PSI - Issue 48

Aleksandar Šotić et al. / Procedia Structural Integrity 48 (2023) 266 – 273 Šotić et al / Structural Integrity Procedia 00 (2023) 000 – 000

269

4

 (2018) HPP Pirot: The annual electricity production plan was realized at the beginning of April. The task of HPP Pirot is to respond to the request of the EPS (Electric Power Industry of Serbia) dispatcher. HPP Pirot has excessively released water from Zavojsko Lake.  (2021) EPS responds to the Municipality of Pirot that HPP Pirot releases water in accordance with the law. The previous statements close the circle, the reactions of the public indicate that "something" in the operation of HPP Pirot is not as it should be, while the inspection supervision of the Ministry determined that HPP Pirot was operating according to the law. In this paper, the case of the safe operation of HPP Pirot will be considered at a preliminary level, with selected details, and some supporting comments regarding the other case study, Vrutci dam and reservoir as parts of the Užice Water works will be provided at appropriate places. 2.2. Brief overview of STAMP/STPA The Systems Theoretic Accident Models and Processes (STAMP) (Leveson, 2004), as a safety analysis methodology, is based on the concept of systems theory, control theory and elements of cognitive engineering. With this methodology, the functional scheme of the system is represented by its control (management) structure, distributed over hierarchical levels. Each level of the system’s socio-technical structure carries out control over the functioning of a lower level, whose functioning and safety may be compromised due to: (1) failure of components, (2) dysfunctional interactions between components, or (3) unidentified or out-of-range environmental disturbance. Managing the system operation requires enforcing constraints on the process at a lower level, so that the system remains within the limits of safe operation. In order to be able to control the system, Ashby (1956) states that the controller must: have a goal, have a model of the system, be able to influence the system, and be able to determine the state of the system. The basic concepts of the methodology are (i) constraints, (ii) control loops and process models, and (iii) levels of control and communication. The basic control loop, shown in Figure 2, is drawn from a wider framework (Figure 3), where the entire functional and management structure of a system (i.e. hierarchical levels of a socio-technical system) is shown.

Fig. 2. Basic control loop of control theory (Leveson, 2011)

Figure 3. Schematic representation of the hierarchical levels of a system in all phases of the life cycle (upon Leveson, 2011)

Figures 2 and 3 can be interpreted that, in the system development phase, planners and designers (as controllers) form their process models (abstract mental models of the future system), and their solutions (plans and designs) are based on both data, as well as on certain assumptions and appropriate hydrological and hydraulic models. In the system operation phase, the owner and operator (as controllers) have their own models of the process taking place in the HE system (precisely, their view of the operation of the built HE system) which, as a rule, deviate from the design specifications, because they are updated by appropriate feedback (measurements, monitoring, reports, and similar).