 So Unfortunately, let me say so you will have to suffer with me the whole day Because this is my day I will occupy you for the whole day, but I hope it will not be boring so Today's topics are before the lunch We are talking about the human reliability analysis and the human factors and human factors engineering requirements also in the afternoon We'll talk about the safety assessment during the lifetime of the plant during the operation and more details about the periodic safety reviews and periodic safety review reports and Content of these reports and so on and so on and the last presentation will be the aging Assessment aging management and lifetime Limiting factors Okay, let's start with the human reliability analysis. Just one question to you. Does anybody have Some experience in human reliability analysis No No, this is a special topic of Mostly it is related to the probabilistic safety analysis because Humane reliability analysis in in most of the cases is performed in the frame of the human the probabilistic safety analysis to Calculate the human error probabilities For the system models and for the event sequence models, however It appeared during the this analysis that there are very useful insights also for human factor engineering and there are Nice results which can be used to improve the human performance at the nuclear power plants also the training programs can be What can can use? I mean during the development of training programs at the plant the Results of the human reliability analysis can be used So I'm trying not to concentrate on on the probabilistic part of the human reliability analysis but I would Rather concentrate on what are those results which can be used for other purposes than Human reliability analysis and they sorry the probabilistic safety analysis So first of all We will talk about the well, we'll have some introduction We will talk about the classification of Human actions or human errors The sharp procedure this is this is the framework what is in many and in most of the cases is used for the human reliability analysis, let's use the Abbreviation for the human reliability analysis we use usually age array So in many cases you will hear the abbreviation age array Then it means the human reliability analysis then some of the Details from the classification where we are talking about the pre-accident human errors Then post-accident human interactions and due to misdiagnosis or post-accident human interactions the impact of the available time evaluation of the time windows and some human dependencies a Special Discussion will be allocated to the errors of commission Which which is a hot topic these days Earlier we could not Analyze or could not model the errors of commission Therefore because it I will tell you the difficulties, but I got out the difficulties with in relation with the errors of commissions now First of all the objective of the human reliability analysis is to identify represent in logic structure of the PSA and analyze or quantify all Human errors impacting the plant safety before and during an accident Usually in the probabilistic safety analysis, we have a logic model which of the plant which contains the event sequences to be Quantified and also the system models in terms of system for trees and in the system for trees we have Logical operations and At the end we have some basic events so-called basic events. Those are the lower level lowest level of the Fortress and Those represents all those events which are not Modeled further but assigned instead assigned a probability to them and having all the probabilities assigned to the basic events we can quantify the Probability of the system function failure or so now one of these basic events is the human error and Human error probability is Quantified or is How to say characterized by the human reliability analysis which is targeted to The quantification of the human error probabilities This is a successive screening process which will help us to focus efforts on those Human interactions that are important. Of course, we are not analyzing what kind of human actions at the plant Just those which are important to safety so We have to select from Whole set of from the whole set of human interactions of human actions those which are related to safety and as You could see in the content we have pre-accident and post-accident Human interactions pre-accident human interactions are those which can cause System or component unavailability in case it is needed Mostly these interactions are related to the maintenance activities When I mean the interactions are of the maintenance activities and the human arrows Done or Well human arrows during the maintenance activities and some other questions are arising here whether So-called common cause failure can be caused by human arrows, but we are coming to this later so common cause failures then Component or system unavailability is which actually affecting the safety so The human interactions are very important and and most of the cases The human interactions are High or important contributors to the plant risk Whatever we do Almost all of the cases some human interaction will be present Okay, so that we cannot avoid human interactions. There cannot be automatic maintenance therefore The maintenance is done by by the human and if the maintenance is done by the human the human error Done by the Human being is present whatever we do We can influence somehow the human performance to minimize the likelihood of the human errors, but we cannot eliminate them totally so in the case of Human reliability analysis we as I said we cannot handle or we cannot model all the or cannot analyze all the Human interactions because there are so many and so many different types Just those which are affecting the safety and now comes the question how to Make this screening Okay, that's that's an important Question whether we can apply a method for for a screening those Human interaction the screening of those human interactions, which are not important to safety and To be sure that what what is modeled or what is analyzed is is a complete set. Okay The identification on analysis of human errors in the PSA is a systematic process. I left the PSA here in the On this slide because as I told you the human Reliability analysis is mostly done for the probabilistic safety analysis And the during the analysis an interaction with the MPP personnel is very essential For existing nuclear power plants When we are performing the human reliability analysis Definitely we need Very good cooperation with the plant people Otherwise, it will be some something theoretical and and then we cannot Ensure that the Analysis is realistic Okay so Let's classify the Human errors We can classify the human error by the time of occurrence we Usually use the a b and c ID for the human error type a is your usually those human errors which are done before the Accident so in the normal operation like Miscalibrations or misalignments or something which can cause System unavailability. Let's let's give you an example for the High pressure injection system usually the Pump starts on the recirculation. Yes, and But the recirculation lines in many cases is is with a much smaller diameter than what is needed for the injection and During the testing of the functional testing of the system We cannot be completely sure that The test will represent the real situation if we We are performing the test through the recirculation line In other words, we have to install so-called test line which has such Hydraulic characteristics as the line which goes into the primary circuit now if this Line this line is normally closed definitely because If it is open then then the flow will go to that direction instead of going to the primary circuit therefore to ensure the Availability of the high pressure injection system this line normally should be closed It is open only for the test So by manual action the operator opens this test line and performs the test after the successful test the operator has to close this test line and We had such cases when this test line remained open after the Test and nobody realized it till the next test So we have six weeks of test period and for these six weeks the actual System remained unavailable just just due to human error so What is coming out of it? We have such human actions During which we can do such mistakes which disables totally the safety systems. Okay, so These are the type a human errors There are some type B human errors which can cause initiating events like unintentional reactor scram or During the calibration of the reactor scram system Making such mistake It can probably who has some experience in nuclear power plant operation can also recall from the Operating experience such cases when the mistake during the calibration of the React to scram Instrumentation and control they caused reactor scram Okay, so this is an initiating event there can be such Human errors which can cause initiating event and the initiating event itself already is a process Initiates a process which which is risky so Which can develop to an accident? therefore We also have to identify those human actions During which the operator or the field operator can do such mistakes such errors which will cause initiating event Then comes the This is the type B human errors now if we are talking about the Human performance during the accident during the process during the event sequence which is going on After the initiating event there. There are lots of tasks of the operator So whatever we do we cannot totally out of my Automize the Flow though we are trying to do that. So in the new nuclear power plants for the design specification it is Many times it is said that in the first half an hour of the Process after the initiating event there should not be need for Human interaction half an hour Come on. It means that for half an hour this operator can sit and wait. What what will happen? Okay after that They they stand up and then start looking at the Operating instructions what to do further. Well, it is not of course The case because this half an hour is given for the operator to to understand the situation to to make a diagnosis where the process is going and so on and so on so This is some time for him to to to understand the situation and if it is If it seems to be a severe situation, of course, they will call immediately somebody From the management or or or the senior stuff Senior safety stuff to help them to solve the situation in any case We have human actions during the accident following the correct procedures I'm selecting the correct procedure because I did I did a good Diagnosis and I'm following the procedure. It is written down that I do this I have to do this and this and this there are steps written down depending on the on the parameter flow I can Exit from the procedure Taking another one and so on and so on there is a system of using the operating procedures But if I'm following it correctly It is assumed that The process will go to to a safe state However, if I'm making a mistake and I'm mixing up the procedures And I'm taking a different procedure. I can lead the the process to to something totally different. Okay, so That's why we have to identify the needed human interactions during the accident and The deterministic safety analysis which is performed which is done for the Design-based accidents Which shows me The success after the initiating event because the design-based accident analysis is to Demonstrate the success. It will assume some human interactions So and if it is assuming some in the human interactions I will check whether this human interaction is is done Perfectly. So what is the probability of not doing this human interaction? Okay, and There are What is the effect no not non-successful response within the time window time window we'll talk about the time window a bit later Why it is important. So non-successful response within the time window Errors of omissions and commissions omission error of omission. What is error of omission? I'm not doing what is requested This is error of omission error of commission I'm doing something different what is needed. So I'm mixing up the situation. I'm doing something the totally wrong action, this is the error of commission and and Why did I say that this error of commission is a error of commission is a problem in analyzing because It can be anything So the action can be anything. So there is no not to say a single Alternative for error of commission there there are lots of possibilities Instead of doing the right thing I can do several Things which is not Right therefore it is difficult to define what are the actions Potential actions the operator will do in the instead of doing the right thing Okay. Now This is the C1 Because whether the C type human errors are split into three different Action types at the second type is the human actions during the accident that due to the inadequate recognition of the situation make it worse so it is it is kind of Error of commission and This is no response of or errors of Commission if I'm not I mean If the situation is getting worse just due to my wrong action or due to my Not doing anything then this belongs to the seat to type Situation and three C three is the human actions during the accident trying to recover the situation For example repairs to the equipment. These are the recovery. I did something wrong But I still have time to to to get it better Okay, so this is this is this is one part of the story the operator Realizes that he took a wrong procedure. Oops Just let's let's let's take the other one and let's see if we can recover the situation and in many cases after the Human error The question is how successful this recovery can be if we have time for that on the other hand we'll have Component or equipment failures during the process and it may happen that due to the Component or equipment failure Which should have Actuated or or should have run properly It fails and it disables the safety function now comes the question whether we have time to Make the repair a quick repair for for for that Component Can I can I call the field operator a go there and and then do it manually? Do I have time for that if I have time for that then I can analyze I can I Can try to analyze what is the probability of non-successful recovery? Okay, so The these are the Human actions and the human Error classification by the time of occurrence now By the output of the human error by the result what what will be the effect of the human error? there is another type of Classification where we have the errors of omission and the errors of commission these are the two major Classes The errors of omissions are we can omit the entire task. I'm Not doing anything just I'm not doing Anything what is required or I can omit a step or Couple of steps in the in the task Usually the emergency operating procedures are constructed on such way that specifies the list of operator actions One after the other so In a in a time order Now the errors of omissions are those When I'm not doing a step or I'm not doing What is written down? The errors of commissions are more complicated as You can see we have this the selection error the errors of the sequence or timing error or qualitative errors, so When I'm selecting the wrong control it is a selection error I want to to switch on the pump and then I'm switching on something different. It was close to the The switches are closed on the on the panel. Therefore, I may do this mistake Okay, and and of course switching on something else Either verse and the situation or or will not be effective at all. Who knows this? This is the depends on the process then misposition of controls I'm simply Looking at a different indication. Okay, or issue wrong command on information or Operator has the right information, but then issues a wrong command cause of the guy Who is at the? On the on the field and and and test him to to close something which is totally irrelevant so Errors of sequence Those are the Errors which will Drive the the sequence to a different sequence so If I'm doing something wrong The event sequence will continue on a totally different path Okay it would be easier to to explain it Presenting an event tree for an initiating event, but I didn't want to mix it up because it is it is very much PSA related so Unfortunately, I don't have an event Tree to show if something was wrong then then the situation goes to a different path Then the timing errors of course The human human action should be done Properly at the right time Or in the right time window So if I'm doing it too early It may not be effective or it may worsen the situation Or if I'm doing it too late, then it's too late. So the situation will be already changed to Such level which which my action is not useful at all and The quality of errors like too little or too much Okay, so too little I I Inserted too much too little water, which is which is not enough to do or or too much water Which which over pressurized the system and so on and so on so so these are the arrows of commission And then as you can see in most of the cases in the early PSA's we analyzed only these These were somewhat qualitatively included but The quantification could not be done because it it is Requiring awful lot of different modeling These days We are Working I mean the international community is working on on a Selecting or or producing a methodology which is acceptable for the analysis of the errors of commission If we go by type of reasons why the operator is doing The human error This is sleep Deviations in manual actions when you know what you should have done but You you did not so it is it is a sleep lapses of memory Okay, or mistakes error of knowledge decision diagnosis where you do not know Certainly what you should do and the operator is trained. Yes, so and and they have exams they have a retraining and and Continuous so their knowledge should be kept on on on a high level therefore This mistakes With the training the number of mistakes can be reduced however These mistakes are not avoidable. I will tell you An interesting experiment what we did at at the pox plant and It it had wonderful results to understand this kind of And this type of human mistakes and violations Where the intention was to do something good by Bending the barriers by bending the barriers compared to sabotage there Or or a malevolent act where the intention was bad. So I'm Violating I I want to get rid of this situation. Therefore, I'm I'm doing my I'm doing my best. Okay, so this is this is what what we say when we are we are just bending the barriers and we are Exiting from from from the frame of of the operating procedure this is the violation and This is different from sabotage or or malevolent actions because there Intentionally I'm doing something to to make situation verse Let me tell you This violations can be analyzed but the sabotage or or the malevolent actions, unfortunately is Is a An area which is usually not included or not covered by the human liability analysis It needs a special protection Against this kind of Human actions which is already the security issue and physical security or the physical protection of the plant including the psychological tests when Somebody is accepted and so on and so on those are the means which can protect against Against individuals who are able or who? Who is doing potentially some some sabotage or malevolent action? this is a very sensitive topic these days and in the new designs They try to Include some of these kind of Human actions in within the design basis However, it is very difficult because it can be anything so therefore therefore the most effective today the most effective way is to increase the What is it the physical protection inside the plant and The physical protection as as the safety also applies the defense in that principle so They will Define the access control on a way That will allow the access to some equipment or to some Systems only for those people who are Believed or who are trusted to perform the tasks Perfectly Okay, so this was by type of reasons and by the basis of human performance There are three types of things the Routine usual human actions explicitly included in the documents So what is written in the documents? I have to do I have I have a training I have Done an example an exam how to perform the task therefore Those are the so-called routine or almost everyday actions usually the routine Actions are such where the the mistakes are Or the human errors a human area of probability is rather low But we cannot exclude Well, we could see PSA is where the probability of such human actions Was assigned to the relevant basic event as Like 10 to minus 5 or 10 to minus 6 Usually I say that this is one out of 100,000 actions or one out of 1 million actions. Just imagine is it How to say can we believe that 100,000 times a human can perform the same action one after the other No Definitely if we if we look at the Word champion table tennis player Just doing the same action one million times at least once Make a mistake definitely so it is it is impossible to to to have such low probabilities Therefore the probabilities of the human errors Usually will limit that at around 10 to minus 4 But it is something which we have to acknowledge that we are not perfect and And we have to understand that as humans we are making mistakes. Okay, so whatever routine Type is my human action. I will make mistake sometimes Maybe less than in the cognitive Actions where where the human actions that require a cognitive process to understanding and decision-making previous to do The action where I have to to sit and think what What is going on and and this this is this is a difficult a process because I have to make a I have to make a Perfect diagnosis to understand what is going on then second what to do What to do to get rid of this situation third? Then then comes after my decision I'm planning my my actions and I'm doing my what what what is is to be done. Okay So there are many many things Included into this and many places where I can make mistakes so I Make a misdiagnosis Then then forget about the success. I made a good diagnosis, but I made a bad decision. What to do then forget about the success then I'm Planning I'm making a wrong plan. I have the decision that yes This system has to be switched on but I'm I have a wrong plan then forget about the success and finally when I'm executing what what I decided again if I'm making a mistake oops Then it goes to the wrong place. So There are so many Areas so many possibilities to make mistake in this process that And then we have to understand we have to analyze we have to Check what are the factors which can lower the probability of the mistakes in each of these areas and Well skill based Which I learned it. Okay, I learned it. I I know how to do it Okay, so if I know how to do it I'm an expert in doing it. Okay, then in most of the cases. I'm doing it right, but It sometimes I'm doing mistakes. Okay Rule-based stored or written rules procedures and so on I'm not an expert, but I know where the procedure is. I'm taking it and I'm following the procedure in this case the situation is not that certain therefore the rule-based actions the mistakes during the rule-based actions are let's say more More frequently I'm doing mistakes because because I'm not perfectly sure what I'm doing but there is an assistance from the Procedure and I'm doing it. I'm relying on something which which I I don't know. Okay, and And the knowledge base decision-making and thinking How good I am in understanding the processes at the plant Okay, how good I am knowing the places of the locations of the plant and How good experience I have in let's say liquidating the Incidents or or accidents and also The question is when I don't have I have a situation which is not written in the procedures sometimes it happens that I Don't I don't know because I don't I I don't have the The skills I I have never had such situation now What what is remaining for me as a help? This is my knowledge of the system. I have to find out now the mistakes during this process are more frequent than than in any other cases and You will see this three types of Human errors how they are related to each other later Okay, now sorry Yes, now just Figure which which shows the operator interaction process. Yes Sorry, I didn't follow your Yes Yeah, but those are the knowledge base Okay, so when when when I'm I'm I'm experiencing something then then I will have the skew base actions Okay, so if I had the experience I I Started up the plant. I'm in the the reactor so many times that I know it by heart. So I'm doing it just just Like it is it is needed every year or every year after the refuelling and also we have a lot of Simulator Trainings on how to start up the plant but I don't have experience in steam generated uber aperture I don't know something has happened the Primary circuit pressure is going down and also I see that the Pressurizer level is is lowering and something strange has happened because my the activity Measurements in the secondary the side has increased so I Start thinking what is that? Is it is it something which I? learned in in the Or during during my training. Do I have something similar in in the procedures or it is totally new for me If it is totally new for me, and I don't have it in the procedures and definitely it will be a knowledge-based action to start the elimination of the situation because if I Can figure out I can figure out that yes something has happened when the Primary coolant Entered the secondary site where can it enter it can enter in the steam generator? So if the steam generator I it it may be a steam that you brought you okay Let's let's go and see do we have procedures then it goes to rule-based or If we don't have procedures then it will be knowledge-based what to do isolate the steam generator or or and so on and so on lower the pressure depressurized the Primary circuit or something like that. So I have to figure out if I don't don't have experience. I have to find out Actually There was one steam jet that you brought your Situation in in a Japanese plant Mihama, I don't remember But they I remember the reaction of the plant our plant In in Hungary they immediately started that the training of steam generator to rupture Sequences for all the Crews all the crews. So everybody knew after that that what would happen in steam generator to rupture case So that's that's that therefore the steam generator to rupture Issue or actions become skill based for the operators Okay, is it is it what what you you wanted to say or or or or I misunderstood you Yes You Okay, let me come back to this when I when I will tell you the Our our experience Experiments okay, because that's that's that that we'll have to understand what So what what what how it is Constructed okay So now the operator interaction process First we have a human and machine interface and human and machine The border where Something is is human related something something is human related and the other is machine related So something is happening in the in the plant what will what we have come There will be some indication and display So we the operator will understand that there are alarms. There are Changes of Parameters and so on and so on so he will realize it now Which means the Detection okay after the detection of of something strange The operator will Try to diagnose the situation What has happened? what What has happened then to decide what has to be Done and then Do the manual action? switch phone and so on and so on Which will definitely How to say a fact on the Machine part where the controls and the hand switches through the controls and the hand switches We are Operating or equipment or we are Actuating some System operation and so on and so on Which already will have a feedback to the to our indications. Yes. I was successful Okay, so I'm successful because the the pressure went back to Normal which which which I wanted Okay, and Based on that This circle continues now. What are the factors? influencing this So here after the detection, of course something is strange. It always creates creates some stress in the operator So something is is wrong. It is not not usual So it is it is and then if there are so many alarms then it is even frightening. So they have to understand but in a in a stress under stress conditions and His con cognitive process will Result in in the diagnosis But now the question is how much time I have Okay If I have a very short time then the stress will be higher The cognitive process will fail more frequently and so on and so on. So now this Factors will affect the right diagnosis and the right decision After diagnosis my experience and training Is the Factor which will affect the right decision because I Understood the situation now comes the question how to deal with it. I Know how to deal with it because I have good training. I have experience. I I have good Procedures and so on and so on therefore I know I'm making the Right decision what to do and then comes the human machine interface influencing The action if if it is very difficult to perform their actions Just it is somewhere in the in the in the back of some panel because sometimes it happens I have to run there and and and and find very very where the that that Switch is located of course it makes my task more difficult but in a in a good layout in a in a Good mad machine interface which Alec yesterday told us Will help me to to perform the action okay, so We have a human machine interface now with the detections. There are some some others lots of others factors which Will help me or which will not help me which will make me which will make my Task more difficult just imagine a very narrow What is it? Indication on an instrument you don't don't even see the the arrow because because it is so narrow Okay, you you have to go there, but then you have lots of such indicators in the control room and You you cannot go and and then see everything Okay, but in the case There is an indication that a At least with a red light showing that something is wrong if it went out from the normal Ranges, then you already can select and then focus your attention on on on that particular Instrument on there are other things like signalization alarm voice or audible signalization sometimes There are lots of signals coming in not not only one There are lots of alarms are coming in to select what is the Right for my decision is difficult so the detection is not that easy because because definitely There are lots of things and and I guess I can support me in this that the instrumentation and control has very significant influence on on on on the right Human actions on the on the possibility of right human actions Okay, now How we call this this all? Here it they are the performance shaping factors PSS Those are any factor that shapes or influences the human performance anything There are lots of such Performance shape shaping factors less than adequate performance shipping factors means higher human error probability So if we don't have Good performance shaping factors Then we'll have Lots of human errors What are the human the performance shaping factors? They are coming in the next presentation After the break when we are talking about the human factors and human factor engineering where we are establishing the Performance shaping factors so in a in a in a nice environment You make less mistakes just an interesting Example is the Volvo manufacturer in Gothenburg where they The factory itself is on a nice place located on a nice place the environment in the workshops is such Clean and with with with nice trees in and then you feel good so this this this will help to to Do a good job or good work therefore less human errors are made during the manufacturing Also here they the pleasant environment is is definitely One of the good performance shaping factors we have external performance shaping factors like what about I told you then the stress source Stressors are Which are increasing the stress and the internal performance shaping factors with which are Coming from the human Okay, to analyze all these what I was talking about now We spent almost one hour on on Understanding what we will talk What we will analyze what we will assess we are assessing the Human performance with the Sharp procedure this was an every product and The sharp is the abbreviation of the systematic human action reliability procedure Okay You can find the this References on the internet it is relatively easy to find and there is a huge literature How to use that and then what what with examples of using it? The sharp methodology can be employed by the analyst as a guidance to make assessments of human reliability Well, mostly suitable for the PSA But once we are identifying and we are analyzing the performance shaping factors These results can be used also for the Human factor engineering Different techniques can be used within the sharp Framework now what are the techniques techniques are mostly quantification techniques? for determining the human error probabilities those are mostly PSA related techniques, but as there are so many techniques in the world unfortunately We human are colorful. I mean we are we have characters totally different from one the side to the other everything we and and such colorful is the human liability analysis techniques We have so many techniques almost every Human liability assessment expert has his own approach to quantify the human error probabilities So innovation can be employed when current techniques are deemed Insufficient or adequately addressing the case on the study well in some cases we are using different techniques for quantifying the human error probability for pre-accident human errors then Different techniques for the Quantifying the human error probabilities during accidental situations and this is normal So it is acceptable sharp steps Just quickly go through Definition to ensure that all human interaction are adequately considered in the study Screening to identify the human interactions that are significant to the operation and the safety of the plant Breakdown to develop a detailed description of important human interactions by defining the key influence factors necessary to complete the modeling and the human interaction modeling consists of a representation Which is a qualitative model impact assessment and quantification What is not needed for us now is the quantification all the rest is Will be ours Okay, then the representation to select and apply techniques for modeling important human interactions in the logic structures This is again something in to do with the BSA Then the impact assessment to explore the impact of significant human interactions human actions in identified proceeding step The preceding step on the system logic trees and the quantification and documentation so these are the Steps and as you can see many of these steps are usable for Determining what kind of human Factor engineering is needed for us Okay, the pre accident human arrows or latent arrows. Why do we say latent arrows? Because they remain hidden okay the operator goes there does his tasks and and With the wrong tightening Simply Disables the component and goes out goes further Everything in the documentation of the maintenance tasks seems to be perfect. He did the work Okay, and then he goes away and then when when the equipment is needed The operator starts doesn't start. Hey Cause the field operator go there and then look what has happened. Why it is leaking everything is under water because because Well Some something went wrong. Okay, so what can the operator do? Try to find some alternative solution and so on and so on this Human error which was done during the maintenance will appear only at the time when either the system is tested or When it is really needed in the real life By this time it may remain hidden of course to eliminate such cases There are so-called walk downs Routine walk downs like in every shift the shift personnel just goes compartmental room by room and and look Visually if everything is okay Even in this case it may not appear because because the error was done on a part of the equipment which is not visible then then the only Time when this error will have its effect is real time The real actuation time Okay, so identification and modeling in principle every component That is manipulated is subject to this type of unavailability and let me tell you that it Created a lot of headache for us when we modeled the common cause failures of equipment because If the same Crew same maintenance crew is doing the work on one safety train and on the other safety train He makes a mistake on this Safety train goes further The next day or or the day or the same day and doing the same action on the other train He will with higher probability Do the same mistake therefore At the same time Two equipment will be unavailable just because of one person or one one type of human error so this is the Situation when the human error can increase the likelihood of common cause failures What is the good Practice to eliminate this. What do you think? It's relatively easy one guy is doing This train and another guy is doing that train and we try to separate these works in time so One week I'm doing this The other guy is doing that next week Okay, so it will lower the probability of of taking the wrong tool from the stock it will Will over the probability of the common cause failure because they are separated in time and they are separated by by by person so so What we made a funny assessment to trying to characterize the Importance of the maintenance crew and it appeared at the end that the most important Contributor to the Risk at the plant was a single person who was the head of the Maintenance crew because his crew was doing all this kind of Works and then we stopped this evaluation not we didn't want to go further Just blaming one poor guy because he was the boss of the crew. Okay, but but indeed And this type of Human errors are very frequent and as the maintenance people are usually trained on a different Way and different level. So so their knowledge is is is totally different than the knowledge of the operators therefore they will focus on what Their task is and they don't care how important the equipment is therefore This kind of human errors are very frequent Okay, then comes the Pre-accident human errors and random component failures sometimes it is it is mostly about How to model it in the PSA so it is not necessary to Talk about it here And a post-accident human errors with the miss misdiagnosis This is important because If you talk about PSA impact it is impact on the risk. It is impact on the safety. Okay, so if if the Human action required to cope with the accidental situation are not performed Then the probability of effective affected human failure events are modeled in the PSA Will be higher the probability will be higher If the actuation of system required to cope with the real situation is inhibited then The affected system models need to include the human failure event In an OR gate, which means that the whole system will be disabled by by that mistake or actions not required to cope with the real situation are performed which do not impact the situation then it will not have any effect on the safety but Those which are not required to cope with in real situation, but will worsen the situation of course it will cause Safety effects and In spite of misdiagnosis the correct actions are performed again no impact on the safety so To do that I mean to analyze that we have to perform we have to develop So-called confusion matrix which shows the initiating event Groups included in the PSA and I guess here here I have one Confusion matrix this is already the analysis to identify what are those possible confusions which Can be during the misdiagnosis so the real situation is a small local or steam jet that you brought your own small Steam line break or some other initiating event then with a given probability. I will confuse the Steam jet that you brought your with the small local because I don't care what what are the secondary side? I simply missed to check what are the secondary side effects. I can see only only Slow decreasing pressure in the secondary side and and lowering the Pressurized the level I can think easily that it is a small local loss of coolant accident and I start acting as if it was a small loss of coolant accident. However This is not the small loss of coolant accident. It will create later Problems in the secondary side it will increase the pressure in the steam generator and and in the mainstream collector and sooner or later the Atmospheric dump valve or or the steam generator safety valve will open and then I will hope I'm on total in a wrong place because because I I Mixed up the situation. I I thought it was a What is it the small local and so on and so on so we try to understand what are the possibilities to mix it up with and Once I understand what are those I can assign probabilities to each of them saying that it is Probable that I will mix up the steam jet that you brought to with the small local, but It will be another Probability to mix it up with the smaller steaming a brake line Streamline brake or with with other initiating events Depending on what are my assessed probabilities. I can select those Which will be really relevant to my assessment and which will be Important for my safety assessment Yeah It is still about We have to revisit the confusion matrix and screen out all incredible confusions. Of course, I'm not Confusing the Lots of coolant accident with station blackout Definitely, they are totally different and then the totally different behavior of the plant will Be how to say demonstrated therefore I will definitely not believe that This confusion can be Placed use a structure expert judgment to approach the calculated to calculate the probabilities and The possibility of recovery or read diagnosis Needs to be taken into account in the analysis as we said there can be some recovery A small local is somewhat similar to to steam jet that you brought to but The only issue is that if I don't recognize that it is a small locator was the secondary site then the radioactive material will appear in the secondary site and I may miss the situation I may miss the The Possibility to Lower the primary circuit pressure below the opening of the steam jet that you brought to Set point because the action what we have to do in such case is that I'm quickly Isolating the steam generator from the rest of the secondary circuit and Try to reduce the pressure of the primary side before the steam generator Safety valve opens because then there will be direct release of radioactive material to the environment I mean, I'm I'm just jetting out everything to the to the atmosphere or or to somewhere where where the Stimulator safety valve is driven. So if I can lower the pressure under the opening of the Set set point of the opening of the steam generator Safety valve then what I'm doing. I'm extending the primary circuit boundary To the steam generator secondary site, which is Helping me to to remain within the defense in debt. Okay, so This is what I'm missing if I'm making this confusion okay, so the meaning of Of the rediagnosis Is that if I still have time? Okay, I thought it was but but I realized suddenly that there is some radioactive material in the in the secondary circuit by the Main steam collector measurements then I Reconsider myself and I go to to the steam jet that you brought to a procedure and if I did it in right time Then I went back to the right track okay, and Now comes the human cognitive reliability Curves there are such curves shown in the Literature where the non-response probability of the operator versus the time available For the operator is shown and as you can see here we have Knowledge-based rule-based and skill-based Actions so for the skill-based actions the If I have less time than for the rule-based actions The probability of the non-response probability is lower much lower So if you can see here that that for for this time line here Normalize time doesn't matter What it is but for the same time the probability of Making a mistake if it is a skill-based action If I learned it if I know what to do at the moment when the Event occurs then the mistake probability is very low While the rule-based probability is is is rather high and for the knowledge-based probability it is it is even higher Okay, so there is such Correlation between the type of the Human action and the probability of Human error within Time frame or a time window here. There is something which I I wanted to Talk about which was the Experiment simulator experiment we did at the pox plant and I will do it after the break. I will continue with Humor reliability analysis after the break but Because because as I as I said the human factors and the humidity analysis are interrelated I will continue after Finishing this presentation with the human factors Do you have any questions to What I I have presented till now if not, let's do a half an hour break and and Yes One of us We we need to perform lots of Deterministic analysis deterministic simulations to Support this analysis to determine the time window which is needed for for some human actions, okay, so To specify what kind of Deterministic safety analysis Should be performed is is another issue it is a topic of another One and a half hour lecture or even more I believe but but it is relatively easy It is based on relatively easy principle I'm I'm assuming in my analysis that I'm not doing anything Then I'm defining the point time point where Whatever I do I cannot Drive back the Event sequence to its normal flow So if I have this Time point and I I know the time of the initiating event This is the time window. This is that this will be the time available for the operator to do something Okay, so this is how it is to be analyzed and For each of these human actions. I have to Analyze or define the time window on the same way Okay, this is what you were you asked. Yes Okay now Coffee break