Presentation is loading. Please wait.

Presentation is loading. Please wait.

M. Khalaquzzaman Nuclear I&C and Information Engineering Lab NQE, KAIST Characteristics of Test and Maintenance Human Errors Leading to Unplanned Reactor.

Published byMagnus Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "M. Khalaquzzaman Nuclear I&C and Information Engineering Lab NQE, KAIST Characteristics of Test and Maintenance Human Errors Leading to Unplanned Reactor."— Presentation transcript:

1 M. Khalaquzzaman Nuclear I&C and Information Engineering Lab NQE, KAIST Characteristics of Test and Maintenance Human Errors Leading to Unplanned Reactor Trips in NPP Lab Seminar Presentation May 3, 2010

2 References 1. Jaewhan Kim, Jinkyun Park, Wondea Jung, Ji Tae Kim; Characteristics of test and maintenance human errors leading to unplanned reactor trips in nuclear power plants, Nuclear Engineering and Design 239 (2009) 2530–2536. 2 2. Canavan, K., Hannaman, G., 2004. Introduction to simplified generation risk assessment modeling. EPRI Report, EPRI 1007386. 3. Dhillon, B.S., Liu, Y., 2006. Human error in maintenance: a review. Journal of Quality in Maintenance Engineering 12, 21–36. 4. Hirschberg, S., 2004. Human reliability analysis in probabilistic safety assessment for nuclear power plants. CSNI technical opinion paper, OECD/NEA. 5. Hollnagel, E., 1998. Cognitive Reliability and Error Analysis Method (CREAM). Elsevier. 6. IAEA, 1992. Procedures for conducting probabilistic safety assessments of nuclear power plants (Level 1). IAEA Report, Safety Series No. 50-P-4. 7. IAEA, 1995. Human reliability analysis in probabilistic safety assessment for nuclear power plants. IAEA Report, Safety Series No. 50-P-10. 8. Kim, J., Park, J., 2008. Task types and error types involved in the human related unplanned reactor trip events. Nuclear Engineering and Technology 40, 63–72. 9. Korea Institute of Nuclear Safety (KINS). Operational Performance Information System (OPIS, http://opis.kins.re.kr). 10. Laakso, K., Pyy, P., Reiman L., 1998. Human errors related to maintenance and modifications. STUK-YTO-TR 139, STUK. 11. Pyy, P., 2001. An analysis of maintenance failures at a nuclear power plant. Reliability Engineering and System Safety 72, 293–302. 12. Reason, J., 1990. Human Error. Cambridge University Press.

3 Outlines 1. Introduction 2. Analysis of error types 3. Characteristics of the maintenance human errors by error types 4.Conclusions 3

4 Introduction - Test and maintenance activities of nuclear power plants are essential for sustaining the safety of a power plant - potential of human errors during test and maintenance activities has also the possibility of inducing unplanned reactor trips - conventional probabilistic safety assessments (PSAs), human actions leading to initiating events, i.e., unplanned reactor trips, have not been modeled explicitly - maintenance human failures and their effects were introduced, and their safety significance was discussed from the PSA point of view; however, the effects and safety significance of maintenance human failures mainly included equipment unavailability or wrong equipment function, very few of unplanned reactor trips. 4

5 The major incident/accident reports of NPP in Korea reveals the contribution of human errors takes up about 20% of the total events (KINS). The study presents that human failures during ‘planned operation’ and ‘response to a transient’ activities contributes to unplanned reactor trips with a large portion (30%), but most of the events related to these activities occurred under 20% of a normal power at which the plant state is too sensitive to control the abnormality of a plant system. The human errors at the stage of a design/manufacturing/installation showed a very low contribution (7%). Most of the human-related unplanned reactor trip events during the normal power operation are associated with the test and maintenance activities (63%), which are comprised of the plant maintenance activities such as: - periodic preventive maintenance, - a planned maintenance and - a corrective maintenance. Introduction (contd.) 5

6 This paper introduces basic characteristics of human erroneous actions involved in the test and maintenance-induced unplanned reactor trip events that occurred in 1976 to 2006 in Korean NPPs. The basic characteristics are divided into - human erroneous actions into the planning-based errors and - execution-based errors The events related to planning failures are classified according to existence of the work procedure and described the aspects of the procedure or work plan deficiency or problem. The events for execution failures are described from the aspect of error modes. Finally, predictivity or identifiability of a potential error from the viewpoint of a human error prevention or management is discussed. Introduction (contd.) 6

7 2. Analysis of error types 2.1. Error classification James Reason’s basic error types (Reason, 1990), which are composed of mistake, slip/lapse, and violation, are basically used to classify test and maintenance human errors associated with unplanned reactor trip events. The terms of error types are slightly modified into ‘planning failure’, ‘execution failure’, and ‘rule violation’, correspondingly, to reflect a nuance of practicality. Planning failure: Problems in work planning, work procedure, and the intention of operators or maintenance personnel at the time of a work activity. Execution failure: Omission of required actions or commission of inappropriate actions while executing prescribed tasks or implementing intentions. Rule violation: Operators or maintenance personnel do not follow predefined rules or work standards. 7

8 8 2. Analysis of error types (cont.)

9 2.2. Error classification results 9

10 3. Characteristics of the maintenance human errors by error types 3.1. Characteristics of human errors caused by planning failure The human error events caused by a planning failure are classified according to the existence of a relevant procedure for required test and maintenance activities : (1) The events that relevant work procedures were provided for the work activities. (2) The events that relevant work procedures were not provided for the work activities (in this case, maintenance personnel perform required activities with their own intentions without aid of procedural guidance). Among the total of 23 events that occurred due to a planning failure, the former case includes 16 events and the latter case does 7 events. 10

11 3.1.1. Characteristics of human errors caused by procedural problems Firstly, the characteristics of human errors in the cases in which work procedures are provided are summarized. It is notable that most of the events (14 of 16 events) occurred during low-power or startup conditions. Only two events occurred during a full-power operation. One event occurred due to omission of the checking of signal interrelatedness; this event is considered to be identifiable in advance before a work is initiated through the checking of ‘the state of signal interrelatedness’. The other event is deemed to be very difficult to identify in advance before a maintenance task is initiated because it occurred under the situational context of an unexpected/unanticipated component failure. 3. Characteristics of the maintenance human errors by error types (cont.) 11

12 The problems existing in the work procedures or events can be categorized into the following three patterns: Plan inadequacy: The plan, or a sequence of actions, contained in the work procedure itself has a potential to induce a system transient or a reactor trip. Plan incompleteness: The work-related information provided in the procedure is insufficient or unclear; this includes the task aspects such as a testing method, testing time, testing duration, an operation method, or design or phenomenological features associated with the actuation of a signal or a system, etc. Occurrence of an unexpected event: The operators or maintenance personnel fail to respond correctly to an unexpected event such as a component failure or an occurrence of an abnormal situation. - The events categorized as a ‘plan inadequacy’ record five, - the events categorized as ‘plan incompleteness’ record ten, and - one event is associated with an unexpected component failure. 3.1.1. Characteristics of human errors caused by procedural problems (cont.) 12

13 Three of the five events occurred because the work planners, i.e., the work organizer or the writers of work procedures, fail to anticipate the possible impacts of a planned sequence of actions on the plant system such as a plant transient or reactor trip. The following event illustrates this kind of one: During startup operation following the planned maintenance, a small leakage was found at the instrument guide tube of the Water flow transmitter, FT-427, which was located at the reactor coolant system (RCS) loop #2, at 8% of the reactor normal power. A maintenance activity followed with the tube blocked, which caused the RCS Low Flow signal to be generated. Under this condition, the other maintenance personnel performed the turbine over-speed test by opening the turbine stop valve gradually to increase the turbine speed. Instantly at a certain point of the testing, the pressure of the turbine impulse chamber goes over 10% of the turbine output power, and this caused the generation of the P-7 signal, which is the reactor scram permit interlock signal. The event has occurred due to a failure to evaluate possible impacts of the turbine over-speed test on the system under the condition that the RCS Low Flow signal had been generated. 3.1.1. Characteristics of human errors caused by procedural problems (cont.) 13

14 The characteristics of the events classified as ‘plan incompleteness’ in view of error prevention or error identification can be summarized as follows: Eight events of the ten occurred during the plant overhaul period, and the remaining two events occurred during the plant startup and the power descending period, respectively. The dropping test of the control rod assembly was performed at 45% of a normal power level during a plant overhaul period, and the reactor was successfully tripped. After this test, the reactor coolant system (RCS) liquid emission valve (LEV) opening test was conducted at 0% of the reactor power. After completion of this test, when the reactor power was being ascended, the reactor became arrived at a subcritical state at a 2.1% of a normal reactor power because of the over-production of Xenon. The Xenon overproduction was caused by the delayed performance of the RCS LEV opening test. The event investigation report says that the operators failed to respond effectively since there was a deficient description in the work procedure such as not describing the required time to arrive at the targeted power level. 3.1.1. Characteristics of human errors caused by procedural problems (cont.) 14

15 The ‘plan inadequacy’ type is mainly associated with a failure to predict a possible impact of a planned sequence of actions on the plant system, and - the ‘plan incompleteness’ type is associated with a failure to predict possible plant states and prepare actions for them. All these types are related to the problems arising in the stage of preparing work procedures. The items that could be checked in advance of a work activity include the following aspects: Reflection of a recently amended design feature on work procedures. Signal interrelatedness between systems and operations. Clear description on set-points and criteria. Detailedness of an operation method or cautions/warnings on the operation of systems. Detailedness of a testing method, especially of those with similar testing methods. 3.1.1. Characteristics of human errors caused by procedural problems (cont.) 15

16 16 Statistics of error modes of the human error events caused by a planning failure are summarized as follows: Error modeNumber of events omission4 too early3 unexpected/unanticipated result2 miscalibration1 too fast1 too long1 wrong object1 too much1 control failure1 reversal1 3.1.1. Characteristics of human errors caused by procedural problems (cont.)

17 3.1.2. Characteristics of human intentional errors when a procedure does not exist The characteristics of human intentional errors occurs when work procedures are not provided. The events related to this case occurred during corrective maintenance, which indicates that some corrective maintenance activities are performed without preparing work procedures although there is administrative instruction for preparation of work procedure. Four of the seven events have occurred during a full-power operation. This means that the impact of human errors occurring while conducting a corrective maintenance is significant and an adequate management is crucial to reduce the human errors associated with a corrective maintenance. 17

18 18 Summary of Planning Failure Analysis

19 3.2. Characteristics of human errors caused by an execution failure - Execution errors take up 50% of the total test and maintenance human errors. - Most of the events caused by execution errors occurred during a full-power operation (15 of the 24 events; 63%), and - both a corrective maintenance and a periodic preventive maintenance have the most contribution of the events. Execution errors can take various forms, but it is notable that all the human events related to execution error take one of the following error modes: - wrong object - omission - too little or inadequate - wrong action 19

20 The ‘wrong object’ error mode is defined as an action taken on an object other than a required one (Hollnagel, 1998). Most of the events include an action on a neighboring object similar to a required one. An inadvertent selection of a wrong object can take place at various components or parts of the power plant systems. Analysts are needed to identify a detailed work process, actions, and objects in order to predict a possible wrong object to be selected. It is notable that the error mode ‘wrong object’ took place in much portion during a corrective maintenance partly because the maintenance personnel are less familiar with the work environment and equipment during a corrective maintenance than a periodic preventive maintenance. Wrong object 20

21 The ‘omission’ error mode can be classified into: - omission of a procedural step - failure to recognize an abnormal state The ‘omission of a procedural step’ consists of ‘omission of a prior preparation action’ and ‘omission of a restoration action’.  The ‘omission of a prior preparation action’ includes the omission of an important action for making a stable testing condition which is required prior to a main testing procedure.  The ‘omission of a restoration action’ includes a failure to return a system train after a test to a normal state. The ‘failure to recognize an abnormal state’ includes a failure to identify an abnormal or failed condition of a function or component which is concealed in a system. Omission error 21

22 During a normal full-power operation, the periodic preventive test of the ‘ex-core power range nuclear instrumentation system’ was being performed at the reactor protection system process rack. After completing the test of the N-42 channel, one of the 4 channels of the ex-core instrumentation system, the maintainer failed to recover the test mode selection switch to a normal position. Under this condition, he continued a test for the next channel, N-43, by putting the N- 43 channel to a test condition. At that time, the 2 out of 4 logic circuit trip signal was generated, which resulted in reactor trip. Example of “omission error” 22

23 The ‘too little’ error mode means an insufficient or excessive force or effort being taken than required. Two of the six events occurred during a full-power operation, another two events occurred during power ascending, and the remaining two events occurred during a plant overhaul period. All the events of the ‘too little’ error mode are associated with an inherent vulnerability or a temporariness that a work method has against a work object. “Too little” Error Example of an event: At 30% of a normal power following a planned maintenance, the protection relay system was being tested by connecting a test plug to the A-phase circuit. During the test, connection status of the test plug for the A-phase circuit became loose, and it was finally separated from the circuit. This caused the opening of the A-phase current transformer (CT) which actuated the main generator protection signal and consequently the main generator and the reactor tripped. 23

24 It also includes an unintended contact between a work apparatus and peripheral components/devices of the workplace. Analyses of the work process, paths, specific actions, and tools/apparatus to be used with peripheral components/devices are required to predict the possibility of an occurrence of a ‘wrong action’. “Wrong action” error 24 Wrong Action Error: an inadvertent contact with peripheral components/devices while working at a local place.

25 25 Summary of Execution Failure Analysis

26 The characteristics of the test and maintenance human errors have been analyzed by error type that led to unplanned reactor trips. According to the analysis results, the human errors showed distinctive forms or patterns by error types. As is generally known, human errors due to a planning failure are difficult to predictively identify, while human errors during an execution are sufficiently predictable by using human error prediction or human reliability analysis methods with adequate resources. A more detailed and systematic approach would be required for the management of human errors due to a work planning; this approach might include a structured method or computational tools to identify the potentials for human error. 4. Conclusions 26 For the management of human errors during an execution, development of a detailed analysis procedure or guidance for identifying specific human errors at a certain step of a work procedure would be beneficial for reducing the human errors at test and maintenance settings.

27 Thank you 27

Download ppt "M. Khalaquzzaman Nuclear I&C and Information Engineering Lab NQE, KAIST Characteristics of Test and Maintenance Human Errors Leading to Unplanned Reactor."

Similar presentations

Accident and Incident Investigation

Accident and Incident Investigation
Engineering Diploma Level 2 Unit 7 Application of Maintenance Techniques in Engineering In this unit you will get involved with both maintenance procedures.

Engineering Diploma Level 2 Unit 7 Application of Maintenance Techniques in Engineering In this unit you will get involved with both maintenance procedures.
1. Four LLs were published in February 2013 1.Transmission Relaying – Undesired Blocking 2.Lack of Separation for Critical Control Power Supply Leads.

1. Four LLs were published in February Transmission Relaying – Undesired Blocking 2.Lack of Separation for Critical Control Power Supply Leads.
Root Cause Analysis for Effective Incident Investigation Christy Wolter, CIH Principal Consultant Environmental and Occupational Risk Management (EORM.

Root Cause Analysis for Effective Incident Investigation Christy Wolter, CIH Principal Consultant Environmental and Occupational Risk Management (EORM.
Auditing Concepts.

Auditing Concepts.
RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.

RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.
Failure Modes and Effects Analysis A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effects on a system or plant.

Failure Modes and Effects Analysis A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effects on a system or plant.
The Nature of Learner Language

The Nature of Learner Language
Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.

Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.
PSAEA – CNRA Conference on OEF (Köln, 29-31/05/2006) The relationship between risk analysis and event analysis – PSA based Event Analysis P. De Gelder.

PSAEA – CNRA Conference on OEF (Köln, 29-31/05/2006) The relationship between risk analysis and event analysis – PSA based Event Analysis P. De Gelder.
AREVA NP EUROTRANS WP1.5 Technical Meeting Task 1.5.1 – Safety approach Madrid, November 13-14 2007 Sophie EHSTER.

AREVA NP EUROTRANS WP1.5 Technical Meeting Task – Safety approach Madrid, November Sophie EHSTER.
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.
Enhancing Paper Mill Performance through Advanced Diagnostics Services Dr. BS Babji Process Automation Division ABB India Ltd, Bangalore IPPTA Zonal Seminar.

Enhancing Paper Mill Performance through Advanced Diagnostics Services Dr. BS Babji Process Automation Division ABB India Ltd, Bangalore IPPTA Zonal Seminar.
Protection Against Occupational Exposure

Protection Against Occupational Exposure
Presented by Dorian S. Conger Conger-Elsea, Inc. 2000 Riveredge Parkway, Suite 740 Atlanta, GA 30328 800-875-8709 phone 770-926-8305 fax

Presented by Dorian S. Conger Conger-Elsea, Inc Riveredge Parkway, Suite 740 Atlanta, GA phone fax
Codex Guidelines for the Application of HACCP

Codex Guidelines for the Application of HACCP
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System

Similar presentations

Ads by Google