ABSTRACT
The easiest way to identify HFE (Human Failure Event) is to define a failure for each omission of important actions in the EOPs (Emergency Operating
if EOPS were perfect, they all that is to do and all that is not to do for each emergency situation. For example “start the pump X”, or “do not stop pumpY”. Then, all failures could be defined as an omission of a prescribed action (or “non action”). The reality is that such procedures do not exist, and there is no easy way to screen all possibilities of failure that are not deductible from the description of the expected behavior in the EOPs. Then during real event, analysts discover very often ways to fail that has not been imagined. Three-Mile-Island accident was the first surprise (Le Bot, 2004): operators stopped the Safety Injection, that means deactivated a required safety function (since they do not have isolated the pressurizer relief valve). Sure enough they stopped the SI in order to maintain the integrity of the primary circuit.
