The Weekly Reflektion Week 46 / 2019

10. November 2019

This week we are reflecting over the design of a facility, the potential actions that could be taken by the people involved in the operation of that facility and how that affects the ‘mind set’ for the safety of the operation.

Do we know how the operators will react in a difficult situation? What is our ‘mind set’ with regards to the safe operation of our facilities?

The Three Mile Island incident on 28^th March 1978 led to a partial meltdown of the TMI-2 reactor. The incident started with a blockage in the filters cleaning the secondary loop cooling water. The actions taken by the operators led to resin from the filters entering the instrument air system that caused the condensate and main feedwater pump to trip that in turn led to a turbine trip. Control rods were inserted into the reactor to halt the nuclear reaction and auxiliary water pumps started automatically. Unfortunately, the outlet valves from these pumps had been closed due to maintenance and no water reached the reactor. The high pressure in the steam generator activated a pilot-operated relief valve to relieve the pressure. This valve failed to close when the pressure was relieved due to a mechanical fault. The indicator for the valve was however taken from a solenoid on the pilot, and this showed the valve as closed in the control room. The open relief valve allowed the water in the system to escape and led to the high temperature that caused the partial meltdown. The incorrect relief valve position confused the operators in their fault finding and partially explained their failure to respond before the meltdown.

Quote from the President’s Commission on the Accident at Three Mile Island

We are convinced that if the only problems were equipment problems, this Presidential Commission would never have been created. The equipment was sufficiently good that, except for human failures, the major accident at Three Mile Island would have been a minor incident.
But wherever we looked, we found problems with the human beings who operate the plant, with the management that runs the key organization, and with the agency that is charged with assuring the safety of nuclear power plants.
In the testimony we received, one word occurred over and over again. That word is “mindset.” At one of our public hearings, the director of Nuclear Regulatory Commission (NRC) Division of Systems Safety, used that word five times within a span of 10 minutes. For example: “I think [ the] mindset [was] that the operator was a force for good, that if you discounted him, it was a measure of conservatism.” In other words, they concentrated on equipment, assuming that the presence of operators could only improve the situation — they would not be part of the problem.
After many years of operation of nuclear power plants, with no evidence that any member of the general public has been hurt, the belief that nuclear power plants are sufficiently safe grew into a conviction. One must recognize this to understand why many key steps that could have prevented the accident at Three Mile Island were not taken. The Commission is convinced that this attitude must be changed to one that says nuclear power is by its very nature potentially dangerous, and, therefore, one must continually question whether the safeguards already in place are sufficient to prevent major accidents. A comprehensive system is required in which equipment and human beings are treated with equal importance.

The ‘mindset’ that the technical systems as designed are satisfactory and that the people will only improve the situation fails to recognise the fallibility and limitations of people, both in the design and in the operation. The confirmation of the ‘mindset’ by the fact that nothing untoward has happened yet potentially leads to an unacceptable complacency.

Do you have processes that have focus on both the technical systems and the people and how they may interact with each other?

Have you reflected on what your ‘mindset’ regarding safe operation of your facilities actually is?