KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.

Human Factors Verification and

Validation Implementation Plan

Technical Report

Non-Proprietary

September 2013

Copyright ⓒ 2013

Korea Electric Power Corporation &

Korea Hydro & Nuclear Power Co., LTD.
All Rights Reserved

KEPCO & KHNP

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Revision History

Page
Revision Description
(Section)

0 All Issue for Standard

This document was prepared for the design certification application to

the U.S. Nuclear Regulatory Commission and contains technological
information that constitutes intellectual property.

Copying, using, or distributing the information in this document in

whole or in part is permitted only by the U.S. Nuclear Regulatory
Commission and its contractors for the purpose of reviewing design
certification application materials. Other uses are strictly prohibited
without the written permission of Korea Electric Power Corporation
and Korea Hydro & Nuclear Power Co., Ltd.

KEPCO & KHNP i

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

ABSTRACT

The purpose of human factors (HF) verification and validation (V&V) is to perform a comprehensive
evaluation and to determine that an integrated system design conforms to human factors engineering
(HFE) design principles, thus allowing operating personnel to achieve their intended goals by successfully
and safely carrying out their required tasks.
This implementation plan will achieve the plant safety and power production goals to ensure the public
health and safety by preventing or mitigating the consequences of postulated accidents and the safe
production of electric power.

Information provided in this report describes five evaluation methods, as specified in NUREG-0711,
“Human Factors Engineering Program Review Model:”

1. Sampling of operational conditions

2. Human system interface (HSI) inventory and characterization
3. Task support verification
4. HFE design verification
5. Integrated system validation

This report also provides the iterative resolution process of the human engineering discrepancies.
Additionally, this document provides a basis for the information contained Chapter 18 of the APR1400
design control document.

KEPCO & KHNP ii

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TABLE OF CONTENTS

1.0 OVERVIEW 1
1.1 Purpose 1
1.2 Scope 2
1.3 Definitions and Acronyms 3

2.0 REFERENCES 7

3.0 SAMPLING OF OPERATIONAL CONDITIONS 9

3.1 Sampling Dimensions 9
3.2 Identification of Scenarios 13
3.3 Scenario Definition 15
3.3.1 Scenario Components 15
3.3.2 Scenario Development 16

4.0 DESIGN VERIFICATION 19

4.1 HSI Inventory and Characterization 19
4.1.1 Scope 19
4.1.2 HSI Characterization 19
4.1.3 Inventory Verification 20
4.2 Task Support Verification 21
4.2.1 Verification Criteria 22
4.2.2 General Methodology 22
4.2.3 HED Identification 24
4.2.4 HED Documentation 24
4.3 HFE Design Verification 24
4.3.1 Verification Criteria 24
4.3.2 HED Identification 30
4.3.3 HED Documentation 30

5.0 INTEGRATED SYSTEM VALIDATION 31

5.1 Validation Team 31
5.2 Test Objectives 33
5.3 Validation Testbeds 34
5.4 Plant Personnel 35
5.5 Performance Measurement 36
5.5.1 Types of Performance Measures 38
5.5.2 Performance Measure Information and Validation Criteria 44

KEPCO & KHNP iii

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.6 Test Design 50

5.6.1 Scenario Sequencing 50
5.6.2 Test Procedures 52
5.6.3 Test Personnel Training 56
5.6.4 Participant Training 57
5.6.5 Pilot Testing 57
5.7 Data Analysis and HED Identification 58
5.7.1 Individual Performance Measures 58
5.7.2 Individual Scenarios and Assumptions of IHAs 63
5.8 Validation Conclusions 65

6.0 HUMAN ENGINEERING DISCREPANCY RESOLUTION CRITERIA 67

6.1 Human Engineering Discrepancy Analysis 67
6.2 Selection of HEDs to Correct 68
6.3 Development of Design Solutions 68
6.4 Design Solution Evaluation 68
6.5 HED Evaluation Documentation 69

APPEDDIX A: BARS QUESTIONNAIRE 70

APPEDDIX B: NASA-TLX QUESTIONNAIRE 75

KEPCO & KHNP iv

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

LIST OF TABLES

Table 1. Example of an ISV Scenario 16

Table 2. Operator Experience Record 36
Table 3. Basis for Performance Criteria 44
Table 4. Summary of Performance Measures 49
Table 5. Example: ISV Scenario Sequences 52
Table 6. Example of BARS T-test 59
Table 7. Example of Expert Correlation Analysis 59
Table 8. Example of T-test Result Form for the Secondary Task 60
Table 9. Example of T-test Result Form for the Situation Awareness 61
Table 10. Example of T-test Result Form for the Workload 62
Table 11. Example: T-test for Anthropometric and Physiological Factors 62
Table 12. Example: Acceptance Criteria for an Individual Scenario including IHA 63
Table 13. Example of an Acceptance Criteria for ISV 65

LIST OF FIGURES

Figure 1. HSI Inventory and Characterization of Task Support Verification Process 22

Figure 2. HFE Design Verifiation Process 29
Figure 3. Integrated System Validation Process 56

KEPCO & KHNP v

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

List of Acronyms

ANS American Nuclear Society

ANSI American National Standards Institute
APR1400 advanced power reactor 1400
BARS behaviorally anchored rating scale
BTP branch technical position
C&ID control and instrumentation diagram
CBP computer-based procedure
CCW component cooling water
CFR code of federal regulations
CLD control logic diagram
DCD design control document
D3 diversity and defense-in-depth
EO electrical operator
EOF emergency operating facility
EOP emergency operating procedure
FPD flat panel display
HA human action
HED human engineering discrepancy
HFE human factors engineering
HFEPP human factors engineering program plan
HSI human system interface
HVAC heating, ventilation, and air conditioning
I&C instrumentation and control
IAEA International Atomic Energy Agency
IHA important human action
IP implementation plan
ISV integrated system validation
ITS issue tracking system
KHNP Korea Hydro & Nuclear Power Co., Ltd.
LCS local control station
LDP large display panel
LOCA loss of coolant accident
MCR main control room
NRC Nuclear Regulatory Commission

KEPCO & KHNP vi

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

NASA National Aeronautics and Space Administration

OER operating experience review
P&ID piping and instrumentation diagram
PRA probabilistic risk assessment
RCS reactor coolant system
RIHA Risk-important Human Action
RG Regulatory Guide
RO reactor operator
RSC remote shutdown control console
RSR remote shutdown room
SAGAT situation awareness global assessment technique
SART situational awareness rating technique
SG steam generator
SI safety injection
SIAS safety injection actuation signal
SME subject matter expert
SOC Sampling of Operational Conditions
SOP system operating procedure
SRO senior reactor operator
SS shift supervisor
STA shift technical advisor
TA task analysis
TGBCCW turbine generator building closed cooling water
TLX task load index
TO turbine operator
TSC technical support center
V&V verification and validation
VDU video display unit

KEPCO & KHNP vii

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

1.0 Overview

The Human Factors (HF) Verification and Validation (V&V) Implementation Plan (IP) describes
the plan and additional detail for how to manage, perform, and document HF V&V activities.

The HF V&V IP also provides information describing operational conditions, scenarios, testing,
HSI inventory and characterization, verification and validation processes, evaluation methods, etc.

Specifically, this implementation plan meets the information and guidance as presented by
NUREG-0711 (Reference 4), including the following HF V&V processes:

1) Sampling of operational conditions

2) Human-system interface (HSI) inventory and characterization
3) Task support verification
4) Human factors engineering (HFE) design verification
5) Integrated system validation (ISV) as defined in the Human Factors Engineering
Program Plan (HFEPP) (Reference 19)
6) Human engineering discrepancy (HED) resolution verification

This implementation plan also provides the basis for the information presented in Section 18.10 of
the APR1400 Design Control Document (DCD) Chapter 18.0.

1.1 Purpose

The purpose of the HF V&V IP is to provide more detail and descriptions of the steps that need to
be taken to perform effective HF V&V evaluations that are acceptable to the NRC staff. Effective
HF V&V evaluations provide a comprehensive determination that the HFE design conforms to
HFE design principles and that it ensures plant personnel will be able to successfully perform
their tasks to achieve the plant safety and power production.

The purpose of HF V&V is to verify that:

• Sampling of operational conditions includes the representative conditions of the range of

events that could be encountered during the plant operation, reflects the expected
characteristics contributing to variations in the system performance, and considers the
safety significance of HSIs.

KEPCO & KHNP 1

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

• Descriptions of the HSI inventory and characterization include all HSI displays, controls and
related equipment within the scope defined by the sampling of operational conditions.

• The HSI provides the needed alarms, information, controls and task support defined by the
task analysis (TA) for personnel performing their tasks.

• The design of the HSIs conforms to the HFE guidelines specified in the Style Guide
(Reference 18).

• The integrated system design (i.e., hardware, software, procedures and personnel elements)
supports the safe operation of the plant as determined by the performance-based tests.

• HEDs have been properly dispositioned that consist of:

- HEDs have been evaluated to determine if they require corrections,
- HED design solutions have been identified, and
- HED design solutions have been implemented and verified.

1.2 Scope

The HF V&V Implementation Plan applies to conducting the HF V&V process for all HSI's in the
main control room (MCR), remote shutdown room (RSR), technical support center (TSC) and
emergency operations facility (EOF). This implementation plan also applies to conducting the HF
V&V process for the HSIs at the local control stations (LCSs) associated with important human
actions (IHAs).

The HF V&V process consists of six steps: (1) sampling of operational conditions, (2) HSI
inventory and characterization, (3) task support verification, (4) HFE design verification, (5) ISV,
and (6) HED resolution verification.

(1) The sampling of operational conditions (1) identifies conditions representative of the range of
events that could be encountered during the plant operation, (2) reflects the characteristics
expected to contribute to variations in the system performance, and (3) considers the safety
significance of HSIs.

(2) Determining the HSI inventory and characterizing HSI accurately describes HSI displays,

KEPCO & KHNP 2

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

controls, and related equipment that are within the scope defined by the selected sample of
operational conditions.

(3) Task support verification verifies that the HSI provides the needed alarms, information,
controls, and task support defined by the TA for personnel performing their tasks.

(4) HFE design verification verifies that HSI design conforms to the Style Guide (Reference 18).

(5) The ISV step validates that the integrated system design (i.e., hardware, software,
procedures and personnel elements) supports the safe operation of the plant.

(6) The HED resolution step (1) evaluates HEDs to determine if they require corrections, (2)
identifies design solutions to address HEDs that must to be corrected, and (3) verifies the
completed implementation of these HED design solutions.

1.3 Definitions

Bias

Bias is an aspect of an evaluation methodology that systematically modifies performance or its

interpretation.

Component

The meaning of the word "component" depends on its context. In the context of the entire plant, it
is an individual piece of equipment such as a pump, valve or vessel, usually part of a system. In a
HSI context, a component is one part of a larger unit, such as a display meter on a control board.

Human Engineering Discrepancies (HED)

A human engineering discrepancy is a departure from the benchmark of system design suitability
for the roles and capabilities of the plant operator. This may include a deviation from a standard or
convention of human factors engineering practice, an operator preference or need, or an
instrument/equipment characteristic that is implicitly required for an operator's task but is not
provided to the operator.

Human Factors Engineering

KEPCO & KHNP 3

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

The application of knowledge about human capabilities and limitations to plant, system and
equipment design. HFE ensures that the plant, system, equipment design, human task and work
environment are compatible with the sensory, perceptual, cognitive and physical attributes of the
personnel who operate, maintain and support it.

Important Human Actions (IHAs)

Important human actions consist of those actions that meet either risk or deterministic criteria in
terms of plant safety.
• Risk-important human actions: Actions defined by risk criteria that plant personnel use to
assure plant safety. There are absolute and relative criteria for defining risk important
human actions. For absolute criteria, a risk-important action (RIHAs) is any action whose
successful performance is needed to reasonably assure that predefined risk criteria are met.
For relative criteria, the risk-important actions are defined as those with the greatest risk
compared to all human actions. Risk-important human actions based on relative criteria can
be identified quantitatively from risk analyses, and qualitatively from various criteria, such as
an evaluation of the task performance based on considering performance-shaping factors.

• Deterministically identified important human actions: Deterministic engineering analyses

typically are completed and described as part of the APR1400 DCD. Such analyses include
instrumentation and controls (I&C) as described in Chapter 7 and transient and accident
analyses, as described in Chapter 15. These deterministic analyses also credit human
actions.

Human-System Interface (HSI)

A human system interface (HSI) is that part of the system through which personnel interact to
perform their functions and tasks. Major HSIs include alarms, information displays, controls, and
procedures. HSI use can be influenced directly by factors such as (1) the organization of HSIs
into workstations (e.g., consoles and panels); (2) the arrangement of workstations and supporting
equipment into facilities, such as a main control room, remote shutdown station, local control
stations, the technical support center (TSC), and the emergency-operations facility (EOF); and (3)
the environmental conditions in which the HSIs are used, including temperature, humidity,
ventilation, illumination, and noise. The use of HSIs also can be affected indirectly by other
aspects of plant design and operation, such as personnel training, shift schedules, work practices,
and management and organizational factors, such as the safety culture of the plant staff.

KEPCO & KHNP 4

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Operating Experience Review

An operating experience review (OER) is a review of previous designs similar to the current
design to identify, analyze and address HFE-related problems and issues; to analyze negative
features in previous designs so that they are avoided in developing the current system while
retaining the positive features.

Performance-based tests

Performance-based tests involve assessing personnel performance, including subjective opinions,

to evaluate a design.

Plant

The operating unit of a nuclear power station, including the nuclear steam supply system, the
turbine, electrical generator, and all associated systems and components (commonly referred to
as the balance of plant). For a multi-unit plant, the term “plant” refers to all systems and
processes associated with a specific unit’s ability to produce electrical power, even though other
units might share some systems or portions of systems.

Plant Safety

Plant safety is also referred to as “safe operation of the plant.” A general term used herein to
denote the technical safety objective as articulated by the international nuclear safety advisory
group of the International Atomic Energy Agency (IAEA) in the “Basic Safety Principles for
Nuclear Power Plants” (Reference 17): “To prevent with high confidence accidents in nuclear
plants; to verify that, for all accidents taken into account in the design of the plant, even those of
very low probability, radiological consequences, if any, would be minor; and to provide reasonable
assurance that the likelihood of severe accidents with serious radiological consequences is
extremely small.”

Primary Tasks

Primary Tasks are those tasks performed by personnel to supervise the plant (i.e., monitoring,
detection, situation assessment, response planning, and response implementation).

Procedures

KEPCO & KHNP 5

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Written instructions providing guidance to plant personnel for operating and maintaining the plant,
and for handling disturbances and emergency conditions.

Secondary Tasks

Secondary tasks are those tasks personnel must complete when interfacing with the HSI, such as
navigation through computer screens to find a needed display and HSI configuration.
Complicated secondary tasks often have negative effects on the performance of primary tasks.

Simulator

A facility that physically represents the HSI configuration and that dynamically represents the
operating characteristics and responses of the plant in real time.

System

An integrated collection of plant components and control elements that carry out a function alone,
or with other plant systems.

Task

A group of activities with a common purpose, often undertaken and timed closely together.

Verification

The process by which the design is evaluated to determine whether it (1) provides the information,
controls, and task-support needed to accomplish tasks; and (2) conforms to the HFE design
guidance.

Validation

The set of activities to ensure that a system can accomplish its intended use, goals, and
objectives in the particular operational environment.

KEPCO & KHNP 6

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

2.0 References

1. 10CFR50.34(f), Additional TMI-related requirements.

2. NUREG-0800, Rev. 2, "Standard Review Plan for the Review of Safety Analysis Reports for
Nuclear Power Plants: LWR Edition”, 2007.

3. NUREG-0700, Rev. 2, “Human-System Interface Design Review Guidelines,” USNRC, May,

2002.

4. NUREG-0711, Rev. 3, “Human Factors Engineering Program Review Model," USNRC,

November, 2012.

5. NUREG-1342, "A Status Report Regarding Industry Implementation of Safety Parameter

Display Systems," USNRC, 1989.

6. Regulatory Guide 1.33, Rev. 2, “Quality Assurance Program Requirements (Operation),”

USNRC, 1978.

7. Regulatory Guide 1.97, Rev. 4, "Criteria for Accident Monitoring Instrumentation for Nuclear
Power Plants," USNRC, 2006.

8. NUREG/CR-6393, “Integrated System Validation: Methodology and Review Criteria,” USNRC,

1997.

9. NUREG/IA-0137, “A Study of Control Room Staffing Levels for Advanced Reactors,” USNRC,
2000d.

10. ANSI/ANS-3.5-2009, "Nuclear Power Plant Simulators for Use in Operator Training and
Examination,” ANSI and ANS.

11. Endsley, M.R., “Towards a theory of Situation Awareness in Dynamic Systems, Human
Factors,” Vol. 37, pp. 32-64, 1995a.

12. Endsley, M.R., “Measurement of Situation Awareness in Dynamic Systems, Human Factors,”
Vol. 37, pp. 65-84, 1995b.

KEPCO & KHNP 7

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

13. Hill, S.G., Iavecchia, H.P., Byers, J.C., Bittier, A.C., Zaklad, A.L., & Christ, R.E., “Comparison
of four subjective workload rating scales. Human Factors,” 34, pp.429-440, 1992.

14. Paul Salmon, Neville Stanton, Guy Walker & Damian Green, “Situation Awareness
Measurement: A review of applicability for C4i environments. Journal of Applied Ergonomics,”
37, 2, pp. 225-238, 2007.

15. Sandra G. Hart, Lowell E. Staveland, “Development of NASA-TLX (Task Load Index): Results
of Empirical and Theoretical Research,” NASA/CR-1997-205754, 1988.

16. Sebok, A., “Team performance in process control: influences of interface design and staffing
level, Ergonomics,” Vol. 43, pp. 1210-1236, 1988.

17. INSAG-12, Rev.1, “Basic Safety Principles for Nuclear Power Plants 75-INSAG,” IAEA, 1999.

18. KHNP, APR1400-E-J-NR-12005-P, “Style Guide,” September 2013.

19. KHNP, APR1400-E-J-NR-12002-P, “Human Factors Engineering Program Plan,” September,

2013.

20. KHNP, APR1400-E-J-NR-12003-P, “Operating Experience Review Implementation Plan,”

September, 2013.

21. KHNP, APR1400-E-J-NR-12007-P, “Task Analysis Implementation Plan,” September, 2013.

KEPCO & KHNP 8

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

3.0 Sampling of Operational Conditions

The purpose of sampling the operational conditions (SOCs) is to select representative operational
conditions that are expected to occur during the lifetime of the plant, and to reflect characteristics
(including HSI design) that may affect system performance. Sampling supports the evaluating the
adequacy of the task scope for V&V of task support verification, HFE design verification, and ISV.

Sampling is necessary due to the fact that testing every important operational condition during
the operation of the plant is neither possible, nor reasonable considering the cost and the time
involved.

Sampling is performed according to appropriate methods and procedures to achieve the purpose
of being representative, as stated above. The methods and procedures ensure that the conditions
selected by sampling are representative and include characteristics that affect the variability of
the system performance. However, there are obvious limitations to the SOCs when compared to
the variety of operational conditions that may actually occur, even if appropriate the SOCs were
made according to the methods and procedures. Therefore, the selected conditions may not
assure representation of plant operational conditions due to these limitations. Multidimensional
sampling strategy (see Section 3.1) is applied in order to ensure their representativeness.

3.1 Sampling Dimensions

Applying the multidimensional sampling strategy means selection of operational conditions based
on a variety of operational conditions that may be expected to occur during the lifetime of the
plant, including the operational tasks to be carried out by operators under conditions and
situational factors which influence the operator performances of the tasks.

These concepts are as follows:

A. Plant Conditions

Operational conditions consist of normal operation, that commonly takes place during the life of
the plant, abnormal operation due to an equipment failure or a system failure, and emergency
operation resulting from an unexpected event that may lead to radiation release. Operational
conditions are described in more detail below.

KEPCO & KHNP 9

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Normal Operation
Normal operation includes the following operational modes:
• Plant startup, including hot standby to minimum load (nuclear startup), turbine startup, and
synchronization of the generator
• Plant shutdown, including shutdown to hot standby, operating at hot standby, and hot
standby to cold shutdown
• Refueling
• 100% power operation
• Changes in operating power

Abnormal Operation
Abnormal operation includes operation with the following failures present (and in one case a DBA
in progress):
• I&C system failure and degraded conditions, including sensor, monitoring, automation, and
control/communications subsystem failures and malfunctions (e.g., safety system logic and
control unit, fault tolerant controller)
• Common cause failure of the I&C system during a design basis accident (as defined by BTP
7-19, Reference 2)
• HSI failure including, loss of processing or display capabilities for alarms, displays, controls,
and computer-based procedures

Transients and Accidents

Operation interrupted by the following transients and accidents:
• Turbine trip, loss of off-site power, station blackout, loss of all feedwater, loss of service
water, loss of power to selected buses or MCR power supplies, and safety and relief valve
transients
• Main steamline break, positive reactivity addition, control rod insertion at power, anticipated
transient without scram, and various-sized loss of coolant accidents
• Reactor shutdown and cooldown using the remote shutdown system
• Reasonable, risk-significant, beyond-design-basis events that are determine from the PRA
• Functional recovery including reactivity control, vital auxiliaries, inventory control, pressure
control, reactor coolant system (RCS) decay heat removal, containment isolation,
containment temperature and pressure control, and containment hydrogen control

B. Personnel Tasks

The following types of personnel tasks are included in the sampling of operational conditions.

KEPCO & KHNP 10

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

IHAs, Systems and Accident Sequence

The sample includes contributing factors that contribute highly to risk, as defined by the PRA
• Dominant human actions
• Dominant accident sequences

Manual Initiation of Protective Actions

• Manual system level actuation for critical safety functions

Automatic System Monitoring

• Situations in which humans must monitor a risk-important automatic system

OER-Identified Problematic Tasks

• All personnel tasks identified as problematic during the operating experience review

Procedure Guided Tasks; Based on RG 1.33, Appendix A (Reference 6)

The sample includes tasks that are well-defined by procedures, including the following procedure
categories:
• Administrative procedures
• General plant operating procedures
• Procedures for startup, operation, and shutdown of safety systems
• Procedures for abnormal, off normal, and alarm conditions
• Procedures for dealing with emergencies and other significant events (e.g., reactor
accidents and declaration of emergency action levels)
• Procedures for controlling radioactivity
• Procedures for controlling measuring and test equipment for surveillance tests, procedures,
and calibration
• Procedures for performing maintenance
• Chemistry and radiochemical control procedures

Knowledge-Based Tasks

• Tasks that are not well defined by detailed procedures (e.g., steam generator tube rupture
with a failure of radiation monitors on the secondary)

KEPCO & KHNP 11

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Human Cognitive Activities

The sample includes the range of cognitive activities that personnel perform, such as:
• Detecting and monitoring (e.g., critical safety function threats)
• Situation assessment (e.g., interpreting alarms and displays to diagnose faults in plant
processes and in automated control and safety systems)
• Planning responses (e.g., evaluating alternatives to recover from plant failures)
• Response implementation (e.g., in-the-loop control of plant systems, assuming manual
control from automatic control systems, and carrying out complicated control actions)
• Obtaining feedback (e.g., feedback of the success of actions taken)

Human Interactions
The sample includes the range of interactions among plant personnel, including tasks performed
independently by individual crew members, and those undertaken by a team of crew members,
including:
• MCR operators (e.g., operations, shift turnover process)
• MCR operators with auxiliary operators and other plant personnel performing tasks locally
(e.g., maintenance or I&C technicians, chemistry technicians, etc.)
• MCR operators and the TSC and the EOF staff
• MCR operators with plant management, the NRC, and other outside organizations

C. Situational Factors that are known to Challenge Human Performance

A variety of situations exist that adversely affect human performance factors. The operators may
experience an abnormal plant operating situation that is not anticipated such as failure of safety
equipment or accidents that could threaten plant safety and require an urgent immediate action.
Under such a condition, the urgency and the need for an accurate assessment of the situation
demands a significantly increased operator task burden and imposes an increased operator
fatigue level compared to normal operation. Therefore, the following situational factors are
reflected in the selection of the operational conditions.

High-Workload Situations
Selection of operational conditions includes:
• Situations where variations in human performance due to high workload on multi-tasking
situations can be assessed.

KEPCO & KHNP 12

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Varying-Workload Situations
Selection of operational conditions includes:
• Conditions where there is a sudden increase in the number of signals that must be detected
and processed after a period of infrequent signals
• Conditions where there is a rapid reduction in the need for detecting signals and processing
demands following a time of high sustained task-demand

Fatigue Situations
Selection of operational conditions includes:
• Situations that may be associated with fatigue, such as work on backshifts and tasks
performed frequently with fatigue, such as repeated inputs to a touch screen during plant
operations

Environmental Factors
Selection of operational conditions includes:
• Environmental conditions that may cause human performance to vary (e.g., poor lighting,
extreme temperatures, high noise, and simulated radiological contamination)

3.2 Identification of Scenarios

HF V&V scenarios are based on the operational conditions selected in Section 3.1, and the
scenarios are developed excluding the following attributes:

• Scenarios for which only positive outcomes are expected

• ISV scenarios that are relatively easy to conduct
• ISV scenarios that are familiar and well structured (i.e., which address familiar systems and
failure modes that are highly compatible with plant procedures)

These types of scenarios are excluded because the operators are likely to have high
performance in carrying out the tasks, the tasks are relatively easy to perform, or it is expected
the operators will have a high degree of familiarity with the tasks from training.

Scenarios that allow the operators to easily anticipate associated operational conditions while
executing the scenario should also be excluded from the final group of scenarios. Duplicate
scenarios are not included.

KEPCO & KHNP 13

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Scenario Design Requirements

TS

KEPCO & KHNP 14

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

3.3 Scenario Definition

Each scenario is developed by appropriately combining operational conditions selected in Section

3.1 with the scenario design requirements identified in Section 3.2. The developed scenarios are
used in the task support verification, HFE design verification, and ISV.

ISV scenarios are compatible for use in the full-scope simulator, and each scenario is developed
to simulate actual plant operator tasks. Included among ISV scenarios, is the scenario associated
with the control transfer from the main control room to the RSR includes the actual time required
for acquiring the protective equipment and manning the RSR.

3.3.1 Scenario Components

Each scenario includes the following items such that the event flow of a scenario is clearly
understandable to operations experts and human factors engineering professionals. For each
scenario, the following information is defined to reasonably assure that important dimensions of
performance are addressed, and to allow the scenarios to be accurately and consistently
presented for repeated trials:

• A description of the scenario and any pertinent prior history necessary for personnel to
understand the state of the plant at the start-up of the scenario
• Specific initial conditions; a precise definition of the plant’s functions, processes, systems,
component conditions, and performance parameters (e.g., shift turnover)
• Events (e.g., system failures) that occur during the scenario and their initiating conditions
(e.g., based on time, or a value of a specific parameter)
• Precise definition of workplace factors (e.g., environmental conditions, such as low levels of
illumination)
• Needs for task support (e.g., procedures and technical specifications)
• Staffing level
• Details of communication content between control room personnel and remote personnel
(e.g., load dispatcher via telephone)
• Scripted responses for test personnel who will act as plant personnel in the test scenarios
• The precise specification of what, when, and how data are to be collected and stored

KEPCO & KHNP 15

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

(including videotaping, questionnaires, and rating-scale administrations)

• Precise specifications on simulator set up
• Specific criteria for terminating the scenario

3.3.2 Scenario Development

The ISV scenarios will consist of seven scenarios selected per Section 3.1, designed per Section
3.2 and with the components described in Section 3.3.

Table 1. Example of an ISV Scenario TS

KEPCO & KHNP 16

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 17

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 18

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4.0 Design Verification

4.1 HSI Inventory and Characterization

The purpose of the HSI inventory and characterization activity is to identify the displays, controls
and instrumentation required to operate the power plant within the scope defined by the sampling
of operating conditions, and to provide input to the task support verification and HFE design
verification. In order to achieve these objectives, the HSI inventory and characterization is
prepared through analysis of the various design documents, and then it is compared with the HSI
final design content.

4.1.1 Scope

The scope of HSI inventory and characterization is to identify all HSI inventory and
characterization required by personnel to complete the tasks covered in the validation scenarios
that were identified in the sampling of operational conditions and necessary for plant operation.
The scope includes the relevant information for using the HSI features and the navigation method
to search for interface information.

4.1.2 HSI Characterization

The documentation for HSI inventory and characterization includes the following information, as a
minimum. It also includes samples such as HSI display drawings, as appropriate that can
specifically confirm HSI inventory and characterization.

• A unique identification code number or name

• Associated plant system and subsystem
• Associated personnel functions and tasks
• Type of HSI; for example,
- Computer-based control (e.g., soft control such as touch screen or cursor-operator
button control)
- Hard-wired control (e.g., J-handle controller, button, and automatic controller)
- Computer-based display (e.g., digital value and analog representation)
- Hard-wired display (e.g., dial, gauge, and strip-chart recorder)
• Display characteristics and functionality (e.g., plant variables/parameters, units of measure,
accuracy of variable/parameter, precision of display, dynamic response, and display format)
• Control characteristics and functionality (e.g., continuous versus discrete settings, number

KEPCO & KHNP 19

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

and type of control modes, accuracy, precision, dynamic response, and control format)
• User-system interaction and dialog types (e.g., navigation aids and menus)
• Physical location in the HSI (e.g., control panel section), as applicable

4.1.3 Inventory Verification

In order to ensure that the current state is accurately reflected in the HSI inventory and
characterization document, HSI inventory and characterization is performed in accordance with
the following steps:
TS

KEPCO & KHNP 20

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

4.2 Task Support Verification

The purposes of task support verification is to verify task support items identified during the TA,
which is conducted on the selected operational conditions, are available, and to verify that all HSI
(e.g., alarms, controls, and displays), which are needed to carry out the operator tasks, are
provided in the HSI design. Task support verification includes input data from the HSI inventory
and characterization and task support items identified from the TA.

KEPCO & KHNP 21

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4.2.1 Verification Criteria

The HSI task support criteria are based on the alarms, controls, displays, and task support
needed by personnel to complete their tasks, as identified by the applicant’s task analysis.

4.2.2 General Methodology

TS

Figure 1. HSI Inventory and Characterization of Task Support Verification Process

KEPCO & KHNP 22

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 23

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4.2.3 HED Identification

If the results of task support verification identify any of the following items, they are designated as
HED items:

• HSIs needed for task performance (e.g., a necessary control or display) is unavailable
• HSI characteristics do not match the requirements of the personnel task (e.g., a display
shows the needed plant parameter, but not within the range or precision needed for the task)
• HSIs are available that are not needed for any task.

4.2.4 HED Documentation

Documentation of HEDs will identify the HSI, the tasks affected, and the basis for the deficiency,
e.g., what aspect of the HSI was identified as not meeting task requirements. The HED items
identified by task support verification are managed and documented in accordance with Section 6.

4.3 HFE Design Verification

The purpose of the HFE design verification is to ensure that the HSI of the selected operational
conditions are suitable considering the human capabilities and limitations; i.e., that the design of
the HSIs conforms to HFE guidelines. HSI designs include HSI inventory and characterization as
well as normal environmental conditions of the control room where the HSIs are installed.

4.3.1 Verification Criteria

HSI designs installed in the control room consist of:

• The individual HSI inventory and characterization (e.g., pump symbol, pump controller,
engineering units),
• A combination of or an integrated form of the individual HSI design (e.g., LDP, information
display page, and display network),
• The physical facilities (e.g., large display panel and control room console) provided to
display the above two types of information, and
• The control room environment factors (e.g., background noise, temperature, and humidity)
where those physical facilities are installed.

KEPCO & KHNP 24

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

The review criteria for the verification of above four factors are based on the specification in
NUREG-0700 (Reference 3).

4.3.2 General Methodology

HFE design verification is performed using the four criteria of the HSI design described in Section
4.3.1 verification criteria. The design verification process is shown in Figure 2. The details are as
follows:

1) Individual HSI Inventory and Characterization

TS

KEPCO & KHNP 25

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

2) HSI Design in Combination or Integrated Form of Individual HSI

TS

3) Physical Equipment (including Control Room Layout)

TS

KEPCO & KHNP 26

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4) Environmental Factors TS

KEPCO & KHNP 27

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 28

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

Figure 2. HFE Design Verifiation Process

KEPCO & KHNP 29

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4.3.3 HED Identification

Based on HFE design verification results, when a characteristic of an HSI is determined to

deviate from any HFE design guidelines (i.e., NUREG-0700), the deviation is designated as an
HED. Deviations are identified from the following categories:

• Individual HSI inventory and characterization

• Individual or integrated HSI type of HSI design
• Physical equipment (including control room layout)
• Environmental factors

4.3.4 HED Documentation

The HED items identified by HFE design verification are controlled and documented in
accordance with Section 6.5.

KEPCO & KHNP 30

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.0 Integrated System Validation

The ISV is the final evaluation process of HF V&V activities. By applying the human performance-
based evaluation methodology, ISV is how the integrated system (i.e., hardware, software,
procedures, and personnel elements) is verified to support plant operation. The ISV process is
shown in Figure 3.

ISV is different from the previous HF V&V activities (i.e., HFE design verification and task support
verification). Realistic operating scenarios are developed to determine if human errors could
occur due to operational complexity or excessive task load. The scenarios are developed, and
are carried out in tests using a full scope simulator. Tests are conducted after significant HEDs
identified in previous reviews have been resolved.

The ISV is a human performance-based evaluation. The performance evaluation data will include
directly observable performance data such as the execution time of operator tasks, the frequency
of human error occurrence and performance data that are measurable (e.g., SG level, pressurizer
pressure, etc.). Data also include indirectly measurable performance data such as operator task
load, situational awareness, and collaboration between operators. Various forms of performance
evaluation techniques are applied to collect and analyze the evaluation data in detail.

The performance evaluation techniques include statistical analytical methods as well as reliable
and subjective human performance evaluation tools. To ensure reliability of the ISV results, the
verification is done by individuals or groups other than those who performed the original design or
analysis, but may be from the same organization.

5.1 Validation Team

The validation team is an organization independent from the design organization and the team is
not involved in any design work. The validation team is organized as follows:
TS

KEPCO & KHNP 31

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 32

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5.2 Test Objectives

As stated at the beginning of Section 5.0, the objective of the test is to ensure that the integration
of the various aspects of as-designed HSI provide usable work ensembles that support the
successful accomplishment of the operator's required tasks (i.e., to validate performance of the
integrated HSI system).

The specific objectives are to:

• Validate the acceptability of the shift staffing level (i.e., minimum shift staffing levels, nominal
levels, maximum levels, and shift turnover), the assignment of tasks to crew members, and
crew coordination within the control room, between the control room and LCSs and support
centers, and with individuals performing tasks locally.

• Validate that the HSI design has adequate capability for alerting, informing, controlling, and
feedback such that personnel tasks are successfully completed during normal plant
evolutions, transients, design-basis accidents, and under selected risk significant events
beyond-design basis, as defined by sampling operational conditions.

• Validate that specific personnel tasks can be accomplished within the time and performance
criteria, with effective situation awareness, and acceptable workload levels that balance
vigilance and personnel burden.

• Validate that the HSIs minimize personnel error and assure error detection and recovery
capability when errors occur.

• Validate the assumptions about performance on IHAs.

• Validate that the personnel can effectively transition between the HSIs and procedures in
accomplishing their tasks, and that interface management tasks, such as display
configuration and navigation, are not a distraction or an undue burden.

KEPCO & KHNP 33

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.3 Validation Testbeds

A full-scope simulator developed to meet ANSI/ANS 3.5-2009, (Reference 10) is used as the
validation testbed.

• Interface Completeness

The testbed completely represents the integrated system. It includes HSIs and procedures
not specifically required in the test scenarios.

• Interface Physical Fidelity

The testbed’s HSIs and procedures represent the APR1400 design with high physical fidelity,
including the presentation of alarms, display, controls, job aids, procedures,
communications equipment, interface management tools, layout, and spatial relationships.

• Interface Functional Fidelity

The testbed’s HSI and procedures represent the APR 1400 design with high functional
fidelity. All HSI functions are available.

• Environment Fidelity

The testbed’s environmental parameters represent the APR1400 design’s environmental

parameters with high physical fidelity, including expected levels of lighting, noise,
temperature, and humidity.

• Data Completeness Fidelity

Information and data provided to personnel completely represent the APR1400 systems
design that they monitor and control.

• Data Content Fidelity

The testbed’s data content represents the APR1400 design’s data content with high
physical fidelity. The presentation of information and controls rests on an underlying model
accurately mirroring the APR1400 design. The model provides input to the HSI such that the
information accurately matches the condition presented during operations.

KEPCO & KHNP 34

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

• Data Dynamics Fidelity

The testbed’s data dynamics represent the APR 1400 design’s data dynamics with high
fidelity. The process model is able to provide input to the HSI, so that information flow and
control responses occur accurately and within the correct response time (e.g., information
should be sent to personnel with the same delays as occur in the plant).

• For IHAs at complex HSIs remote from the main control room (e.g., RSR), where precise
actions are essential, the use of a simulator or mockup is used to verify that the
requirements for human performance can be met. For less IHAs or for non-complex HSIs,
human performance is assessed on analysis, such as TA, rather than on simulations.

• Conformance of the testbed to the testbed-required characteristics is verified before

validation tests are conducted.

5.4 Plant Personnel

TS

KEPCO & KHNP 35

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Table 2. Operator Experience Record TS

5.5 Performance Measurement TS

KEPCO & KHNP 36

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 37

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.5.1 Types of Performance Measures

1) Plant Performance Measures

TS

2) Primary Task Measures TS

KEPCO & KHNP 38

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

3) Secondary Task Measures TS

KEPCO & KHNP 39

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

4) Situation Awareness TS

KEPCO & KHNP 40

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 41

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5) Workload
TS

KEPCO & KHNP 42

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

6) Anthropometric and Physiological Measures

TS

KEPCO & KHNP 43

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0
TS

5.5.2 Performance Measure Information and Validation Criteria

In this section, the actual methods used and measurements obtained for the ISV are discussed
and compared to those measurements described in Section 5.5.1, Types of Performance
Measures to verify the suitability and the basis. Finally, specifics of the compatibility criteria are
explained.

First, it is determined in what form (e.g., surveys, observation, and simulator logging) and at what
point in time (e.g., prior to, during, and after execution of a scenario), the performance
measurement values are obtained in the actual measurement.

Second, the suitability criteria and the basis are selected in accordance with the following four
criteria:

Table 3. Basis for Performance Criteria TS

KEPCO & KHNP 44

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

1) Plant Performance Measures TS

2) Primary Task Measures

TS

KEPCO & KHNP 45

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 46

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 47

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

3) Secondary Task Measures

TS

4) Situation Awareness
TS

KEPCO & KHNP 48

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5) Workload
TS

6) Anthropometric and Physiological Measures

TS

Table 4. Summary of Performance Measures TS

TS

KEPCO & KHNP 49

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5.6 Test Design

TS

5.6.1 Scenario Sequencing

TS

KEPCO & KHNP 50

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 51

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Table 5. Example: ISV Scenario Sequences TS

5.6.2 Test Procedures

ISV establishes the test procedure and follows them in order to minimize the performance effect
on the operator due to the direction or interface with the evaluators. ISV is carried out according
to clear procedures established to meet the following requirements.

5.6.2.1 Test Procedure Requirements

TS

KEPCO & KHNP 52

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5.6.2.2 Detailed Test Procedures

TS

1) Preparation stage of scenario execution

TS

KEPCO & KHNP 53

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

2) Scenario execution stage TS

3) Scenario termination stage

TS

KEPCO & KHNP 54

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

4) Debriefing preparation stage

TS

5) Performing debriefing and termination stage

TS

KEPCO & KHNP 55

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

Figure 3. Integrated System Validation Process

5.6.3 Test Personnel Training

TS

KEPCO & KHNP 56

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5.6.4 Participant Training

Since those operators who participate in the ISV, including the shift supervisor and reactor
operators should be familiar with the APR1400 HSI design as well as system design.

5.6.5 Pilot Testing TS

KEPCO & KHNP 57

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.7 Data Analysis and HED Identification

TS

5.7.1 Individual Performance Measures

1) Plant Performance Measures

TS

2) Primary Task Measures

TS

KEPCO & KHNP 58

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

Table 6. Example of BARS T-test TS

Table 7. Example of Expert Correlation Analysis TS

KEPCO & KHNP 59

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

3) Secondary Task Measures

TS

Table 8. Example of T-test Result Form for the Secondary Task TS

TS
4) Situation Awareness

KEPCO & KHNP 60

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

Table 9. Example of T-test Result Form for the Situation Awareness TS

5) Workload TS

KEPCO & KHNP 61

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Table 10. Example of T-test Result Form for the Workload TS

6) Anthropometric and Physiological Measures TS

Table 11. Example: T-test for Anthropometric and Physiological Factors TS

KEPCO & KHNP 62

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5.7.2 Individual Scenarios and Assumptions of IHAs

1) Analysis of Individual Scenarios

TS

Table 12. Example: Acceptance Criteria for an Individual Scenario including IHA TS

2) Analysis of Assumptions of IHAs

TS

KEPCO & KHNP 63

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 64

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

5.8 Validation Conclusions

TS

TS
Table 13. Example of an Acceptance Criteria for ISV

KEPCO & KHNP 65

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

TS

KEPCO & KHNP 66

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

6.0 Human Engineering Discrepancy Resolution Review Criteria

The objective of the HED resolution process is to ensure that HEDs are evaluated for importance,
important HEDs are resolved and corrected, and HED corrections are acceptable. HEDs are
identified through the task support verification, the HFE design verification and the ISV processes.

The HED resolution process will (1) evaluate HEDs to determine if they require correction, (2)
identify design solutions to address HEDs that must be corrected, and (3) verify the completed
implementation of HED design solutions.

6.1 Human Engineering Discrepancy Analysis

TS

KEPCO & KHNP 67

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

6.2 Selection of HEDs to Correct

6.3 Development of Design Solutions TS

6.4 Design Solution Evaluation TS

KEPCO & KHNP 68

KEPCO & KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

6.5 HED Evaluation Documentation

TS

KEPCO & KHNP 69

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

APPEDDIX A: BARS Questionnaire TS

1. Communication TS

KEPCO & KHNP 70

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

2. Team spirit TS

KEPCO & KHNP 71

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

3. Openness TS

KEPCO & KHNP 72

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

4. Coordination as a crew
TS

KEPCO & KHNP 73

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

5. Task focus/Decision making TS

KEPCO & KHNP 74

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

APPEDDIX B: NASA-TLX Questionnaire

TS

KEPCO & KHNP 75

KHNP HF V&V Implementation Plan APR1400-E-J-NR-12010-NP, Rev.0

Crew Number: Scenario:

TS

KEPCO & KHNP 76