Linking humans and systems in nuclear power1 February 2013
Traditional engineering methods do not make provision for the integration of human considerations, while traditional human factors methods do not scale well to the complexity of large-scale nuclear power plant projects. Although the need for up-to-date human factors engineering processes and tools is recognised widely in industry, so far no formal guidance has been developed. This article proposes such a framework. By Jacques Hugo
For new and upgraded power plants to operate safely and effectively, they must be designed to support the abilities and limitations of systems as well as the people who operate them. While it is increasingly recognized in most industries that the human must be considered a central part of system development, it is not as readily recognized that human factors issues vary widely according to the type of system being developed, and across different parts of the system. For example, the issues involved in developing a highly manual process plant are different than those that require the operator to interface with a plant's automation system. Experience has shown that it is ineffective, risky and expensive to address this part of the design as an afterthought -- a common example of bad practice. The risks associated with poor human factors can best be avoided by starting to consider humans as early as possible in the design process, and continuing them throughout. A good management process is needed to address human factors comprehensively and consistently. In most cases, concerted action is needed between different disciplines in the development team and also between teams.
Ever since the Three Mile Island incident (TMI-2) in 1979, , there has been general agreement in the nuclear industry that human factors principles and requirements should be incorporated in the engineering process. Many reports on the causes of this incident, which included the role of humans, were produced and this led to rigorous requirements for human factors and defence-in-depth to ensure plant safety [2-3]. This was further reinforced by the Chernobyl, and more recently the Fukushima Daiichi accidents, both of which were, at least in part, attributed to human error [4-6]. The industry has recognized that a systematic, integrated process was needed to identify and track performance and safety issues to ensure a balanced development of both technical and human aspects of systems, throughout the lifecycle of the system. This approach was pragmatic and quickly yielded useful insights, as seen in regulatory guidance documents like US Nuclear Regulatory Commission (NRC) NUREG-0800 (Standard Review Plan) , NUREG-0711  and NUREG-0700 (Human-System Design Review Guidelines) . These guidelines emphasize the crucial role played by humans in supporting plant safety and providing defence-in-depth.
Unfortunately, in spite of all the research to date, in practice many nuclear engineering organizations still find it very difficult to achieve ideal human integration and as a result human-machine interface issues are often not addressed until late in the development cycle. After the configuration of a particular system has been set, it is usually too expensive to make changes, and this typically results in organisations trying to fix unusable or inefficient designs with even more expensive training. Even in the more enlightened organisations there is still to be a lot of fragmentation and lack of consistency in the application of human factors knowledge. This is probably not surprising, because engineering organisations are already experiencing challenges due to materials and construction techniques that have changed dramatically since the commissioning of Watts Bar in 1996, the last nuclear power plant to come online in the USA.
To add to this challenge, in a 2008 report the Department of Energy (DOE) found that "...the process of completely identifying standards to be used in US nuclear new-build had to await the start of construction. To avoid construction delays, the timely resolution of standards issues will be critical.". This suggests that issues of integration and consolidation have now become pressing and require a more systematic approach.
Human factors in systems design
The development of any socio-technical system requires an integrated approach based on the requirements of both human and system components. Systems engineering (SE) is the discipline needed to deliver coherent, cost-effective systems, of whatever nature, but human factors engineering (HFE) adds an important dimension by helping to integrate the whole (human + equipment) system.
The integration of human factors into the systems engineering process (SEP) is a comprehensive process that considers the role of humans in the operation and maintenance of the plant at every stage of the system lifecycle. This process can be defined as an interdisciplinary technical and management process for integrating human considerations within and across all system elements throughout the project and systems lifecycle. The 'human' in this process includes all personnel (users, operators, maintainers, support personnel, trainers, etc.) who interact with the system in any capacity.
With a few exceptions, the generic forms of HFE activities are similar to those associated with systems engineering (analysis, design, development, and implementation). Most HFE analysis and design methods are based on the construction and exploration of models that address specialized engineering areas, such as reliability, operability, workload, usability and safety.
However, not every kind of analysis and associated model will be applicable to every application domain. HFE includes human-centric models and methods (for example, cognitive task analysis) that have no SE equivalent. The inclusion of humans in the engineering process in this way allows the engineer to compensate for human cognitive and physical limitations for specific tasks by reducing demands imposed on the human. Human qualities incorporated as attributes of the system can thus be exploited for design trade-offs, with the interaction between human, hardware and software elements contributing in a holistic manner to enhance system performance. The aim is to maximize the overall system capabilities in performing plant operations.
Both regulators and engineers know that such solutions are only established through consistent, long-term support for the application of human factors principles in analysis, design and development of systems. As we know from past operating experience, the nuclear energy industry not only needs a systems approach to human factors engineering, it also needs to institutionalize the application of human factors principles within the organization.
There have been some long-term improvements in nuclear power plant (NPP) safety, especially in systems that require human involvement, or that may impact the life and work of humans in any way. Although fragmented, uncoordinated and inconsistent, these early efforts, especially from TMI-2 reports, led to important insights into the role of humans in plant safety. Some examples of these are the human factors improvements in control rooms described in the EPRI report "Final Report on Leading Indicators of Human Performance" .
In spite of a growing awareness of the role of human factors in design, many organisations still regard it as expensive and even 'nice to have.' This implies that there may be some ignorance of the real reasons why human factors is so important. In the nuclear industry in most countries, these reasons include the legal requirements (for example, US Occupational Safety and Health Administration and building codes, regulatory requirements such as NUREG-0800, -0711 and many more), client requirements, and general industry best practice for safety in design as shown in many international standards (ISO, IEEE, IEC, etc.). However, there are also many practical reasons, for example, the accurate representation of human needs and requirements can potentially reduce lifecycle cost, increase system safety and effectiveness, and reduce risks.
The integration of human factors with the overall systems engineering process is regarded by the International Council on Systems Engineering (INCOSE) as essential in all complex and mission-critical projects, especially those where safety is a key concern. They have found that the human element in systems accounts for 40-65% of operating and support costs, and that the human element contributes up to 70% of variability of operating costs. This is exactly the area where the nuclear industry currently needs to save cost.
The systems approach to human factors integration aims to ensure first of all that the human performance information necessary for engineering design and development processes is acquired or developed even before the project starts. Secondly, it will ensure human factors evaluation of systems and operations throughout the project lifecycle to identify problems and help engineers to define cost-effective solutions to achieve human and system performance enhancements. A lot of project case studies have proven that it is cheaper and more cost-effective to integrate human requirements early in the project rather than later.
Table 1 illustrates the progression of human factors maturity in an organisation: from lack of awareness (where most examples of bad practice are found), to high human factors competence and integration that characterises institutionalised best practice.
In this ranking of organisational human factors maturity, it quickly becomes apparent that the range of HFE activities demands more and more resources to support human-systems integration. This is where integration, effective sharing and reuse of information from other areas and disciplines in the project can significantly add to what HFE can achieve from its own resources.
Above all, engineers should realize that human-related and technical components of NPP systems are interdependent, but they will often be faced with difficult design compromises. An integrated HFE process would provide the methods, criteria and procedures to make critical trade-offs, for example:
- Automation must enable operators to cope with the volume of work, but it might be more cost-effective to increase the number of operators.
- Maintainer tasks are determined by the technical system. However, systems must be designed so that maintenance is within human capabilities.
- Equipment should be designed to be operable, given the skills of the target users. However, user skills can be enhanced through training.
- Inherent hazards can be designed out of systems, but without proper allocation of functions, additional hazards may be introduced by developer, operator or maintainer error.
Goals of human factors engineering
While many systems engineers intuitively understand that the human operator and maintainer are part of the system under development, they often lack the expertise or information needed to link human capabilities with the capabilities of the hardware and software. Here again a well-documented integrated HFE process will assist systems engineers by bringing the various human-centred domains into the SEP and serving as the focal point to ensure that human considerations are integrated into system design, development, manufacturing, operation, maintenance, and disposal.
A robust, human-centred system design satisfies three key requirements:
- Systems are designed to be compatible with human capabilities and they enable the tasks demanded of people to be performed reliably under normal, contingency, and emergency conditions. This attribute is supported by the use of human-centred design analyses, HFE guidelines and standards, and thorough test and evaluation.
- The system is designed so that unique human capabilities can be brought to bear on non-routine, unanticipated problems. This is a key attribute that ensures system resilience. The intelligent adaptation of humans to novel situations can significantly contribute to operational success in situations that were not anticipated when the system was designed and evaluated. A robust system helps to exploit this human capability.
- The system is designed to, at best, tolerate and prevent human error, or at worst, to make it easy to recover from human error.
It seems obvious that to achieve these desirable product attributes, HFE should be fully integrated into the overall engineering process from the outset, as described above. This is the basic premise of NUREG-0711 and other human factors integration guidance like IEEE 1023 , which aim to ensure timely and complete interaction with other engineering activities. Experience has shown that when HFE activities are performed independently from other engineering activities, their impact and effectiveness is greatly decreased due to the lack of communication and coordination between the different disciplines. Including HFE at the beginning of a project helps ensure that user needs can be addressed early in the design process before changes become too costly. Often when problems are identified late in a design project, corrections reflect cosmetic fixes rather than optimal solutions.
An integrated HFE process would support the goals of the nuclear design organization as well as the client organization by maximizing the ability of humans to perform at required levels by eliminating design-induced error.
HFE also supports the goal of developing equipment and tools that will permit effective human-system interaction within the allowable, established limits of training time, worker aptitudes and skill, physical endurance, physiological tolerance, and ergonomic standards. HFE provides this support by determining the worker's role in the socio-technical system and by defining and developing human-system interface characteristics, workplace layout, and work environment.
A human factors engineering process (HFEP) that is integrated with the SEP would achieve five important goals:
- a) Synchronized cycle time:
- This is a measure of the lead times and the extent of delays and bottlenecks in the conduct of HFE activities and how they are synchronized with the design organization's SEP.
- b) Flexibility:
- This measures how the process enables practitioners to perform engineering work on different kinds of projects, either serially or simultaneously.
- c) Punctuality:
- This measures how process deliverables are consistently provided on committed dates.
- d) Cost-effectiveness:
- This is a measure of the cost of performing the HFE process on a project. However, while cost is important, it is not of overriding importance during the formative years of the design organization and definitely not at the expense of safety concerns.
- e) Quality:
- This is the degree to which the deliverables of the HFE process meet requirements as described in the industry standards adopted by the design organization and those required by regulatory bodies. In general terms, process quality should be measured in terms of the accuracy, completeness, consistency, clarity, comprehensibility, usefulness and timeliness of HFE deliverables.
From a regulatory point of view, HFE results must exhibit four characteristics: credibility, auditability, reliability and validity.
Credibility means that defensible design decisions require an experienced HFE practitioner to use accepted human factors techniques that have demonstrated reliability and validity. Reliability requires reasonable consistency of results across time and among analysts. Validity requires results consistent with actual human performance. The large number and complex context-specific interactions of variables influencing human performance and the scarcity of human error data (especially for new designs) can result in significant uncertainty if not dealt with systematically and completely by the HFEP. This requires auditability, which means that HFE analyses must be well-documented and traceable for the results to be practical and defensible. All steps, assumptions, information, and methods relevant to the analysis must be presented in traceable detail, to allow a reviewer to understand the origin, understand the specific context, and assess the meaning of the results. Appropriate and well-documented analyses define much of the basic information acquired and used to perform the HFE analyses. Auditability of the HFE analyses is essential to support further assessments of factors contributing to risk and to allow comparison with other HFE analyses.
The need for formal standards and guidelines
The primary intent of well-known regulatory guidance like NUREG-0711 is to help NRC reviewers determine to what extent license applicants for new or modified NPP designs have integrated human factors principles into the engineering design of the power plant. NUREG-0711 has become almost the de facto 'standard' in nuclear power organisations, in the US as well as abroad, for conducting the human factors engineering process. However, this guideline is neither a standard, nor was it intended to be a guideline for designers. Nevertheless, by virtue of many years of refinement and application in practice, it has become an indispensable resource for the NRC reviewer and human factors engineer alike. However, as a process guideline it is incomplete and needs to be supplemented by more specific process and methodological guidance and standards. The guidance needed applies not only to the HFE process overall, but to the critical human-centred systems such as control rooms, emergency shutdown facilities, and local control stations in the plant.
It is suggested that the answer to the lack of formal process guidance lies in merging NUREG-0711 with the key principles from closely-related resources, all of which are valuable sources of integration information:
- IEEE 1023-2004 (Recommended Practice for the Application of Human Factors Engineering to Systems, Equipment, and Facilities of Nuclear Power Generating Stations and Other Nuclear Facilities) .
- IEEE 1220-2005 (Standard for Application and Management of the Systems Engineering Process) .
- INCOSE Systems Engineering Handbook .
The combination of the three guidelines incorporates human factors guidance, standards and methods with system development and operational processes. This forms the basis of a generic methodology that employs sound systems engineering practices in the management of the engineering organization's HFE process. It draws from the best information available from regulatory requirements and industry best practices for systems engineering applications.
However, the merging of NUREG-0711, IEEE 1023, IEEE 1220 and INCOSE still does not produce a complete process. There are several international standards that address very specific aspects of system design and they play an important role during specific project phases.
Figure 1 indicates the key points in the system lifecycle where human factors elements are integrated with the systems engineering process. The diagram corresponds to the SEP described in IEEE 1220 as well as the review elements described in NUREG-0711.
The six project phases shown in Figure 1 can be reduced to just four generic HFEP phases: requirements analysis, human factors analysis, HFE design specification, and HFE verification and validation. A simplified high-level process map (Figure 2, above) illustrates the generic HFE process with the key inputs and outputs at each main phase and the most important feedback loops for verification and validation.
The development of an integrated HFE process will ensure that HFE requirements are respected as much as any other engineering discipline and must be given equal consideration in all engineering design decisions. Thanks largely to rigorous regulatory requirements for the nuclear industry, the discipline of HFE does not have to justify its presence in an engineering project (economically or technically), any more or any less than any of the other engineering specialties. Engineering managers should provide the same oversight of, and attention to, the human elements in NPP upgrade, modification and new-build projects, and with the same enthusiasm and scrutiny, as is applied to the other engineering disciplines. To date all engineering disciplines have produced extensive definitions of their activities and processes and the principles that lead to success, setback or shortcomings. HFE should be expected to do exactly the same for all aspects of its involvement in NPP projects.
Recognizing this challenge is the first step toward development of a formal HFE process that would be generally applicable to all nuclear engineering projects, while also making provision for project-specific requirements. Producing a comprehensive IHFEP guide might lead to something similar to the INCOSE Systems Engineering Handbook. This is not a trivial undertaking and would require the involvement of international nuclear utilities, engineering companies, regulators, researchers and standards organisations. The product of such an effort would need to be evaluated in real-life projects. Current and forthcoming projects under the US Department of Energy's LWR and SMR programmes might offer an ideal opportunity to pursue this goal, as might other US and international projects.
Jacques Hugo, Idaho National Laboratory. Based on a paper presented at the American Nuclear Society's 8th International Topical Meeting on Nuclear Plant Instrumentation Control and Human Machine Interface Technologies (NPIC & HMIT 2012) in July 2012, San Diego, California.
 Backgrounder on the Three Mile Island Accident. http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/3mile-isle.html. Nuclear Regulatory Commission, Office of Public Affairs, 2009.
 NUREG-0585 (1979) TMI-2 Lessons Learned Task Force Final Report. Nuclear Regulatory Commission, Office of Nuclear Regulatory Research, Washington, DC.
 NUREG-0737 (1980) Clarification of TMI Action Plan Requirements. Nuclear Regulatory Commission, Office of Nuclear Regulatory Research, Washington, DC.
 Meshkati, N. (1991) Human Factors in Large-Scale Technological Systemsâ€™ Accidents: Three Mile Island, Bhopal, Chernobyl. In Industrial Crisis Quarterly, Vol. 5, 131-154.
 Schaps, K. (2011) Fukushima human factor under the microscope. Retrieved from http://www.reuters.com/assets/print?aid=USTRE74H4YX20110518, Thomson Reuters, November 2012.
 Harris, R. (2011). What Went Wrong In Fukushima: The Human Factor. NPR. Retrieved from http://www.npr.org/2011/07/05/137611026/what-went-wrong-in-fukushima-the-human-factor, NPR, November 2012.
 NUREG-0800, (2011), Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition. Nuclear Regulatory Commission, Office of Nuclear Reactor Regulation, Washington, DC.
 NUREG-0711 Rev 3, (2012), Human Factors Engineering Program Review Model, Nuclear Regulatory Commission, Office of Nuclear Regulatory Research, Washington, DC.
 NUREG-0700 Rev 2, (2002), Human-System Design Review Guidelines, Nuclear Regulatory Commission, Office of Nuclear Regulatory Research, Washington, DC.
 August, J. and Hunter, J., (2010), "The looming gap in new-build standards", Nuclear Engineering International Newsletter, March 9, 2010. (Citing the DOE report NESCC 09-04, Construction Codes and Standards: Avoidance of New Nuclear Power Plant Construction Delays, Office of Nuclear Energy, September 2008).
 Ziebell, D. and Singh , B.P (2001). Final report on Leading Indicators of Human Performance. Electric Power Research Institute, EPRI 1003033.
 IEEE 1023-2004, Recommended Practice for the Application of Human Factors Engineering to Systems, Equipment, and Facilities of Nuclear. Power Generating Stations and Other Nuclear Facilities. The Institute of Electrical and Electronics Engineers, Inc., New York, NY.
 IEEE 1220-2005. IEEE Standard for Application and Management of the Systems Engineering Process. The Institute of Electrical and Electronics Engineers, Inc., New York, NY.
 INCOSE Systems Engineering Handbook V. 3.1 (2010), International Council on Systems Engineering, San Diego, CA.
Other related works:
DOE G 413.3-1 (2008), Managing Design and Construction Using Systems Engineering, U.S. Department of Energy, Washington, DC.
EPRI Human Factors Guidance for Control Room and Digital Human-System Interface Design and Modification - Guidelines for Planning, Specification, Design, Licensing, Implementation, Training, Operation, and Maintenance. Electric Power Research Institute, EPRI 1008122, November 2004.
ISO 13407-1999: Human-centred design processes for interactive systems, International Organization for Standardization. (Revised by ISO 9241 Part 210: Human-centred design for interactive systems).
ISO 9241 (multi-part), Ergonomics of human-system interaction. International Organization for Standardization.
ISO/IEC 15288:2008 "Systems and Software Engineering" System lifecycle processes.
NUREG/CR-6393, (1996), Integrated System Validation Methodology and Review Criteria, Nuclear Regulatory Commission, Office of Nuclear Reactor Regulation, Washington, DC.
Ryan, T.G. (1995). INEL-94/0149. The Integration of Human Factors (HF) in the SAR Process. Training Course Text. Idaho National Engineering Laboratory, Idaho Falls, ID.
The DOE Light Water Reactor Sustainability Program, retrieved from http://www.ne.doe.gov/LWRSP/overview.html, June 2011.