Print
Development and validation of the interactive unit start-up procedure as a software tool in the implementation of the operator information support system at the NVNPP*
expand article infoMaxim Yu. Tuchkov, Petr V. Povarov, Aleksandr I. Tikhonov, Margarita M. Litvak§
‡ Branch of JSC Concern Rosenergoatom Novovoronezh Nuclear Power Plant, Novovoronezh, Russia
§ LLC Innovative Firm SNIIP ATOM, Moscow, Russia
Open Access

Abstract

This article is focused on the current issue of developing an operator information support system (OISS) for the Novovoronezh NPP II project. One of the main reasons to raise this topic is the MCR operator’s overload with data due to the greatly increased information flows related to the VVER-1200 Process I&C compared to the serially produced VVER-1000 power units. The other important reason, in the authors’ opinion, is the increased volume of existing procedures in hard copy due to the strengthened requirements for their registration and attempts to describe all possible failures and deviations in the programs and plant evolution sheet, which complicates the work on them. In the era of ubiquitous digitalization, the paper procedures can only distract the attention of the operator, who is overloaded with information even without that. The obvious solution is to create a system providing automatic collection and analysis of information. In addition, the functionality of the operator information support system allows the use of operating experience, thus minimizing the impact of the human factor. The lack of knowledge or experience could be especially challenging with procedures being applied infrequently, for example, for starting up and shutting down the unit. The authors consider the development and functionality of interactive procedures and applicable requirements for them. Particular attention is paid to the ergonomics of the workplace and the convenience of operating personnel working with an interactive procedure. Since the transition from the paper version of the programs can cause problems with reading the procedures and, ultimately, lead to the failure of the unit start-up time, the personnel of the operating station were directly involved in the development of the interactive programs. Based on the review results, conclusions were made about the correctness of the approaches in developing the interactive procedures and validated solutions to be disseminated for all routine operations.

Keywords

Operator information support system, interactive procedure, information, alarm, functions, validation

Introduction

The operator analyzes the state of the system (equipment) in each state of the NPP power unit, using all available sources of information, including:

  • operating instructions, regulations, programs;
  • field operators’ reports on visual inspection of the equipment;
  • alarms on the control room operating consoles; and
  • data from the automated process control system (APCS) at the operator work stations.

The concept adopted at present provides for control from the operator computerized workplaces (OCWP). As a rule, an OCWP consists of two displays and a manipulator, i.e., a mouse, which makes control actions on fittings and assemblies. Operating experience has shown that, for ensuring quality control of the process and predicting further actions, the operator needs to have at hand a number of graphs, trends, histograms, the volume of which is not regulated anywhere and is determined only by the current need. Passing alarms are also monitored in a separate window. Thus, one operator display is occupied with graphs and alarms. In addition, some of the information is duplicated on panels and consoles. At the same time, the database of the upper unit level system (UULS) contains about 170 000 signals that are displayed to the operator on more than 1500 video frames, and the number of alarms on the control room operating consoles is more than 700. The combination of informational and psychological overload of the operators can lead to their emotional burnout and cause operating errors (Kulikova 2019). In situations with a lack of time for making a decision, it is necessary to have one reliable source of information, adapted to a specific task, providing filtered compressed information in an accessible and convenient form (Anokhin 2014).

The current UULS version contains tools aimed at reducing the informational load. An attempt to create interactivity of emergency response procedures was made in implementing the function of the safety parameter display system (SPDS) (NP-001-15 2015). But the formats implemented in the SPDS can only adequately define critical safety functions and determine the procedure for the operating personnel to follow in their work (Fig. 1). The system then provides the personnel with only a digitized version of the beyond-design-basis accident management manual.

Figure 1. 

Critical safety functions in the SPDS.

Thus, the main reason for the operator’s informational overload is that the existing VVER-1200 APCS does not contain tools for analyzing the mutual consistency of measurement results and generating generalized assessments of the power unit state and its main technological systems, which is required for the operator to monitor the process and timely manage it. Therefore, to compensate for the negative consequences of the human factor impact on the safety of nuclear power plants, it is necessary to create an operator information support system (OISS), which will limit the operator load to a level corresponding to the possibility of adequately assessing the emergency situation.

Moreover, the presence of such systems at modern power units is regulated by regulatory documents (NP-001-15 2015, NP-082-07 2007, RB-152-18 2018). In accordance with Clause 2.4.27 (NP-001-15 2015), the operator information support system must be implemented as part of normal operation control systems and safety systems. More fully the requirements for the operator information support are set out in GOST R IEC 60964-2012 and GOST R IEC 62241-2012 (GOST R IEC 60964-2012 2014, GOST R IEC 62241-2012 2014).

An operator support system (OSS) is defined in them as a system or systems designed to support abstract thinking tasks or intelligent information processing tasks performed by the MCR personnel. GOST R IEC 60964-2012 was put into effect after the approval of the technical specification for the NPP-2006 APCS and the specifications for the UULS, and its requirements are not taken into account in the current NPP-2006 APCS.

Justification for the development of interactive procedures

The operator information support system is created to minimize the likelihood of erroneous actions of the MCR personnel by implementing the following functions (Bashlykov and Yeremeyev 1994, Anokhin et al. 2016):

  • reducing the information load on the MCR personnel to the target values specified in the regulatory documents;
  • analyzing the operation of process equipment and providing the personnel with processed information about the causes of deviations and the necessary actions during operation with deviations;
  • forecasting the process development for the operator early warning about possible disruptions in the power unit operation;
  • providing the operating personnel with information necessary for making an optimal decision on managing the emergency situation, preventing an accident and limiting its consequences; and
  • diagnosing the equipment condition and performance.

LLC IF SNIIP ATOM on its own initiative and with the active support of the Novovoronezh NPP developed an OISS model, which includes a software model of the power unit and interactive step-by-step procedures. The first version of the model for the purpose of accumulating archives of operational data for validating the OISS functions has been in operation at NvNPP II-1 since the commissioning of the power unit.

A special role is assigned to the MCR personnel when they carry out complex and lengthy operations to transfer the power unit from the ‘cold state’ (after performing scheduled preventive maintenance or related to the elimination of comments) to the ‘working at capacity’ state.

The adopted safety culture concept provides for strict adherence to the procedure. Performing actions from memory is not allowed. Accordingly, at the unit start-up and shut-down stages, which cover changes in the state of a large number of systems, the MCR personnel must be guided by the start-up and shut-down programs, operational technological regulations for safe operation, instructions for the reactor plant operation and other operating instructions. All actions of the personnel are regulated by the appropriate administrative documentation.

Obviously, the volume of documentation in paper form is huge and the search for specific information takes some time, and most importantly, it forces operators to be distracted by its search, which can reduce the process control.

In combination with a large number of signals, the operator informational load does not meet the accepted standards.

These works are carried out according to the developed step-by-step work programs, approved by the NPP administrative management, and take a period of up to several days. Despite the fact that these work programs are described in sufficient detail and at each step there is both an executor and a supervisor, experience shows that the control room personnel can make an error. And the probability of making an error increases when the information flow reaches a level that significantly exceeds the capabilities of perception and reaction, and a stressful situation or prolonged monotonous work lead to gaps or, conversely, to excessive actions in implementing process control (Anokhin 2015). In addition, such works are performed relatively rarely and, despite the mandatory maintenance of qualifications before starting (stopping) the unit on a full-scale simulator, a lack of operating experience and hidden defects can negatively affect the quality of the work performed.

The difficulty of creating an interactive procedure lies in finding a balance between the level of operator involvement in the process and the degree of automation. In accordance with (Mashin 1995), a high degree of automation of the interactive procedure can lead to the operator’s abstracting from the process control and losing a critical approach as a component of safety culture. It is also necessary to take into account the requirements of ergonomics for quality process control (Anokhin and Ostreykovsky 2001).

Sample interactive procedure

Let us consider one of the functions of the OISS (Gusev et al. 2019), i.e., providing the operating personnel with interactive procedures for starting (stopping) the power unit, designed to support the operator in performing complex tasks associated with transferring the power unit from one state to another.

The function is supposed to:

  • provide the operating personnel with information on the compliance of the monitored parameters with the established restrictions;
  • be multi-user; and
  • inform about the readiness of the equipment to perform the procedural steps, about violations in the automated actions, about the state of readiness of the equipment and systems according to process parameters to change the power unit state.

Implementation of the function of providing generalized information related to start-up (shutdown) procedures and routine maintenance should be based on operational documentation containing a safety justification and specific instructions to the personnel on how to conduct work, including:

  • working process regulations for the power unit safe operation;
  • reactor plant operating instructions;
  • operating instructions for equipment and systems; and
  • working step-by-step programs.

Work results

Interactive Procedures (IP) is a software application, Kruiz, designed to support the operator in step-by-step execution of the unit start-up (shutdown) programs and other multi-stage activities.

The interactive unit start-up procedure is a multi-level sequence of actions. The procedure is divided into stages, which consist of steps (Fig. 2).

Figure 2. 

Interactive procedure (typical example).

The interactive procedure fully complies with the approved paper version but, at the same time, it allows the operating personnel to reduce the time for checking the compliance of process parameters with the conditions for a given state of the power unit, since the program includes monitoring the readiness of systems for the transition to the next state, as well as analyzing the selected process parameters for compliance with the limits and settings of the current stage. To perform work according to the paper start-up program (Fig. 3), the operator has to carry out an independent analysis of the equipment readiness based on several UULS video frames, using the operating instructions for the systems and other documentation.

Figure 3. 

A sample unit start-up program in paper form.

The interactive procedure is helpful in collecting and analyzing the entire amount of information at each particular step. Reliable information necessary to complete a specific step is collected and presented in order to confirm the completion of this step (Fig. 4).

Figure 4. 

Collection and presentation of information in the interactive procedure.

Using the program, one can display a link to the control point, which contains the values of settings for a required variable, or build a graph to track the dynamics of the parameter change.

The program is multi-user. From their workplaces, all the participants in the process can observe the progress of the procedure and confirm the stages for which they are responsible. Upon confirmation, the username, date and time of confirmation are displayed. This reduces the time spent on communication between the personnel.

Fixing the execution time of the procedural steps makes it possible to conclude about the duration of each stage, which will help in the future adjust the start-up schedule with the introduction of relevant information on the duration of operations.

The operator’s actions are recorded during the work with the program. A created hard copy of the protocol can be used to correct inconsistencies in paper versions of the programs, as well as to identify the operator’s erroneous actions.

The Interactive Procedures contain active links to transitions to the required video frames for process systems, to graphs with the setting ranges shown on them for each power unit state, as well as links to transitions to interactive instructions for operating systems or interactive regulations for safe operation (Fig. 5).

Figure 5. 

A sample link to operational documentation.

Conclusion

In 2019, the ‘Interactive power unit start-up procedure’ and ‘Interactive power unit shut-down procedure’ were validated at NvNPP II-1. During the start-up (shutdown) of the power unit, the routine passage of transitions from one state of the power unit to another (i.e., from its ‘cold’ state to output to the design capacity and back) was checked.

The software was installed in the MCR at an additional workplace. The employees of the NvNPP (MCR personnel) participating in the validation were taken out of their shifts during the validation and were engaged only in the software validation.

In the course of validation, the following was monitored:

  • the compliance of the power unit equipment state displayed by the software with its real state;
  • the compliance of the instructions provided by the software with the operational documentation of the power unit;
  • the possibility for the operator to enter information on the execution of actions to start the unit;
  • the correctness of automatic determination of the power unit readiness for the next start-up step; and
  • the stability of the software functioning.

The revealed inconsistencies and recommendations for improving the software were recorded in the working protocol.

After the power unit was connected to the network, each NvNPP employee who took part in the validation gave an assessment of the software according to the following parameters:

  • the effect of using the software after taking into account the comments formulated during the validation process on the operator’s informational overload;
  • the ease of use after taking into account the comments formulated during the validation process; and
  • the feasibility of implementing the software after taking into account the comments formulated during the validation process.

The validation performed on the assessment of the MCR personnel confirmed that the interactive procedure:

  • meets the requirements;
  • is easy-to-use for the control room operating personnel;
  • reduces the time for processing information and making a decision;
  • speeds up the collection of reliable information about the state of the equipment and process systems;
  • allows for automatic processing of information about the state of the power unit and systems with the issuance of an opinion on the readiness for switching operations;
  • helps receive reliable information about the progress of work responsible for the implementation of stages, and comments that prevent the continuation of work; and
  • makes it possible to reduce the operator’s informational load during the process.

Based on the proven and validated solutions, it is possible to develop interactive procedures for equipment commissioning (decommissioning), routine checks, switch cards, trials, and tests.

References

  • Anokhin AN (2014) Adaptive interface for operators of complex systems. In: Proceedings of the 12th All-Russian Meeting on Control Problems VSPU-2014. Moscow, June 16–19, 6345–6256. [in Russian]
  • Anokhin AN (2015) Problems of the Organization of the Man-Machine Interface of the NPP ACS. BSUIR Reports: 104–108. [in Russian]
  • Anokhin AN, Ostreykovsky VA (2001) Ergonomics in Nuclear Power. Energoatomizdat Publ., Moscow, 344 pp. [in Russian]
  • Anokhin FN, Kalinushkin AE, Gorbayev VA, Sivokon VP (2016) Current state and trends of NPP operator support systems. Izvestiya vuzov. Yadernaya Energetika [News of Higher Educational Institutions. Nuclear Power] 2: 5–16. [in Russian] https://doi.org/10.26583/npe.2016.2.01
  • Bashlykov AA, Yeremeyev AP (1994) Expert Systems for Decision Support in the Energy Sector. MEI Publ., Moscow, 216 pp. [in Russian]
  • Gusev IN, Povarov VP, Tuchkov MYu, Kuzhil AS, Mayorova MM, Padun SP (2019) About the smart help to the operators in state-of-the-art process I&C for VVER type reactors. Yadernaya i Radiatsionnaya Bezopasnost [Nuclear and Radiation Safety] 1: 46–54. [in Russian]
  • Kulikova EA (2019) Stresses in professional activity: causes of occurrence and ways of overcoming. Nauchno-metodicheskiy Elektronnyy Zhurnal “Kontsept” [Scientific-methodical electronic journal “Concept”], no. 10 (October). http//e-koncept.ru/2019/192039.htm [accessed Nov. 12, 2020] [in Russian]
  • Mashin VA (1995) Computerized support systems for NPP operators (psychological problems). Elektricheskie Stantsii [Electric Power Stations] 7: 2–7. [in Russian]
  • Podshibyakin MA, Vasin VM, Germash MM, Strebnev NA, Martynov AV, Podshibyakin AK (2013) Issues of the Concept of Creating a Safety Parameter Display System of VVER RP. In: Proceedings of the 8th International Scientific and Technical Conference on Ensuring the Safety of NPP with VVER. Podolsk, Russia, May 28–31.
  • RB-152-18 (2018) Safety guide for the use of atomic energy. comments to the federal rules and regulations: General provisions for ensuring the safety of nuclear power plants (NP-001-15). FBU “NTTs YaRB”, Moscow, 205 pp. [in Russian]

* Russian text published: Izvestiya vuzov. Yadernaya Energetika (ISSN 0204-3327), 2021, n. 2, pp. 5–15.
login to comment