In considering the human role in accidents, the classical PSA methodology applied today focuses primarily on the omissions of actions required of the operators at specific points in the scenario models. A practical, proven methodology is not available for systematically identifying and analysing the scenario contexts in which the operators might perform inappropriate actions that aggravate the scenario. As a result, typical PSAs do not comprehensively treat these actions, referred to as errors of commission (EOCs). This report presents the results of a joint project of the Paul Scherrer Institut (PSI, Villigen, Switzerland) and the Gesellschaft fur Anlagen- und Reaktorsicherheit (GRS, Garching, Germany) that examined some methods recently proposed for addressing the EOC issue. Five methods were investigated: 1) ATHEANA, 2) the Borssele screening methodology, 3) CREAM, 4) CAHR, and 5) CODA. In addition to a comparison of their scope, basic assumptions, and analytical approach, the methods were each applied in the analysis of PWR Loss of Feedwater scenarios based on the 1985 Davis-Besse event, in which the operator response included actions that can be categorised as EOCs. The aim was to compare how the methods consider a concrete scenario in which EOCs have in fact been observed. These case applications show how the methods are used in practical terms and constitute a common basis for comparing the methods and the insights that they provide. The identification of the potentially significant EOCs to be analysed in the PSA is currently the central problem for their treatment. The identification or search scheme has to consider an extensive set of potential actions that the operators may take. These actions may take place instead of required actions, for example, because the operators fail to assess the plant state correctly, or they may occur even when no action is required. As a result of this broad search space, most methodologies apply multiple schemes to identify EOCs. The following elements for error search may be distinguished: task, action, system failure, and scenario. All of the methods use at least three of these elements. The review of the methods suggests that there is space for and a need for integrating them. In the area of identifying potential EOCs, for instance, it may be desirable to combine the deductive search for EOCs as additional contributors to hardware failure events (as is done in ATHEANA and the Borssele method) with a search centred on the range of safety actions considered in procedures and training (as proposed in CODA). In combining these search strategies, a key constraint is to maintain the required effort at an acceptable level. Development is also needed to address the quantification problem. In contexts that dqforce the errordq, for instance, contexts in which the plant cues potentially motivate inappropriate actions, the decision error has a high probability. In these contexts, the problem reduces to the quantification of the probability of the context, which can be based on engineering evaluation of the associated scenario. On the other hand, quantifying the probability of decision errors remains a problem in other cases. The CAHR methodology suggests a solution by basing the probability on a relative error frequency (how often similar errors appear in a database of events); efforts are being made to validate this procedure. In the longer term, dynamic, simulation-based PSA tools may provide a means to manage the range of new scenarios introduced when EOCs are comprehensively treated in the PSA. The report discusses finally the state of dynamic methods and how, in the mean time, dynamic simulations that treat the interdependent plant and operator responses can support the analysis of EOCs.
«
In considering the human role in accidents, the classical PSA methodology applied today focuses primarily on the omissions of actions required of the operators at specific points in the scenario models. A practical, proven methodology is not available for systematically identifying and analysing the scenario contexts in which the operators might perform inappropriate actions that aggravate the scenario. As a result, typical PSAs do not comprehensively treat these actions, referred to as errors o...
»
Login
BibTeX