Corresponding author: Petr V. Povarov ( povarovpv@nvnpp1.rosenergoatom.ru ) Academic editor: Georgy Tikhomirov
© 2021 Maxim Yu. Tuchkov, Petr V. Povarov, Aleksandr I. Tikhonov, Margarita M. Litvak.
This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Citation:
Tuchkov MYu, Povarov PV, Tikhonov AI, Litvak MM (2021) Development and validation of the interactive unit start-up procedure as a software tool in the implementation of the operator information support system at the NVNPP. Nuclear Energy and Technology 7(3): 173-179. https://doi.org/10.3897/nucet.7.73182
|
This article is focused on the current issue of developing an operator information support system (OISS) for the Novovoronezh NPP II project. One of the main reasons to raise this topic is the MCR operator’s overload with data due to the greatly increased information flows related to the VVER-1200 Process I&C compared to the serially produced VVER-1000 power units. The other important reason, in the authors’ opinion, is the increased volume of existing procedures in hard copy due to the strengthened requirements for their registration and attempts to describe all possible failures and deviations in the programs and plant evolution sheet, which complicates the work on them. In the era of ubiquitous digitalization, the paper procedures can only distract the attention of the operator, who is overloaded with information even without that. The obvious solution is to create a system providing automatic collection and analysis of information. In addition, the functionality of the operator information support system allows the use of operating experience, thus minimizing the impact of the human factor. The lack of knowledge or experience could be especially challenging with procedures being applied infrequently, for example, for starting up and shutting down the unit. The authors consider the development and functionality of interactive procedures and applicable requirements for them. Particular attention is paid to the ergonomics of the workplace and the convenience of operating personnel working with an interactive procedure. Since the transition from the paper version of the programs can cause problems with reading the procedures and, ultimately, lead to the failure of the unit start-up time, the personnel of the operating station were directly involved in the development of the interactive programs. Based on the review results, conclusions were made about the correctness of the approaches in developing the interactive procedures and validated solutions to be disseminated for all routine operations.
Operator information support system, interactive procedure, information, alarm, functions, validation
The operator analyzes the state of the system (equipment) in each state of the NPP power unit, using all available sources of information, including:
The concept adopted at present provides for control from the operator computerized workplaces (OCWP). As a rule, an OCWP consists of two displays and a manipulator, i.e., a mouse, which makes control actions on fittings and assemblies. Operating experience has shown that, for ensuring quality control of the process and predicting further actions, the operator needs to have at hand a number of graphs, trends, histograms, the volume of which is not regulated anywhere and is determined only by the current need. Passing alarms are also monitored in a separate window. Thus, one operator display is occupied with graphs and alarms. In addition, some of the information is duplicated on panels and consoles. At the same time, the database of the upper unit level system (UULS) contains about 170 000 signals that are displayed to the operator on more than 1500 video frames, and the number of alarms on the control room operating consoles is more than 700. The combination of informational and psychological overload of the operators can lead to their emotional burnout and cause operating errors (
The current UULS version contains tools aimed at reducing the informational load. An attempt to create interactivity of emergency response procedures was made in implementing the function of the safety parameter display system (SPDS) (
Thus, the main reason for the operator’s informational overload is that the existing VVER-1200 APCS does not contain tools for analyzing the mutual consistency of measurement results and generating generalized assessments of the power unit state and its main technological systems, which is required for the operator to monitor the process and timely manage it. Therefore, to compensate for the negative consequences of the human factor impact on the safety of nuclear power plants, it is necessary to create an operator information support system (OISS), which will limit the operator load to a level corresponding to the possibility of adequately assessing the emergency situation.
Moreover, the presence of such systems at modern power units is regulated by regulatory documents (
An operator support system (OSS) is defined in them as a system or systems designed to support abstract thinking tasks or intelligent information processing tasks performed by the MCR personnel. GOST R IEC 60964-2012 was put into effect after the approval of the technical specification for the NPP-2006 APCS and the specifications for the UULS, and its requirements are not taken into account in the current NPP-2006 APCS.
The operator information support system is created to minimize the likelihood of erroneous actions of the MCR personnel by implementing the following functions (
LLC IF SNIIP ATOM on its own initiative and with the active support of the Novovoronezh NPP developed an OISS model, which includes a software model of the power unit and interactive step-by-step procedures. The first version of the model for the purpose of accumulating archives of operational data for validating the OISS functions has been in operation at NvNPP II-1 since the commissioning of the power unit.
A special role is assigned to the MCR personnel when they carry out complex and lengthy operations to transfer the power unit from the ‘cold state’ (after performing scheduled preventive maintenance or related to the elimination of comments) to the ‘working at capacity’ state.
The adopted safety culture concept provides for strict adherence to the procedure. Performing actions from memory is not allowed. Accordingly, at the unit start-up and shut-down stages, which cover changes in the state of a large number of systems, the MCR personnel must be guided by the start-up and shut-down programs, operational technological regulations for safe operation, instructions for the reactor plant operation and other operating instructions. All actions of the personnel are regulated by the appropriate administrative documentation.
Obviously, the volume of documentation in paper form is huge and the search for specific information takes some time, and most importantly, it forces operators to be distracted by its search, which can reduce the process control.
In combination with a large number of signals, the operator informational load does not meet the accepted standards.
These works are carried out according to the developed step-by-step work programs, approved by the NPP administrative management, and take a period of up to several days. Despite the fact that these work programs are described in sufficient detail and at each step there is both an executor and a supervisor, experience shows that the control room personnel can make an error. And the probability of making an error increases when the information flow reaches a level that significantly exceeds the capabilities of perception and reaction, and a stressful situation or prolonged monotonous work lead to gaps or, conversely, to excessive actions in implementing process control (
The difficulty of creating an interactive procedure lies in finding a balance between the level of operator involvement in the process and the degree of automation. In accordance with (
Let us consider one of the functions of the OISS (
The function is supposed to:
Implementation of the function of providing generalized information related to start-up (shutdown) procedures and routine maintenance should be based on operational documentation containing a safety justification and specific instructions to the personnel on how to conduct work, including:
Interactive Procedures (IP) is a software application, Kruiz, designed to support the operator in step-by-step execution of the unit start-up (shutdown) programs and other multi-stage activities.
The interactive unit start-up procedure is a multi-level sequence of actions. The procedure is divided into stages, which consist of steps (Fig.
The interactive procedure fully complies with the approved paper version but, at the same time, it allows the operating personnel to reduce the time for checking the compliance of process parameters with the conditions for a given state of the power unit, since the program includes monitoring the readiness of systems for the transition to the next state, as well as analyzing the selected process parameters for compliance with the limits and settings of the current stage. To perform work according to the paper start-up program (Fig.
The interactive procedure is helpful in collecting and analyzing the entire amount of information at each particular step. Reliable information necessary to complete a specific step is collected and presented in order to confirm the completion of this step (Fig.
Using the program, one can display a link to the control point, which contains the values of settings for a required variable, or build a graph to track the dynamics of the parameter change.
The program is multi-user. From their workplaces, all the participants in the process can observe the progress of the procedure and confirm the stages for which they are responsible. Upon confirmation, the username, date and time of confirmation are displayed. This reduces the time spent on communication between the personnel.
Fixing the execution time of the procedural steps makes it possible to conclude about the duration of each stage, which will help in the future adjust the start-up schedule with the introduction of relevant information on the duration of operations.
The operator’s actions are recorded during the work with the program. A created hard copy of the protocol can be used to correct inconsistencies in paper versions of the programs, as well as to identify the operator’s erroneous actions.
The Interactive Procedures contain active links to transitions to the required video frames for process systems, to graphs with the setting ranges shown on them for each power unit state, as well as links to transitions to interactive instructions for operating systems or interactive regulations for safe operation (Fig.
In 2019, the ‘Interactive power unit start-up procedure’ and ‘Interactive power unit shut-down procedure’ were validated at NvNPP II-1. During the start-up (shutdown) of the power unit, the routine passage of transitions from one state of the power unit to another (i.e., from its ‘cold’ state to output to the design capacity and back) was checked.
The software was installed in the MCR at an additional workplace. The employees of the NvNPP (MCR personnel) participating in the validation were taken out of their shifts during the validation and were engaged only in the software validation.
In the course of validation, the following was monitored:
The revealed inconsistencies and recommendations for improving the software were recorded in the working protocol.
After the power unit was connected to the network, each NvNPP employee who took part in the validation gave an assessment of the software according to the following parameters:
The validation performed on the assessment of the MCR personnel confirmed that the interactive procedure:
Based on the proven and validated solutions, it is possible to develop interactive procedures for equipment commissioning (decommissioning), routine checks, switch cards, trials, and tests.