Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795

Contents lists available at ScienceDirect

Process Safety and Environmental Protection

journal homepage: www.elsevier.com/locate/psep

On the operator action analysis to reduce

operational risk in research reactors

Ramin Barati ∗ , Saeed Setayeshi

Fars Science and Research Branch, Islamic Azad University, Fars, Iran

a b s t r a c t

Human errors during operation and the resulting increase in operational risk are major concerns for nuclear reactors,
just as they are for all industries. Additionally, human reliability analysis together with probabilistic risk analysis is a
key element in reducing operational risk. The purpose of this paper is to analyze human reliability using appropriate
methods for the probabilistic representation and calculation of human error to be used alongside probabilistic risk
analysis in order to reduce the operational risk of the reactor operation. We present a technique for human error rate
prediction and standardized plant analysis risk. Human reliability methods have been utilized to quantify different
categories of human errors, which have been applied extensively to nuclear power plants. The Tehran research
reactor is selected here as a case study, and after consultation with reactor operators and engineers human errors
have been identified and adequate performance shaping factors assigned in order to calculate accurate probabilities
of human failure.
© 2014 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.

Keywords: Operational risk; Human reliability analysis; SPAR-H method; Tehran research reactor; Probabilistic risk
assessment

1. Introduction Although nuclear reactors are claimed to be very safe, there

Human actions are necessary parts of the operation and
maintenance of a nuclear power plant, in both normal and
abnormal operating situations. The Reactor Safety Study of
the US Nuclear Regulatory Commission (1975) revealed that
more than 60% of the potential accidents in the nuclear indus-
try are related to human error. Also, some references have
reported that the contribution of human error to probabilistic
risk analysis (PRA) results can be as high as 88% (see, for exam-
ple, Hirschberg, 1990). (The accidents at Three Mile Island in
1979 and at Chernobyl in 1986 have given us additional infor-
mation about the importance of human reliability; see Bello
and Colombari, 1980 and Drogaris, 1993.) So, human reliabil-
ity analysis (HRA) is a key element in trying to enhance the
safety of nuclear power plants, but it can be more useful in
operational safety if it is used alongside PRA.
have been significant failures in the nuclear industry, the
most infamous of which are Three Mile Island, Chernobyl and
Fukushima. Disasters clearly can and do happen, therefore,
and complacency must be avoided. Lessons have been learned
by risk experts from these and other major disasters such as
the NASA Challenger and Columbia events. Probabilistic risk
analysis has been used as a powerful method for surveying
and reducing the operational risk of nuclear reactors. In PRA
we usually take the pessimistic view and use more conser-
vative values in order to avoid the problems associated with
taking the optimistic view, thereby avoiding the “elephant in
the room”. An example of applying PRA to an accident in the
aviation industry is shown in Fig. 1 in a simple and realiz-
able way; this demonstrates how this method can be used in
a wide range of industries to enhance safety and reduce risk.
In addition, any meaningful PRA needs to account for human

∗
Corresponding author. Tel.: +98 912 1596746.
E-mail addresses: barati.ramin@aut.ac.ir (R. Barati), setayesh@aut.ac.ir (S. Setayeshi).
Received 20 May 2013; Received in revised form 22 October 2013; Accepted 12 February 2014
Available online 27 February 2014
http://dx.doi.org/10.1016/j.psep.2014.02.006
0957-5820/© 2014 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
790 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795

Sample

Event Tree
Top Events:
Main Reserve System needed to
IE
Chute Chute prevent injury

System succeeds

Initiating Event: Main chute works, float to ground

Jump from
Airplane Reserve chute works, float to ground

Both chutes fail, jumper casually

System fails

Fault Tree
Reserve
chute
fails

OR

Chute Not
Deployed Chute
Tangle
d

Auto
Rip Activation
Cord Device Fails
Breaks

OR

Altimeter
Malfun Battery
-ctions Is Dead

Fig. 1 – Sample event tree and fault tree.

actions (HAs) and their effects on both the probability of sig-
nificant risk events and their consequences. In fact, PRA can
show us how HAs can be used to prevent accidents, and in the
case of the occurrence of accidents it can show us how they
can be used to mitigate the consequences and reduce opera-
tional risk. Conversely, if HAs are not analyzed correctly and
are assigned based on incorrect analyses, the situation can be
made worse.
The nuclear industry has a reputation for high standards of
safety and reliability and it is often said that there are checks
upon checks. If reactors are designed properly (including using
parallel controls or system redundancy and diversity), this can
result in the efficiency of the system being higher than that of
any single component or person. But because of the nature of
the industry, in many situations operators must diagnose the
situation based on symptoms and decide what they should
do in a reasoned manner. This means that, whether or not the
safety systems and protections that are in place are strong and
redundancy and diversity are taken into account, the need for
operators to take the most appropriate actions under duress
is still necessary in nuclear industries. We are able to gather
data and process it to generate information and design instru-
mentation and control systems that work efficiently. But we
are still not able to design a controller that performs based
 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795
on its cognitive knowledge. The expertise that is accumu-
lated by a human after many years of training and experience
is knowledge that still cannot be transferred to robots and
other systems. It is only humans that can process informa-
tion to generate knowledge and reach high enough levels of
expertise to make decisions about complex systems with com-
plex behaviors, such as reactors. The actions of operator in a
nuclear reactor are very cognitive.
Research reactors are analyzed in this work because HAs
are more important in research reactors than in others, and
situations are often worse because humans play an even more
significant role in ensuring safety and reducing operational
risk at these reactors than in nuclear power plants. Many
safety functions that are performed automatically in power
plants must be performed manually in research reactors.
Human reliability analysis as part of PRA is defined as fol-
lows (Swain and Guttman, 1983). Human reliability means the
probability that a person:
(1) correctly performs an action required by the system in a
required time and
(2) does not perform any extraneous activity that can degrade
the system.
Any method by which human reliability is assessed may be
called HRA (Swain, 1987).
The analysis typically includes the following phases:
(1) identification of HAs,
(2) modeling of important actions and
(3) assessment of the probabilities of HAs occurring.
The identification and modeling of important HAs from
a PRA point of view takes place most often as part of a sys-
tem of accident sequence modeling (this is demonstrated, for
example, in International Atomic Energy Agency, 1992).
In general, there are three main approaches in HRA:
task-related discrete nodal models, task-related grouped
action models, and time reliability models. Based on these
approaches, a wide range of various HRA models or techniques
is available (see the list below), each of which has their own
characteristics:
• Technique for Human Error Rate Prediction (Swain and
Guttman, 1983);
• Cause-Based Decision Tree (Beare, 1983);
• Human Error Assessment and Reduction Technique
(Williams, 1988);
• Nuclear Action Reliability Assessment (Kirwan, 2005);
• Standardized Plant Analysis Risk–Human Reliability (SPAR-
H) (Gertman et al., 2004);
• Human Cognitive Reliability (Hannaman et al., 1984);
• Time Reliability Curve (Swain and Guttman, 1983);
• Operator Reliability Experiments/Human Cognitive Reliabil-
ity Time Reliability Curve (Spurgin et al., 1989);
• Cognitive Reliability and Error Analysis Method (Hollnagel,
1998);
• Holistic Decision Tree (Bareith, 1996);
• A Technique for Human Event Analysis (Forster, 2007).
• Cognitive Reliability and Error Analysis Method II
(Hollnagel, 1998);
• Réalisation des Missions Opérateurs pour la Sûreté (Pesme
et al., 2007);
791
Table 1 – Procedural framework to perform HRA.
No. Phase Steps
1 Familiarization Collection of information
Plant visit
Review of written
procedures
2 Qualitative Identification of potential
analysis human errors
Modeling of human errors
in PRA
3 Quantification of Different methods in HRA
human failures (SPAR-H) in this research
4 Evaluation Sensitivity and
uncertainty analysis
Recommendations
Documentation
• Success Likelihood Index Method (Embrey, 1984).
Among these methods, SPAR-H is utilized in this research
for HRA of the Tehran research reactor for the following rea-
sons:
• it is a well-documented and systematic HRA system,
• human performance choices are tabulated based on domain
experts’ opinions,
• performance-shaping factors are selected via tables,
• HA dependencies are accounted for, and
• the method is well-designed for the intended use.
Additionally, SPAR-H is one of the newest techniques devel-
oped for HRA and its base error rates are calibrated against
other HRA methods such as Technique for human error rate
prediction, and Human Error Assessment and Reduction Tech-
nique.
Section 2 describes HRA and a general framework in which
to conduct it. In Section 3, the SPAR-H method is addressed.
The methodology for performing HRA is discussed in Section
4. Section 5 gives the HRA results for the Tehran research reac-
tor. Section 6 is devoted to our conclusions.
2. Human reliability analysis
The most important performance measure of interest in PRA
when trying to reduce operational risk is human reliability. It
has long been recognized that human error has a substantial
impact on the reliability of complex systems. To obtain a pre-
cise and accurate measure of system reliability, human error
must be taken into account.
Regardless of the methods used, HRA must be performed
according to a general framework that is almost the same
across all HRAs. In other words, to perform an HRA one has
to perform a number of tasks. To put these tasks in the right
order a procedural framework has been developed. There are
four phases, each of which contains a number of steps; these
steps are summarized in Table 1.
To enable HAs to be standardized in operational risk assess-
ment, they are classified as follows.
Category A: pre-initiating-event interactions (also called
routine actions), e.g., maintenance errors, testing errors, cal-
ibration errors.
792 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795

Accident Initiating Type C Human Action Type CR Human

Event Action

Failure
Human Action Plant
Initiating event
Damage
Success
Human Safe
Action Shutdown
Failure
Success Plant
Damage
Failure
System Plant
Failure
Damage
Success
Altimeter Battery
Malfun Is Dead Safe
-ctions Shutdown

Type B Human Action

Altimeter
Malfun Battery
-ctions Is Dead

Type A Human Action

Fig. 2 – The location of human error types within the plant logic tree (Spurgin, 2010).

Category B: initiating-event-related interactions, e.g., human and dependency information for use in SPAR PRA models of US
errors causing system trip, human errors causing loss of nuclear power plants. SPAR-H has been applied to over seventy
power. US nuclear power plants. SPAR-H was originally developed as
Category C: post-initiating-event interactions (also called a screening methodology, but the method was later extended
emergency actions), e.g., actuating a manual safety system, to deal with full human error probability (HEP) quantifica-
backing up an automatic system. tion. Interested readers are referred to Gertman et al. (2004)
for a detailed explanation of each PSF along with Task Types,
Dependency Analysis, Uncertainty Analysis and Uncertainty
To put HAs into a PRA framework, some of them are
analysis in SPAR-H method.
accounted for within the plant logic tree, some are accounted
for in the event trees, and others are accounted for in the fault
3.1. SPAR-H method in quantification
trees, in the initiators and in some branches of the event trees.
Fig. 2 depicts the locations of the various HAs in a simplified
The final HEP values are arrived at by multiplying the nominal
logic tree. Category A and Category B HAs are accounted for
HEP by the weighting factors derived from tables in (Gertman
in fault tree analysis and can be similarly applied in generic
databases throughout the world (International Atomic Energy
Agency, 1997; Swain and Guttman, 1983). Basic human error Table 2 – Human actions in Tehran research reactor.
probability will then be modified with specific plant data using
No. Human actions
a Bayesian updating technique (Modarres, 2006). Almost all
software used for reliability and risk analysis contains a tool- 1 By-pass high radiation scram
box for updating data using a Bayesian approach. The SAPHIRE 2 Detection of fuel channel blockage
3 Detection of high pool level
software tool (US Nuclear Regulatory Commission, 2000) is
4 Determination of LOCA 1 procedure
used for updating in our research. 5 Determination of LOCA 2 procedure
Category C HAs need to be accounted for completely and 6 Determination of LOCA 3 procedure
in a plant-specific manner. As stated before, in this research 7 Determination of LOCA 4 procedure
the SPAR-H method is used to account for HAs. 8 Detection of containment sealing
necessity
9 Detection of excess reactivity
3. SPAR-H method insertion
10 Detection of LOCA1
The SPAR-H method (Gertman et al., 2004) was a revision to, 11 Detection of LOCA2
and a replacement for, the US Nuclear Regulatory Commis- 12 Detection of LOCA3
13 Detection of LOCA4
sion’s Accident Sequence Precursor HRA screening method.
14 Detection of low pool level
The revisions were intended to make the characterization of
15 Forced circulation necessity
human performance in SPAR more realistic and to reflect new 16 Hold up tank high level
trends in HRA methods and data. Some of the goals of SPAR-H 17 Turning on generator
include ease of use and better representation of uncertainty
 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795 793

Table 3 – Results of HRA for the Tehran research reactor.

No. Initiating event Human action(s) Alphaw/od Betaw/od Pw/oda Pwdb
1 LOPS 17 4.99E−01 1.24E+02 4.00E−03 N/Ac
15 4.98E+01 1.06E+02 4.70E−03 5.45E−02
8 4.99E−01 1.24E+02 4.00E−03 1.46E−01
2 ERI 9 4.19E−01 1.26E+00 2.50E−01 N/A
1 4.68E−01 4.21E+00 1.00E−01 1.45E−01
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
15 4.99E−01 1.24E+02 4.00E−03 5.00E−01
8 4.98E+01 9.92E+01 5.00E−03 5.00E−01
3 LFFCA1 2 4.77E−01 6.34E+00 7.00E−02 N/A
17 4.99E−01 1.24E+02 4.00E−03 5.38E−02
8 4.99E−01 1.33E+02 3.75E−03 1.46E−01
4 LFFCA2 17 4.99E−01 1.24E+02 4.00E−03 N/A
8 4.98E+01 9.92E+01 5.00E−03 5.47E−02
5 LFFCA3 3 4.99E−01 1.66E+02 3.00E−03 N/A
17 4.99E−01 1.24E+02 4.00E−03 5.38E−02
8 4.99E−01 1.27E+02 3.90E−03 1.46E−01
6 LFFCU1 14 4.99E−01 1.66E+02 3.00E−03 N/A
16 4.95E−01 3.25E+01 1.50E−02 6.42E−02
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
8 4.99E−01 1.18E+02 4.20E−03 5.02E−01
7 LFFCU2 14 4.99E−01 1.42E+02 3.50E−03 N/A
17 4.99E−01 1.24E+02 4.00E−03 5.38E−02
8 4.98E−01 1.04E+02 4.75E−03 1.46E−01
8 LOCA1 10 4.99E−01 1.66E+02 3.00E−03 N/A
16 4.97E−01 4.92E+01 1.00E−02 5.9E−02
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
4 4.84E−01 9.19E+00 5.00E−02 5.25E−01
8 4.99E−01 1.24E+02 4.00E−03 5.02E−01
9 LOCA2 11 4.99E−01 1.66E+02 3.00E−03 N/A
16 4.97E−01 4.92E+01 1.00E−02 5.9E−02
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
5 4.84E−01 9.19E+00 5.00E−02 5.25E−01
8 4.99E−01 1.33E+02 3.75E−03 5.01E−01
10 LOCA3 12 4.99E−01 1.66E+02 3.00E−03 N/A
16 4.97E−01 4.92E+01 1.00E−02 5.9E−02
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
6 4.19E−01 1.26E+00 2.50E−01 6.25E−01
8 4.99E−01 1.24E+02 4.00E−03 5.02E−01
11 LOCA4 13 4.99E−01 1.66E+02 3.00E−03 N/A
16 4.97E−01 4.92E+01 1.00E−02 5.9E−02
17 4.99E−01 1.24E+02 4.00E−03 1.46E−01
7 4.19E−01 1.26E+00 2.50E−01 6.25E−01
8 4.99E−01 1.24E+02 4.00E−03 5.02E−01

a
Without formal dependence.
b
With dependence.
c
Not applicable, first in sequence and zero dependency.

et al., 2004). This process is carried out for diagnosis and action (2) Otherwise, the action failure probability is:
items, and the overall value is given by the sum of the diag-
nosis and action contributions. However, because of concerns 1.0E−3 × time × stress or stressors × complexity × experience
about the correct modeling of the contributions, the following or training × procedures × ergonomics × fitness for
rule pertains. duty × processes.
Calculation the diagnosis failure probability For the case when the number of PSFs, for which the
weighting factors is greater than 1.0, is greater than or equal
(1) If all PSF ratings are nominal, then the diagnosis failure to 3, then the base HEP value is given by the following formula:
probability = 1.0E−2
(2) Otherwise, the diagnosis failure probability is PSFcomposite
HEP = NHEP
[NHEP · (PSFcomposite − 1) + 1]
1.0E−2 × time × stress or stressors × complexity ×
experience or training × procedures × ergonomics or where NHEP is nominal human error probability.
HMI × fitness for duty × processes.
Calculation the action failure probability 4. Methodology

(1) If all PSF ratings are nominal, then the action failure prob- Based on what is stated in SPAR-H, the quantification of each
ability = 1.0E−3 task is performed according to the following steps.
794 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795

(1) Evaluate PSFs for the diagnosis portion of the task, if any.
Table 4 – Importance of HAs.
(2) Calculate the diagnosis failure probability.
Core damage state Human action(s)
(3) Calculate the adjustment factor if negative multiple (>3)
CDS1 Detection of forced cooling necessity PSFs are present.
Turning on generator (4) Record the final diagnosis HEP.
CDS2 Detection of containment sealing (5) Evaluate PSFs for the action portion of the task, if any.
necessity
(6) Calculate the action failure probability.
CDS3 Determination of fuel channel blockage
(7) Calculate the adjustment factor if negative multiple (>3)
Detection of containment sealing
necessity PSFs are present.
CDS4 Detection of containment sealing (8) Record the final action HEP.
necessity (9) Calculate the task failure probability without formal
CDS5 Forced cooling necessity dependence (Pw = od).
Turning on generator (10) Perform dependency analysis.
CDS6 Determination of LOCA 3 Procedure
Determination of LOCA 4 Procedure
Determination of LOCA 2 Procedure 5. Human reliability analysis results for
Determination of LOCA 1 Procedure Tehran research reactor
Detection of containment sealing
necessity
CDS7
The HAs of the Tehran research reactor are assigned numbers
Determination of LOCA 3 Procedure
Determination of LOCA 4 Procedure in Tables 2 and 3 shows the identified HAs for eleven initiating
Determination of LOCA 2 Procedure events along with a dependency analysis. In addition, the con-
Determination of LOCA 1 Procedure sequences for each of the most significant HAs are shown in
Detection of containment sealing Table 4. Detailed Specifications and probabilistic safety anal-
necessity ysis of the Tehran research Reactor about Tehran Research
CDS8 Detection of containment sealing
Reactor can be found in (Barati and Setayeshi, 2013a,b,c).
necessity
It is worth mentioning that after all minimal cutsets are
generated, the dependencies are analyzed based on an anal-
Table 5 – Results of tests to justify importance analysis ysis of minimal cutsets used for calculating consequences
(in each CDS the human action is set to failure and the culminating in CDSs for all initiating events. The probabili-
resultant CDS is derived). ties of all Category C HAs are set to 1. After that, the minimal
Core Human action CDS CDS cutsets containing two or more HAs are identified. If the fre-
damage due to due to quency of the minimal cutsets is more than 1.00E−08, it will
state success failure be analyzed for dependency.
CDS 1 Detection of forced cooling 1.4E−07 1.2E−06
necessity
6. Conclusion
Turning on generator 1.9E−07
CDS2 Detection of containment 8.3E−09 7.1E−08
sealing necessity This work is an important step in our quest to reduce the
CDS3 Determination of fuel 2.1E−06 2.0E−05 operational risk of the Tehran research reactor. In consultation
channel blockage with operators, a comprehensive study of HAs was performed
Detection of containment 1.9E−05 using SPAR-H as a systematic HRA method to give a true rep-
sealing necessity resentation of human errors in operational risk for the Tehran
CDS4 Detection of containment 2.7E−08 2.2E−07
research reactor. Also, importance analysis showed us the
sealing necessity
CDS5 Forced cooling necessity 2.6E−10 2.0E−09
most significant HAs that need to be taken into account in
Turning on generator 1.9E−09 the Tehran research reactor to improve safety. Some lessons
CDS6 Determination of LOCA 3 1.7E−05 2.3E−05 that can be learned from the results of this work are as follows.
procedure Performing importance analysis and highlighting impor-
Determination of LOCA 4 2.1E−05 tant HAs is not enough. It should be noted that based on
procedure
Fussell–Vesely importance measures, each HA with a large
Determination of LOCA 2 2.0E−05
Fussell–Vesely value should be performed in a shorter time in
procedure
Determination of LOCA 1 1.85E−05 order to reduce increasingly larger risks involved in extending
procedure the time. Based on reactor logs, it was checked and clarified
Detection of containment 1.77E−05 that some accidents have happened in the past because of
sealing necessity this. This point is therefore very important in assigning the
CDS7 Determination of LOCA 3 7.3E−11 7.7E−10 required time to each HA to reduce the risk involved in per-
procedure
forming the action.
Determination of LOCA 4 7.5E−10
Integrating HRA into PRA, a 2.12E−05 core damage fre-
procedure
Determination of LOCA 2 7.2E−10 quency was achieved, which shows a low level of operational
procedure risk for the Tehran research reactor.
Determination of LOCA 1 7.0E−10 According to the conducted HRA and our results, it is clear
procedure that humans play a crucial role in keeping the Tehran research
Detection of containment 6.5E−10 reactor operational. This is obvious when we see that the total
sealing necessity
core damage frequency for the plant increases to 1.8E−01 if
CDS8 Detection of containment 4.4E−07 4.8E−06
sealing necessity
we set all HAs to failure, compared with our core damage
frequency of 2.12E−05.
 Process Safety and Environmental Protection 9 2 ( 2 0 1 4 ) 789–795 795

Also, to justify the results of our importance analysis some Paper NUREG/CR-6883. US Nuclear Regulatory Commission,
tests have been conducted as follows in Table 5. Washington, DC.
Also, considering CDS results with HAs set to failure and Hannaman, G.W., Spurgin, A.J., Lukic Y., 1984. Human cognitive
reliability model for PRA analysis. Draft EPRI Document
success it is clear that, among HAs, the determination of fuel
NUS-4531. Electric Power Research Institute, Palo Alto, CA.
channel blockage and detection of containment sealing neces- Hirschberg, S., 1990. Dependencies, human interactions and
sity in CDS3 (which are representative of a falling external uncertainties (final report). Working Paper NKS/RAS-470, ABB
object over the reactor core) and determination of LOCA 3, Atom 244.
LOCA 4, LOCA 2 and LOCA 1 procedures, and detection of Hollnagel, E., 1998. Cognitive Reliability and Error Analysis
containment sealing necessity in CDS6 are the most signifi- Method: CREAM. Elsevier.
cant HAs. We conclude that these HAs should be given special International Atomic Energy Agency, 1992. Procedures for
Conducting Probabilistic Safety Assessment of Nuclear Power
attention when devising emergency operating procedures and
Plants (Level l). International Atomic Energy Agency Safety
operator training programs for the Tehran research reactor. Series, vol. 50(4). International Atomic Energy Agency, Vienna.
International Atomic Energy Agency, 1997. Generic component
References reliability data for research reactor PSA. Working Paper
TECDOC-930. International Atomic Energy Agency, Vienna.
Kirwan, B., 2005. Nuclear Action Reliability Assessment (NARA): A
Barati, R., Setayeshi, S., 2013a. Functional reliability evaluation of
Data-Based Hra Tool. Safety and Reliability Society, UK.
an MTR – pool type research reactor core using the load –
Modarres, M., 2006. Risk Analysis in Engineering, Techniques,
capacity interference model. Ann. Nucl. Energy 58, 151–160.
Tools, and Trends. CRC Press, Boca Raton, FL.
Barati, R., Setayeshi, S., 2013b. Probabilistic Safety Assessment of
Pesme, H., LeBot, P., Meyer, P., 2007. A practical approach of the
Tehran research reactor based on a synergy between plant
MERMOS method: little stories to explain human reliability
topology and hierarchical evolutions. Prog. Nucl. Energy,
assessment. In: Speech delivered at an IEEE/HPRCT
http://dx.doi.org/10.1016/j.pnucene.2013.10.003.
Conference.
Barati, R., Setayeshi, S., 2013c. A model for nuclear research
Spurgin, A.J., 2010. Human Reliability Assessment Theory and
reactor dynamics. Nucl. Eng. Des. 262, 251–263.
Practice. CRC Press, Boca Raton, FL.
Bareith, A., 1996. Simulator aided developments for human
Spurgin, A.J., Moieni, P., Parry, G.W., 1989. A human reliability
reliability analysis in the probabilistic safety assessment of
analysis approach using measurements for individual plant
the Paks nuclear power plant. VEIKI Report 20.11-217/1,
examination. Working Paper EPRI NP-6560-L. Electric Power
Budapest, Hungary.
Research Institute, Palo Alto, CA.
Beare, A.N., 1983. A simulator-based study of human errors in
Swain, A.D., 1987. Human reliability analysis: need, status, trend,
nuclear power plant control room tasks. Working Paper
and limitations. Reliab. Eng. Syst. Saf. 29 (3), 301–313.
NUREG/CR-3309. US Nuclear Regulatory Commission,
Swain, A.D., Guttman, H.E., 1983. Handbook of human reliability
Washington, DC.
analysis with emphasis on nuclear power applications.
Bello, G.C., Colombari, V., 1980. The human factors in risk
Working Paper NUREG/CR-1278. US Nuclear Regulatory
analyses of process plants: the control room operator model
Commission, Washington, DC.
“TESEO”. Reliab. Eng. 1 (1), 3–14.
US Nuclear Regulatory Commission, 1975. Reactor safety study:
Drogaris, G., 1993. Human errors of commission revisited: an
an assessment of accidents in US commercial nuclear power
evaluation of the ATHEANA approach. Reliab. Eng. Syst. Saf.
plants. Working Paper WASH-1400. US Regulatory
60, 71–82.
Commission, Washington, DC.
Embrey, D.E., 1984. SLIM-MAUD: an approach to assessing human
US Nuclear Regulatory Commission, 2000. Validation and
error probabilities using structured expert judgment. Working
verification for Sapphire: versions 6.0 and 7.0. Working Paper
Paper NUREG/CR-3518. US Nuclear Regulatory Commission,
NUREG/CR-6618. Idaho National Laboratory, Idaho Falls, ID.
Washington, DC.
Williams, J.C., 1988. A data-based method for assessing and
Forster, J., 2007. ATHEANA user’s guide (final report). Working
reducing human error to improve operational performance.
Paper NUREG-1880. US Nuclear Regulatory Commission,
In: 4th IEEE Conference on Human Factors in Power Plants,
Washington, DC.
Washington, DC, pp. 436–450.
Gertman, D., Blackman, H., Marble, J., Byers, J., Smith, C., 2004.
The SPAR-H human reliability analysis method. Working