PSAM12 - Probabilistic Safety Assessment and Management
Friday, June 27, 2014

Program Book - Schedule - Monday - Tuesday - Wednesday - Thursday - Friday - SEARCH PAPERS

KEY: -Paper; -Biography; -Presentation

Plenary - F01 - F02 - F03 - F04

F00 Plenary:

9:00 AM

A People Centered Approach to Risk and Vulnerability Assessment

Heather Bell

Director of Applied Science, Pacific Disaster Center

Bio: Dr. Heather Bell leads risk and vulnerability assessment, modeling, and GIS analysis groups for PDC. She and her team develop information products and services that help inform disaster risk reduction decisions and humanitarian assistance initiatives at multiple levels. Recent contributions include leading a global risk assessment project, supporting the Association of Southeast Asian Nations (ASEAN) on the ASEAN Agreement on Disaster Management and Emergency Response (AADMER) Work Programme 2010 – 2015, and leading an APEC Workshop on Hazard Mapping and Risk and Vulnerability Assessment.

F01 Human Reliability Analysis VI

10:30 Honolulu

Chair: Ronald Boring, Idaho National Laboratory


Human Reliability Dependency Analysis and Model Integration Process

Jan Grobbelaar, Michael Hirt (a), Mary Presley (b), and Chris Cragg (c)

a) Scientech, a business unit of Curtiss-Wright Flow Control Company, Tukwila, WA, USA, b) EPRI, Charlotte, NC, USA, c) Cragg Consulting, Grapevine, TX, USA

The purpose of this paper is to describe the process for integrating HRA Calculator® dependency analysis results into a CAFTA cutset model. Fundamental to this process is that dependencies between human failure events (HFEs) need to be addressed before cutsets are truncated to prevent inappropriate truncation of cutsets containing dependent HFEs. To prevent truncation, human error probabilities (HEPs) need to be set to high values before solving the fault tree. For a model with more than 100 post-initiator HFEs, this can be a formidable challenge due to the exponential nature of the problem – current PC hardware and software limits can be challenged. To assist in this process, the HRA Calculator Helper software tools for optimizing HEP values to prevent inappropriate truncation from a cutset solution and for generating cutset recovery rules files to implement dependent joint HEPs in the cutsets are discussed.


Formative Evaluation for Optimal Upgrades in Nuclear Power Plant Control Rooms

Ronald L. Boring

Idaho National Laboratory, Idaho Falls, Idaho, USA

As control rooms are modernized with new digital systems at nuclear power plants, it is necessary to evaluate the operator performance using these systems as part of a verification and validation process. There is no standard, predefined process available for assessing what is satisfactory operator interaction with new systems, especially during the early design stages of a new system. This paper identifies a process framework for evaluating human system interfaces as part of control room modernization. The process is geared toward generalizability to other applications and serves as a template for utilities and safety-critical industries undertaking their own control room modernization activities.


Research on HRA Methods and Application for Digital Human-System Interfaces Design

Xiufeng Tian, Xingwei Jiang, Jinggong Liu

CNNC, China Nuclear Power Engineering Co., Ltd, Beijing, P.R.China

Operators of nuclear power plant (NPP) play a vital role in the productive, efficient, and safe generation of electric power. More widespread use of digital technology is expected in the nuclear plants, especially main control rooms (MCR). Operators face a significant challenge in digital control rooms that will be produced at various stages of instrumentation and control modernization. It is believed that the introduction of digital I&C can lead to an overall improvement in operator performance and reduce workload in abnormal conditions. However some negative consequences will also arise due to faulty HSI design based on our research and other published research. Human reliability analysis (HRA) is a technique to evaluate the reliability of the human actions, including those actions taken by the operators in the main control room. HRA can seek to evaluate the potential for, and mechanisms of, human error that may affect plant safety. Thus, it is an essential element in achieving the Human factors engineering (HFE) design goal of providing HSI that will minimize personnel errors, allow their detection, and provide recovery capability. The paper discusses the findings of an investigation to operating and as-building plants in China installed with fully digital I&C systems. Interviews were made with the simulator instructors, control room operators, designers of Main Control Room (MCR) about the control layout, computer interface, alarms, and procedures to understand the effects on operator performance. Specific performance shaping factors (PSFs) for digital I&C control room are proposed to be considered in HRA methods. It is also suggested how to apply the specific PSFs in digital HFE/HSI design process.


A Methodology for Safety Culture Index Assessment Using Minimal Cut Sets

Kiyoon Han, Yongjin Lee and Moosung Jae

Department of Nuclear Engineering, Hanyang University, Seoul, Korea

The purpose of this study is to evaluate the Safety Culture Impact Index (SCII) for several types of nuclear power plants in Korea. The SCII model can be used for measuring the changes of the core damage frequency which might be affected by the status of safety culture in nuclear power plants. In order to develop the SCII model, the safety culture indicators and their assessing method are developed and applied to a reference plant. The reference plants are selected and their basic events are evaluated according to the level of the impact of safety culture. The results include the procedure to obtain the safety culture impact index as well as the frequencies of accident sequences which are expressed by the logical combination of minimal cut sets. The SAREX code is used for producing safety culture impact index related to the plant status. The correlation between the basic events caused by the quality of safety culture has been analyzed in this study. The uncertainty in safety culture impact has been also analyzed. The developed SCII model might contribute to comparing the level of the safety culture among nuclear power plants as well as to improving the management safety of nuclear power plants.

F02 Reliability Analysis and Risk Assessment Methods VII

10:30 Kahuku

Chair: Pablo Viveros Gunckel, UTFSM


Probabilistic Performance Assessment for Crushing System. A Case Study for a Mining Process

P. Viveros (a,b), A. Crespo (b), F. Kristjanpoller (a,b), R. Stegmaier, E. Johns (a), V. Gonzalez-Prida (b)

a) Universidad Técnica Federico Santa María, Department of Industrial Engineering, Valparaiso, Chile City, Country, b) Department of Industrial Management, University of Seville

The productive performance of a system is mainly determined by its design specifications such as volume, capacity and processing speed; however, it is also conditioned on the reliability of its equipment, the logic be-hind the operation of the process and the availability of its overall system. In this viewpoint, these features are relevant to estimate the throughput, and need to be given due account in proper dimensioning and management. Significant modelling complexities can arise when accounting for realistic conditions for multi-production, storage flexibility, recirculation, setups, and random times of operations and repairs. Within an integrated, systemic view of the production process and related productivity performance, these issues must be treated by fusing the methods of reliability and availability analyses with those of production process engineering. This article propose an integrated probabilistic modelling to analyze, evaluate and compare the performance of a Crushing line under specific operational criteria, considering the characteristics of its equipment and the systemic setting in which they are embedded. The resilience characteristic is an important real factor of this kind of process, so will be analyzed in detail. According to, the software RelPro® will be used to model the Crushing System (mining process in Chile). This software was developed in Java language, based on Monte Carlo simulation (simulation by event). This modelling creates the flexibility needed to model the complex behaviour of high-dimensional systems.


An Innovative Proposal for Systemic Modeling, Analysis and Simulation in a Continuous Production Process

René Tapia (a), Pablo Viveros (b,c), Adolfo Crespo (c)

a) RelPro S.A, Santiago, Chile, b) Universidad Técnica Federico Santa María, Department of Industrial Engineering, Valparaíso, Chile, c) Department of Industrial Management, University of Seville, Spain

This research aims to develop an innovative proposal for systemic modeling, analysis and simulation. There are different techniques to estimate availability and production in continuous production plants, being one of the most used the Reliability Block Diagram technique [1-3] because of its simplicity and probability framework, but it has significant approximations. Another widely used technique to model and analyze are Markov-Chains (discrete time) [4]. Both techniques have been specially designed to analyze for a limited number of functional settings and disposition of elements, like parallel, stand-by, serial, and so on [5-7]. Additionally, the last mentioned techniques do not allow studying the variability of variables which is commonly demanded. So this paper is focused to develop a technique based on specific algorithms which allows engineers to have a broad perspective of the system with a flexible layout framework, simulating the production, availability and runtime of the plant considering the impact of each random event over each one of all elements of the process. The presented algorithms have the advantage that are made based on the occurrence of each event, so the time duration of processing is based on the number of random events [8, 9], reducing dramatically the simulation times.


Risk Quadruplet: Integrating Assessments of Threat, Vulnerability, Consequence and Perception for Homeland Security

Kara Norman Hill (a) and Adrian V. Gheorghe (b)

a) Booz Allen Hamilton, Norfolk, VA, USA, b) Old Dominion University, Norfolk, VA, USA

Risk to a critical infrastructure, is considered to be a function of threat, vulnerability, and consequence. It has long been a challenge to integrate these three disparate assessments to establish an overall picture of risk to a given asset. There are many different types of risk assessments performed on assets and those different assessments explore risk from different perspectives. Is the asset a critical power plant, essential to electricity generation? Is it a large dam, critical to the water supply? Is it a major road, critical to transportation? Or is it a major tourist attraction, critical to national morale? Or, like the Hoover Dam, is it all of these things? Which risk assessment is “right”? How can all of these risk assessments be integrated? Are certain risk assessments more important than others? Obviously, risk is a function of our perceptions, which can influence our understanding of threat, vulnerability, and consequence. A risk quadruplet methodology is proposed to systematically integrate risk perceptions with assessments of threat, vulnerability, and consequence in a traceable, reproducible, and meaningful manner. The risk quadruplet model is explored by leveraging Evidential Reasoning technique (MCDA), along with simulated data for threat, vulnerability, consequence, and perception.

F03 Revision of Seismic PRA Standards of Japan

10:30 O'ahu

Chair: Yoshiyuki Narumiya, The Kamsai Electric Power Co., Inc.


Revision of the AESJ Standard for Seismic Probabilistic Risk Assessment (1): Extension and Enhancement of Accident Scenario

Yoshiyuki Narumiya (a), Mitsumasa Hirano (b), Tsuyoshi Takada (c) and Kentaro Hayashi (a)

a) The Kansai Electric Power Co., Inc., Osaka, Japan, b) Tokyo City University, Tokyo, Japan, c) The University of Tokyo, Tokyo, Japan

This session consists of a four-part presentation on the amendment of the Standard for Procedures of Seismic PRA for NPPs and introduces significant additions/updates in three chapters, Seismic Hazard Evaluation, Building and Component Fragility Evaluation, and Accident Sequence Evaluation. This presentation introduces the purpose, background, and discussed points of the amendment, e.g. extending scope of application to seismic induced events. Upon the revising the previous standard, we updated various requirements in view of advancements in PRA techniques based on new technological findings after the publication of the 2007 version standard and to improve the quality and transparency of this standard. In particular, the amendment reflects the lessons learned and new findings from Fukushima Dai-ichi accident (the 1F accident) as much as possible: e.g. events caused by earthquake, combined seismic and tsunami events, accident management measures, impact to fuel in spent fuel pool, multi-reactor effects, impact of aftershocks, and impact of land sliding.


Revision of the AESJ Standard for Seismic Probabilistic Risk Assessment (2) Seismic Hazard Evaluation

Katsumi Ebisawa (a), Katsuhiro Kamae (b), Tadashi Annaka (c), Hideaki Tsutsumi (d) and Atsushi Onouchi (e)

a) Tokyo City University, Tokyo, Japan, b) Kyoto University, Kyoto, Japan, c) Tokyo Electric Power Services Co., Ltd., Tokyo, Japan, d) Former Japan Nuclear Energy Safety Organization, Tokyo, Japan, e) ChubuElectric Power Co., Inc., Nagoya, Japan

After the Atomic Energy Society of Japan was established seismic PRA implementation standard in 2007, some severe earthquakes which affect the seismic design of nuclear power plant have occurred. The most important earthquakes among them are the 2007 Niigata-ken Chuetsu-oki earthquake and the 2011 Tohoku-oki earthquake. In the later, the various new findings about the trigger earthquake and large aftershock caused by huge earthquake, the fault displacement and diastrophism due to the co-seismic and post-seismic slip, the joint effect of seismic motion and tsunami, and the effects of multi units and sites on the safety analysis were obtained. The new findings are incorporated into the revision of seismic hazard evaluation. This paper describes the overview of the Fukushima Dai-ichi nuclear power plant accident and lessons learned from its accident. The paper highlights the additional items based on lessons learned from various earthquakes such as Tohoku and NCO EQs after the 2007 version standard.


Revision of the AESJ Standard for Seismic Probabilistic Risk Assessment (3): Fragility Evaluation

Akira Yamaguchi (a), Susumu Nakamura (b), Yoshitaka Tsutsumi (c), Tadashi Iijima (d) and Yoshinori Mihara (e)

a) Osaka University, Osaka, Japan, b) Nihon University, Koriyama, Japan, c) Chubu Electric Power Co.,Inc., Nagoya, Japan, d) Hitachi-GE Nuclear Energy, Ltd., Hitachi, Japan, e) Kajima Corporation, Tokyo,Japan

This paper introduces the following key issues on the fragility evaluation of SSCs in revision of the AESJ Standard for Seismic Probabilistic Risk Assessment. 1. Requirements for seismic induced other risk evaluations such as tsunami are clarified. For instance, the influence of structural damage due to main shock is considered as necessary to evaluate the realistic response by tsunamis after main shock. 2. Most recent findings are reflected based on the actual damage and simulation analyses of some earthquakes beyond design basis earthquake after 2007. For instance, seismic response analytical model is better suited for the realistic response evaluation up to damage limit paying attention to three dimensional responses of buildings / structures and its effect on equipment important to safety based on the seismic simulation analyses with observed records and usage experience. Floor deformation, torsion and rocking etc. are considered as three dimensional responses. 3. Requirements for the fragility evaluation of severe accident management equipment, its passageway, spent fuel pool and isolated important building are clarified based on the findings of Fukushima accident and so on. 4. Requirements for the fragility evaluation of aftershocks other than main shock and soil deformation due to fault displacement are clarified.


Seismic Quantification Enhancements for getting CDF/LERF Distribution from the Point Estimates Results

Ovidiu Coman

International Atomic Energy Agency

Technical requirements of the standard ASME/ANS RA Sa-2009 for capability category 2 imply appropriate consideration of uncertainty and combination of random failures with seismic failures. The paper presents how to develop the plant state mean fragility from the point estimate results that includes random failures. The plant state CDF/LERF components corresponding to each acceleration range are divided by the corresponding hazard frequency resulting discreet points of the mean plant state fragility. Furthermore using relationships presented in Ref. [2] βU and βR can be recovered and full plant state fragility parameters are obtained. Finally CDF/LERF distribution is developed.


Tsunami PRA for Kashiwazaki-Kariwa NPP

Keiichiro Saito, Masanori Takeuchi,Takashi Uemura,Yasunori Yamanaka

Tokyo Electric Power Company Inc, Tokyo, Japan

The Fukushima Daiichi Nuclear Power Station was struck by the huge tsunami generated by the 2011 off the Pacific Coast of Tohoku Earthquake on March 11, 2011, and experienced a severe accident. The most important lessons learned from the accident was that the “Defense-in-depth for tsunami was insufficient”. Therefore we are implementing many safety enhancement measures for tsunami in our Kashiwazaki-Kariwa Nuclear Power Station. We performed tsunami PRA studies in order to evaluate the effectiveness of these measures for addressing tsunami. The studies was based on the guideline “The Standard of Tsunami Probabilistic Risk Assessment (PRA) for nuclear power plants”[1] issued by the Atomic Energy Society of Japan (AESJ) in February 2012. Before and after tsunami countermeasure implementation studies are being done in order to evaluate the effectiveness of the countermeasures. In this paper, the evaluation results for the case of before and after tsunami countermeasure implementation are described, and the effectiveness of the tsunami countermeasures is shown.

F04 Transportation and Storage

10:30 Waialuac

Chair: Kumar Bhimavarapu, FM Global


Reliability and Safety Models of Transportation Systems -a Literature Review

Franciszek J. Restel

Wroclaw University of Technology, Wroclaw, Poland

Transportation systems form the backbone of economy and play an important role in society. Because of the far-reaching effects of disruptions on these systems (social, economic, national defense), they are classified as critical infrastructure systems. Reliability researches on various elements of transportation systems were carried out since the mid-twentieth century. The focus was on vehicles and their components. Infrastructure is an important component of system, in addition to vehicles. The highest level of complexity is characterized by the railway infrastructure. It is natural, that this led to a number of models describing selected issues. In recent years, much attention has been paid to critical infrastructure systems. There have been numerous proposals for the use of graph models in the analysis of resilience and vulnerability of transportation systems. There are many groups of models describing reliability. Some models contain reliability factors only fragmentary. This paper presents experience with reliability models, were tested in research work on the railway transportation system. The inference is not limited to railway transportation system, but generally relates to land transportation systems. The review includes also own models that are dedicated to describing reliability of fixed-track systems, in which processes are determined by a timetable.


Analysis of Interdependencies of the Mexico City Metro System

Jaime Santos-Reyes, and Diego Padilla-Pérez

SARACS Research Group, SEPI-ESIME, IPN, Mexico City, Mexico

The Mexico City Metro underground system has been regarded as the second largest Metro in North America after the New York City Metro. It is believed that in 2006 the system served over one billion passengers, the fifth highest in the world. Given this, a threat to the Metro transport system may either have an impact on other industries that rely on it or to the other modes of transportation in the City. Interdependencies amongst the key components of the Metro system, therefore, must be understood and adequately addressed. The paper addresses the modelling of the interdependencies amongst the Metro lines by applying a 'Systemic Safety Management System' (SSMS) model. The paper gives an account of the ongoing research project.


Bottlenecks of Inland Container Terminals

Mateusz Zajac, Franciszek J. Restela

Wroclaw University of Technology

Availability of the intermodal transport chain depends on the proper functioning of the container terminals, including their ability to perform cargo handling infrastructure, cost-effectiveness and scope of services, quality and reliability. Increasing number of intermodal operators make that competitiveness becomes crucial issue to survive in the market. New objectives and performance measures need to be identified and employed to evaluate the performance of a container terminal. The aim of article is to show the most important elements of container warehousing and its impact on process availability and productivity. The article threats problems on inland intermodal terminals.


A Risk Informed Assessment of Hydrogen Dispensing in Warehouses

Kumar Bhimavarapu

FM Global, Norwood, MA, USA

Hydrogen dispensing units are installed increasingly in warehouses to refuel fuel cell powered fork lift trucks. A risk informed assessment was undertaken to evaluate the adequacy of safety systems with a focus on property damage from explosions resulting from accidental hydrogen releases. A few scenarios covering the potential range of releases were evaluated. The explosion-related consequences in terms of overpressures and associated damages were taken from another modeling study. Based on failure rate data for generic and hydrogen systems, order of magnitude likelihoods were assessed for the release and explosion scenarios. The estimated property damage risk was evaluated against tolerable risk established using three independent criteria based on severity of consequences, a SIL (Safety Integrity Level) matrix, and loss experience in warehouses. Risk reduction opportunities were identified in terms of the integrity of the safety functions performed by the instrumentation.