[SOE LETTERHEAD]
October 31, 2000
The Honorable John T. Conway
Chairman
Defense Nuclear Facilities
Safety Board
625 Indiana Avenue, NW,
Suite 700
Washington, D.C. 20004
Dear Mr. Chairman:
We are pleased to forward
the Department's initial Implementation Plan (Plan) for Defense Nuclear
Facilities Safety Board (Board) Recommendation 2000-2, Configuration Management, Vital Safety Systems.
The Plan outlines the
activities we will take to baseline the operational readiness of safety
systems, strengthen safety system expertise, and enhance our capability to
routinely assess the condition of safety systems.
I have assigned Mr. Steven
Cary as my Responsible Manager for executing this Plan. Mr. Cary can be reached at (202)
586-6151. We appreciate the advice and
support provided by the Board and its staff during the development of this
Plan.
Yours sincerely,
Bill Richardson
Enclosure
ES #2000-026846
Recommendation
2000-2
Configuration
Management
Vital
Safety Systems
Executive
Summary
On March 8, 2000, the Defense Nuclear Facilities Safety Board
(Board) issued Recommendation 2000-2, concerning the degrading conditions of
vital safety systems and the capability to apply engineering expertise to
maintain the configuration of these systems.
Specifically, the Recommendation identified possible degradation in
confinement ventilation systems and noted that the Department of Energy (DOE or
Department) has not adopted the nuclear business' long-standing practice of
designating system engineers for systems and processes that are vital to
safety. The Board recommended that the
Department take action to assess the condition of its confinement ventilation
systems, develop programs for contractor and federal technical personnel that
strengthen safety system expertise, and improve the self-assessment processes
that evaluate the condition of vital safety systems. On April 28, 2000, the
Department accepted the Board's Recommendation. In a September 8, 2000 letter the Board amplified the intent of Recommendation
2000-2. The term vital safety system, as used within this implementation plan,
is understood to mean safety-class systems, safety-significant systems, and
other systems that perform an important defense in depth safety function. This definition is consistent with the
Board's terminology and defined within Appendix C of this implementation plan.
The resolution
approach described within this implementation plan defines additional practices
that enhance the Department's ability to apply engineering expertise to
maintain and operate vital safety systems that protect the public, worker and
the environment. The purpose of the
implementation plan is to address a near-term objective of completing a
baseline assessment of the operational readiness of vital safety systems. Actions to correct and/or compensate for degradation
will be identified and prioritized to ensure that these systems remain in, or are restored to, their operational
readiness condition. As a
long-term objective, the Department will institutionalize a process to ensure continued operational
readiness of vital safety systems and support
the Department's continuing effort to establish Integrated Safety Management
(ISM) as the central, enduring framework for safely accomplishing the
Department's mission and work.
Specifically, the actions described in this implementation plan:
·
Implement a phased approach to assess the current operational
readiness of vital safety systems and assess key facilities and/or systems
where operability may have degraded.
Corrective actions and compensatory actions will be tracked and managed
locally to ensure that the operational readiness of these systems is
maintained.
·
Establish a practice of qualifying contractor technical personnel
with system expertise and designating them as system engineers for systems and
processes that are important to safety.
This practice is expected to enhance the Department's ability to apply
engineering expertise in all five functions of ISM.
·
Define Federal workforce expertise necessary to support oversight
of the contractor's system engineer program.
Once defined, the Department will establish qualification requirements
for federal personnel relied upon for system expertise. This practice is also
expected to enhance the Department's ability to apply engineering expertise in
all five functions of ISM.
·
Establish a practice that strengthens line management's review of
feedback mechanisms by periodically reviewing the scope and results of ES&H
self-assessments and summarizing the results for the Secretary. This practice is expected to provide senior
leadership with an executive summary of the results obtained from mechanisms
that make up the feedback and improvement function of ISM.
The resolution approach also describes actions to establish an
expert team that will develop and test a process for assessing the condition of
confinement ventilation systems. Once
tested, field element managers will apply the process in facilities at their
sites.
The Responsible manager for overall execution of this
implementation plan is the Office of Environment, Safety and Health. In this capacity, the Responsible manager
ensures individuals responsible for deliverables and commitments identified
within this implementation plan complete their actions. However, overall responsibility for
operational readiness of vital safety systems rests with the line management
and they are responsible for many of the deliverables associated with
commitments made within this implementation plan. The various lead responsible organizations identified within the
implementation plan are accountable to the Responsible manager with regard to
the completion of deliverables.
Table 2 provides a summary of commitments made in this
implementation plan, which are described further in Section 4.
TABLE OF CONTENTS
Executive Summary | i | ||
1. | Background | 1 | |
2. | Underlying Causes | 2 | |
3. | Baseline Assumptions | 2 | |
4. | Safety Issue Resolution | 2 | |
4.1 | Safety System Operability | 3 | |
4.2 | Safety System Expertise | 13 | |
4.3 | Safety System ES&H Assessments | 18 | |
5. | Organization Management | 20 | |
5.1 | Change Control Reporting | 20 | |
5.2 | Reporting | 20 | |
LIST OF TABLES | |||
Table 1. | Summary Status of Secretarial HEPA Filter Report Commitments | 23 | |
Table 2. | Summary of Implementation Plan Commitments and Deliverables/Milestones | 25 | |
APPENDICES | |||
APPENDIX A: | Secretarial HEPA Filter Report | ||
APPENDIX B: | List of Acronyms | ||
APPENDIX C: | Glossary | ||
APPENDIX D: | Defense Nuclear Facilities Safety Board Recommendation 2000-2 | ||
APPENDIX E: | Recommendation 2000-2 Defense Nuclear
Facilities of Interest |
||
APPENDIX F: | Secretary of Energy Memorandum: Fire Safety Initiative | ||
APPENDIX G: |
Defense Nuclear Facilities Safety Board
letter of September 8, 2000 |
The Defense Nuclear Facilities Safety Board
(Board) issued Recommendation 2000-2 on March 8, 2000. The Department of Energy (DOE or Department)
accepted the Board's Recommendation on April 28th, 2000. The Board noted, in Recommendation 2000-2,
that it was concerned with the fact that many of the Department's nuclear
facilities were constructed years ago and are approaching end-of-life. The Board expressed concern that some
degradation of reliability and operability of systems designed to ensure safety
can reasonably be expected and recommended specific actions to assess system
condition and apply system expertise in managing the configuration of vital
safety systems.
In Recommendation 2000-2, the Board identified recommendations to
improve the configuration management of vital safety systems, and defined vital
safety systems as safety-class, safety-significant, and defense-in-depth. The Department's Directives system defines
safety-significant as those structures,
systems, and components not designated as safety-class structures, systems and
components (SSCs) but whose preventive or mitigative function is a major
contributor to defense-in-depth (i.e., prevention of uncontrolled material
releases) and/or worker safety as determined from hazard analysis. The term vital safety system, as used within
this implementation plan, is understood to mean safety-class systems,
safety-significant systems, and systems that perform an important defense in
depth safety function. This
definition is consistent with the Board's terminology and defined within Appendix
C of this implementation plan.
The Department completed its own analysis of the Board's
Recommendation and evaluated the impact of safety program weakness upon
ventilation and confinement systems that perform safety functions. The conclusions drawn from the evaluation
validate the safety issues and recommendations described in Board
Recommendation 2000-2. The Department's
analysis of the Board's Recommendation led to a commitment to develop an
implementation plan as described in the Secretary’s acceptance letter of April
28, 2000, to accomplish the following:
·
Development of expert-based guidelines for surveying and assessing
confinement ventilation systems and implementation of a plan to identify and
correct root cause of deficiencies.
·
Incorporation of open commitments remaining in the action plan
addressing safety issues related to High Efficiency Particulate Air (HEPA)
filters.
·
Evaluation of existing practices and industry models for use in
establishing a cognizant system engineer concept to strengthen the engineering
resources available for facility configuration management.
·
Assessment of the availability and sufficiency of DOE expertise,
identification of actions necessary to ensure expertise can be brought to bear
in the life-cycle management of vital safety systems and to assess whether
federal technical expertise on safety systems is available to support operating
contractors when significant system problems arise.
·
Review of line oversight of contractor programs to determine
whether safety systems, as well as programs essential to system operability,
are being included in those programs.
As necessary, identify corrective actions to improve implementation of
line oversight programs.
In accepting the Board’s Recommendation, the Department performed
an evaluation of oversight findings and data reported in the Operational
Reporting and Processing System (ORPS).
The evaluation reached many of the same conclusions identified by the Board,
including the need to assess confinement ventilation systems, and provided a
framework for defining the safety issues addressed in this implementation plan.
The Department’s evaluation
concluded that, despite their importance to safety, confinement ventilation
systems are often not maintained or upgraded in a timely manner. The ORPS data indicated that the two
dominant root causes for occurrences were related to equipment/material
deficiencies and management problems (e.g., authorization basis problems,
configuration management, and operator qualifications). The evaluation concluded that problems with
resource availability, and their prioritization, often led to “work-around”
measures to achieve a marginally operable safety condition in lieu of system
upgrades and maintenance.
The Department
made the following baseline assumptions during the development of the 2000-2
Implementation Plan:
·
If properly implemented, additional resources are not required to
phase in a system engineer concept.
·
Actions described within this implementation plan are applicable
to defense nuclear facilities.
The Department's
Integrated Safety Management (ISM) System makes environment, safety and health
(ES&H) practices an integral part of the process of planning and performing
work safely. A continuous effort is
needed to establish ISM as the central, enduring framework for safely
protecting the public, worker, and the environment while accomplishing the
Department's mission and work.
Full
implementation of ISM cannot be considered accomplished until vital safety
systems are identified, responsibility for their operational readiness is
clearly established, an understanding of their readiness is developed, and
functional maintenance and configuration management systems are in place to
ensure continuing readiness.
The resolution
approach described within this implementation plan defines actions to initially
assess the operability of the Department's vital safety systems and enhances
the Department's ability to apply engineering expertise to safely maintain and
operate those systems. The following
sections describe actions to:
·
Implement a phased approach to assess the current operational
readiness of vital safety systems and assess key facilities and/or systems
where operability may have degraded.
Corrective actions and compensatory actions will be tracked and managed
to ensure that the operational readiness of these systems is maintained.
·
Establish a practice of qualifying technical personnel with system
expertise and designating them as system engineers for systems and processes
that are important to safety. This
practice is expected to enhance the Department's ability to apply engineering
expertise in all five functions of ISM.
·
Define Federal workforce expertise necessary to support oversight
of the contractor's system engineer program.
Once defined, the Department will establish qualification requirements
for federal personnel relied upon for system expertise. This practice is also
expected to enhance the Department's ability to apply engineering expertise in
all five functions of ISM.
·
Establish a practice that strengthens line management's review of
feedback mechanisms by periodically reviewing the scope and results of ES&H
self-assessments and summarizing the results for the Secretary. This practice is expected to provide senior
leadership with an executive summary of the results obtained from mechanisms
that make up the feedback and improvement function of ISM.
In Recommendation
2000-2, the Board describes several technical reports that identify concerns
related the ability of ventilation systems to reliably perform their intended
safety functions. In that
Recommendation, the Board specifically urged the Department to establish a team
of experts to survey the operational condition of ventilation systems and
observed that other vital safety systems could benefit from similar attention.
In a September
8, 2000 letter to the Secretary of Energy, the Board amplified the intent of
Recommendation 2000-2 and defined the basic thrust of the Board's
Recommendation to be the assessment of the operational readiness of vital
safety systems and noting that the operational readiness of vital safety
systems is at the core of ISM. As
facilities age, a combination of age-related degradation and less than
effective implementation of preservation programs (e.g., change control,
upgrades, and maintenance) may affect system reliability and ability to perform
design safety functions. In its
September 8, 2000 letter, the Board concluded that the Department's operating
contractors have not always given equipment designed to serve vital protective
functions the attention those safety functions deserve, and urged the
Department to ensure the operational readiness of these systems.
Actions to
assess ventilation and fire protection systems are described in Section 4.1.2
and 4.1.3. The following Section
describes actions to baseline the operability of the defense nuclear facility
vital safety systems and the process to manage the actions necessary to improve
and maintain their operability.
4.1.1 Operability Assessments
Resolution Approach
The Department
will employ a two-phased
approach to verify the operational readiness of vital safety systems. The following paragraphs provide an overview
of the Department's approach.
During the first phase, operating contractors, overseen by Federal field office personnel, will perform an initial assessment of vital safety system operational readiness. This will be accomplished by identifying the vital safety systems within defense nuclear facilities of interest listed in Appendix E; reviewing existing operational and maintenance records; and qualitatively determining a readiness state for each vital safety system within these facilities. To assure consistency, a basic set of criteria will be developed to guide the performance of the initial Phase I assessments.
Once
Phase I assessments are complete, the Department will evaluate the results and
identify key facilities and/or systems where issues or concerns are identified
regarding the operational readiness of vital safety systems. These key facilities and/or systems will be
further assessed in Phase II, while existing self-assessment processes will continue
to be relied upon to maintain the condition of the remaining facilities. In
Phase II assessments, a vertical slice will be performed upon these key
facilities and systems by assembling review teams to tailor assessment criteria
and perform a detailed assessment of the operational readiness of systems. In a manner similar to the approach used by
the Department in verifying the implementation of ISM, team leaders will be
selected who will, in turn, assemble and train a team to conduct the Phase II assessment. Team personnel would be recruited locally
and, where possible, from other field and program offices. For the ISM-like assessments, the
ventilation system assessment guidance and criteria (discussed in Section
4.1.2) will be tailored for use in specific facilities.
Deficiencies and associated corrective actions/compensatory
actions that arise from Phase I and Phase II assessments will be tracked and
managed in local corrective action management systems. Where systemic issues or degradation requiring
significant capital upgrades (i.e., upgrades requiring a Congressional budget
line item or a major system acquisition) are identified, corrective actions
will be documented and managed in the Department's Corrective Action Tracking
System. Budget requirements for
corrective actions resulting from these
assessments will be identified on an annual basis and submitted into the budget
process.
Commitments
Note: The Department
intends to meet the schedule established by commitments 5, 6, and 7. However, the time needed to complete
commitments 3 and 4 will be evaluated assess the validity of that
schedule. If necessary, completion of
commitment 5 will be delayed up to two months, which would in turn delay completion
of commitments 6 and 7.
Commitment 1
Commitment
Statement: The Secretary will
initiate Phase I assessments and issue guidance/criteria to ensure consistent
results.
Deliverable: Assessment criteria/guidance
Responsible
Manager: Assistant Secretary for
Environment, Safety and Health
Due
Date: November 2000
Commitment 2
Commitment
Statement: Cognizant Secretarial
Officers (CSOs) will identify and list safety-class systems, safety-significant
systems, and other systems that perform important defense in depth functions in
defense nuclear facilities at each of their facilities. These lists will be used for other actions
described within this implementation plan and forwarded to the FTCP for use in
determining the system expertise needed at the Federal level.
Deliverable: CSO memos forwarding the system lists to the
Chair of the FTCP.
Responsible Manager: Assistant Secretary for Environmental Management
Deputy
Administrator for Defense Programs
Due Date: November 2000
Commitment 3
Commitment
Statement: At the priority facilities
listed in Appendix E, the Department will complete initial Phase I assessments
of safety class, confinement ventilation, and fire protection systems.
Deliverable: Response to Phase I assessment
guidance/criteria
Responsible
Manager: Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: February 2001
Commitment 4
Commitment Statement: At the follow-on facilities listed in
Appendix E, the Department will complete Phase I assessments of safety class,
confinement ventilation, and fire protection systems.
Deliverable: Response to Phase I assessment
guidance/criteria
Responsible Manager: Assistant
Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: May 2001
Commitment 5
Commitment
Statement: At all facilities listed
in Appendix E, the Department will complete Phase I assessments of remaining
vital safety systems.
Deliverable: Response to Phase I assessment
guidance/criteria
Responsible
Manager: Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: June 2001
Commitment 6
Commitment
Statement: The Department will
evaluate the results obtained from Phase I assessments conducted at Facilities
of Interest and identify key facilities and/or systems that will receive Phase
II assessments.
Deliverable: Briefing to the Board on the list of key
facilities and systems that will receive a Phase II assessment and a schedule
for their completion
Responsible
Manager: Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Assistant Secretary for Environment, Safety and Health
Due Date: July 2001
Commitment 7
Commitment
Statement: The Department will
assemble teams and begin Phase II assessments.
Deliverable: Letter announcing commencement of the first
Phase II assessment
Responsible
Manager: Field Office Manager
Due Date: September 2001
Commitment 8
Commitment Statement: Deficiencies observed during Phase I and
Phase II assessments will be tracked and managed in local corrective action
management systems. Resources allocated to address
findings resulting from confinement ventilation
system and other assessments within this Implementation Plan will be identified
on an annual basis
Deliverable: Summary of resources allocated within the FY
2003 budget request from congress
Responsible Manager: Assistant Secretary for Environment, Safety
and Health
Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: February 2002
4.1.2 Ventilation System Operability
Resolution
Approach
In Recommendation 2000-2, the Board concluded that degradation of
confinement ventilation system reliability and operability might be approaching
unacceptable levels. Their conclusion
was based upon a review and analysis of DOE occurrence reports. The frequency and variety of off-normal
occurrences led the Board to recommend the establishment of a team to survey
operational records and assess the current condition of confinement ventilation
systems important to safety in defense nuclear facilities.
In accepting the Board’s Recommendation, the Department performed
an analysis of oversight findings and data reported in ORPS. The analysis reached many of the same
conclusions identified by the Board, including the need to assess confinement
ventilation systems.
The first step in addressing this safety issue is to develop a set
of assessment criteria and guidance to be used to ascertain the current
condition of confinement ventilation systems vital to safety within defense
nuclear facilities. A team of experts,
with expertise in areas such as system design, reliability/safety analysis, equipment
operation and performance, maintenance and operations, health physics, fire
safety, industrial hygiene, and assessor/inspector practices will develop the
assessment criteria/guidance and test their effectiveness at a limited number
of facilities. The expert team will
consist of representatives from the Department, its M&O contractors, and
industry organizations with experience with confinement ventilation systems.
The assessment criteria developed for confinement ventilation
systems will also begin to address other systems (e.g., electrical power;
instrumentation and control systems) whose operation are essential to support
this vital safety system. The
assessment will review the general condition of the supporting systems and
determine whether their design and classification appropriately support
operation of the confinement ventilation system. This review of supporting systems will provide some indication as
to whether the condition of these systems has degraded to the point where they
are not capable of supporting the operation of the confinement ventilation
system.
Conceptually, the assessment guidelines developed by these experts
will have an assessment team begin with a review of technical authorization
basis documents to identify critical system functions. The team will then review system drawings
and walk down the system to determine overall material condition and physical
layout. Once the assessment team has developed an understanding of the
facility-specific conditions and layout, the team will review facility records
(e.g., equipment operating logs) and perform additional walk downs to evaluate
programs that ensure reliable system performance (e.g., maintenance and
operator training) and identify operational trends.
Where negative trends or problem areas are identified, the
assessment team will identify and document causes and recommend actions to
address them (e.g., system upgrades, maintenance program adjustments, or
training). Finally, based upon the
assessment results and engineering judgment, the assessment team will estimate
the ability of the confinement system to reliably perform its safety
function(s) over the remaining system lifetime. As conceived, the assessment results will be documented in a
summary report and issued to the field element manager. Lessons learned during the performance of
these assessments will be provided to field element managers for use in future
ES&H assessments.
Once assessment criteria and guidance are
developed, the expert team will test the criteria's effectiveness at pilot facilities. Five facility attributes were identified for
consideration in selecting facilities to
assess as pilots. The attributes were
defined in a manner to maximize the ability to test criteria effectiveness on
facilities with a diverse range of missions and complexity.
1.
Facility Age. Moderate to old facilities were considered more desirable as
candidates. Conditions at older
facilities were considered to provide the best challenge to assessment
criteria.
2.
Remaining Mission Life. The assessment criteria should be tested at
a facility with significant missions remaining and one nearing deactivation.
3.
Authorization Basis Status. Pilot tests should be conducted at
facilities with recently updated Authorization Basis and well documented system
classification (safety-class/safety-significant)
4.
System Complexity. Criteria effectiveness should be initially tested on relatively
complex confinement ventilation systems.
5. Program Owner. Although a number
of program offices oversee facilities with confinement ventilation systems,
facilities operated by Environmental Management (EM) and Defense Programs (DP)
were considered to be representative of the Department.
Several facilities were identified as
possible pilot facilities during development of this implementation plan. All candidate facilities were considered to
have a complex ventilation system:
·
Rocky Flats Building 371: Building 371 is an EM facility with a
current Authorization Basis. The
facility is approximately 20 years old and will be deactivated in the near
future. The confinement ventilation system is safety-class.
·
Savannah River H-Canyon: The canyon is also an EM facility with a
good Authorization Basis. The facility
is approximately 45 years old and is expected to remain operational in excess
of 10 years. The confinement
ventilation system is safety-class.
·
Los Alamos National Laboratory's TA-3
Chemistry and Metallurgical Research Laboratory (CMR): CMR is a DP facility with a current Basis
for Interim Operations. The facility is
approximately 50 years old and is expected to remain operational for another 10
years. The confinement ventilation
system is classified as safety-significant.
·
Los Alamos National Laboratory's TA-55
Building 4: TA-55 is a DP facility with a good Authorization Basis. The facility is approximately 20 years old
and is expected to remain operational in excess of 10 years. The confinement ventilation system is
classified as safety-significant.
·
Lawrence Livermore National Laboratory's
Building 332: Building 332 is also DP
facility with a current Authorization Basis.
The facility is approximately 40 years old and is expected to remain
operational in excess of 10 years. The
confinement ventilation system is safety-class.
Once developed and tested by the "expert team," the
assessment criteria/guidance will be issued to the CSOs for use at their
facilities. Line management in the
field will assemble a team, using local expertise (supplemented as need by
expertise available elsewhere in the complex), to assess confinement ventilation
systems that are important to safety.
Members of the "expert team" involved in the development and
testing of the assessment guidelines will be available to consult with field
personnel to ensure consistency in guideline application and assist in evaluating
findings relative to criteria in the assessment plan.
Recommended actions to address issues or concerns identified by
assessment teams (e.g., improved maintenance, compensatory measures, or
training) will be documented in the reports issued to the field element
managers and managed in local corrective action management systems. The qualitative system reliability
evaluation made by an assessment team will be considered when recommending
compensatory measures. Where systemic
issues or degradation requiring significant capital upgrades (i.e., upgrades
requiring a Congressional budget line item or a major system acquisition) are
identified, corrective actions will be documented and managed in the
Department's Corrective Action Tracking System.
In a June 8, 1999, letter to the Secretary of Energy, the Board
released Technical Report 23, HEPA
Filters Used in the Department of Energy's Hazardous Facilities, and
requested a plan outlining the steps required to restore the infrastructure
that supports the HEPA filter program.
HEPA filters are used extensively at the Department's sites to remove
small hazardous and radioactive particles from air flowing from a facility's
interior to the outdoors. The filters
are the accepted method to keep airborne particulate emissions within safety
standards in order to protect the public, workers, and the environment.
In a response dated December 6, 1999, the Department issued an
action plan that addressed four general issues: assessments, technical issues, management issues, and information
exchange. In the action plan, the
Department identified six actions to be taken and committed to providing
thirteen deliverables. In response to
Board Recommendation 2000-2, the Department agreed to incorporate into this
implementation plan the open commitments from the Secretary's HEPA filter
action plan.
A copy of the Secretary's HEPA filter action plan is provided in
Appendix A. A summary of commitments
made in the Secretary's HEPA filter action plan and their status are provided
in Table 1. The open commitments from
that action plan are incorporated by reference into this implementation plan
and listed in Table 2.
Commitments
Commitment 9
Commitment Statement: The Department will develop assessment
criteria and guidelines to ascertain the current condition of confinement
ventilation systems within defense nuclear facilities.
Deliverable: Assessment criteria and guidelines for
Department defense nuclear facilities.
Responsible Manager: Assistant Secretary for Environment, Safety
and Health
Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: March 2001
Commitment 10
Commitment
Statement: The expert team will
test the effectiveness of confinement ventilation system assessment criteria
and guidelines at two pilot facilities.
Deliverable: Briefing to the Board
Responsible
Manager: Assistant Secretary for Environment, Safety and Health
Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Due Date: June 2001
Commitment 11
Commitment Statement: Field element managers will assemble teams
to assess the condition of confinement ventilation systems that are important
to safety. Corrective actions will be
entered into local corrective action management systems, and as necessary, the
Department's Corrective Action Tracking System.
Deliverable: CSO letters reporting completion with an
enclosed sample assessment report from a facility at each site.
Responsible Manager:
Assistant
Secretary for Environmental Management
Deputy
Administrator for Defense Programs
Due Date: September 2001
Secretarial HEPA filter report commitments are incorporated by
reference include:
·
Action 2.0, Deliverable 2.1; Responsible Manager: Deputy Administrator for DP
·
Action 2.0, Deliverable 2.2; Responsible Manager: Deputy Administrator for DP
·
Action 2.0, Deliverable 2.3; Responsible Manager: Lead Program Secretarial Officers (LPSOs)
·
Action 3.0, Deliverable 3.3; Responsible Manager: LPSOs
·
Action 4.0, Deliverable 4.1; Responsible Manager: Assistant Secretary for EM
·
Action 4.0, Deliverable 4.2; Responsible Manager: Assistant Secretary for EM
·
Action 5.0, Deliverable 5.1; Responsible Manager: Assistant Secretary for EM
Resolution Approach
In a memorandum dated October 2, 2000 (Appendix F), the Secretary
of Energy initiated action to assess the abilities of DOE sites to effectively
prevent fires and respond effectively in the event a fire occurs. The Secretary's initiative begins with an
initial review of the Department's current capabilities related to wildfire
safety, including those aspects of emergency management that deal with the
ability to respond to a wildfire. A
copy of that review, including its site-specific and DOE-wide recommendations
for improvement, will be provided to the Board as a deliverable under this
implementation plan.
Using data obtained from the initial review, the Assistant
Secretary for Environment, Safety and Health will develop a plan and take the
lead in conducting a comprehensive study that provides for an in-depth
evaluation of the capability to respond to wildfires and emphasizes facility
fire safety, including fire detection and suppression systems and facility-specific
programs that support those systems.
Information obtained as a result of reviewing fire protection systems during the initial Phase I assessments will be factored into the development of the comprehensive study developed by the Office of Environment, Safety and Health. Conceptually, the facility assessments described in the comprehensive study will be comparable in nature to the Phase II assessments conducted on other vital safety systems under this implementation plan. Additionally, the technical concepts and principles provided by the Board in its Technical Report 27, Fire Protection at Defense Nuclear Facilities, will be incorporated during development of the comprehensive study. The Office of Environment, Safety and Health will coordinate 2000-2 Phase 2 activities with the comprehensive study developed for the Secretary’s fire safety initiative to avoid duplication of efforts. The comprehensive study is scheduled to commence early in calendar year 2001. A copy of the plan for the comprehensive facility fire safety study will be provided to the Board as a deliverable under this implementation plan.
Commitments
Commitment
12
Commitment Statement: The Department will complete an initial review of the ability of
DOE sites to effectively prevent fires and respond effectively in the event
that a fire occurs. This review, in
addition to the Phase I assessments, will provide the information to plan the
comprehensive study described in Commitment 13.
Deliverable: Initial review report
Responsible Manager: Assistant Secretary for
Environment, Safety and Health
Due Date: December 2000
Commitment 13
Commitment Statement: The Department will develop a plan for
conducting a comprehensive study that provides for an in-depth evaluation of
the capability to respond to wildfires and emphasizes facility fire safety,
including fire detection and suppression systems and facility-specific programs
that support those systems.
Deliverable: Comprehensive study plan
Responsible Manager: Assistant
Secretary for Environment, Safety and Health
Due Date: April 2001
Safety Issue:
Integrated Safety Management (ISM) System processes help to ensure systems are
able to perform their design safety functions.
Effective implementation of ISM relies upon the ability to apply
engineering expertise to maintain safety system configuration and assess system
condition.
4.2.1 System Expertise: Contractor Personnel
Resolution Approach
In Recommendation 2000-2, the Board observed that the Department
has not adopted the nuclear business' long-standing practice of designating
system engineers for systems and processes that are vital to safety. The Board stated a belief that by
identifying personnel outside the operational forum, designating them as system
engineers, and assigning them responsibility for configuration management, the
Department could establish a mechanism that would go a long way toward ensuring
reliable safety system performance.
In developing this implementation plan, the Department performed a
review of system engineer guidance and system engineer configuration management
practices in place at a number of DOE facilities. The results of that review are discussed in the following paragraphs.
Although contractors have put into place programs to maintain
configuration control of safety systems, the Department has not established a
consistent set of requirements related to the application of a system engineer
concept to maintain configuration control of safety systems. DOE STD 1073-93, Guide for Operational Configuration Management Program, which
provides guidance related to the elements of a contractor configuration
management program, includes a brief, general discussion of the system engineer
concept. Appendix B of Part I of the
standard describes the potential value added by the system engineers in
managing change control at DOE facilities and outlines the key attributes of a
system engineer program.
The Department reviewed configuration management practices at a
number of sites. Although configuration management programs were observed, many
contractors had not adopted a formal system engineer function. Where analogous programs exist, rigor and
formality varied significantly. In
general, the National Laboratories are organized on a project basis and
primarily rely on the facility manager or individual scientist/experimenter to
concern themselves with their safety systems and control system
configuration. Of the facilities
reviewed, the system engineer programs in place at the Paducah and Portsmouth
gaseous diffusion plants represented the most mature programs.
The Nuclear Regulatory Commission (NRC) regulates United States
Enrichment Corporation (USEC), which operates the Paducah/Portsmouth gaseous
diffusion plants. The diffusion plants'
system engineer programs were developed from a review of successful programs in
place at a number of commercial nuclear power plants. At their plants, USEC has implemented a mature system engineer
function that meets NRC expectations regarding the use of system engineers and
performs the functions described by the Board.
The Institute of Nuclear Power Operations (INPO) developed Good
Practice TS-413, Use of System Engineers,
as a guide to assist the commercial nuclear industry develop its own system
engineer program. TS-413 defines the
features of an effective system engineer program, lessons learned from the
adoption of these programs, and provides an example program as a model for
commercial use.
The Department agrees that, if implemented correctly, the system
engineer concept could represent a mechanism for applying technical expertise
to maintain the design basis, control configuration, and trend
performance. The results obtained from
the document and program reviews described in the preceding paragraphs were
used to develop a conceptual system engineer model for use at the Department's
facilities. Where safety systems are
required to protect the public and workers, the system engineer concept is
applicable throughout a facility's life cycle (i.e., new facilities, existing
facilities, and facilities undergoing decontamination and
decommissioning). DOE O 430.1A, Life Cycle Asset Management, will be
revised to include requirements for a contractor system engineer program. However, as this implementation plan is
being developed, a proposal to cancel DOE O 430.1A and incorporate applicable
requirements into other orders is being evaluated by the Department. If DOE O 430.1A is cancelled, system
engineer requirements will be incorporated into another applicable order, such
as DOE O 420.1, Facility Safety.
An Order revision will be drafted to establish requirements to
address the following program elements:
·
Identify systems whose safety significance warrants the use of a
system engineer.
·
Establish a program to implement key system engineer
functions. Conceptually, a contractor's
system engineer program would perform three key functions: configuration
management activities, evaluation of system status and performance, and
technical support for operations and maintenance activity and evaluation of
potential inoperability when a safety function appears compromised. The system engineer function should be
established outside the operational forum, but within line management, to
provide a perspective that is insulated from operational pressures and
production requirements.
·
Establish a need for contractors to define minimum
qualification/requalification requirements and establish a process for
identifying successor system engineers.
The qualification/requalification requirements defined for system
engineers should be consistent with those defined for senior engineering
positions described in DOE O 5480.20A, Personnel
Selection, Qualification, and Training Requirements for DOE Nuclear Facilities. The qualification/requalification
requirements established for the system engineers will be incorporated into the
contractor training programs required by DOE O 5480.20A.
·
Safety system assessments:
System engineers must be actively involved in periodic facility
condition inspections to assess the condition of their assigned system. Actions and requirements to address system
assessment are contained in DOE O 4330.4B,
Maintenance Management Program.
Implementation of these system engineer requirements should be
tailored to facility hazards and the systems relied upon to prevent or mitigate
those hazards. A graded approach will
be used to implement system engineer Order requirements.[16383]
Development and coordination of new requirements to be included in an Order is expected to take a significant amount of time. While awaiting formal requirements to be established, the Secretary will provide interim direction that will have contractors define vital safety systems warranting the use of a system engineer and initiate action to develop and implement the type of system engineer program defined within this implementation plan. This interim direction will describe the elements of a system engineer program to be institutionalized within the Directives system and establish dates for interim implementation while awaiting processing through the Directives system. The Office of Environment, Safety and Health will monitor the field's response to the Secretary's interim guidance and evaluate implementation progress after one year.
Although line management is responsible for facility safety, the
system engineer is responsible for ensuring the assigned safety system(s)
remains operable and receives the care and maintenance necessary to support the
facility mission. DOE STD 1073-93
provides guidance regarding the system engineer concept and the following
discussion supplements and reinforces the guidance contained within the
document.
Configuration Management:
Conceptually, this program function is associated with maintaining
consistency among the system’s design basis and requirements, system
documentation, and physical configuration.
The system engineer would be responsible for identifying documents
(e.g., drawings, calculations, applicable portions of documented hazard and
accident analyses, and vendor manuals) that define the design basis for a
system important to facility safety, identifying additional documents needed,
and ensuring system documentation is kept up to date using a formal work
control/change control process. Where a
facility’s design basis has not been clearly defined, the system engineer would
be responsible for identifying system requirements, performance criteria, and
documents considered to be essential to system operation. DOE STD 3024-98, Content of System Design Descriptions, provides guidance regarding
the identification and consolidation of key design documents. The system engineer will also be responsible
for ensuring work control and change control processes are followed and regular
assessments of the system to ensure continued operational readiness as detailed
in the following paragraph.
Assessment of System Status and Performance: Conceptually, this program function is
associated with being cognizant of ongoing maintenance and operations
activities, evaluating system performance, and involvement in the
identification and correction of equipment deficiencies. To be effective, the system engineer must
remain apprised of the system’s operational status and ongoing modification activities. The system engineer would also assist
operations to review key system parameters, evaluate system performance, and
initiate actions to correct problems.
System material condition should also be periodically reviewed by the
system engineer during implementation of facility condition inspections
required by the Maintenance Order.
These periodic reviews should include a review of component
classification and an assessment of the system's ability to perform design and
safety basis functions.
Technical Support for Operations and Maintenance Activity: Conceptually, this program function is
associated with providing technical assistance in support of maintenance and
operations activities. Once
established, a system engineer would function as the individual cognizant of
the system-specific maintenance/operations history as well as industry
operating experience. The system
engineer would be actively involved in day-to-day activities to identify
emerging trends and would provide technical assistance, as necessary, in
determining operability or correcting out-of-specification conditions or
evaluating questionable data. When a
safety system is suspected to be inoperable or degraded, the system engineer
provides an analysis or supports an analysis, which determines
operability. The system engineer will
also be responsible for reviewing and concurring with design changes and
providing input to the development of special operating/test procedures.
Commitments
Commitment 14
Commitment
Statement: While awaiting formal requirements to be established, the
Secretary will provide interim direction that will have contractors initiate
actions to designate system engineers for vital safety systems.
Deliverable: Secretarial letter
Responsible
Manager: Assistant Secretary for Environment, Safety and Health
Due Date: November 2000
Commitment 15
Commitment Statement: The Department will establish requirements
for a system engineer concept to manage the configuration of systems designated
as important to safety.
Deliverable: Draft DOE Order revision submitted into the
Directives review process.
Responsible Manager: Assistant
Secretary for Environment, Safety and Health
Due Date: March 2001
Commitment 16
Commitment
Statement: The Office of Environment, Safety and Health will monitor the
field's response to the Secretary's interim guidance and evaluate
implementation progress after one year.
Deliverable: Briefing to the Board
Responsible
Manager: Assistant Secretary for Environment, Safety and Health
Due Date: November 2001
4.2.2 System Expertise: Federal Personnel
The oversight role of the DOE Federal workforce requires
familiarity with vital safety systems and the contractor's application of the
system engineer concept. Once
contractors implement a system engineer program, the Department needs to ensure
that Federal technical personnel knowledgeable of those safety systems are
available to support the contractor's life-cycle management of vital safety
systems, particularly when significant system problems arise.
Determination of system expertise needed at the Federal level
begins with the identification of safety-class and safety-significant systems
at each site. The types and number of
these safety systems at each site will determine the need for Federal personnel
with expertise in a particular safety system.
As described in Commitment 2, CSOs will work with field element managers
to identify these systems and forward a list of systems from each site to the
Federal Technical Capability Panel (FTCP).
As a supplement to the Department's annual workforce needs
assessment, the FTCP will assess the availability of DOE Federal expertise and
recommend actions necessary to ensure that such expertise can be brought to
bear in the life-cycle management of vital systems. Where a field element
manager determines it is not practicable to maintain Federal expertise in a
particular system, expertise must be available from elsewhere within the
complex. Based on the FTCP's assessment,
a report will be generated that describes current organizational methods and
processes that align Federal technical expertise with system engineer
needs. Based on recommendations of that
report, changes or additions will be made to the Technical Qualifications
Program (TQP) standards and processes.
Such changes may include required demonstration of expertise in vital
safety systems or involve definition of a qualification standard(s).
Commitments
Commitment 17
Commitment
Statement: As a supplement to the
annual workforce analysis, the FTCP will identify system expertise needed at
the Federal level and survey the availability and sufficiency of personnel
required to ensure effective oversight of contractor safety systems.
Deliverable: Letter to the Board forwarding analyses
provided to the Chair of the FTCP.
Responsible
Manager: Chair, FTCP
Due
Date: March 2001
Commitment 18
Commitment
Statement: A report will be
compiled identifying the Department's needs for Federal technical personnel
capable of reviewing safety systems and programs essential to systems
operability and the means of addressing critical technical skills gaps.
Deliverable: Recommendations provided to the
Deputy Secretary
Responsible
Manager: Chair, FTCP
Due
Date: April 2001
Commitment 19
Commitment
Statement: Based on conclusions and
recommendations made in Commitment 18, changes or additions will be made to the
Technical Qualifications Program (TQP) standards and processes.
Deliverable: Revised Technical Qualifications Program
standard or process for safety system expertise.
Responsible
Manager: Chair, FTCP
Due
Date: June 2001
In Recommendation 2000-2, the Board recommended that the
Department ensure safety system status, as well as supporting programs, are
scrutinized as a regularized part of assessments performed by the line
management. In accepting the Board's
Recommendation, the Department committed to a review of line oversight of
contractor programs to determine whether safety systems, as well as programs
essential to system operability, are being included in those programs.
DOE P 450.5, Line
Environment, Safety and Health Oversight, sets forth the expectations for
ES&H oversight and the use of contractor self-assessment programs as the
cornerstone of this oversight. The
Policy defines the key elements of a line ES&H program for both the
contractor and DOE line organizations.
The Department and its contractors have an abundance of oversight and feedback mechanisms that satisfy the requirements of DOE P 450.5 and are used to improve operations throughout the DOE complex. In developing the ISM System, the Department established a guiding principle that line management is responsible for safety, and line managers have a responsibility to get personally involved in reviewing and making use of performance feedback information to drive continuous improvement.
In order to provide senior leadership with information obtained
from these oversight and feedback processes, the Department will begin a
regular practice of periodically reviewing ES&H assessments performed by
DOE and the maintenance and operation (M&O) contractor at each site, and
summarizing the results for the Secretary.
Annually, LPSOs will review the results of ES&H assessments
performed during the previous year and provide the Secretary with a summary
report for each of their sites. The
report for each site will:
·
Summarize the scope and schedule for ES&H assessments
performed over the previous 12 months by the M&O contractor, DOE line
management, and the Office of Independent Oversight.
·
Summarize the results obtained from these assessments, both by
program and vital safety systems. Using
a site-specific list of vital safety systems (Commitment 3), the summary report
will provide a crosswalk of how ES&H assessment programs at each site
review the condition of their vital safety systems.
·
Note actions taken to address significant issues.
·
Identify issues where the field element manager has asked for
assistance.
This annual review of ES&H assessments will be institutionalized
as a requirement in the Directives system (e.g., a revision of DOE O 231, Environment, Safety and Health Reporting).
Commitments
Commitment 20
Commitment Statement: Annually,
LPSOs will review the results of ES&H assessments performed during the
previous year and provide the Secretary with a summary report for each of their
sites.
Deliverable: Summary reports from each LPSO reporting the
results of assessments at each of their sites.
Responsible Manager: Assistant Secretary for Environmental Management
Deputy Administrator for Defense Programs
Director of the Office of Science
Due Date: February 2001
February 2002
Commitment 21
Commitment Statement: Annual LPSO
reviews of ES&H assessments, described in Commitment 20, will be
institutionalized within the Directives system.
Deliverable: Draft DOE Order and/or
Policy revisions submitted into the Directives review process.
Responsible Manager: Assistant Secretary for
Environment, Safety and Health
Due Date: July 2001
The Responsible manager for overall execution of this
implementation plan is the Office of Environment, Safety and Health. In this capacity, the Responsible manager
ensures individuals responsible for deliverables and commitments identified
within this implementation plan complete their actions. To coordinate completion of these
commitments, the Responsible manager will establish and chair a team comprised
of senior representatives from the field and from the Headquarters program
offices of Science, Defense Programs, and Environmental Management. The various lead responsible organizations
identified within the implementation plan are accountable to the Responsible
manager with regard to the completion of deliverables.
5.1 Change Control
Complex, long-range plans require sufficient flexibility to
accommodate changes in commitments, actions, or completion dates that may be
necessary due to additional information, improvements, or changes in baseline
assumptions. The Department’s policy is
to (1) provide prior, written notification to the Board on the status of any
implementation plan commitment that will not be completed by the planned
milestone date, (2) have the Secretary approve all revisions to the scope and
schedule of plan commitments, and (3) clearly identify and describe the
revisions and bases for the revisions.
Fundamental changes to the plan’s strategy, scope, or schedule will be
provided to the Board through formal revision and reissuance of the
implementation plan. Other changes to
the scope or schedule of planned commitments will be formally submitted in
appropriate correspondence approved by the Secretary, along with the basis for
the changes and appropriate corrective actions.
5.2 Reporting
To ensure the various Department implementing elements and the
Board remain informed of the status of plan implementation, the Department's
policy is to provide progress reports until implementation plan commitments are
completed. The Department will provide
briefings to the Board approximately every 4 months.
Commitment 22
Commitment Statement: The Department
will provide briefings to the Board approximately every four months.
Deliverable: Briefings
Responsible Manager: Assistant Secretary for
Environment, Safety and Health
Due Date: January 2001, and
approximately every four months thereafter
Action Plan
Commitment Summary |
Commitment
Status |
Action 1, Deliverable 1.1 |
The Department has completed this commitment. On March 1, 2000, the Deputy Secretary
issued a memorandum initiating action to assess nuclear facilities. A copy of the memorandum was provided to
the Board on April 19, 2000. |
Action 1, Deliverable 1.2 |
All vulnerability assessments were completed by August
2000. The Assistant Secretary for
Environment, Safety and Health is developing a letter that formally notifies
the Board that the Department has completed this action and that the Department
intends to reevaluate the condition of HEPA filters during the performance of
confinement ventilation system assessments. |
Action 1, Deliverable 1.3 |
The Department’s commitment to enter corrective actions into
CATS was completed by September 2000.
The Assistant Secretary for Environment, Safety and Health is
developing a letter that formally notifies the Board that the Department has
completed this action and that the Department intends to reevaluate the condition
of HEPA filters and identify corrective actions under this implementation
plan activity to assess confinement ventilation systems. |
Action 2, Deliverable 2.1 |
The Secretary's HEPA filter report committed to a completion
date of 12/01/00 |
Action 2, Deliverable 2.2 |
The Secretary's HEPA filter report committed to a completion
date of 11/30/01 |
Action 2, Deliverable 2.3 |
The Secretary's HEPA filter report committed to a completion
date of 11/30/01 |
Action 3, Deliverable 3.1 |
The Department has completed this commitment. A page change was developed to DOE HDBK
3010-94 and issued on March 1, 2000.
This completed Action 3, Deliverables 3.1 and 3.1. The Deputy
Administrator for Defense Programs provided formal notification to the Board
on September 1, 2000. |
Action 3, Deliverable 3.2 |
The Department has completed this commitment. A page change was developed to DOE HDBK
3010-94 and issued on March 1, 2000.
This completed Action 3, Deliverables 3.1 and 3.1. The Deputy Administrator
for Defense Programs provided formal notification to the Board on September
1, 2000. |
Action 3, Deliverable 3.3 |
The LPSO’s have not yet issued letter to field describing the
change and identifying the need to screen Authorization Basis documents for
unreviewed safety questions. |
Action 4, Deliverable 4.1 |
The Department has completed an
evaluation of the management issues related to QPL Laboratory and Filter Test
Facility operations. A working group evaluation, which addressed
consolidation of filter test facilities at one site, is referred to the DOE
Chief Operating Officers (COO’s) for final resolution of
recommendations. The COO’s will
decide on the final content of recommendations in December, 2000 and the
results will be forwarded to the Board.
|
Action 4, Deliverable 4.2 |
While Action 4.1 and 5.1 are being worked, Headquarters
continues to provide funding to support operation of the Filter Test Facility
at Oak Ridge. |
Action 5, Deliverable 5.1 |
The Department has completed an evaluation of the management
issues related to the testing of HEPA filters. The recommendations developed through the evaluation did not
receive the concurrence of all the Programs.
The recommendations are referred to the Chief Operating Officers
(COO’s) for a decision on final content, December, 2000 and the results will
be forwarded to the Board. |
Action 6, Deliverable 6.1 |
The Department has completed this commitment. In December 1999, the Assistant Secretary
for Environment, Safety and Health convened a working group to identify
options. On January 12th,
the Department issued a letter to the Board describing actions to support the
26th Nuclear Air Cleaning conference that is scheduled for
September 2000. The letter also
described actions to develop an Internet web site for sharing of information
and lessons learned within the air filter and ventilation technology
community and coordinate future air cleaning conferences with existing
conferences, such as the Department's Waste Management Conference. |
Number |
Commitment |
Deliverable |
Due Date |
Responsibility |
1 |
The Secretary will initiate Phase I
assessments and issue guidance/criteria to ensure consistent results. |
Assessment criteria/guidance |
November 2000 |
Assistant Secretary for
Environment, Safety and Health
|
2 |
Cognizant Secretarial Officers (CSOs)
will identify and list safety-class systems, safety-significant systems, and
other systems that perform important defense in depth functions in defense
nuclear facilities at each of their facilities. These lists will be used for other actions described within
this implementation plan and forwarded to the FTCP for use in determining the
system expertise needed at the Federal level. |
CSO memos forwarding system lists to
the Chair of the FTCP. |
November 2000 |
Assistant Secretary, EM
Deputy Administrator, DP |
3 |
At the priority facilities listed in Appendix E, the Department
will complete Phase I assessments of safety class, confinement ventilation,
and fire protection systems. |
Response to Phase I assessment
guidance/criteria |
February, 2001 |
Assistant
Secretary, EM Deputy
Administrator, DP |
4 |
At the
follow-on facilities listed in Appendix E, the Department will complete Phase
I assessments of safety class, confinement ventilation, and fire protection
systems. |
Response to Phase I assessment
guidance/criteria |
May 2001 |
Assistant
Secretary, EM Deputy Administrator, DP
|
5 |
At all facilities listed in Appendix E, the Department will
complete Phase I assessments of the remaining vital safety systems. |
Response to Phase I assessment
guidance/criteria |
June 2001 |
Assistant
Secretary, EM Deputy Administrator, DP
|
6 |
The Department will evaluate the results obtained from Phase I
assessments conducted at Facilities of Interest and identify key facilities
and/or systems that will receive Phase II assessments. |
List of key facilities and systems
that will receive a Phase II assessment and a schedule for their completion |
July 2001 |
Assistant
Secretary, EM Deputy Administrator, DP
Assistant Secretary, Environment, Safety and Health |
7 |
The Department will assemble teams and begin Phase II
assessments. |
Letter announcing commencement of the first Phase II assessment |
September 2001 |
Field
Office Manager |
8 |
Deficiencies
observed during Phase I and Phase II assessments will be tracked and managed
in local corrective action management systems.
Resources allocated to address findings
resulting from confinement ventilation system and other assessments within
this Implementation Plan will be identified on an annual basis |
Summary of resources allocated within
the FY 2003 budget request from congress |
February 2002 |
Assistant
Secretary, EH Assistant
Secretary, EM Deputy Administrator, DP
|
9 |
The Department
will develop assessment criteria and guidelines to ascertain the current
condition of confinement ventilation systems within defense nuclear
facilities. |
Assessment
criteria and guidelines. |
March 2001 |
Assistant
Secretary for Environment, Safety and Health |
10 |
The expert
team will test the effectiveness of confinement ventilation system assessment
criteria and guidelines at two pilot facilities. |
Briefing to the Board. |
June 2001 |
Assistant
Secretary for Environment, Safety and Health |
11 |
Field element
managers will assemble teams to assess the condition of confinement
ventilation systems that are important to safety. Corrective actions will be entered into local corrective action
management systems, and as necessary, the Department's Corrective Action
Tracking System. |
LPSO letters reporting completion with an enclosed sample
assessment report from a facility at each site. |
September 2001 |
Assistant Secretary, EM Deputy Administrator, DP |
12 |
The
Department will complete an initial review of the ability of DOE sites to
effectively prevent fires and respond effectively in the event that a fire
occurs. This review, in addition to
the Phase I assessments, will provide the information to plan the
comprehensive study described in Commitment 13. |
Initial
Review report |
December 2000 |
Assistant
Secretary for Environment, Safety and Health |
13 |
The Department will develop a plan for conducting a
comprehensive study that provides for an in-depth evaluation of the
capability to respond to wildfires and emphasizes facility fire safety,
including fire detection and suppression systems and facility-specific
programs that support those systems. |
Comprehensive study plan |
April 2001 |
Assistant Secretary for Environment, Safety and Health |
14 |
While awaiting
formal requirements to be established, the Secretary will provide interim
direction that will have contractors initiate actions to designate system
engineers for vital safety systems. |
Secretarial
Letter |
November 2000 |
Assistant
Secretary for Environment, Safety and Health |
15 |
The Department
will establish requirements for a system engineer concept to manage the
configuration of systems designated as important to safety. |
Draft DOE
Order revision submitted into the Directives review process |
March 2001 |
Assistant
Secretary for Environment, Safety and Health |
16 |
The Office of
Environment, Safety and Health will monitor the field's response to the
Secretary's interim guidance and evaluate implementation progress after one
year. |
Briefing to
the Board |
November 2001 |
Assistant
Secretary for Environment, Safety and Health |
17 |
As a
supplement to the annual workforce analysis, the FTCP will identify system
expertise needed at the Federal level and survey the availability and
sufficiency of personnel required to ensure effective oversight of contractor
safety systems |
Letter to the
Board forwarding analyses provided to the Chair of the Federal Technical
Capability Panel. |
March 2001 |
Chair, Federal Technical Capability
Panel |
18 |
A report will be compiled identifying
the Department's needs for Federal technical personnel capable of reviewing
safety systems and programs essential to systems operability and the means of
addressing critical technical skills gap |
Recommendations provided to the Deputy
Secretary |
April 2001 |
Chair, Federal Technical Capability
Panel |
19 |
Based on
conclusions and recommendations made in Commitment 18, changes or additions
will be made to the Technical Qualifications Program (TQP) standards and
processes. |
Revised
Technical Qualifications Program standard or process for safety system
expertise |
June 2001 |
Chair, Federal Technical Capability
Panel |
20 |
Annually, LPSOs will review the results of ES&H assessments
performed during the previous year and provide the Secretary with a summary
report for each of their sites. |
Summary reports from each LPSO reporting the results of
assessments at each of their sites. |
February 2001 February 2002 |
Assistant Secretary, EM
Deputy Administrator, DP
Office of Science |
21 |
Annual LPSO
reviews of ES&H assessments described in commitment 20 will be
institutionalized within the Directives system. |
Draft DOE Order or Policy revision submitted into the Directives
review process. |
July 2001 |
Assistant
Secretary for Environment, Safety and Health |
22 |
The Department will provide briefings to the Board approximately
every four months. |
Briefings |
January 2001,
approximately every four months thereafter |
Assistant Secretary for Environment,
Safety and Health
|
|
HEPA filter
report commitments Incorporated
in Section 4.2.1: |
|
|
|
23 |
DOE will develop a revision to the Nuclear Air Cleaning Handbook. |
Letter to the
Board announcing placement of the draft handbook into the Directives system
for DOE-wide review. |
December 2001 |
Deputy
Administrator, DP |
24 |
DOE will
develop a revision to the Nuclear Air
Cleaning Handbook. |
Issuance of a
revision of the Nuclear Air Cleaning
Handbook |
November 2002 |
Deputy
Administrator, DP |
25 |
DOE will develop a revision to the Nuclear Air Cleaning Handbook. |
Issuance of a
letter to field office managers describing the handbook changes and the need
to screen authorization basis documents for possible unreviewed safety
questions, including filter service life.
Corrective actions to be entered into CATS. |
November 2002 |
Assistant Secretary, EM
Deputy Administrator, DP
|
26 |
DOE-HDBK-3010-94
Airborne Release Fractions/Rates and
Respirable Fractions for Nonreactor Nuclear Facilities will be revised to
eliminate problematic guidance regarding HEPA filter performance. |
Issuance of a
letter to field office managers describing the handbook changes and the need
to screen authorization basis documents for possible unreviewed safety
questions, including filter service life.
Corrective actions to be entered into CATS. |
November 2000 |
Assistant Secretary, EM
Deputy
Administrator, DP |
27 |
Field
Management Council review of consolidation of the QPL laboratory and FTF
operation. |
Letter to the
Board describing decision and path forward for the QPL laboratory and FTF
operation. |
January 2001 |
Assistant
Secretary, EM |
28 |
Field Management Council review of consolidation of the QPL
laboratory and FTF operation |
Maintain operation and funding of the FTF at Oak Ridge, and
maintain contact with the Army's Edgewood facility to remain appraised of
plans for its continued operation until a revised strategy is established and
implemented |
January 2001 |
Assistant Secretary, EM |
29 |
Field
Management Council review of the benefit of testing 100% of HEPA filters,
including options other than 100% testing. |
Letter to the
Board describing decision and path forward for testing of HEPA filters. |
January 2001 |
Assistant
Secretary, EM |
APPENDIX A
Note:
Annex A is available in [PDF].
Appendix B: List of Acronyms
CSO - Cognizant Secretarial Officer
DOE - Department of Energy
DP - Defense Programs
EIS - Environmental Impact Statement
EM - Environmental Management
ES&H - Environment, Safety and Health
FTCP - Federal Technical
Capability Panel
HEPA - High Efficiency Particulate Air
INPO - Institute of Nuclear Power Operations
ISM - Integrated Safety Management
LANL - Los Alamos National Laboratory
LPSO - Lead Program Secretarial Officer
M&O - Management and Operating
NRC - Nuclear Regulatory Commission
ORPS - Operational Reporting and Processing System
QPL - Qualified Parts List
SAR - Safety Analysis Report
TQP - Technical Qualification Program
TSR - Technical Specification Requirement
USEC - United States Enrichment Corporation
Appendix C: Glossary of Terms
Authorization Basis.
DOE STD 3024-98 defines authorization Basis as those aspects of the
facility design basis and operational requirements relied upon by DOE to
authorize operation. These aspects are
considered to be important to the safety of the facility operations. The authorization basis includes the safety
basis for the facility, which focuses on the protection of personnel, both
offsite and onsite. The terms
authorization basis and safety basis are sometimes used interchangeably.
Authorization Basis Documents. DOE STD 3024-98 defines authorization basis
documents as those providing authorization basis information. These typically
include, but are not necessarily limited to, the SAR, TSRs, EISs, DOE-issued
Safety Evaluation Reports, and documents containing facility-specific commitments
to comply with DOE Orders or policies.
Safety Basis.
DOE-STD-3009-94 defines safety basis as information relating to the
control of hazards at a facility
(including design, engineering analyses, and administrative controls) upon which DOE depends for its
conclusion that activities at the facility can be conducted safely. The terms “authorization basis” and “safety
basis” are sometimes used interchangeably.
The authorization basis may also include information related to
environmental protection.
Safety-class structures, systems, and components (safety-class SSCs). The interim final rule for 10
CFR 830 (effective December 11, 2000) defines safety-class SSCs ,including
portions of process systems, as those as identified by safety analyses whose failure
could adversely affect the safety and health of the public.
Safety-significant structures, systems, and components
(safety-significant SSCs). The interim final rule for 10 CFR
830 (effective December 11, 2000) define safety-significant SSCs as those
structures, systems, and components not designated as safety-class SSCs but
whose preventive or mitigative function is a major contributor to defense in
depth (i.e., prevention of uncontrolled material releases) and/or worker safety
as determined from hazard analysis.
As a general rule of thumb, DOE STD 3009-94
and DOE G 420.1-2 note that safety-significant SSC designations based on worker
safety are limited to those systems, structures, or components whose failure is
estimated to result in an acute worker fatality or serious injuries to
workers. Serious injuries, as used in
this definition, refers to medical treatment for immediately life-threatening
or permanently disabling injuries (e.g., loss of eye, loss of limb) from other
than standard industrial hazards. It
specifically excludes potential latent effects (e.g., potential carcinogenic
effects of radiological exposure or uptake).
Vital Safety Systems. As used within this implementation plan,
vital safety systems is understood to mean safety-class systems,
safety-significant systems, and systems that perform an important defense in
depth safety function
APPENDIX
D: DNFS Board
Recommendation 2000-2
March 8, 2000
The Honorable Bill Richardson
Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585-1000
Dear Secretary Richardson:
Designs of the Department of
Energy’s (DOE’s) high hazard defense nuclear facilities typically include
systems whose reliable operation is vital to the protection of the public,
workers and the environment. Operations
are constrained by technical safety requirements and operational limits
established by analyzing the hazards of the operations and the capability of
design features to prevent or mitigate consequences of potential mishaps or
operational disruptions caused by either manor natural phenomena. The availability and operability of such
systems and the conditions specifying operational limits are included in the
written agreements established by DOE with its contractors as conditions for
authorizing performance of work.
Ventilation systems installed
in many defense nuclear facilities are among those that provide vital safety
functions. Such systems contribute much
to the safe environment for workers and serve a vital confinement function
should work process upsets and mishaps result in airborne releases of hazardous
materials.
The Defense Nuclear
Facilities Safety Board (Board) has advised DOE in various ways during the past
several years of the need to increase attention to ventilation systems and of
the steps we believe would lead to more certain performance of their important
safety functions. Although DOE has responded
to some extent, the upgrade efforts to date have been less comprehensive and
effective than the matter merits.
The Board further believes
that DOE’s upgrades of ventilation systems could well serve as a model for
implementing similar programs for other vital safety systems that maybe needed
in defense nuclear facilities.
The Board believes this
matter requires additional DOE attention.
More explicitly, the Board recommends for your consideration an action
plan structured to address the elements set forth in the enclosed
Recommendation 2000-2, Configuration Management, Vital Safety Systems.
The Board’s recommendation is
directed explicitly at systems for ensuring nuclear safety. This is in keeping with the Board’s enabling
legislation. However, the concepts
advocated could be applied to good advantage to systems designed for safety
management of hazardous material and processes of non-nuclear nature as
well. In the spirit of Integrated
Safety Management (ISM) to which DOE is committed, DOE is encouraged to do so.
Recommendation 2000-2, Configuration
Management, Vital Safety Systems, was unanimously approved by the Board,
and is submitted to you pursuant to 42 U.S.C. § 2286a(a)(5), which requires the
Board, after receipt by you, to promptly make this recommendation available to
the public. The Board believes the
recommendation contains no information which is classified or otherwise
restricted. To the extent this recommendation
does not include information restricted by the Department of Energy under the
Atomic Energy Act of 1954, 42 U.S.C. §§ 2161-68, as amended, please arrange to
have this recommendation promptly placed on file in your regional public
reading rooms.
The Board will publish this
recommendation in the Federal Register.
Sincerely,
John T. Conway
Chairman
c: Mr. Mark B. Whitaker Jr.
Enclosures: DNFSB/TECH-26
Recommendation
2000-2
DEFENSE NUCLEAR FACILITIES SAFETY BOARD
RECOMMENDATION 2000-2 TO THE SECRETARY OF ENERGY
pursuant to 42 U.S.C. § 2286a(a)(5)
Atomic Energy Act of 1954, as amended
Dated: March
8, 2000
Background
The Defense Nuclear Facilities Safety Board (Board)
continues a strong interest in safety systems and their effectiveness at
defense nuclear facilities. These
systems are at the heart of safety at the facilities. Department of Energy (DOE) Standards 3009 and 3016 provide
guidance for the identification of safety systems and associated Technical
Specifications as important elements of maintaining safety of facilities and
operations. In addition, the implementation
guide to DOE Order 420.1, Facility Safety, provides guidance on design
and procurement of safety systems to attain and sustain reliability in
performance.
Most of the facilities of interest to the Board were
constructed many years ago, and are undergoing the deterioration attached to
aging. It is important that their
protective features be maintained serviceable and effective. In the following, the Board recommends measures
necessary to ensure reliable performance of the safety systems of both the
older facilities and the ones that are relatively new, and in particular
stresses the actions required to ensure viability of confinement ventilation
systems. Confinement ventilation
systems are relied on almost everywhere by DOE as the principal system to
protect the public and collocated workers at its more hazardous facilities.
Previous Issuances by the Board on Safety Systems
In May 1995, the Board issued DNFSB/TECH-5, Fundamentals
for Understanding Standards-Based Safety Management of Department of Energy
Defense Nuclear Facilities, which stressed the importance, among other
things, of functions that preserve those structures, systems, and components
that are relied upon to protect the public, workers, and the environment (e.g.,
configuration management, training, and maintenance). In October 1995, the Board issued DNFSB/TECH-6, Safety
Management and Conduct of Operations at the Department of Energy’s Defense
Nuclear Facilities. The report
underscored the importance of conduct of operations as the body of practice, or
operational formality, that implements the Safety Management System for a
defense nuclear facility. Operational
formality includes “Supervision by highly competent personnel who are knowledgeable
as to the results of the safety analysis and operating limits for the facility
or activity.” Key aspects of facility
Safety Management Systems discussed in these two reports are central to the
issues addressed herein.
In 1996, in response to Recommendation 95-2, Safety
Management, DOE provided the Board a plan for upgrading safety management
of its defense nuclear facilities. DOE
Orders 5480.22, Technical Safety Requirements, and 5480.23, Nuclear
Safety Analysis Reports, established requirements for identifying design
features important to safety and the conditions/controls to ensure safe
operation. DOE authorized its
contractors to grade facilities by hazard category and to tailor the
comprehensive safety assessments according to hazard potential and operational
future. This upgrade effort has
reaffirmed the important safety role played by confinement ventilation
systems. (See enclosed Appendix B of
DNFSB/TECH-26). In general, these
systems have been designated as important to safety, making them subject to
more stringent quality assurance, maintenance, surveillance, and configuration
management programs in recognition of their safety functions. Commitments to such programs are typically
made in the Authorization Agreements that capture the contractor-DOE agreed
upon conditions for performing the work.
Issuances Concerning Confinement Ventilation Systems
Some of the Board’s analyses concerning safety systems
focused on confinement ventilation systems in particular. In March 1995, the Board issued
DNFSB/TECH-3, Overview of Ventilation Systems at Selected DOE Plutonium
Processing and Handling Facilities, which addressed the design of
confinement ventilation systems. In its
June 15, 1995, letter forwarding that report, and in subsequent correspondence
in July 1995, the Board requested that DOE evaluate the design, construction,
operation, and maintenance of ventilation safety systems in terms of applicable
DOE and industry standards.
In a letter dated October 30, 1997, the Board pointed
out the problem of wetting high efficiency particulate air (HEPA) filters
during tests of fire sprinkler systems, and the need for complex-wide guidance
from DOE concerning the relationship between maintaining filter integrity and
fire fighting strategies. HEPA filters
are key components of confinement ventilation systems. In its June 8, 1999, letter concerning HEPA
filters installed in confinement ventilation systems, the Board requested a
report outlining the steps DOE plans to take to resolve those issues. In recent weeks, individual Board members and
the Board’s staff have met informally with DOE representatives to resolve
differences concerning DOE’s proposed response to the Board’s request.
Current Status of Ventilation Systems
As a part of its continuing oversight of these vital
safety systems, the Board’s staff has recently completed a review of the
operational data on confinement ventilation systems as reported in DOE’s
Operational Reporting and Processing System (ORPS). The data reviewed covered the period July 1998 to December
1999. An analysis of these data is
documented in report DNFSB/TECH-26.
This review indicates that the reliability of these systems, for reasons
not readily evident, may not be adequate, given the vital safety function they
serve.
The operational data reveal deficiencies in areas of
test and surveillance, quality assurance (replacement components), maintenance,
configuration management, training and qualification, and conduct of
operations. One can reasonably deduce
from such observations that there exists no single entity assigned
responsibility for the configuration and operational state of these systems as
a whole.
The Board recognizes that many confinement ventilation
systems now require less air flow and permit more particulate loading than in
original designs. This allows for more
extended useful life than might otherwise be tolerable, particularly with
adequate preventive care. However, the
operational data suggest that less than optimum care is being given to these
systems, considering their age.
Status of Safety Systems in General
Many of DOE’s nuclear facilities were constructed
years ago and are approaching end-of-life status. Under these circumstances, some degradation of reliability and
operability of systems designed to ensure safety can reasonably be
expected. To some extent, the effects
of aging can be offset by increased surveillance and maintenance. A point occurs, however, where costs for
upkeep justify major upgrades or replacement, particularly where mission needs
are projected well into the future.
While a considerable number of high-hazard defense nuclear facilities
have such long-term missions (greater than 10 years, for example), others
undergoing phase-outs and decommissioning do not. Some facilities must continue to rely on operational safety
systems, such as ventilation systems, to serve a safety function even after
their operational mission has ended and well into the decommissioning
process. Long-term or short-term,
however, the performance required for safety must be ensured.
It has been a long-standing practice in the nuclear
business to designate a “system engineer” for each major system vital to
successful operation of hazardous processes.
Some DOE contractors have done so on occasions (e.g., the Defense Waste
Processing Facility at the Savannah River Site), but this practice is not as
prevalent as it should be. The Board
believes that having specific individuals outside the operational forum, tasked
with the configuration management (design and operational constraints) of systems
designated as important to safety, would go a long way to ensuring the
dependable service such systems must provide.
Recommendation
Considerable upgrading of programs for ensuring
reliable and effective performance of confinement ventilation systems has
occurred during the years 1995-1999.
However, the frequency and variety of off-normal occurrences that
continue to be reported clearly indicate that more attention to these vital
systems is needed. Likewise, other
systems serving equally vital safety functions might well benefit from similar
attention. Towards such an end, the
Board recommends that the Department of Energy:
1.
Establish a team, expert in confinement ventilation
systems, to survey the operational records during the past 3 years and the current
operational condition of all confinement ventilation systems now designated or
that should be designated as important to safety in defense nuclear facilities
(i.e., safety class, safety significant, defense-in-depth). In so doing:
a.
Assess the root cause or causes for less than satisfactory
operational history of these systems and recommend an action plan to address
the causes. In so doing evaluate such
programs as may exist to ensure reliable system performance. These should include surveillance,
maintenance (including quality assured inventory of replacement parts),
configuration management (system descriptions, drawings and specifications),
and requisite training and
qualification of operators.
b.
Estimate the remaining system lifetime with and without
refurbishing as a function of reliability; (e.g., 1 year - 95Y0, 10 years -
50%) and recommend such upgrades or compensating measures as maybe appropriate
to ensure reliability, current or future, commensurate with the safety
functions being served.
2.
Include key elements of the plan for addressing the HEPA
filters issues identified in the Board’s June 8, 1999, letter in any plan
developed in response to this recommendation.
3.
Amend appropriate directives and associated contract
requirements documents (e.g., DOE Order 430.1A, Life Cycle Asset Management,
DOE Order 420.1, Facility Safety), to require for the confinement
ventilation system and every other major system designated as important to
safety:
a.
The development and maintenance of documentation that
captures key design features, specifications, and operational constraints to
facilitate configuration management throughout the life cycle.
b.
The designation of a “system engineer” during each facility
life cycle - design, construction, operation and decommissioning with:
(1)
The requisite knowledge of the system safety design basis
and operating limits from the safety analysis; and
(2) The lead responsibility for the
configuration management of the design.
c.
The education and training of successor “system engineers”
as may be required because of contractor organizational changes, facility life
cycle change, or other causes for reassignments.
4.
Task the Federal Technical Capability Panel established in
response to Board Recommendation 93-3 to:
a.
Survey the availability and sufficiency of personnel in DOE
with expertise in these vital safety systems.
b.
Recommend to DOE senior management such actions as maybe
appropriate to augment, redeploy or otherwise bring such expertise more
effectively to bear in the life-cycle-management of vital safety systems.
c.
Add to DOE’s technical staff qualification program the
requisites for qualifying as subject matter experts for these vital systems.
d.
Develop descriptions of functions and responsibilities for
inclusion in the Function and Responsibilities Authorities Manual for
individuals serving as subject matter experts on vital safety systems.
5.
Make the scrutiny of the status of all systems serving to
protect the public, workers and the environment a regularized part of the assessments
performed as required by DOE P 450.5, Line Environment, Safety and Health
Oversight. Include in such review
the programs, such as quality assurance, maintenance, configuration management
and conduct of operations, that contribute much to ensuring these systems will
operate as intended.
John T. Conway
Chairman
APPENDIX E:
Recommendation 2000-2
Defense Nuclear Facilities of Interest
DEFENSE PROGRAMS
PRIORITY AND FOLLOW-ON
FACILITIES
Lawrence
Livermore
Superblock:
Building 332, Plutonium Facility
Los Alamos
TA-55, Bldg.4, Plutonium
Facility
TA-3, Bldg. 29, Chemical
Metallurgical Research (CMR) Facility
Oak Ridge
Y-12:
Bldg. 9212, Wet Chemistry, Casting, Storage
Bldg. 9204-2E, Disassembly Operations
Bldg. 9215, SNM Processing &Fabrication
Pantex
Buildings
12-84 and 12-104 (all Nuclear Explosive
Bays), 12-85 and 12-98
(all
Nuclear Explosive Cells)
Lawrence
Livermore
Building
231 Complex (Vaults)
Building 334, Hardened
Engineering Testing Facility
Building
331 Tritium Facility
Los Alamos
TA-18,
Los Alamos Critical Experiments Facility
TA-16,
Weapons Engineering Tritium Facility
TA-50,
Radioactive Materials Research, Operations and Demonstration
Facility (RAMROD)
TA-54-G Solid Waste Disposal Site
TA-54-TWISP
Transuranic Waste Inspectible Storage Facility
DP FOLLOW-ON
FACILITIES-
continued
Nevada Test Site
Device Assembly Facility
Oak Ridge
ORNL:
Building 3019, Material Storage
Y-12:
Bldg. 9201-5, Depleted Uranium
Machining, Arc Melt, Casting
Bldg. 9720-12, Warehouse Recoverable
Salvage
Bldg. 9720-18, Depleted Uranium
Warehouse
Bldg. 9206, Enriched Uranium
Chemical Processing
Bldg. 9720-5, Warehouse Operations
Bldg. 9204-4, Quality Evaluation
Pantex
Building
12-116, SNM Staging Facility
Buildings 12-64 and 12-99 (all Nuclear Explosive
Bays), 12-44 (including 44-8)
and 12-96 (all Nuclear Explosive Cells)
Bldg
12-50 Separation Testing
Bldg.
12-60 Dynamic Balancer
Zone
4 Pit and Nuclear Weapons Storage
Sandia
National Laboratory
Sandia
Pulse Reactor Facility
Savannah River
Tritium
Facilities
ENVIRONMENTAL MANAGEMENT
PRIORITY AND FOLLOW-ON
FACILITIES
EM PRIORITY FACILITIES
Hanford
Tank
Farms
Plutonium
Finishing Plant
Rocky Flats
Building
371, Plutonium Chemical Processing Facility
Savannah River
Canyons
F Canyon
FB Line
H Canyon
HB Line
Liquid
Radioactive Waste Handling Facilities
Idaho
CPP-666
Underwater Fuel Storage
Hanford
Waste
Encapsulation and Storage Facility (WESF)
Spent
Nuclear Fuel Processing Facility1, 2
K Basins (East and West)
Cold Vacuum Drying Facility
Canister Storage building
1 Phase 1 assessment completion may be delayed until the latest Phase 1 Commitment due date
2 Phase 1 assessments
may take credit for recent Readiness Assessment and Operational Readiness
Reviews where appropriate
EM FOLLOW-ON
FACILITIES-
continued
Idaho
CPP-603-B
Irradiated Fuel Storage Facility (Dry SNM Storage)
CPP-659
New Waste Calcining Facility
CPP-651
Unirradiated fuel Storage Facility
Radioactive
Waste Management Complex (RWMC)
233
Canister Storage Facility
Nevada Test Site
Radioactive Waste Management Sites in Area 5, Area 3, and
the TRU Pad
Waste Evaluation Facility
Rocky Flats
Building
559, Analysis Laboratory
Savannah River
235-F
Defense Waste Processing
Facility
Waste Pretreatment Facilities
Receiving Basin for Offsite
Fuel (RUBOF)
Savannah River Technology
Center
K-Reactor
L-Reactor
Central Laboratory Facility
Waste
Isolation Pilot Plant (WIPP)
Entire Facility
APPENDIX F:
Secretary of Energy Memorandum:
Fire Safety Initiative
[SOE
LETTERHEAD]
October
2, 2000
MEMORANDUM FOR DAVID M. MICHAELS, ASSISTANT SECRETARY FOR
ENVIRONMENT,
SAFETY, AND HEALTH
GENERAL EUGENE E. HABIGER, DIRECTOR
OFFICE OF SECURITY AND
EMERGENCY
OPERATIONS
GLENN S. PODONSKY, DIRECTOR,
OFFICE OF INDEPENDENT OVERSIGHT AND
PERFORMANCE ASSURANCE
FROM: BILL RICHARDSON
cc: T.
J. GLAUTHIER
ERNIE MONIZ
GENERAL JOHN GORDON
CAROLYN HUNTOON
MILLIE DRESSELHAUS
SUBJECT: DOE FACILITY FIRE SAFETY INITIATIVE
Our
experiences with serious wildfires at several of our sites this year have
revealed that the Department’s management systems for dealing with such events
are in need of reexamination and improvement.
We have identified inadequacies in several specific areas, including equipment,
manpower, training, facilities, procedures, and coordination and communication
with the wildland firefighting community.
In
order to better prepare the Department to prevent and respond to wildfires in
the future, I am taking or directing several actions. I will execute a Memorandum of Understanding (MOU) with the
Departments of Agriculture and Interior to initiate and formalize cooperative
efforts in the areas of planning, preparation, prevention, and fire
response. I will convene a panel of nationally
recognized fire, safety, and emergency management experts to provide their
perspectives on the adequacy of our fire safety programs and our preparedness
and ability to deal with a fire-induced emergency. Finally, I am directing an
immediate complex-wide initial joint review of fire safety and related
emergency management capabilities, to be followed by a more comprehensive study
of facility fire safety, as detailed below.
The
purpose of this memorandum is to direct the Office of Emergency Operations
(SO-40), the Office of Independent Oversight and Performance Assurance (OA),
and the Assistant Secretary for Environment, Safety and Health (EH), through
the EH Office of Oversight (EH-2) to plan, conduct, and report the results of
an initial joint review, and to direct EH to begin initial planning for a
comprehensive follow-on study. Both
efforts are outlined below:
INITIAL
JOINT REVIEW
Purpose
The
review will assess the abilities of DOE sites to effectively prevent fires and
to respond effectively in the event that a fire occurs, including a fire in the
local area that threatens DOE facilities or property. This review will also develop the information needed to plan the
comprehensive follow-on study.
Scope
The
review will examine the Department’s current capabilities related to wildfire
safety, including those aspects of emergency management that deal with the
ability to respond to a wildfire.
The
review will include on-site visits to selected DOE facilities, with emphasis on
facilities containing or located adjacent to areas subject to wildfires.
Responsibilities
The
review will be co-led by S0-40, EH and OA, who will ensure that the efforts of
all three organizations are integrated and coordinated. S0-40 and OA will have primary responsibility
for evaluating emergency management aspects, including planning and emergency
response functions. EH-2 will have
primary responsibility for identifying and ensuring the collection of data
necessary to scope and plan a comprehensive follow-on study that will include
an in-depth evaluation of facility fire safety.
Period
of Performance
Planning
for this effort should begin immediately.
Planning should be completed and data collection should begin by October
15, 2000. Data collection, analysis,
and report writing should be completed and a report submitted by December 15,
2000.
Report
The
results of this initial review will be reported tome and to the Chairman of the
advisory committee, mentioned above.
In
addition to assessing current capabilities and levels of preparation, the
report should include recommendations for both site-specific and DOE-wide
improvements, as well as recommendations regarding the scope and conduct of the
comprehensive follow-on study.
COMPREHENSIVE
STUDY
Based
on information collected during the initial review, the Assistant Secretary for
Environment, Safety and Health will take the lead in planning a more
comprehensive study of facility fire safety across the Department of Energy
complex. The following preliminary
planning guidance is provided:
cc:
J.
McBroom, S0-40
C.
Lewis, OA-30
D. Stadler, EH-2
APPENDIX G:
Board Letter of September
8, 2000
[DNFSB LETTERHEAD]
September 8, 2000
The Honorable Bill
Richardson
Secretary of Energy
1000 Independence Avenue,
SW
Washington, DC 20585-1000
Dear Secretary Richardson:
The Defense Nuclear
Facilities Safety Board (Board) acknowledges your August 21, 2000 letter of
notification that the Department of Energy (DOE) requires an additional 45 days
to transmit the implementation plan for our Recommendation 2000-2, Configuration
Management, Vital Safety System.
The Board agrees that the draft plan developed to date can benefit from
additional planning.
Section 315(e) of the
Atomic Energy Act of 1954, as amended, provides that the Secretary “may
implement any such recommendation (or part of any such recommendation) before,
on, or after the date on which the Secretary transmits the implementation plan
to the Board under this subsection.” In
this regard, the Board notes that some limited, preliminary actions have been
taken by DOE to define pre-requisites for tasks still in planning stages, e.g.,
identification of industry practices/standards relative to development of a
contractor system engineer program. The Board suggests that DOE move more
aggressively forward with similar initiatives such as the selection of the team
for the Ventilation Systems Assessment, the initiation of the development of
generic Criteria Review and Approach Documents (CRADs) for vital safety
systems, and a review by Field Managers of current Functions and Responsibility
assignments of both the Federal and Contractor personnel relative to vital
safety systems. The Board urges DOE to
take advantage of the authority granted under Section 315(e) to get more such
preliminary actions underway.
Notwithstanding substantial
Board staff discussions with DOE personnel responsible for drafting the plan,
progress to date has been unduly slow.
These discussions indicate that the leadership of the plan’s development
does not clearly understand the basic thrust of the Recommendation. The Board
offers further amplification in the enclosed material. Since your acceptance letter of April 28,
2000, did not reject any part of Recommendation 2000-2, the Board has assumed
that the safety issue--Configuration Management of Vital Safety Systems--is to
be fully assessed.
The basic thrust of the
Board’s Recommendation--assessment of the operational readiness of vital safety
systems--is direct and simple. The
operational readiness of vital safety systems, their continued surveillance,
maintenance and configuration management are at the core of Integrated Safety
Management (ISM). Both the contractor
and the Federal workforces must recognize the pivotal role that these systems
play in ensuring safety. The
assessments to be done in response to Recommendation 2000-2 represent an
important part of DOE’s continued implementation of ISM throughout the
complex. Full implementation of ISM
cannot be considered accomplished until such vital safety systems are
identified, responsibility is clearly established for their operational
readiness, a satisfactory state of operational readiness is established, and a
functional maintenance and configuration management system is put in place to
ensure future readiness. Further elaboration of this core concept is described
in the amplifying material enclosed.
Ideas are also presented therein for closely coupling this 2000-2 effort
with the ISM verification efforts that have been underway for the past several
years. The Board sees no reason why the
majority of the assessment effort required cannot be performed by resources,
both contractor and Federal, that are already committed to ensuring
safety. The potential for finding that
upgrades of infrastructure maybe required should not be cause for delaying
assessments, nor should the accomplishment of verification goals set for
September 2000 be cause for relaxation of continuing upgrade efforts.
It is the Board’s view that
developing a completely acceptable plan in the additional forty five days is
not likely unless a change in momentum takes place. The Board has instructed its staff to continue its clarifying
exchanges with the designated leadership of the implementation planning effort. DOE is urged to move expeditiously to
complete the planning effort and to begin full implementation as soon as
possible.
Sincerely,
John T. Conway
Chairman
Enclosure
c: Mark B. Whitaker Jr.
Recommendation
2000-2 Amplification
In performing its diverse
missions, the Department of Energy (DOE) and its contractors use hazardous
materials and processes. In doing so,
DOE is required to protect the public, the workers, and the environment. DOE is fulfilling its environmental, safety
and health responsibilities through its program of Integrated Safety Management
(ISM) as defined by DOE Policy 450.4, Safety Management. A core function of ISM, “Develop and
Implement Hazard Controls,” results in the establishment of a set of safety
controls. Frequently these controls are
in the form of systems and equipment designed and operated to protect the
public, the worker, and the environment.
Periodic surveillance, maintenance, and configuration management of
these systems and equipment are required to ensure their dependability and
reliability, to determine whether deterioration is taking place, and to
identify technical obsolescence that threatens performance, safety, or facility
operation. Full implementation of ISM
cannot be considered accomplished until all such vital safety systems are
identified, responsibility is clearly established for their operational
readiness, a satisfactory state of operational readiness is established, and a
functional maintenance and configuration management program is in place to
ensure continued readiness.
DOE has developed the
necessary standards and requirements to identify and implement both engineering
and administrative controls to prevent accidental releases of hazardous
materials or mitigate the consequences of such releases, should they
occur. For accidental events that
potentially could cause harm offsite or cause worker deaths or serious injury,
such controls and the hazardous processes with which they are associated are
described in Safety Analysis Reports (SARs) or equivalent documents. Limits on hazardous processes and the
requisite availability of preventive and mitigative equipment are established
as Technical Safety Requirements (TSRs). Such TSRs are made conditions for
conducting the hazardous operations.
These are included in “Authorization Agreements,” a set of safety
measures mutually agreed upon by DOE and the contractor for operating high
hazard facilities.
In addition, other controls
to provide workplace safety and protection of the environment are defined
through various process hazard analyses, job hazards analyses, environmental
impact assessments and environmental permitting processes. These controls also become conditions for
performing the hazardous tasks. Figure
1 illustrates basic elements of an “Integrated Safety Control Set” and the
basic documents in which they are commonly described.
Figure
1
Authorization
Protocols
|
INTEGRATED SAFETY CONTROL SET* |
|||
|
Safety Sector |
Hazards Assessment |
Hazards Controls |
Authorization Protocol |
Macro Level |
Public Worker Sector A |
SAR and Graded
Equivalents DOE Orders 5480.23 Process Hazards Analysis:
29 CFR 1910.119. Risk Management
Program: 40 CFR 68 |
Technical Safety Requirements: • Design (Engineered
Controls) • Work practices and
administrative procedures |
• Authorization Agreement
- High/Moderate Hazards Facilities Category 1 and 2 • Authorizing
Correspondence Moderate/Low Hazards Facilities Category 3 and 4 |
|
|
|
||
Micro Level |
Worker Sector B |
Job Hazards Analysis and
Equivalents DOE Order 440.1 IG 440.1-1 |
Work Control Conditions: • Engineered Controls • Work practice and
administrative procedures |
• Rad Work Permits • Work Control Permits • Operation Procedure |
|
Environment |
NEPA Documentation Permit Support Documents |
Discharge Control: • Engineered features • Limits on discharges |
Discharge Permits • air • water • solid wastes |
This figure is taken from
Board Report DNFSB/TECH-16
* Safeguards and Security
not included
The Defense Nuclear
Facilities Safety Board has emphasized that safety systems relied upon to
protect the public, the workers, and the environment deserve special
focus. Their design, procurement,
fabrication, installation, operation, maintenance, and configuration management
are at the core of ISM. Both
contractors and the Federal workforce must recognize the pivotal role these systems
play in ensuring safety and deploy their resources accordingly.
Much of the DOE nuclear
complex was built years ago. Both the
Federal workforce and the contractors employed by the government for
maintenance and operation have turned over many times during the operational
life of the facilities. Both process
knowledge of many hazardous operations and the design basis of protective
equipment and associated systems are often not current. While substantial updating of authorization
basis documents is being accomplished under pressures of the ISM program,
assessments by both DOE’s internal safety management organizations and the
Board’s external safety oversight staff show that DOE’s operating contractors
are not always giving equipment designed to serve vital protective functions
the attention their safety functions deserve.
Confinement ventilation systems and fire protection systems are good
examples. Recommendation 2000-2 seeks
to have DOE systematically assess the readiness state of its vital safety
systems and the effectiveness of their configuration management.
The acceptability of any
plan offered by DOE in response to Recommendation 2000-2 will be based upon our
evaluation of how well the objectives described above are likely to be
satisfied. A set of tasks such as the following are visualized:
Task 1. |
The identification of
high hazard processes performed in all defense nuclear facilities, the vital
safety systems/equipment providing protective functions, and the programs
that support and preserve these systems (e.g., maintenance). |
Task 2. |
The targeting of
Confinement Ventilation Systems in defense nuclear facilities for priority
attention, using a special task force of subject matter experts to: (a) develop evaluation guidelines to be
used in evaluating them, and (b) assess the operational ability to meet
design requirements of a selected number of them, including the assessment of
programs needed to preserve the system such as surveillance, maintenance, and
configuration management programs. |
Task 3. |
The systematic assessment
of the state of all systems/equipment upon which the safety of the site and
its hazardous facilities depend (public, worker, and environment) and the
adequacy of the resources applied to do surveillance, maintenance, and
configuration management. Evaluation guidelines used in the Confinement
Ventilation Systems evaluation will be used or adapted as appropriate. The assessments performed as required by
DOE Policy 450.5, Line Environment Safety and Health Oversight will be
reviewed to ensure that the assessments provide adequate assurance that the
systems maintain their ability to protect the public, the workers, and the
environment. |
Task 4. |
The assessment of
functions, responsibilities, and authorities relative to the caretaking of
vital safety systems and the adequacy of the resources (number and expertise)
dedicated to ensuring their state of readiness. Establish contractor
qualification requirements, and qualify system engineers, for hazardous
processes and associated vital safety systems identified under Task 1. This will enhance the DOE’s ability to
ensure that engineering expertise is applied in all five functions of ISM. Define Federal workforce
expertise necessary to support, review, and oversee the contractor’s system
engineer program. Establish
qualification requirements for, and qualify federal personnel, who will be
relied upon for system expertise.
This will enhance the DOE’s ability to apply engineering expertise in
all five functions of ISM. |
Task
5. |
The development of an
upgrade program, prioritized to ensure reliable operation of systems that
prevent or mitigate higher risk. |
Task
6. |
The resolution of the key
HEPA filter issues identified in the Board’s June 8, 1999 letter. |
The Board remains open of
course to any other alternative that would satisfy the objectives of the
recommendation. The plan needs to not
only define the work to be done but also the responsibility for doing it. The Board recognizes that the assignment of
resources is the prerogative of DOE.
However, the Board offers the following observations for DOE
consideration. In keeping with one of
the fundamental principles of Integrated Safety Management, the primary
responsibility for maintaining vital safety systems in a reliable state of
readiness rests with line management - more explicitly, those responsible for
developing, reviewing, approving, and maintaining safety bases documentation,
the safety controls and the related support programs. These responsibilities now lie principally with the DOE
Operations Offices and their contractors.
Hence, DOE Operations Office Managers and their contractors logically
should be tasked to lead and perform the majority of the actions defined in the
above tasks. In the interests of
maintaining continuity and consistency with the Phase II verification effort,
it would be highly desirable for the Field Managers to use the same individuals
that led the Phase II verification assessments for them. Team membership, however, will require the
selection of those expert in the vital safety systems being assessed.
While this recommendation
is viewed as largely a field oriented effort, a continuing DOE-Headquarters
line oversight of the effort is important to ensure appropriate consistency,
accountability, and priority are maintained as these activities are conducted
across programs and sites. Further,
there may well be subject matter experts in DOE-Headquarters that could well be
brought to bear, for example, in the developing of uniform evaluation guidelines
as was done for the ISM Verification Team Leaders Handbook. The use of an assessment approach similar to
that put in place for the Phase II ISM verification will make it clear that
2000-2 tasks are in reality an extension of the ISM verification efforts.
DOE has been seeking to
embed Integrated Safety Management as a fundamental responsibility of those in
the line responsible for performing hazardous work. The Safety Management Integration Team (SMIT) was established as
an ad-hoc group in response to Board Recommendation 95-2. Recommendation 2000-2 offers DOE a vehicle
for facilitating the transition of the post-September 2000 ISM leadership
efforts back to the Lead Program Secretarial Offices (LPSOs) and the
Administrator of the National Nuclear Security Agency (NNSA). This could be accomplished by establishing
for 2000-2 a steering group at headquarters, consisting of the Chief Operating
Officers (COOs) of the Administrator of NNSA and the LPSOs, and the Principal
Assistant Secretary for Environmental, Safety and Health (ES&H). The headquarters steering group could, for
example, be made responsible for selecting expert team leadership and for
creating assessment team guidance and generic Criteria Review and Approach
Documents (CRADs) for vital safety systems.
Such a steering group could monitor implementation plan progress, brief
senior DOE management, and initiate course corrections as appropriate.
[16383] A graded
approach is defined within DOE Rules and orders, and would consider factors
such as:
·
Remaining facility lifetime and the safety significance of
remaining operations. For example, it might not be practicable to
designate a system engineer for a facility scheduled to be decommissioned or
demolished in a couple of years. On the
other hand, hazards posed by planned operations and decommissioning activities
should be reviewed to determine whether a specific safety system would continue
to be relied upon following facility decommissioning. A system engineer should be assigned to safety system(s) where
operability is required following facility decommissioning.
·
Systems that are important to safety in non-nuclear
facilities. For example, it would be prudent to designate a system engineer
for a confinement ventilation system in a facility with significant non-nuclear
hazards (e.g., chemical or industrial hazards).
·
Multiple systems and facilities. A system engineer
can be assigned responsibility of multiple systems and/or facilities, depending
upon the scope of system support needed and the individual engineer's
experience and expertise.
· Multiple Systems. Where several systems important to safety are connected to form a chemical or mechanical process, one system engineer could be designated for the entire process rather than designating a number of system engineers to cover each sub-system.