Hazard detection

This case study includes examination of ways to defend against three types of hazards:

• Hardware faults
• Mode violation (inconsistent with the primary scenario)
• Inadequate response to the alarms.

Component fault detection

The guide proposes adding resilience features for indicating hardware fault, Apparently, such indicators were not added to all the valves. In particular, it was not added to the valve that controlled the entry of water to the instrument air line.

  Guidelines for handling secondary risks

Reliability of fault indicators

  The additional components required to alert about component failure (sensors, algorithms, displays, sound alarms) are not only costly, but also risky, because they are liable to fail, providing opportunities for new kinds of incidences (as was the case with the PORV failure in the TMI accident).

  Guidelines about reducing the system complexity

Detecting faults in the fault indicators

  Fault indicators are liable to fail, and it is important to notify the operators when this happens. It is important to distinguish between the case of component failure and that of indicator failure. The guide recommends adding secondary indication of failure for each of the primary indicators, and provides tips for adding the secondary indicators without adding to the system complexity, by coding. Typically, when the indicator fails, it does not send signals to the control unit. Therefore, a most effective way to detect faults in the indicators is by designing the indicators such that they always send signals about the component state, whether it functions properly or not.

  Guidelines about detecting faults in the fault indicators

Detecting mode violation

  The guide proposes that the mode violation is detected in the scenario center, by checking the scenario rules, and providing immediate feedback to the operatos.

Detection mistakes

  The guide suggests that mistakes are due to insufficient specification of the possible situations

  The guide proposes that the possible situations should be analyzed and transformed into rules, stored in the Situation analyzer.

  Improper operator's actions can be detected by the activity center, as deviations from the rules specifying proper action.

  Guidelines for hazard visibility assurance

  Guidelines hazard detection

Updated on 25 Jun 2016.