Keywords

1 Introduction

The safety operation of the nuclear power plant (NPP) is critical issues for public safety, when considering the sustainable growth of and guaranteeing people’s normal life order. With the development of the technologies in NPP, increasingly sophisticated human computer interaction has been introduced into the I&C system, especially in its main control room (MCR). There is increasing evidence that human error is a major contributor to system risk: approximately 50%–80% of the incidents and the accidents in these safety-critical systems have been associated with human error, such as in the field of high-risk organizations, such as aviation, chemical processing, and nuclear plants [1]. Human reliability analysis (HRA) methods are a means of addressing this problem by identifying, modeling, quantifying, and reducing human error and risk [2, 3].

Human error risk identification method were widely studied in complex systems and the analysis of human error accidents provided useful information for system design and safety assessment. For example, the Human Error Assessment and Reduction Technique (HEART) is employed to determine the probability of human error occurring during each of the maintenance tasks, while fault tree analysis is used to define the potential errors throughout the maintenance process [4]. The system’s human error reduction and prediction method (SHERPA) was developed for the nuclear reprocessing industry and was defined as a classification method to identify potential errors related to human activities [5]. A human error template method (HET) was raised for civil flight deck to detect the human error incidents [6]. The hazard and operation ability study (HAZOP) method was originally developed for the safety of power plant or operation [7, 8]. The cognitive reliability and error analysis method (CREAM) was identified as a human reliability analysis method, which can be used to predict potential human errors and analyze errors [9]. Based on the “Swiss Cheese” accident cause model of accident causation raised by Reason, the human factor analysis and classification system (HFACS) was developed to investigate and analyze human error in the aviation industry [10, 11].

However, when considering the application of HRA methods in the field of NPP especially facing the human error risk mechanism in digital main control rooms (MCRs), The suitability of existing HRA methods in digital MCRs is often questioned. As indicated by Liu et al. HRA research needs to revise the model and data in HRA based on the current knowledge of human performance for HRA applications in digital MCRs [12].

In this study, properly understanding the risk interactions in nuclear power plant operation process requires first understanding how the performance shaping factors (PSF) behave towards states of increasing risk in a dynamic and systematic way. In order to analysis the risk mechanism of human error and control the risk transmission, this study proposes a framework to conceptually model the risk dynamics that involve the interactions of organizational, operator and technical system factors. As a data base, the operator workload is adopted to be the central risk indicator and multiple levels of resource channel are considered in a quantitative manner. Moreover, a system dynamics approach based conceptual model is established to provide a framework for operator risk boundary identification, especially for the design and safety assessment of digital MCRs in nuclear power plant.

2 Framework for Human Error Assessment

2.1 Factor Interaction Category

For informing HRA, simulators, investigation reports, cognitive experiment literature and experts judgments were all used to provide potential data and strengthen the database. For many PSF-based HRA methods, human error probability (HEP) of a human failure event is obtained by modifying its nominal HEP with multipliers for PSFs [26]. Some researcher has attempt to fill the gaps in determine the PSF multiplier design in SPAR-H and its successors [12]. SPAR-H model combines stimulus response and information processing methods, and names tasks in different stages of information processing as “diagnosis” and “action”. HRA analysts need to be able to consider all aspects of diagnosis and action, as well as the potential for NPP operator to successfully perform required operations. In order to illustrate the PSFs interaction focusing on the NPP operation, the proposed new classification is based on the risk interaction dynamics to reflect the NPP operator’s duties and defines the dependencies among enhanced PSFs.

Considering the characteristic of the digital main control rooms in NPP, the enhanced PSF categories are describes as following:

  1. (1)

    Organization Management factors: in this study, we focus on the teamwork (also identified as working processes), experience/training and the procedure.

  2. (2)

    Human Behavior factors: in this study, we focus on the fatigue (also identified as the fitness for duty), and working condition (also identified as the stress/stressors).

  3. (3)

    Task Executor factors: it is also know as local factor and it describes the object operated by NPP operator to execute intended task, such as technical system and its related interfaces. In this study, we focus on the task complexity, human-system interface (also identified as ergonomics), and time pressure (also identified as available time).

Considering the factor interactions, the relationships between three categories can be illustrated as shown in Fig. 1. As an emergency property, the human error probability is highlighted by grey block.

Fig. 1.
figure 1

PSF categories aiming for NPP operator HEP.

Full size image

2.2 System Dynamics Approach

The System Dynamics (SD) model is a methodology to recognize and solve the system problems by analyzing the information feedback, dealing with the dynamic structure and feedback mechanism between the qualitative and quantitative factors of the complex system, so as to obtain the overall cognition and problem solving of the system. It provides a framework for dealing with dynamic complexity. In the field of system safety, system dynamics has been used as an important supplement to analyze organizational accidents and proposed safety policy in the field of aviation, astronautics and chemical industries [13, 14].

For the causal loop diagram (CLD) modeling phase, there are three basic building blocks: the reinforcing loop, the balancing loop, and the delay. For the stock-flow simulation phase, the interested reader is referred to the author’s earlier publication for basic elements used in modeling, such as [15]. In order to help understand the dependency and dynamic relationship between the HEP and enhanced PSFs, the system dynamics approach is adopted to model the risk dynamics systematically. The data supporting risk analysis include:

  1. (1)

    Engineering assumptions grounded in practical experience of digital MCRs and NPP accident investigation.

  2. (2)

    Organization behavior modes and safety features proposed in literatures reviews, such as the systems theories based accident models.

  3. (3)

    Accessible NPP operating data, such as human error categories identified by accident statistics.

Based on the factor interaction category mentioned in Sect. 2.1, a framework for SD modeling for PSF interaction is proposed as Table 1 shows. It identified relevant SD properties/function types used in modeling for each enhanced elements of three PSF categories.

Table 1. Factors Identification Framework for SD modeling for PSF interaction.
Full size table

3 Human Error Probability Identification

3.1 Multi-resource Occupancy Channel Data

In this paper, the proposed method called multidimensional risk dynamics modeling on operator errors mainly includes:

  1. (1)

    Update the PSF multiplier design for HEP calculation based on enhanced PSF categories which has been described in Sect. 2.

  2. (2)

    Use the multidimensional workload assessment method as referred to the reference [15, 16] and adopting the physiological factors measurement method to work out the workload value to represent critical time-varying human behavior PSF elements which play an important role in determine the human error risk boundary of the digital MCR operator in NNPs.

  3. (3)

    Adopt metrics for identifying the human error probability referring to the standardized plant analysis of risk-human reliability analysis (SPAR-H) method [17].

  4. (4)

    Model the internal mechanism and dynamic relationships between enhanced PSFs and HEP using the system dynamics modeling method.

As the critical time-varying PSF factors, in this study, using the working condition (i.e. stress/stressors) as an example for method application, the mental pressure also known as work load is measure as an input data to initiate the improved calculation of HEP.

The common methods of stress measurement include skin electrical response, heart rate, blood volume pulse, etc. This study adopted the physiological factors measurement method to measure the factors of heart rate, voice and action volume to calculate the comprehensive workload of operator. The multidimensional data sources were divided into the following parts:

  1. (1)

    Voice acquisition equipment obtains the audio information (i.e., speech).

  2. (2)

    Wearable heart rate meter measures the heart rate.

  3. (3)

    Video monitor obtains the action amount; relevant data sources and one sample window in test are shown in Fig. 2.

    Fig. 2.
    figure 2

    Multi-resource channel measurement of work load and one sample window in test

    Full size image

3.2 HEP Calculation Metrics

According to the data consistency processing, the collected data was calculated, and the calculation formula of workload was obtained as follows:

$$ Work\,load(t)\,\text{ = }\,0. 7M(t)\,\text{ + }\,0.14H(t)\text{ + }0.16S(t) $$
(1)

In it, W(t) means the work load of MCR operator in task, M(t) represents the amount of action output, H(t) represents the heart rate, and S(t) represents the entropy of speech. Data collection and calculation were carried out for the whole process of MCR operation task, and one sample window data measured is shown in Fig. 2 (right). It can be seen that the average workload value of the dispatcher is 6 in the diagnosis period, while in the action period, it is 3. In this metrics the value range of workload is [0,10], and the value range of working conditions is [1,5] (referring to [12]), so the grade of stress in the diagnosis period can be obtained by the mapping equation as follows:

$$ Work\,Condition(t)\text{ = }k \cdot \frac{Work\,Load(t)}{2} $$
(2)

This study takes the actual NPP MCR task as an example: in one emergency relief valve opening task, which involves both the diagnosis and action types. It is necessary to analyze the PSF and its level division in the two task types of work respectively for calculation, and then add up to get the final HEP.

As an example, in the process of diagnosis task, PSF such as teamwork, experience, procedure, fatigue, working condition, task complexity, and HMI etc. can be involved. For the process of action task, PSF such as teamwork, experience, procedure, working condition, and task complexity etc. can be involved. Combined with the operator’s own situation and the overall organization conditions, each PSF factor can be valued, and the HEP value was calculated by the above formula. The assignment of the PSF composite and associated multipliers for two task types are shown in Table 2 and 3 as following. Therefore, the actual PSF(t) can be calculated, and the calculation of HEP for action process above should be determined as following:

Table 2. PSF score assignment for action process case: emergency relief valve opening.
Full size table
Table 3. A Sample: PSF score assignment for diagnosis process
Full size table
$$ HEP(t)\text{ = }\frac{{{\text{NHEP}} \cdot E - PSF_{composite} (t)}}{{{\text{NHEP}}{ \cdot }\left( {E - PSF_{composite} (t) - 1} \right)\text{ + }1}} $$
(3)

Where the NHEP is the nominal HEP and it equals 0.01 for diagnosis and equals 0.001 for action. The E-PSFcomposite(t) equals the involved enhanced PSF scores. Compared with the static PSF calculation, the improved HEP is updated by the multi-resource occupancy channel data which provide a efficient way to evaluate the HEP in real time and more accurate metrics to predict the operator’s reliability level.

4 System Dynamics Modeling for Operator Error Assessment

4.1 Conceptual Model for PSF Interaction

In this paper, the dependences among these PSFs were considered. For traditional method calculating HEPs, such as the SPAR-H method focuses on an isolate-point, which could produce overly optimistic or overly pessimistic results. In order to solve the correlation problem and reduce the repeated calculation when allocating the PSF threshold in HEP quantification, a system dynamic approach based model was introduced to describe the PSF interactions, as Fig. 3 shows.

Fig. 3.
figure 3

Conceptual model for enhanced PSF interaction dynamics

Full size image

In Fig. 3, the different color of variables indicate their PSF categories. The polarity note A marked at the causal link means this link can be enabled in the task involving the action process (such as Working condition → HEP). Meanwhile, the polarity note D marked at the causal link means this link can be enabled in the task involving the diagnosis process (such as Fatigue → HEP).

From the figure, the relationship between PSFs and the direct and latent impact on HEP were all illustrated. As shown by this PSF interaction dynamics, some PSFs play a role as initiator and its SD property is constant or initial value and other PSF such as the Fatigue is a stock variable which experience a accumulative process and introduce a dynamic characteristics on the HEP value, especially in a medium and long-time view.

4.2 Simulation Test and Results

In the process of establishing the SD model for quantitative simulation, in combination with the empirical operation data of the NNP digital MCR, the variable function definition should be evaluated by expert judgments and referring to relevant human performance and reliability literatures. Moreover, the SD model should experience relevant credibility and sensitivity tests for model structure and parameter setting check, which helps to ensure the consistency with the propose conceptual model in Sect. 2.1.

In order to investigate the stability of the model and the simulation precision, according to the complexity and nature of the digital MCR, this study introduced a medium term simulation experiments for 100 weeks by selecting different simulation step length (i.e., DT = 0.25, 0.5 and 1). The emergency relief valve opening task is also chosen as the test case which involves both diagnosis and action processes. The simulation results is shown in Fig. 4.

Fig. 4.
figure 4

Simulation results for case study: emergency relief valve opening task

Full size image

In this study, the possible human error risk boundary is setting as 0.8, and the oscillations characteristics of HEP can be observed, which reflects the dynamics pattern of time-varying enhanced PSF interaction such as work condition and time press. The model can be used to establish the simulation experiment of strategy scenario. By setting different PSF scores under relevant task types, the simulated model behaviors can be compared and analyzed, and it can help to establish a decision-making tools for producing human reliability improving measures under a systematic way and a dynamic version. Moreover, the benefit of safety investment can also be evaluated under time-domain simulation.

In this model, the feedback loops may exist in the PSF interactions and the loop-domain analysis can be introduced to identify the critical risk factors including cognitive decision-making ability, technical system reliability and organizational management. Especially, the human reliability level can be improved from individual accident learning ability and workload control [18, 19]. The sufficient training also should be emphasized to make the training intervals and types consistent with task characteristics.

5 Conclusion

In summary, this paper provided a systemic and dynamic view for nuclear power plant human error risk analysis, guided the digital MCR human-machine interface design for mitigation and proactive control of human errors and promoted the concept of risk boundary for enhancing of SPAR-H method. The multidimensional workload assessment based method can calculate the comprehensive workload of MCR operator from the two aspects: physiology and psychology and map the workload value to the critical time-varying PSF factors. The proposed conceptual system dynamics model to illustrate the dynamic relationships between PSF and HEP can make the safety vision in traditional NPP human reliability analysis move from the isolated-point calculation to time-domain monitoring. Some improvements to avoid empirical and structured analysis framework has also be verified here and the feasibility of proposed approach can be also seen. The detailed modeling for comprehensive PSF factor coverage is being under our further research.