions enable the RAM to prepare input data and select computer code option parameters for executing specific system analysis software. Figure 5 is a schematic which describes how the RAPID/RAM elements shown in Fig. 4 are linked, and Fig. 6 shows

462

Boyer B. Chu, David H. Worledge Element

No,

Element Name

Functional Dsm:dolioq

SIGN ON

Accepts Password and Administrative Information

2

MENUS

Provides User Options

3

MENU SELECT

Executed User-Selected Options

4

FILE SELECT

Identifies User-Selectsd Flies

5

MODEL EDITOR

Interactive Model Editor

6

VIEW OUTPUT

Displays Mainframe Output Jobs

7

JOB PREP/RUN PROCS

Mainframe Job Procedures

8

SYSTEM EOITOR

Text Editor

g

DATABASE QUERY

Requests Data from Mainframe Database

10

COMM

Communications

11

COMM

Communications

12

OPERA'nNG SYSTEM/ DATATRAN/TRACE

Melnfreme Executive Environment for

13

MODEL DATA SETS

Model Files Stored Under OATATRAN Hierarchical Database

14

GO/WAM

Computer Codes for Quantifying Logic

15

RIM/RIM DATA TABLES

Relational Detsbase and Data Stored In Tables

16

AUDIT REPORTS

TRACE output Providing Audits of Executed Jobs

OUTPUT DATA

WAM/GO output

17

Executing Jobs, Managing Data/Codes and Job Streams and Providing Traceability

Fig. 4. Elements employed by the RAPID/RAM.

how a R A P I D / R A M user can use these functions to perform an integrated SRA task, where the numbers are enforced in Figs 4 and 5. These combined built-in functions provide a computerized environment for maintaining and upkeeping the data, models and documentation required in maintaining a complex and voluminous PRA up to date. Thus this achieves one uniquely important objective of the RAPID study, namely, keeping a 'living PRA'. Other benefits of using RAM, such as enhancement of an analyst's productivity, quality of the product etc., will develop as a byproduct. The technical specification evaluation module (TSEM) is a special task oriented software. It evaluates system models and PRA event sequences to determine the sensitivity of risk or system availability to technical specifications and LCO requirements or to equipment status changes. The TSEM is supported by the EM and DBM in managing input and output

RAPID/PSM software

Fig. 5.

463

RAPID reliability assessment module software and its submodule linking.

data for executing the technical specification evaluation codes such as EPRI's SOCRATES 8 or NRC's FRANTIC Ill. The results of these analyses can be used: - - t o determine rational surveillance test intervals and maximum allowable downtimes; and - - t o assess impact of test and maintenance procedures on system reliability and plant safety.

464

Boyer B. Chu, David H. Worledge

RAPID ACTIVITIES I Point Estimate Part B ] Identify M ~ I I (1, 2, '9, S, 10, 11, 14, 1§, 10, 6, 5) ®~MCdele (i, :Z, 7, e, lo, 11, 12, 10, (l, 4) C~ N ~ WAM or GO Input (1, 2, 3, 4) Run WAM or GO (1, 2, 7, 3,6, 10, 11, 13, 16, 10, 6) Return to (~ as Necelllry Generate output Report (1, 2, 7, 3, 6, 10, 11, 15, 10, 6, 5)

Uncertainty Estimates Part B ( Create 8pasta Job (1, 2, 3, 4) Run Spasm (1, 2, 7, 3, 6, 10, 13, 16, 10, 6) R e v ~ ReluIta (1, 2, 5, 3)

'Catalog Model "Pa;t B i,£1 Save Modified Modal and Update Model Status Tables (1, 2, 7, 3, 6, 10, 11, 12, 14, 15)

Fig. 6. RAPID reliability assessment module. Example task: to examine potential impact on system availability from a proposed modification (modification that requires system model changes).

The utility module (UM) provides the interface between RAPID and automated or manual plant information management (PIMS) systems. It is controlled from the EM to store failure, demand and repair data from a PIMS and to acquire the information in the DBM. The functional requirements of the UM include: - - t o provide an interface to plant information on component status, test, demand, outage, repair and operating time; and - - t o provide a data conversion, updating and analysis capability for processing and loading the plant data into the DBM for use by other applications modules. However, demand data, other than from preventive maintenance and testing, are difficult to compile because usually PIMS will not record activities such as rotation of equipment usage, plant power level and mode changes, and normal equipment cycling. A model has been developed to estimate these routine demands. The demand model 9 enables the UM to approximate total component demands, on the average. However, much

RAPID/PSM software

465

benchmarking activity is required to assure that the model provides an adequate representation of realistic demand data. The EM, DBM and applications modules are being developed and demonstrated at several EPRI member utility companies. The initial version RAPID/RAM-UM is being applied at Arizona Public Service's Arizona Nuclear Plant Project (ANPP) office. The software is fully operational. An EPRI workshop with approximately 30 utility companies representatives was held at ANPP's offices in Phoenix in March 1987. The RAPID/TSEM software development has just been initiated. This module is least developed. It is anticipated that, once the industry decides various general issues related to risk-based technical specification evaluation, the software development activity will begin.

3 PLANT STATUS MONITOR SOFTWARE The plant status monitor (PSM) is a major application module of RAPID software. It is developed to aid plant management, operations and maintenance personnel in monitoring the operational status of their nuclear power plant. It is controlled and supported by RAPID/EM and RAPID/ DBM. The primary functions of PSM include: - - t o maintain component availability status information; - - t o determine component and system operability status; - - t o assess power production level reliability and safety systems availability, or 'plant health'; - - t o compile equipment failure and repair history and maintenance records; - - t o monitor technical specification compliance, track timing and action statements; - - t o interface with automated equipment-tagging software for producing equipment tags; and - - t o prepare event record and shift logs. To perform these functions efficiently and achieve the fast response required in an operational environment, system analysis techniques play an essential role. The system logic models and plant level models are used to derive the relationships among the equipment availability status, plant operation mode, plant power level, and all other intended PSM functions. For instance, PSM uses these relationships to determine, from the current operational status, compliance with the technical specification requirements, and displays either compliance with the technical specifications or the

466

Boyer B. Chu, David H. Worledge

applicable technical specification action statements. Reporting requirements (e.g. 10 CFR 50.72, 10 C F R 50.73) and emergency action levels associated with technical specification action statement timing requirements, i.e. the time a component, train, system or function has been out of service with respect to applicable technical specification action statement restoration time requirements. In addition, it can also identify conflicting technical specification requirements or procedural inconsistencies, if any exist, resulting from interdependencies among the plant systems. RAPID/PSM uses the EPRI-developed GO methodology for plant/ system logic modeling. Other logic models, such as fault trees, could also have been used. The advantage of using logic models is that they can evaluate any potential or postulated combination of out-of-service components. This is not possible in other systems that are simply database managers. Two important technical developments have been made to enhance computer processing CPU time. System reliability analysis software, in this case GO codes, has been modified. The code is no longer used as a tool for probabilistic quantifications; rather, it is used to determine binary 'system status'. The numerical efficiency has thereby increased by one to two orders of magnitude. Furthermore, a distributive scheme has been developed for controlling the processing sequence of system models and plant level models. With application of this algorithm, the system models are to be requantified only if they have been impacted by the change of the equipment(s) status. This approach significantly improves the computer processing time, especially for evaluating a plant level model. With these enhancements, the PSM response time becomes quite acceptable. Other than the monitoring functions, the 'plant health' calculation is a unique feature in the RAPID/PSM. It assesses 'plant health' both in terms of the probability of continued power operation at various power levels and the availability of safety systems to function when they are required. The plant health evaluation scheme determines the maximum power level achievable and the relative likelihood to continue operation at those established power levels with the plant configuration including current or proposed out-of-service components. The health of safety systems is determined by comparing the probability that the systems will be available to perform their intended functions between a reference case, where all components are assumed to be in service, and the current or proposed case, where some components are out of service. Finally, PSM keeps a record of component status changes and the reason for the changes. This feature replaces the manual event record log and shift record log. The PSM is able to show the plant status based on the current component configuration at the shift turnover, i.e. out-of-service compo-

RA PID/PSM software

467

nents, operational status, technical specification compliance and plant health. In addition, there is an ad hoc search procedure for sorting through specified events. This feature could assist PSM users in finding specific events of interest in the operational history. To operate RAPID/PSM, it only requires a list of current out-of-service components as input. The software evaluates the plant and system logic models based on this new plant hardware configuration. It determines the operation status of the plant, its systems and their trains. The software also

PSM - OYSTER CREEK PLANT MODE

TODAYS DATE

CURRENT RUN

I I

I I

MAIN MENU

I

I

DEC12-86

1. DISPLAY CURRENT COMPONENT STATUS 2. DISPLAY CURRENT POWER LEVEL CALCULATIONS 3, REVIEW/CHANGE PLANT STATUS 4. REVIEW TECH SPEC STATUS FOR CURRENT CONFIGURATION 5, REVIEW PLANT HEALTH MESSAGES FOR CURRENT CONFIGURATION Q. QUIT PSM

PSM - OYSTER CREEK MAIN MENU PLANT MODE

TODAYS DATE I I

CURRENT RUN

REVIEW TECH SPEC STATUS FOR CURRENT

I

CONFIGURATION

I I

D EC12-86

I

1. DISPLAY SYSTEM STATUS FOR TECH SPEC SYSTEMS 2. DISPLAY TECH SPEC ACTION STATEMENTS 3. DISPLAY ACTION STATEMENTS TIMER BY SYSTEM 4. DISPLAY PLANT ACTION STATEMENT TIMER R. RETURN TO MAIN MENU

PSM - OYSTER CREEK

REVIEW TECH SPEC STATUS FOR CURRENT CONFIGURATION

PLANT MODE CURRENT

I

SYSTEMS IMPACTED

|

CONFIGURATION

I

IN C U R R E N T

TODAYS DATE

I

DEC12-86

I

1. RPS 2. RECIRC 3. CWFD 4. N2 5. HPWED 6. PRICNT 7. ALL ENTERTHENUMBEROFONEOF THEABOVEIMPACTEDSYSTEMS FOR TECHSPECSTATUSMESSAGES,OR 'R' TO RETURNTO PREVIOUSMENU

Fig. 7.

RAPID/PSM main menu, a submenu and its functions.

468

Boyer B. Chu, David H. Worledge

accepts queries from a postulated list of out-of-service components for 'what if' inquiries. This feature is particularly useful in maintenance planning and finding the importance of equipment to productivity and/or safety assessment. The preliminary R A P I D / P S M has been developed under a cooperative agreement between EPRI and General Public Utilities Nuclear Corporation (GPUN). The software has been developed in a generic fashion and can be operated on a wide variety of computer hardware configurations. Presently it is installed on an IBM Sierra mainframe machine and uses a video display terminal as a workstation. PSM is designed to accommodate multiple users. The user input/output interface is through a video display terminal and

TECHNICAL SPECIFICATION STATUS FOR C U R R E N T C O N F I G U R A T I O N SYSTEM: NITROGEN INERTING STATUS: TORUS VENT VALVE V-28-47 IS INOPERABLE-CLOSED. IF THE TORUS MUST BE VENTED THROUGH THE STANDBY GAS TREATMENT SYSTEM, VIA V-28-47, THE FILTERS MAY BE DAMAGED THE DRYWELL OXYGEN SAMPLE SYSTEM IS INOPERABLE. THE TORUS OXYGEN SAMPLE SYSTEM IS INOPERABLE. ONE OR BOTH OF THE REACTOR BUILDINGTO TORUS VACUUM BREAKERS ARE INOPERABLE-OPEN. THE N2 INERTING FUNCTION IS INOPERABLE. THE N2 MAKEUP FUNCTION IS INOPERABLE. THE AIR PURGING FLOW PATH IS INOPERABLE. ONE OR MORE N2 SYSTEM AIR OPERATED VALVES ARE INOPERABLE-CLOSED. PRESS ENTER TO CONTINUE.....

I

II

I

TECHNICAL SPECIFICATION STATUS FOR CURRENT CONFIGURATION SYSTEM: NITROGEN INERTING UNAVAILABILITY RESULTS: N2 UNAVAILABLE

CURRENT: BASE:

UNAVAILABILITY 1.00000 0.11668

RATIO 8.57 1.00

PRESS ENTER TO CONTINUE.....

Fig. 8.

An example of the RAPID/PSM technical specification monitoring and its safety system dynamic unavailability calculations.

RA PID/PSM software

469

keyboard. User-friendly, menu-driven displays and prompts show the available options and prompt the user for necessary information. Results of most PSM functions are displayed to the user on the terminal, although some (e.g. event record and shift record logs) require a printer. Figures 7-9 show a typical set of menus and screen displays of an example of the RAPID/PSM results. Security from unauthorized access is provided by a log-in password and user identification protection scheme. The preliminary PSM version being operated at Oyster Creek Nuclear Generation Station (OCNGS) has all the functions described previously.

I

TECHNICAL SPECIFICATION STATUS FOR CURRENT CONFIGURATION SYSTEM: NITROGEN INERTING STATUS: THE N2 MAKEUP FUNCTION INOPERABLE. ACTION STATEMENT: * AS THE N2 INERTING SYSTEM IS INOPERABLE, THE CONTAINMENT ATMOSPHERE MAY NOT BE INERTED IF NECESSARY. IF THE CONTAINMENT HAS NOT BEEN INERTED, PLACE THE REACTOR IN THE COLD SHUTDOWN CONDITION WITHIN 30 HOURS.

REFERENCE: 3.0.A & 3,5.A.6

PRESS ENTER TO CONTINUE.....

TECHNICAL SPECIFICATION STATUS FOR CURRENT CONFIGURATION

1

SYSTEM: NITROGEN INERTING STATUS: THE N2 MAKEUP FUNCTION INOPERABLE. ACTION STATEMENT: * AS THE MAKEUP CAPABILITY OF THE N2 SYSTEM IS INOPERABLE, IT MAY NOT BE POSSIBLE TO MAINTAIN THE REQUIRED PRESSURE AND OXYGEN CONCENTRATION WITHIN THE CONTAINMENT. IF THE REQUIREMENTS OF TECHNICAL SPECIFICATION 3.5.A.6 IS NOT MET, PLACE THE REACTOR IN THE COLD SHUTDOWN CONDITION WITHIN 30 HOURS. REFERENCE: 3.0.A & 3.5.A.6

PRESS, ENTER TO CONTINUE..... /

Fig. 9. An example of RAPID/PSM technical specification compliance output.

470

Boyer B. Chu, David H. Worledge

GPUN's OCNGS plant-specific information is being utilized in the RAPID/ PSM database for testing the basic software package. Forty-seven GO system models consisting of 5400 components have been constructed. All inter- and intra-system dependencies have been incorporated in the models. These models have been integrated into a plant model. Plant-specific technical specification, tagging procedures, plant level logic models, and other needed information have been logically and hierarchically arranged. Thus systems operability status information can be derived from the component status information for monitoring technical specification compliance and identifying, if any, the conflicting procedural requirements resulting from system interdependencies. Figures 7-9 are a sample of RAPID/PSM main menu and its submenus. The figures should provide an indication of the RAPID/PSM functions. The complete prerelease OCNGS PSM system is undergoing integral testing to ensure that the software performs as intended and plant-specific data and models actually reflect the OCNGS hardware functions. It is expected that the OCNGS RAPID/PSM system will be installed, as an operational aid, in its control room by April 1987. 4 DISCUSSION A N D CONCLUSIONS The prerelease RAPID software has been successfully completed. The R A P I D / R A M and R A P I D / W M were demonstrated to EPRI's member utility companies at ANPP offices in March 1987. It became evident to the participants (over 35 PRA analysts) that the software can significantly enhance productivity and quality of SRA activities. Many participants have expressed their interest to install the software in-house. The RAPID/PSM software is in its final stage of development. Some software optimization and the interface to an automatic tagging system remain to be completed. In this activity, several observations have been made and are outlined below.

Response time. An 'acceptable' response time is not easy to achieve. At present, before optimizing the software it requires between 0.5 and 20 CPU min for the PSM to complete a response. The response time is very much dependent on the type of component status change. For instance, it will require approximately 20 CPU min if the component status change involves equipment in the electrical power and instrument air systems. On the average, the response time is expected to be in the range 1-2 CPU min for an 'average' change and this may be appreciably improved by the optimization work.

RA PID/PSM software

471

Technical issue. It appears that the PSM technology is reasonably straightforward. The real difficulties are in the systems model development and model review process. The amount of modeling details, that is (1) proper inclusions, exclusions and combinations of equipment in the system models, (2) integration of system models to plant model, (3) adequacy of the models to actually reflect hardware functions, and (4) amount of data required to describe the plant operation, are very complex issues. To demonstrate the PSM technology at the system level appears to be a fairly simple matter. Administrative control. Because of the large volume of information required in developing the PSM database, careful control over the information is required. The modeling activity, computerizing technical specification and other plant operation procedures, reviewing, updating and modifying the database are also critical. A dedicated technical staff with explicit support from the operation staff is essential to the success of a PSM installation.

The PSM software demonstration at OCNGS has just completed its first phase of activity. Some minimal software enhancements, many software integration tests, system models and database revisions, personnel training and documentation are planned for completion in 1987. The general conclusion from the work to date is that the union of database management capability with an executive controller and reliability applications packages can be made to work effectively. It promises considerable on-line and off-line benefits. The main task ahead concerns blending of this new capability into the operational life of a plant. The most challenging part is to get such a software tool as PSM accepted by operations personnel and used routinely with adequate accuracy. It will also be necessary to avoid undue reliance by operators on what may increasingly be seen as a magic box. Novel uses of the system may be discovered, for example, in operator training or involving use of the plant health formation. REFERENCES 1. Implementation Plans for the Severe Accident Policy Statement and the Regulatory Use of New Source-Term Information, SECY-86-76, US Government, Washington, DC, February 1986. 2. Chu, B. B., Worledge, D. H. and Wall, I. B. Overview on use of system reliability analysis for enhancing plant operational safety and productivity, paper presented at International Topical Conference in Probabilistic Safety Assessment and Risk Management, Ziirich, Switzerland, August 31-September 4, 1987. 3. RIM 5.0 Software Documentation, LAR-13282, COSMIC (NASA), University of Georgia, US Government, Washington, DC, March 1982.

472

Boyer B. Chu, David H. Worledge

4. CAFTA Code Manual, EPRI Draft Report, Palo Alto, CA, January 1987. 5. WAM-E Code Manual, EPRI NP-4460, Palo Alto, CA, July 1986: 6. GO V-3 Code Manual, EPRI NP-3123, 6 volumes, Palo Alto, CA, November 1983. 7. Worreli, R. B. SETS Reference Manual, NUREG/CR-4213, SAND83-2675, US Government, Washington, DC, May 1985. 8. SOCRATES User's Guide, EPRI Draft Report, Palo Alto, CA, March 1987. 9. Rumble, E. T. and Chu, B. B. An application for integrating plant O&M information with system reliability analysis, Nuclear Technology, 79 (1987), pp. 7-19.