doc_fn: draftord/420/g4201-x.html DocType: Draft ID: DOE G 420.1-X Title: Implementation Guide for Non-Reactor Nuclear Safety Design Criteria and Explosives Summary: Org: Date_Issue: 09/1995 Date_Close: VdkVgwKey: draftord-5 Directive: 420.1 Text: Implementation Guide for Nonreactor Nuclear Safety Design Criteria and Explosives Safety Criteria Prepared for Department of Energy, Headquarters Revision G September 1995 Foreword Guiding Principles This Implementation Guide (IG) provides guidance on the application of the requirements for nonreactor nuclear facilities and explosives facilities of Department of Energy (DOE) 420.1, "Facility Safety," Section 4.1, "Nuclear and Explosives Safety Design Criteria." The following guidelines were established for the development of this IG:  This IG provides guidance on implementing the requirements stated in DOE 420.1, Section 4.1, as they apply to the design aspects for nuclear safety of nonreactor nuclear facilities and safety requirements for explosives facilities. The guidance provided in this IG is restricted to the requirements identified in DOE 420.1, Section 4.1. This IG does not establish requirements.  Safety analyses performed in accordance with DOE-STD-3009-94 establish the identification, function, and performance of safety structures, systems, and components (SSCs) and shall be conducted early in the design process.  Applicable current Rules, Standards, and Orders will be referenced herein and text and requirements from these documents will not be repeated.  Same-subject information will be grouped in a single section and cross referenced elsewhere as required.  Management and policy requirements will not be included in this document. Throughout this IG, the words "shall" and "should" are used to identify actions that need to be accomplished to meet this guidance. The word "shall" denotes actions that must be performed to comply with this IG. The word "should" is used to indicate recommended practice (DOE-STD-1075-94). Users are encouraged to submit suggestions for improving this IG to the office of Nuclear Safety Policy and Standards. Contents List of Tables ...................................................................iii Glossary ..........................................................................iv Abbreviations and Acronyms .........................................................x 1.0 Introduction...................................................................1 1.1 General.....................................................................1 1.2 Application.................................................................1 1.3 Content.....................................................................2 1.4 Compliance with DOE 420.1 Requirements......................................3 2.0 Safety Analysis and Design Process.............................................4 2.1 Design Process and Safety Analysis Relationship.............................4 2.2 External Design Constraints.................................................5 2.3 Defense in Depth............................................................5 2.4 Systems Engineering.........................................................7 2.5 Quality Assurance...........................................................9 3.0 Elements of Design for Nuclear Safety..........................................9 3.1 General.....................................................................9 3.1.1 Radioactive and/or Hazardous Material Inventory......................9 3.1.2 Conservative Facility Design.........................................9 3.1.3 Preventive Features..................................................9 3.1.4 Mitigating Features.................................................10 3.2 Siting Criteria Development................................................10 3.3 Natural Phenomena Hazards..................................................11 3.3.1 General Application.................................................11 3.3.2 Primary Applicable Requirements.....................................11 3.3.3 Other Considerations................................................11 3.4 Architectural..............................................................12 3.4.1 Building Layout.....................................................12 3.4.2 Access Control......................................................12 3.5 Accessibility and Maintainability..........................................13 3.6 Human Factors Engineering..................................................14 3.7 Design to Facilitate Deactivation, Decontamination, and Decommissioning....14 3.7.1 Deactivation........................................................14 3.7.2 Decontamination.....................................................14 3.7.3 Decommissioning.....................................................15 4.0 Functional Design Criteria....................................................15 4.1 Nuclear Criticality Safety.................................................15 4.1.1 Conditions that Initiate Requirements of this Section...............15 4.1.2 Primary Applicable Requirements.....................................16 4.2 Radiation Protection.......................................................16 4.2.1 Primary Applicable Requirements.....................................16 4.2.2 General Application.................................................16 4.2.3 Special Considerations and Good Engineering Practices...............18 4.3 Hazardous Material Protection..............................................19 4.3.1 Conditions that Initiate Requirements of this Section...............19 4.3.2 Primary Applicable Requirements.....................................19 4.3.3 General Application.................................................19 4.3.4 Special Considerations and Good Engineering Practices...............20 4.4 Effluent Monitoring and Control............................................20 4.4.1 Applicability.......................................................20 4.4.2 Special Considerations and Good Engineering Practices...............21 4.5 Waste Management...........................................................22 4.5.1 Applicability.......................................................22 4.6 Fire Protection............................................................23 4.6.1 General Application.................................................23 4.6.2 Fire Hazard Analysis................................................23 4.7 Emergency Preparedness and Emergency Communications........................23 4.7.1 Conditions that Initiate Requirements of this Section...............23 4.7.2 Primary Applicable Requirements.....................................23 4.7.3 General Application.................................................24 4.8 Explosives Criteria........................................................24 5.0 Supplementary Design Criteria for Safety Structures, Systems, and Components..25 5.1 General Requirements.......................................................25 5.1.1 Assurance of Safety Function........................................25 5.1.2 Support System and Interface Design.................................27 5.1.3 Quality Assurance...................................................28 5.2 Specific Criteria..........................................................28 5.2.1 Structural..........................................................29 5.2.2 Mechanical..........................................................30 5.2.3 Electrical..........................................................33 5.2.4 Instrumentation, Control, and Alarm Systems.........................34 Appendix A .......................................................................A-1 List of Tables Table 5-1. Codes for safety-significant and safety-class structures...............30 Table 5-2. Codes for safety-significant and safety-class ventilation system components.31 Table 5-3. Codes for safety-significant and safety-class process equipment........32 Table 5-4. Codes for safety-significant and safety-class handling equipment.......33 Table 5-5. Codes for safety-significant and safety-class electrical systems.......34 Table 5-6. ANSI/IEEE standards to be used as guidance for both safety-significant and safety-class electrical systems as appropriate.....................34 Table 5-7. Codes for safety-significant and safety-class instrumentation, control, and alarm components...................................................35 Glossary Note: Origins of the definitions are indicated by references shown in "[ ]" (brackets), although in some cases the referenced Orders are being replaced. If no reference is listed, the definition originates in this IG and is unique to its application. Terms used within this IG that are not defined in the Glossary carry their definition from the referenced documents. Accident. An unplanned sequence of events that results in undesirable consequences. [DOE-STD-3009-94] Accident analysis. For the purposes of properly implementing the Unreviewed Safety Question (USQ) Order, the term accident analysis refers to those bounding analyses selected for inclusion in the Safety Analysis Report (SAR). These analyses refer to design basis accidents only. [DOE 5480.21] Accident analysis has historically consisted of the formal development of numerical estimates of the expected consequence and probability of potential accidents associated with a facility. For the purposes of this IG, accident analysis is a follow-on effort to the hazard analysis, not a fundamentally new examination requiring extensive original work. As such, it requires documentation of the basis for assignment to a given likelihood of occurrence range (e.g., 1/y to 10-2/y, 10-2/y to 10-4/y, 10-4/y to 10-6/y) in hazard analysis and performance of a formally documented consequence analysis. Consequences are compared with offsite Evaluation Guidelines to identify safety-class structures, systems, and components. [DOE- STD-3009-94] ALARA. As low as reasonably achievable. [DOE 5480.11] Confinement barriers.  Primary confinement. Provides confinement of hazardous material to the vicinity of its processing. This confinement is typically provided by piping, tanks, glove boxes, encapsulating material, and the like, along with any offgas systems that control effluent from within the primary confinement.  Secondary confinement. Consists of a cell or enclosure surrounding the process material or equipment along with any associated ventilation exhaust systems from the enclosed area. Except in the case of areas housing glove-box operations, the area inside this barrier is usually unoccupied (e.g., canyons, hot cells); it provides protection for operating personnel.  Tertiary confinement. Typically provided by walls, floor, roof, and associated ventilation exhaust systems of the facility. It provides a final barrier against the release of hazardous material to the environment. Construction. Any combination of engineering, procurement, erection, installation, assembly, or fabrication activities involved in creating a new facility or altering, adding to, or rehabilitating an existing facility. It also includes the alteration and repair (including dredging, excavating, and painting) of buildings, structures, or other real property. Decommissioning. The process of closing and securing a nuclear facility or nuclear materials storage facility to provide adequate protection from radiation exposure and to isolate radioactive contamination from the human environment. [DOE 5480.30] Decontamination. The act of removing a chemical, biological, or radiological contaminant from or neutralizing its potential effect on a person, object, or environment by washing, chemical action, mechanical cleaning, or other techniques. [DOE 5480.30] Design basis. Information that identifies the specific functions to be performed by a structure, system, or component of a facility, and the specific values or range of values chosen for controlling parameters as reference bounds of design. These values may be (1) restraints derived from generally accepted "state of the art" practices for achieving functional goals, or (2) requirements derived from analyses (based on calculations and/or experiments) of the effects of a postulated accident for which a structure, system, or component must meet its functional goals. [10 CFR 50.20] Design basis accident. An accident postulated for the purpose of establishing functional and performance requirements for safety structures, systems, and components. [DOE-STD-3009- 94] Effluent monitoring. The collection and analysis of samples or measurements of liquid and gaseous effluents for the purpose of characterizing and quantifying contaminants, assessing radiation exposures of members of the public, providing a means to control effluents at or near the point of discharge, and demonstrating compliance with applicable standards and permit requirements. [DOE 5400.1] Evaluation Guidelines. Radiation dose value against which the safety analysis evaluates. Offsite Evaluation Guidelines are established for the purpose of identifying and evaluating safety-class structures, systems, and components. For the purpose of this IG, an offsite Evaluation Guideline of 25 rem, 50-year total effective dose equivalent for a 1-year uptake at the site boundary shall be used. Explosives facility. Any facility or location used for storage or operation with explosives or ammunitions. Facility. For the purpose of this IG, the definition most often refers to buildings and other structures, their functional systems and equipment, and other fixed systems and equipment installed therein to delineate a facility. However, specific operations and processes independent of buildings or other structures (e.g., waste retrieval and processing, waste burial, remediation, groundwater or soil decontamination, decommissioning) are also encompassed by this definition. The flexibility in the definition does not extend to subdivision of physically concurrent operations having potential energy sources that can seriously affect one another or which use common systems fundamental to the operation (e.g., a common glove-box ventilation exhaust header). [DOE-STD-3009-94] Fail safe. A design characteristic by which a unit or system will become safe and remain safe if a system or component fails or loses its activation energy. Hazard. A source of danger (i.e., material, energy source, or operation) with the potential to cause illness, injury, or death to personnel or damage to an operation or to the environment (without regard for the likelihood or credibility of accident scenarios or consequence mitigation). [DOE 5480.23] Hazard analysis. The determination of material, system, process, and plant characteristics that can produce undesirable consequences, followed by the assessment of hazardous situations associated with a process or activity. Largely qualitative techniques are used to pinpoint weaknesses in design or operation of the facility that could lead to accidents. The SAR hazard analysis examines the complete spectrum of potential accidents that could expose members of the public, onsite workers, facility workers, and the environment to hazardous materials. [DOE-STD-3009-94] Hazard classification. Evaluation of the consequences of unmitigated releases to classify facilities or operations into the following hazard categories:  Hazard Category 1: The hazard analysis shows the potential for significant offsite consequences.  Hazard Category 2: The hazard analysis shows the potential for significant onsite consequences.  Hazard Category 3: The hazard analysis shows the potential for only significant localized consequences. [DOE 5480.23] DOE-STD-1027-92 provides guidance and radiological threshold values for determining the hazard category of a facility. DOE-STD-1027-92 interprets Hazard Category 1 facilities as Category A reactors and other facilities designated as such by the Program Secretarial Officer. [DOE-STD-3009-94] Hazardous material. For the purpose of this IG, any solid, liquid, or gaseous material that is not radioactive but is toxic, explosive, flammable, corrosive, or otherwise physically or biologically threatening to health. Nonreactor nuclear facility. Those activities or operations that involve radioactive and/or fissionable materials in such form and quantity that a nuclear hazard potentially exists to the employees or the general public. Included are activities or operations that:  Produce, process, or store radioactive liquid or solid waste, fissionable materials, or tritium.  Conduct separations operations.  Conduct irradiated materials inspection, fuel fabrication, decontamination, or recovery operations.  Conduct fuel enrichment operations.  Perform environmental remediation or waste management activities involving radioactive materials. Incidental use and generating of radioactive materials in a facility operation (e.g., check and calibration sources, use of radioactive sources in research and experimental and analytical laboratory activities, electron microscopes, and x-ray machines) would not ordinarily require the facility to be included in this definition. [DOE S480.23] Public. All individuals outside the DOE site boundary. [DOE-STD-3009-94] Risk. The quantitative or qualitative expression of possible loss that considers both the probability that an event will occur and the consequence of that event. [DOE 5480.23] Safety analysis. A documented process: (1) to provide systematic identification of hazards within a given DOE operation; (2) to describe and analyze the adequacy of the measures taken to eliminate, control, or mitigate identified hazards; and (3) to analyze and evaluate potential accidents and their associated risks. [DOE 5480.23] Safety analysis report (SAR). A report that documents the adequacy of safety analysis to ensure that a facility can be constructed, operated, maintained, shut down, and decommissioned safely and in compliance with applicable laws and regulations. [DOE 5480.23] Safety basis. The combination of information relating to the control of hazards at a facility (including design, engineering analyses, and administrative controls) upon which DOE depends for its conclusion that activities at the facility can be conducted safely. [DOE 5480.23] Safety-class structures, systems, and components (safety-class SSCs). Structures, systems, or components whose preventive or mitigative function is necessary to keep hazardous material exposure to the public below the offsite Evaluation Guidelines. [DOE-STD-3009-94] Safety-significant structures, systems, and components (safety-significant SSCs). Structures, systems, and components not designated as safety-class SSCs, but whose preventive or mitigative function is a major contributor to defense in depth (i.e., prevention of uncontrolled material releases) and/or worker safety as determined from hazard analysis. As a general rule of thumb, safety-significant SSC designations based on worker safety are limited to those systems, structures, or components whose failure is estimated to result in a prompt worker fatality or serious injuries to workers. Serious injuries, as used in this definition, refer to immediately life-threatening or permanently disabling injuries (e.g., loss of eye, loss of limb) from other than standard industrial hazards. It specifically excludes potential latent effects (e.g., potential carcinogenic effects of radiological exposure or uptake). The general rule of thumb cited above is not an Evaluation Guideline. It is a lower threshold of concern for which safety-significant SSC designation may be warranted, not a quantitative criteria. Estimates of worker consequences for the purpose of a safety-significant SSC designation are not intended to require detailed analytical modeling. Considerations should be based on engineering judgment of possible effects and the potential added value of safety- significant SSC designation. [DOE-STD-3009-94] [Note: As used in this IG, safety-significant SSC distinguishes a specific category of SSCs other than safety-class SSCs. It should not be confused with the generic modifier "safety significant" used in DOE Orders (e.g., DOE 5480.23).] Safety structures, systems, and components (safety SSCs). The combined set of both safety-class and safety-significant structures, systems, and components for a given facility. [DOE-STD-3009-94] Single-failure criterion. Safety systems shall perform all required safety functions for a design basis accident in the presence of the following:  Any single detectable failure within the safety systems concurrent with all identifiable but undetectable failures.  All failures caused by the single failure.  All failures and spurious system actions that cause, or are caused by, the design basis accident requiring the safety function. The single failure could occur prior to, or at any time during, the design basis accident for which the safety system is required to function. [ANSI/IEEE Standard 379-1994, Chapter 4] Site boundary. A well-marked boundary of the property over which the owner or operator can exercise strict control. Abbreviations and Acronyms ac/dc alternating current/direct current ACGH American Conference of Governmental Hygienists ACI American Concrete Institute AISC American Institute of Steel Construction ALARA As low as reasonably achievable ANS American Nuclear Society ANSI American National Standards Institute API American Petroleum Institute ASHRAE American Society of Heating, Refrigeration, and Air-Conditioning ASME American Society of Mechanical Engineers ASTM American Society for Testing and Materials AWWA American Water Works Association CFR Code of Federal Regulations DBA Design basis accidents DoD Department of Defense DoDESB Department of Defense Explosives Safety Board DOE Department of Energy DOE-STD DOE Standard DOT Department of Transportation EIA Electronic Industries Association EOC Emergency Operations Center EPA Environmental Protection Agency EQ Environmental qualification ERDA Energy Research and Development Administration (predecessor to DOE) FHA Fire hazard analysis FM Factory Mutual HEPA High-efficiency particulate air (filter) I&C Instrumentation and control IEEE Institute of Electrical and Electronic Engineers IES Illumination Engineering Society IG Implementation Guide ISA Instrumentation Society of America NCRP National Council on Radiation Protection NEPA National Environmental Policy Act NFPA National Fire Protection Association NPH Natural phenomena hazards NQA Nuclear Quality Assurance NRC Nuclear Regulatory Commission OSHA Occupational Safety and Health Administration PEL Permissible exposure limit QA Quality assurance RAM Reliability, availability, and maintainability RCRA Resource Conservation and Recovery Act SAR Safety analysis report SMACNA Sheet Metal and Air Conditioning Contractors National Association SSC Structures, systems, and components TSR Technical safety requirement UL Underwriters Laboratory USGS U.S. Geological Survey USQs Unreviewed safety questions Implementation Guide for Nonreactor Nuclear Safety Design Criteria and Explosives Safety Criteria 1.0 Introduction 1.1 General This Implementation Guide (IG) provides guidance for satisfying the requirements contained within Department of Energy (DOE) 420.1, "Facility Safety," Section 4.1, "Nuclear and Explosives Safety Design Criteria." This IG provides guidance for the application of DOE Orders, Rules, and national and industry codes and standards to achieve compliance with DOE 420.1, Section 4.1, requirements. The facility design shall conform to the requirements of DOE 420.1, Section 4.1, and construction shall be in accordance with the approved design. The objective of this IG is to provide an acceptable methodology for selecting industry codes and standards for nuclear safety aspects of design of nonreactor nuclear facilities. Compliance with the guidance of this IG is an acceptable approach to complying with the requirements of DOE 420.1, Section 4.1. This IG stresses that safety design should be driven by safety analysis and provides interpretive guidance on the performance-level requirements of the Order. A successful safety design product depends on the quality of the safety analysis and on engineering judgment in the transformation of this guidance to the final design. This IG is not intended to be all inclusive with respect to the nuclear/radiological safety requirements and guidance for designing a DOE nonreactor nuclear facility. Where other DOE Orders, Rules, and national and industry codes and standards contain requirements and supporting guidance pertaining to safety of nuclear facilities, such guidance will not be repeated in this document. Instead, a short discussion will point to the relevant document. Examples are found in the areas of natural phenomena hazards mitigation, fire protection, criticality safety, and explosives safety. 1.2 Application The requirements of DOE 420.1, Section 4.1, are applicable to the design and construction of new nonreactor nuclear facilities and for modifications to existing nonreactor nuclear facilities when the modifications significantly increase the probability or consequence of a nuclear accident or require a change in the Technical Safety Requirements (TSRs) of a facility. It is intentionally left to the exercise of judgment of the proposing contractor and the approving DOE authority to define "significant." In part, this is intended to allow upgrading of existing safety equipment or installation of minor new improvements without subjecting the process to onerous procedural requirements and thus discouraging improvements. Modifications to facility design and construction during the design and construction phase shall conform to the design requirements for new facilities. All new construction shall, as a minimum, conform to the model building codes applicable for the state or region, supplemented with additional safety requirements associated with the hazards in a facility in a graded manner 1.3 Content This IG is structured to represent the progressive logic of design. The "Introduction" section provides a general statement regarding the intent and applicability of the IG. The following sections provide guidance for nuclear safety design concepts or assurances, elements of design for nuclear safety, functional design criteria, and criteria for safety structures, systems, and components (SSCs). Contained within Section 2.0, "Safety Analysis and Design Process," are nuclear safety design concepts that when implemented along with specific criteria should ensure a safe facility design. This section addresses the importance of starting the safety analysis as early as possible in the design and maintaining an interrelationship between the design process and the safety analysis, as they both evolve. Other concepts addressed under this section are defense in depth, system engineering, and quality assurance. These are nuclear safety design concepts and strategies to be applied at the beginning and throughout the design process to ensure safety concerns are addressed and incorporated into the design as necessary. Section 3.0, "Elements of Design for Nuclear Safety," Section 4.0, "Functional Design Criteria," and Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and Components," describe specific criteria that are to be applied, as applicable, to the facility under design. The guidance within these sections relates to safety as it applies to the overall facility and its impact on facility design. Section 3.0 addresses nuclear safety criteria that should be considered during the design process such as siting, natural phenomena, architecture, accessibility and maintainability, human factors, and decontamination and decommissioning. Section 4.0 is more specific to the safety function(s) that are to be performed within or by the facility under design. These nuclear safety criteria include nuclear criticality, radiation protection, hazardous material protection, effluent monitoring and control, waste management, fire protection, emergency preparedness and emergency communications, and explosives criteria and their applicability to the safety of the facility, depending on the function or mission of the facility. Section 5.0 provides guidance for specific criteria requirements for the SSC that are identified, via the safety analysis, to function as safety-class or safety-significant SSCs. These criteria are applied to those specific elements within the facility. 1.4 Compliance with DOE 420.1 Requirements This section provides a correlation of the requirements contained in DOE 420.1, Section 4.1, to this IG. The objectives of DOE 420.1, Section 4.1, "Nuclear Safety," are covered in the IG "Introduction" section defining the intent and applicability to DOE design activities. The requirements for the development process of the safety analysis are set forth in DOE 420.1, Section 4.1.1.1, "General Requirements." Also contained in DOE 420.1, Section 4.1.1.1, and DOE 420.1, Section 4.1.1.2, "Design Requirements," are the requirements pertaining to the implementation of defense in depth and the quality level requirements for facility design and construction. Section 2.0, "Safety Analysis and Design Process," of this IG provides guidance for performing the safety analysis and maintaining an interrelationship with the design process. This IG section also contains guidance for nuclear safety design concepts such as defense in depth, system engineering, and quality assurance to meet the requirements set forth in DOE 420.1, Section 4.1. Guidance for the additional nuclear safety design requirements set forth in Section 4.1.1.2 of DOE 420.1 are addressed in detail in Section 3.0, "Elements of Design for Nuclear Safety," Section 4.0, "Functional Design Criteria," and Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and Components," of this IG. Requirements related to the overall facility design, such as siting; natural phenomena; architecture; reliability, accessibility and maintainability; and decontamination and decommissioning are provided in Section 3.0 of this IG. Section 4.0 of this IG provides guidance to meet the nuclear safety functional requirements of DOE 420.1, Section 4.1.1.2, as they pertain to as low as reasonably achievable (ALARA), waste management, and other functional operations. The guidance to meet the requirements for safety SSCs to be designed so they can perform their safety functions when called upon to operate and to be designed and fabricated under a quality assurance program as defined in Section 4.1.1.2 of DOE 420.1 are addressed in Section 5.0 of this IG. Guidance to comply with the requirements contained in Section 4.1.2, "Explosives Safety," of DOE 420.1, Section 4.1, are provided in Section 4.8, "Explosives Criteria," of this IG. 2.0 Safety Analysis and Design Process 2.1 Design Process and Safety Analysis Relationship In this section, the relationship between the facility design process and the parallel development of the facility safety analysis process is discussed. Continuous coordination is necessary between these two activities throughout the project to ensure that the final design meets the mission requirements and includes the required safety features. The safety analysis shall be performed in accordance with the guidance in DOE-STD-3009-94 and the requirements of DOE 5480.23 to develop and validate the functional and performance requirements for the safety SSCs. Design of safety SSCs is an important part of the overall facility design process. As the facility design progresses from conceptual design through the finalization of design, designers and safety analysts must exchange information in an iterative process. Early in the conceptual design, a hazard analysis shall be conducted based on the anticipated physical and chemical processes to be used in support of the overall facility mission, external man-induced hazards, and natural phenomena hazards. The hazards associated with processes may influence the design, e.g., alternative physical layouts, segmentation of facilities to isolate particularly hazardous processes, or the use of multistage or parallel processes to reduce the hazardous material in any particular process step. Natural phenomena hazards shall be considered in accordance with DOE 420.1, Section 4.4, "Natural Phenomena Hazards Mitigation," and its Implementation Guide. External man-induced hazards peculiar to the site (such as pipelines and hazardous materials storage) shall be considered. The results of the hazard analysis shall be used to identify the design basis accidents (DBAs) that in turn shall be used to define the functional and performance requirements of the facility safety SSCs. Safety SSCs required to prevent or mitigate accidents whose consequences exceed offsite Evaluation Guidelines shall be defined as safety-class SSCs. Safety-significant SSCs shall be selected for worker protection and to provide defense in depth. This information shall be incorporated into the design of these safety SSCs. The defense-in-depth concept, described in Section 2.3 of this IG, shall be integrated into the facility design process. The application of the defense-in-depth concept to the facility design will help identify potential safety features to be included in the facility design. Consideration should be given to prevent or mitigate accident consequences from contaminating the environment, even when direct public or worker safety is not an issue. Sufficient hazard and accident analyses shall be completed during the preliminary design to verify and finalize the selection of safety SSCs. These hazard and accident analyses shall be sufficiently complete to determine the DBA environmental and load conditions for safety SSCs. 2.2 External Design Constraints The primary inputs for facility design include the DOE mission requirements, DOE 420.1, and externally imposed regulatory inputs from federal [e.g., Occupational Health and Safety Administration (OSHA), Environmental Protection Agency (EPA), etc.], state, and local governments where the facility is located (e.g., a stack monitor to record releases to comply with local environmental monitoring requirements), and DOE 430.1, "Life-Cycle Asset Management," which calls for the use of national consensus codes and standards. As a minimum, design and construction shall conform to the model building codes applicable for the state or region, supplemented with additional safety requirements associated with the hazards in the facility in a graded manner. 2.3 Defense in Depth Defense in depth is a safety design concept or strategy that shall be applied at the beginning and maintained throughout the facility design process. This safety design strategy is based on the premise that no one layer of protection is completely relied upon to ensure safe operation. By applying this safety strategy, the DOE 420.1 objective of providing multiple layers of protection to prevent or mitigate an unintended release of radioactive material to the environment can be achieved. Conceptually, there are three levels of defense in depth. The first level of defense consists of a well-designed facility with process design to reduce source terms, reliable SSCs that are simple to operate and maintain and resistant to degradation, and personnel well trained in operations and maintenance and committed to a strong safety culture. The second level recognizes that failures of systems and components and human failures cannot be entirely eliminated and that protective features (e.g., engineering design features and administrative controls) are required. These features are provided to ensure a return to normal operation or to bring the facility to a safe condition in the event of anticipated but abnormal events. These features may provide automatic system response to such events or may be monitors that alert operators to the necessity of taking manual action. Such response to off-normal conditions can effectively halt the progression of events toward an accident. The final level of defense consists of conservatively designed safety SSCs to prevent or mitigate the consequences of accidents that may be caused by errors, malfunctions, or by events that occur both internal and external to the facility. The following are elements of defense in depth related to safety design and construction that shall be objectives during the design process:  Siting. Consider site locations that reduce the need to provide design measures to alleviate potentially hazardous conditions or to protect surrounding populations. For example, consideration of ground instability, flooding, and hazards due to nearby installations or activities.  Material at risk. Apply facility and process design and administrative controls to minimize and control inventories of radioactive materials and their forms.  Conservative design. Design conservative margins that may allow operations to deviate from normal conditions before requiring corrective actions and taking into consideration the potential degradation of elements and operational errors.  Quality assurance. Use quality-assurance practices for the design and construction of safety SSCs whose stringency is commensurate with anticipated hazards, including but not limited to the assurance of qualified design and construction personnel, traceability of design decisions and procurements, and documentation of changes in design and construction.  Physical barriers. Design physical barriers to confine radioactive material and thereby prevent uncontrolled releases.  Critical safety functions. Design to provide multiple ways for safety functions to control processes, to maintain processes in a safe state, and to confine radioactivity when accidents could have the potential for significant public radiological impact.  Equipment and administrative controls. Include features to control process variables to values within safe conditions, to alert operating personnel of an approach toward conservative process limits, to allow timely detection of failure or malfunction of critical equipment, and to allow for the imposition of administrative controls assumed in the hazard analysis, and/or accident analysis.  Emergency features. Include alarms and monitors to alert workers and the public to the existence of unsafe conditions and to record the sequence and severity of an accident. Evacuation considerations incorporated into the facility design are to be coordinated with the development of the emergency plan. The detailed design criteria requirements for these defense-in-depth elements that shall be used are defined in Section 3.0, "Elements of Design of Nuclear Safety," Section 4.0, "Functional Design Criteria," and Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and Components," of this IG. 2.4 Systems Engineering The systems engineering process covers a broad range of activities that involves the design and management of a total facility. For the purpose of this IG, the focus will be on those elements of systems engineering that relate to nuclear safety and should be considered as part of the overall facility system engineering activities. The systems engineering activities relating to nuclear safety include the following:  Identifying and integrating facility nuclear safety requirements.  Coordinating multidisciplinary teamwork in implementing facility safety requirements.  Providing nuclear safety-related interface management.  Providing configuration management to include the establishment of baseline configuration.  Coordinating technical reviews of the facility nuclear safety features. The application of systems engineering activities to the nuclear safety aspects of facility design should be graded and commensurate with the facility hazards and complexity. The goal is to ensure that the systems engineering activities include consideration of the appropriate facility safety features. Electronic Industries Association (EIA) Interim Standard, "System Engineering," and the applicable Implementation Guides for DOE 430.1, "Life-Cycle Asset Management," should be used as guides in developing systems engineering actives to enhance the facility safety design. 2.5 Quality Assurance As required by 10 CFR 830.120, "Quality Assurance Requirements," nuclear facilities shall develop and implement a Quality Assurance (QA) program that meets the requirements contained therein. Supplemental information and acceptable methods for implementing these requirements are found in "Implementation Guide For Use with 10 CFR 830.120, G-830.120." QA encompasses all those planned and systematic actions and controls necessary to ensure that risk to the public health and safety and the environment are controlled and that the safety, reliability, and performance are realized through the application of effective management systems. The "graded approach" should be applied when identifying QA requirements for SSCs; that is, the scope and breadth of the requirements contained within the QA program should be adjusted to reflect the importance of the safety function of the SSCs. The degree of implementation of the QA Program should evolve concurrently with the project through its life cycle. Specifically, the QA requirements identified for an SSC's design, fabrication, construction, and modification shall be documented and supported by the facility's safety analysis. Document and change control for project design documents and supporting documentation shall be provided by the design activity during the design. By the start of construction, document and change control shall be provided by an appropriate QA configuration management program. Subsequent changes to project design and supporting documents shall be made by means of a formal change control program in accordance with 10 CFR 830.120. Additional QA criteria for safety SSCs are found in Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and Components," of this IG. 3.0 Elements of Design for Nuclear Safety 3.1 General This section provides design guidance and identifies key documents that contain safety design requirements for the design and construction of DOE nonreactor nuclear facilities. The predominant model building codes in the region shall govern on issues not covered in this IG. Section 4.2, "Fire Protection," of DOE 420.1 shall apply for fire protection and life safety criteria. When developing the safety aspects of the facility design, there is a logical sequence of design considerations to follow. First, the radioactive and/or hazardous material inventory should be minimized and material forms considered. Next, conservative design margins should be applied as appropriate. Finally, appropriate preventive and mitigative features should be considered. Successful application of these principles and features into the facility design will result in a safe facility design. 3.1.1 Radioactive and/or Hazardous Material Inventory The basic and most effective means of controlling the hazards inherent in the facility is the restriction of inventories and forms of radioactive and/or hazardous materials. Emphasis should be placed on limiting the quantities of radioactive and/or hazardous materials in both process and storage areas. Material may be rendered less hazardous by maintaining it in more stabilized and less dispersible forms. For example, a quantity of plutonium stored in metal form presents less of a hazard than the same quantity stored in its oxide form. 3.1.2 Conservative Facility Design The next area of emphasis should be conservative design margins that account for deviations from normal process parameters. The facility design also should accommodate means such as monitors and automatic and manual controls to restrict deviations from normal operations and to assist recovery during the early stages of an accident sequence. Conservative design features apply to safety SSCs as described in Section 5.1.1.1 of this IG. 3.1.3 Preventive Features To prevent abnormal facility conditions from progressing to accidents, preventive features should be considered in the design. The objective of these features is to provide a return to normal operation or return to a safe condition. These features may provide automatic system response to such events or may be monitors that alert operators to the necessity of taking manual action. Such response to off-normal conditions can effectively halt the progression of events toward an accident. 3.1.4 Mitigating Features Safety SSCs shall be provided to mitigate consequences of accidents that may still occur despite the application of the preceding conventions. The safety SSCs shall be identified through the safety analysis (see Section 2.1 of this IG). 3.2 Siting Criteria Development The following factors should be considered in determining facility site suitability and in establishing facility safety design criteria:  The site boundary and land-use characteristics of the site surroundings, including properties at risk from accidental exposures, public exclusion zones (access control), population-center distances, and population density.  Proximity of services such as the fire department and emergency medical centers.  Utility systems essential to support safety class SSCs.  Physical characteristics of the site, including topography, meteorology, and hydrology.  Geological and subsurface elements such as earthquake loading, soil bearing design capacity, rock or other bearing stratum, and groundwater elevations.  Natural phenomena hazards as discussed in Section 3.3, "Natural Phenomena Hazards," of this IG and DOE 420.1, Section 4.4, "Natural Phenomena Hazards Mitigation," including seismic activity, wind, hurricane, tornado, flood, hail, volcanic ash, lightning, and snow.  Emergency response considerations, including population sheltering or shielding parameters and evacuation delay times and rates for the public and colocated workers.  Potential man-induced hazards from nearby facilities or activities such as industrial and military facilities, aircraft impacts, pipelines, and transportation routes.  Proximity and hazard to other facilities (from the proposed facility).  Site relater assumptions of the Environmental Impact Statement. For the purpose of this IG, a radiological siting criterion of 25 rem, 50-year total effective dose equivalent from a 1-year uptake at the site boundary shall be used. 3.3 Natural Phenomena Hazards 3.3.1 General Application Safety SSCs shall be designed and constructed to withstand the effects of natural phenomena hazards (NPHs). Fundamental requirements for NPHs are specified in the regional model building codes. The natural phenomena design requirements for safety SSCs as specified in DOE 420.1, Section 4.4, and the associated DOE Standards shall apply to safety SSCs as determined by the methodology described in DOE-STD-3009-94. The safety-class or safety- significant designation is the basis for selecting the specified natural phenomena design requirements found in the referenced DOE standards. 3.3.2 Primary Applicable Requirements  DOE 420.1, Section 4.4 and its Implementation Guide.  DOE-STD-1020-94.  DOE-STD-1021-93.  DOE-STD-1022-94.  DOE-STD-1023-94.  DOE-STD-1024-92. 3.3.3 Other Considerations Design considerations for volcanic eruption and ash fall, lightning strikes, range fires, snow loads, and extreme temperatures are not provided in DOE 420.1, Section 4.4, and other associated standards. Criteria for the assessment and mitigation of these hazards shall be developed on a site-specific basis and approved by DOE prior to use. Lightning protection systems shall be considered for buildings and structures that contain, process, and store radioactive, explosive, and similarly hazardous materials. Lightning protection systems shall be designed to comply with NFPA 780. (See DOE 420.1, Sections 4.3 and 4.4.) Design considerations should be given to the interaction of more than one event, particularly those more likely to occur simultaneously. For example, heavy rains usually accompany tornadoes or high winds; excessive roof loads may result from rain and accumulated volcanic ash; and upstream dams may fail due to seismic events. 3.4 Architectural The type and level of hazards should be determined for each functional area, the attendant degree of risk established, and the possibility of cross contamination considered. Wherever possible, work areas with compatible contaminants should be located together to simplify design criteria related to air supply and exhaust, waste disposal, decontamination, and cross contamination. Radioactive and hazardous material contamination control requirements should be considered in the design to minimize the potential for contamination spread. Office areas should be located in common-use facilities (e.g., data computation and processing, word processing, etc.) and away from process areas to minimize risks to workers of exposure to radioactive and/or hazardous materials. 3.4.1 Building Layout The building layout should provide protection from the hazards associated with handling, processing, and storing of radioactive and/or hazardous materials. In addition, the following items should be considered in the facility safety design:  The provision of additional space for temporary shielding or for additional shielding in the event radiation levels are higher than anticipated.  The arrangement and location of hazardous process equipment and its maintenance provisions should provide appropriate protective and safety measures as applicable.  The building design should accommodate a prompt return to a safe condition in emergencies and allow ready access and protection of workers in areas where manual corrective actions are required and in areas that contain radiation monitoring equipment readouts.  Facility layout should provide specific control and isolation, if possible, of quantities of flammable, toxic, and explosive gases, chemicals, and other hazardous materials admitted to the facility. 3.4.2 Access Control The facility design should accommodate the requirements for safeguards and security, emergency egress, and area access control for worker protection. Where these requirements may appear to conflict, life safety shall take precedence. For example, safeguards and security requirements would minimize the number of entrances and exits, but for worker safety, the emergency-egress requirements would provide an adequate number of exits. Specific requirements for access control shall be implemented as specified by 10 CFR 835 for radiological hazards, by RCRA for hazardous waste treatment, storage, and disposal facilities, and by 29 CFR 1910 and 1926 (OSHA) for hazardous material locations within operating facilities and construction sites. Where access control is provided for control rooms that contain safety-class SSC controls and monitoring, the same level of qualification shall be considered for the access control features. Access controls shall not prevent operator actions required to achieve and maintain a facility in a safe condition. 3.5 Accessibility and Maintainability Section 4.1.1.2 of DOE 420.1 requires that facilities be designed to facilitate inspection, testing, maintenance, and repair and replacement of safety SSCs to assure their continued function, readiness for operation, and accuracy. The facility design shall include provisions for accessibility and maintainability that include but are not limited to the following:  Surveillance equipment should be located and sufficient space provided for relative ease of routine testing and maintenance activities.  Accessible inspection covers to allow for visual inspection should be provided and located such that necessary routine inspections can be conducted with minimum disruption to the facility or equipment operation. Examples include ducting and process piping systems.  The facility design should include features that provide for ease of routine maintenance without a subsequent mission reduction. Examples include providing sufficient clearance around equipment to accommodate change out of large components and providing permanent ladder(s) and platform(s) access to lubrication and equipment areas. A Reliability, Availability, and Maintainability (RAM) program should be established in accordance with the guidance of DOE "Reliability, Availability, and Maintainability Guidelines" (Draft) and graded as to the complexity and hazards of the facility. The purpose of a RAM programs to help ensure that the project will be free of RAM-related problems that could prevent achieving health, safety, environmental, performance, schedule, and economic goals. 3.6 Human Factors Engineering Appropriate human factors engineering principles and criteria should be integrated into the design, operation, and maintenance of DOE facilities. The human factor elements that should be considered include, but are not limited to, the following: equipment labeling, workplace environment (temperature and humidity, lighting, noise, vibration, and aesthetics), human dimensions, operating panels and controls, component arrangement, warning and annunciator systems, and communication systems. The applicable criteria found in NUREG 0700, MIL- STD-1472C (DoD), and ANSI/IEEE 1023 should be considered in the design of these elements. 3.7 Design to Facilitate Deactivation, Decontamination, and Decommissioning 3.7.1 Deactivation Deactivation is the process of removing hazardous materials and neutralizing hazardous conditions at the end of a facility's life or mission prior to decontamination and decommissioning. Design to facilitate deactivation would incorporate facility features that aid in the removal of surplus radioactive and chemical materials; storage tank cleanout and maintenance; stabilization of contamination and process materials; and the removal of hazardous, mixed, and radioactive wastes. In general, these features would reduce the physical risks and hazards associated with facility decontamination and decommissioning and would also be called for when designing for ease of maintenance during operation. 3.7.2 Decontamination In accordance with DOE 420.1, the facility design shall incorporate measures to simplify decontamination of areas that may become contaminated with radioactive or hazardous materials. Items such as service piping, conduits, and ductwork should be kept to a minimum in potential contamination areas and should be arranged to facilitate decontamination. Walls, ceilings, and floors in areas vulnerable to contamination should be finished with washable or strippable coverings. Metal liners should be used in areas that have the potential to become highly contaminated. Cracks, crevices, and joints should be filled and finished smooth to prevent accumulation of contaminated material. The facility design should incorporate features that will facilitate decontamination to achieve facility decommissioning, to increase the potential for other uses, or both. 3.7.3 Decommissioning Design features consistent with the requirements of DOE 5820.2A, Chapter V, should be developed during the planning and design phases based on decommissioning requirements or a conversion method leading to other facility uses. The following design principles should be considered:  Use of localized liquid-transfer systems with emphasis on localized batch solidification of liquid waste to avoid long runs of buried contaminated piping. Special provisions should be included in the design to ensure the integrity of joints in buried pipelines.  Location of exhaust filtration components of the ventilation systems at or near individual enclosures to minimize long runs of internally contaminated ductwork.  Equipment, including effluent decontamination equipment, that precludes, to the extent practicable, the accumulation of radioactive or other hazardous materials in relatively inaccessible areas, including curves and turns in piping and ductwork. Accessible, removable covers for inspection and cleanouts are encouraged.  Use of modular radiation shielding in lieu of or in addition to monolithic shielding walls.  Provisions for flushing and/or cleaning contaminated or potentially contaminated piping systems.  Provisions for suitable clearances, where practical, to accommodate remote handling and safety surveillance equipment required for future decontamination and decommissioning.  Use of lifting lugs on large tanks and equipment.  Piping systems that carry contaminated or potentially contaminated liquid should be free draining via gravity. 4.0 Functional Design Criteria 4.1 Nuclear Criticality Safety 4.1.1 Conditions that Initiate Requirements of this Section Any DOE facility that may produce, process, store, transfer, dispose, or otherwise handle sufficient quantities of fissionable material that present a concern for accidental criticality shall be designed to meet the requirements of DOE 420.1, Section 4.3, "Nuclear Criticality Safety." 4.1.2 Primary Applicable Requirements DOE 420.1, Section 4.3, contains requirements that facilities be designed in such a manner that the probability of a criticality accident is acceptably low and, to the extent practical, the public, the workers, and the environment are protected from damaging effects and undue hazards that may arise from a criticality accident as required; that no single credible event or failure shall result in a criticality accident having unmitigated consequences; and that criticality accident alarm systems and criticality detection systems be included. See DOE 420.1, Section 4.3, and its supporting standards for details. 4.2 Radiation Protection 4.2.1 Primary Applicable Requirements The control of radiological exposures of workers, the public, and the environment shall be in accordance with Section 4.1.1.2 of DOE 420.1, 10 CFR 835, and 10 CFR 834 (Proposed). Additional guidance is contained in the DOE "Radiological Control Manual" (DOE/EH- 0256T). 4.2.2 General Application The primary objective of radiological protection is to minimize personnel external and internal exposures to radioactive materials; provide adequate radiation posting, sampling, monitoring, and notification or alarm capabilities; and apply ALARA principles. Radiation protection should be provided through facility physical design (e.g., shielding, remote handling, area layout, equipment layout, confinement, and ventilation) and supplemented by cautionary systems. ALARA principles to minimize personnel exposures shall be applied to all equipment and facility designs. Specific criteria for monitoring and entry control systems, posting and labeling of radioactive materials, nuclear accident dosimetry, and ALARA applications shall be applied as required by 10 CFR 835. Offsite dose limits used to assess acceptability of the facility safety design during normal operations and anticipated operational occurrences shall comply with 10 CFR 834 (Proposed). Physical layout and details of proven radiological equipment designs are contained in the DOE adopted IAEA Safety Series 30 Standard and Faust (1988). The projected dose rates shall be based on occupancy, duration, and frequency of exposure and shall not exceed values specified in 10 CFR 835. This may require that shielding be provided for areas requiring normal and intermittent access, such as those for preventive maintenance, component changes, or adjustment of systems and equipment. The type of shielding should be determined by the characteristics of the radiation, structural requirements, fire protection requirements, and radiation damage potential. Shielding should also be installed to minimize nonpenetrating external radiation exposures to the skin and lens of the eye where required. In most cases, confinement barriers or process equipment provide this function. Where shielding is an integral part of the facility structure, it shall be designed and installed to at least the same level of natural phenomenon qualification as the facility structure. Additional guidance is contained in ANSI/ANS 6.4.2. Where shields are identified as safety class, the additional requirements stated in Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and Components," of this IG shall also be applied. Occupied operating areas for normal operating conditions shall be designed not to exceed the airborne concentration limits of 10 CFR 835. Respirators should not be required under normal operating conditions except as a precautionary measure. Engineered controls and features should be designed with consideration of contaminant chemical forms to minimize potential inhalation of radioactive materials. Devices to monitor individual exposures to external radiation and to warn personnel of radioactive contamination shall be used in accordance with 10 CFR 835. Air sampling equipment should be placed in strategic locations to detect and evaluate airborne contaminant conditions at work locations. Continuous air monitors with preset alarms should be provided to give early warning of significant releases of radioactive materials. Air monitoring and warning systems shall comply with the requirements of 10 CFR 835 with consideration for additional guidance contained in ANSI N13.1. Breathing-air supply systems, if required, shall comply with 29 CFR 1910.134. 4.2.3 Special Considerations and Good Engineering Practices American Nuclear Society document ANS 11.16 contains guidance on functional designs based on both DOE and Nuclear Regulatory Commission (NRC) experiences. DOE/EH- 0256T provides details on radioactive material identification, storage, and transport. These documents provide descriptions and details of use-proven principles and designs and identify considerations that affect configuration, hardware selection, installation, maintenance, and controls that can be used in developing a sound functional design. Shielding should be designed to limit the total external dose during normal operations to the annual exposure limit values as specified in 10 CFR 835. Design of facilities and shields applicable to machines and sources is summarized as good practices in NCRP Report 49. Additional guidance is contained in ANSI N43.2. Guidance on ventilation design is provided by an ACGIH document (ACGIH, 1995) and ERDA 76-21. Alarms for loss of ventilation or differential pressure shall be provided on primary confinement systems (glove boxes or hoods) and should be considered on secondary confinement systems (rooms). ANSI/ASME N509 contains requirements for the design of nuclear facility air cleaning systems and ANSI/ASME N510 contains requirements for testing air cleaning systems. Change rooms for changing into and out of protective clothing should be designed to ensure that clean clothing (personal clothing) and contaminated clothing (protective clothing) are segregated. The design objective is to ensure that storage of contaminated protective clothing will control contamination so that it does not spread beyond the storage container. The change room exhaust air should be high efficiency particulate air (HEPA) filtered as applicable if dispersible radionuclides are handled in the process areas it serves. Personnel decontamination facilities should be located close to areas that are potential sources of contamination. Safety showers may be used if water collection from their use is controlled. Portable personnel decontamination equipment should be considered for facilities with no permanent structures. Respiratory protection should be provided to maintenance personnel where potentially significant exposures exist for maintenance operations and design constraints preclude the ability to perform maintenance either remotely or in a glove box. However, every reasonable effort should be made to allow routine maintenance activities to be conducted without the need for respiratory protection. 4.3 Hazardous Material Protection This section provides functional design guidance for hazardous material protection other than radioactive material protection. While not controlled by DOE 420.1, Section 4.1, directly, these considerations may indirectly relate to nuclear safety in that hazardous material releases may cause or exacerbate nuclear accidents. The hazard analysis shall establish any potential for hazardous material release accidents that cause or exacerbate a nuclear accident. This potential shall be considered in the accident analysis and the selection of safety SSCs. 4.3.1 Conditions that Initiate Requirements of this Section Any facility where personnel could potentially be exposed to hazardous materials listed in 29 CFR 1910 at concentrations approaching the listed permissible exposure limits (8 hour-time- weighted average, normal operations) shall comply with the requirements of the applicable laws for hazardous material protection. 4.3.2 Primary Applicable Requirements Requirements for design of engineered controls for hazardous material protection are contained in 29 CFR 1910, Subparts G, H, and Z. 4.3.3 General Application Ventilation systems are engineering controls commonly used to prevent worker exposure to hazardous materials and are used in combination with personal protective equipment and operational procedures. 29 CFR 1910, Subpart G, 1910.94, requires that where ventilation is used to control worker exposures, it shall be adequate to reduce the hazardous material concentrations of air contaminants to the degree that the hazardous material no longer poses a health risk to the worker (i.e., concentrations at or below the permissible exposure limits). 29 CFR 1910, Subpart Z, 1910.1000, requires that wherever engineering controls are not sufficient to reduce exposures to such levels, they shall be used to reduce exposures to the lowest practicable level and supplemented by work practice controls. The design should ensure that respirators are not required for normal operating conditions or routine maintenance activities except as a precautionary measure. Ventilation systems for hazardous material protection should use exhaust hoods to control concentrations of hazardous materials from discrete sources, or should control the number of air changes per hour for an entire room or bay. Air flow and other design requirements for specific types of systems shall comply with 29 CFR 1910, Subparts G and H. 29 CFR 1910, Subpart Z, provides requirements for monitoring and alarm systems for facilities that manage or use specific hazardous materials. Additional guidance on design of ventilation systems for hazardous material protection is provided in ANSI Z9.2 and ASHRAE 62. Decontamination facilities, safety showers, and eyewashes to mitigate external exposures to hazardous materials shall be provided where mandated by 29 CFR 1910, Subparts H and Z. These systems shall be designed in accordance with the requirements of ANSI Z358.1 and ANSI Z124.2. 4.3.4 Special Considerations and Good Engineering Practices Facilities with hazardous material exposure concerns should be designed to minimize personnel exposures, both external and internal, and to provide adequate monitoring and notification capabilities to inform workers of unsafe conditions. Hazardous material protection should be provided through facility design (e.g., remote handling, area and equipment layout, spill-control features, confinement, ventilation, etc.). Occupied spaces should be designed to preclude locations where low oxygen content or air displacement may occur or where reactive, combustible, flammable, or explosive gas, vapor, or liquid accumulation might occur. Safety controls and features should be designed to consider contaminant chemical forms and minimize the potential for inhalation and contact under all conditions. Directed ventilation flow paths should be used to move contaminants away from worker breathing zones. The design should ensure that ventilation flow will cascade from clean areas to contaminated areas to preclude contamination spread. Uniform distribution of incoming air and/or air mixing equipment should be provided to ensure that no pockets of stagnant air exist in areas where workers are present. 4.4 Effluent Monitoring and Control 4.4.1 Applicability This section applies to any DOE facility that produces airborne or liquid radioactive and/or hazardous material effluents, including contaminated storm water, under normal operating conditions. 4.4.2 Special Considerations and Good Engineering Practices Liquid process wastes containing radioactive and/or hazardous material should be collected and monitored near the source of generation before batch transfer via appropriate pipelines or portable tanks to a liquid-waste treatment facility. Waste storage tanks and transfer lines shall be designed and constructed so that any leakage should be detected, contained, and collected for removal before it reaches the environment. Double-walled transfer pipelines or multiple encasements should be used for high-level radioactive liquid wastes and other liquid wastes that have the potential to cause significant localized consequences as defined by safety analysis, or significant exposures during the implementation of mitigating measures in the event of an accidental release. Provisions should be made for the collection, removal, and appropriate disposition of infiltration into the annulus of double-walled pipelines. Radioactive- and hazardous-waste collection, transfer, and storage systems shall be designed to avoid the dilution of radioactive or hazardous waste by waste of lower concentrations of radioactivity, toxicity, or other hazard. Emphasis should be placed on reducing radioactive constituents in liquid effluents released to surface waters or soil columns to levels ALARA. All airborne effluents from areas in which hazardous or radioactive materials are managed other than in closed containers should be exhausted through a ventilation system designed to remove particulate material, vapors, and gases, as necessary, to comply with applicable release requirements and to reduce releases of radioactive materials to levels ALARA. The design of airborne-effluent systems should preclude holdup of particulate materials in offgas and ventilation ductwork and include provisions to continuously monitor buildup of material and material recovery. The design of systems shall also preclude the accumulation of potentially flammable quantities of gases generated by radiolysis or chemical reactions within process equipment. The design capacity for effluent monitoring and control systems shall be consistent with the needs for handling process effluents during normal operations, anticipated operational occurrences, and DBA conditions. Alarms shall be provided that will annunciate in the event concentrations of radioactive or hazardous materials above specified limits are detected in the effluent stream. Appropriate manual or automatic protective features shall be provided to prevent an uncontrolled release of radioactive and/or hazardous material to the environment or the workplace. Portions of effluent management systems and components that are required to control or limit the release of radioactive or hazardous materials to the environment or for safe operation of the system shall be provided with redundancy where required by applicable federal, state, and local environmental regulations and permits. Effluent monitoring and control systems shall be designed to allow periodic maintenance, inspection, and testing of components and to maintain occupational radiation doses ALARA during these operations. Appropriate nuclear criticality safety provisions shall be applied to the design of airborne effluent systems. This includes design to preclude the holdup or collection of fissile material and other material capable of sustaining a chain reaction in portions of the system not geometrically favorable and design to ease of recovery of these materials in case of an accident as well as during normal operations. The design of safety SSCs, as identified in the facility-specific safety analysis, shall comply with the requirements of Section 5.0 of this IG. Safety-class effluent monitoring and control SSCs are generally designed to operate in conjunction with physical barriers to form a confinement system to limit the release of radioactive or other hazardous material to the environment and to prevent or minimize the spread of contamination within the facility. Adequate instrumentation and controls shall be provided to assess system performance and to allow the necessary control of system operation. Equipment in safety-class systems shall be appropriately qualified or protected to ensure reliable operation during normal operating conditions, during anticipated operational occurrences, and during and following a design basis earthquake. Safety-class air filtration units, effluent transport systems, or effluent collection systems shall be designed to remain functional throughout DBAs and to retain collected radioactive and hazardous materials after the accident. 4.5 Waste Management 4.5.1 Applicability This section applies to any DOE facility that under normal operating conditions produces containers of wastes having constituents that are regulated as radioactive, hazardous, or mixed waste. The design of waste management systems shall be in accordance with the requirements of DOE 5820.2B and the federal, state, and local requirements referenced therein. Unless it can be demonstrated that the risk is acceptable, waste management and storage systems and associated support systems should be designed to remain functional following a DBA and should facilitate the maintenance of a safe shutdown condition. For high-level waste containment systems, at least one confinement barrier should be designed to withstand the effects of DBAs. 4.6 Fire Protection 4.6.1 General Application Facility design shall comply with the applicable fire protection requirements contained in DOE 420.1, Section 4.2, "Fire Protection," DOE 470, "Worker Protection Management," and their companion document "Implementation Guide for Use with DOE Order 420 and 470 Fire Safety Program." 4.6.2 Fire Hazard Analysis A fire hazard analysis (FHA) shall be prepared for each DOE facility in accordance with DOE 420.1, Section 4.2, and should be initiated early in the design process and closely coordinated with the safety analysis effort as discussed in Section 2.1, "Design Process and Safety Analysis Relationship," of this IG. 4.7 Emergency Preparedness and Emergency Communications 4.7.1 Conditions that Initiate Requirements of this Section This section applies to any DOE facility that must respond to internal or external emergency events to control acute exposures to radiation in excess of the annual exposure limits or to hazardous materials in excess of Permissible Exposure Limits (PELs), or to preclude multiple fatalities. 4.7.2 Primary Applicable Requirements Provisions for emergency preparedness are contained in the requirements of DOE 5500.3A, which address installation of an Emergency Operations Center (EOC). Primary and backup means of communications with the EOC, provisions for evacuation and accountability; and adequate equipment and supplies for emergency response personnel to carry out their respective duties and responsibilities related to nonreactor nuclear facility shall be provided in the facility design consistent with DOE 5500.3A. 4.7.3 General Application Emergency evacuation annunciation systems shall conform with ANSI/ANS N2.3. General communication system installation requirements shall be per NFPA 72, Section 3-12, which describes the minimum requirements for transmission of alarm conditions to building occupants, and Sections 6-3 and 6-4, which include minimum requirements for audibility above background noise and the use of visual signals, including minimum light intensities. For facilities handling dispersible materials, meteorological data necessary to control consequences from an emergency event should be obtained from either the nearest U.S. Geological Survey (USGS) or local (onsite) meteorological stations. 4.8 Explosives Criteria The design and construction of all new DOE explosives facilities and modifications to existing explosives facilities shall conform to the DOE explosives safety requirements established in the "DOE Explosives Safety Manual," DOE M 440.1-1. Facility structural design and construction shall comply with the requirements of TM5-1300 (DoD), "Structures to Resist the Effects of Accidental Explosions," and DOE/TIC-11268, "A Manual for the Prediction of Blast and Fragment Loading of Structures." Blast resistant design for personnel and facility protection shall be based on the TNT equivalency of the maximum quantity of explosives and propellants permitted. In accordance with TM5-1300, the TNT equivalency shall be increased by 20% for design purposes. The technical basis for establishing explosives quantity-distance separation for facility location, design, and operation (under normal and potential DBA conditions) shall follow the stricter of the criteria provided in DoD 6055.9-STD, "Department of Defense Ammunition and Explosives Safety Standards." DoD 6055.9 specifies the minimum distance for protection from hazardous fragments to facility boundaries, critical facility, and inhabited structures unless it can be shown that there will be no hazardous fragments or debris at lesser distances. The method of calculation presented in the DoD Explosive Safety Board (DoDESB) Technical Paper No. 13 may be used to establish a smaller fragment exclusion zone. It is not intended that these minimum fragment distances be applied to operating facilities or dedicated support functions within an operating line. The criteria presented in DOE M 440.1-1 shall apply for these exposures. For an unproven facility design, either a validated model or a full-scale test is required to ensure structural adequacy unless a high degree of confidence can be provided by calculations or other means. The contract administrator (Head of Field Organization) with the advice of competent engineering review shall concur in any determination regarding test requirements. When an explosives facility is also a nonreactor nuclear facility, the requirements for nonreactor nuclear facilities shall also apply 5.0 Supplementary Design Criteria for Safety Structures, Systems, and Components This section provides supplementary guidance for the design and construction of safety SSCs to ensure reliable performance of their safety function under those conditions and events for which they are intended. Design methods and criteria commonly used to ensure required availability are discussed in Section 5.1, "General Requirements," of this IG. Discipline- specific consensus codes and standards (e.g., electrical, mechanical, and structural) are presented in Section 5.2, "Specific Criteria," of this IG. These design methods, design criteria, and consensus codes and standards are the minimum set of requirements that shall be applied when designing safety SSCs. 5.1 General Requirements Safety SSCs and their associated support systems shall be designed, fabricated, erected, and tested to standards and quality requirements commensurate with their importance to safety. An acceptable level of assurance that the safety SSCs will perform their intended safety function can be achieved by meeting the requirements contained within the following sections. 5.1.1 Assurance of Safety Function Safety SSCs shall be designed to reliably perform their safety function under those conditions and events for which their safety function is intended. The following subsections shall be applied to the design of safety SSCs to most effectively enhance system availability and provide for robust design. Further design guidance can be found in IAEA Standard No. 50-P- 1 and ANSI/IEEE 603. 5.1.1.1 Conservative Design Features Safety SSCs shall be designed to withstand all design basis loadings with an appropriate margin of safety. The design should incorporate, commensurate with the importance of the safety function, multiple levels of protection against normal, anticipated, and accident conditions. For example, while built-in process controls may maintain pressure within a conservative limit, the design may also require provisions for relief valves, automatic shutdown capability, or other preventative features. The design of safety-class SSCs shall incorporate suitably conservative criteria contained in applicable DOE Orders and Standards addressing safety functions, e.g., natural phenomena design mitigation. 5.1.1.2 Design Against Single Point Failure The facility and its systems shall be designed to perform all safety functions with the reliability indicated by the safety analysis. The single-point failure criterion, requirements, and design analysis identified in ANSI/IEEE 379 shall be applied during the design process as the primary method of achieving this reliability. 5.1.1.3 Environmental Qualification Environmental qualification (EQ) shall be used to ensure that safety-class SSCs can perform all safety functions, as determined by the safety analysis, with no failure mechanism that could lead to common cause failures under postulated service conditions. The requirements from ANSI/IEEE 323 for mild EQ shall be used unless the environment in which the SSC is located changes significantly as a result of the design basis accidents. In general, qualification for mild environments should consist of two elements:  Ensuring that all equipment is selected for application to the specific service conditions based on sound engineering practices and manufacturers' recommendations.  Ensuring that the system documentation includes controls that will preserve the relationship between equipment application and service conditions. 5.1.1.4 Safe Failure Modes The facility design shall provide reliable safe conditions and sufficient confinement of hazardous material during and after all DBAs. At both the facility and SSC level, the design shall ensure that more probable modes of failure (e.g., fail to open versus fail to close) will increase the likelihood of a safe condition. 5.1.2 Support System and Interface Design Safety SSCs often rely upon other SSCs to support their operation. Therefore, it is important to identify these support systems and the associated interfaces between safety and nonsafety SSCs. The following subsections address the design considerations for these related systems. 5.1.2.1 Support Systems In some cases, safety SSCs rely upon supporting SSCs to perform their intended safety function. These support SSCs may be classified as safety-class or safety-significant SSCs. For example, a safety-class designation may be appropriate for an instrumentation and control (I&C) system that supports a tritium containment system if it can be demonstrated that failure of the I&C support system can lead to either failure or reduced availability of the safety-class containment barrier. In general, the following classification criteria apply:  Support SSCs to safety-class SSCs shall be classified as safety class if their failures can prevent a safety-class SSC from performing its safety functions.  Support SSCs to safety-significant SSCs that mitigate or prevent accidents with the potential for significant onsite consequences should be classified as safety-significant if their failures prevent a safety-significant SSC from performing its safety functions.  Support SSCs to safety-significant SSCs that mitigate or prevent accidents with the potential for significant localized consequences need not be classified as safety significant. 5.1.2.2 Interface Design A nuclear safety design goal is to minimize interfaces between safety-class, safety-significant, and nonsafety SSCs. Ideally, safety SSCs should not have any interfaces; however, this is not always practical. Interfaces, such as pressure retention boundaries, integrity of fluid systems, electrical equipment, I&C, and mechanical and support systems, exist between safety SSCs and between safety SSCs and nonsafety SSCs. These interfaces shall be evaluated to identify SSC failures that would prevent the safety SSCs from performing their intended safety function. For these SSC failures, isolation devices, interface barriers, or design class upgrades should be provided to ensure safety SSC protection and reliability. In many cases, systems may consist of a group of subsystems, where each subsystem supports the operation of the whole system. For example, an auxiliary power diesel generator system may consist of lubricating oil, fuel oil, diesel engine, jacket cooling, and room ventilation subsystems. System interface evaluations should clearly define these boundaries. In all instances, a case- by-case evaluation should be performed. 5.1.3 Quality Assurance The QA requirements for the design, fabrication, construction, and modification of safety SSCs are developed using the facility safety analysis. At the earliest stages of the design, a hazard analysis, which identifies the functional requirements of safety SSCs, should be used as a basis for determining appropriate QA requirements. As the design progresses, more detailed safety analyses will be performed to develop the basis for safety SSCs performance requirements. Once the safety SSCs and their performance requirements are identified, a set of detailed QA requirements can then be specified. As part of the safety analysis, a list of all safety-class SSCs shall be prepared and maintained for the life of the project through decommissioning. This listing shall identify the functions, performance requirements, and natural phenomena design requirements for each safety-class SSC and the associated QA requirements. These detailed component-specific requirements are typically contained in consensus codes and standards (e.g., ANSI/IEEE). A similar listing of all safety- significant SSCs should also be prepared. In most cases, components used in DOE nonreactor nuclear facilities will be "off the shelf," i.e., they will not be subjected to the rigorous Nuclear Quality Assurance (NQA)-1-based requirements for "nuclear-grade" components. Therefore, safety SSC quality standards can either be design based or achieved through testing, vendor control, and inspection. However, the requirements of 10 CFR 830.120 still apply to safety SSCs. 5.2 Specific Criteria The application of design criteria to safety SSCs entails the selection of appropriate and relevant criteria commensurate with the levels of safety. A purely prescriptive approach to the use of national codes and standards may fail to provide the appropriate level of safety. While national codes and standards will provide guidance and the basic design criteria for most systems, blanket application of such individual codes and standards or collections thereof is not necessary. It is necessary to tailor selections of codes and standards for each specific application based on the required safety function. Note that the safety analysis conducted in accordance with DOE-STD-3009-94 that results in a particular safety classification is also the same analysis used to identify and define design criteria. Safety analyses identify the functions that must be performed and the conditions under which these functions must perform. These analyses will then result in both the functional safety classification and the identification of the appropriate and relevant criteria to ensure the prescribed safety functions can be performed. Categorization and listing of design codes and standards as a portion of the design criteria process are performed to ensure that a correct and appropriate level of engineering design detail and attention are used for each safety classification. The intent is to specify the design codes and standards that will ensure that each safety SSC will perform its required safety function, including due consideration of the intangible areas of influence. The national codes and standards listed in the following sections provide guidance on the minimum aggregation of codes, standards, and standard practices that should be considered in identifying the design criteria and other considerations for each specific SSC commensurate with its function. Additional design criteria may be applied as necessary to perform the safety function. Specific design criteria for safety SSCs often relate to a confinement function. Generally, three confinement systems are used to achieve the complete confinement system objective. The terms confinement and confinement barriers used in the following sections are used in the context of the three types of confinement: primary, secondary, and tertiary, as defined in the Glossary. 5.2.1 Structural Structures classified as safety class or safety significant normally provide a passive confinement barrier and do not require redundancy in their design. The design of safety- significant and safety-class structures shall ensure satisfaction of the functional requirements for the specific confinement system of which they are a part. In addition, safety-class confinement barriers shall be designed to withstand likely secondary events as well as primary events with an appropriate margin of safety. Potential secondary events might be fire, explosion, or nuclear criticality caused by the primary event. Likely secondary events are those with a probability greater than 0.1, given the primary event. See Table 5-1 for the relevant codes and refer to Section 4.4 of DOE 420.1 and Section 3.3 of this IG for additional NPH design guidance information. Table 5-1. Codes for safety-significant and safety-class structures. 5.2.2 Mechanical Mechanical equipment classified as safety significant or safety class provides both passive and active safety functions. The redundancy criteria as described in Section 5.1.1.2 of this IG shall be applied to the design of safety-class SSCs that provide an active safety function. The redundancy criteria should be considered in the design of safety-significant SSCs that provide an active safety function. Redundancy criteria are generally not applied to the design of safety SSCs that provide a passive safety function. 5.2.2.1 Ventilation In general, the safety function of ventilation and offgas systems is to provide confinement integrity and to filter exhaust, thereby preventing or mitigating uncontrolled releases of radioactive and/or hazardous materials to the environment. Ventilation and offgas systems are included as a vital part of the primary and secondary confinement design. The need for redundancy and the degree of redundancy in these systems shall be determined by the safety analysis process and maintenance concerns for both active and passive components. Designs shall provide for periodic maintenance, inspection, and testing of components. Adequate shielding shall be included in the design of filters, absorbers, scrubbers, and other air treatment components to ensure that occupational exposure limits are not exceeded during maintenance and inspection activities. Safety-significant and safety-class ventilation system designs shall include adequate instrumentation to monitor and assess performance with necessary alarms for annunciation of abnormal or unacceptable operation. Manual or automatic protective control features shall be provided to prevent or mitigate an uncontrolled release of radioactive and/or hazardous material to the environment and to minimize the spread of contamination within the facility. Vent streams potentially containing significant concentrations of radioactive and/or hazardous materials shall be processed through an offgas cleanup system before being exhausted to the environment. Cleanup systems are to remove particulates and noxious chemicals and control the release of gaseous radionuclides. The design of safety-significant and safety-class offgas systems shall be commensurate with the sources and characteristics of the radioactive and chemical components of the offgas air stream to prevent or mitigate the uncontrolled releases of radioactive and/or hazardous materials to the environment. See Table 5-2 for the relevant codes. Table 5-2. Codes for safety-significant and safety-class ventilation system components. 5.2.2.2 Process Equipment The usual safety function of process equipment is to provide primary confinement and prevent or mitigate radioactive and/or hazardous material releases to the environment. Process equipment that would be required to provide primary confinement includes the following: piping, tanks, pressure vessels, pumps, valves, and glove boxes. These examples represent process system components that could be used to contain radioactive or toxic materials directly. Process equipment for some applications can provide secondary confinement. Examples include double-walled piping systems, double-walled tanks, and glove boxes. Safety-class and safety-significant process equipment providing passive confinement (piping, tanks, holding vessels, etc.) shall be designed to suitably conservative criteria; redundancy in their design is not required. The redundancy criteria as described in Section 5.1.1.2 of this IG shall be applied to the design of safety-class SSCs that involve active confinement process equipment (pumps, valves, etc.). The redundancy criteria should be considered in the design of safety-significant SSCs that involve active confinement process equipment. See Table 5-3 for the relevant codes. Table 5-3. Codes for safety-significant and safety-class process equipment. 5.2.2.3 Mechanical Handling Equipment Safety-significant and safety-class handling equipment (cranes, manipulators, etc.) will only be classified as such if their failure would create a radiological material release exceeding the guidelines for either classification. The safety-significant classification, as a defense-in-depth provision, will be the more common classification for remote material handling equipment. Failure modes for mechanical handling equipment used to move radioactive materials shall address mid-operational failures, and designs must include recovery methods for such occurrences. Designs shall accommodate periodic maintenance and inspection. See Table 5-4 for the relevant codes. Table 5-4. Codes for safety-significant and safety-class handling equipment. 5.2.3 Electrical The safety function of an electrical power system is to provide power to systems and components that require electrical power in order to perform their safety functions. A safety- significant or safety-class electrical power system is defined as the system or component that provides actuation or motive force to safety equipment. These systems consist of onsite ac/dc power supply systems and associated distribution systems and components (e.g., conduits, wiring, cable trays, etc.). Safety-class electrical power shall be designed against single-point failure in accordance with the criteria in Section 5.1.1.2 of this IG. Redundancy requirements for electrical systems pertain to normal and alternative power sources and should be analyzed on a case-by-case basis. For safety-significant systems, redundancy is not required if it can be shown that there is sufficient response time to provide an alternative source of electrical power. Environmental capability of safety-class electrical equipment shall be demonstrated by testing, analysis, and operating experience, or a combination of these methods in accordance with Section 5.1.3 of this IG. For the commercial nuclear industry, a multitude of ANSI/Institute of Electrical and Electronic Engineers (IEEE) Standards define the requirements for the manufacture, installation, and testing of reactor Safety Class 1E electrical systems and components. The Safety Class 1E requirements may not be directly applicable to the safety-class category defined for nonreactor nuclear facilities. These standards, however, contain useful and significant information that should be considered. Table 5-5 lists a minimal set of national codes and standards that should be addressed for safety-significant and safety-class electrical systems, keeping in perspective the applicable use of ANSI/IEEE Standards for Safety Class 1E components. Table 5-6 presents a list of ANSI/IEEE standards that can be used for guidance in specific applications. Before using these standards, their applicability to the design(s) being considered should be reviewed. Table 5-5. Codes for safety-significant and safety-class electrical systems. Table 5-6. ANSI/IEEE standards to be used as guidance for both safety-significant and safety- class electrical systems as approp 5.2.4 Instrumentation, Control, and Alarm Systems The safety functions of instrumentation, control, and alarm systems are to provide information on out-of-tolerance conditions/abnormal conditions; ensure the capability for manual or automatic actuation of safety systems and components; ensure safety systems have the means to achieve and maintain a fail-safe shutdown condition on demand under normal or abnormal conditions; and/or actuate alarms to reduce public or site-personnel risk (e.g., effluent monitoring components and systems). The design of safety-class and safety-significant instrumentation and control systems shall incorporate sufficient independence, redundancy, diversity, and separation to ensure that all safety-related functions associated with such equipment can be performed under postulated accident conditions as identified in the safety analysis. Safety-significant components should be evaluated as to the need for redundancy on a case-by-case basis. Under all circumstances, safety-class instrumentation, controls, and alarms shall be designed so that failure of nonsafety equipment will not prevent the former from performing their safety functions. Safety-significant and safety-class instrumentation, control, and alarm-system designs shall ensure accessibility for inspection, maintenance, calibration, repair, or replacement. Safety-class instrumentation, control, and alarm systems shall provide the operators sufficient time, information, and control capabilities to perform the following safety functions:  Readily determine the status of critical facility parameters to ensure compliance with the limits specified in the Technical Safety Requirements.  Initiate automatic or manual safety functions.  Determine the status of safety systems required to ensure proper mitigation of the consequences of postulated accident conditions and/or to safely shut down the facility. ANSI/IEEE standards contain design, installation, and testing requirements that should be considered for instrumentation, control, and alarm components without invoking all of the Safety Class 1E requirements. See Table 5-7 for the relevant codes. Table 5-7. Codes for safety-significant and safety-class instrumentation, control, and alarm components. Appendix A References Code of Federal Regulations 10 CFR 50.20, "Definitions," Code of Federal Regulations, Department of Energy, Washington, DC, 1994. 10 CFR 830.120, "Quality Assurance," Code of Federal Regulations, Department of Energy, Washington, DC, 1994. "Implementation Guide For Use with 10 CFR 830.120, G-830.120," Code of Federal Regulations, Department of Energy, Washington, DC, April 15, 1994. 10 CFR 834, "Radiation Protection of Public and the Environment" (Proposed Rule), Federal Register, March 25, 1993. 10 CFR 835, "Occupational Radiation Protection," Code of Federal Regulations, Department of Energy, Washington, DC, 1994. 29 CFR 1910, "Occupational Safety and Health Standards," Subpart G, Occupational Health and Environmental Control; Subpart H, Hazardous Materials; and Subpart Z, Toxic and Hazardous Substances, Code of Federal Regulations, Occupational Safety and Health Administration, Department of Labor, Washington, DC, 1994. 29 CFR 1910.134, "Respiratory Protection," Code of Federal Regulations, Occupational Safety and Health Administration, Department of Labor, Washington, DC, 1994. 29 CFR 1926, "Safety and Health Regulations for Construction," Occupational Safety and Health Administration, Department of Labor, Washington, DC, 1994. American Conference of Governmental Industrial Hygienists ACGIH (1995), "Industrial Ventilation: A Manual of Recommended Practices," American Conference of Governmental Industrial Hygienists, Cincinnati, OH, 1995. American National Standards Institute/American Concrete Institute ACI-318, "Building Code Requirements for Reinforced Concrete with Commentary," American Concrete Institute, Detroit, MI, 1992. ANSI/ACI 349-85, "Code Requirements for Nuclear Safety Related Concrete Structures (ACI 349-85) and Commentary (ACI 349R-85)," American National Standards Institute, New York, NY, 1985. American National Standards Institute/American Institute of Steel Construction AISC M011, "Manual of Steel Construction Allowable Stress Design," Chicago, IL, latest edition. ANSI/AISC N690-1994, "Specifications for the Design, Fabrication, and Erection of Steel Safety Related Structures for Nuclear Facilities," American National Standards Institute, New York, NY, 1994. American National Standards Institute/American Nuclear Society ANSI C2-1993, "National Electrical Safety Code," American National Standards Institute, New York, NY, 1993. ANSI N14.6-1993, "Radioactive Materials-Special Lifting Devices for Shipping Containers Weighing 10,000 Pounds (4500 kg) or More," American National Standards Institute, New York, 1993. ANSI N43.2, "Radiation Safety for X-ray Diffraction and Fluorescence Analysis Equipment," American National Standards Institute, New York, NY, 1988. ANSI N278.1-1975, "Self-operated and Power-Operated Safety Related Valves Functional Specification Standard," American National Standards Institute, New York, NY, 1975. ANSI N320-1979 (R1993), "Performance Specifications for Reactor Emergency Radiological Monitoring Instrumentation," American National Standards Institute, New York, NY, 1993. ANSI N323-1978 (R1993), "Radiation Protection Instrumentation Test and Calibration," American National Standards Institute, New York, NY, 1978, reissued 1993. ANSI Z9.2, "Fundamentals Governing the Design and Operation of Local Exhaust Systems," American National Standards Institute, New York, NY, 1979. ANSI Z124.2, "Plastic Shower Receptors and Shower Stalls," American National Standards Institute, New York, NY, 1987. ANSI Z358. 1, "Emergency Eyewash and Shower Equipment," American National Standards Institute, New York, NY, 1990. ANS 11.16, "Design Guides for Radioactive Material Handling Facilities and Equipment," American Nuclear Society, La Grange Park, IL, 1988. ANSI/ANS 6.4.2, "Specification for Radiation Shielding Materials," American Nuclear Society, La Grange Park, IL, 1985. ANSI/ANS 8.3, "Criticality Accident Alarm Systems," American Nuclear Society, La Grange Park, IL, 1986. ANSI/ANS 59.2-1985, "Safety Criteria for Nuclear Power Plants-HVAC Systems Located Outside Primary Containment," American National Standards Institute, New York, NY, 1985. ANSI/ANS N2.3, "Immediate Evacuation Signal for Use in Industrial Installations," American Nuclear Society, La Grange Park, IL, 1979. ANSI/ANS N13.1, "Guide to Sampling Airborne Radioactive Materials in Nuclear Facilities," American National Standards Institute, New York, NY, 1993. ANSI/ANS N42.18, "Specification and Performance of On-Site Instrumentation for Continuously Monitoring Radioactivity in Effluents," American National Standards Institute, New York, NY, revised 1991. American National Standards Institute/American Petroleum Institute ANSI/API-620-1992, "Rules for Design and Construction of Large, Welded, Low-Pressure Storage Tanks," American Petroleum Institute, Washington, DC, 1992. ANSI/API-650-1992, "Welded Steel Tanks for Oil Storage," American Petroleum Institute, Washington, DC, 1992. American National Standards Institute/American Society of Mechanical Engineers ASME, "Boiler and Pressure Vessel Code," American Society of Mechanical Engineers, Fairfield, NJ. ANSI/ASME B16.5-1988, "Pipe Flanges and Flanged Fittings (includes revision service)," American Society of Mechanical Engineers, New York, NY, 1988. ANSI/ASME B30.2-1990, "Overhead and Gantry Cranes," American National Standards Institute, New York, NY, 1990. ANSI/ASME B31.3-1993, "Chemical Plant and Petroleum Refinery Piping," American Society of Mechanical Engineers, New York, NY, 1993. ANSI/ASME B73.1M-1991, "Specifications for Horizontal End Suction Centrifugal Pumps for Chemical Process," American National Standards Institute, New York, NY, 1991. ANSI/ASME B73.2M-1991, "Specifications for Vertical In-Line Centrifugal Pumps for Chemical Process," American National Standards Institute, New York, NY, 1991. ANSI/ASME B96.1-1993, "Welded Aluminum-Alloy Storage Tanks," American National Standards Institute, New York, NY, 1993. ANSI/ASME N509, "Nuclear Power Plant Air-Cleaning Units and Components," American Society of Mechanical Engineers, New York, NY, 1989. ANSI/ASME N510, "Testing of Nuclear Air-Cleaning Systems," American Society of Mechanical Engineers, New York, NY, 1989. ANSI/ASME NOG-1-1989, "Rules for Construction of Overhead and Gantry Cranes (Top Running Bridge, Multiple Girder)," American National Standards Institute, New York, NY, 1989. American National Standards Institute/American Society for Testing and Materials ANSI/ASTM C852, "Guide for Design Criteria for Plutonium Gloveboxes," American Society for Testing and Materials, Philadelphia, PA, 1993. American National Standards Institute/Institute of Electrical and Electronic Engineers ANSI/IEEE C37, American National Standards Institute, New York, NY (standards on switchgear as required). ANSI/IEEE 80-1986 (R1991) "Safety in AC Substation Grounding," American National Standards Institute, New York, NY, 1986, reissued 1991. ANSI/IEEE 141-1993, "Recommended Practice for Electric Power Distribution for Industrial Plants (Red Book)," American National Standards Institute, New York, NY, 1993. ANSI/IEEE 142-1991, "Grounding of Industrial and Commercial Power Systems," American National Standards Institute, New York, NY, 1991. ANSI/IEEE 242-1986 (R1991), "Recommended Practice for Protection and Coordination of Industrial and Commercial Power Systems," American National Standards Institute, New York, NY, 1986, reissued 1991. ANSI/IEEE 308-1992, "Criteria for Class 1E Power Systems for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1992. ANSI/IEEE 323-1984 (R1991), Qualifying Class 1E Equipment for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1984, reissued 1991. ANSI/IEEE 334-1994, "Standard for Qualifying Continuous Duty Class 1E Motors for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1994. ANSI/IEEE 336-1985 (R1991), Installation, Inspection, and Testing Requirements for Power Instrumentation and Control Equipment at Nuclear Facilities," American National Standards Institute, New York, NY, 1985, reissued 1991. ANSI/IEEE 338-1987 (R1994), "Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems," American National Standards Institute, New York, NY, 1987, reissued 1994. ANSI/IEEE 344-1987 (R1993), "Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1987 reissued 1993. ANSI/IEEE 379-1994, "Application of the Single-Failure Criterion to Nuclear Power Generating Station Safety Systems," American National Standards Institute, New York, NY, 1994. ANSI/IEEE 381-1977 (R1984), "Standard Criteria for Type Tests of Class 1E Modules Used in Nuclear Power Generating Stations," Institute of Electrical and Electronic Engineers, New York, NY, 1977, reissued 1984 and now withdrawn. ANSI/IEEE 382-1985, "Qualification of Actuators for Power-Operated Valve Assemblies with Safety-Related Functions for Nuclear Power Plants," American National Standards Institute, New York, NY, 1985. ANSI/IEEE 383-1974 (R1992), "Type Test of Class 1E Electric Cables, Field Splices, and Connections for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1974, reissued 1992. ANSI/IEEE 384-1992, "Criteria for Independence of Class 1E Equipment and Circuits," American National Standards Institute, New York, NY, 1992. ANSI/IEEE 399-1990, "Recommended Practice for Power Systems, Analysis (IEEE Brown Book)," American National Standards Institute, New York, NY, 1990. ANSI/IEEE 420-1982, "Standard for the Design and Qualification of Class 1E Control Boards, Panels, and Racks Used in Nuclear Power Generating Stations," Institute of Electrical and Electronic Engineers, New York, NY, 1982. ANSI/IEEE 450-1987, "Practice for Maintenance, Testing, and Replacement of Large Lead Storage Batteries for Generating Stations and Substations," American National Standards Institute, New York, NY, 1987. ANSI/IEEE 484-1987, "Practice for Installation Design and Installation of Large Lead Storage Batteries for Generating Stations and Substations," American National Standards Institute, New York, NY, 1987. ANSI/IEEE 493-1990, Recommended Practice for Design of Reliable Industrial and Commercial Power Systems (IEEE Gold Book)," American National Standards Institute, New York, NY, 1990. ANSI/IEEE 535-1986 (R1994), "Qualification of Class 1E Lead Storage Batteries for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1986, reissued 1994. ANSI/IEEE 577-1976 (R1993), "Requirements for Reliability Analysis in the Design and Operation of Safety Systems for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1976, reissued 1993. ANSI/IEEE 603-1991, "Criteria for Safety Systems for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1991. ANSI/IEEE 628-1987 (R1993), "Criteria for the Design, Installation, and Qualification of Raceway Systems for Class 1E Circuits for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1987, reissued 1993. ANSI/IEEE 649-1992, Qualifying Class 1E Motor Control Centers for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1992. ANSI/IEEE 650-1991, "Qualifications of Class 1E Static Battery Chargers and Inverters for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1991. ANSI/IEEE 833-1988, "Recommended Practices for the Protection of Electric Equipment in Nuclear Power Generating Stations from Water Hazards," American National Standards Institute, New York, NY, 1988. ANSI/IEEE 934-1987 (R1993), "Requirements for Replacement Parts for Class 1E Equipment in Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1987, reissued 1993. ANSI/IEEE 944-1986, "Recommended Practice for the Application and Testing of Uninterruptible Power Supplies for Power Generating Stations," American National Standards Institute, New York, NY, 1986. ANSI/IEEE 946-1993, "Design of Safety-Related DC Auxiliary Power Systems for Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1993. ANSI/IEEE 1023-1988, "Guide for the Application of Human Factors Engineering to Systems, Equipment, and Facilities of Nuclear Power Generating Stations," American National Standards Institute, New York, NY, 1988. ANSI/IEEE 1050-1989, "Guide for Instrumentation and Control Equipment Grounding in Generating Stations," American National Standards Institute, New York, NY, 1989. American Society of Heating, Refrigerating and Air Conditioning Engineers ASHRAE Handbook, "Fundementals" (In-Pound Edition), R.A. Parsons, Ed., American Society of Heating, Refrigerating and Air Conditioning Engineers, Inc., Atlanta, GA, 1993. ASHRAE Standard 52.1-1992, "Gravimetric and Dust-Spot Procedures for Testing Air Cleaning Devices Used in General Ventilation for Removing Particulate Matter," American Society of Heating, Refrigerating and Air Conditioning Engineers, Inc., Atlanta, GA, 1992. ASHRAE Standard 62-89, "Ventilation for Acceptable Indoor Air Quality; Including Addendum 62A," American Society of Heating, Refrigerating and Air Conditioning Engineers, Inc., Atlanta, GA, 1990. American Water Works Association AWWA D100-84, "Welded Steel Tanks for Water Storage," American Water Works Association, Denver, CO, 1984. American Water Works Association Standards on pumps as required, American Water Works Association, Denver, CO. Crane Manufacturers Association of America CMAA, Crane Manufacturers Association of America, Charlotte, NC (standards as required). Department of Defense DoD 6055.9-STD, "DoD Ammunition and Explosives Safety Standards," Department of Defense, Washington, DC, October 1992. DoD Explosives Safety Board Technical Paper No. 13, Department of Defense, Washington, DC. MIL-F-51068C, Filters, Particulate [High-Efficiency Fire Resistant]," Department of Defense, Washington, DC, August 11, 1988. MIL-STD-1472C, "Human Engineering Design Criteria for Military Systems, Equipment, and Facilities," Department of Defense, Washington, DC. TM5-1300, NAVFAC P-397, AFM 88-22, "Structures to Resist the Effects of Accidental Explosions," Departments of the Army, the Navy, and the Air Force, Chairman, Department of Defense Explosives Safety Board, Alexandria, VA. Department of Energy DOE, "Reliability, Availability, and Maintainability Guidelines" (Draft), Department of Energy, Washington, DC, March 1988. DOE 420.1, "Facility Safety," Draft, Department of Energy, Washington, DC, April 21, 1995. DOE 430. 1, "Life-Cycle Asset Management," Department of Energy, Washington, DC, August 24, 1995. DOE 470, "Worker Protection Management," Draft, Department of Energy, Washington, DC, March 31, 1995. Companion Document to DOE 420.1 and 470, G-420/G-470/E-0, "Implementation Guide for Use with DOE Orders 420 and 470, Fire Safety Program," Department of Energy, Washington, DC, September 11, 1995. DOE 5400.1E, "General Environmental Protection Program," Department of Energy, Washington, DC, November 10, 1992. DOE 5480. 11, "Radiation Protection for Occupational Workers," Department of Energy, Washington, DC, June 17, 1992. DOE 5480.21, "Unreviewed Safety Questions," Department of Energy, Washington, DC, December 24, 1991. DOE 5480.23, "Nuclear Safety Analysis Reports," Change 1, Department of Energy, Washington, DC, March 10, 1994. DOE 5480.30, "Nuclear Reactor Safety Design Criteria," Department of Energy, Washington, DC, January 19, 1993. DOE 5500.3A "Planning and Preparedness for Operational Emergencies," Department of Energy, Washington, DC, February 27, 1992. DOE 5820.2A, "Radioactive Waste Management," Department of Energy, Washington, DC, 1988. DOE/EH-0256T, "Radiological Control Manual," Department of Energy, Washington, DC, April 1994. DOE/ID-10500, "Hoisting and Rigging Manual," U.S. Department of Energy, Washington, DC, April 1993. DOE M 440.1-1, "DOE Explosives Safety Manual," U.S. Department of Energy, Washington, DC, September 1995. DOE NE STD F 3-45, "Specifications for HEPA Filters Used by DOE Contractors," Department of Energy, Washington, DC. DOE-STD-1020-94, "Natural Phenomena Hazards Design and Evaluation Criteria for Department of Energy Facilities," Department of Energy, Washington, DC, April 1994. DOE-STD-1021-93, "Natural Phenomena Hazards Performance Categorization Guidelines for Structures, Systems, and Components," Revision 1, Department of Energy, Washington, DC, July 1993. DOE-STD-1022-94, "Natural Phenomena Hazards Site Characterization Criteria," Department of Energy, Washington, DC, 1994. DOE-STD-1023-94, "Natural Phenomena Hazards Assessment Criteria," Department of Energy, Washington, DC, November 1994. DOE-STD-1024-92, "DOE Standard Guidelines for Use of Probabilistic Seismic Hazard Curves at Department of Energy Facilities," Department of Energy, Washington, DC, December 1992. DOE-STD-1027-92, "Guidance on Preliminary Hazard Classification and Accident Analysis Techniques for Compliance with DOE Order 5480.23, Safety Analysis Reports," Department of Energy, Washington, DC, October 1992. DOE-STD-1075-94, "Standard for Developing and Issuing Implementation and Safety Guides," Department of Energy, Washington, DC, July 1994. DOE-STD-3009-94, "Preparation Guide for U.S. Department of Energy Nonreactor Nuclear Facility Safety Analysis Reports," Department of Energy, Washington, DC, 1994. DOE/TIC-11268, "A Manual for the Prediction of Blast and Fragment Loading of Structures," Department of Energy, Washington, DC, November 1980. Electronic Industries Association EIA/IS-632, "Systems Engineering," Electronic Industries Association Interim Standard, Washington, DC, December 1994. Energy Research and Development Administration ERDA 76-21, Burchsted, C.A., "Nuclear Air Cleaning Handbook: Design, Construction, and Testing of High-Efficiency Air-Cleaning Systems for Nuclear Application" (Oak Ridge National Laboratory, Oak Ridge, TN), 2nd Ed., Energy Research and Development Administration, Washington, DC, 1976. Faust Faust (1988), Faust, L.G., et al., "Health Physics Manual of Good Practices for Plutonium Facilities," PNL-6534, Pacific Northwest Laboratories, Richland, WA, May 1988. Hydraulic Institute Standards Hydraulic Institute Standards, Cleveland, OH (standards as required). Illuminating Engineering Society Rea, M. S., "Lighting Handbook: Reference and Application," Illuminating Engineering Society of North America, New York, NY, 1993. International Atomic Energy Agency IAEA (1981), Safety Series 30, "Manual on the Safety Aspects of the Design and Equipment of Hot Laboratories," International Atomic Energy Agency, Vienna, Austria, 1981. IAEA (1981), Safety Series 50-P-1, "Application of Single Failure Criterion: Safety Practice," International Atomic Energy Agency, Vienna, Austria, 1990. Instrument Society of America Instrument Society of America, Research Triangle Park, NC (standards as required). National Council on Radiation Protection and Measurements NCRP Report 49, "Structural Shielding Design and Evaluation for Medical Use of X Rays and Gamma Rays of Energies Up to 10 MeV," National Council on Radiation Protection and Measurements, Bethesda, MD, 1976. National Environmental Policy Act, NEPA, National Environmental Policy Act, Pub. L. 89-753, 43 U.S.C. 431 et seq. National Fire Protection Association NFPA 30, "Flammable and Combustible Liquids Code," National Fire Protection Association, Quincy, MA, 1993. NFPA 70, "National Electrical Code," National Fire Protection Association, Quincy, MA, 1993. NFPA 72, "National Fire Alarm Code," National Fire Protection Association, Quincy, MA, 1993. NFPA 110, "Emergency and Standby Power Systems," National Fire Protection Association, Quincy, MA, 1993. NFPA 780, "Lightning Protection Code," National Fire Protection Association, Quincy, MA, 1992. Nuclear Regulatory Commission NUREG 0700, "Guidelines for Control Room Design Reviews," Nuclear Regulatory Commission, Washington, DC, September, 1981. Resource Conservation and Recovery Act RCRA, Resource Conservation and Recovery Act of 1976 (41 U.S.C.A., Sec. 6901 et seq.), as amended. Sheet Metal and Air Conditioning Contractors National Association SMACNA (manuals as required), Sheet Metal and Air Conditioning Contractors National Association, Chantilly, VA. Tubular Exchanger Manufacturers Association TEMA, standards on heat exchangers Classes B, C, and R, Tubular Exchanger Manufacturers Association, Inc., White Plains, NY. <>