Selecting HSIs for new nuclear plants16 December 2015
The analysis, design and selection of advanced human-system interfaces (HSIs) constitute an important part of power plant engineering. This article proposes a technology selection scheme for the nuclear industry, based upon context of use, technology readiness levels, usability, and human performance requirements. By Jacques Hugo and David Gertman
The human-system interface (HSI) must support human capabilities and limitations including cognitive as well as physical aspects necessary to ensure safe, optimal plant performance. Devices that successfully accomplish this satisfy six important human performance goals that all contribute to the safe and efficient operation of the plant: reduce complexity; reduce error and improve human reliability; improve usability; reduce operator workload; support low variance among users; and improve situation awareness.
Most general-purpose HSIs can be used in any environment where a human needs to interact with a controllable process or device - the HSI is the user's "handle" on the device. This assumes, of course, that the HSI is well-designed and matched to the capabilities and limitations of the user. The same principle also applies to special-purpose HSIs. The "handle" of devices in this environment can be as simple as a control panel with a number of buttons and physical controllers, or as complex as a device that detects and translates the user's brainwaves into commands that control one or more processes or machines.
Development of HSI selection guidance
The primary purpose of selection guidance is the successful integration of advanced HSIs in modernised and new nuclear plants. The approach is to provide a framework for new technology selection that is generic enough to enable comparison of any type of HSI technology and associated concepts. The framework should be technology-neutral enough to be able to deal with a degree of uncertainty, but it can only be realistically applied when there is enough information available about the possible technologies to enable designers to make an informed decision about criteria for comparison.
The recommended selection scheme described below consists of four criteria groups:
- HSI technical characteristics, including architecture and functions, technology readiness, and regulatory considerations;
- Context of use (work domain context and operational context);
- Human performance and human-system interaction.
Human performance is the most important criterion, but it depends on, and is influenced by, all other criteria.
HSI technology characteristics
The primary purpose of the HSI is to support the human user in any operational condition, that is, it must be usable for its assigned function during all plant operating modes such as startup, shutdown, refuelling operations, maintenance, and plant disturbances. The plant disturbances include anticipated operating occurrences (e.g., reactor scram, turbine trip or loss of off-site power), design basis events (e.g., accident conditions such as steam generator tube rupture or large pipe break), and beyond design basis events (e.g., emergency conditions leading to radioactive releases). This context includes the tasks of the operator under those conditions, the environmental characteristics of the situation in which HSIs are used to operate the plant, and the use of procedures corresponding to the plant condition or the nature of the evolution.
The HSI in older plants is complex, but it is possible to describe it simply as consisting of control boards, panels, gauges, switches, controls, alarm annunciators, and so on.
The advanced main control room, with digital HSIs is a system with many functions, components and interfaces to other systems and environments. The advanced HSI is a hierarchy of high- and low-level components. It is possible to describe this structure from different viewpoints, for example, safety- or non-safety-related; operations or maintenance, etc. It is important that the characterisation covers these different perspectives and contexts. A technology-centric as well as a human-centric classification is possible. This approach makes it possible to distinguish three classes of technology:
Output technologies can be visual, auditory or haptic devices. Typical examples are large display panels, desktop displays, handheld devices, audio devices, printers, and force feedback devices. Their use ranges from situational awareness displays in the control room, to procedural and diagnostic support for maintenance work in the field. Most of these devices are well established in various industries and their technology readiness is very high (level 9 - see discussion below).
Electro-mechanical control devices provide input to a system. They include the conventional mouse, keyboard, stylus, touch pad, and control panels, but also touch screens, voice recognition systems, or wireless remote controls. These devices could be used inside the control room or in any environment inside and outside the plant. More advanced devices are more likely to be used for maintenance, diagnostic and monitoring functions.
Hybrid devices combine input and output and provide a wide range of multimodal interaction options. Many devices (tablets, smartphones or wearable computers) are already in common use in other industries, especially to support hands-free operations such as field work requiring access to procedural or technical information while performing a task. However, more sophisticated devices like head-mounted displays and augmented reality devices are still experimental and typically suffer from usability problems. They are cumbersome and obscure peripheral visual cues. They also compete with other visual requirements. Some of these devices are still at a technology readiness level 8 or even 7, and require careful consideration before they are implemented.
HSI architecture and functions
To reduce the complexity of the multi-dimensional structure of HSIs, we have developed a taxonomy that explains the levels of the physical architecture and the functional relationships between the devices at various levels. This taxonomy can serve as a reference for instrumentation and control designers and human factors engineers.
The taxonomy consists of two sections: the physical architecture, and the functional architecture of the HSI
The physical architecture includes the operating environment and all the hardware within it.
The functional architecture identifies the main HSI functions:
- Plant, system and process monitoring;
- Process and system control (hard and soft controls);
- Alarm response;
- Event recovery;
- Procedure following;
- Condition diagnosis;
- Communication (operations, management, maintenance, grid);
- Routine reporting;
- Exception reporting; and
- Other support functions.
Technology readiness levels
One of the most effective ways to evaluate devices considered for use in the control room or in the plant is their "technology readiness level" as defined by the US Department of Energy.
It evaluates the proposed technology's maturity against technical, programmatic, and manufacturing indicators.
There are nine levels, starting with level 1 where scientific research begins to be translated into applied research and development, to level 9 where the application of technology is in its final form and facilities, structures, systems and components have been successfully operated for some time. HSI that has not reached at least level 8 is unlikely to be used in the nuclear industry, even for experimental purposes. A laboratory may consider level 7 devices (prototypes or near-operational systems) for research and demonstration.
Adopting new technology involves risk and technology readiness assessment also provides the basis for risk assessment and uncertainty quantification. The consensus in various industries is that higher levels of technology readiness present lower risk, or at least lower perceived risk. However, designers should not underestimate the challenge and subjectivity that can exist in assigning readiness levels. Subsystems in a system can have different levels and it may be necessary to conduct a probabilistic risk assessment and extensive field tests.
Current US Nuclear Regulatory Commission (NRC) regulations were developed to support traditional large light water reactors. With regard to the human role the focus is avoiding human error and improving human reliability in normal and abnormal operational conditions. This includes requirements for control room staffing, evaluating HSIs, and conducting human factors engineering activities in the plant.
Although current NRC guidance (NUREG-0800, NUREG-0711, and NUREG-0700), provides a general framework for conducting design-specific reviews, the review of control room and HSI designs is challenging for future plants that plan to use advanced HSIs. This is because of the differences between the new reactor designs and previously licensed reactor designs and also because of a lack of research and design data to provide an adequate technical basis for decisions.
A starting point for the designer will be to identify tasks that could substantially affect operator workload and see how these could be supported by advanced HSIs. Of particular importance will be new NRC requirements for the minimum number of indicators and controls needed for the operator to maintain situation awareness during upset conditions.
For the human factors engineer it is essential to resolve regulatory issues regarding the use of new HSIs as early as possible. This can only be accomplished by developing appropriate human factors guidance. This guidance will also support the NRC staff's review of the design and licence applications.
Context of use
A clear definition of the context in which HSIs are used helps with classifying them unambiguously, which helps in the design and selection of technologies. The operator's interaction with devices under defined operational conditions must also be accounted for in the design and selection of advanced HSIs. A clear understanding of the aggregation of all these conditions helps to simplify the problem space.
The HSI technologies can be defined and classified in terms of the work domain, and the operations performed within that domain.
We suggest that when considering the communication, mobility and general performance needs of workers in upgraded and new plants, ten distinct work domains can be identified where advanced HSIs will play an important role. Some of these are dedicated and enclosed areas; some have variable boundaries. They are:
- Main control room - This is an enclosed area, often in close proximity to the reactor and turbine building.
- Local control stations throughout the plant, typically consisting of one or more small control panels.
- Materials and waste fuel handling, typically with forklifts, cranes and similar tools.
- Refuelling operations, using specialised equipment.
- Fuel processing facilities, typically using specialised equipment like robotic manipulators to handle hazardous materials.
- Outage control centre, characterised by many desktop computers, large displays, printers, planning boards and communication equipment.
- Fuel processing installations, with equipment to handle hazardous materials, such as robotic manipulators.
- Technical support centre - typically somewhere on site with large displays, but also limited HSIs that provide access to some displays found in the control room.
- Emergency operations facility - at a remote location outside the plant perimeter with access to data from the control room.
- Maintenance facilities inside and outside the plant, using a range of conventional and specialised tools.
Most of these work environments have a greater or lesser degree of interdependence, as shown in Figure 1 of a typical large nuclear power plant.
HSI usability criteria
One of the most comprehensive methods to evaluate the usability of a device for an operational task is to apply the framework offered by ISO 9241-306:2008 ("Ergonomics of Human-System Interaction - Field assessment methods for electronic visual displays").
This standard helps the designer to define usability in terms of the "safety, effectiveness, efficiency, and satisfaction with which a specific user can use a specific system in a defined context." This approach would also require us to define "safety, effectiveness, efficiency, and satisfaction" in more precise human factors and contextual terms. (Note that "safety" is not regarded as a separate attribute, but as an outcome of the correct application of the other three attributes). Usability assessment is thus an important tool to help identify where particular technologies might either provide benefits or introduce problems, from the user's perspective.
Designers should keep in mind that all advanced HSIs are supported by a software component that in itself represents advanced technology. This is especially important from an integration and interoperability point of view, because the main characteristic of a new HSI software platform in a plant is that it will typically form part of the plant's distributed control system (DCS) software, used for overall plant I&C integration and automation. This means that the entire integrated system should be subjected to usability evaluation.
The three attributes are defined as follows in the Standard:
- Effectiveness: the accuracy and completeness with which users achieve specified goals.
- Efficiency: the resources expended.
- Satisfaction: freedom from discomfort, and positive attitudes towards the use of the product.
The features of all devices identified can now be tested for effectiveness, efficiency and satisfaction in the setting where they will be used, for example:
- The device must be accessible during all task-related operational conditions.
- Displays must be readable under all task-related environmental conditions (sunlight or other ambient lighting).
- The device must be usable for people with gloves, sweaty hands, etc.
- The device must be portable with ease when it needs to be carried by users.
- The design must prevent error, damage and injury.
- Use of the device must not interfere with safe operations or other tasks.
- Behaviour when the device runs out of battery power or if the power is interrupted must provide a timely warning for almost empty battery, easy access to recharging facilities, etc.
- If the device needs to be set-up or installed, especially by untrained users, this phase should be tested prior to deployment.
There will be significant variability and uncertainty where a new HSI device is considered. The fact that it might have been successfully applied in other environments is no guarantee that it will be successful in the target domain. It is often necessary to field test a device to verify its performance. The National Institute for Standards and Technology (NIST) has developed a tool named Score (System component operationally relevant evaluations) that can be used to test technology.
In the Score framework (Figure 2) "value/usability assessment" (sometimes a "Utility" concept is used) refers to the value of the system to the user and includes usability assessment of attributes like attitudes, flexibility, and learnability. To obtain an accurate impression of how a system will perform in the field, it is evaluated at component level, capability level, system level and in an operationally relevant environment.
Human performance and HSI
Although human performance is regarded as the most important decision factor before implementing new technologies, it cannot be assessed in isolation; all other criteria described here will ultimately influence human performance and therefore this whole scheme should be applied in the process of selecting HSIs. In addition, achieving these objectives requires a rational human-system function allocation and task analysis before the development of operator interfaces that would support accurate perception of and control over plant processes and systems, while also improving reliability and performance.
With advanced plants there is a high degree of complexity and associated data and information that, if not presented in a proper and meaningful way, can contribute to poor situational awareness. If the crew does not know how to navigate the system to find the right data, the result is stress, confusion and error.
Because some advanced technologies are unlikely to affect control rooms within the next 15 years, it is still uncertain exactly how voice actuation, augmented reality, and touch and gesture interfaces should be integrated to maintain or replace the benefits of pattern recognition supplied by alarms and other indicators in various locations on the control boards. However, some advanced plants currently being designed should keep these options under consideration.
One of the challenges for implementation of advanced HSIs in the short and longer term is to ensure that it supports collaboration and is not implemented with the performance requirements of only a single operator in mind. All advanced designs in one way or another will reduce, but not eliminate, the crew as a key operational element. Advanced HSIs must support this. It is particularly important with devices such as large overview displays currently being promoted as collaborative workspaces.
To provide a human performance perspective to the selection of HSIs, a number of contributing factors must be addressed:
- The mission and purpose of the plant;
- The technical characteristics of the process (e.g., generation of nuclear heat, cooling and heat transport by means of liquid metal, etc.);
- Environmental conditions of the process environment (temperature, noise, vibration, etc.);
- The level and qualifications of staff required for normal and abnormal plant conditions;
- Human-system function allocation and level of automation;
- Physical and cognitive workload (e.g., manual materials handling, or need for complex decision-making);
- The technical, functional, and usability characteristics of HSIs that will be used.
Human performance can be improved by removing conditions or artifacts that negatively affect task performance. Advanced HSIs offer just-in-time support, with advanced features such as:
- Task support for all operational conditions, especially non-routine conditions that call on long-term memory and little-used procedures. The most important feature would be the organisation of the whole HSI as an operator-centric or task-based system with embedded operator support, including various levels of computer-based procedures. Due to the inherent complexity of advanced automation systems, the HSI must support intuitive navigation through a display architecture derived from a proper task analysis, coupled with a functional breakdown and rational function allocation.
- Error-tolerant and resilient operation, adaptive automation schemes, and integrated multimedia communication.
- Less visual and cognitive HSI complexity.
- Cognitive support, such as diagnostic tools and data mining functions. This could include expert operational advice and coaching and procedural support.
They also offer multimodal interactions combining complementary senses for example touch screens, gesture interaction, speech recognition and synthesis, technologies that use touch and tactile feedback to enhance human-system interaction, and even biosensors. Advanced display and interaction features already commercially available or under development in other industries make use of hand-held devices, head-mounted displays, large overview displays, three-dimensional displays, and motion and position tracking. The system is typically driven by high-performance processors for demanding applications such as high-resolution displays and computationally intensive applications like real-time processing and trending of large amounts of plant data.
More sophisticated automation technologies are also emerging that in future will offer automated tools and functions embedded in the HSI and automation system, for example intelligent software agents and predictive simulations that will enable operators to run "what-if" scenarios in preparation for event response.
The design of new nuclear power plants calls for the use of technologies that are not common in the current fleet of reactors, many of which are older than forty years. This article describes the basic principles and a framework for characterising and selecting advanced HSI technology in relation to human factors and operational requirements. This framework will help designers to make informed decisions that would reduce costly error and rework during the engineering process. This will ultimately allow optimisation of human and system performance to levels unheard of in existing power plants.
About the authors