Qualitative cause-defense matrices: Engineering tools to support the analysis and prevention of common cause failures

Abstract Much progress has been made over the years in the area of common cause failure (CCF) analysis, including the development of both qualitative and quantitative analysis methods. Until now, however, CCF methodologies have not explicitly and systematically accounted for the impact of plant-specific defenses, such as design features and operational and maintenance policies, that are in place to reduce the likelihood of failure occurrences at nuclear power plants. Since plant-specific defenses generally have different impacts on different types of causes of failure, the beneficial effects of defenses must be considered separately for each type of cause. A cause-defense matrix is a very convenient tool for presenting these impacts. This paper discusses qualitative cause-defense matrices and the projected advantages of their use. Once developed these matrices may be used by analysts to help perform comprehensive analyses of common cause failures (CCFs) for any nuclear power plant. To truly account for design features and operational and maintenance policies, however, these matrices need to be detailed and, therefore, need to be developed for individual component types, accounting for variations in the design of components within a component type and variations in the way components are tested, maintained, and operated at different plants. Although the matrices discussed here are qualitative, they are, as illustrated through an example in this paper, useful in quantitative CCF analysis as well, regardless of the quantitative method that is used.