2020-05141. Recommendation 2020-01

AGENCY:

Defense Nuclear Facilities Safety Board.

ACTION:

Notice; recommendation.

SUMMARY:

The Defense Nuclear Facilities Safety Board has made a Recommendation to the Secretary of Energy concerning the Department of Energy's regulatory framework to ensure adequate protection of public health and safety at defense nuclear facilities. Pursuant to the requirements of the Atomic Energy Act of 1954, as amended, the Defense Nuclear Facilities Safety Board is publishing the Recommendation and associated correspondence with the Department of Energy and requesting comments from interested members of the public.

DATES:

Comments, data, views, or arguments concerning the recommendation are due on or by April 13, 2020.

ADDRESSES:

Send comments concerning this notice to: Defense Nuclear Facilities Safety Board, 625 Indiana Avenue NW, Suite 700, Washington, DC 20004-2001. Comments may also be submitted by email to comment@dnfsb.gov.

FOR FURTHER INFORMATION CONTACT:

Tara Tadlock at the address above or telephone number (202) 694-7000.

SUPPLEMENTARY INFORMATION:

Recommendation 2020-01 to the Secretary of Energy

Nuclear Safety Requirements, Pursuant to 42 U.S.C. 2286a(b)(5), Atomic Energy Act of 1954, as Amended

Introduction. The Department of Energy's (DOE) defense nuclear facilities and associated infrastructure are aging, but DOE will continue to use many of the facilities and much of the infrastructure for the foreseeable future. Consequently, the safety systems and features that were designed into the buildings or installed during construction are also aging. At the same time, DOE is proposing, designing, and building new defense nuclear facilities to support its continued mission. DOE needs to maintain a robust safety posture and strong regulatory framework to ensure that both its aging facilities and infrastructure and its new facilities provide adequate protection of public health and safety. DOE will need clear requirements and guidance for its staff to follow and enforce.

Background. DOE Policy 420.1, Nuclear Safety Policy, states, “It is the policy of the Department of Energy to design, construct, operate, and decommission its nuclear facilities in a manner that ensures adequate protection of workers, the public, and the environment.” Title 10 Code of Federal Regulations (CFR) 830, Nuclear Safety Management, provides a foundation of requirements upon which DOE relies to ensure adequate protection of workers, the public, and the environment. With this rule, DOE has developed a robust regulatory framework—including orders, guides, and standards—to provide the requirements and guidance for the safe design, construction, operation, and decommissioning of its defense nuclear facilities.

10 CFR 830 captures the fundamental requirements for nuclear safety management to ensure contractors perform work “with the hazard controls that ensure adequate protection of workers, the public, and the environment.” DOE provides additional requirements in orders and standards. These additional requirements may be imposed on contractors by reference in regulations or by contract. DOE also provides non-mandatory guidance in guides, handbooks, and manuals.

In its initial Notice of Proposed Rulemaking creating 10 CFR 830,^[1] DOE noted:

The [Price-Anderson Amendments Act of 1988], coupled with DOE efforts to improve the assurance of safety in its nuclear operations, led DOE to conclude that basic DOE nuclear safety requirements should be established through rulemaking. These requirements would revise and supplement the existing requirements, and in particular, establish specific requirements for applicable DOE Start Printed Page 14659nuclear facilities and provide a structured means for measuring the adequacy of the implementation and compliance on a facility-specific basis. Compliance would be measured against specific requirements and against provisions of programs required by these requirements and approved by DOE.

As specified in its enabling legislation, the first function of the Defense Nuclear Facilities Safety Board (Board) is to “review and evaluate the content and implementation of the standards relating to the design, construction, operation, and decommissioning of defense nuclear facilities of the Department of Energy (including all applicable Department of Energy orders, regulations, and requirements) at each Department of Energy defense nuclear facility.” ^[2] Since its creation, the Board has provided several recommendations that focus on creating a standards-based safety management system for DOE's defense nuclear facilities. DOE issued a notice of proposed rulemaking for 10 CFR 830 in August 2018. In this recommendation, the Board recommends to the Secretary of Energy specific measures that DOE should retain or adopt as requirements in its regulatory framework, including 10 CFR 830 and associated orders and standards, to include the implementation thereof, to ensure that public health and safety are adequately protected.

The Board notes a fundamental principle of responsibility and delegation in Recommendation 2004-1, Oversight of Complex, High-Hazard Nuclear Operations:

In any delegation of responsibility or authority to lower echelons of DOE or to contractors, the highest levels of DOE continue to retain safety responsibility. While this responsibility can be delegated, it is never ceded by the person or organization making the delegation. Contractors are responsible to DOE for safety of their operations, while DOE is itself responsible to the President, Congress, and the public.^[3]

DOE is responsible for designing, constructing, operating, and decommissioning its defense nuclear facilities in a manner that ensures adequate protection of the public. Therefore, DOE prescribes the requirements for its operating contractors to follow and implement, approves the facilities' safety bases,^[4] and oversees compliance through line management and independent oversight.

Analysis

Aging Infrastructure—When DOE first issued 10 CFR 830, the majority of its defense nuclear facilities were already a few decades old, and DOE had launched an effort to construct new facilities to replace them. The Replacement Tritium Facility at the Savannah River Site (now known as Building 233-H) is an example. However, nearly three decades after construction and startup of the replacement facility, DOE continues to rely on some older facilities to support its tritium operations, and will continue to do so for the indefinite future.

Similarly, DOE has embarked upon the design and construction of the Uranium Processing Facility at the Y-12 National Security Complex, but intends to operate two associated 50-plus year old facilities for another several decades to support its production commitments for national security purposes. Also, the time from concept to startup of a new defense nuclear facility has increased dramatically in recent years, placing further emphasis on the need for continued operation of aging facilities.

As facilities age, concerns develop over whether DOE can still safely operate and maintain them. Safety structures, systems, and components may degrade and not be able to reliably perform their safety functions. Older facilities continue to update their safety bases to comply with 10 CFR 830 without ensuring the reliability of safety systems, comprehensively evaluating the need for refurbishment or replacement of those systems, reconsidering the design or integrity of structures, or conducting a backfit analysis of equipment important to safety. Aging impacts are especially concerning for passive features (e.g., facility structures and fire walls) that are not required to be surveilled to ensure they can perform their safety function. While DOE performs some upgrades and retrofits at aging facilities, it lacks a formal, complex-wide regulatory structure for identifying and performing upgrades necessary for the adequate protection of public and workers.

In addition, as the infrastructure supporting safety systems (e.g., utilities and site services) ages, the supporting infrastructure may also degrade and impact the reliability of safety systems. DOE has taken action to address specific issues at particular sites, such as the Extended Life Program (ELP) at Y-12. However, the Board's concerns about aging infrastructure extend across the complex. Efforts such as the Y-12 ELP are laudable, but a much more systematic approach is required to address the needs across the complex. The Board has previously communicated its concerns regarding age-related degradation of infrastructure.

In a 2018 report,^[5] DOE's Infrastructure Executive Committee noted that deferred maintenance had increased by 25 percent between 2013 and 2017 to a total of $5.9 billion dollars for operational facilities. Also, the report noted that 17 of the Department's 79 core capabilities ^[6] were potentially at risk due to inadequate infrastructure, including 5 core capabilities related to defense nuclear facility infrastructure and operation.

The Administrator for the National Nuclear Security Administration (NNSA) recognized the challenges NNSA faces with regards to its aging infrastructure in her April 11, 2018, testimony to the Subcommittee on Energy and Water Development Senate Committee on Appropriations, “NNSA's infrastructure is in a brittle state that requires significant and sustained investments over the coming decade to correct. There is no margin for further delay in modernizing NNSA's scientific, technical, and engineering capabilities, and recapitalizing our infrastructure needed to produce strategic materials and components for U.S. nuclear weapons.”

In addition to financial investment, a strong regulatory framework is needed to manage aging infrastructure investments and priorities. Accordingly, the Board believes that DOE needs to review its priorities and establish department-level policy and guidance for managing aging infrastructure.

Hazard Categories—In 10 CFR 830, DOE applies a graded approach to the preparation of the safety basis for defense nuclear facilities, provides the criteria to be used for such gradation, and defines three Hazard Categories grouped by the significance of their consequences to different receptors (i.e., offsite/public, onsite/collocated workers, and local/facility workers). In its proposed revision to 10 CFR 830, Start Printed Page 14660DOE proposes to delete the specific definitions of Hazard Categories and replace them with a generic definition in the future.

If it removes the Hazard Category definitions from 10 CFR 830 and the rulemaking process, DOE fundamentally undermines important nuclear safety processes established in the rule. Hazard categorization is an important aspect of 10 CFR 830 because the process determines what safety basis requirements are applicable to a facility. When combined with the lack of an aging management program, this could enable contractors to increase the radiological hazards present in an aging facility without an adequate understanding of the ability of the facility's safety structures, systems, and components to control the higher level of risk.

DOE Approvals—Both DOE and the Board have observed that the current requirement for updating a facility's documented safety analysis on an annual basis has been problematic at some defense nuclear facilities with complex activities. This is compounded when DOE and its contractors defer correcting known deficiencies until the next annual update instead of correcting the deficiencies within the current cycle. The Board also has observed situations where there have been multiple “review iterations” by the contractors and their DOE approval authorities. This could be a sign of disagreement between DOE and its contractor, or the lack of adequate technical quality or content in the safety basis documents submitted to DOE for approval. Difficulties in the annual update process also could indicate that DOE's contractors are not implementing the unreviewed safety question (USQ) process consistent with DOE requirements.

The Notice of Rulemaking does not provide an analysis of the problems that DOE is attempting to address, so it is not clear that DOE's proposed change to remove the requirement for DOE to approve annual documented safety analysis (DSA) updates is an effective solution. Removal of this requirement also complicates DOE's ability to ensure the configuration of the facility, the processes, and the documentation, and to evaluate the cumulative impact of temporary or permanent changes on the safety of the facility. The lack of an annual approval process could result in increasing latent risks as facilities and infrastructure age, due to the reduced frequency of DOE's approval of the evaluation of the reliability of their safety structures, systems, and components. As the Board noted in Recommendation 2004-1, “Contractors are responsible to DOE for safety of their operations, while DOE is itself responsible to the President, Congress, and the public.”

Safety Basis Process and Requirements— 10 CFR 830 captures the fundamental requirements for nuclear safety management to ensure contractors perform work “with the hazard controls that ensure adequate protection of workers, the public, and the environment.” DOE provides additional requirements in orders and standards. These additional requirements may be imposed on contractors by reference in regulations or by contract. DOE also provides non-mandatory guidance in guides, handbooks, and manuals.

DOE uses a number of processes for implementing an approved safety basis. The USQ process determines the approval authority for proposed changes to DSAs. Technical safety requirements (TSR) ensure that important operating parameters are maintained, and that safety structures, systems, and components are available and able to perform their defined safety functions under all types of conditions. Specific administrative controls (SACs) are higher level administrative controls that have safety importance equivalent to engineered controls that would be classified as safety-class or safety-significant.

USQs, TSRs, and SACs are all very important aspects of implementing and maintaining the safety basis at defense nuclear facilities. However, DOE does not provide specific implementation requirements in its regulatory framework, including 10 CFR 830, for contractor implementation of USQs, TSRs, and SACs. Instead, DOE provides non-mandatory guidance for USQ and TSR implementation via guidance documents and some requirements for SACs via a standard.^[7] This lack of implementation requirements leads to inconsistent implementation across the complex. Therefore, the Board concludes DOE should incorporate specific implementation requirements for USQs, TSRs, and SACs, in its regulatory framework, including 10 CFR 830.

The attached Findings, Supporting Data, and Analysis document provides the Board's supporting analysis for this recommendation.

Conclusion. DOE needs to have a robust regulatory framework that provides sufficient structure such that both aging and new defense nuclear facilities continue to provide adequate protection of workers and the public. This recommendation is intended to strengthen DOE's regulatory framework in its current form, including DOE's orders, standards, and implementation. The Board agrees with DOE that 10 CFR 830 requires an update, but believes that the Notice of Proposed Rulemaking would actually erode the regulatory framework. DOE's nuclear enterprise has grown since the original issuance of the rule; however, DOE's regulatory framework has not been updated to include requirements for key concepts and safety control strategies upon which its defense nuclear facilities rely.

Recommendation. To ensure adequate protection at defense nuclear facilities, the Board recommends that DOE revise its regulatory framework, to include requirements in 10 CFR 830, Nuclear Safety Management, associated orders and standards, and implementation thereof, as follows:

1. Aging Infrastructure.

a. Develop and implement an approach including requirements to aging management that includes a formal process for identifying and performing infrastructure upgrades that are necessary to ensure facilities and structures, systems, and components can perform their safety functions.

2. Hazard Categories.

a. Retain qualitative definitions of hazard categories in 10 CFR 830.

b. Revise 10 CFR 830 to mandate use of a single version of Standard 1027 when performing facility hazard categorization.

3. DOE Approvals.

a. Conduct a root cause analysis to identify the underlying issues prohibiting the current safety basis approval process from working efficiently and use the findings to improve DOE's approval process.

b. Add language to the rule to explain that DOE's review of safety basis updates should consider the cumulative effect of changes to the safety basis.

c. Revise the body of 10 CFR 830, Subpart B, to include formal DOE approval of justifications for continued operation and evaluations of the safety of a situation.

4. Safety Basis Process and Requirements.

a. Conduct a root cause analysis to identify the underlying issues prohibiting contractors from developing and submitting a documented safety analysis on an annual schedule for DOE approval and use the findings to improve the submission process.

b. While conducting the analyses in 3.a. and 4.a. above, retain the Start Printed Page 14661requirement for contractors to submit a documented safety analysis on an annual schedule for DOE approval.

c. Specify what safety basis documentation a contractor must submit when seeking approval for an action involving a USQ (proposed 10 CFR 830.203(d)).

d. Establish requirements for USQs and TSRs in 10 CFR 830 and/or orders, by elevating key guidance on USQs and TSRs to clearly identified requirements.

e. Establish requirements for and incorporate the concept of defense-in-depth and SACs and add a discussion of defense-in-depth and SACs to 10 CFR 830 under safety structures, systems, and components.

Bruce Hamilton,

Chairman.

Recommendation 2020-1 to the Secretary of Energy

Nuclear Safety Requirements

Risk Assessment for Recommendation 2020-1

This risk assessment supports the Defense Nuclear Facilities Safety Board's (Board) Recommendation 2020-1, Nuclear Safety Requirements. Board's Policy Statement 5, Policy Statement on Assessing Risk, states:

Risk assessments performed in accordance with the Board's revised enabling statute will aid the Secretary of Energy in the development of implementation plans focused on the safety improvements that are needed to address the Board's recommendations.

This recommendation identifies deficiencies with the Department of Energy's (DOE) proposed Nuclear Safety Management rule, 10 CFR 830, and with the implementation of the current rule's requirements. Subpart B of the rule, Safety Basis Requirements, applies to the highest hazard defense nuclear facilities across the complex. The application of the changes DOE has proposed will have a far-reaching impact on those facilities posing the greatest risks to worker and public health and safety.

The Secretary of Energy is required to ensure adequate protection of the public. DOE established 10 CFR 830 as a fundamental part of the Secretary of Energy's ability to ensure adequate protection. Given the weaknesses in the existing rule and further weaknesses in DOE's proposed rulemaking, the Secretary of Energy cannot consistently ensure adequate protection. Therefore this recommendation is justified and necessary.

Recommendation 2020-1 to the Secretary of Energy

Nuclear Safety Requirements

Findings, Supporting Data, and Analysis

Background. The Department of Energy (DOE) developed the first draft of Subpart B to 10 Code of Federal Regulations (CFR) part 830, Safety Basis Requirements, in the mid-1990s using subject matter expertise from the Nuclear Regulatory Commission (NRC). DOE designed its format and contents similar to NRC's 10 CFR 50, Domestic Licensing of Production and Utilization Facilities. To that end, DOE created the concept of a safety basis, which is a series of documents comprising a documented safety analysis (DSA), a technical safety requirements (TSR) document, and a safety evaluation report (SER). DOE would review and approve the contractor developed DSA and TSR documents, and issue the SER to document its review and approval.

To maintain configuration control of the DSA while allowing some operational flexibility for the contractors, DOE established the unreviewed safety question (USQ) process so that contractors could make some changes to their activities as long as the changes were within the bounds of the DOE-approved DSA. Thus, three distinct sections were created in the main body of the rule, with the USQ process dedicated to the configuration control of the DSA; and any changes to the TSR document were to be submitted to DOE for approval prior to implementation. DOE Standard 1104, Review and Approval of Nuclear Facility Safety Basis and Safety Design Basis Documents established DOE's process for its review and approval activities and the development of the SER.

DOE provided additional details on these concepts in Appendix A to Subpart B as “DOE's expectations for safety basis requirements of 10 CFR 830, acceptable methods for implementing these requirements, and criteria DOE will use to evaluate compliance with these requirements.” This concept was also modeled on NRC's issuance of appendices to “establish minimum requirements” that need to be met in order to comply with 10 CFR 50. For example, Appendix A to Part 50 provides the general design criteria and Appendix R provides fire protection requirements. Neither NRC nor DOE intended to consider the contents of an appendix to a Code of Federal Regulations section to be subject to the users' discretion. NRC provided additional detailed guidance in the regulatory guides that utilities use to comply with Part 50. Similarly, DOE provided a list of standards in Appendix A to Part 830 that contractors should use as acceptable methodologies for compliance with 10 CFR 830, Subpart B. These are known as the safe harbor standards.

Introduction. As part of the DOE's regulatory reform activities under Executive Order 13777, Enforcing the Regulatory Reform Agenda, DOE directed its Office of Environment, Health, Safety and Security,^[8] working with the Office of the General Counsel, to initiate a rulemaking to revise 10 CFR 830 to address the following areas (amongst others):

a. Regulatory Treatment of Hazard Category 3 Facilities. Differentiate the treatment of Hazard Category 2 and Hazard Category 3 nuclear facilities by developing a new subpart to 830 for Hazard Category 3 that provides an appropriate graded approach to the implementation of the requirements in 830 for both contractors and the Department.

b. Safe Harbor Standards. Table 2 of Appendix A of 10 CFR 830, Subpart B, should be removed from the rule and become a separate standard (or other mechanism) referenced in the Rule.

c. Standard 1027 (STD) Successor Document. Add the term `or successor document' to the 10 CFR 830 requirement to categorize nuclear facilities consistent with DOE STD 1027-92. The [working] Team recommends that DOE initiate a new revision to DOE STD 1027 (in addition to the existing 1027-92 revision effort) that updates the hazard categorization methodology and can be synched with the eventual revision to 830.

d. Updates to Documented Safety Analyses (DSAs). Increase the periodicity from the existing annual requirement to either 2 or 3 years; the current (arbitrary) annual requirement is problematic for complex facilities (e.g., the DOE review/approval can take several months and overlap with contractor delivery of the annual update for the subsequent year). In addition, appropriately scoped updates should not require DOE approval.

f. Unreviewed Safety Question (USQ). Set appropriate USQ approval levels, improving operational flexibility, and clarifying terminology.

g. Limiting Analyses of Chemical Hazards. Limiting the requirement for Start Printed Page 14662the analysis of chemical hazards in DSAs, unless the chemicals, for example, are an initiator to a nuclear event, or inhibit responses to nuclear events. [Note: Chemical hazards are already addressed in 10 CFR 851, Worker Safety and Health Program.]

These activities were to “result in significant improvements in efficiency and/or decrease in cost in Laboratory and DOE operations, while maintaining accountability and contractor performance standards [and] an appropriate level of DOE oversight.”

Findings. DOE issued the notice of proposed rulemaking for 10 CFR 830 in August 2018. The following paragraphs provide the Board's findings and analysis of DOE's proposed changes to 10 CFR 830, Subpart B, Safety Basis Requirements, and its referenced documents.

1. Aging Infrastructure.

DOE's memorandum that initiated the rulemaking relied on input and proposals from a working group to “identify internal DOE reforms that could result in significant improvements in efficiency and/or decrease in cost. . .while maintaining accountability and contractor performance standards.” From the working group's proposal, DOE identified several focus areas, including reform of 10 CFR 830, for further development of actions that may achieve the goal of improving efficiency and decreasing cost. This effort did not identify issues with the aging infrastructure, including lack of DOE guidance or requirements for maintenance, or the adequacy of safety posture for indefinite continued operation.

It is clear that as defense nuclear facilities age, their safety bases will become more complex. In some cases, DOE introduced new missions into old facilities, which are dependent upon dated technological infrastructure. Complexity has been shown to drive the contractors to heavily rely on administrative controls, instead of engineered features, to overcome the inherent difficulties involved in trying to comply with the requirements of 10 CFR 830, Subpart B.

At the time when 10 CFR 830 was crafted, the majority of defense nuclear facilities were only a few decades old, and DOE had launched an aggressive effort to construct new facilities to replace them. Facilities such as the Replacement Tritium Facility (RTF, now known as Building 233-H) at the Savannah River Site were examples of this vision in the early 1990s. However, three decades after the construction and startup of RTF, DOE continues to rely on some older facilities to support its tritium operations for the indefinite future. Similarly, DOE embarked upon design and construction of the Uranium Processing Facility at the Y-12 National Security Complex, but plans to continue to rely on operation of two other 50-plus year old facilities for another several decades to support its production commitments for national security purposes.

A significant number of defense nuclear facilities in the complex are now more than 50 years old and have surpassed their design life by decades. Concerns over whether facilities can still be operated and maintained safely develop as facilities age. Safety structures, systems, and components may degrade and be unable to perform their safety functions reliably. As the infrastructure supporting those safety systems (e.g., passive features, utilities, and site services) ages, it may also degrade and impact the reliability of those safety systems.

As facilities age, concerns develop over whether DOE can still safely operate and maintain them. Safety structures, systems, and components may degrade and not be able to reliably perform their safety functions. Older facilities continue to update their safety bases to comply with 10 CFR 830 without ensuring the reliability of safety systems, comprehensively evaluating the need for refurbishment or replacement of those systems, reconsidering the design or integrity of structures, or conducting a backfit analysis of equipment important to safety. Aging impacts are especially concerning for passive features (e.g., facility structures and fire walls) that are not required to be surveilled to ensure they can perform their safety functions. While DOE performs some upgrades and retrofits at aging facilities, DOE lacks a formal, complex-wide regulatory structure for identifying and performing upgrades necessary for the adequate protection of public and workers.

General-service water distribution systems that provide water to safety-significant or safety-class fire suppression systems;
General-service electrical distribution systems that could impact the reliability of safety-significant confinement ventilation systems; and
Building structures and internal systems that cannot withstand the seismic loads required to meet their designated performance categories.^[9]

In a 2018 report,^[10] DOE's Infrastructure Executive Committee noted that deferred maintenance had increased by 25 percent between 2013 and 2017 to a total of $5.9 billion dollars for operational facilities, and that 17 of DOE's 79 core capabilities ^[11] were potentially at risk due to inadequate infrastructure (see Table 1 for examples).

Table 1—Core Capabilities Potentially at Risk Due to Infrastructure Deficiencies ¹²
Core capability	Replacement plant value ¹³ assessed as inadequate (%)
Decontaminate and Decommission Facilities and Infrastructure	74
Uranium	45
Nuclear Material Accountability, Storage, Protection, and Handling	43
Plutonium	40
Weapons Assembly/Disassembly	36

In recognition of the general situation of aging infrastructure in DOE and its potential impacts on the defense nuclear facilities, the Board is concerned that DOE needs to review its priorities and establish department-level policy and guidance for managing the aging infrastructure supporting those facilities.

DOE has not conducted a comprehensive analysis of the difficulties facing its aging infrastructure at defense nuclear facilities. Without this analysis, DOE's efforts will not address the fundamental reasons for increased cost or other difficulties of maintaining old facilities in operational condition; nor will it assess the reduction in their margin of safety that may occur as the facilities age.

DOE needs to evaluate the state of its aging facilities, identify their required operational life to meet their mission needs, and develop an integrated plan for replacement or refurbishment of those facilities to maintain their safety posture and ensure adequate protection of the public, the workers, and the environment. DOE does not have any DOE-wide policies, directives, or requirements in place for implementing an effective aging management program. Accordingly, DOE needs to develop requirements and criteria for dealing with its aging infrastructure.

2. Hazard Categories.

Definition of Hazard Categorization—In 10 CFR 830, DOE requires application of a graded approach to the preparation of DSAs and provides the criteria to be used for such gradation in Section 830.3 of Subpart B. Table 1 in Appendix A to Subpart B defines three hazard categories that are grouped by the significance of their consequences to different receptors (i.e., offsite/public, onsite/collocated workers, and local/facility workers).

In the proposed revision to 10 CFR 830, DOE deletes Table 1 and the specific definitions of hazard categorization, and states that it intends to provide a generic definition in the future that is not described at this time. DOE Standard 3009, safe harbor for preparation of a DSA, is formulated using the concept provided in Table 1 of the existing Subpart B. By removing the definitions of hazard categories from Part 830 and the rulemaking process, DOE's proposed revisions fundamentally undermine important nuclear safety processes established in the rule.

Hazard categorization is a fundamental element of the safety basis requirements of 10 CFR 830 because the process determines whether the safety basis requirements of Subpart B are applicable to a facility. Based on the definition of hazard categories provided in Table 1, DOE referred to Standard 1027 ^[14] and mandated its use in Section 830.202 of the rule because “DOE want[ed] contractors to be consistent when determining the hazard classification for its nuclear facilities, hence we are requiring the consistent use of DOE-STD-1027 which has an established history for this purpose.” ^[15] DOE's proposed action to delete Table 1, without any detailed discussion regarding hazard categorization, and deferring to a future document to be developed:

Lacks the “established history” and a roadmap for preparation and implementation of the replacement approach;
Does not provide the rationale for such a significant change in approach, which has been practiced for more than two decades without known degradation or deficiencies in implementation of nuclear safety requirements;
Creates an ambiguous and unclear domain of standards to be developed for compliance with nuclear safety requirements; and
Undermines the fundamental principles of the graded approach and its implementation as described in the rule.

Reference to Standard 1027 Within the Rule—DOE's memorandum to initiate the rulemaking recommended adding the phrase “or successor document” to 10 CFR 830.202(b)(3) and to “initiate a new revision [to Standard 1027] that updates the hazard categorization methodology.”

DOE prepared Standard 1027 in 1992 to provide guidance on hazard categorization and on the performance of hazard analyses for preparation of safety bases for nonreactor nuclear facilities. It used the available technical information to develop screening criteria and grouping of the nuclear facilities based on their potential consequences to the immediate workers, site area, and offsite members of the public. DOE also based Standard 1027 on a survey of all DOE nuclear facilities and their potential hazards to arrive at a set of parameters that would realistically categorize those facilities based on their potential consequences. More updated technical information and recommendations by the International Commission on Radiological Protection (ICRP) ^[16 17] has resulted in some changes to those parameters. It would be prudent, and technically justified, to use the most up to date information in a DOE standard that is fundamental for graded implementation of nuclear safety requirements at defense nuclear facilities.

This DOE action, combined with the deletion of Table 1 from the rule that defines hazard categories, and deferring a new definition to be provided outside the rulemaking process, will create an uncertain, ambiguous, and unclear methodology for implementation of 10 Start Printed Page 14664CFR 830 at the defense nuclear facilities; and consequently, a potential for eroding the level of protection currently provided by those facilities.

Additionally, both the existing version and the proposed revision of 10 CFR 830 state that a contractor must “categorize the facility consistent with” Standard 1027 rather than “in accordance with” Standard 1027. The words “consistent with” introduce flexibility in implementation to not actually follow the requirements in Standard 1027. This language has already led to the National Nuclear Security Administration (NNSA) issuing supplemental guidance to its facilities to use a modification ^[18] to Standard 1027 that is not cited by the rule and, therefore, not used by the Office of Environmental Management; resulting in an inconsistent gradation of defense nuclear facilities in the complex.

The safety basis requirements in Subpart B apply to Hazard Category 1, 2, or 3 nuclear facilities. With DOE's proposed revisions, 830 would not include any language that defines these terms, and DOE can change the definitions of these terms outside the rulemaking process.

3. Submission and Approval of Safety Bases.

Need for Root Cause Analysis and DOE Approval of Annual Updates to the DSA—The DOE memorandum that initiated the rulemaking directed DOE elements to “increase the periodicity from the existing annual requirement to either two or three years; the current (arbitrary) annual requirement is problematic for complex facilities. In addition, appropriately scoped updates should not require DOE approval.” In accordance with the memorandum, the notice of proposed rulemaking deletes the requirement for DOE review and approval of the annual updates to the DSAs. This DOE action weakens the safety basis construct created by DOE in establishing Subpart B. DOE required the preparation of safety basis for nuclear facilities to ensure that adequate protection of the public and the workers is implemented through compliance with its safe harbor standards. It also weakens the USQ process, which ensures that the safety bases are maintained under a defined configuration control program.

The Board has noted that some defense nuclear facilities with complex activities have difficulty meeting the annual update commitments. Although this was not anticipated by DOE at the time when 10 CFR 830 was issued in January 2001,^[19] some sites rely on inter-related documents that comprise their safety bases and it might be difficult to ensure that the various elements of their safety bases are updated consistently in the allowed time.^[20]

The Board has also observed situations where there have been multiple “review iterations” by contractors and their DOE approval authorities. This could be a sign of disagreement between DOE and its contractor, or the lack of adequate technical contents of the DSAs submitted to DOE for approval. Difficulties in submitting an annual update also could indicate that DOE's contractors are not implementing the USQ process consistent with the requirements.

DOE's notice of rulemaking does not identify the problems that DOE is attempting to address, so it is not clear that DOE's proposed change is an appropriate solution. It would be prudent for DOE to evaluate the reasons why contractors and DOE experience significant challenges implementing the annual requirement. DOE needs to conduct a root cause analysis to determine why DOE and its contractors are having difficulties managing the review and approval of annual updates, and use the results of that analysis to fix the underlying problems. While conducting the analysis, DOE should retain the requirement for contractors to develop and submit safety bases on an annual schedule for DOE approval.

In the revised Appendix A to Subpart B, DOE proposes language to clarify that it will continue to review the DSA updates in some cases, and may even approve the annual update in some cases. The proposed language states, “DOE will review each documented safety analysis . . . if DOE has reason to believe a portion of the safety basis has substantially changed.” Another relevant new sentence is: “If additional changes are proposed by the contractor and included in the annual update that have not been previously approved by DOE or have not been evaluated as a part of the USQ process, DOE must review and approve these changes.” DOE's notice of rulemaking does not include a detailed discussion of these changes, and therefore they do not alleviate concerns with removing DOE's approval of the annual update.

Temporary Authorization of Activities—10 CFR 830.202(g)(3) requires contractors to “Submit the evaluation of the safety of the situation to DOE prior to removing any operational restrictions initiated to meet [safe condition]” of the facility. Those operational restrictions (or other compensatory measures) may continue to be required for a long period of time. Per DOE Guide 424.1-1B, Implementation Guide for Use in Addressing Unreviewed Safety Question Requirements, the vehicle for operating under restrictions for “an extended period of time” until the next annual update of the DSA is issued, is the justification for continued operations (JCO), which is a “temporary change to the facility safety basis.” The DOE guide states that the contractor should submit the JCO to DOE for approval. However, the rule does not formally require DOE's approval of a JCO.

In some cases, contractors eventually incorporate the operational restrictions and accompanying analyses (or some revised version of them) into the DSA via the annual update. In other cases, JCOs continue to be a stand-alone part of the safety basis for several years. With DOE's proposed revision to the rule, i.e., not requiring DOE approval of the annual updates to the DSA, there will be important changes to the safety basis with no requirement for their approval by DOE.

Instead of a JCO, contractors may prepare an evaluation of the safety of the situation (ESS) that includes operational restrictions. DOE Guide 424.1-1B states that DOE should approve ESSs for potential inadequacies of the safety analysis (PISAs) that represent a positive USQ; however, the rule does not require DOE approval for this situation. Under DOE's proposed revision to the rule, the ESS can represent a mechanism for the contractor to make important changes to the safety basis without any requirement for DOE approval.

4. Safety Basis Process and Requirements.

Fundamental Elements of Safety Bases— Unlike the safe harbors for DOE nonreactor nuclear facilities and nuclear explosive facilities for compliance with the DSA requirements of the rule, the rule does not provide any standards for compliance with USQs or TSRs; instead, it refers to DOE guides on those subjects, DOE Guide 424.1-1B and DOE Guide 423.1-1B, Implementation Guide For Use In Developing Technical Safety Requirements, respectively. DOE guides, Start Printed Page 14665however, “describe[s] acceptable, non-mandatory means for meeting requirements.” As a result, contractors' implementation at the sites are diverse and inconsistent. The Deputy Secretary identified this issue in his memorandum as one to be addressed in the proposed rule. The Board has made similar observations that include lack of uniformity of implementation, and in some cases, inconsistency of implementation with the requirements of the rule.

Requirements Regarding the USQ Process—DOE Guide 424.1-1B provides an example of guidance on USQs that should be examined for elevation to a requirement and inclusion in Subpart B. The guide includes expectations on the timeliness with which contractors process PISAs:

It is appropriate to allow a short period of time (hours or days but not weeks) to investigate the conditions to confirm that a safety analysis is potentially inadequate before declaring a PISA . . . If it is immediately clear that a PISA exists, then the PISA should be declared immediately.^[21]

This timeliness is important for safety, as it causes the contractor to formally declare a PISA and take actions to place the facility in a safe condition. Contractors do not always perform this step in a timely manner (i.e., within hours or days, but not weeks). This leads contractors to delay implementing the necessary compensatory measures to place or maintain the facility in a safe condition that provides adequate protection of the public. There are instances where contractors have delayed a PISA declaration beyond hours or days because they deemed the information to be not yet mature enough to merit that action. The DOE guidance quoted above already addresses this situation, saying that the contractors may take hours or days to investigate, but not weeks. It should be noted that a similar statement was made in resolution of comments received for the final rulemaking of 10 CFR 830: “the contractor's USQ procedure should define the period for performance of a USQ determination related to a PISA and that time period should be on the order of days, not weeks or months.” However, not all contractors' procedures comply with this expectation.

DOE should formalize this guidance on timeliness into a requirement, to ensure that contractors place facilities into safe conditions when they discover PISAs. If DOE believes it is necessary to make some allowance for delaying action because the new information is immature, DOE should provide the criteria for defining “information maturity.” Declaring the information as “immature” and not declaring a PISA should be exceptional and subject to compliance with DOE criteria. Such criteria, however, do not exist and need to be developed.

Additionally, the Board has observed that some contractors allow themselves a “grace period” to take action and return the facility into compliance with their safety bases without declaring a PISA.^[22] As a result, the facility would be operating outside of its approved safety basis for the duration of the grace period without DOE knowledge or approval of the situation, and without having to take safety precautions to put the facility in a safe configuration. Section 830.202, Subpart B, does not allow this action, which may result in unsafe operation of defense nuclear facilities and a lack of adequate protection of the public.

Several of the USQ procedures approved by DOE lack any requirements for training and qualification of USQ screeners. These individuals are the first line of defense against lack of compliance with the requirements of the rule, and their knowledge of the facility and its safety basis, as well as the USQ process, is of utmost importance. While preparation of safety bases throughout the complex has created a wealth of knowledgeable subject matter experts that the contractors rely on, implementation of USQ procedures and USQ screening sometimes relies on available personnel, making their training and qualification an important aspect of the safety of operations.

The definition of USQ in the rule also warrants clarification. The proposed (and also existing) definition for USQ in Section 830.3 uses the term “equipment important to safety.” This term is not defined in 10 CFR 830, though it is defined in DOE Guide 424.1-1B. Proper and consistent implementation would be better achieved if the definition from the guide were also included in the rule.

Finally, 10 CFR 830 does not specify what documentation a contractor is required to submit to DOE prior to obtaining approval for planned actions involving a USQ. Specifically, section 830.203(d) states, “A contractor responsible for a Hazard Category 1, 2, or 3 DOE nuclear facility must obtain DOE approval prior to taking any action determined to involve a USQ.” This section does not specify whether a contractor must submit planned changes to the safety basis, a description of planned changes, or if no documentation is required and a verbal explanation would suffice. Accordingly, when DOE approves contractor action, it is not clear that DOE is specifically approving any planned changes to the safety basis.

Requirements Regarding TSRs—DOE Guide 423.1-1B includes some aspect of the content of TSR documents that should be considered for elevation to the rule. In Appendix C to the Guide, DOE combines the Section 830.201 requirement for the contractor to “perform work in accordance with the DOE-approved safety basis” with the quality assurance requirements in Subpart A of the rule. From these two portions of the rule, DOE derives a need for the contractor to “independently confirm the proper implementation of new or revised safety basis controls.” This is an important concept for ensuring safe operation of the facility, and should be directly included in the rule.

One area of difficulty for contractors preparing TSRs has been in the determination of “completion times.” TSRs typically define actions the contractor will take when safety structures, systems, and components (SSC) do not meet their limiting conditions for operation. This scenario can occur intentionally due to a maintenance outage, or unintentionally due to degradation of a safety-related SSC. TSRs define the required times (completion times) by which the contractor must take temporary actions to compensate for the loss of safety SSCs, or by which the contractor will restore SSCs. According to the guide, when developing completion times, the contractor should consider “the safety importance of the lost safety function” and “the risk of continued operations.” In practice, some completion times appear excessively long, with no documented consideration of safety risk for DOE's review and acceptance. DOE should revise Appendix A to Subpart B to include the concept that safety risks should be considered when developing completion times.

Similarly, some contractors have prepared TSR documents that the action to be taken, when a safety SSC is inoperable or found to be unavailable, is simply to submit to DOE a “recovery plan.” Some of these recovery plans are open-ended, without any completion date or compensatory measures in place to achieve an equivalent level of safety as provided in the TSR. As a result, some defense nuclear facilities could be operating outside the bounds of their approved safety basis, relying on an approved “recovery plan” to be Start Printed Page 14666completed by some unspecified date. Such situations warrant explicit requirements in the rule to prevent nuclear facilities from operating with less than adequate levels of safety.

Fundamental Nuclear Safety Principles—10 CFR 830 provides the requirements for identification and analysis of hazards, identification of controls, and the quality assurance that must be applied to all stages of nuclear facility operations. However, it does not require implementation of the most fundamental nuclear safety principle, defense-in-depth, to ensure that no one layer of control is solely relied on for safety.

In a letter to the Deputy Secretary of Energy, dated July 8, 1999, the Board stated:

Current requirements for nuclear safety design, criticality safety, fire protection and natural hazards mitigation are set forth in DOE Order 420.1, Facility Safety. This Order (Section 4.1.1.2), when contractually invoked, requires that:

`Nuclear facilities shall be designed with the objective of providing multiple layers of protection to prevent or mitigate the unintended release of radioactive materials to the environment.'

This “defense-in-depth” approach is the hallmark of nuclear facility and process designs.

DOE Order 420.1C, Facility Safety, includes an expanded discussion of what the defense-in-depth concept entails. However, the requirements of Order 420.1C are not applied to the operation of existing defense nuclear facilities unless DOE's contract with the management and operating contractor has specifically identified and stipulated its application. As a result, DOE does not routinely implement the defense-in-depth concept to ensure safe operation of nuclear activities. The controls identified in DSAs for existing facilities are usually a compilation of the existing controls, and rarely have led to the identification of new controls for ensuring that multiple layers of protection exist to defend against the release of radioactive materials. This weakness is more common when contractors rely on SACs to compensate for the lack of a safety-related engineered feature to prevent or mitigate an event.

10 CFR 830, Subpart B, needs to require the defense-in-depth construct to ensure that all nuclear facilities and activities meet this fundamental nuclear safety construct, and provide adequate protection of the public and the workers such that no one failure of a layer of protection would lead to the release of radioactive materials.

Specific Administrative Controls—DOE created the concept of the SAC in response to the Board's Recommendation 2002-3, Requirements for the Design, Implementation, and Maintenance of Administrative Controls. To provide guidance on this topic, DOE created a new standard, Specific Administrative Controls, and revised several other standards and guides to ensure consistency. SACs are a higher level administrative control that have safety importance equivalent to engineered controls that would be classified as safety-class or safety-significant. For this reason, SACs are an important tool for DOE to ensure adequate protection.

Although DOE created a new standard for SACs, DOE did not revise 10 CFR 830 to reflect the concept of implementing SACs as an equivalent TSR control. As a result, the discussion in 10 CFR 830 on safety controls is incomplete and does not fully reflect current DOE terminology and practice. Accordingly, DOE should include the concept of SACs within the requirements of 10 CFR 830, Subpart B.

Correspondence With the Secretary of Energy

Department of Energy Request for Extension of Time

November 13, 2019

The Honorable Bruce Hamilton

Chairman

Defense Nuclear Facilities Safety Board

625 Indiana Avenue NW, Suite 700

Washington, DC 20004

Dear Chairman Hamilton:

The Department of Energy (DOE) received the Defense Nuclear Facilities Safety Board (DNFSB) Draft Recommendation 2020-1, Nuclear Safety Management, on October 16, 2019, and is currently coordinating its review among the relevant offices. On behalf of the Secretary, and in accordance with 42 U.S.C. 2286d(a)(2), the Department requests a 60-day extension to provide comments.

DOE is committed to a robust nuclear safety regulatory framework that ensures adequate protection of public health and safety. A 60-day extension will afford DOE sufficient time to assess the Draft Recommendation's findings, supporting data, and analyses.

If you have any questions, please contact Mr. Matthew Moury, Associate Under Secretary for Environment, Health, Safety and Security, at (202) 586-5175.

Sincerely,

Dan Brouillette

Defense Nuclear Facilities Safety Board Response to Extension Request

November 26, 2019

The Honorable James Richard Perry

Secretary of Energy

U.S. Department of Energy

1000 Independence Avenue SW

Washington, DC 20585-1000

Dear Secretary Perry:

We are in receipt of your November 13, 2019, letter requesting a 60-day extension to provide comments on the Board's Draft Recommendation 2020-1, Nuclear Safety Management.

The Board's practice has been to grant a 30-day extension to comment on a draft Recommendation if you request an extension. In accordance with 42 U.S.C. 2286d(a)(2), the Board grants an extension to December 16, 2019.

Yours truly,

Bruce Hamilton

Chairman

Department of Energy Comments on Draft Recommendation

December 17, 2019

The Honorable Bruce Hamilton, Chairman

Defense Nuclear Facilities Safety Board

625 Indiana NW, Suite 700

Washington, DC 20004

Dear Chairman Hamilton:

The Department of Energy (DOE) appreciates the opportunity to review the Defense Nuclear Facilities Safety Board (DNFSB) Draft Recommendation 2020-1, Nuclear Safety Requirements, issued on October 16, 2019. We appreciate the Board's perspective and look forward to continued positive interactions with you and your staff on this important topic.

Continuous improvement is a core value in maintaining a robust nuclear safety regulatory framework to ensure reasonable assurance of adequate protection of public and worker health and safety. DOE's recent actions include proposing to modify and improve Title 10 Code of Federal Regulations (CFR) part 830, Nuclear Safety Management, improving the associated DOE nuclear safety Directives and Technical Standards, and conducting oversight to ensure effective implementation throughout the DOE Complex.

DOE does not agree with the DNFSB's assertion in Draft Recommendation 2020-1 that the revisions proposed in the August 8, 2018, Notice of Proposed Rulemaking (NOPR) for 10 CFR part 830 will erode our nuclear safety regulatory framework. Rather, we believe that DOE's completed and ongoing activities related to the nuclear safety regulatory framework will improve the effectiveness and efficiency of the Start Printed Page 14667framework. In addition to the requirements in 10 CFR part 830, requirements or guidance within DOE's orders, standards, and guides, are an important and necessary component of the regulatory framework. We continue to believe that, taken as a whole, this regulatory framework provides a sound framework for effective implementation at our sites.

For your consideration, the enclosure provides specific comments on many elements of the draft recommendation and discusses specific ongoing efforts the Department has taken, including actions to address aging infrastructure and strengthen the oversight model.

The DNFSB draft recommendation contains elements related to the scope of the ongoing 10 CFR part 830 rulemaking. Many of these comments were previously submitted in the October 5, 2018 DNFSB letter that contained the DNFSB's public comments on DOE's 10 CFR part 830 rulemaking. These comments are being evaluated and considered as part of the Department's process in developing any final rule.

While the Department understands that there is no prohibition against appropriate sharing of information regarding the proposed rulemaking (since the DNFSB is a Federal Agency), substantive information regarding how DOE is addressing comments and topics related to the ongoing rulemaking should not be made publicly available prior to the issuance of the final rule. Discussions between DOE and DNFSB staff indicate that, if the Board issues Final Recommendation 2020-1, the DNFSB will publish the Final Recommendation and related correspondence with the DOE in the Federal Register. Therefore, discussion regarding recommendations related to ongoing rulemaking are not included in the Enclosure.

DOE remains committed to share information about the rulemaking with the DNFSB and offers to brief the Board and/or Board staff on the status of the final NOPR. Similarly, given the importance of ongoing efforts to address aging infrastructure and strengthen the oversight model, DOE would appreciate the opportunity to provide the Board with a detailed briefing on the improvement actions taken. In addition, the Office of Enterprise Assessments (EA) senior leadership would be pleased to meet with the Board and technical staff for dialogue regarding EA's current nuclear safety basis oversight strategy.

If you have any questions, please contact Mr. Matthew Moury, Associate Under Secretary for Environment, Health, Safety and Security, at (202)586-1285.

Sincerely,

Dan Brouillette

Enclosure

Enclosure—Comments on DNFSB Draft Recommendation 2020-1

Nuclear Safety Requirements

Title 10 Code of Federal Regulations (CFR) part 830, Nuclear Safety Management, provides requirements upon which the Department of Energy (DOE) relies to ensure adequate protection of workers, the public, and the environment. In addition to this rule, DOE has developed a robust regulatory framework including policies, orders, guides, and standards to support the 10 CFR 830 requirements by providing additional detailed requirements and implementation guidance for the safe design, construction, operation, and decommissioning of its defense nuclear facilities.

DOE issued a Notice of Proposed Rulemaking (NOPR) to amend 10 CFR part 830 in August 2018 as a first step to the regulatory reform activities designed to improve the rule. Specifically, the purpose of the proposed changes, as published in the NOPR, are as follows: “The proposed revisions reflect the experience gained in the implementation of the regulations over the past seventeen years, with specific improvements to the process for facility hazard categorization, the unreviewed safety question process, and the review and approval of safety documentation. The proposed revisions are intended to enhance operational efficiency while maintaining robust safety performance.”

DOE does not agree with the DNFSB's assertion in Draft Recommendation 2020-1 that the revisions proposed in the NOPR will erode DOE's nuclear safety regulatory framework. DOE believes that the proposed changes in the NOPR are a first step to improving the nuclear safety framework and is open to considering further changes in a future rulemaking. DOE values the input provided and will consider any concerns as they relate not just to the addition of requirements to 10 CFR part 830, but also the opportunity to enhance the requirements and guidance in the broader regulatory framework including DOE orders, guides, and standards.

The Draft Recommendation includes specific sub-recommendations related to two of the proposed revision topics identified in the NOPR: Hazard categorization and the review and approval of safety documentation. As noted in the letter transmitting this enclosure, a number of these comments were previously submitted in the October 5, 2018, DNFSB letter that contained the DNFSB's public comments on DOE's 10 CFR part 830 rulemaking. These comments are being evaluated and considered as part of the Department's process in developing the final rule. Substantive information regarding how DOE is addressing comments and topics related to the ongoing rulemaking should not be made publicly available prior to the issuance of the final rule. Therefore, discussion regarding recommendations related to ongoing rulemaking are not included in the Enclosure.

The Draft Recommendation also provides a number of sub-recommendations not related to the proposed revisions identified in the NOPR. Additional perspectives regarding the topics discussed in these sub-recommendations are included below.

Aging Infrastructure

DOE Regulatory Framework

The Draft Recommendation asserts that DOE lacks a formal regulatory structure for identifying and performing upgrades necessary for the adequate protection of workers and the general public. In the following discussion, DOE provides perspectives regarding how its regulatory framework ensures adequate protection of workers, the public, and the environment despite aging facilities and infrastructure.

Safety requirements are found in 10 CFR part 830, and additional requirements and guidance are provided in DOE Order 433.1B, Maintenance Management Program for DOE Nuclear Facilities, and DOE G 433.1-lA Chg. 1, Nuclear Facility Maintenance Management Program Guide for Use with DOE O 433.1B.

Compliance with 10 CFR part 830, including the requirement in 830.204(b)(4) to “ . . . demonstrate the adequacy of these [hazard] controls to eliminate, limit, or mitigate identified hazards . . . ” is required for all Hazard Category (HC) 1, 2, and 3 nuclear facilities, and does not distinguish between new or aging facilities. Title 10 CFR 830.204(b)(5) identifies nine safety management programs necessary to ensure safe operations for the facility which are required to be addressed where applicable, one of them being maintenance. There is no relaxation of requirements based on the age of the facility.

DOE has expectations for the performance of safety structures, Start Printed Page 14668systems, and components (SSCs) in multiple policy documents. DOE O 420.1C, Facility Safety, includes requirements for the reliability in the design of safety SSCs. Both DOE-STD-3009-94, CN 3, Preparation Guide for US Department of Energy Nonreactor Nuclear Facility Documented Safety Analyses, and DOE-STD-3009-2014, Preparation ofNonreactor Nuclear Facility Documented Safety Analysis, which together are used for the development of the Documented Safety Analyses at the vast majority of DOE nuclear facilities, include expectations and requirements to evaluate the adequacy of safety SSCs to ensure designated functional requirements can be met and for documenting this evaluation. As part of the development of Technical afety Requirements (TSRs), surveillance requirements are derived from the DSA to assure that the necessary operability and quality of safety SSCs is maintained, that facility operations are within safety limits, and that limiting control settings and limiting conditions for operation are met.

In instances where a degraded or nonconforming SSC is discovered to not conform with the safety basis design description and specifications (discrepant as-found state) and is not replaced or repaired to return it to conformance (e.g., a use-as-is disposition) , the need to declare a Potential Inadequacy of the Safety Analysis (PISA) would be evaluated under the Unreviewed Safety Question (USQ) process pursuant to the requirements of 10 CFR 830.203. An SSC determined to be incapable of performing its intended safety function(s), would be declared inoperable.

DOE O 433.1B defines the safety management program required by 830.204(b)(5) for maintenance and the reliable performance of SSCs. The Order requires that Federal and contractor organizations responsible for Hazard Category (HC) 1, 2, and 3 nuclear facilities must develop and implement a nuclear maintenance management program (NMMP) addressing seventeen topics, one of which “the process for conducting inspections to evaluate aging-related degradation and technical obsolescence to determine whether the performance of SSCs is threatened.” An acceptable NMMP consists of processes to ensure that SSCs are capable of fulfilling their intended function as identified in the facility safety basis. The accompanying Guide 433.1-1A, Chg. 1 identifies nine topics on aging-related degradation and technical obsolescence that the NMMP should directly address. Consistent with requirements in the Order, DOE conducts assessments of NMMP implementation at least every three years to evaluate whether the contractor is appropriately implementing requirements.

Within DOE orders, standards, and guides there are clear expectations and requirements to ensure that safety SSCs are able to perform their designated safety functions. However, in an effort to improve the regulatory framework and acknowledging that the management of aging infrastructure and technical obsolescence are areas for improvement, DOE approved a Project Justification Statement in 2018 to “develop a new DOE handbook entitled Maintenance Management Program for DOE Nuclear Facilities that would replace the current DOE Guide 433.1-lA, Nuclear Facility Maintenance Management Preparation Guide for Use with DOE O 433.1B. The new handbook will cover all the topics that are currently covered in the Guide 433.1-lA with expanded coverage of aging degradation and technical obsolescence, currently addressed in Guide section III.M.” To support expansion of this topic, a minor change would be needed to Order 433.1B, Chg. 1, Maintenance Management Program for DOE Nuclear Facilities.

Program-Specific Aging Infrastructure Management

Within DOE's regulatory framework, the program offices have individually taken on initiatives to address aging infrastructure. The National Nuclear Security Administration (NNSA) uses a science-based infrastructure stewardship approach to evaluate the state of its aging facilities, identify their required operational life to meet mission needs, and develop an integrated plan for replacement or refurbishment of those facilities to maintain their safety posture and ensure adequate protection of the public, the workers, and the environment. Specifically, NNSA has deployed holistic, data-driven, risk-informed tools and metrics to assess infrastructure conditions and prioritize investments.

Key parts of the science-based infrastructure stewardship approach include:

The Mission Dependency Index. A measure of each infrastructure asset's impact to the mission by combining the consequences if the asset was lost, the difficulty to replace it, and the interdependency of it to other assets;
The BUILDER Sustainment Management System. An infrastructure condition assessment management system that provides enterprise-level tracking and analysis of the condition and probability of failure of infrastructure assets and their systems, components, and sub-components;
Enterprise Risk Management. A combination of the condition of the infrastructure, or likelihood of loss, with the mission impact, to focus attention on key facilities and improve prioritization of investments;
The Excess-facility Risk Index. A measure of the risk posed by the structural and safety condition of the potential impact of contaminants and the proximity of the excess asset to workers, the public, environmental receptors;
The Master Asset Plan and Deep Dives. NNSA's long-term planning process that leverages enterprise condition and risk data to support decision making and prioritization; and
The Project Prioritization Process. This process uses the compiled data from each of the above metrics and processes, which is analyzed by subject matter experts to prioritize infrastructure projects that provide the greatest risk reduction per dollar.

NNSA's science-based infrastructure stewardship approach ensures investments are aligned with reducing the greatest infrastructure risks and ensuring alignment to program requirements.

The Draft Recommendation points to the Y-12 National Security Complex (Y-12) as an example of a DNFSB concern that DOE continues to utilize older facilities without ensuring the reliability of their safety systems; evaluating the need for refurbishment or replacement of those systems; reconsidering the design or integrity of their structures; or conducting a back-fit analysis of equipment important to safety. This concern overlooks Y-12's Extended Life Program (ELP) Safety Strategy, which specifically addresses the aging infrastructure concerns the proposed sub-recommendation highlights. This Safety Strategy was developed in alignment with DOE-STD-1189, Integration of Safety Into the Design Process, to identify and address potential areas of concern related both to aging infrastructure as well as gaps to modern nuclear standards (e.g., seismic). NNSA's approach to these facilities is well within the framework described earlier (i.e., 10 CFR part 830 and associated DOE orders, guides, and standards).

In achieving its mission, the DOE Office of Environmental Management (EM) is committed to the safety and protection of workers and communities, the public, and the environment. The Start Printed Page 14669overall EM goal is risk reduction through achieving agreed upon end state criteria in a safe manner. EM has an ongoing process to evaluate infrastructure stewardship site-by-site to achieve overall risk reduction.

Most of the EM portfolio includes older facilities that are not part of an enduring mission and require innovative solutions, sound business practices, and science and technology to reduce risks and cost within the regulatory framework. Unlike enduring facilities, the EM solution for aging infrastructure is a blend between infrastructure stewardship and innovative control selection to ensure reliable controls are established. Application of nuclear safety fundamentals; clear understanding of the state of structures, systems, and components; assurance that the overall control strategy ensures adequate protection; and effective implementation of controls provides the platform for safe operations and accomplishment of the EM mission.

At the DOE Office of Science's (SC) defense nuclear facility, a facility life extension project was completed during the transition from EM to SC in 2007. SC continues to maintain the current infrastructure and evaluate the existing aging infrastructure for replacement in the facility in accordance with applicable DOE Orders and Standards.

Safety Basis Process and Requirements

The Draft Recommendation identifies a number of nuclear safety topics that the Board believes are missing from 10 CFR part 830. In addition to the requirements in 10 CFR part 830, DOE emphasizes that requirements or guidance are also contained in DOE's orders, standards, and guides, which are an important and necessary component of the regulatory framework. The following discussion describes DOE's current framework regarding these topics.

Concepts identified and recommended for inclusion into IO CFR part 830, such as defense-in depth, hierarchy of controls, and specific administrative controls (SACs) are currently discussed in a number of DOE's Orders and Standards. In addition to DOE Order 420.IC, DOE-STD-1186-2016, Specific Administrative Controls, and DOE-STD-1189-2016, Integration of Safety into the Design Process, which the Draft Recommendation correctly identifies as not always applicable to existing facilities, these concepts are also discussed within DOE's primary DSA safe harbor methodology document DOE-STD-3009, both the 2014 and 1994 Change Notice 3 versions.

DOE-STD-3009-94 underwent a major revision in 2006 with the issuance of Change Notice 3. A major objective of that revision was to incorporate expectations for SACs. Since that revision, DOE-STD-3009-94 has had strong expectations regarding the concepts of defense in depth, hierarchy of controls, and SACs, all three being key topics in DSAs. Both versions of DOE-STD-3009-94, Change Notice 3, and DOE-STD-3009-2014 require that the DSA address the significant aspects of defense in depth. The hierarchy of controls, which was introduced in DOE-STD-3009-94 has evolved into a stronger requirement in DOE-STD-3009-2014, requiring that DSAs provide a technical basis that supports the controls selected when the hierarchy of controls is not used.

Regarding the topics of USQs and TSRs, requirements in are set forth in 10 CFR part 830 specifically, 830.203 Unreviewed safety question process, and 830.205 Technical safety requirements. Additionally, each has a respective Guide that provides supplemental information to the requirements contained in the rule. (DOE G 424.1-lB Chg 2, Implementation Guide for Use in Addressing Unreviewed Safety Question Requirements; and DOE G 423.1-1B, Implementation Guide for Use in Developing Technical Safety Requirements, respectively) DOE O 420.1C, Chg. 3, Facility Safety, invokes DOE-STD-1104-2016, Review and Approval of Nuclear Facility Safety Basis and Safety Design Basis Documents, and it is a requirement for DOE elements to review and approve safety basis and safety design basis documents in accordance with this Standard. DOE-STD-1104-2016 contains requirements and expectations for the review and approval of TSRs and USQ documents, such as the USQ procedure, Evaluations for the Safety of the Situation (ESSs), and Justifications for Continued Operation (JCOs). This Standard refers to the expectations provided in DOE G 424.1-lB, Implementation Guide for Use in Addressing Unreviewed Safety Question Requirements, and DOE G 423.1-1B, Implementation Guide for Use in Developing Technical Safety Requirements, and sets the expectation, and in some cases requires, that the basis of approval address the expectations from the Guides.

Quality Assurance and Document Control

DOE understands the statements made in the Draft Recommendation regarding the importance of ensuring the quality and completeness of the contractors' safety basis documents and accomplishes accountability through clear requirements and expectations and oversight. The following discussion describes DOE's current framework regarding these topics and also provides specific actions the individual program offices have undertaken.

DOE's quality assurance requirements are provided in 10 CFR 830, Subpart A and DOE 0 414.1D, Chg.I, Quality Assurance. The Order includes a Contractor Requirements Document that is a concise set of all contractor requirements and responsibilities associated with the subject area. DOE oversees Quality Assurance Program (QAP) implementation at each site and addresses Quality Assurance (QA) deficiencies where needed, In addition, DOE is required to routinely assess the contractor's QAP.

Documentation developed to support development of the safety basis is often reviewed at the time of the Safety Basis Review Team (SBRT) review of the DSA in accordance with DOE-STD-1104-2016. DOE's Safety Basis Approval Authorities (SBAA) approve safety basis documents only after a SBRT evaluates the documents per DOE-STD-1104-2016 and all issues identified by the SBRT are satisfactorily resolved. Prior to recommending the SBAA approve the safety basis documents, SBRTs typically have a series of interactions with the contractor to exchange information and have a combination of informal and formal comment exchanges to ensure QA requirements are satisfied in the development of the documents. Contractors are responsive to SBRT comments, and the process leading up to SBAA approval ensures that contractors are held accountable for the specific documents.

Outside of DSA review and approval process, DOE continuously performs line oversight using the principles of DOE O 226.1B, Implementation of Department of Energy Oversight Policy, to ensure that the Contractor Assurance Systems (CAS) are identifying and correcting issues. Oversight also includes operational awareness activities for emergent safety basis/quality assurance weaknesses to ensure the resultant safety basis documents support safe execution of work. Through oversight DOE line management evaluates contractor and DOE programs and management systems for Start Printed Page 14670effectiveness of performance, and to hold both contractors and federal staff accountable for developing, and reviewing and approving safety basis documents in accordance with DOE-STD-1104-2016.

As required by the Order, DOE line management tailors oversight processes according to the effectiveness of CASs, the hazards at the site/activity, and the degree of risk. DOE oversight relies on the CAS and evaluates the CASs as one factor in setting DOE oversight priorities. DOE Order 226.1B states, that the issues management process is required to be capable of categorizing findings based on risk and priority, ensuring relative line management findings are effectively communicated to the contractors, and ensuring that problems are evaluated and corrected on a timely basis. As part of the line management, DOE Headquarters (HQ) communicates its findings/issues to the field office and its contractors. Any issues identified by HQ staff are turned over to the appropriate field organization for identification of corrective actions and to track issues to closure in an issues tracking system.

DOE relies on both federal line and independent, contractor, and partnered assessments to evaluate the contractor's performance against the requirements. DOE Order 226.1B requires each contractor to perform line management oversight according to a defined CAS covering the full scope of operations. The CAS must provide reasonable assurance to DOE and contractor management that work is being performed safely, securely, and in compliance with all requirements; risks are being identified and managed and the systems of control are effective and efficient while accomplishing assigned missions. The contractor must develop, implement, and own their system with a minimum set of key attributes, which include metrics and targets to assess performance, rigorous self-assessments and improvement processes, identification and correction of negative performance trends, and timely communication to the DOE Site Office on assurance-related information. The CAS should provide each manager with sufficient information to be aware of performance and the status of issues so that appropriate action is taken before issues become significant events.

Ultimately, accountability is attained through each program office's performance evaluation process. This is a rigorous evaluation process that includes all aspects of contract management, including quality assurance and nuclear safety, and relies on both the CAS system and continuous federal line and independent oversight as inputs into the performance of the contractor. Safety basis performance can weigh positively or negatively in the contractor's interim and final performance evaluations. Outcomes are documented and depending on the contract, determines annual incentive awards, performance fees, and the option to be granted additional years on the contract through an “award term” extension. As a result of these evaluations, DOE's contractors have been responsive to this feedback to initiate specific and/or broad management changes to improve safety basis performance.

Beyond the requirements described above, DOE supports continuous improvement in the execution of 10 CFR part 830, and each of the program offices continues to take steps to improve federal and contractor performance. EM's Office of Safety, Security and Quality Assurance has implemented a pilot CAS oversight approach that focuses on the prevention, detection, and correction of problems, and uses some or all of the CAS oversight attributes published in the Energy Facility Contractors Group (EFCOG) best practice, “EFCOG Best Practice: Contractor Assurance System Effectiveness Validation.” The EM approach utilizes contractor corporate resources as part of the review team. Corporate executives draw upon experiences from a variety of sources and provide valuable insights with respect to the overall effectiveness of the CAS and its performance within the organization. The outcome resulting from the joint participation of DOE and corporate leadership and other experts have focused on areas of concern and helped to sustain system improvements. Corporate efforts have been aligned with minimizing barriers to mission success and help to design metrics to be better leading indicators such that the contractor can manage more proactively and stay ahead of the issues.

NNSA, in seeking to improve and sustain high quality safety basis documents, has focused on a number of initiatives. The NNSA Safety Roadmap includes two key pillars:

NNSA corporately manages select Safety Basis Review Team (SBRT) evaluations in accordance with DOE STD-1104. Benefits from this program include providing a consistent approach for review and approval of safety basis documentation, and sharing of safety basis knowledge and experience across the NNSA enterprise.
NNSA is in the final steps of Technical Qualification Program (TQP) Accreditation NNSA-wide. Expanding upon earlier accreditation from the Sandia Field Office, Nevada Field Office and NA-50, the NNSA-wide TQP accreditation will ensure the consistent rigorous qualification of nuclear safety specialist personnel, quality assurance personnel, and other technical qualifications that support the federal review and approval of safety basis documentation.

Additionally, NNSA has supported the DOE National Training Center's adaptation of the Safety Basis Professional Program and continuous improvement of safety basis curricula for federal and Maintenance and Operating partner personnel. NNSA has initiated a safety basis Community of Practice (COP) and supports/participates in the DOE QA COP. Similar forums are in place for facility representatives and other safety professionals. These forums provide a mechanism for sharing and discussion of issues and lessons learned, as well as providing a mechanism for the leveraging of key resources for emergent events.

Independent Oversight

In accordance with DOE O 227.lA, Independent Oversight Program, the Department's Office of Enterprise Assessments (EA) is charged with performing independent assessments of nuclear safety. EA currently performs five to six assessments of nuclear facility safety basis documents a year. A standard component of these assessments is the evaluation of the Federal review and approval of safety basis documents. Specifically, EA reviews safety evaluation reports and other review documentation and observes selected aspects of the review process to determine the level of adherence to DOE-STD-1104-2016. In the last several years, EA has not identified any significant issues with the Federal review and approval of safety basis documentation.

These assessments are prioritized first to complete reviews of high hazard nuclear project safety design basis documents as mandated by Congress, and second to review a sample of safety basis documents upgraded to DOE-STD-3009-2014. These assessments are very resource intensive, typically taking four to six weeks to review documents and an additional four to six weeks to resolve comments and prepare reports.

Sub-recommendation 5.c describes a process that would require a significant shift in EA's current priorities and use of highly specialized resources and does not consider a holistic view of EA's mandate and current priorities.

Start Printed Page 14671 Authority: 42 U.S.C. 2286d(b)(2).

Dated: March 5, 2020.

Bruce Hamilton,

Chairman.

Footnotes

1. 56 FR 64316, December 9, 1991.

Back to Citation

2. 42 United States Code (U.S.C.) 2286a(b)(1).

Back to Citation

3. Recommendation 2004-1, Oversight of Complex, High-Hazard Nuclear Operations. May 21, 2004.

Back to Citation

4. From 10 CFR 830.3, “Safety basis means the documented safety analysis and hazard controls that provide reasonable assurance that a DOE nuclear facility can be operated safely in a manner that adequately protects workers, the public, and the environment.”

Back to Citation

5. Annual Infrastructure Executive Committee Report to the Laboratory Operations Board, March 27, 2018.

Back to Citation

6. Core capability is defined in DOE Order 430.1C, Real Property Asset Management, as the ability to conduct programmatic activities that would be degraded should the asset fail to perform as intended.

Back to Citation

7. DOE Standard 1186-2016, Specific Administrative Controls, contains requirements; however, those requirements are only enforceable if Standard 1186-2016 is included in a contract.

Back to Citation

8. Memorandum from Dan R. Brouillette, Deputy Secretary, to heads of elements, Initiate a Rulemaking to Revise 10 CFR 830, dated August 15, 2017.

Back to Citation

9. See Board correspondence dated March 13, 2007; February 6, 2009; September 10, 2010*; September 30, 2011*; March 27, 2012; October 31, 2012*; February 25, 2013; October 30, 2013*; February 4, 2015; October 29, 2015; December 16, 2015; May 11, 2017; September 7, 2018; and July 2, 2019. The four dates with an asterisk are annual aging infrastructure reports the Board issued to Congress and forwarded to DOE. The dates are from the cover letter forwarding the report to DOE.

Back to Citation

10. Annual Infrastructure Executive Committee Report to the Laboratory Operations Board; March 27, 2018.

Back to Citation

11. Core capability is defined in DOE Order 430.1C, Real Property Asset Management, as the ability to conduct programmatic activities that would be degraded should the asset fail to perform as intended.

12. Data is from Table C of Annual Infrastructure Executive Committee Report to the Laboratory Operations Board; March 27, 2018.

13. Replacement Plant Value (RPV) is defined in DOE Order 430.1C, Real Property Asset Management, as the cost to replace the existing structure with a new structure of comparable size using current technology, codes, standards, and materials.

Back to Citation

14. DOE-STD-1027-92, Hazard Categorization and Accident Analysis Techniques for compliance with DOE Order 5480.23, Nuclear Safety Analysis Reports; Change Notice 1, September 1997.

Back to Citation

15. Preamble to 10 CFR 830, Section III, Response to Comments on the Interim Final Rule, response to Comment N.

Back to Citation

16. ICRP 68, 1994, Dose Coefficients for Intakes of Radionuclides by Workers, Replacement of ICRP Publication 61, International Commission on Radiological Protection, Pergamon Press, Oxford, Great Britain.

17. ICRP 72, 1995, Age-Dependent Doses to Members of the Public from Intake of Radionuclides, Part 5, Compilation of Ingestion and Inhalation Dose Coefficients, International Commission on Radiological Protection, Pergamon Press, Great Britain.

Back to Citation

18. NNSA Supplemental Guidance 1027, Guidance on Using Release Fraction and Modern Dosimetric Information Consistently with DOE STD 1027-92, Hazard Categorization and Accident Analysis Techniques for Compliance with DOE Order 5480.23, Nuclear Safety Analysis Reports.

Back to Citation

19. 66 FR 1810, DOE response to Comment JJ, Section III of the final Rule, 10 CFR 830: “If the USQ process has been followed properly, the annual approval of the documented safety analysis should require minimal effort.”

Back to Citation

20. For example, the Board has corresponded on PF-4 at LANL, Pantex, and the Tritium Facilities at the Savannah River Site among others.

Back to Citation

21. DOE Guide 424.1-1B, Section C.2.

Back to Citation

22. Board Recommendation 2019-1, Uncontrolled Hazard Scenarios and 10 CFR 830 Implementation at the Pantex Plant, February 20, 2019.

Back to Citation

[FR Doc. 2020-05141 Filed 3-12-20; 8:45 am]

BILLING CODE 3670-01-P

Visit the Official Version

Document Information

Published:: 03/13/2020
Department:: Defense Nuclear Facilities Safety Board
Entry Type:: Notice
Action:: Notice; recommendation.
Document Number:: 2020-05141
Dates:: Comments, data, views, or arguments concerning the recommendation are due on or by April 13, 2020.
Pages:: 14658-14671 (14 pages)
PDF File:: 2020-05141.pdf