Transcript of All rights reserved © B&W Pantex 2008 4 Hour Professional Development Seminar HPRCT Workshop,...
- Slide 1
- All rights reserved B&W Pantex 2008 4 Hour Professional
Development Seminar HPRCT Workshop, Baltimore Maryland June 21,
2010 Richard S. Hartley, Ph.D., P.E. Janice N. Tolk, Ph.D., P.E.
This presentation was produced under contract number
DE-AC04-00AL66620 with
- Slide 2
- All rights reserved B&W Pantex 2008 An organization that
repeatedly accomplishes its mission while avoiding catastrophic
events, despite significant hazards, dynamic tasks, time
constraints, and complex technologies A key attribute of being an
HRO is to learn from the organizations mistakes A.K.A. a learning
organization 2
- Slide 3
- All rights reserved B&W Pantex 2008 Nuclear Navy Commercial
nuclear power Aircraft carrier operations Hospital patient care
Military nuclear deterrent Forest service Aviation Nuclear weapons
assembly and disassembly 3
- Slide 4
- All rights reserved B&W Pantex 2008 Is it right for you?
4
- Slide 5
- All rights reserved B&W Pantex 2008 Data as of 7/7/2009
Contractor ISM deployed DOE injury rates have come down
significantly since Integrated Safety Management (ISM) was adopted
5
- Slide 6
- All rights reserved B&W Pantex 2008 Rx Trips/ Scrams Cost (
/kwh) Significant Events/Unit Capacity Factor (% up) Nuclear Energy
Institute (NEI) Data 6
- Slide 7
- All rights reserved B&W Pantex 2008 7
- Slide 8
- 8 The Normal Accident Organization
- Slide 9
- All rights reserved B&W Pantex 2008 As Columbia and
Davis-Besse have demonstrated, great safety stats dont equal real,
tangible organizational safety. The tendency for normal people when
confronted with a continuous series of positive stats is to become
comfortable with good news and not be sensitive to the possibility
of failure. Normal people routinely experience failure by believing
their own press (or statistics). 9
- Slide 10
- All rights reserved B&W Pantex 2008 CAIB: The unexpected
became the expected, which became the accepted. 10 When NASA lost 7
astronauts, the organization's TRC rate was 600% better than the
DOE complex. And yet, on launch day 3,233 Criticality 1/1R* hazards
had been waived. * Criticality 1/1R component failures result in
loss of the orbiter and crew.
- Slide 11
- All rights reserved B&W Pantex 2008 Had some performance
hard spots in the 80's Had become a world-class performer in the
next 15 years Preceding initiating events of mid 90's Frequently
benchmarked by other organizations While a serious corrosion event
was taking place Complete core melt near miss in 2002 11
- Slide 12
- All rights reserved B&W Pantex 2008 SYSTEM ACCIDENT
TIMELINE 1979 - Three Mile Island 1984 Bhopal India 1986 NASA
Challenger 1986 Chernobyl 1989 Exxon Valdez 1996 Millstone 2001
World Trade Center 2005 BP Texas City 2007 Air Force B-52 2008
Stock Market Crash What is Next? Who is Next?
- Slide 13
- All rights reserved B&W Pantex 2008 Attempts to Understand
& Prevent System Accidents 13
- Slide 14
- All rights reserved B&W Pantex 2008 Attempts to Understand
& Prevent System Accidents (High Reliability vs. Normal
Accident Theory)
- Slide 15
- All rights reserved B&W Pantex 2008 "Most ailing
organizations have developed a functional blindness to their own
defects. They are not suffering because they cannot resolve their
problems, but because they cannot see their problems. John Gardner
15
- Slide 16
- All rights reserved B&W Pantex 2008 Individual Accidents OR
Systems Accidents? 16
- Slide 17
- All rights reserved B&W Pantex 2008 An accident occurs
wherein the worker is not protected from the plant and is injured
(e.g. radiation exposure, trips, slips, falls, industrial accident,
etc.) Plant (hazard) Human Errors (receptor) 17 Focus: Protect the
worker from the plant
- Slide 18
- All rights reserved B&W Pantex 2008 An accident wherein the
system fails allowing a threat (human errors) to release hazard and
as a result many people are adversely affected Workers, Enterprise,
Surrounding Community, Country 18 Human Errors (threat) Plant
(hazard) Focus: Protect the plant from the worker The emphasis on
the system accident in no way degrades the importance of individual
safety, it is a pre-requisite of an HRO
- Slide 19
- All rights reserved B&W Pantex 2008 System accident - an
occurrence that is unplanned and unforeseen that results in serious
consequences and causes total system disruption (i.e. death, dose,
dollars, delays etc.). System event - any unplanned, unforeseen
occurrence that results in the failure of the system that does not
result in catastrophic consequences -- indicates a breakdown in the
system vital to the well-being of many people and the survivability
of the organization! 19 System accident - an occurrence that is
unplanned and unforeseen that results in serious consequences and
causes total system disruption (i.e. death, dose, dollars, delays
etc.). System event - any unplanned, unforeseen occurrence that
results in the failure of the system that does not result in
catastrophic consequences -- indicates a breakdown in the system
vital to the well-being of many people and the survivability of the
organization!
- Slide 20
- All rights reserved B&W Pantex 2008 20 Some types of system
failures are so punishing that they must be avoided at almost any
cost. These classes of events are seen as so harmful that they
disable the organization, radically limiting its capacity to pursue
its goal, and could lead to its own destruction. Laporte and
Consolini, 1991 Some types of system failures are so punishing that
they must be avoided at almost any cost. These classes of events
are seen as so harmful that they disable the organization,
radically limiting its capacity to pursue its goal, and could lead
to its own destruction. Laporte and Consolini, 1991 Some types of
system failures are so punishing that they must be avoided at
almost any cost. These classes of events are seen as so harmful
that they disable the organization, radically limiting its capacity
to pursue its goal, and could lead to its own destruction. Laporte
and Consolini, 1991
- Slide 21
- All rights reserved B&W Pantex 2008 HROs vs. NAT
Organizations 21
- Slide 22
- All rights reserved B&W Pantex 2008 22 R = C x P If we are
truly working with high-risk operations, ethically and morally we
should not be in business! Risk = Consequence x Probability
- Slide 23
- All rights reserved B&W Pantex 2008 Belief of HRO Accidents
can be avoided by organizational design and management i.e. Risk =
C x P is manageable 23 Dr. Karlene Roberts Dr. Charles Perrow
Belief of NAT Accidents are inevitable in complex and tightly
coupled operations i.e. Risk = C x P is too high
- Slide 24
- All rights reserved B&W Pantex 2008 Belief of HRO Accidents
can be avoided by organizational design and management i.e. Risk =
C x P is manageable Belief of NAT Accidents are inevitable in
complex and tightly coupled operations i.e. Risk = C x P is too
high 24 Control of Risk DOE reduces C by: minimizing the hazard
and/or mitigating the consequence DOE reduces P - human performance
improvement human performance error precursors barriers
- Slide 25
- All rights reserved B&W Pantex 2008 Linear interactions
Expected & familiar production or maintenance sequences
Visible, even if unplanned Simple -- readily comprehensible Complex
interactions One component can react with others outside normal
production sequence Nonlinear Unfamiliar sequences, or unplanned
and unexpected sequences not visible nor immediately comprehensible
25
- Slide 26
- All rights reserved B&W Pantex 2008 Linear interactions
Expected & familiar production or maintenance sequences
Visible, even if unplanned Simple -- readily comprehensible Complex
interactions One component can react with others outside normal
production sequence Nonlinear Unfamiliar sequences, or unplanned
and unexpected sequences not visible nor immediately comprehensible
26
- Slide 27
- All rights reserved B&W Pantex 2008 27 Complex Interactions
1 2 3 Linear Interactions 123 4 For linear interactions 4 events
lead to 4 interactions. 1 2 3 4 5 6 1 2 3 4 5 6 7 89 Complex
Interactions 1 2 3 4 5 6 7 89 10 11 12 For complex interactions, 4
events lead to 12 possible interactions. Greatly amplifies
difficulty in determining and responding to the problem.
- Slide 28
- All rights reserved B&W Pantex 2008 28 Complex interactions
not necessarily high-risk systems with catastrophic potential,
examples: Universities R&D Federal Government Also takes
another key ingredient Tight coupling
- Slide 29
- All rights reserved B&W Pantex 2008 Loosely coupled
systems: Delays possible; processes can remain in standby mode
Spur-of-the-moment redundancies and substitutions can be found
Fortuitous recovery aids possible Failures can be patched more
easily, temporary rig can be set up Tightly coupled systems:
Time-dependent processes: they cant wait or standby Reactions in
chemical plants instantaneous, cant be delayed or extended
Sequences invariant Only one way to reach production goal Little
slack; quantities must be precise, resources cant be substituted
Buffers and redundancies must be designed in, thought of in advance
29 Ever done this? Super Glue
- Slide 30
- All rights reserved B&W Pantex 2008 30 Loose Coupling Tight
Coupling
- Slide 31
- All rights reserved B&W Pantex 2008 31 Normal Accidents
Living with High-Risk Technologies, Perrow Loose