III4 - 1 Human Reliability Analysis

IAEA Training in level 1 PSA and PSA applications
Basic Level 1 PSA course for analysts
Human Reliability Analysis

Human Reliability Analysis (HRA)
Content
z Introduction
z The HRA process in PSA
z Modelling and analysis of pre-initiating event human errors (latent
errors)
z Modelling and analysis of post-initiating event human errors
Introduction
Misdiagnosis
The impact of the available time. Evaluation of time windows
z Human dependencies
z Open discussion: What are errors of commission & how to deal with
them
z HRA documentation
z References
INTRODUCTION - OBJECTIVE
The objective of the human reliability analysis in the context of the

PSA is to identify, represent (in the logic structure of the PSA) and
analyse (quantify) all human errors, before and during the accident,
which contribute to plant risk as defined in the PSA
INTRODUCTION – HRA IN PSA - IMPORTANT
z The HRA analyst needs to STOP&THINK often and carefully

during the analysis
z HRA is performed in the framework of a PSA: The HRA analyst
needs to study and understand the PSA models and interact
with other PSA team members
z Interaction with NPP personnel is essential
INTRODUCTION – BASIC CATEGORIES OF HUMAN

EVENTS TO BE CONSIDERED IN PSA(*)
CATEGORY A – PRE-INITIATORS
Actions that cause equipment or systems to be unavailable
when required post fault
CATEGORY B – INITIATORS
Actions that either by themselves or in combination with
equipment failures lead to initiating events
CATEGORY C – POST-INITIATORS
Actions occurring post-fault. These can occur while performing
safety actions or can be actions that aggravate the fault
sequence (Types C1, C2 & C3)
(*) IAEA Safety Series No. 50-P-10

INTRODUCTION - HUMAN ERRORS: TYPE,

DESCRIPTION & IMPACT ON PSA
TYPE DESCRIPTION IMPACT ON PSA
A Human actions before the initiating event Mis-calibrations, misalignments explicitly

during normal operation that degrade system modeled in the PSA (system fault trees)
availability
B Human actions that contribute to initiating Not explicitly modeled in the PSA for full
events power mode (except when using fault
trees to model initiating events). Treated
at IE data level. Explicitly considered for
Low Power and Shutdown PSA
C1 Human actions during the accident following Human failure event (HFE) explicitly
the correct procedures modeled in the PSA (event trees and fault
trees)
C2 Human actions during the accident that due to Identified errors of commission explicitly
the inadequate recognition of the situation or the modeled in the PSA (event trees and fault
selection of the wrong strategy, make it worse trees)
C3 Human actions during the accident, trying to Recovery actions explicitly modeled in
recover the situation; for example repairs of the PSA (normally treated at sequence
equipment level)
INTRODUCTION – MODELLING OF HUMAN

INTERACTIONS IN THE PSA
z Ideally, all human interactions that contribute to risk (as defined in the
PSA) need to be identified. Successive screening processes will help
to focus efforts on those that are important
z The identification and analysis of human errors in the PSA is a
systematic process
z Contributors to human error need to be identified and analysed in a
consistent fashion
THE HRA PROCESS IN PSA – APPROACH BASED

ON SHARP*
z Definition*
z Screening*
z Qualitative analysis*
z Representation*
z Evaluation of impact*
z Quantification*
z Analysis of dependencies
z Sensitivity analyses
z Documentation*
z Internal review
* EPRI NP-3583 Systematic Human Action

Reliability Procedure, 1984
THE HRA PROCESS IN PSA - DEFINITION
z Definition of the human actions to be considered within the PSA scope

z Guidance for the correct modelling of the human failure events (HFE)
has to be provided to the sequence/systems analysts
z Review of the modelling of the HFEs in the event trees, functional fault
trees and system fault trees
z Availability of the documentation necessary for the correct and
complete modelling and analysis of the human actions, i.e. test and
maintenance procedures, calibration procedures, normal operation
procedures, procedures to follow on response to alarms, emergency
procedures, results of thermal-hydraulic calculations, information
obtained from simulator exercises, interviews, questionnaires, etc.
THE HRA PROCESS IN PSA - SCREENING
z Only the most significant HFEs need to be analysed in detail
z Initial conservative screening values are normally applied to the human

failure basic events. These need to be justified
z Selection rules need to be established:

QUALITATIVE SELECTION in the early stages: e.g. Human errors that
lead to core damage, Human errors that lead to the unavailability of
several trains of a system, or one train of several systems
QUANTITATIVE SELECTION after the first quantification: e.g. human
errors appearing in cut-sets that contribute more than x% to the core
damage frequency
THE HRA PROCESS IN PSA – QUALITATIVE

ANALYSIS (TASK ANALYSIS)
z The objective of this step is to develop a detailed description of

the human failure events to be analysed in detail
z In this step of the analysis selected human actions are divided
into different sub-tasks. This will facilitate further representation
and quantification
z In this step of the analysis the key influence factors are
identified
THE HRA PROCESS IN PSA – REPRESENTATION
The objective of this step is to represent in logic structures the

tasks and sub-tasks according to the selected methods of
human reliability analysis
THE HRA PROCESS IN PSA – EVALUATION OF THE

IMPACT
z In this step of the analysis the correct integration of the Human

Failure Events into the PSA models is revisited
z The previous steps of the human reliability analysis sometimes

identify required modifications to the existing system or sequence
models (e.g., due to identification of alternative operator actions,
identification of complete dependency between human actions
modelled separately, identification of errors of commission, etc). This
means that the models have to be fine tuned and the new or modified
human actions re-evaluated
z This is an iterative process that finishes when acceptable models

have been obtained
THE HRA PROCESS IN PSA – QUANTIFICATION
z Calculation of the human error probabilities and associated

uncertainty ranges
z Examples of methods:
THERP (NUREG/CR-1278) Handbook of Human Reliability
Analysis
ASEP (NUREG/CR-4772) Accident Sequence Evaluation
Programme, Human Reliability Analysis Procedure
HEART (Jerry Williams, 1988), Human Error Assessment and
Reduction Technique
HCR (EPRI RP 2170-3) Human Cognitive Reliability Model for
PRA Analysis
TRC Curves (NUREG/CR-3010) Post Event Human Decision
Errors: Operator Action Tree/Time Reliability Correlation
SLIM-MAUD (NUREG/CR-3518) An Approach to Assessing
Human Error Probabilities Using Structured Expert Judgement
THE HRA PROCESS IN PSA – DEPENDENCY

ANALYSIS
z The dependency between human errors involved in the same

accident sequence should be analysed
z This topic will be treated in detail later

THE HRA PROCESS IN PSA – SENSITIVITY

ANALYSES
z The impact of uncertain factors in HRA needs to be

understood and analysed
z Sensitivity studies are performed:

changing assumptions;
re-quantifying the actions;
and analysing the impact.
THE HRA PROCESS IN PSA – DOCUMENTATION
z The objective of this task is to document the Human Reliability

Analysis in order to make it traceable, reproducible and verifiable
z The documentation has to be complete: it should contain all the
assumptions, data sources, models used, selection criteria,
sensitivity studies, dependency analysis, etc...
z Write the story while you are doing the analysis - Do not wait until
the end!
z This topic will be treated in more detail later
THE HRA PROCESS IN PSA – INTERNAL REVIEW
To ensure
correctness,
completeness,
and consistency
MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

HUMAN ERRORS (LATENT ERRORS) IN PSA
z Pre-initiating event human errors were involved in the TMI

accident and are often associated with significant events
z They cause system unavailability and they only reveal

themselves when an adequate surveillance/test is carried out or
when the actuation of the system is demanded (e.g., to mitigate
an accident)
z In principle, there is no justification for their exclusion from the

PSA models

z Types: misalignments and miscalibrations
z Identification & modelling : In principle, every component that is

manipulated is subject to this type of unavailability
z It is easier to model them all although plant specific defences can

be taken into consideration for the initial selection (with supporting
justification)

Plant specific defences/features need to be taken into

consideration when performing the task analysis (e.g. approaches
for the management of plant configuration, functional tests and
other verifications required after manipulation, etc.)

z The analyst has to be very careful when deciding whether a

verification can be considered effective to detect the human error,
e.g.:
starting and immediately switching off a pump does not
necessarily verify whether the suction valve is closed but it does
verify whether or not the pump has been left de-energised
a functional test of instrumentation&control equipment
performed after calibration by the same staff using the same
master instrumentation does not necessarily confirm that the
initial calibration was correct

z Quantification methods:
ASEP
THERP
HEART

PRE-ACCIDENT HUMAN ERRORS VS. RANDOM COMPONENT FAILURES:

z The boundary of these two types of failures has to be perfectly identified
so that there are no gaps and there is no double counting
z Typical pre-accident human errors are misalignments during restoration
after maintenance/test. These are dealt with by standard HRA procedures
z Typical pre-accident human errors are I&C and safety valve
miscalibrations (including misalignments during restoration after
calibration). These are dealt with by standard HRA procedures
z Human errors during maintenance are often difficult to identify. The are
normally counted as part of the random failures of components. These are
dealt with by standard statistical data processing
z The interface between HRA and data analysts is important to ensure that
there are no gaps and there is no double counting
MODELLING AND ANALYSIS OF POST-INITIATING EVENT
HUMAN ERRORS IN PSA – INTRODUCTION: THE HUMAN
INTERACTION PROCESS
TIME EXPERIENCE HUMAN-

COGNITIVE MACHINE
WINDOWS & TRAINING
PROCESS INTERFACE
STRESS
Diagnosis Decision
OTHERS
Manual
Detection
HUMAN Actuation
MACHINE
Indicators Controls and
and hand
Displays switches
Operation
of
Equipment
25
HUMAN ERRORS IN PSA - INTRODUCTION: CONTRIBUTIONS
TO HUMAN ERROR PROBABILITY
DETECTION DIAGNOSIS DECISION ACTUATION
Success
P1 Omission error or
Commission error
P2 Non-response or
commission error
P3 Non-response or
Commission error
P4 Non-response
HEP ˜ P1 + P2 + P3 + P4
+ the consequences of the commission errors
HUMAN ERRORS IN PSA - INTRODUCTION: PERFORMANCE
SHAPING FACTORS
All those factors affecting human performance, eg:

Type of behavioural process
Time window
Level of training
Quality of the man-machine interface
Quality of procedures
Stress level (psychological & physiological influences)

HUMAN ERRORS IN PSA - MISDIAGNOSIS
z What does it mean that the situation is misdiagnosed?

z What is the effect of a misdiagnosis? What is the impact on the PSA?
z How should we analyse what misdiagnoses are credible and the
probability of confusion?

WHAT DOES IT MEAN THAT THE SITUATION IS MISDIAGNOSED?
z Situations in which the mental image that the operating crew has of
the plant status differs from the real plant status

POSSIBLE EFFECTS OF A
PSA IMPACT
MISDIAGNOSIS
The human actions required to The probabilities of affected HFEs

cope with the accidental situation modelled in the PSA need to include
are not performed this contribution:
P(HFE)= Pdiag+Pdet+Pdecis+P act
The actuation of systems required The affected system fault trees need to
to cope with the real situation is model this HFE
inhibited
Actions not required to cope with No impact on models but may
the real situation are performed impact time windows
which do not impact the situation
Actions not required to cope with Some sequences may be affected and
the real situation are performed some event trees may need to be
which worsen the situation modified
In spite of misdiagnosis the correct No impact on models but may

actions are performed impact time windows

ANALYSIS OF MISDIAGNOSED SCENARIOS, THEIR PROBABILITIES

AND CONSEQUENCES:
Prepare a “confusion matrix” which shows the Initiating Event groups

included in the PSA in both axis
Analyse in detail the symptoms/cues that allow the recognition of the
accident scenario
Analyse in detail the instrumentation available/used to recognise the
situation
Discuss with the operating staff and trainers
MODELLING AND ANALYSIS OF POST-INITIATING EVENT HUMAN

ERRORS IN PSA - MISDIAGNOSIS - CONFUSION MATRIX
REAL SMALL LOCA STEAM SMALL STEAM OTHER

GENERATOR LINE BREAK INITIATING
DIAGNOSED TUBE (IC) EVENT
RUPTURE
SMALL LOCA *********** P1 P2 P3

STEAM ************
GENERATOR P4 P5 P6
TUBE
RUPTURE
SMALL STEAM ************

LINE BREAK P7 P8 P9
(IC)
OTHER ************
INITIATING P10 P11 P12
EVENT

z Revisit confusion matrix and screen out all incredible confusions.

Justification needs to be provided and transparent
z Use a structured expert judgement approach to calculate the
probabilities of the identified confusions
z The possibility of recovery (re-diagnosis) needs to be taken into
account in the analysis
z For the identified confusions, analyse the emergency procedures in
detail to identify ‘what can go wrong’, e.g.:
Systems required to mitigate accident are inhibited (impact on system fault
tree models)
Actions are taken which are not required and change the course of the
sequences (impact on event tree models)
z Request modification of the models accordingly

ERRORS IN PSA - EVALUATION OF TIME WINDOWS
z Why is it necessary to have a “reasonable” evaluation of time

windows?
z How should we evaluate time windows?
z Impact of time in the manual part
MODELLING AND ANALYSIS OF POST-INITIATING EVENT HUMAN ERRORS IN

PSA - NEED TO EVALUATE TIME WINDOWS WHEN USING TIME-RELIABILITY
CURVES - ASEP (SWAIN, 1987)
1
"asep.txt"
"asep.txt"
0.1 "asep.txt"
Upper bound
Non-response probability
0.01
0.001 Median
Lower bound
0.0001
1e-05
1e-06
1e-07
1 10 100 1000
Time (minutes) after a compelling signal of an abnormal situation

CURVES - HCR (HANNAMAN & SPURGIN, 1984A)
1
hcr(x, .7, .407, 1.2)
hcr(x,0.6, .601, .9)
hcr(x, .5, .791, .8)
Non-response probability
0.1 SKILL
RULE
KNOWLEDGE
0.01
0.001
1 10
Normalised time

CURVES - COMPARISON OF TIME RELIABILITY CURVES
HCR-Know-Adv
• ASEP upper &
0.1 lower bound curves
TRC-Rec-Hi
0.01
• TRC upper & lower
ASEP-Hi bound recovery
ASEP-Lo
HCR-Know-Nom curves
0.001
TRC-Rec-Lo
• HCR knowledge
HCR-Rule
1*10-4
based curves for
nominal & adverse
conditions (5min
1*10-5 median time)
1*10-6
• HCR rule-based
curve (5min median
time)
1*10-7
0 10 20 30 40 50 60
Timei

ERRORS IN PSA - EVALUATION OF TIME WINDOWS - HUMAN
ACTION OF SHORT EXECUTION TIME
t1 t2
t0 = 0 t3
Initiating End of action Time limit

event to perform the
action
Emergency Operating Procedure (EOP) relevant step

Alarm
Cue
t(A) = Available time = t3 - t1
T1/2 (A) = Median time for action = t2 - t1

MODELLING AND ANALYSIS OF POST - INITIATING EVENT HUMAN

ERRORS IN PSA - EVALUATION OF TIME WINDOWS - ACTIONS WITH
SEVERAL STEPS AND LENGTHY OR LOCAL ACTUATIONS
t1 t2 t3 t4 t5
t0 = 0
Initiating Alarm Starts Ends Time limit

event execution action to perform
of action A A action A
tlocal = Local manual actuations = t3 - t2
t(A) = Available time = t5 - t1 - tlocal
T1/2 (A) = Median time for decision = t4 - t1 - tlocal

ERRORS IN PSA - EVALUATION OF TIME WINDOWS - SEVERAL HUMAN
ACTIONS OF SHORT EXECUTION TIME
(This approach could give optimistic results)
t1 t2 t3 t4 t5 t6 t7
t0 = 0
T1/2 (A) T1/2 (C)
Initiating EOP step A EOP step B EOP step C Time limit

event to perform A, B & C
End of End of End of
action A action B action C
t(B) = Available time for B = t7 - t3 - T1/2 (C)
T1/2 (B) = Median time for B = t4 - t3

PSA - EVALUATION OF TIME WINDOWS - SEVERAL HUMAN ACTIONS OF
SHORT EXECUTION TIME
(This approach is conservative)
t1 t2 t3 t4 t5 t6 t7
t0 = 0
T1/2 (A) t avail(C)
Initiating EOP step A EOP step B EOP step C Time limit

event to perform A, B & C
End of End of End of
action A action B action C
t(B) = Available time for B = t7 - t3 - (t7-t5)

= t7 - t3 - tavail (C )
T 1/2 (B) = Median time for B = t4 - t3


ERRORS IN PSA - EVALUATION OF TIME WINDOWS - COMMENTS
TO THE PREVIOUS SLIDES
z Prepare time lines for the sequences using information from the
accident analysis calculations, emergency procedures, simulator
observations, etc.
z Evaluate time windows systematically across the study
z Analyse the sensitivity of the approach used for the evaluation of
time windows and fine tune the HRA calculations accordingly
HUMAN DEPENDENCIES
GENERAL
z Dependency between two tasks refers to the situation in which the

probability of failure of the second task is influenced by whether a
success or failure occurred on the previous task
z Non consideration of dependencies between human errors can cause a
significant underestimation of the Risk
HUMAN DEPENDENCIES
EXAMPLES OF COUPLING MECHANISMS
z Same person
z Same crew
z Same procedure
z Same procedure step
z Similar action
z Close in time
LEVELS OF HUMAN DEPENDENCY
Levels of dependency and dependent error rates

(NUREG/CR-1278, Chapter 10)
ZERO: N Independent
LOW: (1 + 19N) / 20 ~ 0.05
MODERATE: (1 + 6N) / 7 ~ 0.15
HIGH: (1 + N) / 2 ~ 0.50
COMPLETE: 1.0 1.0
EXAMPLES OF HUMAN DEPENDENCIES TO BE

CONSIDERED IN PSA
z Main types
Between pre-initiating event human errors
Between post-initiating event human errors
Between human errors causing initiating events and post-
initiating event human errors
z Special cases
Between sub-tasks involved in the same action
Between initial errors and recovery failures
DEPENDENCIES BETWEEN PRE-INITIATING EVENT

HUMAN ERRORS
z Common Cause calibration error events explicitly modelled in the

fault trees
z Common Cause misalignments explicitly modelled in the fault
trees
z Identification: Analysis of testing and maintenance procedures
and schedules
z The survey of cut-sets could identify additional potential
dependent pre-initiating event human errors
DEPENDENCIES BETWEEN POST-INITIATING EVENT

HUMAN ERRORS
z Human errors to be considered for dependency analysis are

those involved in the same accident sequence
z The most efficient way to identify them is by substituting all
HEPs by 0.9 and re-quantifying the PSA. Cut-sets that include
two or more HFEs will become apparent
z Substitution of probability of the second, third, etc, human
errors by their dependent values should be done at cut-set
level
z When modelling recovery actions (C3 type) it is essential to
analyse the dependency with other human errors in the same
accident sequence
DEPENDENCIES BETWEEN POST-INITIATING EVENT

HUMAN ERRORS
INITIATING HEADING A HEADING B HEADING C HEADING D END STATE
EVENT
Success
Core damage
Success
(HE-X)
(HE-Y) Core damage

(one cutset HE-X* HE-Y)
To other event tree
F (Cutset of interest in Sequence 4) = F(IE) * P(HE-X) * P (HE-YDEP)

P (HE-YDEP ) can be >> than P (HE-Y) depending of the level of
dependency
DEPENDENCIES BETWEEN HUMAN ERRORS CAUSING
INITIATING EVENTS AND POST-INITIATING EVENT HUMAN
ERRORS
z Sequences in which this type of dependency could occur are

easily identified if the human errors that lead to initiating
events are explicitly modelled
z The treatment of this type of dependency is in principle similar
to the treatment of dependencies between post-initiating event
human errors (discussed in previous slides)
z Examples of this type of dependency may be more common in
the PSA for low power and shutdown modes
DEPENDENCIES BETWEEN SUB-TASKS INVOLVED

IN THE SAME ACTION
A
DEPENDENCY BETWEEN A&B
B
C
F1
D
F2
FAILURE
F3
A: Operator does not start pump A

B: Operator does not start pump B
SUCCESS F1= PA *PB (DEP)
PB (DEP) >>> PB
DEPENDENCIES BETWEEN INITIAL ERRORS AND

RECOVERY FAILURES
A
DEPENDENCY BETWEENA&B
B
C
F1
D
F2
FAILURE
F3
A: Operator does not start System A

B: Shift supervisor fails to start System A
SUCCESS
F1= PA *PB (DEP)
PB (DEP) >> PB (depending on the available
time, crew organisation, etc.)
ERRORS OF COMMISSION
DEFINITION (*)
z Inappropriate actions during the response to a transient or an

accident that can place the plant in a situation of higher risk
z The principal characteristic of an error of commission in a PSA
context is that its consequence is a state of unavailability of a
component, system or function
(*) NEA/CSNI/R(98)1
ERRORS OF COMMISSION
TYPES [NUREG/CR-1278, pg. 2-16]
z Selection error:
Wrong control
Mis-position of control
Wrong command or information
z Error of sequence
z Time error
Too early
Too late
z Qualitative error
Too much
Too little
ERRORS OF COMMISSION RELATED TO THE DIAGNOSIS,
DECISION AND EXECUTION PHASES OF THE HUMAN
ACTUATION
z Errors of commission related to the diagnosis phase of the

human action
z Errors of commission related to the decision phase of the
human action
z Errors of commission related to the execution phase of the
human action
OPEN FOR GROUP DISCUSSION!!!

KEY ELEMENTS OF THE HRA DOCUMENTATION

WHY?
BECAUSE THE ANALYSIS NEEDS TO BE:
TRACEABLE
REPRODUCIBLE
VERIFIABLE
UPDATEABLE
KEY ELEMENTS OF THE HRA DOCUMENTATION

SUMMARY
z Key elements of the work plan (task procedure)

z Key elements of the task documentation (task analysis file)
KEY ELEMENTS OF THE HRA TASK PROCEDURE
z Identification of the types of human failure events (HFEs - basic events

that represent the human induced failures of functions, systems or
components) that need to be included in the logic model structure
z The details of the HRA process are different for pre-initiating event HFEs,
post-initiating event HFEs and those associated with the initiating events
Detailed guidance for the implementation of this process needs to be
provided

(cont.)
z Guidance for the identification of opportunities for human/system
interaction
z Criteria for screening out those opportunities that are most unlikely to
result in human failures
z Methodology for the evaluation of probabilities of human failure events:
Initial screening values
Description of the methodologies to be used for the detailed analyses
of the different types of human failure events. The performance
shaping factors to be considered need to be identified

(cont.)
z Guidance on how to treat dependencies among human failure events

both at system as well as at event sequence level
z Guidance on information to be exchanged with other PSA tasks
z Guidance for preparation of the Task Analysis File
KEY ELEMENTS OF THE HRA TASK ANALYSIS FILE
z Identification of the human/system interaction with which the event is

associated. This may be a surveillance test, a calibration, a maintenance
action, or a procedure directed response. In the case of responses to
equipment failures or other cues, the cues should be identified

(cont.)
z Specific human error contributors to the HFEs:

Identification of the sub-tasks included as possible contributors to the
HFE and the ones which are not included
Identification of the possible human failure modes included. For
example, when using THERP, it may be determined that because of
the control board layout, an error of commission of selection of an
incorrect control is of low probability, and only the error of omission is
included.

(cont.)
z Determination of the plant-specific and HFE-specific influence of the

factors required by the quantification model. Although no universally
accepted objective standards exist for measuring many of these factors,
any assumptions adopted by the analysts should be documented
z Identification and documentation of the sources of information and data
for HRA. Typical sources are:
review of procedures for maintenance, tests and calibration activities
observations made at the plant or during simulator exercises
discussions with operational or maintenance personnel
data from other plants or other PSAs

(cont.)
z The determination of the dependency between HFEs appearing in the

same accident sequence cut-sets should be documented
process by which the candidates for dependency were identified
determination of the degree of dependency
method by which the way the conditional probabilities were calculated

(cont.)
z It is very important to understand why some human related events are not
included in the model. Therefore, the following needs to be documented:
Any potential HFEs that have been screened out, and the reasons
why
Cases where the hardware contribution to the human/system
interaction has not been included and the justification for this
HFEs that are assumed to dominate or lead to a complete
dependency of subsequent HFEs

(cont.)
z Documentation of the sensitivity analyses performed

z List of all HFE included in the PSA, associated probabilities and
uncertainty ranges
z List of all the references used, including version number and date
z This task interfaces significantly with the event sequence analysis,
system analysis, and reliability data analysis tasks. All information
exchanged between HRA and the other PSA tasks needs to be
included
REFERENCES AND BIBLIOGRAPHY

z Cooper, Ramey-Smith, Wreathall, Parry, Bley, Taylor and Luckas, ‘A Technique for Human Error Analysis (ATHEANA),
Technical basis and methodology description’, NUREG/CR-6350, 1996
z Embrey, Humphreys, Rosa, Kirwan & Rea, ‘SLIM-MAUD: an approach to assessing human error probabilities using
structured expert judgement’, NUREG/CR-3518, 1984
z Hall, R.E., Fragola, J.R., Wrethall, J.W. 1982. ‘Post Event Human Decision Errors: Operator Action Tree / Time Reliability
Correlation’. NUREG/CR-3010, United States Nuclear Regulatory Commission, 1982
z Hannaman & Spurgin, ‘Human cognitive reliability model for PRA analysis’, (HCR), EPRI Project RP2170-3, draft NUS-
4531, 1984a
z Hannaman & Spurgin, ‘Systematic Human Action Reliability Procedure (SHARP)’, EPRI NP-3583, 1984b
z Hollnagel, ‘Cognitive Reliability and Error Analysis Method – CREAM’. Elsevier. New York, Amsterdam. (ISBN 0-08-
042848)
z IAEA-Safety Series 50-P-10, ‘Human Reliability Analysis in Probabilistic Safety Assessment for Nuclear Power Plants’,
1995
z NEA/CSNI/R(98)1, ‘Critical Operator Actions - Human Reliability Modelling and Data Issues’, 1998
z NEA/CSNI/R(2000)17, ‘Errors of Commission in Probabilistic Safety Assessment, 2000
z Parry, Singh, Spurgin, Moieni, Beare, ‘An approach to the analysis of operating crew response using simulator exercises for
use in PRAs’, OECD/BMV workshop on Special Issues of Level 1 PSA, Cologne, 28 May 1991
z Reason, J. 1990. ‘Human error’. Cambridge university press
z Swain, ‘Accident sequence evaluation programme, Human reliability analysis procedure, (ASEP)’, NUREG/CR-4772, 1987
z Swain & Guttmann, ‘Handbook of human reliability analysis with emphasis on nuclear power plant applications’, (THERP),
NUREG/CR-1278, 1983
z Williams, J.C. (1988). ‘A data-based method for assessing and reducing human error to improve operational performance’.
Proceedings of IEEE Fourth Conference on Human Factors in Power Plants, Monterey, California, June 5-9. pp. 436-450.

III4 - 1 Human Reliability Analysis

Uploaded by

Copyright:

Available Formats

III4 - 1 Human Reliability Analysis

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

III4 - 1 Human Reliability Analysis

Uploaded by

Copyright:

Available Formats

IAEA Training in level 1 PSA and PSA applications

Basic Level 1 PSA course for analysts

Human Reliability Analysis

The objective of the human reliability analysis in the context of the

INTRODUCTION – HRA IN PSA - IMPORTANT

z The HRA analyst needs to STOP&THINK often and carefully

INTRODUCTION – BASIC CATEGORIES OF HUMAN

(*) IAEA Safety Series No. 50-P-10

INTRODUCTION - HUMAN ERRORS: TYPE,

TYPE DESCRIPTION IMPACT ON PSA

A Human actions before the initiating event Mis-calibrations, misalignments explicitly

INTRODUCTION – MODELLING OF HUMAN

THE HRA PROCESS IN PSA – APPROACH BASED

* EPRI NP-3583 Systematic Human Action

THE HRA PROCESS IN PSA - DEFINITION

z Definition of the human actions to be considered within the PSA scope

THE HRA PROCESS IN PSA - SCREENING

z Only the most significant HFEs need to be analysed in detail

z Initial conservative screening values are normally applied to the human

z Selection rules need to be established:

THE HRA PROCESS IN PSA – QUALITATIVE

z The objective of this step is to develop a detailed description of

THE HRA PROCESS IN PSA – REPRESENTATION

The objective of this step is to represent in logic structures the

THE HRA PROCESS IN PSA – EVALUATION OF THE

z In this step of the analysis the correct integration of the Human

z The previous steps of the human reliability analysis sometimes

z This is an iterative process that finishes when acceptable models

THE HRA PROCESS IN PSA – QUANTIFICATION

z Calculation of the human error probabilities and associated

THE HRA PROCESS IN PSA – DEPENDENCY

z The dependency between human errors involved in the same

z This topic will be treated in detail later

THE HRA PROCESS IN PSA – SENSITIVITY

z The impact of uncertain factors in HRA needs to be

z Sensitivity studies are performed:

THE HRA PROCESS IN PSA – DOCUMENTATION

z The objective of this task is to document the Human Reliability

THE HRA PROCESS IN PSA – INTERNAL REVIEW

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

z Pre-initiating event human errors were involved in the TMI

z They cause system unavailability and they only reveal

z In principle, there is no justification for their exclusion from the

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

z Types: misalignments and miscalibrations

z Identification & modelling : In principle, every component that is

z It is easier to model them all although plant specific defences can

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

Plant specific defences/features need to be taken into

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

z The analyst has to be very careful when deciding whether a

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

MODELLING AND ANALYSIS OF PRE-INITIATING EVENT

PRE-ACCIDENT HUMAN ERRORS VS. RANDOM COMPONENT FAILURES:

TIME EXPERIENCE HUMAN-

DETECTION DIAGNOSIS DECISION ACTUATION

All those factors affecting human performance, eg:

MODELLING AND ANALYSIS OF POST-INITIATING EVENT

Prepare a “confusion matrix” which shows the Initiating Event groups