PSAM 16 - Session T24 Overview

PSAM 16 Conference Session T24 Overview

Session Chair: Sai Zhang (sai.zhang@inl.gov)

Paper 1 JO179

Lead Author: Johan Sorman Co-author(s): Yi Zou, Yi.Zou@lr.org

Experience from using a tool for analysing the significance of events at nuclear power installations following the NRC Significance Determination Process
The NRC's significance determination process: “The ‘Significance Determination Process’ (SDP) is an organized, planned process to evaluate the risk or safety significance of conditions, events or findings at nuclear power reactors.” The process is described in detail in the publicly available document, NRC Inspection Manual, Manual Chapter 0609. This process is not only used by the NRC, but indeed used by nuclear operators to determine the significance of events as well as providing an engineering understanding of their risk and safety significance. This paper outlines the findings developing and implementing a tool that supports the SDP. The tool provides assistance for all the steps in the SDP process. Events that are found to be of low significance are screened out but stored in the database for documentation purposes. Events that are determined to be of significance are further analysed following the SDP. All details of the events are documented in the tool and based on this information, the impact on risk is quantified using the full PSA model. The results are categorized according to the significance color coding system as outlined in the NRC Inspection Manual: Green: Very low safety significance [Delta]CDF < 1E-6 White: Low to moderate safety significance 1E-6 < [Delta]CDF < 1E-5 Yellow: Substantial safety significance 1E-5 < [Delta]CDF < 1E-4 Red: High safety significance 1E-4 < [Delta]CDF The tool has recently been implemented at a number of nuclear power stations and also licensed for use for the regulator in one of the largest nuclear countries in the world. Experiences from its use and implementation at the nuclear stations and by the regulator will be discussed in the paper.

Experience from using a tool for analysing the significance of events at nuclear power installations following the NRC Significance Determination Process

The NRC's significance determination process: “The ‘Significance Determination Process’ (SDP) is an organized, planned process to evaluate the risk or safety significance of conditions, events or findings at nuclear power reactors.” The process is described in detail in the publicly available document, NRC Inspection Manual, Manual Chapter 0609. This process is not only used by the NRC, but indeed used by nuclear operators to determine the significance of events as well as providing an engineering understanding of their risk and safety significance. This paper outlines the findings developing and implementing a tool that supports the SDP. The tool provides assistance for all the steps in the SDP process. Events that are found to be of low significance are screened out but stored in the database for documentation purposes. Events that are determined to be of significance are further analysed following the SDP. All details of the events are documented in the tool and based on this information, the impact on risk is quantified using the full PSA model. The results are categorized according to the significance color coding system as outlined in the NRC Inspection Manual: Green: Very low safety significance [Delta]CDF < 1E-6 White: Low to moderate safety significance 1E-6 < [Delta]CDF < 1E-5 Yellow: Substantial safety significance 1E-5 < [Delta]CDF < 1E-4 Red: High safety significance 1E-4 < [Delta]CDF The tool has recently been implemented at a number of nuclear power stations and also licensed for use for the regulator in one of the largest nuclear countries in the world. Experiences from its use and implementation at the nuclear stations and by the regulator will be discussed in the paper.

Paper JO179 | Download the paper file. | Download the presentation PowerPoint file.

Name: Johan Sorman (johan.sorman@lr.org)

Bio: Johan Sorman holds a master degree from the Royal Institute of Technology in Stockholm, Sweden. Between 1993 and 1999 he worked as a PSA engineer for the nuclear industry in Sweden. Since 2000 he has been responsible for global sales, marketing and training for RiskSpectrum software.

Country: SWE
Company: LR RiskSpectrum AB
Job Title: Sales Manager

Paper 2 RI64

Lead Author: Richard Kim Co-author(s): Tina Diao, tina.diao@aerospacetechnical.com Madison Coots, madison.coots@aerospacetechnical.com

Perspectives on Managing Risks in Energy Systems
Modern enterprise risk management (ERM) for complex engineered systems is ultimately concerned with making high-quality resource allocation decisions at the organizational level with the goal of minimizing the risk of these systems. Effective ERM is challenging in several ways: 1) it necessitates the continuous assessment of a comprehensive set of risks; 2) it requires an intelligent measure of value and objectives; and 3) it requires a normative decision framework that is grounded in quantitative measures, rather than heuristics. In this paper, we propose a principled approach for ERM to address these pressing challenges in complex systems across numerous industries. We begin by outlining and explaining the methods comprising the Risk Management Toolkit: a set of rigorously tested quantitative methods with a proven track record for bolstering the efficacy of modern ERM programs. We then outline a set of organizational characteristics that we believe play instrumental roles in ensuring effective ERM across an organization. Finally, we use an illustrative example system from the energy sector to perform an economic analysis of the organizational value of an effective ERM team. Ultimately, our analysis underscores the significant value and importance of employing thoughtful and rigorous methods of risk management, and our results generalize naturally to other industries with similarly consequential systems.

Perspectives on Managing Risks in Energy Systems

Modern enterprise risk management (ERM) for complex engineered systems is ultimately concerned with making high-quality resource allocation decisions at the organizational level with the goal of minimizing the risk of these systems. Effective ERM is challenging in several ways: 1) it necessitates the continuous assessment of a comprehensive set of risks; 2) it requires an intelligent measure of value and objectives; and 3) it requires a normative decision framework that is grounded in quantitative measures, rather than heuristics. In this paper, we propose a principled approach for ERM to address these pressing challenges in complex systems across numerous industries. We begin by outlining and explaining the methods comprising the Risk Management Toolkit: a set of rigorously tested quantitative methods with a proven track record for bolstering the efficacy of modern ERM programs. We then outline a set of organizational characteristics that we believe play instrumental roles in ensuring effective ERM across an organization. Finally, we use an illustrative example system from the energy sector to perform an economic analysis of the organizational value of an effective ERM team. Ultimately, our analysis underscores the significant value and importance of employing thoughtful and rigorous methods of risk management, and our results generalize naturally to other industries with similarly consequential systems.

Paper RI64 | Download the paper file. |

A PSAM Profile is not yet available for this author.

Paper 3 TH14

Lead Author: Thor Myklebust Co-author(s): Tor Stålhane stalhane@sintef.no

Purchasers and integrators of safety components and products, which information should we ask for?
Several manufacturers of safety products and safety systems have to purchase and integrate components and products produced elsewhere and sometimes for another environment or use. Examples of components and products that manufacturers integrate are microchips, libraries, openSafety protocols, COTS (Commercial Off The Shelf) software, sensors, and valves. One could divide this integration into three categories: components and products having a (1) SIL (Safety Integrity Level) compatibility certificate, (2) integrator and supplier have DIA (Development Interface Agreement) or similar, and (3) COTS or similar. This paper focuses on suppliers that deliver components or products, including a SIL compatibility certificate and six other relevant documents (safety manual, safety case including safety-related application conditions (SRAC) and hazard log, safety assessment report, certificate report, and user manual). We start with an explanation of the relevant documents and which safety standards include requirements for such documents. This paper aims to aid purchasers and integrators with the purchasing process. Speed to market is the key to success. Having the knowledge and experience related to these documents implies less work for the manufacturer and earlier approval by assessors and certification bodies. Our experience and discussions with several companies have shown us that not having experience using these documents has resulted in inferior contracts, delays, design challenges, and not having the relevant information available at the right time. Using the described approach will save time and cost and reduce the risk of not having relevant information available for the engineers, thus ending up with a product with hidden information. An example is, e.g., an SRAC solved by the manufacturer by describing a solution in the user manual instead of having a sufficiently good design. Due to the SRAC, the design is acceptable from a safety point of view. The design is acceptable for the ISA (Independent Safety Assessor) and/or CB (Certification Body) but may not be acceptable for the purchaser.

Purchasers and integrators of safety components and products, which information should we ask for?

Several manufacturers of safety products and safety systems have to purchase and integrate components and products produced elsewhere and sometimes for another environment or use. Examples of components and products that manufacturers integrate are microchips, libraries, openSafety protocols, COTS (Commercial Off The Shelf) software, sensors, and valves. One could divide this integration into three categories: components and products having a (1) SIL (Safety Integrity Level) compatibility certificate, (2) integrator and supplier have DIA (Development Interface Agreement) or similar, and (3) COTS or similar. This paper focuses on suppliers that deliver components or products, including a SIL compatibility certificate and six other relevant documents (safety manual, safety case including safety-related application conditions (SRAC) and hazard log, safety assessment report, certificate report, and user manual). We start with an explanation of the relevant documents and which safety standards include requirements for such documents. This paper aims to aid purchasers and integrators with the purchasing process. Speed to market is the key to success. Having the knowledge and experience related to these documents implies less work for the manufacturer and earlier approval by assessors and certification bodies. Our experience and discussions with several companies have shown us that not having experience using these documents has resulted in inferior contracts, delays, design challenges, and not having the relevant information available at the right time. Using the described approach will save time and cost and reduce the risk of not having relevant information available for the engineers, thus ending up with a product with hidden information. An example is, e.g., an SRAC solved by the manufacturer by describing a solution in the user manual instead of having a sufficiently good design. Due to the SRAC, the design is acceptable from a safety point of view. The design is acceptable for the ISA (Independent Safety Assessor) and/or CB (Certification Body) but may not be acceptable for the purchaser.

Paper TH14 | Download the paper file. | Download the presentation PowerPoint file.

Name: Thor Myklebust (thor.myklebust@sintef.no)

Bio: Senior researcher, System Safety and development of safety-critical software His experience is in assessment and certification of products and systems since 1987. Has worked for the National Metrology Service, Aker Maritime, Nemko and SINTEF. Myklebust has participated in several international committees since 1988. Member of safety (NEK/IEC 65), the IEC 61508 maintenance committee, stakeholder UL 4600 autonomous products and railway (NEK/CENELEC/TC 9). He is co-author of three books (The Agile Safety Case, SafeScrum and Functional safety and proof of compliance) and published more than 250 papers and reports.

Country: NOR
Company: SINTEF Digital
Job Title: Senior researcher