The HSI in older NPPs has always been a reasonably complex system, but it was possible to describe it in fairly simple terms as consisting of control boards, panels, gauges, controls and alarm annunciators. However, with increasing automation

and availability of digital I&C systems, the HSI in newer NPPs has also become progressively more complex. The HSI is now a system with many functions, components and interfaces to other systems and environments. Even a superficial review of its many components will show that the HSI is in fact not only a hierarchy of high — and low-level components, but many of the components at the same level are linked in some way. It is also possible to describe this structure from different viewpoints, depending upon, for example, whether it is a safety — or non-safety-related system, whether it is used in operations or in maintenance, and so on. It is also possible to describe it as either an abstract functional or a physical structure.

Because it is easy to get lost in this complexity, an HSI architecture or taxonomy is proposed to guide I&C designers and human factors engineers in their analyses and designs. The easiest way to do this is to provide a reference table that illustrates the various levels of the HSI architecture and the relationships between them.

Tables 7.1 and 7.2 illustrate the distinction between the functions of the HSI and its physical architecture. The physical architecture consists of the concrete components, which include the operating environment (control rooms and other workspaces described in Section 7.7) and all the hardware within it. These physical components in turn make it possible for the operating crew to perform all tasks in the work environment. All of these components could be broken down to several levels of decomposition.

The taxonomy also indicates the operator task support components and functions. The implementation of such functions is a subsystem that does not exist in current NPPs, but it is included here because it is likely to be an important area of research and development over the next 10-20 years.

The physical HSI architecture includes the physical workspaces (control rooms and other work areas) and the devices within those areas. Table 7.2 shows first the typical structure of the MCR with the HSI contained within it, and then the other areas where humans may interact with a range of devices. Note that the ‘Safety provisions’ and ‘Environmental Control’ for the remote shutdown facility in Table 7.2 include provisions for habitability and survivability, such as battery backed-up HVAC, communications and personal protection equipment (PPE). The table does not show lower-level components for the outage management centre, engineering room, TSC and EOF, but they are listed to indicate other areas outside the MCR that operators interact with during different operational, maintenance and emergency conditions (see also Section 7.7).

As mentioned before, this architecture is not definitive and could be structured and described in a number of different ways. This is presented as a starting point for engineers and designers involved in the definition of I&C and HSI requirements.