Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Analysis of Diagnosis Errors for the APR1400 Main Control Rooms Awwal M. Arigi a and Jonghyun Kim a ∗ a Nuclear Engineering. Department, Chosun University., 309 Pilmun-daero, Dong-gu, Gwagyeok-si, Gwangju, Rep. of Korea * Corresponding author: jonghyun.kim@chosun.ac.kr 1. Introduction for the APR1400 MCRs compared to analog MCRs are hereby defined. The main control rooms of some new designs of 2.1 Soft Controls nuclear power plants (NPPs) in the world are fully digitalized. Particularly, the advanced power reactor - The soft controls are devices that are mediated by 1400 (APR-1400) has a fully digitalized control room softwares rather than physical connections and include that vastly differs from those of previously analog or features such as mouse control, touch screens, and so on. semi-digitized control rooms. The many differences The operators in the APR1400 MCR use soft control between the analog and digital main control rooms systems for operation and manipulation of equipment. (MCRs) of NPP can result in different task types and a Thus, using soft controls, operators can select (by change in the way operators carry out their functions. clicking or touching) a specific screen, choose the Some of the characteristics of these new digital MCRs controller, and finally manipulate the devices. provide opportunities for new types of operator errors, which may also affect operator response during time- 2.2 Computer-based Procedures critical tasks[1]. As such, the human reliability analysis (HRA) method for the operator actions in the new The APR1400 MCR uses a computerized procedure APR1400 MCRs may have to differ. system (CPS) to provide an integrated presentation of HRA usually considers the operator activities from procedural instructions and related process information the perspective of diagnosis and execution. Execution required for the proper execution of applicable actions are highly dependent on diagnosis activities. If procedures instead of paper-based procedures. the diagnosis activities are well done, the chances of proper execution are higher, and most incidents can be 2.3 Advanced Information Display Systems mitigated without serious consequences. This paper analyzes the diagnosis errors in the The APR1400 MCR contains a large display panel APR1400 MCR intending to develop a HRA method (LDP) which is designed to allow group view, that can adequately analyze the operator errors. First, especially in the case of situations requiring frequent we define the main distinguishing features in the communication between operators. Other graphic APR1400 MCR. Second, we identify the major information displays in this MCR have characteristics diagnosis error modes based on the distinguishing such as integrated displays, information support systems features and the task types. Third, the effect of these such as ‘Aids’, and procedure based displays. identified error modes on HRA is discussed based on the diagnosis tasks. The nuclear regulatory and 2.4 Advanced Alarm Systems operating bodies in Korea will consider the cause-based decision tree (CBDT) method as one of the possible The alarms in the APR1400 are distinctly different methods for HRA in the APR1400 NPP. Hence, this from those in conventional analog systems. These study also reviews the applicability of the CBDT alarms systems appear in a combination of messages method (CBDTM) as a surrogate way of analyzing and lists format, and they are integrated into process diagnosis errors in the APR1400 and possible displays, unlike the regular tile formats used in limitations. conventional (analog) MCRs. 2. The main distinguishing features of the APR1400 2.5 Communications MCR Although the communication protocol has not The advancement in technology has led to most of the changed (e.g., three-way communication in analog changes within the digital MCRs. Particularly, as the MCR), some differences in the communication pattern capabilities of modern computers in processing and can be observed. Unlike the conventional MCRs, the presenting information have increased, computer board operators can access each other’s computer techniques have been introduced into the design of interfaces in the APR1400 control room. Hence, MCRs of NPPs [2]. The major distinguishing features
Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 communication pattern is loosely coupled and the Table I: APR1400 MCR main features and diagnosis error modes operators may communicate less verbally. Main features of Associated diagnosis error 3. Identification of the diagnosis error modes APR1400 MCR modes Error in detecting alarms, The identification of diagnosis error modes is in two Advanced Alarm Error in Reading/ phases. In the first phase, we consider only the System interpreting information, and distinguishing features of the APR1400 while in the Selection errors second phase we consider the task types and related Soft Controls Selection errors error modes. Error in detecting alarms, Advanced Error in Reading/ Information 3.1 Based on Distinguishing Features interpreting information, and display Systems Selection errors In the first instance, error modes are assigned to all the Computer-based Initiating in-appropriate distinguishing features based on literature reviews and Procedures actions observation of simulator experiments involving APR1400 plant simulator. Thereafter, the error modes The unique communication pattern has been left out are aggregated and grouped into diagnosis and because there are rarely any error modes directly execution error modes. Table I. Shows the associated with it. distinguishing features and associated error modes for diagnosis. The diagnosis error modes include: 3.2 Consider Diagnosis Tasks • Error in detecting alarms (includes identifying icons or messages with auditory and blinking signals to be Previous research [3] has shown that MCR operators acknowledged by pushing buttons). in the APR1400 NPP have three major diagnostic tasks • which include 1) Recognizing the alarm of the plant, 2) Error in Reading/ interpreting information Finding the cause of the situation, and 3) Selecting the (identifying exact values, parameters, and the deviation proper execution strategy or procedure. Based on from the normal state on the computer display system). further analysis of the sub-tasks, the major diagnosis • Selection errors (selecting information in reading error modes associated with each task are matched. indications, e.g., lack of differentiation between safety Figure 1 shows the top-level task types, the subtasks, and non-safety components or due to interface and the associated error modes. The tasks were re- named based on MCR operator goals. management tasks). • Initiating in-appropriate actions (decipher 4. Analysis of the effect of diagnosis error modes on mitigation actions. For example, with the aid of alarm human reliability response procedures). Selecting proper Recognizing the Finding the cause of execution strategy or alarm of the plant the situation procedures Sub-task Sub-task Sub-task • Initiating Selecting Alarm Identifying the Pattern- Inappropriate • Display Error in relevant system matching Actions Detecting Alarms Navigating to • Perceiving Alarm Error in the relevant Information Reading/ system Interpreting Information Finding causes • Selection Errors Checking Alarms instrumentation system failures Verifying the results Fig. 1. Diagnosis tasks in APR1400 MCR with associated error modes. To accurately detect alarms, the three strategies of sequencing, prioritizing and suppressing alarms are also 4.1 Error in detecting alarms used in the analog control rooms but they are more supported in the APR1400 MCR. For the sequencing
Recommend
More recommend
