overview of the mermos human reliability analysis methodoverview of the mermos human reliability...
TRANSCRIPT
![Page 1: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/1.jpg)
Overview of the MERMOS Human
ReliabilityAnalysis method
11th August 2010, Idaho Falls
Pierre LE BOT
![Page 2: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/2.jpg)
Introduction
Why do accidents occur because of humans ?
Key concepts
MERMOS process
Important issues
Let’s analyse
2
![Page 3: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/3.jpg)
Introduction
![Page 4: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/4.jpg)
Nuclear operator
installated capacity: 128,200 GW
156.500 employees in the world
In France 58 nuclear units at 19 plants – all PWR (4 main series)
1100 reactors.yearscumulated experience
High level of standardization within a series
4
EDF R&D 1800
researchers
![Page 5: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/5.jpg)
EDF’s PSA reference models
Five PSA (Probabilistic Safety Assessment) level 1+(impact of sequences: core damage)
1 full level 2 model(impact of sequences: radioactive releases due to core damage)
Generic data for one series or for the whole fleet
Reference methods
5
www.nuce.boun.edu.tr/psaover.html
![Page 6: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/6.jpg)
HRA for NPP’s PSA
6
Temps
Emergency operation
Normal operation
Maintenance
Human Factors Mission
Technical Systems
mission
Pre initiator event phase Post initiator (& aggravating events) phase
Post initiator human failure (HFE)Normal operation failure
Latent error
Initiator
MERMOS
![Page 7: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/7.jpg)
MERMOS origin“Méthode d’Evaluation de la Réalisation des Missions Opérateurs pour la Sûreté”Method for assessing the completion of operators action for safety
First EDF’s PSAs HRA for classic control room & paper procedures
•Adaptation of THERP and ASEP
•Extensive use of data from simulator
N4 series with full computerized interface and procedures
•First methods based on deviation from procedures not applicable
•Extensive feedback (simulators observations and ergonomists studies)
MERMOS
7
![Page 8: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/8.jpg)
Why do accidents occur because of humans ?
![Page 9: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/9.jpg)
Ultra safe systems: Humans role in safety ?
9
Human can’t be perfect and can
err
Engineering can’t be perfect nor
predict everything
Automatize or help operator
Manage safety by humans
Improve interface, procedures, training
Improve safety culture, skills,
experience
Require procedures strict
application
Require situation awareness &
initiatives
Anticipation Adaptation
First HRA models
![Page 10: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/10.jpg)
OLD VISION : unrationally, operatorsometimes does’nt perform expected action
Operator = machine
◦ Without autonomy
◦ With limited capacities
◦ Very unreliable
Human failure:
◦ Individual
◦ Operator informed and sollicitated by interface and procedure
◦ If response is not as expected Error
10
![Page 11: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/11.jpg)
First Human Reliability paradigm at EDF (1986)
11
A. Villemeur, F. Mosneron-Dupin, M. Bouissou, T. Meslin “A Human Factors Databank For French Nuclear Powerplants”, Proceedings of the International Topical Meeting on Advances in Human Factors in Nuclear Power Systems, American Nuclear Society,
Knoxville, TN.(1986)
![Page 12: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/12.jpg)
How to identify and assess potential Human FailureEvent ? An engineering problem for HRA
The classical engineer approach(1rst generation method):◦ Failure = the omission of the
expected actions prescribed in the applicable procedure
Screening of the prescribedactions, depending on theirconsequences
◦ HFE of EOO (error of omission) are easy to identify
◦ No clear method for EOC (error of commission) or limited
◦ Not easy to find out plausible potentialunexpected output
◦ No clear validation from operationalfeedback
12
error
expected
omitted
<
![Page 13: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/13.jpg)
And in the “reality” ?13
Observation of a simulation
Full scope simulator
Operational team
Story:◦ Small compensated leak
◦ Loss of external electric power sources
◦ Failure of one supply generator: one of the two electric division is out
![Page 14: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/14.jpg)
Issues
Have you understood what happens ? Did they do errors ?
◦ The supervisor believed that the generator failed to start
◦ They deviate from the prescribed operation: direct application of the procedure PR01 (treatment of the loss of the electric power source)
Is it an omission ? A commission error ?
Our conclusion is that the classic HRA model has to be improved.
We needed new paradigm and concepts.
14
![Page 15: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/15.jpg)
KEY CONCEPTSThe Emergency Operating System (EOS)
The CICAsThe scenarios of failure
The SAD functions
![Page 16: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/16.jpg)
The Emergency Operating System
Emergency operation of a NPP is emerging frominteraction betweenoperators, procedures and interface that constitute a system (EOS)
The EOS is cognitive and distributed
◦ It uses prior knowledgeand produces new knowledge in real time
◦ Knowledge is deposited in and elaborated by differentsystem components.
Operation
Team
InterfaceProcedures
Human reliability is the reliability of the EOS
16
![Page 17: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/17.jpg)
The CICAs
17
![Page 18: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/18.jpg)
18
840 000 barils in the Arabian sea
J. Morel
![Page 19: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/19.jpg)
Definition and example
A CICA is a collective rule that:
◦ the EOS has decided (explicitely or not) to follow in a stable phase
◦ determines its configuration and orientation in time
◦ is stopped by a rupture phase and a reconfiguration as soon as it is detected that the objective is reached or the CICA is no more fitted to the situation
Exemple: TMI
19
04:00 rupture1 from normal to emergency operation
04:03 stability 1 management of excessive SI +
recovery of AFS
04:16 rupture 2 reconfiguration towards stabilization
04:20 stability 2 stabilization + local investigations
05:13 rupture3 system disorientation
05:42 core is uncovered
![Page 20: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/20.jpg)
Time
Retrospectiveanalysis
Initiato
r
Failur
e o
fHF m
ission
HumanReliabilityAnalysis
CICA 1
CICA 7
CICA 6
CICA 5
CICA 4CICA 3
CICA 2
CICA 1
CICA 2
CICA 3
20
![Page 21: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/21.jpg)
The scenarios of failureFormer models based on error and deviation from expected operationMERMOS failure model: the scenarios of failure
21
![Page 22: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/22.jpg)
Former models based on error and deviation from expected operation
22
UNLIKELY ERRONEOUS OPERATION IN ONE UNIC LIKELY CONTEXT
Context
Success
Failure
No recoveryError
Probability P
?
Prescribed operation
Non prescribed operation
Pro
cedure
![Page 23: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/23.jpg)
MERMOS failure model: the scenarios of failure
23
EDF R&D
Contexts
continuum
P context 1P CICAs
Non conceivable scenarios
LIKELY COHERENT OPERATIONS IN RARE CONTEXTS
P context 2Failure
Required
op.
Success
« PARTIR DE L’ECHEC »
![Page 24: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/24.jpg)
SAD Functions: strategy, action, diagnostic (state/situation)24
![Page 25: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/25.jpg)
MERMOS process
![Page 26: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/26.jpg)
Goal of the analyst
To build (and upgrade) the answer to the question : ◦ How could the Emergency Operation System fail ?
◦ In rare situations and in a plausible way
◦ By describing operational stories leading to failure (= MERMOS scenarios)
26
![Page 27: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/27.jpg)
MODULES AND STEPS
27
HF mission to
analyzeHF mission
analyses
database
PRA qualitative
analysis
Adapt
former
analysis or
create new
one
MODULE 1
Identification and definition of the
HF Mission through functional
analysis
MODULE 2
Analysts
quantify each
scenarios
condition
(situation
elements,
CICAs)
Analysts
thinkout
failure
scenarios for
Strategy
Diagnosis
Action
Breakdown
Requirement
for
Strategy
Diagnosis
Action
Step 3Step 2Step 1
Qualitative and quantitative analysis
If necessary
perform
simulator tests
Simulator Tests
EOPs
(Emergency
operating
procedures)
Verify
consistency
and integrate
HF mission
analysis into
event tree
Step 4
Design
documents
Process
simulations
Enrich
database
If necessary
perform process
simulations
Real events
feedback
Analyze next HF mission
![Page 28: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/28.jpg)
Structure of MERMOS analysis / quantification
28
![Page 29: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/29.jpg)
Example29
Probability of mission failure (HEP): 1.0 E-2Uncertainty: 3.7 E-4 to 3.7 E-2
N° Scenarios Prob.1 The system hesitates about the means and does not
operate the cooldown early enough8.1 E-3
2 Before operating the cooldown, the system wants to make sure that the SG has been well locally isolated
7.3 E-4
3 The system tries first to reach ruptured SG level > 17%
narrow range, and starts the cooling too late
0
4 The team does not choose the expeditious cooldown given a reading error of the level of the SG
8.1 E-5
5 the system interrupts too early the cooling given a reading error on a parameter that governs the stopping of the cooling, and does not restarts on time
2.4 E-4
6 the system is cooling too much and overtakes the limit of subcooling margin
9 E-5
7 the system operates an unsufficient cooling because of an error of rating and of lack of communication
8.1 E-4
Pr - 6 E-5
Steamline Break + SGTR, auto-isolation of the break (complex scenario)
Cooldown the RCS within 15 minutes from E-3 step 7
![Page 30: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/30.jpg)
Scenario structure /quantification
30
•Conjonction of situation features
•Given the initiating and aggravating events
Context (or situation)
•Configuration and orientation of the EOS (coherent and justified)
•CICAS
Operation(given the context)
•Wrong operation is lasting too longNon
reconfiguration
![Page 31: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/31.jpg)
Example of MERMOS scenario31
SCENARIO n°1
Probability: 8.1 E-3
Description : The system hesitates about the means and does not operate the cooldown early enough
No reconfiguration probability : 0.3
CICASuspension of the following of the procedure 0.9
Situation feature
The operators hesitate on the means to use before operating the cooldown
0.1
The supervisor asks for a meeting to decide which means is to be used.
0.3
![Page 32: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/32.jpg)
Steps of Module 2
• Breakdown of requirementswith SAD functionsStage1
• Qualitative Analysis : design of scenariosStage 2
• VerificationsStage 3
• Quantification by experts judgments and statisticsStage 4
• AdjustmentsStage 5
32
![Page 33: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/33.jpg)
QUANTIFICATION
Scale (not obligatory) STATISTICS
(3) EXPERTS JUDGMENTS
1. Quantification of eachelement of each scenario by each expert
2. Comparison
3. New quantification
4. Vote
(Sure) (1)
Very probable 0.9
Quite probable 0.3
Not veryprobable
0.1
Veryunprobable
0.01
Impossible 0
33
![Page 34: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/34.jpg)
Important issuesHuman errorWhat is HRA
![Page 35: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/35.jpg)
Human error
Not the point to focuse on
Taxonomy of errors : not very useful
Commission / omission errors (EOC/EOO)
35
Macro level : (functional)
Meso level :
(emergency operating system)
Micro level :(individual)
EOO : Omission of required activation of
a safety function
EOC : Intentional and coherent operation that
causes an EOO at the upperlevel
EOO or EOC
(influences the context thatleads to the EOC at the upper
level)
![Page 36: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/36.jpg)
What is HRA36
Observation
Evaluation
KnowledgeDesign
Operation
HRA
![Page 37: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/37.jpg)
Let’s analyseLittle Titanic
![Page 38: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/38.jpg)
Picture of the ship
38
![Page 39: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/39.jpg)
Fishing boat (FAO fisheries technical paper, Oyvind Gulbrandsen, Norway, Food and agriculture organization
of the United Nations, Rome, 2004)
1/3 sailors are
experimented in motor
mechanics
½ are experimented in
navigation
39
![Page 40: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/40.jpg)
Example : Little Titanic (risk of sinking of a fishing boat)
System : Fishing boat with a motor, a pump for water and a net, anchored off the coast, and two fishermenwith two oars to row.
Initiating event : loss of a drainage-hole plug (1/2 inchhole in the hull of the boat), not reparable norcompensable, + the hold pump does not work + the engine will not start (not repairable) ; (…)
Mission : to get back to the port before the boat sinks(within 60 minutes), first hauling in the net, thenrowing to the coast (with one rower, or two if any delay)
40
![Page 41: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/41.jpg)
First ideas of failure scenarios ?
The crew may attempt to restart the engine at all costs and not reach the coast in time
The crew may take too much time hauling in the net and not reach the coast in time
…
41
![Page 42: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/42.jpg)
Failure scenarios found with MERMOS
- 1/ The crew, who are sleeping, do notassess the situation (no state diagnosis)
- 2/ The crew do not diagnose theunavailability of the engine early enoughto save themselves (erroneous diagnosis ofstate)
- 3/ The crew, hoping for the arrival of alifeboat, stay where they are too long anddo not row fast enough (erroneous diagnosisof situation : incorrect estimation of the kinetics)
42
![Page 43: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/43.jpg)
MERMOS scenarios (2/3)
- 4/ The crew persevere in attempting torepair the engine and do not get back tothe coast in time (erroneous diagnosis ofsituation: they do not realise that theirattempts will completely fail)
- 5/ The crew, slowed down by the weather,use a single rower (erroneous strategy)
- 6/ The crew take too long hauling in thenet (erroneous action, meaning action notperformed effectively)
43
![Page 44: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/44.jpg)
MERMOS scenarios (3/3)
- 7/ Following a problem, the net remainsstuck to the boat and slows its progress(erroneous action: the crew does not abandonthe net)
- 8/ The crew makes a navigational error, takes the wrong course and maintains it due to poor visibility (erroneous action:
following the wrong course).
44
![Page 45: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/45.jpg)
A new scenario by trainees45
SCENARIO INL/NRC
Probability: 1.8E-3
Description : The EOS overestimates leak rate—row too quickly and get tired
No reconfiguration probability: 0.4
CICAGet to shore as fast as possible 0.9
Situation features
Mismatched experience with leaks (different hull design, small rain adding water)leads to overestimation
0.25
Fear of drowning. 0.2
Unable to row quickly and make it to shore (limited endurance)
0.1
![Page 46: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/46.jpg)
Next part: the Model of Resilience in Situation
46
![Page 47: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/47.jpg)
47
SCENARIO n°1 Probability: _______
Description : The system does not perform the procedural steps fast enough and does not reach the step of the isolation of the ruptured SG within the allotted time.
SAD Function : Failure mode :
Strategy No strategy
Element of requirements not satisfied :
Give priority to isolation of the ruptured SG, to avoid its filling
Non satisfaction modality:
Absence of priority and acceleration of operation in the event of delay
No reconfiguration probability : 0,9Justification: The mean time estimated by Halden to perform
the mission is about 17-19min. If the system was late it is very probable that the system would not recover within a 20-minute time frame to accelerate the rhythm
N° CICA Proba Justification1 - Run through the procedures step by
step
0,9 Given the situation, it is very probable
that the operators would follow the
instructions step by step
Situation features Proba Justification- The operators shut down the reactor late
0,1 With the impacted parameters being obvious, it is unlikely that the operators shut down the reactor late
The operators follow the instructions cautiously
0,3 Without specific data we assume a mean value so we consider that it is fairly probable that in a first time operators follow the instructions cautiously
- The SS does not incite the operators to accelerate the procedural path
0,9 With no safety function being damaged, it is very probable that the SS would not encourage the operators to accelerate implementation of their instructions
Co
nte
xt
2,2.10-2
![Page 48: Overview of the MERMOS Human Reliability Analysis methodOverview of the MERMOS Human Reliability Analysis method 11th August 2010, Idaho Falls Pierre LE BOT. Introduction ... An engineering](https://reader034.vdocuments.us/reader034/viewer/2022042207/5ea9e613a991e920c7734db3/html5/thumbnails/48.jpg)
48
SCENARIO n°1 Probability: _______
Description : The system does not perform the procedural steps fast enough and does not reach the step of the isolation of the ruptured SG within the allotted time.
SAD Function : Failure mode :
Strategy No strategy
Element of requirements not satisfied :
Give priority to isolation of the ruptured SG, to avoid its filling
Non satisfaction modality:
Absence of priority and acceleration of operation in the event of delay
No reconfiguration probability : 0,9Justification: The mean time estimated by Halden to perform
the mission is about 17-19min. If the system was late it is very probable that the system would not recover within a 20-minute time frame to accelerate the rhythm
N° CICA Proba Justification1 - Run through the procedures step by
step
0,9 Given the situation, it is very probable
that the operators would follow the
instructions step by step
Situation features Proba Justification- The operators shut down the reactor late
0,1 With the impacted parameters being obvious, it is unlikely that the operators shut down the reactor late
The operators follow the instructions cautiously
0,3 Without specific data we assume a mean value so we consider that it is fairly probable that in a first time operators follow the instructions cautiously
- The SS does not incite the operators to accelerate the procedural path
0,9 With no safety function being damaged, it is very probable that the SS would not encourage the operators to accelerate implementation of their instructions
Co
nte
xt
2,2.10-2