ABSTRACT
Nuclear power plants have redundancy and diversity designed into them in accordance with the defense-in-depth philosophy. As a result, several defenses must be breached in order to defeat their safety systems. We have found, in agreement with others analyzing significant incidents, that such incidents are the result of several different breakdowns occurring simultaneously, or within a short time interval (Barriere et al., 1998; Reason,
1990; Reason, 1997; Embrey, 1992). Typically, such incidents involve an initiating event, and one or more equipment failures, coupled with an operator error(s).
