IEC 63435:2025

IEC 63435 ®
Edition 1.0 2025-10
INTERNATIONAL
STANDARD
Nuclear facilities - Human machine interfaces - Operator support systems

ICS 27.120.20  ISBN 978-2-8327-0673-2

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC copyright
or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local
IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - IEC Products & Services Portal - products.iec.ch
webstore.iec.ch/advsearchform Discover our powerful search engine and read freely all the
The advanced search enables to find IEC publications by a
publications previews, graphical symbols and the glossary.
variety of criteria (reference number, text, technical With a subscription you will always have access to up to date
committee, …). It also gives information on projects, content tailored to your needs.
replaced and withdrawn publications.

Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published containing more than 22 500 terminological entries in English
details all new publications released. Available online and and French, with equivalent terms in 25 additional languages.
once a month by email. Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer
Service Centre: sales@iec.ch.
CONTENTS
FOREWORD . 3
INTRODUCTION . 5
1 Scope . 8
1.1 Object of this document . 8
1.2 Context leading to development of OSS . 8
1.3 Use of this document with related standards . 8
2 Normative references . 9
3 Terms and definitions . 9
4 Abbreviated terms. 11
5 Concept of OSS. 11
5.1 Purpose and role . 11
5.2 Capabilities . 12
5.3 HMI resources . 12
5.4 Classes of techniques . 13
6 OSS life cycle . 13
6.1 General . 13
6.2 Project organization . 13
6.3 Design process. 14
6.4 Training . 16
7 Analysis providing input to OSS design . 16
7.1 Needs and constraints assessment. 16
7.2 Functional analysis and assignment . 16
7.3 Task analysis . 17
7.4 Human reliability analysis . 17
7.5 Operator time response analysis . 17
7.6 Trade-off analysis . 18
8 System and functional design . 18
8.1 Fundamental functions . 18
8.2 Human factors guidelines . 20
8.2.1 General. 20
8.2.2 General design considerations . 20
8.2.3 Information display . 20
8.2.4 User control of interaction . 21
8.2.5 Modes of operation . 21
8.2.6 Collaboration and communication . 21
8.3 Safety classification . 21
8.4 Performance . 22
8.4.1 Dependability aspects . 22
8.4.2 Accuracy . 22
8.4.3 Response time. 22
8.4.4 Loss of OSS . 22
8.5 Maintainability . 23
8.6 Location . 23
9 Verification and validation of OSS . 23
9.1 General . 23
9.2 Task support verification . 23
9.3 Design verification . 24
9.4 Preliminary validation . 24
9.5 Integrated system validation . 24
Annex A (informative) Examples of OSS applications in NPPs . 25
A.1 General . 25
A.2 Safety function monitoring . 25
A.3 Task-oriented displays . 26
A.4 Intelligent alarm handling . 26
A.5 Computer-based procedures . 27
A.6 Reactor core performance monitoring . 27
A.7 Plant and main components efficiency and performance monitoring . 27
A.8 Radiation release monitoring . 28
A.9 Main transformer monitoring and diagnosis . 28
A.10 Early fault detection and diagnosis . 28
A.11 Equipment diagnosis . 29
A.12 Maintenance support . 30
Bibliography . 32

Figure 1 – IEC SC 45A standards addressing control rooms, HMI and HFE . 5
Figure 2 – The role and interface of OSS in monitoring and control . 12
Figure 3 – Design process of OSS. 15
Figure 4 – OSS functions to support cognitive activities . 19

Table 1 – Fundamental functions and their descriptions . 18
Table A.1 – OSS types and their utilization area, principal user, and plant state . 25

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
Nuclear facilities - Human machine interfaces -
Operator support systems
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) IEC draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC takes no position concerning the evidence, validity or applicability of any claimed patent rights in
respect thereof. As of the date of publication of this document, IEC had not received notice of (a) patent(s), which
may be required to implement this document. However, implementers are cautioned that this may not represent
the latest information, which may be obtained from the patent database available at https://patents.iec.ch. IEC
shall not be held responsible for identifying any or all such patent rights.
IEC 63435 has been prepared by subcommittee 45A: Instrumentation, control and electrical
systems of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. It is an
International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
45A/1608/FDIS 45A/1618/RVD
Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available
at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are
described in greater detail at www.iec.ch/publications.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under webstore.iec.ch in the data related to the
specific document. At this date, the document will be
• reconfirmed,
• withdrawn, or
• revised.
INTRODUCTION
a) Technical background, main issues and organization of the standard
This document focuses on the operator support system (OSS) used by the control room staff,
maintenance engineers and emergency response staff of mainly nuclear power plants (NPPs),
but it is also applicable to other nuclear facilities, including fuel handling and processing plants,
interim and final repositories for spent fuel and nuclear waste. OSS assists situation
assessment and decision making by improving monitoring performance and analysis capability
to enhance the safety, availability and operability of nuclear facilities. With the use of computer
technology, applications of OSS are increasing and becoming current practice.
This document is intended to be used by nuclear facility vendors, utilities, and by licensors.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
This document is a third level IEC SC 45A document tackling the generic issue of OSS of
nuclear facilities and falls under the second level standard IEC 60964 concerning control room
design.
IEC 60964 provides requirements of data acquisition and processing, display system and alarm
system of the control room. In addition, operator support functions are mentioned in 8.7.2.5 of
IEC 60964:2018, but the specific design requirements are not provided.
This document is intended to deal with the specific aspects of an OSS, as a supplementary to
8.7.2.5 of IEC 60964:2018.
Figure 1 shows the set of IEC SC 45A standards that collectively give requirements for control
rooms, human-machine interfaces (HMI) and human factors engineering (HFE).

Figure 1 – IEC SC 45A standards addressing control rooms, HMI and HFE
The documents shown on the left of Figure 1 below the "IEC 60964" box constitute the existing
set of control room (CR) and human-machine interface (HMI) design related standards and
those on the right of the figure below the "IEC 63351" box constitute the HFE related standards.
NOTE In their current editions, IEC 61771 and IEC 61839 are described as being linked to IEC 60964. Updates are
under consideration for all three documents, however, during which the descriptions of the links can be adapted to
align with that shown in the figure.
For more details on the structure of the entire IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this document
This document is applicable to the new OSS whose conceptual design will be initiated after the
publication of this document. The recommendations of this document can be used for refits,
upgrades and modifications of an existing OSS.
This document establishes functional requirements for OSS and focuses on the top-level design
considerations of OSS. It also provides the concept of OSS, as well as the design process
following the human factors engineering (HFE) programme, the human factors guidelines and
the verification and validation (V&V) requirements for OSS design. It does not provide detailed
guidance on functional analysis and assignment, task analysis and human machine interface
design. The system development and human performance monitoring in operational phases are
out of the scope of this document. The requirements and recommendations given in the
document would apply for OSS applications and OSS types that are not yet specifically
mentioned in the document.
To ensure that this document will continue to be relevant in the future years, the emphasis has
been placed on issues of principle, rather than on specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships with
other IEC documents and other bodies documents (IAEA, ISO)
The IEC SC 45A standard series comprises a consistent set of documents organised in a
hierarchy of four levels. The top-level documents of the IEC SC 45A standard series are
IEC 61513 and IEC 63046, covering respectively general requirements for instrumentation and
control (I&C) systems and general requirements for electrical power systems of NPPs.
IEC 61513 and IEC 63046 adopt an overall system life-cycle framework and constitute, along
with the relevant second-level standards, the nuclear implementation of the basic safety series
IEC 61508.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general
requirements for specific topics, such as categorization of functions and classification of
systems, qualification, separation, defence against common cause failure, control room design,
electromagnetic compatibility, human factors engineering, cybersecurity, software and
hardware aspects for programmable digital systems, coordination of safety and security
requirements and management of ageing.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by IEC 63046
are standards related to specific requirements for specific equipment, technical methods, or
activities. Usually, these documents refer to second-level documents for general requirements
and can be used on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical Reports
which are not normative.
The IEC SC 45A standards series consistently implements and details the safety and security
principles and basic aspects provided in the relevant IAEA safety standards and in the relevant
documents of the IAEA nuclear security series (NSS). In particular this includes the IAEA
requirements SSR-2/1 , establishing safety requirements related to the design of nuclear power
plants (NPPs), the IAEA safety guide SSG-30 dealing with the safety classification of structures,
systems and components in NPPs, the IAEA safety guide SSG-39 dealing with the design of
instrumentation and control systems for NPPs, the IAEA safety guide SSG-34 dealing with the
design of electrical power systems for NPPs, the IAEA safety guide SSG-51 dealing with human
factors engineering in the design of NPPs and the implementing guide NSS42-G for computer
security at nuclear facilities. The safety and security terminology and definitions used by the
SC 45A standards are consistent with those used by the IAEA.
IEC 61513 and IEC 63046 refer to ISO 9001 as well as to IAEA GSR Part 2 and IAEA GS-G-3.1
and IAEA GS-G-3.5 for topics related to quality assurance (QA).
At level 2, regarding nuclear security, IEC 62645 is the entry document for the IEC SC 45A
security standards. It builds upon the valid high-level principles and main concepts of the
generic security standards, in particular ISO/IEC 27001 and ISO/IEC 27002; it adapts them and
completes them to fit the nuclear context and coordinates with the IEC 62443 series. At level 2,
IEC 60964 is the entry document for the IEC SC 45A control rooms standards, IEC 63351 is the
entry document for the human factors engineering standards and IEC 62342 is the entry
document for the ageing management standards.
NOTE IEC TR 63400 provides a more comprehensive description of the overall structure of the IEC SC 45A
standards series and of its relationship with other standards bodies and standards.

1 Scope
1.1 Object of this document
This document specifies the characteristics of operator support systems (OSS) used by the
control room staff, maintenance engineers and emergency response staff, establishes general
principles for OSS life cycle and requirements for OSS design following the human factors
engineering (HFE) programme. This document also gives the human factors guidelines and the
verification and validation (V&V) requirements for OSS design.
This document is applicable to new nuclear facilities whose conceptual design is initiated after
the publication of this document but it can also be used for designing OSS in existing nuclear
facilities.
1.2 Context leading to development of OSS
Enhancing safety, optimizing operator workload and increasing nuclear facility availability have
always been greatly valued aims which, during nuclear facility operation, rely largely on the
operating staff and on OSS.
In addition, the use of computer technology to provide operator support functions and a
database of operation and maintenance for the operating staff and for teams and individuals
outside of a nuclear facility, on-line and/or off-line, is increasing and becoming current practice.
This can be done as diagnosis and guide formats both in normal operation and abnormal
conditions. When properly implemented and kept up to date, such OSS can provide enhanced
support for greater safety and effectiveness of operation and maintenance of nuclear facilities.
1.3 Use of this document with related standards
This document is intended to deal with aspects that are specific to OSS, as supplementary to
the operator support function specified in IEC 60964. For functional design criteria of safety
parameter display functions, see also IEC 60960; and for requirements of computer-based
procedures (CBP), see also IEC 62646.
In order to design OSS efficiently and properly, some important considerations are addressed
in the following related standards:
a) Control rooms design
– IEC 60964 provides requirements and recommendations for the design of control rooms.
b) Human factors engineering (HFE)
– IEC 63351 provides management of HFE programme, task analysis (TA) and human
machine interface (HMI) design guidance.
c) Functional analysis and assignment (FA&A)
– IEC 61839 gives rules for developing criteria for the functional assignment to either
operators or systems.
d) Human factors design guidelines
– IEC 61772 provides guidance on physical implementation of visual display units (VDUs),
display formats, and implementation into the main control room (MCR);
– ISO 11064-1, ISO 11064-4 and ISO 11064-5 provide guidance on human-centered
design activities throughout the life cycle of a computer-based interactive system.
e) Verification and validation (V&V)
– IEC 61771 provides guidance on V&V of the design of control rooms.
This document assumes simultaneous considerations of the requirements for:
– cybersecurity, which is in compliance with IEC 62645,
– categorization and classification, which are in compliance with IEC 61226,
– safety life cycle aspects, which are in compliance with IEC 61513, IEC 60880, IEC 62138
and IEC 60987 depending on the safety classification of OSS.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 61226, Nuclear power plants - Instrumentation, control and electrical power systems
important to safety - Categorization of functions and classification of systems
IEC 63351:2024, Nuclear facilities - Human factors engineering - Application to the design of
human machine interfaces
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1
control room staff
group of plant personnel stationed in the control room, which is responsible for achieving the
plant operational goals by controlling plant through human machine interfaces
Note 1 to entry: Typically, the control room staff consists of supervisory operators, and operators who actually
monitor plant and plant conditions and manipulate controls but also can include those staff members and experts
who are authorized to be present in the control room, e.g. during long lasting event sequences.
[SOURCE: IEC 60964:2018, 3.4]
3.2
emergency response staff
group of plant personnel stationed in the emergency response centre, which is responsible for
managing the overall response to the emergency and for handling the off-site interfaces
3.3
high-level mental processing
human act to process and/or interpret information to obtain reduced abstract information
[SOURCE: IEC 60964:2018, 3.15]
3.4
integrated system validation
ISV
evaluation using performance-based tests to determine whether an integrated system design
(e.g., hardware, software, procedures, staffing) meets performance requirements and supports
the plant's safe operation
[SOURCE: IEC 63351:2024, 3.5.4]
3.5
local operators
operating staff that perform tasks outside the control room
Note 1 to entry: The term "field operators" can also be used for these staff.
[SOURCE: IEC 60964:2018, 3.21]
3.6
operating procedures
set of documents specifying operational tasks it is necessary to perform to achieve functional
goals
[SOURCE: IEC 60964:2018, 3.22]
3.7
operator support system
OSS
system(s) supporting the high-level mental information processing tasks assigned to the control
room staff, local operators, maintenance engineers and emergency response staff
Note 1 to entry: The term extends the definition of operator support system (OSS) in IEC 60964 to include the
systems supporting local operators, maintenance engineers and emergency response staff.
Note 2 to entry: OSS can offer control functionality in very rare cases, e.g., Family 3 CBP in IEC 62646.
3.8
situation awareness
dynamic process of perception and comprehension of the plant’s actual condition in order to
support the ability of individuals and teams to predict the future conditions of systems
Note 1 to entry: The degree of situation awareness corresponds to the difference between the understanding of
plant conditions and the actual conditions at any given time.
[SOURCE: IAEA Nuclear Safety and Security Glossary, 2022 (Interim) Edition]
4 Abbreviated terms
CBP Computer-based procedures
CR Control room
DNBR Departure from nucleate boiling ratio
EUR European Utility Requirements for LWR Nuclear Power Plants
FA&A Functional analysis and assignment
HFE Human factors engineering
HMI Human machine interface
I&C Instrumentation and control
IAEA International Atomic Energy Agency
ISV Integrated system validation
LOCA Loss of coolant accident
LPD Linear power density
LWR Light water reactor
MCR Main control room
NPP Nuclear power plant
OSS Operator support system
SPDS Safety parameter display systems
TA Task analysis
V&V Verification and validation
VDU Visual display unit
5 Concept of OSS
5.1 Purpose and role
OSS aims to enhance safety, increase availability and productivity, relieve human workload to
an optimized level, reduce human error and promote user satisfaction. To achieve this, OSS
employs a collection of technologies to assist users in performing high-level mental processing
tasks, normally involving human cognitive activities such as monitoring and detection, situation
assessment, response planning and response execution.
The basic computerized operation system provides pertinent operating parameters and plant
status indicators together with automation and control systems and protection systems for
operators to perform many routine tasks. For tasks or circumstances where complicated human
cognitive activities are needed, OSS is capable of guiding and supporting users to make
strategic decisions by providing high-level information during both normal and abnormal
operation. In case of OSS failure or total loss, the basic computerized operation system is
responsible to provide the information for controlling the plant in all states required. The role
and interface of OSS in monitoring and control, and the users of OSS are shown in Figure 2.
OSS may exist in forms of multiple subsystems or applications, such as advanced alarm
systems, computer-based procedure (CBP) systems, and safety parameter display systems
(SPDS) in NPPs. The HMIs of OSS applications may be integrated into/or independent from the
HMI of the basic computerized operation system.
Figure 2 – The role and interface of OSS in monitoring and control
5.2 Capabilities
In general, OSS produces high-level information to facilitate mental processing by applying
sophisticated analysis capabilities including:
• monitoring the plant processes and other parameters, and predicting values of process
parameters based on a process model,
• calculating signals and values that cannot be measured, such as characteristic properties
of the monitored system,
• performing diagnosis based on logic and a model of some sort,
• predicting states of the plant and its systems based on computing the reaction of the plant
process to the considered future actions of the user,
• recommending the response strategies and user actions for the plant operation and
maintenance based on logic and a model of some sort.
5.3 HMI resources
HMI resources of OSS consist of information displays, computer-based procedures, alarms and
an interactive user interface. A given OSS application can contain some but not all of these HMI
resources.
5.4 Classes of techniques
OSS information processing techniques can contain data-driven, analytical, and knowledge-
based approaches employed to generate sophisticated analysis capabilities.
Data-driven techniques derive models directly from process data, without relying on predefined
mathematical models or first principles, and can handle large complex systems. Data-driven
techniques require a large volume of training data and tutoring activities to improve proficiency
of the OSS algorithms.
Analytical techniques are based on consistency checks between plant (on-line) data and
mathematical models, typically derived from first principles. Analytical techniques require
accurate quantitative models based on first principles, which might not always be readily
available for complex systems.
Knowledge-based methods are based on causal modelling, qualitative modelling, expert
knowledge acquisition, and pattern recognition techniques.
Hybrid techniques also exist and may be applied to a given OSS application.
6 OSS life cycle
6.1 General
The whole OSS life cycle is from the project organization to the OSS maintenance and the
operator training, including OSS system and functional design, detailed design and
implementation, integration, installation and commissioning, operation and maintenance.
This clause focuses on OSS system and functional process. The requirements of the other parts
of the system life cycle are not within the scope of this clause, and for these, reference may be
made to IEC 61513.
6.2 Project organization
A project organization for OSS development consists of the I&C, HMI, HFE, operating strategies,
software and hardware engineering aspects. The first task should be to organize a project team
with all necessary competences and to identify a decision committee.
The project team should take responsibility for:
• design of OSS,
• implementation of OSS design,
• integration and commissioning of OSS, and
• verification and validation of OSS.
The project team should include the following participants:
• I&C engineers,
• plant process engineers,
• human factors specialists,
• computer engineers,
• safety analysts,
• quality assurance specialists, and
• end users.
End users should be involved in the design process from an early stage in order to correctly
specify their needs and to facilitate future acceptance of the system. The areas in which the
end users should participate include the following:
• the analysis of the need for OSS applications,
• the definition of HMI requirements for OSS applications,
• the human factors V&V of OSS, e.g., preliminary validation and integrated system validation
(ISV).
6.3 Design process
As a human interaction system, OSS design shall consider HFE throughout the entire process
from an early stage. Referring to the HFE process in IEC 63351, the OSS design process mainly
includes the following stages, as shown in Figure 3:
• analysis providing input to OSS design (see Clause 7),
• functional design of OSS (see Clause 8),
• HMI design of OSS applications,
• human factors V&V of OSS (see Clause 9),
• human performance monitoring in OSS operation.
The OSS application requirements shall be identified from operating experience review, FA&A,
TA and trade-off analysis, with particular attention to criteria relating to cognitive activities. The
OSS application requirements shall be formalized into the requirements of OSS fundamental
functions and the requirements of the HMI design for OSS applications.
Figure 3 – Design process of OSS
6.4 Training
Appropriate training shall be planned to ensure efficient utilization of OSS by end users to
perform their tasks. The training plan should be based on the analysis of the interactions
between the end user and the system in order to:
• familiarize the end user with the system operation, including its limitations,
• help the end user effectively use the system,
• familiarize the end user with the system fault modes and their recovery means, and
• facilitate the acceptance of the system by the end users.
An engineering simulator or even a full-scope simulator may be used for training purposes.
Provisions should be made to collect feedback of experience and to capitalize on it for further
use, e.g., to upgrade OSS and to improve end user training. Gathering the feedback of
experience should take place from the onset of the project.
7 Analysis providing input to OSS design
7.1 Needs and constraints assessment
The needs for OSS functions might arise from various sources such as accident analysis, end
user needs, and technical maturity readiness. They should be documented and fed to the design
analysis while taking due regard of:
• operating experience review,
• regulatory requirements and safety significance,
• technical feasibility, and
• risks to the safety and security of the facilities caused by OSS functions.
The needs for OSS capabilities could focus on reducing the human performance deficiencies
including:
• lack of monitoring and cross-checking of critical indicators,
• control room staff distracted by ongoing control room activities and failing to maintain
oversight,
• weaknesses in worker knowledge, and more specifically in understanding the bases of
procedures, systems and components, and integrated facility operations, and
• low risk awareness, particularly in off-normal facility conditions.
7.2 Functional analysis and assignment
The functional analysis activity of generic nuclear facility design process generates a function
assigned to machine, humans or as a shared function between the two agents. A methodology
for carrying out this activity is given in IEC 61839. For NPPs, the functions at this level are
normally the system levels ones which are requisites for either safety or power generation
purposes, e.g., the reactor coolant injection function, boron makeup function or manual reactor
trip initiation function.
Functions assigned to humans are manual control, monitoring, and high-level mental
processing tasks. High-level mental processing tasks and monitoring tasks from FA&A can be
supported by OSS. However, from the wider socio-technical perspective, OSS might not always
provide net benefits. The wider socio-technical trade-off, such as job satisfaction, motivation
and workload from a social perspective and usability, functionality, and reliability of tools and
equipment from a technical perspective, should be considered. This is to assess whether OSS
is a solution for optimizing the interaction between people, work environment and technology
to achieve a harmonious and effective system.
7.3 Task analysis
The functions assigned to humans are termed as tasks. Analysis is conducted of these tasks to
derive information for further design, e.g., HMI design, staffing and qualification, procedure
development and training program development. For the purpose of OSS development, TA
should target at exploring the possible functionality with which OSS can aid mental processing,
while taking account of that:
• each step is individually detailed enough to capture the automation input and processing
requirement;
• overall results can serve as the basis of OSS use cases, operating scenarios, task support
verification and ISV.
TA produces OSS task descriptions including three major categories of OSS application
requirements which serve as the input and basis for OSS design:
• information requirements, including alarms and alerts, performance parameters, and
feedback needed,
• decision-making requirements, including decision type and complexities (for example,
evaluation of non-linear relationships among scenarios which are not exhaustively
analysed), and evaluation to be performed, and
• response requirements, including task criticality rating, type of action, concurrent tasks, task
frequency, task accuracy, consequence of inaccurate/incorrect performance, time
constraints, time required, physical position, and communications.
7.4 Human reliability analysis
OSS functions can contribute to operator tasks which are subject to reliability targets (e.g.,
emergency operation of the plant) or judged as critical for plant operation. For those functions:
• human reliability targets should be identified,
• system reliability requirements for the related functions should be formulated,
• system reliability and influence on human reliability should be analysed, and the identified
weaknesses should be analysed, safeguarded and mitigated.
7.5 Operator time response analysis
For safety related functions (tasks) which are assigned to humans, their response time limits
are prescribed from safety analysis. Those tasks shall be demonstrated to be executed within
the response time limitation. The demonstration should also show that, in the event of
unavailability or failure of OSS, there is a sufficient time margin for the tasks to be performed
using the HMl of the basic computerized operation system.
The activities in which OSS is used to complete the safety related functions should undergo
timeline analysis to formulate the OSS response time requirements. This is to ensure that the
OSS has no negative impacts on the execution of the operator tasks. The total time required
for collaboration between operators and OSS to complete tasks should be within their response
time limits.
7.6 Trade-off analysis
Alternative OSS design solutions (e.g., integrated into the existing I&C systems or not,
techniques used and geographic locations) might be conceived. For this regard, trade-off
analysis should be carried out while considering:
• cost-benefits,
• techniques risks (e.g., maturity, security, compatibility),
• human factors implication,
• utilization of existing facilities versus new procurement, and
• impact on commissioning, test and maintenance.
8 System and functional design
8.1 Fundamental functions
To assist the end user in performing the human cognitive activities, the following fundamental
functions are expected to be considered when specifying OSS:
• monitoring;
• detection;
• validation;
• diagnosis;
• prediction;
• mitigation;
• recovery.
The descriptions of these fundamental functions are shown in Table 1.
Table 1 – Fundamental functions and their descriptions
Fundamental functions Description
Monitoring both functional and physical status of plant, process and system to
detect off-norma
...