Human Reliability Analysis (HRA) and Probabilistic Safety Assessment (PSA)
The methods of Probabilistic Safety Assessment and Human Reliability Analysis are core competencies for the RHR group. With the nuclear (power plant safety) domain, the group has contributed to reviews of the state-of-the-art, the reviews and evaluations of HRA methods. In addition, it supports the Swiss Federal Nuclear Safety Inspectorate (ENSI) in the reviews of licensee PSAs, with a focus on HRA and topics related to human performance but also including accident sequence analysis.
Outside the nuclear domain, the group has applied PSA for a safety review of the Gantry 1 treatment area of PSI’s Center for Proton Therapy and for the MegaPIE experimental facility at PSI. Currently, PSA and risk assessment methods are being applied in risk analyses for the Gantry 2 area.
Methods to address Errors of Commission (CESA, CESA-Q)
Errors of Commission (EOCs) refer to PSA Human Failure Events modeling the performance of actions that aggravates an accident scenario. EOCs are not comprehensively covered within the scope of state-of-the-art PSA. They can be contrasted to failure events where a required action is not performed, and on which state-of-the-art PSA typically focuses. Analyses of operational and accidental events show that EOCs can be important contributors to these events. The Commission Errors Search and Assessment (CESA) method was developed at PSI for the identification of EOCs and the analysis of their significance. The quantification of the probability of EOCs represents an important area of current research for the Group: the basis of the CESA-Q method for EOC quantification has been already developed and tested. Improvements are underway concerning the user guidance and the incorporation of new data and formalized expert judgment. The group has performed three plant-specific, industrial-scale Pilot studies to identify potential EOC scenarios and assess their risk-significance. The pilot characterization of these studies relates to the need for further development in the method for the estimation of the EOC probabilities as well as the need for understanding the role of these errors in the plant risk profile. Our results from these studies include: 1) a systematic treatment of EOCs within PSA is feasible; 2) EOCs can be important contributors to the risk profile; 3) evaluation of the safety barriers against EOC as well as potential improvements in the operating procedures. Selected publications are:- B. Reer, V.N. Dang, S. Hirschberg. The CESA method and its application in a plant-specific pilot study on errors of commission. Reliability Engineering and System Safety, Volume 83, 2004, pp. 187-205. link to the paper
- L. Podofillini, V.N. Dang: Progress on Errors of Commission: an Outlook Based on Plant-Specific Results, Proc. 11th Probabilistic Safety Assessment and Management / European Safety and Reliability 2012 (PSAM11/ESREL2012), Helsinki, Finland, 25-29 June 2012.
- L. Podofillini, V.N. Dang, O. Nusbaumer, D. Dres: A pilot study for errors of commission for a boiling water reactor using the CESA method, Reliability Engineering & System Safety, 109, Pages 86-98, January 2013. link to the paper
Simulation-based methods for PSA: ADS Dynamic Event Tree
The aim of simulation-based or dynamic methods for PSA is to integrate the modeling of the plant response (thermal-hydraulics and reactor physics, if needed) with the logical, probabilistic model of the accident sequences. In current practice, modeling and analysis of the plant response and the development of the probabilistic PSA model are performed as separate, iterative steps. The overall objectives are improved treatment of dynamic interactions among plant behavior, automatic system actuations, and operator performance; and a comprehensive, integrated treatment of uncertainties.
The work within the group is centered on the Dynamic Event Tree (DET) framework for coupled simulation of plant response and of the probabilistic response of equipment (systems) and of the crew. PSI has contributed to the Accident Dynamic Simulator (ADS) DET implementation in a cooperation with the Univ. of Maryland, porting the software to a Unix platform and coupling it to the TRACE thermal-hydraulic model (the ADS-TRACE model).
In addition to a DET implementation, an important component required for dynamic risk assessment and PSA is the operator model. The operator modeling approach combines the modeling of procedures, a task-based model of actions, and rule-based plant state assessment and decision-making. Besides addressing the “what” of operator actions, the modeling of the timing of operator actions deserves special attention in a DET analysis framework. Mercurio examined the treatment of the variability of timing in terms of crew tendencies while Karanki analyzed the relation between characteristic durations and probabilistic modeling of the scenario.
The ADS dynamic event tree (DET) framework, with a crew model addressing the performance operating crew guided by emergency procedures, was applied in a case study for a Swiss NPP. The model treats a small Loss of Coolant (LOCA) scenario, one of the risk-significant internal initiating event scenarios for a PWR in which the crew’s response plays an important role. The development of the crew model focused on treating training-based rules in combination with procedure instructions. In addition, the variability in the time crews require to perform tasks was implemented for the DET simulation model.
The DET simulation model generates a large amount of data on the scenarios. In addition to the evolution of the plant parameters, the scenarios contain data on the crew’s response and its basis. Quantifying related sequences, determining their main contributors, and deriving insights from this data requires a combination of strategies: grouping accident sequences that are similar in terms of plant response and/or events, identifying the critical events that are key to the sequences with undesired outcomes or a reduced safety level, and screening out events that lead to variability without affecting the outcome. Scenario classification techniques based on fuzzy set theory and a DET parser to selectively focus in on the simulation data were developed. The application of these techniques in the case study demonstrated different ways in which operator-plant simulation can support HRA.
Advanced techniques (Bayesian Belief Networks, Fuzzy Expert Systems, Fuzzy Classification, Artificial Data)
In addition to the development of models and methods for HRA and dynamic PSA, the RHR group examines the applicability of advanced techniques from other domains in HRA. The research aim in this area concerns the development of HRA models that systematically treat and aggregate the three main sources of information for HRA: knowledge from cognitive theory, empirical data, and expert judgment. This research is motivated by the fact that HRA analyses are used to inform operational and regulatory decisions: the models supporting these decisions should be based as much as possible on an empirically sound basis. However, as in any area of risk analysis, expert judgment is needed to interpret and to fill-in empirical data, which is generally very scarse; and when this happens, it has to be done in a traceable and reproducible way. The combination of all sources in HRA models needs to be systematic to maintain the empirical basis provided by the data, while improving their accuracy by formally treating expert judgment.
In this aim, we evaluate, develop and apply of Bayesian methods for the formal treatment and aggregation of cognitive theory, empirical data, and expert judgment in HRA.
Examples of related research work:
- Development of Bayesian Belief Networks to support errors of commission quantification
- Evaluation of Bayesian Belief Networks as modelling tool for HRA, based on artificial data
- Development of expert systems (Fuzzy Expert Systems) to improve transparency and reproducibility in HRA modelling
- Analysis of dynamic safety assessment results with fuzzy classification techniques
- L. Podofillini, L. Mkrtchyan, V. N. Dang: Quantification of Bayesian Belief Net Relationships for HRA from Operational Event Analyses, Proc. 12th Probabilistic Safety Assessment and Management (PSAM12), Honolulu, Hawaii, USA, 22-27 June 2014.
- V.N. Dang, Y. Stempfel: Evaluating the Bayesian Belief Network as a Human Reliability Model – the effect of unreliable data. In: Proc. 11th Probabilistic Safety Assessment and Management / European Safety and Reliability 2012 (PSAM11/ESREL2012), Helsinki, Finland, 25-29 June 2012.
- L. Podofillini, V.N. Dang, E. Zio, P. Baraldi, & M. Librizzi: Using expert models in human reliability analysis—a dependence assessment method based on fuzzy logic. Risk analysis, 2010, 30(8), 1277-1297. Link to the paper
Interface to Human Factors and Experimental Psychology
HRA and Human Factors are closely related disciplines that approach human performance from different perspectives. The state-of-knowledge in Human Factors is a foundation for HRA, which seeks to operationalize this knowledge into predictive, probabilistic models. In the opposite direction, HRA and its probabilistic perspective can orient the Human Factors Engineering effort, in particular, to address the rare but potentially important accident scenarios. The renewed interest in HRA data and, in particular, in the collection of HRA data in simulator studies, calls for an increased, closer interaction between HRA and Human Factors, in particular, experimental psychology. The RHR group works closely with experts from these disciplines, in particular, within the frame of the OECD Halden Reactor Project.