- Email: [email protected]
A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants
14th 14th IFAC IFAC Symposium Symposium on on Available online at www.sciencedirect.com 14th IFACDesign Symposium on Analysis and Evaluation of Human Machine Systems Analysis Design and of 14th IFAC Symposium on Analysis Design and Evaluation Evaluation of Human Human Machine Machine Systems Systems 14th IFAC Symposium on Analysis Design and Evaluation of Human Machine Systems Tallinn, Estonia, Sept. 16-19, 2019 Analysis Design and of Tallinn, 16-19, 2019 AnalysisEstonia, Design Sept. and Evaluation Evaluation of Human Human Machine Machine Systems Systems Tallinn, Estonia, Sept. 16-19, 2019 Tallinn, Tallinn, Estonia, Estonia, Sept. Sept. 16-19, 16-19, 2019 2019
ScienceDirect
IFAC PapersOnLine 52-19 (2019) 193–198
A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants , , , Jun Yang* **. Bing Zhang*. Ming Wang*. Ming Yang**
Jun Jun Yang* Yang*,,, **. **. Bing Bing Zhang*. Zhang*. Ming Ming Wang*. Wang*. Ming Ming Yang** Yang** Jun Yang* ,, **. Bing Zhang*. Ming Wang*. Ming Yang** Jun Yang* **. Bing Zhang*. Ming Wang*. Jun Yang* **. Bing Zhang*. Ming Wang*. Ming Ming Yang** Yang** Laboratory *State Key Laboratory of Nuclear Nuclear Power Power Safety Safety Monitoring Monitoring Technology Technology and and Equipment, Equipment, Shenzhen, Shenzhen, Guangdong, Guangdong, 518172 518172 Laboratory of *State Key *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, 518172 China (e-mail: youngjun51@ hotmail.com). *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, China (e-mail: youngjun51@ hotmail.com). *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, 518172 518172 China (e-mail: youngjun51@ hotmail.com). **School of Electric Power, South China University of Technology, Guangzhou, Guangdong, 510641, China. China (e-mail: youngjun51@ hotmail.com). **School of of Electric Electric Power, Power, South South China University of Technology, Technology, Guangzhou, Guangdong, Guangdong, 510641, 510641, China. China. **School China University of Guangzhou, China (e-mail: youngjun51@ hotmail.com). **School of Electric Power, South China University of Technology, Guangzhou, Guangdong, 510641, China. **School **School of of Electric Electric Power, Power, South South China China University University of of Technology, Technology, Guangzhou, Guangzhou, Guangdong, Guangdong, 510641, 510641, China. China. framework for operational task analysis Abstract: The paper presents a dynamic risk-based framework for for operational operational task task analysis analysis at at nuclear nuclear Abstract: The paper presents a dynamic risk-based framework at nuclear Abstract: The paper presents aa dynamic risk-based framework for operational task analysis at nuclear focused power plants. dynamic operational assessment system on system configuration Abstract: The paper presents risk-based framework for operational task analysis at power plants. The dynamic operational risk assessment system is is focused on the the system configuration Abstract: TheThe paper presents a dynamic dynamicrisk risk-based framework forfocused operational task analysis at nuclear nuclear power plants. The dynamic operational risk assessment system is focused on the system configuration management error identification. The risk identified using power The dynamic operational risk system focused on system configuration management and human error identification. The potential potential riskis sources could be identified using aa power plants. plants. and The human dynamic operational risk assessment assessment system is sources focused could on the the be system configuration management and human error identification. The potential risk sources could be impairment identified using a reliability/risk-based mapping The and/or management error identification. The potential risk sources could identified reliability/risk-based mapping scheme. The risks risks arising from system functional and/oraa management and and human human error scheme. identification. The arising potentialfrom risksystem sourcesfunctional could be be impairment identified using using reliability/risk-based mapping scheme. The risks arising from system functional impairment and/or human errors are mapped out by the noteworthy difference between the curved timeline of average plant reliability/risk-based mapping The arising from functional impairment human errors out the difference the timeline of plant human errors are are mapped mapped out by byscheme. the noteworthy noteworthy difference between the curved curved timeline of average averageand/or plant reliability/risk-based mapping scheme. The risks risks arising between from system system functional impairment and/or human errors are mapped out by the noteworthy difference between the curved timeline of average plant risk and point-in-time risk profile. The system modeling process is augmented with structural-functional human errors are mapped out by the noteworthy difference between the curved timeline of average risk and point-in-time risk profile. The system modeling process is augmented with structural-functional risk anderrors point-in-time riskout profile. The system modeling process is augmented structural-functional human are mapped by the noteworthy difference between the curved with timeline of average plant plant risk and point-in-time risk profile. The system modeling process is augmented with structural-functional perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis risk risk system process with structural-functional perspective for facilitating facilitating LivingThe Probabilistic Risk Assessment Assessment (Living PSA) PSA) update, analysis and and perspective for Living Probabilistic Risk (Living analysis and risk and and point-in-time point-in-time risk profile. profile. The system modeling modeling process is is augmented augmented withupdate, structural-functional perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms aa well-founded basis for perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms well-founded basis for perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms a well-founded basis for development of Living PSA program and applications. management. The dynamic operational risk assessment framework forms aa well-founded basis for development of Living PSA program and applications. management. The dynamic operational risk assessment framework forms well-founded basis for development of Living PSA program and applications. development of Living PSA program and applications. development of Living PSA program and applications. Copyright ©Functional 2019. The modeling, Authors. Published by Elsevier Ltd. AllOperational rights reserved. Keywords: Phased analysis, reliability, Keywords: Functional modeling, Phased mission mission analysis, Operational reliability, Living Living PSA, PSA, Nuclear Nuclear Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, Nuclear power plants. Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, Nuclear Nuclear power plants. Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, power plants. power plants. power plants. instantaneous risk profile rather than average risk profile is instantaneous risk profile rather than average risk profile is 1. instantaneous risk profile rather than average risk profile is 1. INTRODUCTION INTRODUCTION applied for risk monitoring. The instantaneous risk profile is instantaneous risk profile rather rather than average risk risk applied for risk monitoring. The instantaneous risk 1. INTRODUCTION instantaneous risk profile than average profile is 1. INTRODUCTION applied for risk monitoring. The instantaneous risk profile is 1. INTRODUCTION determined based on the current plant configuration and Safety is always ranked as the first priority over any of the applied for risk monitoring. The instantaneous risk profile is based on the current plant configuration Safety applied for risk monitoring. The instantaneous risk profileand is Safety is is always always ranked ranked as as the the first first priority priority over over any any of of the the determined determined based on the current plant configuration and environmental factors (Shepherd et al., 2004). While now Safety is always ranked as the first priority over any of the other objectives of nuclear energy applications (Adorjan et al., determined based on the current plant configuration and environmental factors (Shepherd et al., 2004). While now Safety is always ranked as the first priority over any of the other objectives of nuclear energy applications (Adorjan et al., determined based on the current plant configuration and other nuclearasenergy applications (Adorjan al., environmental factors (Shepherd et al., 2004). While now Safetyobjectives is alwaysofranked the first priority over any ofetthe with the rise of new generation reactor types, especially with other objectives of nuclear energy applications (Adorjan et al., 2013). Safety is understood as an environmental (Shepherd et 2004). While now with the rise rise of of factors new generation generation reactor types, especially with other of applications (Adorjan et 2013). Safety management management is commonly commonly understood as an with environmental factors (Shepherd et al., al., 2004). While with now 2013). Safety management is commonly understood an other objectives objectives of nuclear nuclear energy energy applications (Adorjanas et al., al., the new reactor types, especially the rapid development and applications of digital 2013). Safety management is commonly understood as an with the rise of new generation reactor types, especially with the rapid development and applications of digital effective means to the achievement of good operating the rapid development and applications of digital 2013). Safety management is commonly understood as an with the rise of new generation reactor types, especially with effective means to the achievement of good operating 2013). Safety management is commonly understood as an the rapid development and applications of digital technologies, the enhancements to Living PSA are related not effective to of operating risks, the and applications digital technologies, the enhancements to Living PSA are related not conditions, identification of safety hazards technologies, the enhancements enhancements to Living Living PSA are areof related not effective means means to the the achievement achievement of good good and operating and risks, technologies, the rapid rapid development development andto applications of digital conditions, identification of safety hazards and risks, effective means to the achievement of good operating the PSA related not only to the actual operational features, but also to the new conditions, identification of safety hazards and risks, prevention and mitigation of accident consequences technologies, the enhancements to Living PSA are related not only to the actual operational features, but also to the new only to the actual operational features, but also to the new conditions, identification of safety hazards and risks, prevention identification and mitigation mitigationof of of accident consequences technologies, the enhancements to Living PSA are related not prevention and accident conditions, safety hazardsconsequences and risks, only to the actual operational features, but also to the new design features of nuclear power plants. The evolving issues prevention and mitigation of accident consequences (Apostolakis et al., 2012). only to the actual operational features, but also to the new The goal of nuclear safety design features of nuclear power plants. The evolving issues prevention and mitigation of accident consequences (Apostolakis et al., 2012). only to the actual operational features, but also to the new (Apostolakis et al., 2012). The of nuclear safety design features of nuclear power plants. The evolving issues prevention and mitigation of goal accident consequences (Yoshikawa et al., 2014) such as human factors in the digital (Apostolakis et toal., 2012). The goal of nuclear safety design of power plants. The issues management apply aa set of principles and (Yoshikawa et al., al., 2014) such such as human human factors in the the digital digital (Apostolakis 2012). goal safety design features features of nuclear nuclear power plants. factors The evolving evolving issues management iset apply setThe of guidelines, guidelines, principles and (Yoshikawa (Apostolakis is et toal., al., 2012). The goal of of nuclear nuclear safety et 2014) as in control room environment, dynamic reliability of digital management is to apply a set of guidelines, principles and measures to protect the plant personnel, the public and the (Yoshikawa et al., 2014) such as human factors in the control room environment, dynamic reliability of digital management is to apply a set of guidelines, principles and measures to protect the plant personnel, the public and the (Yoshikawa et al., 2014) such as human factors in the measures to protect the plant the public and and the control room environment, dynamic reliability of digital management is to apply a set personnel, of guidelines, principles instrumentation and control systems, software reliability, etc. measures to protect the plant personnel, the public and the control environment from radioactivity hazards (Wahlstrom, dynamic reliability of instrumentation and control control systems, systems, software reliability, etc. measures the personnel, the and environment from undue radioactivity (Wahlstrom, control room room environment, environment, dynamicsoftware reliability of digital digital environment from undue undue radioactivity hazards (Wahlstrom, measures to to protect protect the plant plant personnel,hazards the public public and the the instrumentation and reliability, etc. need to be taken into account in Living PSA applications. environment from undue radioactivity hazards (Wahlstrom, safety 2018). In recent years, the concept of risk-informed instrumentation and control systems, software reliability, etc. need to be taken into account in Living PSA applications. need to be taken into account in Living PSA applications. environment from undue radioactivity hazards (Wahlstrom, 2018). In recent years, the concept of risk-informed safety instrumentation and control systems, software reliability, etc. 2018). In recent years, the concept of risk-informed safety environment fromyears, unduetheradioactivity hazards (Wahlstrom, need to be taken into account in Living PSA applications. 2018). In recent concept of risk-informed safety need to be taken into account in Living PSA applications. management and regulation that integrates both the 2018). In recent recent years, the concept concept ofintegrates risk-informed safety need to be taken into paper accountanin Living PSA applications. management and regulation that both the 2018). In years, the of risk-informed safety Therefore, in this operational risk assessment Therefore, in this management and that integrates both the Therefore, in in this this paper paper an an operational operational risk risk assessment assessment traditional Safety managementDeterministic and regulation regulation that Analysis integrates(DSA) both and the Therefore, paper an operational risk assessment traditional Deterministic Safety Analysis (DSA) and management and regulation that integrates both the framework is proposed for practicing the Living PSA Therefore, in this paper an operational risk assessment framework is proposed for practicing the PSA traditional Deterministic Safety Analysis (DSA) and framework is this proposed Living PSA Therefore, in paper for an practicing operational the riskLiving assessment Probabilistic Safety Assessment (PSA) has become a traditional Deterministic Safety Analysis (DSA) and is proposed for practicing the Living PSA Probabilistic Safety Assessment becomeanda framework program and applications. The operational risk assessment traditional Deterministic Safety (PSA) Analysishas (DSA) framework is proposed for practicing the Living PSA program and applications. The operational risk assessment program and applications. The operational risk assessment Probabilistic Safety Assessment (PSA) has become a framework isapplications. proposed for practicing theriskLiving PSA dominant trend in the regulatory process of nuclear facilities Probabilistic Safety Assessment (PSA) has become a program and The operational assessment dominant trendSafety in the regulatory facilitiesa framework Probabilistic Assessmentprocess (PSA)of nuclear has become is mostly focused on the identification of sources program and applications. The operational risk assessment framework is mostly focused on the identification of sources dominant trend in the regulatory process of nuclear facilities program and applications. The operational risk assessment et al., 2012; Kadak et al., 2007). The reconciliation (Himanen dominant trend in the regulatory process of nuclear facilities et al., 2012; Kadak et al., 2007). The reconciliation framework is mostly focused on the identification of sources (Himanen et al.,in 2012; Kadak et al., 2007).ofThe reconciliation dominant trend the regulatory process nuclear facilities of potential arising from system functional impairment framework isrisks mostly focused on the identification identification of sources sources of potential risks arising from system functional impairment (Himanen et al., 2012; Kadak et al., 2007). The reconciliation framework is mostly focused on the of of deterministic and risk insights brings better (Himanen et Kadak 2007). The of deterministic and probabilistic insights brings better potential risks arising from system functional impairment of deterministic and probabilistic probabilistic risk insights brings better of (Himanen et al., al., 2012; 2012; Kadak et et al., al.,risk 2007). The reconciliation reconciliation and/or human errors. The potential incorrect human actions of potential risks arising from system functional impairment and/or human errors. The potential incorrect human actions of deterministic and probabilistic risk insights brings better of potential risks arising from system functional impairment focus on the issues of safety management in an adequate of and probabilistic risk better focus on safety in an The potential incorrect human errors. human actions focus on the the issues issues of safety management management in brings an adequate adequate of deterministic deterministic and of probabilistic risk insights insights brings better and/or or omissions are expected to be uncovered based on the riskand/or human errors. The potential incorrect human actions or omissions are expected to be uncovered based on the riskfocus on the issues of safety management in an adequate and/or human errors. The potential incorrect human actions manner (Drouin et al., 2005). focus on the issues of safety management in an adequate manner (Drouin et al., 2005). or omissions are expected to be uncovered based on the riskmanner (Drouin et al., 2005). focus on(Drouin the issues of2005). safety management in an adequate or based reliability mapping analysis of task-oriented omissions are expected to be uncovered based on the riskmanner et al., based reliability mapping analysis of task-oriented or omissions are expected to be uncovered based on the riskmanner (Drouin (Drouin et et al., al., 2005). 2005). based reliability mapping analysis of task-oriented operational sequence. Thus, recovery measures and actions manner based reliability mapping analysis of task-oriented operational sequence. Thus, recovery measures and actions The risk insights and influences resulting from probabilistic operational sequence.mapping Thus, recovery and actions based reliability analysismeasures of task-oriented The risk insights and influences resulting from probabilistic operational sequence. Thus, recovery measures and actions can be for and these major risks The risk insights and influences resulting from probabilistic the operational sequence. Thus, measures actions can be planed for mitigating and reducing these major risks safety assessment are increasingly considered can be planed planed for mitigating mitigating and reducing reducing these and major risks The risk insights influences resulting from probabilistic the safety operational sequence. Thus, recovery recovery measures and actions safety assessment are increasingly considered on the safety The risk insights and and influences resulting fromon probabilistic can be planed for mitigating and reducing these major risks associated with the human factors. safety assessment are increasingly considered on the safety bodies can be planed for mitigating and reducing these major associated with the human factors. decisions applied by both utilities and regulatory associated with the human factors. safety assessment are increasingly considered on the safety bodies be planed for mitigating and reducing these major risks risks decisions applied are by increasingly both utilitiesconsidered and regulatory safety assessment on the bodies safety can associated with the human factors. decisions applied by both utilities and regulatory bodies (Greenberg with the human factors. along with the of PSA et decisions both (Greenberg associated with thepaper human factors. along withapplied the rapid rapidby advancement of and PSA regulatory (Greenbergbodies et al., al., associated decisions applied byadvancement both utilities utilities and regulatory bodies The rest of the is organized as follows. Section 2 The rest of the paper is organized as follows. Section 22 along with the probabilistic rapid advancement of assessment PSA (Greenberg etbeen al., 2015). The safety has along rapid PSA al., The rest of the paper is organized as follows. Section 2015). Thethe safetyof has et along with with the probabilistic rapid advancement advancement of assessment PSA (Greenberg (Greenberg etbeen al., presents the framework of the operational risk assessment The rest rest the of the the paper is isoforganized organized as follows. follows. Section 2 2 presents framework the operational risk assessment 2015). The probabilistic safety assessment has been The of paper as Section established for the majority of the nuclear power plants in the 2015). assessment has established the the power the presents The the functional frameworkconfiguration of the the operational operational risk assessment established for probabilistic the majority majority of ofsafety the nuclear nuclear power plants plants inbeen the presents 2015). The Thefor probabilistic safety assessment has in been system. of the operational risk the framework of risk assessment system. The functional configuration of the operational risk established for the majority of the nuclear power plants in the presents the framework of the operational risk assessment with the dynamic world and moving quickly forward established the of nuclear power plants in world and moving quickly forward dynamic Theframework functional configuration of theInoperational risk world and for moving quickly forward with the dynamic established for the majority majority of the the nuclear with powerthe plants in the the system. assessment briefly Section the system. functional of assessment isconfiguration briefly discussed. discussed. Section 3, 3, risk the world and moving quickly forward with the dynamic system. The Theframework functional is configuration of the theInoperational operational risk (Adamec et al. 2001). applications Among the PSA world and moving quickly forward with the dynamic (Adamec et al. 2001). assessment framework is briefly discussed. In Section 3, the applications (Adamec et al. 2001). Among the PSA world and moving quickly forward with the the dynamic system modeling process augmenting with structuralassessment framework is briefly discussed. In Section 3, the applications (Adamec et al. 2001). Among PSA system modeling process augmenting with structuralassessment framework is briefly discussed. In Section 3, the enhancements, the development of Living PSA and risk applications (Adamec (Adamec et al. al. 2001). 2001). Among the PSA system modeling process augmenting with structuralenhancements, the development of Living PSA and risk applications et Among the PSA functional perspective is introduced. A reliability/risk-based system modeling process augmenting with structuralfunctional perspective is introduced. A reliability/risk-based enhancements, the development of Living PSA and risk functional perspective is introduced. A reliability/risk-based system modeling process augmenting with structuralmostly focused on ensuring the safe operation of monitor are enhancements, the focused development of Living Living PSA and risk risk mostly focused on ensuring ensuring the safe safe operation of functional perspective is introduced. A reliability/risk-based monitor are mostly on the operation of scheme is in 4 enhancements, the development of PSA and functional perspective is A mapping scheme is proposed proposed in Section Section 4 for for identifying identifying the the monitor are mostly focused on ensuring the safe operation ofa mapping mapping is proposed in Section 4 for identifying the functionalscheme perspective is introduced. introduced. A reliability/risk-based reliability/risk-based nuclear power plants (Kafka, 1995). Risk is monitor mostly focused on safe operation nuclear power plants (Kafka, 1995). mapping scheme is proposed in Section 4 for identifying the nuclear power plants (Kafka, 1995). the Risk monitor is of monitor are are mostly focused on ensuring ensuring the safemonitor operation ofa major risk sources. The discussions and conclusion are made mapping scheme is proposed in Section 4 for identifying the major risk sources. The discussions and conclusion are made nuclear power plants (Kafka, 1995). Risk monitor is a mapping scheme is The proposed in Section 4 for identifying the tool that risk programme specific nuclear power plants Risk is tool that the risk monitoring programme major risk sources. discussions and conclusion are made specific Living PSA tool(Kafka, that the the 1995). risk monitoring monitoring programme nuclear Living power PSA plants (Kafka, 1995). Risk monitor monitor is aa in Section 5. major risk sources. The discussions and conclusion are made in Section 5. specific Living PSA tool that the risk monitoring programme major risk sources. The discussions and conclusion are made needs to be consistent with changes to the design and daily specific Living PSA tool that the risk monitoring programme in Section 5. needs be consistent with the designprogramme and daily in Section 5. specifictoLiving PSA tool thatchanges the risk to monitoring needs to be consistent with changes to the et design and daily in Section 5. operation of nuclear plants (Drouin al., The needs with changes to and operation of nuclear power (Drouin al., 2005). The operation of consistent nuclear power power plants (Drouin etdesign al., 2005). 2005). The needs to to be be consistent with plants changes to the the et design and daily daily operation of nuclear power plants (Drouin et al., 2005). The operation of power (Drouin et al., 2005). The operationCopyright of nuclear nuclear power plants (Drouin et by al.,Elsevier 2005).Ltd. TheAll rights reserved. 2405-8963 © 2019. The plants Authors. Published
Peer review©under of International Federation of Automatic Control. Copyright 2019 responsibility IFAC 193 Copyright © 193 Copyright © 2019 2019 IFAC IFAC 193 10.1016/j.ifacol.2019.12.095 Copyright © 2019 IFAC 193 Copyright 193 Copyright © © 2019 2019 IFAC IFAC 193
2019 IFAC HMS 194 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
2. FRAMEWORK OF THE OPERATIONAL RISK MANAGEMENT SYSTEM
update and efficient database management. The system model files stored in the database can be directly read and assessed by the computational engine for reliability and risk evaluation.
Nuclear power plants are complex and dynamic process systems. The mission objectives and functional performance vary significantly from one to another mode of plant operation. System states may also undergo changes as the mission is progressing. It is therefore a dynamic risk management system is necessary for plant personnel to have well-founded knowledge in support of the risk-informed decision-making process.
iv) Analysis module: the updated system risk models are sent to the solution engine for Living PSA analysis. The analysis module is capable of both qualitative reasoning and quantitative calculation. The system mission reliability and risk profiles are used as the metrics for the assessment of operational performance of nuclear power plants. The reasoning and analysis results are graphically interpreted for reliability and risk monitoring.
The overall functional framework of the operational risk assessment system proposed in this study is shown in Fig.1. The operational risk assessment system integrates the interactive input from operator support system and virtual simulation platform of nuclear main control room to implement online reliability and risk analysis of operational task sequences that are formulated during the operation of nuclear power plants. The plant configuration can be altered by manual intervention through the virtual simulation platform of nuclear main control room. The data acquisition unit gathers plant monitoring data out of the virtual simulation platform for processing and further applied to the condition monitoring unit, alarm analysis unit and fault diagnosis unit of the operator support system. The current status of system components and operator manual actions are updated into the system models for operational risk assessment. The operational risk assessment system presented in the study focuses mainly on the monitoring of reliability and risk profiles associated with system configuration changes and operator manual actions.
v) Graphical display module: the Graphical User Interface (GUI) design of the operational risk assessment system is implemented in split-screen layouts with different applications on separate screens. The multi-windows views allow plant personnel to get to know the effects of system configuration changes, random failures and operator manual actions on the plant safety conveniently and quickly. The system reliability level and risk profile shown in curved timeline. The output risk information is used to support for the integrated risk-informed decision-making process. 3. SYSTEM MODELING The system modeling for operational risk assessment is implemented using a novel method, by which the structuralfunctional perspective is applied in the system modeling process to clearly describe the complex dynamic behaviours of system. The schematic overall topology for system modeling is shown in Fig. 2.
On the whole, the operational risk assessment system can be divided into five functional modules: i) modeling module; ii) config module; iii) database module; iv) analysis module; v) graphic display module. All of the five modules are interrelated and ultimately served for the risk-based decisionmaking process.
As shown in Fig. 2, the concept of hierarchical and modular architecture is applied to the system modeling process for facilitating model building. The nuclear power plant systems complying with the basic safety principle of defence-in-depth are decomposed into hierarchical modular structures with multiple levels of abstraction. In this way, the functional realization and structural logical relations can be clearly defined among the hierarchical modular structures at different levels of goals, functions, systems, structures and components.
i) Modeling module: the system risk models are constructed in the modeling module. The system dynamic interactive behaviours among the controlled process and system components such as hardware/software/human are described by the system models. The system risk models include all possible system states, by which system state changes can be easily modified and updated. The system modeling process is in detail described in subsequent Section 3.
The system models are generated by the graphical modeling platform. The system models can be classified into two types: system functional models and system phased mission models. The system functional models are used as the basis knowledge models for condition monitoring, alarm analysis and fault diagnosis, where the operator support system is served as the peripheral system input to the operational risk assessment system for operational task analysis. The system functional models can be also used in system state planning analysis, by which the feasibility of operational sequence could be assessed in a qualitative manner.
ii) Config module: the config module is designed for system configuration update. An ultimate need for Living PSA (Lanore et al., 2008) is that system models have to be updated as necessary to reflect the current plant design and operational features as accurately as possible. The system models are updated with the possible plant changes in terms of operator manual actions and the known status of system components obtained from the operator support system.
The system phased mission models are developed in a success-oriented mindset. It focuses more on the handling of the time-dependent and phased mission issues as well as the dynamic interactions between the system and human in Boolean algebra and mathematical models. All functional modes of system components such as operating, standby,
iii) Database module: the Living PSA information is documented in a consistent way that the risk models can be directly related to current plant information. The system functional models and system phased mission models are interpreted and archived as model files for easily model 194
2019 IFAC HMS Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
failure, test, maintenance as well as the dynamic phase transition among the system states over time can be modelled by the system phased mission models. The system phased mission model takes account of the combining impacts of current plant unavailability, system configuration changes, and operating regimes, etc. The sophisticated human reliability model can be also incorporated into the system
195
phased mission models to simulate and describe the operator’s responses in coping with cognitive situations. The acceptability of operator manual actions as well as their impacts on plant operational performance can be evaluated with quantitative reliability and risk assessment based on the system phased mission models.
Fig. 1. Framework of operational risk assessment system.
Fig. 2. Schematic overall topology for system modeling. 195
2019 IFAC HMS 196 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
orientation procedure (DOS) for reactor state diagnosis and accidental operating procedure (ECP) for incidents/accidents handling. In addition to the accidental operating procedure (SOP), there are also system procedures guided for system operations. In contrast to the SOP used for plant-level management, the system procedures involve sequences of operations mainly on the system level. Considering the new design and operational features of plant, the framework of operational risk assessment system is implemented from both aspects of system reliability monitoring and plant risk monitoring. The operational reliability and risk mapping analysis are introduced in Section 4.1 and Section 4.2, respectively.
The system phased-mission models use the time points to describe the system dynamics and operational task sequences. The system reliability and risk profiles at different time frames can be calculated with one computer run. Furthermore, the time point can be abstracted as the date, by which system daily Operations and Maintenances (O&M) plans can be made for safety management at nuclear power plants. 4. OPERATIONAL RELIABILITY AND RISK MAPPING ANALYSIS The system modeling process implemented with hierarchical and modular strategy is supportive for model update and rapid calculation. But in the meantime, the current design and operational features of plant must be accurately updated in the system risk models to support for the application of Living PSA. The more and more new design elements are employed in nuclear power plants for improving their operational safety performance. Especially for the new generation of reactor types, a lot of design features of plant have been introduced, i.e., the modernization of digitalized main control room, etc. The modernization of digital control room at nuclear power plants has also pushed the upgrades of its relevant accessories including not only the system platform but also operating procedures and guidelines. For example, many new advanced nuclear reactors have shifted their Event-Oriented Procedures (EOP) to State-Oriented Procedures (SOP) for plant operation and management (Yang, 2010). In comparison with the event-oriented procedure, the philosophy of state-oriented procedure is to maintain the nuclear power plants in a safe state via the continuous monitoring of several safety parameters. The state-oriented procedure consists of two parts: initial
4.1 Operational Reliability Mapping Analysis The operational reliability can be obtained directly from the system phased mission models. The system phased mission models can be constructed using a synthetic GO-FLOW modeling structure that was proposed by the authors in (Yang et al. 2014). The synthetic GO-FLOW modeling structure is packed into a single unit to represent the multiple operational modes of each individual component. The system configuration can be easily altered and updated with the system phased mission models. The sequence of operator manual actions is described in chronological order in system modeling. The human error probability and demand probability of component are bound together in the manual demand signals. The update of system configuration changes and operator manual actions can be accomplished directly through the model signal processing. The operational reliability analysis forms the basis for online system configuration management and reliability monitoring.
Fig. 3. Schematic for system reliability monitoring. 196
2019 IFAC HMS Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
197
related to plant configuration changes and operator manual actions. The alteration of plant configuration, especially the potential human errors may cause major changes to the level of safety and reliability of nuclear power plants. On contrary, the operational feasibility and acceptability concerning the system configuration changes and operator manual actions can be evaluated by the operational reliability and risk mapping analysis.
Fig. 3 shows the schematic for system reliability monitoring. The display area is divided into vertical-horizontal subwindows. The system flow diagram is shown in the top left corner of the screen. It supports importing graphic images from the system design gallery. The bottom left shows the system phased-mission model generated for the sample system. The system configuration display area is at the top right, where system component statuses are configured chronologically. The system dynamic behaviours are characterized by time series of T1, T2, …, Tn. The time frame Tn can be measured as hour or day. It is therefore that the system reliability can be monitored by running hours or days. The visual monitoring of system reliability changes is arranged in the bottom right quadrant. The potential human errors in conjunction with system functional impairment can be identified via the apparent changes in the level of system mission reliability.
4.3 Case Study: Reliability-based Scenario Mapping Analysis of a Phased-Mission Example System In order to demonstrate the risk-based reliability mapping analysis scheme used for identification of potential significant sources or risks, a water supply sample system (can be regarded a simplified safety injection system at nuclear power plants) is analysed with simulation of human error and phased-mission problems. As shown in Fig. 3, the water supply sample system is consisted of two water tanks (Tank #1, Tank #2), two pumps (Pump #1, Pump #2), four powered valves (Valve A, Valve C, Valve D, Valve E), a manually operated control valve (Valve B) and a check valve (Valve F). The sample system is operated with Valve A, Pump #1, Pump #2, and Valve E open during phase I, and then shifted to Phase II at time point T4 with Valve C, Valve D in service, and Valve A out-of-service. Assuming that a human error (P=0.999) is introduced on the Valve B. Valve B is not restored to be the required on-state after repair. The system configuration changes are mapped out by the colour changes on the status bar. For example, the bar colour will change from blue to green when a component is switched from standby to operating. The system phased-mission model is built using GO-FLOW method (See the model in Fig. 3). Also, the functional and structural hierarchy of system models can be generated for reasoning analysis using Multilevel Flow Models (MFM). The same reliability data as Reference (Yang et al., 2011) are used for calculation of dynamic system reliability profiles.
4.2 Operational Risk Mapping Analysis The monitoring of operational performance of plant is related not only to the configuration of plant configuration but also to the involvement of operator manual actions. The human errors are classified into three types: Type A (preinitiators: the potential unavailability of safety system and components caused by human errors), Type B (initiators: initiating events induced by human errors) and Type C (post-initiator: human errors made when performing operation actions since the accident occurred) (Cetiner et al., 2016). The system configuration changes as well as the Type C post-initiator human errors can be well reflected in the system mission reliability monitoring. While the plant operational performance affected by impairment of plant safety function as well as the Type B human errors and Type A human errors are monitored by risk profiles. The risk profile combines a variety of effects of equipment and operator related failures that may occur during the normal and abnormal operation of nuclear power plants. The risk profile is determined from the accident sequence models in combination with the system phased mission models. The risk profile measured by Core Damage Frequency (CDF) is calculated by following (1).
The reliability-based mapping analysis is demonstrated with three case scenarios, which are average operational performance assessment versus system mission reliability analysis (divided into mission success and mission failure). The results obtained from reliability-based mapping analyses of example system are shown in Fig. 4.
Ji N CDF = P ( I i ) P ( Sij | I i ) (1) i =1 j =1
In the reliability-based mapping analysis scheme as shown in Fig. 4, the system reliability profile is used as the metric for assessing the system operational performance. Certainly, the mapping scheme can be also expanded to risk profile. The event of whole system failure (results obtained from system reliability analysis) is then taken as the binary tree nodes that integrated in the accident sequence model for risk assessment. The plant operational performance is measured on average condition before the mission is performed. That means the mission in progress could be success or failure in a random way. It happens with a certain value of probability. While in actual plant monitoring situations, the performed missions or actions would become deterministic (either success or failure) for operational performance assessment. The actual operational performance in terms of
Where I i is the ith initial event. P( I i ) is the frequency of occurrence of the initial event I i . Sij means the jth ( j = 1, 2,..., J i ) accident sequence leading to reactor core damage after the occurrence of initial event I i . P( Sij |I i ) is the probability of jth accident sequence that will lead to core damage following the initial event I i . The core damage frequency is estimated by the sum of probabilities of all core damage sequences of potential initial events I i (i = 1, 2,..., N ) under consideration. The risk profile obtained from the accident sequence analysis can be used for mapping the risk sources that are 197
2019 IFAC HMS 198 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
reliability/risk profile need to be re-evaluated when the mission had been conducted and confirmed afterward. The probability is updated with 1 and 0 as the mission is confirmed successful or failure. The cases mission success and failure respectively represent the upper and lower bound of operational reliability/risk profile. The operational reliability/risk profile will be dragged away from the average value in both cases of mission success and failure, as shown in Fig. 4. The difference or distance away from the average operational reliability/risk profile is applied for mapping out the potential sources of risks. In this case (Fig. 4), the adverse impacts on system operational performance are mostly resulted from human error and system configuration changes, which occurred at time point T2 and T4, respectively. The system mission reliability also decreases gradually due to the aging effects.
Adorjan, F., Akizuki, T., Alm-Lytz, K., et al. (2013). Periodic safety review for nuclear power plants. IAEA Safety Standards Series NO. SSG-25, Vienna, Austria. Apostolakis, G., Cunningham, M., Lui, C., et al. (2012). A proposed risk management regulatory framework. NUREG-2150, Washington, D.C., USA. Adamec, P., Ahmed, K., Babar, A.K., et al. (2001). Applications of probabilistic safety assessment (PSA) for nuclear power plants. IAEA-TECDOC-1200, Vienna, Austria. Cetiner, S.M., Fechtelkotter, P., Legatt, M. (2016). Advances in human factors in energy: oil, gas, nuclear and electric power industries. Springer, Germany. Drouin, M., Grantom, R., Hill, T., et al. (2005). Risk informed regulation of nuclear facilities: overview of the current status. IAEA-TECDOC-1436, Vienna, Austria. Greenberg, M., Apostolakis, G., Fields, T., et al. (2015). A review of the use of risk-informed management in the cleanup program for former defence nuclear sites. Omnibus Risk Review Committee, USA. Himanen, R., Julin, A., Jankala, K., et al. (2012). Riskinformed regulation and safety management of nuclear power plants-on the prevent of severe accidents. Risk Anal, 32(11), 1978-1993. Kadak, A.C., Matsuo, T. (2007). The nuclear industry’s transition to risk-informed regulation and operation in the United States. Reliability Engineering and System Safety, 92, 609-618. Kafka. P. (1995). Living PSA-risk monitoring-current use and developments. Nuclear Engineering and Design, 175(3), 197-204. Lanore, J.M., Pyy, P., Siu, N., et al. (2008). International review of the use and development of PSA. Proceedings of ANS International Topical Meeting on Probabilistic Safety Assessment and Analysis (PSA 2008), Knoxville, TN, USA. Shepherd, C.H., Yllera, F.J., Kaufer, B., et al. (2004). Risk monitors: the state if the art in their development and use at nuclear power plants. NEA/CSNI/R(2004)20, Vienna, Austria. Wahlstrom, B. (2018). Systemic thinking in support of safety management in nuclear power plants. Safety Science, 109, 201-218. Yoshikawa, H., Zhang, Z.J. (2014). Progress of nuclear safety for symbiosis and sustainability: advanced digital instrumentation, control and information systems for nuclear power plants. Springer, Germany. Yang, J., Yang, M., Yoshikawa, H., et al. (2014). A method for developing Living PSA for NPPs by using the GOFLOW methodology. International Journal of Nuclear Safety and Simulation, 5(1), 70-82. Yang, M. Zhang, Z. J. (2011). Study on quantitative reliability analysis by multilevel flow models for nuclear power plants. Nuclear Power Engineering, 32(4), 72-76. Yang, Q.M. (2010). State oriented procedure application in nuclear power plants in China. Proceedings of the 18th International Conference on Nuclear Engineering, ICONE18, Xi’an, China.
Fig. 4. Reliability-based mapping analysis. The quantitative analysis results of reliability/risk profile can also be interpreted in a qualitative manner. Risk bands can be used as the quantitative criteria for assisting plant personnel with their operational decisions. The risk sources can be identified by the risk monitoring from another angle and thus to mitigate these impact risks. 5. CONCLUSIONS In the paper, a dynamic risk assessment framework is proposed for operational task analysis at nuclear power plants. Under the framework of operational risk assessment system, a reliability/risk-based mapping analysis scheme is presented for identifying the potential risk sources related to system configuration changes and human errors. The concept of Living PSA is emerged in the implementation of operational risk assessment and management. While the present framework focuses mainly on the treatment of operational features such as plant configuration changes and task profiles, etc. More efforts will be put on the Living PSA to reflect the current new digital design features of the plant and to expand applications of the existing operational risk assessment system in the future work. REFERENCES
198
ScienceDirect
IFAC PapersOnLine 52-19 (2019) 193–198
A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants A Risk-based Framework for Operational Task Analysis at Nuclear Power Plants , , , Jun Yang* **. Bing Zhang*. Ming Wang*. Ming Yang**
Jun Jun Yang* Yang*,,, **. **. Bing Bing Zhang*. Zhang*. Ming Ming Wang*. Wang*. Ming Ming Yang** Yang** Jun Yang* ,, **. Bing Zhang*. Ming Wang*. Ming Yang** Jun Yang* **. Bing Zhang*. Ming Wang*. Jun Yang* **. Bing Zhang*. Ming Wang*. Ming Ming Yang** Yang** Laboratory *State Key Laboratory of Nuclear Nuclear Power Power Safety Safety Monitoring Monitoring Technology Technology and and Equipment, Equipment, Shenzhen, Shenzhen, Guangdong, Guangdong, 518172 518172 Laboratory of *State Key *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, 518172 China (e-mail: youngjun51@ hotmail.com). *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, China (e-mail: youngjun51@ hotmail.com). *State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment, Shenzhen, Guangdong, 518172 518172 China (e-mail: youngjun51@ hotmail.com). **School of Electric Power, South China University of Technology, Guangzhou, Guangdong, 510641, China. China (e-mail: youngjun51@ hotmail.com). **School of of Electric Electric Power, Power, South South China University of Technology, Technology, Guangzhou, Guangdong, Guangdong, 510641, 510641, China. China. **School China University of Guangzhou, China (e-mail: youngjun51@ hotmail.com). **School of Electric Power, South China University of Technology, Guangzhou, Guangdong, 510641, China. **School **School of of Electric Electric Power, Power, South South China China University University of of Technology, Technology, Guangzhou, Guangzhou, Guangdong, Guangdong, 510641, 510641, China. China. framework for operational task analysis Abstract: The paper presents a dynamic risk-based framework for for operational operational task task analysis analysis at at nuclear nuclear Abstract: The paper presents a dynamic risk-based framework at nuclear Abstract: The paper presents aa dynamic risk-based framework for operational task analysis at nuclear focused power plants. dynamic operational assessment system on system configuration Abstract: The paper presents risk-based framework for operational task analysis at power plants. The dynamic operational risk assessment system is is focused on the the system configuration Abstract: TheThe paper presents a dynamic dynamicrisk risk-based framework forfocused operational task analysis at nuclear nuclear power plants. The dynamic operational risk assessment system is focused on the system configuration management error identification. The risk identified using power The dynamic operational risk system focused on system configuration management and human error identification. The potential potential riskis sources could be identified using aa power plants. plants. and The human dynamic operational risk assessment assessment system is sources focused could on the the be system configuration management and human error identification. The potential risk sources could be impairment identified using a reliability/risk-based mapping The and/or management error identification. The potential risk sources could identified reliability/risk-based mapping scheme. The risks risks arising from system functional and/oraa management and and human human error scheme. identification. The arising potentialfrom risksystem sourcesfunctional could be be impairment identified using using reliability/risk-based mapping scheme. The risks arising from system functional impairment and/or human errors are mapped out by the noteworthy difference between the curved timeline of average plant reliability/risk-based mapping The arising from functional impairment human errors out the difference the timeline of plant human errors are are mapped mapped out by byscheme. the noteworthy noteworthy difference between the curved curved timeline of average averageand/or plant reliability/risk-based mapping scheme. The risks risks arising between from system system functional impairment and/or human errors are mapped out by the noteworthy difference between the curved timeline of average plant risk and point-in-time risk profile. The system modeling process is augmented with structural-functional human errors are mapped out by the noteworthy difference between the curved timeline of average risk and point-in-time risk profile. The system modeling process is augmented with structural-functional risk anderrors point-in-time riskout profile. The system modeling process is augmented structural-functional human are mapped by the noteworthy difference between the curved with timeline of average plant plant risk and point-in-time risk profile. The system modeling process is augmented with structural-functional perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis risk risk system process with structural-functional perspective for facilitating facilitating LivingThe Probabilistic Risk Assessment Assessment (Living PSA) PSA) update, analysis and and perspective for Living Probabilistic Risk (Living analysis and risk and and point-in-time point-in-time risk profile. profile. The system modeling modeling process is is augmented augmented withupdate, structural-functional perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms aa well-founded basis for perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms well-founded basis for perspective for facilitating Living Probabilistic Risk Assessment (Living PSA) update, analysis and management. The dynamic operational risk assessment framework forms a well-founded basis for development of Living PSA program and applications. management. The dynamic operational risk assessment framework forms aa well-founded basis for development of Living PSA program and applications. management. The dynamic operational risk assessment framework forms well-founded basis for development of Living PSA program and applications. development of Living PSA program and applications. development of Living PSA program and applications. Copyright ©Functional 2019. The modeling, Authors. Published by Elsevier Ltd. AllOperational rights reserved. Keywords: Phased analysis, reliability, Keywords: Functional modeling, Phased mission mission analysis, Operational reliability, Living Living PSA, PSA, Nuclear Nuclear Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, Nuclear power plants. Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, Nuclear Nuclear power plants. Keywords: Functional modeling, Phased mission analysis, Operational reliability, Living PSA, power plants. power plants. power plants. instantaneous risk profile rather than average risk profile is instantaneous risk profile rather than average risk profile is 1. instantaneous risk profile rather than average risk profile is 1. INTRODUCTION INTRODUCTION applied for risk monitoring. The instantaneous risk profile is instantaneous risk profile rather rather than average risk risk applied for risk monitoring. The instantaneous risk 1. INTRODUCTION instantaneous risk profile than average profile is 1. INTRODUCTION applied for risk monitoring. The instantaneous risk profile is 1. INTRODUCTION determined based on the current plant configuration and Safety is always ranked as the first priority over any of the applied for risk monitoring. The instantaneous risk profile is based on the current plant configuration Safety applied for risk monitoring. The instantaneous risk profileand is Safety is is always always ranked ranked as as the the first first priority priority over over any any of of the the determined determined based on the current plant configuration and environmental factors (Shepherd et al., 2004). While now Safety is always ranked as the first priority over any of the other objectives of nuclear energy applications (Adorjan et al., determined based on the current plant configuration and environmental factors (Shepherd et al., 2004). While now Safety is always ranked as the first priority over any of the other objectives of nuclear energy applications (Adorjan et al., determined based on the current plant configuration and other nuclearasenergy applications (Adorjan al., environmental factors (Shepherd et al., 2004). While now Safetyobjectives is alwaysofranked the first priority over any ofetthe with the rise of new generation reactor types, especially with other objectives of nuclear energy applications (Adorjan et al., 2013). Safety is understood as an environmental (Shepherd et 2004). While now with the rise rise of of factors new generation generation reactor types, especially with other of applications (Adorjan et 2013). Safety management management is commonly commonly understood as an with environmental factors (Shepherd et al., al., 2004). While with now 2013). Safety management is commonly understood an other objectives objectives of nuclear nuclear energy energy applications (Adorjanas et al., al., the new reactor types, especially the rapid development and applications of digital 2013). Safety management is commonly understood as an with the rise of new generation reactor types, especially with the rapid development and applications of digital effective means to the achievement of good operating the rapid development and applications of digital 2013). Safety management is commonly understood as an with the rise of new generation reactor types, especially with effective means to the achievement of good operating 2013). Safety management is commonly understood as an the rapid development and applications of digital technologies, the enhancements to Living PSA are related not effective to of operating risks, the and applications digital technologies, the enhancements to Living PSA are related not conditions, identification of safety hazards technologies, the enhancements enhancements to Living Living PSA are areof related not effective means means to the the achievement achievement of good good and operating and risks, technologies, the rapid rapid development development andto applications of digital conditions, identification of safety hazards and risks, effective means to the achievement of good operating the PSA related not only to the actual operational features, but also to the new conditions, identification of safety hazards and risks, prevention and mitigation of accident consequences technologies, the enhancements to Living PSA are related not only to the actual operational features, but also to the new only to the actual operational features, but also to the new conditions, identification of safety hazards and risks, prevention identification and mitigation mitigationof of of accident consequences technologies, the enhancements to Living PSA are related not prevention and accident conditions, safety hazardsconsequences and risks, only to the actual operational features, but also to the new design features of nuclear power plants. The evolving issues prevention and mitigation of accident consequences (Apostolakis et al., 2012). only to the actual operational features, but also to the new The goal of nuclear safety design features of nuclear power plants. The evolving issues prevention and mitigation of accident consequences (Apostolakis et al., 2012). only to the actual operational features, but also to the new (Apostolakis et al., 2012). The of nuclear safety design features of nuclear power plants. The evolving issues prevention and mitigation of goal accident consequences (Yoshikawa et al., 2014) such as human factors in the digital (Apostolakis et toal., 2012). The goal of nuclear safety design of power plants. The issues management apply aa set of principles and (Yoshikawa et al., al., 2014) such such as human human factors in the the digital digital (Apostolakis 2012). goal safety design features features of nuclear nuclear power plants. factors The evolving evolving issues management iset apply setThe of guidelines, guidelines, principles and (Yoshikawa (Apostolakis is et toal., al., 2012). The goal of of nuclear nuclear safety et 2014) as in control room environment, dynamic reliability of digital management is to apply a set of guidelines, principles and measures to protect the plant personnel, the public and the (Yoshikawa et al., 2014) such as human factors in the control room environment, dynamic reliability of digital management is to apply a set of guidelines, principles and measures to protect the plant personnel, the public and the (Yoshikawa et al., 2014) such as human factors in the measures to protect the plant the public and and the control room environment, dynamic reliability of digital management is to apply a set personnel, of guidelines, principles instrumentation and control systems, software reliability, etc. measures to protect the plant personnel, the public and the control environment from radioactivity hazards (Wahlstrom, dynamic reliability of instrumentation and control control systems, systems, software reliability, etc. measures the personnel, the and environment from undue radioactivity (Wahlstrom, control room room environment, environment, dynamicsoftware reliability of digital digital environment from undue undue radioactivity hazards (Wahlstrom, measures to to protect protect the plant plant personnel,hazards the public public and the the instrumentation and reliability, etc. need to be taken into account in Living PSA applications. environment from undue radioactivity hazards (Wahlstrom, safety 2018). In recent years, the concept of risk-informed instrumentation and control systems, software reliability, etc. need to be taken into account in Living PSA applications. need to be taken into account in Living PSA applications. environment from undue radioactivity hazards (Wahlstrom, 2018). In recent years, the concept of risk-informed safety instrumentation and control systems, software reliability, etc. 2018). In recent years, the concept of risk-informed safety environment fromyears, unduetheradioactivity hazards (Wahlstrom, need to be taken into account in Living PSA applications. 2018). In recent concept of risk-informed safety need to be taken into account in Living PSA applications. management and regulation that integrates both the 2018). In recent recent years, the concept concept ofintegrates risk-informed safety need to be taken into paper accountanin Living PSA applications. management and regulation that both the 2018). In years, the of risk-informed safety Therefore, in this operational risk assessment Therefore, in this management and that integrates both the Therefore, in in this this paper paper an an operational operational risk risk assessment assessment traditional Safety managementDeterministic and regulation regulation that Analysis integrates(DSA) both and the Therefore, paper an operational risk assessment traditional Deterministic Safety Analysis (DSA) and management and regulation that integrates both the framework is proposed for practicing the Living PSA Therefore, in this paper an operational risk assessment framework is proposed for practicing the PSA traditional Deterministic Safety Analysis (DSA) and framework is this proposed Living PSA Therefore, in paper for an practicing operational the riskLiving assessment Probabilistic Safety Assessment (PSA) has become a traditional Deterministic Safety Analysis (DSA) and is proposed for practicing the Living PSA Probabilistic Safety Assessment becomeanda framework program and applications. The operational risk assessment traditional Deterministic Safety (PSA) Analysishas (DSA) framework is proposed for practicing the Living PSA program and applications. The operational risk assessment program and applications. The operational risk assessment Probabilistic Safety Assessment (PSA) has become a framework isapplications. proposed for practicing theriskLiving PSA dominant trend in the regulatory process of nuclear facilities Probabilistic Safety Assessment (PSA) has become a program and The operational assessment dominant trendSafety in the regulatory facilitiesa framework Probabilistic Assessmentprocess (PSA)of nuclear has become is mostly focused on the identification of sources program and applications. The operational risk assessment framework is mostly focused on the identification of sources dominant trend in the regulatory process of nuclear facilities program and applications. The operational risk assessment et al., 2012; Kadak et al., 2007). The reconciliation (Himanen dominant trend in the regulatory process of nuclear facilities et al., 2012; Kadak et al., 2007). The reconciliation framework is mostly focused on the identification of sources (Himanen et al.,in 2012; Kadak et al., 2007).ofThe reconciliation dominant trend the regulatory process nuclear facilities of potential arising from system functional impairment framework isrisks mostly focused on the identification identification of sources sources of potential risks arising from system functional impairment (Himanen et al., 2012; Kadak et al., 2007). The reconciliation framework is mostly focused on the of of deterministic and risk insights brings better (Himanen et Kadak 2007). The of deterministic and probabilistic insights brings better potential risks arising from system functional impairment of deterministic and probabilistic probabilistic risk insights brings better of (Himanen et al., al., 2012; 2012; Kadak et et al., al.,risk 2007). The reconciliation reconciliation and/or human errors. The potential incorrect human actions of potential risks arising from system functional impairment and/or human errors. The potential incorrect human actions of deterministic and probabilistic risk insights brings better of potential risks arising from system functional impairment focus on the issues of safety management in an adequate of and probabilistic risk better focus on safety in an The potential incorrect human errors. human actions focus on the the issues issues of safety management management in brings an adequate adequate of deterministic deterministic and of probabilistic risk insights insights brings better and/or or omissions are expected to be uncovered based on the riskand/or human errors. The potential incorrect human actions or omissions are expected to be uncovered based on the riskfocus on the issues of safety management in an adequate and/or human errors. The potential incorrect human actions manner (Drouin et al., 2005). focus on the issues of safety management in an adequate manner (Drouin et al., 2005). or omissions are expected to be uncovered based on the riskmanner (Drouin et al., 2005). focus on(Drouin the issues of2005). safety management in an adequate or based reliability mapping analysis of task-oriented omissions are expected to be uncovered based on the riskmanner et al., based reliability mapping analysis of task-oriented or omissions are expected to be uncovered based on the riskmanner (Drouin (Drouin et et al., al., 2005). 2005). based reliability mapping analysis of task-oriented operational sequence. Thus, recovery measures and actions manner based reliability mapping analysis of task-oriented operational sequence. Thus, recovery measures and actions The risk insights and influences resulting from probabilistic operational sequence.mapping Thus, recovery and actions based reliability analysismeasures of task-oriented The risk insights and influences resulting from probabilistic operational sequence. Thus, recovery measures and actions can be for and these major risks The risk insights and influences resulting from probabilistic the operational sequence. Thus, measures actions can be planed for mitigating and reducing these major risks safety assessment are increasingly considered can be planed planed for mitigating mitigating and reducing reducing these and major risks The risk insights influences resulting from probabilistic the safety operational sequence. Thus, recovery recovery measures and actions safety assessment are increasingly considered on the safety The risk insights and and influences resulting fromon probabilistic can be planed for mitigating and reducing these major risks associated with the human factors. safety assessment are increasingly considered on the safety bodies can be planed for mitigating and reducing these major associated with the human factors. decisions applied by both utilities and regulatory associated with the human factors. safety assessment are increasingly considered on the safety bodies be planed for mitigating and reducing these major risks risks decisions applied are by increasingly both utilitiesconsidered and regulatory safety assessment on the bodies safety can associated with the human factors. decisions applied by both utilities and regulatory bodies (Greenberg with the human factors. along with the of PSA et decisions both (Greenberg associated with thepaper human factors. along withapplied the rapid rapidby advancement of and PSA regulatory (Greenbergbodies et al., al., associated decisions applied byadvancement both utilities utilities and regulatory bodies The rest of the is organized as follows. Section 2 The rest of the paper is organized as follows. Section 22 along with the probabilistic rapid advancement of assessment PSA (Greenberg etbeen al., 2015). The safety has along rapid PSA al., The rest of the paper is organized as follows. Section 2015). Thethe safetyof has et along with with the probabilistic rapid advancement advancement of assessment PSA (Greenberg (Greenberg etbeen al., presents the framework of the operational risk assessment The rest rest the of the the paper is isoforganized organized as follows. follows. Section 2 2 presents framework the operational risk assessment 2015). The probabilistic safety assessment has been The of paper as Section established for the majority of the nuclear power plants in the 2015). assessment has established the the power the presents The the functional frameworkconfiguration of the the operational operational risk assessment established for probabilistic the majority majority of ofsafety the nuclear nuclear power plants plants inbeen the presents 2015). The Thefor probabilistic safety assessment has in been system. of the operational risk the framework of risk assessment system. The functional configuration of the operational risk established for the majority of the nuclear power plants in the presents the framework of the operational risk assessment with the dynamic world and moving quickly forward established the of nuclear power plants in world and moving quickly forward dynamic Theframework functional configuration of theInoperational risk world and for moving quickly forward with the dynamic established for the majority majority of the the nuclear with powerthe plants in the the system. assessment briefly Section the system. functional of assessment isconfiguration briefly discussed. discussed. Section 3, 3, risk the world and moving quickly forward with the dynamic system. The Theframework functional is configuration of the theInoperational operational risk (Adamec et al. 2001). applications Among the PSA world and moving quickly forward with the dynamic (Adamec et al. 2001). assessment framework is briefly discussed. In Section 3, the applications (Adamec et al. 2001). Among the PSA world and moving quickly forward with the the dynamic system modeling process augmenting with structuralassessment framework is briefly discussed. In Section 3, the applications (Adamec et al. 2001). Among PSA system modeling process augmenting with structuralassessment framework is briefly discussed. In Section 3, the enhancements, the development of Living PSA and risk applications (Adamec (Adamec et al. al. 2001). 2001). Among the PSA system modeling process augmenting with structuralenhancements, the development of Living PSA and risk applications et Among the PSA functional perspective is introduced. A reliability/risk-based system modeling process augmenting with structuralfunctional perspective is introduced. A reliability/risk-based enhancements, the development of Living PSA and risk functional perspective is introduced. A reliability/risk-based system modeling process augmenting with structuralmostly focused on ensuring the safe operation of monitor are enhancements, the focused development of Living Living PSA and risk risk mostly focused on ensuring ensuring the safe safe operation of functional perspective is introduced. A reliability/risk-based monitor are mostly on the operation of scheme is in 4 enhancements, the development of PSA and functional perspective is A mapping scheme is proposed proposed in Section Section 4 for for identifying identifying the the monitor are mostly focused on ensuring the safe operation ofa mapping mapping is proposed in Section 4 for identifying the functionalscheme perspective is introduced. introduced. A reliability/risk-based reliability/risk-based nuclear power plants (Kafka, 1995). Risk is monitor mostly focused on safe operation nuclear power plants (Kafka, 1995). mapping scheme is proposed in Section 4 for identifying the nuclear power plants (Kafka, 1995). the Risk monitor is of monitor are are mostly focused on ensuring ensuring the safemonitor operation ofa major risk sources. The discussions and conclusion are made mapping scheme is proposed in Section 4 for identifying the major risk sources. The discussions and conclusion are made nuclear power plants (Kafka, 1995). Risk monitor is a mapping scheme is The proposed in Section 4 for identifying the tool that risk programme specific nuclear power plants Risk is tool that the risk monitoring programme major risk sources. discussions and conclusion are made specific Living PSA tool(Kafka, that the the 1995). risk monitoring monitoring programme nuclear Living power PSA plants (Kafka, 1995). Risk monitor monitor is aa in Section 5. major risk sources. The discussions and conclusion are made in Section 5. specific Living PSA tool that the risk monitoring programme major risk sources. The discussions and conclusion are made needs to be consistent with changes to the design and daily specific Living PSA tool that the risk monitoring programme in Section 5. needs be consistent with the designprogramme and daily in Section 5. specifictoLiving PSA tool thatchanges the risk to monitoring needs to be consistent with changes to the et design and daily in Section 5. operation of nuclear plants (Drouin al., The needs with changes to and operation of nuclear power (Drouin al., 2005). The operation of consistent nuclear power power plants (Drouin etdesign al., 2005). 2005). The needs to to be be consistent with plants changes to the the et design and daily daily operation of nuclear power plants (Drouin et al., 2005). The operation of power (Drouin et al., 2005). The operationCopyright of nuclear nuclear power plants (Drouin et by al.,Elsevier 2005).Ltd. TheAll rights reserved. 2405-8963 © 2019. The plants Authors. Published
Peer review©under of International Federation of Automatic Control. Copyright 2019 responsibility IFAC 193 Copyright © 193 Copyright © 2019 2019 IFAC IFAC 193 10.1016/j.ifacol.2019.12.095 Copyright © 2019 IFAC 193 Copyright 193 Copyright © © 2019 2019 IFAC IFAC 193
2019 IFAC HMS 194 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
2. FRAMEWORK OF THE OPERATIONAL RISK MANAGEMENT SYSTEM
update and efficient database management. The system model files stored in the database can be directly read and assessed by the computational engine for reliability and risk evaluation.
Nuclear power plants are complex and dynamic process systems. The mission objectives and functional performance vary significantly from one to another mode of plant operation. System states may also undergo changes as the mission is progressing. It is therefore a dynamic risk management system is necessary for plant personnel to have well-founded knowledge in support of the risk-informed decision-making process.
iv) Analysis module: the updated system risk models are sent to the solution engine for Living PSA analysis. The analysis module is capable of both qualitative reasoning and quantitative calculation. The system mission reliability and risk profiles are used as the metrics for the assessment of operational performance of nuclear power plants. The reasoning and analysis results are graphically interpreted for reliability and risk monitoring.
The overall functional framework of the operational risk assessment system proposed in this study is shown in Fig.1. The operational risk assessment system integrates the interactive input from operator support system and virtual simulation platform of nuclear main control room to implement online reliability and risk analysis of operational task sequences that are formulated during the operation of nuclear power plants. The plant configuration can be altered by manual intervention through the virtual simulation platform of nuclear main control room. The data acquisition unit gathers plant monitoring data out of the virtual simulation platform for processing and further applied to the condition monitoring unit, alarm analysis unit and fault diagnosis unit of the operator support system. The current status of system components and operator manual actions are updated into the system models for operational risk assessment. The operational risk assessment system presented in the study focuses mainly on the monitoring of reliability and risk profiles associated with system configuration changes and operator manual actions.
v) Graphical display module: the Graphical User Interface (GUI) design of the operational risk assessment system is implemented in split-screen layouts with different applications on separate screens. The multi-windows views allow plant personnel to get to know the effects of system configuration changes, random failures and operator manual actions on the plant safety conveniently and quickly. The system reliability level and risk profile shown in curved timeline. The output risk information is used to support for the integrated risk-informed decision-making process. 3. SYSTEM MODELING The system modeling for operational risk assessment is implemented using a novel method, by which the structuralfunctional perspective is applied in the system modeling process to clearly describe the complex dynamic behaviours of system. The schematic overall topology for system modeling is shown in Fig. 2.
On the whole, the operational risk assessment system can be divided into five functional modules: i) modeling module; ii) config module; iii) database module; iv) analysis module; v) graphic display module. All of the five modules are interrelated and ultimately served for the risk-based decisionmaking process.
As shown in Fig. 2, the concept of hierarchical and modular architecture is applied to the system modeling process for facilitating model building. The nuclear power plant systems complying with the basic safety principle of defence-in-depth are decomposed into hierarchical modular structures with multiple levels of abstraction. In this way, the functional realization and structural logical relations can be clearly defined among the hierarchical modular structures at different levels of goals, functions, systems, structures and components.
i) Modeling module: the system risk models are constructed in the modeling module. The system dynamic interactive behaviours among the controlled process and system components such as hardware/software/human are described by the system models. The system risk models include all possible system states, by which system state changes can be easily modified and updated. The system modeling process is in detail described in subsequent Section 3.
The system models are generated by the graphical modeling platform. The system models can be classified into two types: system functional models and system phased mission models. The system functional models are used as the basis knowledge models for condition monitoring, alarm analysis and fault diagnosis, where the operator support system is served as the peripheral system input to the operational risk assessment system for operational task analysis. The system functional models can be also used in system state planning analysis, by which the feasibility of operational sequence could be assessed in a qualitative manner.
ii) Config module: the config module is designed for system configuration update. An ultimate need for Living PSA (Lanore et al., 2008) is that system models have to be updated as necessary to reflect the current plant design and operational features as accurately as possible. The system models are updated with the possible plant changes in terms of operator manual actions and the known status of system components obtained from the operator support system.
The system phased mission models are developed in a success-oriented mindset. It focuses more on the handling of the time-dependent and phased mission issues as well as the dynamic interactions between the system and human in Boolean algebra and mathematical models. All functional modes of system components such as operating, standby,
iii) Database module: the Living PSA information is documented in a consistent way that the risk models can be directly related to current plant information. The system functional models and system phased mission models are interpreted and archived as model files for easily model 194
2019 IFAC HMS Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
failure, test, maintenance as well as the dynamic phase transition among the system states over time can be modelled by the system phased mission models. The system phased mission model takes account of the combining impacts of current plant unavailability, system configuration changes, and operating regimes, etc. The sophisticated human reliability model can be also incorporated into the system
195
phased mission models to simulate and describe the operator’s responses in coping with cognitive situations. The acceptability of operator manual actions as well as their impacts on plant operational performance can be evaluated with quantitative reliability and risk assessment based on the system phased mission models.
Fig. 1. Framework of operational risk assessment system.
Fig. 2. Schematic overall topology for system modeling. 195
2019 IFAC HMS 196 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
orientation procedure (DOS) for reactor state diagnosis and accidental operating procedure (ECP) for incidents/accidents handling. In addition to the accidental operating procedure (SOP), there are also system procedures guided for system operations. In contrast to the SOP used for plant-level management, the system procedures involve sequences of operations mainly on the system level. Considering the new design and operational features of plant, the framework of operational risk assessment system is implemented from both aspects of system reliability monitoring and plant risk monitoring. The operational reliability and risk mapping analysis are introduced in Section 4.1 and Section 4.2, respectively.
The system phased-mission models use the time points to describe the system dynamics and operational task sequences. The system reliability and risk profiles at different time frames can be calculated with one computer run. Furthermore, the time point can be abstracted as the date, by which system daily Operations and Maintenances (O&M) plans can be made for safety management at nuclear power plants. 4. OPERATIONAL RELIABILITY AND RISK MAPPING ANALYSIS The system modeling process implemented with hierarchical and modular strategy is supportive for model update and rapid calculation. But in the meantime, the current design and operational features of plant must be accurately updated in the system risk models to support for the application of Living PSA. The more and more new design elements are employed in nuclear power plants for improving their operational safety performance. Especially for the new generation of reactor types, a lot of design features of plant have been introduced, i.e., the modernization of digitalized main control room, etc. The modernization of digital control room at nuclear power plants has also pushed the upgrades of its relevant accessories including not only the system platform but also operating procedures and guidelines. For example, many new advanced nuclear reactors have shifted their Event-Oriented Procedures (EOP) to State-Oriented Procedures (SOP) for plant operation and management (Yang, 2010). In comparison with the event-oriented procedure, the philosophy of state-oriented procedure is to maintain the nuclear power plants in a safe state via the continuous monitoring of several safety parameters. The state-oriented procedure consists of two parts: initial
4.1 Operational Reliability Mapping Analysis The operational reliability can be obtained directly from the system phased mission models. The system phased mission models can be constructed using a synthetic GO-FLOW modeling structure that was proposed by the authors in (Yang et al. 2014). The synthetic GO-FLOW modeling structure is packed into a single unit to represent the multiple operational modes of each individual component. The system configuration can be easily altered and updated with the system phased mission models. The sequence of operator manual actions is described in chronological order in system modeling. The human error probability and demand probability of component are bound together in the manual demand signals. The update of system configuration changes and operator manual actions can be accomplished directly through the model signal processing. The operational reliability analysis forms the basis for online system configuration management and reliability monitoring.
Fig. 3. Schematic for system reliability monitoring. 196
2019 IFAC HMS Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
197
related to plant configuration changes and operator manual actions. The alteration of plant configuration, especially the potential human errors may cause major changes to the level of safety and reliability of nuclear power plants. On contrary, the operational feasibility and acceptability concerning the system configuration changes and operator manual actions can be evaluated by the operational reliability and risk mapping analysis.
Fig. 3 shows the schematic for system reliability monitoring. The display area is divided into vertical-horizontal subwindows. The system flow diagram is shown in the top left corner of the screen. It supports importing graphic images from the system design gallery. The bottom left shows the system phased-mission model generated for the sample system. The system configuration display area is at the top right, where system component statuses are configured chronologically. The system dynamic behaviours are characterized by time series of T1, T2, …, Tn. The time frame Tn can be measured as hour or day. It is therefore that the system reliability can be monitored by running hours or days. The visual monitoring of system reliability changes is arranged in the bottom right quadrant. The potential human errors in conjunction with system functional impairment can be identified via the apparent changes in the level of system mission reliability.
4.3 Case Study: Reliability-based Scenario Mapping Analysis of a Phased-Mission Example System In order to demonstrate the risk-based reliability mapping analysis scheme used for identification of potential significant sources or risks, a water supply sample system (can be regarded a simplified safety injection system at nuclear power plants) is analysed with simulation of human error and phased-mission problems. As shown in Fig. 3, the water supply sample system is consisted of two water tanks (Tank #1, Tank #2), two pumps (Pump #1, Pump #2), four powered valves (Valve A, Valve C, Valve D, Valve E), a manually operated control valve (Valve B) and a check valve (Valve F). The sample system is operated with Valve A, Pump #1, Pump #2, and Valve E open during phase I, and then shifted to Phase II at time point T4 with Valve C, Valve D in service, and Valve A out-of-service. Assuming that a human error (P=0.999) is introduced on the Valve B. Valve B is not restored to be the required on-state after repair. The system configuration changes are mapped out by the colour changes on the status bar. For example, the bar colour will change from blue to green when a component is switched from standby to operating. The system phased-mission model is built using GO-FLOW method (See the model in Fig. 3). Also, the functional and structural hierarchy of system models can be generated for reasoning analysis using Multilevel Flow Models (MFM). The same reliability data as Reference (Yang et al., 2011) are used for calculation of dynamic system reliability profiles.
4.2 Operational Risk Mapping Analysis The monitoring of operational performance of plant is related not only to the configuration of plant configuration but also to the involvement of operator manual actions. The human errors are classified into three types: Type A (preinitiators: the potential unavailability of safety system and components caused by human errors), Type B (initiators: initiating events induced by human errors) and Type C (post-initiator: human errors made when performing operation actions since the accident occurred) (Cetiner et al., 2016). The system configuration changes as well as the Type C post-initiator human errors can be well reflected in the system mission reliability monitoring. While the plant operational performance affected by impairment of plant safety function as well as the Type B human errors and Type A human errors are monitored by risk profiles. The risk profile combines a variety of effects of equipment and operator related failures that may occur during the normal and abnormal operation of nuclear power plants. The risk profile is determined from the accident sequence models in combination with the system phased mission models. The risk profile measured by Core Damage Frequency (CDF) is calculated by following (1).
The reliability-based mapping analysis is demonstrated with three case scenarios, which are average operational performance assessment versus system mission reliability analysis (divided into mission success and mission failure). The results obtained from reliability-based mapping analyses of example system are shown in Fig. 4.
Ji N CDF = P ( I i ) P ( Sij | I i ) (1) i =1 j =1
In the reliability-based mapping analysis scheme as shown in Fig. 4, the system reliability profile is used as the metric for assessing the system operational performance. Certainly, the mapping scheme can be also expanded to risk profile. The event of whole system failure (results obtained from system reliability analysis) is then taken as the binary tree nodes that integrated in the accident sequence model for risk assessment. The plant operational performance is measured on average condition before the mission is performed. That means the mission in progress could be success or failure in a random way. It happens with a certain value of probability. While in actual plant monitoring situations, the performed missions or actions would become deterministic (either success or failure) for operational performance assessment. The actual operational performance in terms of
Where I i is the ith initial event. P( I i ) is the frequency of occurrence of the initial event I i . Sij means the jth ( j = 1, 2,..., J i ) accident sequence leading to reactor core damage after the occurrence of initial event I i . P( Sij |I i ) is the probability of jth accident sequence that will lead to core damage following the initial event I i . The core damage frequency is estimated by the sum of probabilities of all core damage sequences of potential initial events I i (i = 1, 2,..., N ) under consideration. The risk profile obtained from the accident sequence analysis can be used for mapping the risk sources that are 197
2019 IFAC HMS 198 Tallinn, Estonia, Sept. 16-19, 2019
Jun Yang et al. / IFAC PapersOnLine 52-19 (2019) 193–198
reliability/risk profile need to be re-evaluated when the mission had been conducted and confirmed afterward. The probability is updated with 1 and 0 as the mission is confirmed successful or failure. The cases mission success and failure respectively represent the upper and lower bound of operational reliability/risk profile. The operational reliability/risk profile will be dragged away from the average value in both cases of mission success and failure, as shown in Fig. 4. The difference or distance away from the average operational reliability/risk profile is applied for mapping out the potential sources of risks. In this case (Fig. 4), the adverse impacts on system operational performance are mostly resulted from human error and system configuration changes, which occurred at time point T2 and T4, respectively. The system mission reliability also decreases gradually due to the aging effects.
Adorjan, F., Akizuki, T., Alm-Lytz, K., et al. (2013). Periodic safety review for nuclear power plants. IAEA Safety Standards Series NO. SSG-25, Vienna, Austria. Apostolakis, G., Cunningham, M., Lui, C., et al. (2012). A proposed risk management regulatory framework. NUREG-2150, Washington, D.C., USA. Adamec, P., Ahmed, K., Babar, A.K., et al. (2001). Applications of probabilistic safety assessment (PSA) for nuclear power plants. IAEA-TECDOC-1200, Vienna, Austria. Cetiner, S.M., Fechtelkotter, P., Legatt, M. (2016). Advances in human factors in energy: oil, gas, nuclear and electric power industries. Springer, Germany. Drouin, M., Grantom, R., Hill, T., et al. (2005). Risk informed regulation of nuclear facilities: overview of the current status. IAEA-TECDOC-1436, Vienna, Austria. Greenberg, M., Apostolakis, G., Fields, T., et al. (2015). A review of the use of risk-informed management in the cleanup program for former defence nuclear sites. Omnibus Risk Review Committee, USA. Himanen, R., Julin, A., Jankala, K., et al. (2012). Riskinformed regulation and safety management of nuclear power plants-on the prevent of severe accidents. Risk Anal, 32(11), 1978-1993. Kadak, A.C., Matsuo, T. (2007). The nuclear industry’s transition to risk-informed regulation and operation in the United States. Reliability Engineering and System Safety, 92, 609-618. Kafka. P. (1995). Living PSA-risk monitoring-current use and developments. Nuclear Engineering and Design, 175(3), 197-204. Lanore, J.M., Pyy, P., Siu, N., et al. (2008). International review of the use and development of PSA. Proceedings of ANS International Topical Meeting on Probabilistic Safety Assessment and Analysis (PSA 2008), Knoxville, TN, USA. Shepherd, C.H., Yllera, F.J., Kaufer, B., et al. (2004). Risk monitors: the state if the art in their development and use at nuclear power plants. NEA/CSNI/R(2004)20, Vienna, Austria. Wahlstrom, B. (2018). Systemic thinking in support of safety management in nuclear power plants. Safety Science, 109, 201-218. Yoshikawa, H., Zhang, Z.J. (2014). Progress of nuclear safety for symbiosis and sustainability: advanced digital instrumentation, control and information systems for nuclear power plants. Springer, Germany. Yang, J., Yang, M., Yoshikawa, H., et al. (2014). A method for developing Living PSA for NPPs by using the GOFLOW methodology. International Journal of Nuclear Safety and Simulation, 5(1), 70-82. Yang, M. Zhang, Z. J. (2011). Study on quantitative reliability analysis by multilevel flow models for nuclear power plants. Nuclear Power Engineering, 32(4), 72-76. Yang, Q.M. (2010). State oriented procedure application in nuclear power plants in China. Proceedings of the 18th International Conference on Nuclear Engineering, ICONE18, Xi’an, China.
Fig. 4. Reliability-based mapping analysis. The quantitative analysis results of reliability/risk profile can also be interpreted in a qualitative manner. Risk bands can be used as the quantitative criteria for assisting plant personnel with their operational decisions. The risk sources can be identified by the risk monitoring from another angle and thus to mitigate these impact risks. 5. CONCLUSIONS In the paper, a dynamic risk assessment framework is proposed for operational task analysis at nuclear power plants. Under the framework of operational risk assessment system, a reliability/risk-based mapping analysis scheme is presented for identifying the potential risk sources related to system configuration changes and human errors. The concept of Living PSA is emerged in the implementation of operational risk assessment and management. While the present framework focuses mainly on the treatment of operational features such as plant configuration changes and task profiles, etc. More efforts will be put on the Living PSA to reflect the current new digital design features of the plant and to expand applications of the existing operational risk assessment system in the future work. REFERENCES
198