Assessment of the personnel reliability indicators during long-term operation of a nuclear power plant unit*

The purpose of the work is to form and discuss the key components of the methodology to obtain the quantitative indicators of the personnel reliability based on the actual long-term operation experience data for a particular power unit. The timeliness of this work and similar studies is based on a simple judgment that the personnel reliability performance at similar units, in the best case, and in associated industries, in the worst case, that is, the reliability of personnel at other industrial facilities, is used to justify the design when designing power plant units. Accordingly, the obtained safety assessments with respect to personnel have nothing to do with the facility the safety of which is justified. This requires respective methods and procedures to update the safety criteria with regard for the actual operation experience, as a minimum, based on the actual reliability of the NPP unit personnel. The key components are presented for shaping the methodology to obtain the quantitative indicators of the personnel reliability based on data of the unit’s long-term actual operation experience. Recommendations and explanations are provided for each of the methodology’s key components, namely: an information model of the methodology, the key indicators and other components are provided. The timeliness of the methodology development is explained making it possible to obtain quantitative indicators based on the nuclear plant unit’s operation experience. An additional methodology is presented to assess the safety of nuclear power plants. A unique notional definition of the nuclear plant personnel reliability, and the procedures to justify the power unit safeguards with regard for the human factor aspects have been proposed. An information model of the methodology is provided and the prospects of its application to improve the safety justification procedure for various components of the nuclear plant units are described. To conclude with, ways are presented for the further evolution of the proposed methodology, and the scope of the methodology and the expected positive effect from its application are described.


Background
The safety of the nuclear power plant (NPP) is one of the indicators that define the possibility for the design technologies and structures to operate and be environmentally acceptable in future during long-term operation of the nuclear power system. Therefore, a repeated expert review is undertaken to ensure the preset safety criteria at the NPP unit design, construction and operation stage independent of the unit type and series. The severity of the potential consequences and the level of safety deficiency, with regard for a variety of probable scenarios for the oc-currence and progression of emergency and destructive events, are checked as part of the basic review and expert analysis process.
One of the important aspects that define the safety and reliability of the NPP operation is the proficiency and competence of operating personnel. In a general case, it is important that the human factor effect and the potential for erroneous personnel actions at all NPP lifecycle stages are taken into account when highly automated man-machine NPP safety control systems are used. While all is more or less well as far as the procedures for assessing and methods for improving the reliability of engineering systems are concerned, the situation is much worse with the reliability of personnel. Thus, for example, if introduction of hot standby components in equipment improves assuredly the system reliability, implementation of the same principle for personnel is far from ensuring invariably a positive effect. So far, there is no clarity as well with the personnel reliability assessment, and the notion of "personnel reliability" as such is not so unambiguous. Assuming that the set of the required personnel functions is formed in instructions for standard modes of operation and design-basis accidents, and based on competences for beyond-design-basis accidents, it is proposed that the following conceptual definition should be used.
The reliability of the NPP personnel is the capacity of employees to perform, in a timely manner, with a good quality, and in the required scope, the essential work processes, technologies and functions aimed to maintain the normal operating conditions of the NPP, and to prevent and mitigate the risks of hazardous and emergency situations which are negative for nuclear power.
Quantitatively, the reliability of personnel is characterized by the probability of the trouble-free and timely performance of all required and implemented actions to maintain the normal operating conditions of the NPP and to limit the consequences of accidents.
Information on the quantitative reliability indicators for engineering components is obtained as the result of tests performed by the manufacturer or certified centers; using dedicated models that enable reliability calculations for the equipment unit; with the use of expert surveys; and based on the experience of operation in particular conditions of application. And the quantitative assessments obtained using the above approaches may differ greatly and the preferred values are those obtained based on analyzing the experience of operation in particular application conditions. The reliability of personnel can be quantitatively assessed by analogy with the NPP equipment reliability assessments based on analyzing the results of the personnel simulator drills at training centers. Dedicated models that enable personnel reliability calculations, expert surveys, and data on the experience of the personnel behavior in the period of operation in particular operating conditions can be used then to determine the probability of erroneous NPP personnel actions for the given conditions and circumstances. Here, it is important to underline that (in the same way as for equipment) the quantitative assessment obtained using different approaches may vary broad-ly, and the preferred values are those obtained based on analyzing the experience of operation in particular conditions. The emotional stress level, the awareness of the responsibility and the gravity of the error consequences during simulator training are essentially different as compared with the performance of the personnel functions at particular workplaces.
It is hard to assess in quantitative terms the reliability of personnel and, therefore, the safety indicators at the power unit design and construction stage. So, as recommended in (RB-100-15 2015, GOST 26291-84* 2013, data from all available sources is used, including that on the reliability of personnel at similar units. This leads to a situation when the safety of the unit is achieved based on the outside personnel reliability data. Therefore, timely activities are required to develop procedures that make it possible to obtain quantitative indicators of the personnel reliability based on the experience of the long-term actual operation of the particular unit or NPP. Using quantitative indicators of the personnel reliability obtained through such procedures will allow obtaining such assessments of the safety indicators that reflect the actual level of safety culture at the particular unit, the quality of occupational training, the working climate, and many other criteria that define the safety of the unit as the whole. Revising the methodology for the NPP unit safety justification, with regard for the actual reliability of personnel, will make it possible to identify in future the insufficient quality of the NPP unit safeguards, including with respect to the personnel reliability criterion, and to take then timely measures to improve the situation in the given application domain of knowledge.

Method to solve the task of assessing the personnel reliability indicators based on the operating experience of a particular unit or the NPP as the whole
The indicators of the personnel reliability during longterm operation of a particular unit or the NPP as the whole can be assessed based on a unique methodology for obtaining the quantitative indicators of the personnel reliability. Such methodology may have the following key components: • an information model of the methodology; • key indicators and quality criteria of the personnel behavior at the NPP unit operation stage; • rules for forming and the matrix of the input with respective verification sources; • a set of computation and expert review algorithms, methods and tools for obtaining quantitative indicators; • algorithms and methods for testing the quality and reliability of the obtained final assessment results.

Key indicators
The potential key indicators in the methodology for obtaining the personnel reliability indicators based on the experience of the actual long-term operation of the particular unit are as follows: • the list of the events important for the NPP safety justification in terms of personnel reliability; • the competence and occupational training level of the NPP personnel; • the probability of erroneous personnel actions during normal operation; • the probability of erroneous personnel actions in the period of extreme situations at the NPP operation stage, including the period of operation with the development of destructive or fire-hazardous events.
These indicators define the vector of justifications and the technical policy of the NPP in the safety and reliability field, and the efficiency of the unit operation with regard for any possible human factor effects on the NPP safety and reliability status. This policy must be built such that there is a particular person responsible for the NPP safety quality and culture. Therefore, the methodology for obtaining the personnel reliability indicators based on the actual longterm operation need to take into account the employee's personal responsibility and motivation factors (material and moral encouragements for the quality of ensuring safety and for the adequate reliability of the services rendered).

Information model
The full-scale and unambiguous definition of the methodology is formed from the structure of its information model. The information model shall be understood to mean a description of stepwise actions in the form of a sequence of independent expert and individual measuring and computational procedures, analytical and expert analysis procedures, procedures for verifying and validating the safety justification results for the NPP unit or its individual components, as well as conditions of declaring the results obtained in the justification in question with regard for the specific human factor effect on the safety and reliability of the unit longterm operation during operation of the NPP. The information model must reflect the auxiliary processes and procedures to collect and analyze the quality of the input for the practical implementation of the methodology, as well as the composition of the procedural and computational algorithms, methods of handling these, the algorithms and techniques to verify the findings, the permissible scope of and the limits for using these findings to justify the safety of the future NPP operation with regard for the human factor effects. Fig. 1 presents a simplified diagram of the information model for the methodology to obtain personnel reliability indicators based on the experience of the actual long-term NPP unit operation.
For the convenience of its practical application, the model is presented in the form of a cause and effect diagram (Lobastov SYu 2015, Sheromova and Yanchenko 2017). In the given case, this is a tool that provides for a system approach to identifying the cause and consequence factors affecting the quality of justifying the safeguards for the NPP unit safe and reliable operation. The methodology's information model in the form of a cause and effect diagram, as part of the general procedure for justifying the safeguards for the NPP unit safe and reliable operation, is presented in Fig. 2.

Input and its sources
The initial data for forming the matrix of reliable input to implement the said methodology is the actual final measurement and expert review results which are formed as the practical operating experience of the NPP and its unit is accumulated. The input must be analyzed in qualitative and quantitative terms based on reliability criteria and with regard for probable errors. As part of the analysis, individual events are selected from the input data on the operation experience and are classified. Formally, these procedures need to be broken down, but, in practice, it is convenient to combine them in the context of one network diagram for the NPP unit safety analysis.
A decision shall be made based on the primary qualitative analysis results as to the reliability of the operation experience data to obtain quantitative assessments of the required personnel reliability indicators. In the event this data is not enough, close groups of events that have taken place at effective NPP units or other nuclear installations can be merged, depending on the classification features, or based on the simulation results for the behavior of such installations.

Set of methods and tools for obtaining quantitative assessments
A practicable way is to define the following selection of several theoretical distribution laws for the equipment and/or personnel reliability indicators which are most acceptable in terms of interpreting personnel reliability assessment results. Important is mandatory selection of distributions for the exponential group (the one having an individual form of exponential reliability), and verifying justification of the adopted distributions in terms of a priori hypotheses concerning the nature of the random flow of the NPP personnel failures incorporated in the selected distributions.
The basis for the given methodology stage is the process which consists in estimating the parameters of reliability laws based on the data previously obtained from the experience of operation. At least two verified methods need to be used for the calculation. In practice, this will make it possible not only to obtain, with a greater degree of reliability, the estimated parameters, that is, indicators of the methodology to obtain the personnel reliability indicators based on the experience of actual operation, but also to compare them with each other.

Methods for primary verification of findings
The closing step in the methodology to obtain the reliability indicators consists in a primary qualitative expert analysis for the reliability and acceptability of the findings concerning the NPP personnel reliability. The essence of this step is to assess the compliance of the obtained quantitative indicators with the known theoretical laws (verification based on statistical criteria, comparative analysis of findings, fit with the theory of extreme parameters, queuing theory, etc.). This analysis makes it possible to assess if the use of a particular theoretical distribution of the NPP personnel reliability indicators is justified, and to select the best one, in terms of statistical quality criteria, for being further used to justify the safeguards for the safety and environmental acceptability of the future NPP unit operation. Besides, this step will allow detecting the errors made at earlier stages and improving the quality of the obtained NPP personnel reliability assessment results.

Technique to implement the methodology for obtaining the personnel reliability indicators
The key objective in implementing this methodology is to assess, in a robust manner, the reliability of personnel. In future, the practical implementation of the methodology opens up the way for a more complete safety analysis of the NPP, an individual unit, or a reactor facility with regard for the actual reliability of personnel based on taking into account negative and other human factor aspects in a prolonged period of operation. An important circumstance for the methodology implementation is that there is no need for developing anew the entire structure of the NPP probabilistic safety analysis. It may be fairly enough to take into account the actual reliability of personnel in the already existing models of the NPP probabilistic safety analysis and the respective update based on the quantitative assessment results for the actual reliability of personnel in the final safeguards for the NPP safety indicators.
The implementation of the methodology to obtain personnel reliability indicators based on the experience of actual operation offers a solution to a number of important issues that affect to a great extent the parameter estimation and the practice of using parameters in the NPP safety investigations. Such aspects (provisions) include • classification of the operation experience and personnel error data; • selection of the reliability law; • methods to obtain quantitative assessments; • verification of results.
The classification of the operation experience data includes, in a number of cases, a primary qualitative analysis of the operation experience data, e.g., based on the methods developed earlier to this end. The natural requirement to the classification of personnel errors in the operating experience accumulation period is that these should be arranged depending on the potential scenarios of the initial causes and events, and, then, formally interpreted in the direction of the logic of using the personnel reliability data in the NPP safety investigations. Thus, for example, an error of the "self-deception" type in some of the NPP personnel production activities can be identified. However, such personnel error type and the probability of this to take place are practically inapplicable in the format of normally performed NPP safety justification activities. It should be noted that the development of the classification using up-to-date approaches, e.g., cluster analysis tools (Mirkin 2016), can lead to a positive effect. For instance, in the form of identifying the feature that affects to a great extent the reliability of personnel, or the features that will be indicative of the necessity to identify individual classes (subclasses) during the classification.
The theoretical law of the personnel error probability distribution in time (reliability law) is no less important for the quality of the personnel reliability assessment results, and for improving the general procedure to ensure the safety and environmental acceptability of the future NPP unit operation. An applicability criterion of reliability law is its physical interpretability which narrows greatly the range of probable distributions acceptable for implementing the presented methodology in practice. It should be additionally noted that the selection of reliability law correlates with the need for taking into account the probability for the existence of dominant factors in the flow of personnel errors. In other words, if there are grounds to believe that there are dominant factors in the personnel error flow, normal distribution should be used very carefully. Weibull distribution is the most acceptable distribution for describing random flows of the NPP events. In more details, the causes for and the reasons in favor of using exactly this distribution are presented in (Volkov et al. 2008).
To avoid the ungrounded selection of a particular reliability law as part of the methodology, it is practicable to use two alternative laws as a minimum. These laws may include various assumptions concerning the nature of the error (failure) flow which will make it possible to analyze also the nature of the random flow. Such approach will make it possible to improve the quality of the assessments obtained through their comparative analysis among each other.
The final methodology stage is to test the quality of the assessments obtained, primarily, based on the criteria of completeness and reliability. Widely known statistical tools and regularities are used for such testing, e.g., Renyi theorem (Lapatin and Nazarov 2011). This theorem asserts that the initial flow will converge to a steady-state Poisson distribution since the random flow of events is decimated, that is, a distribution in time among the events will converge to an exponential distribution.

Conclusion
Based on the experience gained in expert reviews for the industrial, nuclear, radiation, and environmental safety of complex engineering systems and integrated facilities, including nuclear power systems, with regard for the effects of negative human factors, an information model has been proposed for the methodology to assess indicators of the personnel reliability during long-term operation of the nuclear plant unit. The model is presented in the form of an original Ishikawa diagram (see Fig.  2). Such presentation form ensures that the model evolves in the direction of forming an engineering structure, information facilities and tools in the general NPP unit safety expert review system, including various components, pipeline systems, etc. This is a promising model in terms of preventing potential design-basis incidents and accidents the initial root event for which is human factor. A promising way of practically using the proposed methodology is to mitigate the facts of low competence and, on the whole, the reliability of the nuclear plant's attending personnel at the stage of justifying and providing safeguards for the safety of the future NPP unit operation, including beyond the specified design life of the plant. Primarily, the model retains the system-oriented approach to developing potentialities, and ensuring the safety, reliability, and efficiency of the NPP personnel work. On the whole, a promising application for the considered model includes the search for solutions to essential issues of improving engineering systems for prevention of process errors and fires, functional protection, including emergency and physical protection, against unauthorized impacts, as well as issues of improving hardware and software technical diagnosis systems for the structural components of pipeline networks, and information systems for the online control of the NPP unit safety performance.
The following shall be further noted. As experience is accumulated in the practical application of the methodology, the regulatory framework will need to be updated and improved by way of validation. One shall not forget as well the issues involved in occupational training and retraining of respective personnel for the qualified performance of the NPP personnel reliability assessment. At the present time, the complete cycle has been implemented for improving the research potential of the NPP personnel reliability expert review, and a verified unique procedural tool has been built which can be used in design of nuclear facilities, primarily in for calculating the safety of and the risks from various industrial installations in the country's power complex with regard for various human factor aspects.