doc_fn: draftord/420/g4201-x.html
DocType: Draft
ID: DOE G 420.1-X
Title: Implementation Guide for Non-Reactor Nuclear Safety Design Criteria and Explosives
Summary:
Org:
Date_Issue: 09/1995
Date_Close:
VdkVgwKey: draftord-5
Directive: 420.1
Text:
Implementation Guide for
Nonreactor Nuclear
Safety Design Criteria and
Explosives Safety Criteria
Prepared for
Department of Energy, Headquarters
Revision G
September 1995
Foreword
Guiding Principles
This Implementation Guide (IG) provides guidance on the application of the requirements for
nonreactor nuclear facilities and explosives facilities of Department of Energy (DOE) 420.1,
"Facility Safety," Section 4.1, "Nuclear and Explosives Safety Design Criteria." The
following guidelines were established for the development of this IG:
This IG provides guidance on implementing the requirements stated in DOE 420.1,
Section 4.1, as they apply to the design aspects for nuclear safety of nonreactor
nuclear facilities and safety requirements for explosives facilities. The guidance
provided in this IG is restricted to the requirements identified in DOE 420.1, Section
4.1. This IG does not establish requirements.
Safety analyses performed in accordance with DOE-STD-3009-94 establish the
identification, function, and performance of safety structures, systems, and components
(SSCs) and shall be conducted early in the design process.
Applicable current Rules, Standards, and Orders will be referenced herein and text and
requirements from these documents will not be repeated.
Same-subject information will be grouped in a single section and cross referenced
elsewhere as required.
Management and policy requirements will not be included in this document.
Throughout this IG, the words "shall" and "should" are used to identify actions that need to
be accomplished to meet this guidance. The word "shall" denotes actions that must be
performed to comply with this IG. The word "should" is used to indicate recommended
practice (DOE-STD-1075-94).
Users are encouraged to submit suggestions for improving this IG to the office of Nuclear
Safety Policy and Standards.
Contents
List of Tables ...................................................................iii
Glossary ..........................................................................iv
Abbreviations and Acronyms .........................................................x
1.0 Introduction...................................................................1
1.1 General.....................................................................1
1.2 Application.................................................................1
1.3 Content.....................................................................2
1.4 Compliance with DOE 420.1 Requirements......................................3
2.0 Safety Analysis and Design Process.............................................4
2.1 Design Process and Safety Analysis Relationship.............................4
2.2 External Design Constraints.................................................5
2.3 Defense in Depth............................................................5
2.4 Systems Engineering.........................................................7
2.5 Quality Assurance...........................................................9
3.0 Elements of Design for Nuclear Safety..........................................9
3.1 General.....................................................................9
3.1.1 Radioactive and/or Hazardous Material Inventory......................9
3.1.2 Conservative Facility Design.........................................9
3.1.3 Preventive Features..................................................9
3.1.4 Mitigating Features.................................................10
3.2 Siting Criteria Development................................................10
3.3 Natural Phenomena Hazards..................................................11
3.3.1 General Application.................................................11
3.3.2 Primary Applicable Requirements.....................................11
3.3.3 Other Considerations................................................11
3.4 Architectural..............................................................12
3.4.1 Building Layout.....................................................12
3.4.2 Access Control......................................................12
3.5 Accessibility and Maintainability..........................................13
3.6 Human Factors Engineering..................................................14
3.7 Design to Facilitate Deactivation, Decontamination, and Decommissioning....14
3.7.1 Deactivation........................................................14
3.7.2 Decontamination.....................................................14
3.7.3 Decommissioning.....................................................15
4.0 Functional Design Criteria....................................................15
4.1 Nuclear Criticality Safety.................................................15
4.1.1 Conditions that Initiate Requirements of this Section...............15
4.1.2 Primary Applicable Requirements.....................................16
4.2 Radiation Protection.......................................................16
4.2.1 Primary Applicable Requirements.....................................16
4.2.2 General Application.................................................16
4.2.3 Special Considerations and Good Engineering Practices...............18
4.3 Hazardous Material Protection..............................................19
4.3.1 Conditions that Initiate Requirements of this Section...............19
4.3.2 Primary Applicable Requirements.....................................19
4.3.3 General Application.................................................19
4.3.4 Special Considerations and Good Engineering Practices...............20
4.4 Effluent Monitoring and Control............................................20
4.4.1 Applicability.......................................................20
4.4.2 Special Considerations and Good Engineering Practices...............21
4.5 Waste Management...........................................................22
4.5.1 Applicability.......................................................22
4.6 Fire Protection............................................................23
4.6.1 General Application.................................................23
4.6.2 Fire Hazard Analysis................................................23
4.7 Emergency Preparedness and Emergency Communications........................23
4.7.1 Conditions that Initiate Requirements of this Section...............23
4.7.2 Primary Applicable Requirements.....................................23
4.7.3 General Application.................................................24
4.8 Explosives Criteria........................................................24
5.0 Supplementary Design Criteria for Safety Structures, Systems, and Components..25
5.1 General Requirements.......................................................25
5.1.1 Assurance of Safety Function........................................25
5.1.2 Support System and Interface Design.................................27
5.1.3 Quality Assurance...................................................28
5.2 Specific Criteria..........................................................28
5.2.1 Structural..........................................................29
5.2.2 Mechanical..........................................................30
5.2.3 Electrical..........................................................33
5.2.4 Instrumentation, Control, and Alarm Systems.........................34
Appendix A .......................................................................A-1
List of Tables
Table 5-1. Codes for safety-significant and safety-class structures...............30
Table 5-2. Codes for safety-significant and safety-class ventilation system components.31
Table 5-3. Codes for safety-significant and safety-class process equipment........32
Table 5-4. Codes for safety-significant and safety-class handling equipment.......33
Table 5-5. Codes for safety-significant and safety-class electrical systems.......34
Table 5-6. ANSI/IEEE standards to be used as guidance for both safety-significant
and safety-class electrical systems as appropriate.....................34
Table 5-7. Codes for safety-significant and safety-class instrumentation, control,
and alarm components...................................................35
Glossary
Note: Origins of the definitions are indicated by references shown in "[ ]" (brackets),
although in some cases the referenced Orders are being replaced. If no reference is listed, the
definition originates in this IG and is unique to its application. Terms used within this IG
that are not defined in the Glossary carry their definition from the referenced documents.
Accident. An unplanned sequence of events that results in undesirable consequences.
[DOE-STD-3009-94]
Accident analysis. For the purposes of properly implementing the Unreviewed Safety
Question (USQ) Order, the term accident analysis refers to those bounding analyses selected
for inclusion in the Safety Analysis Report (SAR). These analyses refer to design basis
accidents only. [DOE 5480.21]
Accident analysis has historically consisted of the formal development of numerical estimates
of the expected consequence and probability of potential accidents associated with a facility.
For the purposes of this IG, accident analysis is a follow-on effort to the hazard analysis, not
a fundamentally new examination requiring extensive original work. As such, it requires
documentation of the basis for assignment to a given likelihood of occurrence range (e.g., 1/y
to 10-2/y, 10-2/y to 10-4/y, 10-4/y to 10-6/y) in hazard analysis and performance of a
formally documented consequence analysis. Consequences are compared with offsite
Evaluation Guidelines to identify safety-class structures, systems, and components. [DOE-
STD-3009-94]
ALARA. As low as reasonably achievable. [DOE 5480.11]
Confinement barriers.
Primary confinement. Provides confinement of hazardous material to the vicinity of
its processing. This confinement is typically provided by piping, tanks, glove boxes,
encapsulating material, and the like, along with any offgas systems that control
effluent from within the primary confinement.
Secondary confinement. Consists of a cell or enclosure surrounding the process
material or equipment along with any associated ventilation exhaust systems from the
enclosed area. Except in the case of areas housing glove-box operations, the area
inside this barrier is usually unoccupied (e.g., canyons, hot cells); it provides
protection for operating personnel.
Tertiary confinement. Typically provided by walls, floor, roof, and associated
ventilation exhaust systems of the facility. It provides a final barrier against the
release of hazardous material to the environment.
Construction. Any combination of engineering, procurement, erection, installation, assembly,
or fabrication activities involved in creating a new facility or altering, adding to, or
rehabilitating an existing facility. It also includes the alteration and repair (including
dredging, excavating, and painting) of buildings, structures, or other real property.
Decommissioning. The process of closing and securing a nuclear facility or nuclear materials
storage facility to provide adequate protection from radiation exposure and to isolate
radioactive contamination from the human environment. [DOE 5480.30]
Decontamination. The act of removing a chemical, biological, or radiological contaminant
from or neutralizing its potential effect on a person, object, or environment by washing,
chemical action, mechanical cleaning, or other techniques. [DOE 5480.30]
Design basis. Information that identifies the specific functions to be performed by a
structure, system, or component of a facility, and the specific values or range of values
chosen for controlling parameters as reference bounds of design. These values may be (1)
restraints derived from generally accepted "state of the art" practices for achieving functional
goals, or (2) requirements derived from analyses (based on calculations and/or experiments)
of the effects of a postulated accident for which a structure, system, or component must meet
its functional goals. [10 CFR 50.20]
Design basis accident. An accident postulated for the purpose of establishing functional and
performance requirements for safety structures, systems, and components. [DOE-STD-3009-
94]
Effluent monitoring. The collection and analysis of samples or measurements of liquid and
gaseous effluents for the purpose of characterizing and quantifying contaminants, assessing
radiation exposures of members of the public, providing a means to control effluents at or
near the point of discharge, and demonstrating compliance with applicable standards and
permit requirements. [DOE 5400.1]
Evaluation Guidelines. Radiation dose value against which the safety analysis evaluates.
Offsite Evaluation Guidelines are established for the purpose of identifying and evaluating
safety-class structures, systems, and components. For the purpose of this IG, an offsite
Evaluation Guideline of 25 rem, 50-year total effective dose equivalent for a 1-year uptake at
the site boundary shall be used.
Explosives facility. Any facility or location used for storage or operation with explosives or
ammunitions.
Facility. For the purpose of this IG, the definition most often refers to buildings and other
structures, their functional systems and equipment, and other fixed systems and equipment
installed therein to delineate a facility. However, specific operations and processes
independent of buildings or other structures (e.g., waste retrieval and processing, waste burial,
remediation, groundwater or soil decontamination, decommissioning) are also encompassed by
this definition. The flexibility in the definition does not extend to subdivision of physically
concurrent operations having potential energy sources that can seriously affect one another or
which use common systems fundamental to the operation (e.g., a common glove-box
ventilation exhaust header). [DOE-STD-3009-94]
Fail safe. A design characteristic by which a unit or system will become safe and remain
safe if a system or component fails or loses its activation energy.
Hazard. A source of danger (i.e., material, energy source, or operation) with the potential to
cause illness, injury, or death to personnel or damage to an operation or to the environment
(without regard for the likelihood or credibility of accident scenarios or consequence
mitigation). [DOE 5480.23]
Hazard analysis. The determination of material, system, process, and plant characteristics
that can produce undesirable consequences, followed by the assessment of hazardous
situations associated with a process or activity. Largely qualitative techniques are used to
pinpoint weaknesses in design or operation of the facility that could lead to accidents. The
SAR hazard analysis examines the complete spectrum of potential accidents that could expose
members of the public, onsite workers, facility workers, and the environment to hazardous
materials. [DOE-STD-3009-94]
Hazard classification. Evaluation of the consequences of unmitigated releases to classify
facilities or operations into the following hazard categories:
Hazard Category 1: The hazard analysis shows the potential for significant offsite
consequences.
Hazard Category 2: The hazard analysis shows the potential for significant onsite
consequences.
Hazard Category 3: The hazard analysis shows the potential for only significant
localized consequences.
[DOE 5480.23]
DOE-STD-1027-92 provides guidance and radiological threshold values for determining the
hazard category of a facility. DOE-STD-1027-92 interprets Hazard Category 1 facilities as
Category A reactors and other facilities designated as such by the Program Secretarial Officer.
[DOE-STD-3009-94]
Hazardous material. For the purpose of this IG, any solid, liquid, or gaseous material that is
not radioactive but is toxic, explosive, flammable, corrosive, or otherwise physically or
biologically threatening to health.
Nonreactor nuclear facility. Those activities or operations that involve radioactive and/or
fissionable materials in such form and quantity that a nuclear hazard potentially exists to the
employees or the general public. Included are activities or operations that:
Produce, process, or store radioactive liquid or solid waste, fissionable materials, or
tritium.
Conduct separations operations.
Conduct irradiated materials inspection, fuel fabrication, decontamination, or recovery
operations.
Conduct fuel enrichment operations.
Perform environmental remediation or waste management activities involving
radioactive materials.
Incidental use and generating of radioactive materials in a facility operation (e.g., check and
calibration sources, use of radioactive sources in research and experimental and analytical
laboratory activities, electron microscopes, and x-ray machines) would not ordinarily require
the facility to be included in this definition. [DOE S480.23]
Public. All individuals outside the DOE site boundary. [DOE-STD-3009-94]
Risk. The quantitative or qualitative expression of possible loss that considers both the
probability that an event will occur and the consequence of that event. [DOE 5480.23]
Safety analysis. A documented process: (1) to provide systematic identification of hazards
within a given DOE operation; (2) to describe and analyze the adequacy of the measures
taken to eliminate, control, or mitigate identified hazards; and (3) to analyze and evaluate
potential accidents and their associated risks. [DOE 5480.23]
Safety analysis report (SAR). A report that documents the adequacy of safety analysis to
ensure that a facility can be constructed, operated, maintained, shut down, and
decommissioned safely and in compliance with applicable laws and regulations. [DOE
5480.23]
Safety basis. The combination of information relating to the control of hazards at a facility
(including design, engineering analyses, and administrative controls) upon which DOE
depends for its conclusion that activities at the facility can be conducted safely. [DOE
5480.23]
Safety-class structures, systems, and components (safety-class SSCs). Structures, systems,
or components whose preventive or mitigative function is necessary to keep hazardous
material exposure to the public below the offsite Evaluation Guidelines. [DOE-STD-3009-94]
Safety-significant structures, systems, and components (safety-significant SSCs).
Structures, systems, and components not designated as safety-class SSCs, but whose
preventive or mitigative function is a major contributor to defense in depth (i.e., prevention of
uncontrolled material releases) and/or worker safety as determined from hazard analysis.
As a general rule of thumb, safety-significant SSC designations based on worker safety are
limited to those systems, structures, or components whose failure is estimated to result in a
prompt worker fatality or serious injuries to workers. Serious injuries, as used in this
definition, refer to immediately life-threatening or permanently disabling injuries (e.g., loss of
eye, loss of limb) from other than standard industrial hazards. It specifically excludes
potential latent effects (e.g., potential carcinogenic effects of radiological exposure or uptake).
The general rule of thumb cited above is not an Evaluation Guideline. It is a lower threshold
of concern for which safety-significant SSC designation may be warranted, not a quantitative
criteria. Estimates of worker consequences for the purpose of a safety-significant SSC
designation are not intended to require detailed analytical modeling. Considerations should be
based on engineering judgment of possible effects and the potential added value of safety-
significant SSC designation. [DOE-STD-3009-94]
[Note: As used in this IG, safety-significant SSC distinguishes a specific category of SSCs
other than safety-class SSCs. It should not be confused with the generic modifier "safety
significant" used in DOE Orders (e.g., DOE 5480.23).]
Safety structures, systems, and components (safety SSCs). The combined set of both
safety-class and safety-significant structures, systems, and components for a given facility.
[DOE-STD-3009-94]
Single-failure criterion. Safety systems shall perform all required safety functions for a
design basis accident in the presence of the following:
Any single detectable failure within the safety systems concurrent with all identifiable
but undetectable failures.
All failures caused by the single failure.
All failures and spurious system actions that cause, or are caused by, the design basis
accident requiring the safety function.
The single failure could occur prior to, or at any time during, the design basis accident for
which the safety system is required to function. [ANSI/IEEE Standard 379-1994, Chapter 4]
Site boundary. A well-marked boundary of the property over which the owner or operator
can exercise strict control.
Abbreviations and Acronyms
ac/dc alternating current/direct current
ACGH American Conference of Governmental Hygienists
ACI American Concrete Institute
AISC American Institute of Steel Construction
ALARA As low as reasonably achievable
ANS American Nuclear Society
ANSI American National Standards Institute
API American Petroleum Institute
ASHRAE American Society of Heating, Refrigeration, and Air-Conditioning
ASME American Society of Mechanical Engineers
ASTM American Society for Testing and Materials
AWWA American Water Works Association
CFR Code of Federal Regulations
DBA Design basis accidents
DoD Department of Defense
DoDESB Department of Defense Explosives Safety Board
DOE Department of Energy
DOE-STD DOE Standard
DOT Department of Transportation
EIA Electronic Industries Association
EOC Emergency Operations Center
EPA Environmental Protection Agency
EQ Environmental qualification
ERDA Energy Research and Development Administration (predecessor to DOE)
FHA Fire hazard analysis
FM Factory Mutual
HEPA High-efficiency particulate air (filter)
I&C Instrumentation and control
IEEE Institute of Electrical and Electronic Engineers
IES Illumination Engineering Society
IG Implementation Guide
ISA Instrumentation Society of America
NCRP National Council on Radiation Protection
NEPA National Environmental Policy Act
NFPA National Fire Protection Association
NPH Natural phenomena hazards
NQA Nuclear Quality Assurance
NRC Nuclear Regulatory Commission
OSHA Occupational Safety and Health Administration
PEL Permissible exposure limit
QA Quality assurance
RAM Reliability, availability, and maintainability
RCRA Resource Conservation and Recovery Act
SAR Safety analysis report
SMACNA Sheet Metal and Air Conditioning Contractors National Association
SSC Structures, systems, and components
TSR Technical safety requirement
UL Underwriters Laboratory
USGS U.S. Geological Survey
USQs Unreviewed safety questions
Implementation Guide for
Nonreactor Nuclear Safety Design Criteria and
Explosives Safety Criteria
1.0 Introduction
1.1 General
This Implementation Guide (IG) provides guidance for satisfying the requirements contained
within Department of Energy (DOE) 420.1, "Facility Safety," Section 4.1, "Nuclear and
Explosives Safety Design Criteria." This IG provides guidance for the application of DOE
Orders, Rules, and national and industry codes and standards to achieve compliance with
DOE 420.1, Section 4.1, requirements. The facility design shall conform to the requirements
of DOE 420.1, Section 4.1, and construction shall be in accordance with the approved design.
The objective of this IG is to provide an acceptable methodology for selecting industry codes
and standards for nuclear safety aspects of design of nonreactor nuclear facilities.
Compliance with the guidance of this IG is an acceptable approach to complying with the
requirements of DOE 420.1, Section 4.1. This IG stresses that safety design should be driven
by safety analysis and provides interpretive guidance on the performance-level requirements
of the Order. A successful safety design product depends on the quality of the safety analysis
and on engineering judgment in the transformation of this guidance to the final design.
This IG is not intended to be all inclusive with respect to the nuclear/radiological safety
requirements and guidance for designing a DOE nonreactor nuclear facility. Where other
DOE Orders, Rules, and national and industry codes and standards contain requirements and
supporting guidance pertaining to safety of nuclear facilities, such guidance will not be
repeated in this document. Instead, a short discussion will point to the relevant document.
Examples are found in the areas of natural phenomena hazards mitigation, fire protection,
criticality safety, and explosives safety.
1.2 Application
The requirements of DOE 420.1, Section 4.1, are applicable to the design and construction of
new nonreactor nuclear facilities and for modifications to existing nonreactor nuclear facilities
when the modifications significantly increase the probability or consequence of a nuclear
accident or require a change in the Technical Safety Requirements (TSRs) of a facility. It is
intentionally left to the exercise of judgment of the proposing contractor and the approving
DOE authority to define "significant." In part, this is intended to allow upgrading of existing
safety equipment or installation of minor new improvements without subjecting the process to
onerous procedural requirements and thus discouraging improvements.
Modifications to facility design and construction during the design and construction phase
shall conform to the design requirements for new facilities.
All new construction shall, as a minimum, conform to the model building codes applicable for
the state or region, supplemented with additional safety requirements associated with the
hazards in a facility in a graded manner
1.3 Content
This IG is structured to represent the progressive logic of design. The "Introduction" section
provides a general statement regarding the intent and applicability of the IG. The following
sections provide guidance for nuclear safety design concepts or assurances, elements of design
for nuclear safety, functional design criteria, and criteria for safety structures, systems, and
components (SSCs).
Contained within Section 2.0, "Safety Analysis and Design Process," are nuclear safety design
concepts that when implemented along with specific criteria should ensure a safe facility
design. This section addresses the importance of starting the safety analysis as early as
possible in the design and maintaining an interrelationship between the design process and the
safety analysis, as they both evolve. Other concepts addressed under this section are defense
in depth, system engineering, and quality assurance. These are nuclear safety design concepts
and strategies to be applied at the beginning and throughout the design process to ensure
safety concerns are addressed and incorporated into the design as necessary.
Section 3.0, "Elements of Design for Nuclear Safety," Section 4.0, "Functional Design
Criteria," and Section 5.0, "Supplementary Design Criteria for Safety Structures, Systems, and
Components," describe specific criteria that are to be applied, as applicable, to the facility
under design. The guidance within these sections relates to safety as it applies to the overall
facility and its impact on facility design.
Section 3.0 addresses nuclear safety criteria that should be considered during the design
process such as siting, natural phenomena, architecture, accessibility and maintainability,
human factors, and decontamination and decommissioning.
Section 4.0 is more specific to the safety function(s) that are to be performed within or by the
facility under design. These nuclear safety criteria include nuclear criticality, radiation
protection, hazardous material protection, effluent monitoring and control, waste management,
fire protection, emergency preparedness and emergency communications, and explosives
criteria and their applicability to the safety of the facility, depending on the function or
mission of the facility.
Section 5.0 provides guidance for specific criteria requirements for the SSC that are
identified, via the safety analysis, to function as safety-class or safety-significant SSCs.
These criteria are applied to those specific elements within the facility.
1.4 Compliance with DOE 420.1 Requirements
This section provides a correlation of the requirements contained in DOE 420.1, Section 4.1,
to this IG. The objectives of DOE 420.1, Section 4.1, "Nuclear Safety," are covered in the
IG "Introduction" section defining the intent and applicability to DOE design activities.
The requirements for the development process of the safety analysis are set forth in DOE
420.1, Section 4.1.1.1, "General Requirements." Also contained in DOE 420.1, Section
4.1.1.1, and DOE 420.1, Section 4.1.1.2, "Design Requirements," are the requirements
pertaining to the implementation of defense in depth and the quality level requirements for
facility design and construction. Section 2.0, "Safety Analysis and Design Process," of this
IG provides guidance for performing the safety analysis and maintaining an interrelationship
with the design process. This IG section also contains guidance for nuclear safety design
concepts such as defense in depth, system engineering, and quality assurance to meet the
requirements set forth in DOE 420.1, Section 4.1.
Guidance for the additional nuclear safety design requirements set forth in Section 4.1.1.2 of
DOE 420.1 are addressed in detail in Section 3.0, "Elements of Design for Nuclear Safety,"
Section 4.0, "Functional Design Criteria," and Section 5.0, "Supplementary Design Criteria
for Safety Structures, Systems, and Components," of this IG. Requirements related to the
overall facility design, such as siting; natural phenomena; architecture; reliability, accessibility
and maintainability; and decontamination and decommissioning are provided in Section 3.0 of
this IG. Section 4.0 of this IG provides guidance to meet the nuclear safety functional
requirements of DOE 420.1, Section 4.1.1.2, as they pertain to as low as reasonably
achievable (ALARA), waste management, and other functional operations. The guidance to
meet the requirements for safety SSCs to be designed so they can perform their safety
functions when called upon to operate and to be designed and fabricated under a quality
assurance program as defined in Section 4.1.1.2 of DOE 420.1 are addressed in Section 5.0 of
this IG.
Guidance to comply with the requirements contained in Section 4.1.2, "Explosives Safety," of
DOE 420.1, Section 4.1, are provided in Section 4.8, "Explosives Criteria," of this IG.
2.0 Safety Analysis and Design Process
2.1 Design Process and Safety Analysis Relationship
In this section, the relationship between the facility design process and the parallel
development of the facility safety analysis process is discussed. Continuous coordination is
necessary between these two activities throughout the project to ensure that the final design
meets the mission requirements and includes the required safety features. The safety analysis
shall be performed in accordance with the guidance in DOE-STD-3009-94 and the
requirements of DOE 5480.23 to develop and validate the functional and performance
requirements for the safety SSCs.
Design of safety SSCs is an important part of the overall facility design process. As the
facility design progresses from conceptual design through the finalization of design, designers
and safety analysts must exchange information in an iterative process. Early in the
conceptual design, a hazard analysis shall be conducted based on the anticipated physical and
chemical processes to be used in support of the overall facility mission, external man-induced
hazards, and natural phenomena hazards. The hazards associated with processes may
influence the design, e.g., alternative physical layouts, segmentation of facilities to isolate
particularly hazardous processes, or the use of multistage or parallel processes to reduce the
hazardous material in any particular process step. Natural phenomena hazards shall be
considered in accordance with DOE 420.1, Section 4.4, "Natural Phenomena Hazards
Mitigation," and its Implementation Guide. External man-induced hazards peculiar to the site
(such as pipelines and hazardous materials storage) shall be considered.
The results of the hazard analysis shall be used to identify the design basis accidents (DBAs)
that in turn shall be used to define the functional and performance requirements of the facility
safety SSCs. Safety SSCs required to prevent or mitigate accidents whose consequences
exceed offsite Evaluation Guidelines shall be defined as safety-class SSCs. Safety-significant
SSCs shall be selected for worker protection and to provide defense in depth. This
information shall be incorporated into the design of these safety SSCs.
The defense-in-depth concept, described in Section 2.3 of this IG, shall be integrated into the
facility design process. The application of the defense-in-depth concept to the facility design
will help identify potential safety features to be included in the facility design. Consideration
should be given to prevent or mitigate accident consequences from contaminating the
environment, even when direct public or worker safety is not an issue.
Sufficient hazard and accident analyses shall be completed during the preliminary design to
verify and finalize the selection of safety SSCs. These hazard and accident analyses shall be
sufficiently complete to determine the DBA environmental and load conditions for safety
SSCs.
2.2 External Design Constraints
The primary inputs for facility design include the DOE mission requirements, DOE 420.1, and
externally imposed regulatory inputs from federal [e.g., Occupational Health and Safety
Administration (OSHA), Environmental Protection Agency (EPA), etc.], state, and local
governments where the facility is located (e.g., a stack monitor to record releases to comply
with local environmental monitoring requirements), and DOE 430.1, "Life-Cycle Asset
Management," which calls for the use of national consensus codes and standards. As a
minimum, design and construction shall conform to the model building codes applicable for
the state or region, supplemented with additional safety requirements associated with the
hazards in the facility in a graded manner.
2.3 Defense in Depth
Defense in depth is a safety design concept or strategy that shall be applied at the beginning
and maintained throughout the facility design process. This safety design strategy is based on
the premise that no one layer of protection is completely relied upon to ensure safe operation.
By applying this safety strategy, the DOE 420.1 objective of providing multiple layers of
protection to prevent or mitigate an unintended release of radioactive material to the
environment can be achieved. Conceptually, there are three levels of defense in depth.
The first level of defense consists of a well-designed facility with process design to reduce
source terms, reliable SSCs that are simple to operate and maintain and resistant to
degradation, and personnel well trained in operations and maintenance and committed to a
strong safety culture.
The second level recognizes that failures of systems and components and human failures
cannot be entirely eliminated and that protective features (e.g., engineering design features
and administrative controls) are required. These features are provided to ensure a return to
normal operation or to bring the facility to a safe condition in the event of anticipated but
abnormal events. These features may provide automatic system response to such events or
may be monitors that alert operators to the necessity of taking manual action. Such response
to off-normal conditions can effectively halt the progression of events toward an accident.
The final level of defense consists of conservatively designed safety SSCs to prevent or
mitigate the consequences of accidents that may be caused by errors, malfunctions, or by
events that occur both internal and external to the facility.
The following are elements of defense in depth related to safety design and construction that
shall be objectives during the design process:
Siting. Consider site locations that reduce the need to provide design measures to
alleviate potentially hazardous conditions or to protect surrounding populations. For
example, consideration of ground instability, flooding, and hazards due to nearby
installations or activities.
Material at risk. Apply facility and process design and administrative controls to
minimize and control inventories of radioactive materials and their forms.
Conservative design. Design conservative margins that may allow operations to
deviate from normal conditions before requiring corrective actions and taking into
consideration the potential degradation of elements and operational errors.
Quality assurance. Use quality-assurance practices for the design and construction of
safety SSCs whose stringency is commensurate with anticipated hazards, including but
not limited to the assurance of qualified design and construction personnel, traceability
of design decisions and procurements, and documentation of changes in design and
construction.
Physical barriers. Design physical barriers to confine radioactive material and thereby
prevent uncontrolled releases.
Critical safety functions. Design to provide multiple ways for safety functions to
control processes, to maintain processes in a safe state, and to confine radioactivity
when accidents could have the potential for significant public radiological impact.
Equipment and administrative controls. Include features to control process variables
to values within safe conditions, to alert operating personnel of an approach toward
conservative process limits, to allow timely detection of failure or malfunction of
critical equipment, and to allow for the imposition of administrative controls assumed
in the hazard analysis, and/or accident analysis.
Emergency features. Include alarms and monitors to alert workers and the public to
the existence of unsafe conditions and to record the sequence and severity of an
accident. Evacuation considerations incorporated into the facility design are to be
coordinated with the development of the emergency plan.
The detailed design criteria requirements for these defense-in-depth elements that shall be
used are defined in Section 3.0, "Elements of Design of Nuclear Safety," Section 4.0,
"Functional Design Criteria," and Section 5.0, "Supplementary Design Criteria for Safety
Structures, Systems, and Components," of this IG.
2.4 Systems Engineering
The systems engineering process covers a broad range of activities that involves the design
and management of a total facility. For the purpose of this IG, the focus will be on those
elements of systems engineering that relate to nuclear safety and should be considered as part
of the overall facility system engineering activities. The systems engineering activities
relating to nuclear safety include the following:
Identifying and integrating facility nuclear safety requirements.
Coordinating multidisciplinary teamwork in implementing facility safety requirements.
Providing nuclear safety-related interface management.
Providing configuration management to include the establishment of baseline
configuration.
Coordinating technical reviews of the facility nuclear safety features.
The application of systems engineering activities to the nuclear safety aspects of facility
design should be graded and commensurate with the facility hazards and complexity. The
goal is to ensure that the systems engineering activities include consideration of the
appropriate facility safety features. Electronic Industries Association (EIA) Interim Standard,
"System Engineering," and the applicable Implementation Guides for DOE 430.1, "Life-Cycle
Asset Management," should be used as guides in developing systems engineering actives to
enhance the facility safety design.
2.5 Quality Assurance
As required by 10 CFR 830.120, "Quality Assurance Requirements," nuclear facilities shall
develop and implement a Quality Assurance (QA) program that meets the requirements
contained therein. Supplemental information and acceptable methods for implementing these
requirements are found in "Implementation Guide For Use with 10 CFR 830.120, G-830.120."
QA encompasses all those planned and systematic actions and controls necessary to ensure
that risk to the public health and safety and the environment are controlled and that the
safety, reliability, and performance are realized through the application of effective
management systems. The "graded approach" should be applied when identifying QA
requirements for SSCs; that is, the scope and breadth of the requirements contained within the
QA program should be adjusted to reflect the importance of the safety function of the SSCs.
The degree of implementation of the QA Program should evolve concurrently with the project
through its life cycle. Specifically, the QA requirements identified for an SSC's design,
fabrication, construction, and modification shall be documented and supported by the facility's
safety analysis.
Document and change control for project design documents and supporting documentation
shall be provided by the design activity during the design. By the start of construction,
document and change control shall be provided by an appropriate QA configuration
management program. Subsequent changes to project design and supporting documents shall
be made by means of a formal change control program in accordance with 10 CFR 830.120.
Additional QA criteria for safety SSCs are found in Section 5.0, "Supplementary Design
Criteria for Safety Structures, Systems, and Components," of this IG.
3.0 Elements of Design for Nuclear Safety
3.1 General
This section provides design guidance and identifies key documents that contain safety design
requirements for the design and construction of DOE nonreactor nuclear facilities. The
predominant model building codes in the region shall govern on issues not covered in this IG.
Section 4.2, "Fire Protection," of DOE 420.1 shall apply for fire protection and life safety
criteria.
When developing the safety aspects of the facility design, there is a logical sequence of
design considerations to follow. First, the radioactive and/or hazardous material inventory
should be minimized and material forms considered. Next, conservative design margins
should be applied as appropriate. Finally, appropriate preventive and mitigative features
should be considered. Successful application of these principles and features into the facility
design will result in a safe facility design.
3.1.1 Radioactive and/or Hazardous Material Inventory
The basic and most effective means of controlling the hazards inherent in the facility is the
restriction of inventories and forms of radioactive and/or hazardous materials. Emphasis
should be placed on limiting the quantities of radioactive and/or hazardous materials in both
process and storage areas. Material may be rendered less hazardous by maintaining it in
more stabilized and less dispersible forms. For example, a quantity of plutonium stored in
metal form presents less of a hazard than the same quantity stored in its oxide form.
3.1.2 Conservative Facility Design
The next area of emphasis should be conservative design margins that account for deviations
from normal process parameters. The facility design also should accommodate means such as
monitors and automatic and manual controls to restrict deviations from normal operations and
to assist recovery during the early stages of an accident sequence. Conservative design
features apply to safety SSCs as described in Section 5.1.1.1 of this IG.
3.1.3 Preventive Features
To prevent abnormal facility conditions from progressing to accidents, preventive features
should be considered in the design. The objective of these features is to provide a return to
normal operation or return to a safe condition. These features may provide automatic system
response to such events or may be monitors that alert operators to the necessity of taking
manual action. Such response to off-normal conditions can effectively halt the progression of
events toward an accident.
3.1.4 Mitigating Features
Safety SSCs shall be provided to mitigate consequences of accidents that may still occur
despite the application of the preceding conventions. The safety SSCs shall be identified
through the safety analysis (see Section 2.1 of this IG).
3.2 Siting Criteria Development
The following factors should be considered in determining facility site suitability and in
establishing facility safety design criteria:
The site boundary and land-use characteristics of the site surroundings, including
properties at risk from accidental exposures, public exclusion zones (access control),
population-center distances, and population density.
Proximity of services such as the fire department and emergency medical centers.
Utility systems essential to support safety class SSCs.
Physical characteristics of the site, including topography, meteorology, and hydrology.
Geological and subsurface elements such as earthquake loading, soil bearing design
capacity, rock or other bearing stratum, and groundwater elevations.
Natural phenomena hazards as discussed in Section 3.3, "Natural Phenomena
Hazards," of this IG and DOE 420.1, Section 4.4, "Natural Phenomena Hazards
Mitigation," including seismic activity, wind, hurricane, tornado, flood, hail, volcanic
ash, lightning, and snow.
Emergency response considerations, including population sheltering or shielding
parameters and evacuation delay times and rates for the public and colocated workers.
Potential man-induced hazards from nearby facilities or activities such as industrial
and military facilities, aircraft impacts, pipelines, and transportation routes.
Proximity and hazard to other facilities (from the proposed facility).
Site relater assumptions of the Environmental Impact Statement.
For the purpose of this IG, a radiological siting criterion of 25 rem, 50-year total effective
dose equivalent from a 1-year uptake at the site boundary shall be used.
3.3 Natural Phenomena Hazards
3.3.1 General Application
Safety SSCs shall be designed and constructed to withstand the effects of natural phenomena
hazards (NPHs). Fundamental requirements for NPHs are specified in the regional model
building codes. The natural phenomena design requirements for safety SSCs as specified in
DOE 420.1, Section 4.4, and the associated DOE Standards shall apply to safety SSCs as
determined by the methodology described in DOE-STD-3009-94. The safety-class or safety-
significant designation is the basis for selecting the specified natural phenomena design
requirements found in the referenced DOE standards.
3.3.2 Primary Applicable Requirements
DOE 420.1, Section 4.4 and its Implementation Guide.
DOE-STD-1020-94.
DOE-STD-1021-93.
DOE-STD-1022-94.
DOE-STD-1023-94.
DOE-STD-1024-92.
3.3.3 Other Considerations
Design considerations for volcanic eruption and ash fall, lightning strikes, range fires, snow
loads, and extreme temperatures are not provided in DOE 420.1, Section 4.4, and other
associated standards. Criteria for the assessment and mitigation of these hazards shall be
developed on a site-specific basis and approved by DOE prior to use. Lightning protection
systems shall be considered for buildings and structures that contain, process, and store
radioactive, explosive, and similarly hazardous materials. Lightning protection systems shall
be designed to comply with NFPA 780. (See DOE 420.1, Sections 4.3 and 4.4.)
Design considerations should be given to the interaction of more than one event, particularly
those more likely to occur simultaneously. For example, heavy rains usually accompany
tornadoes or high winds; excessive roof loads may result from rain and accumulated volcanic
ash; and upstream dams may fail due to seismic events.
3.4 Architectural
The type and level of hazards should be determined for each functional area, the attendant
degree of risk established, and the possibility of cross contamination considered. Wherever
possible, work areas with compatible contaminants should be located together to simplify
design criteria related to air supply and exhaust, waste disposal, decontamination, and cross
contamination.
Radioactive and hazardous material contamination control requirements should be considered
in the design to minimize the potential for contamination spread.
Office areas should be located in common-use facilities (e.g., data computation and
processing, word processing, etc.) and away from process areas to minimize risks to workers
of exposure to radioactive and/or hazardous materials.
3.4.1 Building Layout
The building layout should provide protection from the hazards associated with handling,
processing, and storing of radioactive and/or hazardous materials. In addition, the following
items should be considered in the facility safety design:
The provision of additional space for temporary shielding or for additional shielding in
the event radiation levels are higher than anticipated.
The arrangement and location of hazardous process equipment and its maintenance
provisions should provide appropriate protective and safety measures as applicable.
The building design should accommodate a prompt return to a safe condition in
emergencies and allow ready access and protection of workers in areas where manual
corrective actions are required and in areas that contain radiation monitoring
equipment readouts.
Facility layout should provide specific control and isolation, if possible, of quantities
of flammable, toxic, and explosive gases, chemicals, and other hazardous materials
admitted to the facility.
3.4.2 Access Control
The facility design should accommodate the requirements for safeguards and security,
emergency egress, and area access control for worker protection. Where these requirements
may appear to conflict, life safety shall take precedence. For example, safeguards and
security requirements would minimize the number of entrances and exits, but for worker
safety, the emergency-egress requirements would provide an adequate number of exits.
Specific requirements for access control shall be implemented as specified by 10 CFR 835 for
radiological hazards, by RCRA for hazardous waste treatment, storage, and disposal facilities,
and by 29 CFR 1910 and 1926 (OSHA) for hazardous material locations within operating
facilities and construction sites.
Where access control is provided for control rooms that contain safety-class SSC controls and
monitoring, the same level of qualification shall be considered for the access control features.
Access controls shall not prevent operator actions required to achieve and maintain a facility
in a safe condition.
3.5 Accessibility and Maintainability
Section 4.1.1.2 of DOE 420.1 requires that facilities be designed to facilitate inspection,
testing, maintenance, and repair and replacement of safety SSCs to assure their continued
function, readiness for operation, and accuracy. The facility design shall include provisions
for accessibility and maintainability that include but are not limited to the following:
Surveillance equipment should be located and sufficient space provided for relative
ease of routine testing and maintenance activities.
Accessible inspection covers to allow for visual inspection should be provided and
located such that necessary routine inspections can be conducted with minimum
disruption to the facility or equipment operation. Examples include ducting and
process piping systems.
The facility design should include features that provide for ease of routine
maintenance without a subsequent mission reduction. Examples include providing
sufficient clearance around equipment to accommodate change out of large
components and providing permanent ladder(s) and platform(s) access to lubrication
and equipment areas.
A Reliability, Availability, and Maintainability (RAM) program should be established in
accordance with the guidance of DOE "Reliability, Availability, and Maintainability
Guidelines" (Draft) and graded as to the complexity and hazards of the facility. The purpose
of a RAM programs to help ensure that the project will be free of RAM-related problems that
could prevent achieving health, safety, environmental, performance, schedule, and economic
goals.
3.6 Human Factors Engineering
Appropriate human factors engineering principles and criteria should be integrated into the
design, operation, and maintenance of DOE facilities. The human factor elements that should
be considered include, but are not limited to, the following: equipment labeling, workplace
environment (temperature and humidity, lighting, noise, vibration, and aesthetics), human
dimensions, operating panels and controls, component arrangement, warning and annunciator
systems, and communication systems. The applicable criteria found in NUREG 0700, MIL-
STD-1472C (DoD), and ANSI/IEEE 1023 should be considered in the design of these
elements.
3.7 Design to Facilitate Deactivation, Decontamination, and Decommissioning
3.7.1 Deactivation
Deactivation is the process of removing hazardous materials and neutralizing hazardous
conditions at the end of a facility's life or mission prior to decontamination and
decommissioning. Design to facilitate deactivation would incorporate facility features that aid
in the removal of surplus radioactive and chemical materials; storage tank cleanout and
maintenance; stabilization of contamination and process materials; and the removal of
hazardous, mixed, and radioactive wastes. In general, these features would reduce the
physical risks and hazards associated with facility decontamination and decommissioning and
would also be called for when designing for ease of maintenance during operation.
3.7.2 Decontamination
In accordance with DOE 420.1, the facility design shall incorporate measures to simplify
decontamination of areas that may become contaminated with radioactive or hazardous
materials. Items such as service piping, conduits, and ductwork should be kept to a minimum
in potential contamination areas and should be arranged to facilitate decontamination. Walls,
ceilings, and floors in areas vulnerable to contamination should be finished with washable or
strippable coverings. Metal liners should be used in areas that have the potential to become
highly contaminated. Cracks, crevices, and joints should be filled and finished smooth to
prevent accumulation of contaminated material. The facility design should incorporate
features that will facilitate decontamination to achieve facility decommissioning, to increase
the potential for other uses, or both.
3.7.3 Decommissioning
Design features consistent with the requirements of DOE 5820.2A, Chapter V, should be
developed during the planning and design phases based on decommissioning requirements or
a conversion method leading to other facility uses. The following design principles should be
considered:
Use of localized liquid-transfer systems with emphasis on localized batch solidification
of liquid waste to avoid long runs of buried contaminated piping. Special provisions
should be included in the design to ensure the integrity of joints in buried pipelines.
Location of exhaust filtration components of the ventilation systems at or near
individual enclosures to minimize long runs of internally contaminated ductwork.
Equipment, including effluent decontamination equipment, that precludes, to the extent
practicable, the accumulation of radioactive or other hazardous materials in relatively
inaccessible areas, including curves and turns in piping and ductwork. Accessible,
removable covers for inspection and cleanouts are encouraged.
Use of modular radiation shielding in lieu of or in addition to monolithic shielding
walls.
Provisions for flushing and/or cleaning contaminated or potentially contaminated
piping systems.
Provisions for suitable clearances, where practical, to accommodate remote handling
and safety surveillance equipment required for future decontamination and
decommissioning.
Use of lifting lugs on large tanks and equipment.
Piping systems that carry contaminated or potentially contaminated liquid should be
free draining via gravity.
4.0 Functional Design Criteria
4.1 Nuclear Criticality Safety
4.1.1 Conditions that Initiate Requirements of this Section
Any DOE facility that may produce, process, store, transfer, dispose, or otherwise handle
sufficient quantities of fissionable material that present a concern for accidental criticality
shall be designed to meet the requirements of DOE 420.1, Section 4.3, "Nuclear Criticality
Safety."
4.1.2 Primary Applicable Requirements
DOE 420.1, Section 4.3, contains requirements that facilities be designed in such a manner
that the probability of a criticality accident is acceptably low and, to the extent practical, the
public, the workers, and the environment are protected from damaging effects and undue
hazards that may arise from a criticality accident as required; that no single credible event or
failure shall result in a criticality accident having unmitigated consequences; and that
criticality accident alarm systems and criticality detection systems be included. See DOE
420.1, Section 4.3, and its supporting standards for details.
4.2 Radiation Protection
4.2.1 Primary Applicable Requirements
The control of radiological exposures of workers, the public, and the environment shall be in
accordance with Section 4.1.1.2 of DOE 420.1, 10 CFR 835, and 10 CFR 834 (Proposed).
Additional guidance is contained in the DOE "Radiological Control Manual" (DOE/EH-
0256T).
4.2.2 General Application
The primary objective of radiological protection is to minimize personnel external and internal
exposures to radioactive materials; provide adequate radiation posting, sampling, monitoring,
and notification or alarm capabilities; and apply ALARA principles. Radiation protection
should be provided through facility physical design (e.g., shielding, remote handling, area
layout, equipment layout, confinement, and ventilation) and supplemented by cautionary
systems. ALARA principles to minimize personnel exposures shall be applied to all
equipment and facility designs.
Specific criteria for monitoring and entry control systems, posting and labeling of radioactive
materials, nuclear accident dosimetry, and ALARA applications shall be applied as required
by 10 CFR 835.
Offsite dose limits used to assess acceptability of the facility safety design during normal
operations and anticipated operational occurrences shall comply with 10 CFR 834 (Proposed).
Physical layout and details of proven radiological equipment designs are contained in the
DOE adopted IAEA Safety Series 30 Standard and Faust (1988).
The projected dose rates shall be based on occupancy, duration, and frequency of exposure
and shall not exceed values specified in 10 CFR 835. This may require that shielding be
provided for areas requiring normal and intermittent access, such as those for preventive
maintenance, component changes, or adjustment of systems and equipment. The type of
shielding should be determined by the characteristics of the radiation, structural requirements,
fire protection requirements, and radiation damage potential. Shielding should also be
installed to minimize nonpenetrating external radiation exposures to the skin and lens of the
eye where required. In most cases, confinement barriers or process equipment provide this
function. Where shielding is an integral part of the facility structure, it shall be designed and
installed to at least the same level of natural phenomenon qualification as the facility
structure. Additional guidance is contained in ANSI/ANS 6.4.2. Where shields are identified
as safety class, the additional requirements stated in Section 5.0, "Supplementary Design
Criteria for Safety Structures, Systems, and Components," of this IG shall also be applied.
Occupied operating areas for normal operating conditions shall be designed not to exceed the
airborne concentration limits of 10 CFR 835. Respirators should not be required under
normal operating conditions except as a precautionary measure. Engineered controls and
features should be designed with consideration of contaminant chemical forms to minimize
potential inhalation of radioactive materials.
Devices to monitor individual exposures to external radiation and to warn personnel of
radioactive contamination shall be used in accordance with 10 CFR 835. Air sampling
equipment should be placed in strategic locations to detect and evaluate airborne contaminant
conditions at work locations. Continuous air monitors with preset alarms should be provided
to give early warning of significant releases of radioactive materials. Air monitoring and
warning systems shall comply with the requirements of 10 CFR 835 with consideration for
additional guidance contained in ANSI N13.1.
Breathing-air supply systems, if required, shall comply with 29 CFR 1910.134.
4.2.3 Special Considerations and Good Engineering Practices
American Nuclear Society document ANS 11.16 contains guidance on functional designs
based on both DOE and Nuclear Regulatory Commission (NRC) experiences. DOE/EH-
0256T provides details on radioactive material identification, storage, and transport. These
documents provide descriptions and details of use-proven principles and designs and identify
considerations that affect configuration, hardware selection, installation, maintenance, and
controls that can be used in developing a sound functional design.
Shielding should be designed to limit the total external dose during normal operations to the
annual exposure limit values as specified in 10 CFR 835. Design of facilities and shields
applicable to machines and sources is summarized as good practices in NCRP Report 49.
Additional guidance is contained in ANSI N43.2.
Guidance on ventilation design is provided by an ACGIH document (ACGIH, 1995) and
ERDA 76-21. Alarms for loss of ventilation or differential pressure shall be provided on
primary confinement systems (glove boxes or hoods) and should be considered on secondary
confinement systems (rooms). ANSI/ASME N509 contains requirements for the design of
nuclear facility air cleaning systems and ANSI/ASME N510 contains requirements for testing
air cleaning systems.
Change rooms for changing into and out of protective clothing should be designed to ensure
that clean clothing (personal clothing) and contaminated clothing (protective clothing) are
segregated. The design objective is to ensure that storage of contaminated protective clothing
will control contamination so that it does not spread beyond the storage container. The
change room exhaust air should be high efficiency particulate air (HEPA) filtered as
applicable if dispersible radionuclides are handled in the process areas it serves.
Personnel decontamination facilities should be located close to areas that are potential sources
of contamination. Safety showers may be used if water collection from their use is
controlled. Portable personnel decontamination equipment should be considered for facilities
with no permanent structures.
Respiratory protection should be provided to maintenance personnel where potentially
significant exposures exist for maintenance operations and design constraints preclude the
ability to perform maintenance either remotely or in a glove box. However, every reasonable
effort should be made to allow routine maintenance activities to be conducted without the
need for respiratory protection.
4.3 Hazardous Material Protection
This section provides functional design guidance for hazardous material protection other than
radioactive material protection. While not controlled by DOE 420.1, Section 4.1, directly,
these considerations may indirectly relate to nuclear safety in that hazardous material releases
may cause or exacerbate nuclear accidents. The hazard analysis shall establish any potential
for hazardous material release accidents that cause or exacerbate a nuclear accident. This
potential shall be considered in the accident analysis and the selection of safety SSCs.
4.3.1 Conditions that Initiate Requirements of this Section
Any facility where personnel could potentially be exposed to hazardous materials listed in 29
CFR 1910 at concentrations approaching the listed permissible exposure limits (8 hour-time-
weighted average, normal operations) shall comply with the requirements of the applicable
laws for hazardous material protection.
4.3.2 Primary Applicable Requirements
Requirements for design of engineered controls for hazardous material protection are
contained in 29 CFR 1910, Subparts G, H, and Z.
4.3.3 General Application
Ventilation systems are engineering controls commonly used to prevent worker exposure to
hazardous materials and are used in combination with personal protective equipment and
operational procedures. 29 CFR 1910, Subpart G, 1910.94, requires that where ventilation is
used to control worker exposures, it shall be adequate to reduce the hazardous material
concentrations of air contaminants to the degree that the hazardous material no longer poses a
health risk to the worker (i.e., concentrations at or below the permissible exposure limits). 29
CFR 1910, Subpart Z, 1910.1000, requires that wherever engineering controls are not
sufficient to reduce exposures to such levels, they shall be used to reduce exposures to the
lowest practicable level and supplemented by work practice controls. The design should
ensure that respirators are not required for normal operating conditions or routine maintenance
activities except as a precautionary measure.
Ventilation systems for hazardous material protection should use exhaust hoods to control
concentrations of hazardous materials from discrete sources, or should control the number of
air changes per hour for an entire room or bay. Air flow and other design requirements for
specific types of systems shall comply with 29 CFR 1910, Subparts G and H. 29 CFR 1910,
Subpart Z, provides requirements for monitoring and alarm systems for facilities that manage
or use specific hazardous materials. Additional guidance on design of ventilation systems for
hazardous material protection is provided in ANSI Z9.2 and ASHRAE 62.
Decontamination facilities, safety showers, and eyewashes to mitigate external exposures to
hazardous materials shall be provided where mandated by 29 CFR 1910, Subparts H and Z.
These systems shall be designed in accordance with the requirements of ANSI Z358.1 and
ANSI Z124.2.
4.3.4 Special Considerations and Good Engineering Practices
Facilities with hazardous material exposure concerns should be designed to minimize
personnel exposures, both external and internal, and to provide adequate monitoring and
notification capabilities to inform workers of unsafe conditions. Hazardous material
protection should be provided through facility design (e.g., remote handling, area and
equipment layout, spill-control features, confinement, ventilation, etc.). Occupied spaces
should be designed to preclude locations where low oxygen content or air displacement may
occur or where reactive, combustible, flammable, or explosive gas, vapor, or liquid
accumulation might occur.
Safety controls and features should be designed to consider contaminant chemical forms and
minimize the potential for inhalation and contact under all conditions. Directed ventilation
flow paths should be used to move contaminants away from worker breathing zones. The
design should ensure that ventilation flow will cascade from clean areas to contaminated areas
to preclude contamination spread. Uniform distribution of incoming air and/or air mixing
equipment should be provided to ensure that no pockets of stagnant air exist in areas where
workers are present.
4.4 Effluent Monitoring and Control
4.4.1 Applicability
This section applies to any DOE facility that produces airborne or liquid radioactive and/or
hazardous material effluents, including contaminated storm water, under normal operating
conditions.
4.4.2 Special Considerations and Good Engineering Practices
Liquid process wastes containing radioactive and/or hazardous material should be collected
and monitored near the source of generation before batch transfer via appropriate pipelines or
portable tanks to a liquid-waste treatment facility. Waste storage tanks and transfer lines shall
be designed and constructed so that any leakage should be detected, contained, and collected
for removal before it reaches the environment. Double-walled transfer pipelines or multiple
encasements should be used for high-level radioactive liquid wastes and other liquid wastes
that have the potential to cause significant localized consequences as defined by safety
analysis, or significant exposures during the implementation of mitigating measures in the
event of an accidental release. Provisions should be made for the collection, removal, and
appropriate disposition of infiltration into the annulus of double-walled pipelines.
Radioactive- and hazardous-waste collection, transfer, and storage systems shall be designed
to avoid the dilution of radioactive or hazardous waste by waste of lower concentrations of
radioactivity, toxicity, or other hazard. Emphasis should be placed on reducing radioactive
constituents in liquid effluents released to surface waters or soil columns to levels ALARA.
All airborne effluents from areas in which hazardous or radioactive materials are managed
other than in closed containers should be exhausted through a ventilation system designed to
remove particulate material, vapors, and gases, as necessary, to comply with applicable
release requirements and to reduce releases of radioactive materials to levels ALARA. The
design of airborne-effluent systems should preclude holdup of particulate materials in offgas
and ventilation ductwork and include provisions to continuously monitor buildup of material
and material recovery. The design of systems shall also preclude the accumulation of
potentially flammable quantities of gases generated by radiolysis or chemical reactions within
process equipment.
The design capacity for effluent monitoring and control systems shall be consistent with the
needs for handling process effluents during normal operations, anticipated operational
occurrences, and DBA conditions. Alarms shall be provided that will annunciate in the event
concentrations of radioactive or hazardous materials above specified limits are detected in the
effluent stream. Appropriate manual or automatic protective features shall be provided to
prevent an uncontrolled release of radioactive and/or hazardous material to the environment or
the workplace. Portions of effluent management systems and components that are required to
control or limit the release of radioactive or hazardous materials to the environment or for
safe operation of the system shall be provided with redundancy where required by applicable
federal, state, and local environmental regulations and permits. Effluent monitoring and
control systems shall be designed to allow periodic maintenance, inspection, and testing of
components and to maintain occupational radiation doses ALARA during these operations.
Appropriate nuclear criticality safety provisions shall be applied to the design of airborne
effluent systems. This includes design to preclude the holdup or collection of fissile material
and other material capable of sustaining a chain reaction in portions of the system not
geometrically favorable and design to ease of recovery of these materials in case of an
accident as well as during normal operations.
The design of safety SSCs, as identified in the facility-specific safety analysis, shall comply
with the requirements of Section 5.0 of this IG. Safety-class effluent monitoring and control
SSCs are generally designed to operate in conjunction with physical barriers to form a
confinement system to limit the release of radioactive or other hazardous material to the
environment and to prevent or minimize the spread of contamination within the facility.
Adequate instrumentation and controls shall be provided to assess system performance and to
allow the necessary control of system operation. Equipment in safety-class systems shall be
appropriately qualified or protected to ensure reliable operation during normal operating
conditions, during anticipated operational occurrences, and during and following a design
basis earthquake. Safety-class air filtration units, effluent transport systems, or effluent
collection systems shall be designed to remain functional throughout DBAs and to retain
collected radioactive and hazardous materials after the accident.
4.5 Waste Management
4.5.1 Applicability
This section applies to any DOE facility that under normal operating conditions produces
containers of wastes having constituents that are regulated as radioactive, hazardous, or mixed
waste.
The design of waste management systems shall be in accordance with the requirements of
DOE 5820.2B and the federal, state, and local requirements referenced therein.
Unless it can be demonstrated that the risk is acceptable, waste management and storage
systems and associated support systems should be designed to remain functional following a
DBA and should facilitate the maintenance of a safe shutdown condition. For high-level
waste containment systems, at least one confinement barrier should be designed to withstand
the effects of DBAs.
4.6 Fire Protection
4.6.1 General Application
Facility design shall comply with the applicable fire protection requirements contained in
DOE 420.1, Section 4.2, "Fire Protection," DOE 470, "Worker Protection Management," and
their companion document "Implementation Guide for Use with DOE Order 420 and 470 Fire
Safety Program."
4.6.2 Fire Hazard Analysis
A fire hazard analysis (FHA) shall be prepared for each DOE facility in accordance with
DOE 420.1, Section 4.2, and should be initiated early in the design process and closely
coordinated with the safety analysis effort as discussed in Section 2.1, "Design Process and
Safety Analysis Relationship," of this IG.
4.7 Emergency Preparedness and Emergency Communications
4.7.1 Conditions that Initiate Requirements of this Section
This section applies to any DOE facility that must respond to internal or external emergency
events to control acute exposures to radiation in excess of the annual exposure limits or to
hazardous materials in excess of Permissible Exposure Limits (PELs), or to preclude multiple
fatalities.
4.7.2 Primary Applicable Requirements
Provisions for emergency preparedness are contained in the requirements of DOE 5500.3A,
which address installation of an Emergency Operations Center (EOC). Primary and backup
means of communications with the EOC, provisions for evacuation and accountability; and
adequate equipment and supplies for emergency response personnel to carry out their
respective duties and responsibilities related to nonreactor nuclear facility shall be provided in
the facility design consistent with DOE 5500.3A.
4.7.3 General Application
Emergency evacuation annunciation systems shall conform with ANSI/ANS N2.3. General
communication system installation requirements shall be per NFPA 72, Section 3-12, which
describes the minimum requirements for transmission of alarm conditions to building
occupants, and Sections 6-3 and 6-4, which include minimum requirements for audibility
above background noise and the use of visual signals, including minimum light intensities.
For facilities handling dispersible materials, meteorological data necessary to control
consequences from an emergency event should be obtained from either the nearest U.S.
Geological Survey (USGS) or local (onsite) meteorological stations.
4.8 Explosives Criteria
The design and construction of all new DOE explosives facilities and modifications to
existing explosives facilities shall conform to the DOE explosives safety requirements
established in the "DOE Explosives Safety Manual," DOE M 440.1-1. Facility structural
design and construction shall comply with the requirements of TM5-1300 (DoD), "Structures
to Resist the Effects of Accidental Explosions," and DOE/TIC-11268, "A Manual for the
Prediction of Blast and Fragment Loading of Structures." Blast resistant design for personnel
and facility protection shall be based on the TNT equivalency of the maximum quantity of
explosives and propellants permitted. In accordance with TM5-1300, the TNT equivalency
shall be increased by 20% for design purposes.
The technical basis for establishing explosives quantity-distance separation for facility
location, design, and operation (under normal and potential DBA conditions) shall follow the
stricter of the criteria provided in DoD 6055.9-STD, "Department of Defense Ammunition
and Explosives Safety Standards." DoD 6055.9 specifies the minimum distance for protection
from hazardous fragments to facility boundaries, critical facility, and inhabited structures
unless it can be shown that there will be no hazardous fragments or debris at lesser distances.
The method of calculation presented in the DoD Explosive Safety Board (DoDESB) Technical
Paper No. 13 may be used to establish a smaller fragment exclusion zone. It is not intended
that these minimum fragment distances be applied to operating facilities or dedicated support
functions within an operating line. The criteria presented in DOE M 440.1-1 shall apply for
these exposures.
For an unproven facility design, either a validated model or a full-scale test is required to
ensure structural adequacy unless a high degree of confidence can be provided by calculations
or other means. The contract administrator (Head of Field Organization) with the advice of
competent engineering review shall concur in any determination regarding test requirements.
When an explosives facility is also a nonreactor nuclear facility, the requirements for
nonreactor nuclear facilities shall also apply
5.0 Supplementary Design Criteria for Safety Structures, Systems,
and Components
This section provides supplementary guidance for the design and construction of safety SSCs
to ensure reliable performance of their safety function under those conditions and events for
which they are intended. Design methods and criteria commonly used to ensure required
availability are discussed in Section 5.1, "General Requirements," of this IG. Discipline-
specific consensus codes and standards (e.g., electrical, mechanical, and structural) are
presented in Section 5.2, "Specific Criteria," of this IG. These design methods, design
criteria, and consensus codes and standards are the minimum set of requirements that shall be
applied when designing safety SSCs.
5.1 General Requirements
Safety SSCs and their associated support systems shall be designed, fabricated, erected, and
tested to standards and quality requirements commensurate with their importance to safety.
An acceptable level of assurance that the safety SSCs will perform their intended safety
function can be achieved by meeting the requirements contained within the following sections.
5.1.1 Assurance of Safety Function
Safety SSCs shall be designed to reliably perform their safety function under those conditions
and events for which their safety function is intended. The following subsections shall be
applied to the design of safety SSCs to most effectively enhance system availability and
provide for robust design. Further design guidance can be found in IAEA Standard No. 50-P-
1 and ANSI/IEEE 603.
5.1.1.1 Conservative Design Features
Safety SSCs shall be designed to withstand all design basis loadings with an appropriate
margin of safety. The design should incorporate, commensurate with the importance of the
safety function, multiple levels of protection against normal, anticipated, and accident
conditions. For example, while built-in process controls may maintain pressure within a
conservative limit, the design may also require provisions for relief valves, automatic
shutdown capability, or other preventative features.
The design of safety-class SSCs shall incorporate suitably conservative criteria contained in
applicable DOE Orders and Standards addressing safety functions, e.g., natural phenomena
design mitigation.
5.1.1.2 Design Against Single Point Failure
The facility and its systems shall be designed to perform all safety functions with the
reliability indicated by the safety analysis. The single-point failure criterion, requirements,
and design analysis identified in ANSI/IEEE 379 shall be applied during the design process as
the primary method of achieving this reliability.
5.1.1.3 Environmental Qualification
Environmental qualification (EQ) shall be used to ensure that safety-class SSCs can perform
all safety functions, as determined by the safety analysis, with no failure mechanism that
could lead to common cause failures under postulated service conditions. The requirements
from ANSI/IEEE 323 for mild EQ shall be used unless the environment in which the SSC is
located changes significantly as a result of the design basis accidents. In general,
qualification for mild environments should consist of two elements:
Ensuring that all equipment is selected for application to the specific service
conditions based on sound engineering practices and manufacturers' recommendations.
Ensuring that the system documentation includes controls that will preserve the
relationship between equipment application and service conditions.
5.1.1.4 Safe Failure Modes
The facility design shall provide reliable safe conditions and sufficient confinement of
hazardous material during and after all DBAs. At both the facility and SSC level, the design
shall ensure that more probable modes of failure (e.g., fail to open versus fail to close) will
increase the likelihood of a safe condition.
5.1.2 Support System and Interface Design
Safety SSCs often rely upon other SSCs to support their operation. Therefore, it is important
to identify these support systems and the associated interfaces between safety and nonsafety
SSCs. The following subsections address the design considerations for these related systems.
5.1.2.1 Support Systems
In some cases, safety SSCs rely upon supporting SSCs to perform their intended safety
function. These support SSCs may be classified as safety-class or safety-significant SSCs.
For example, a safety-class designation may be appropriate for an instrumentation and control
(I&C) system that supports a tritium containment system if it can be demonstrated that failure
of the I&C support system can lead to either failure or reduced availability of the safety-class
containment barrier. In general, the following classification criteria apply:
Support SSCs to safety-class SSCs shall be classified as safety class if their failures
can prevent a safety-class SSC from performing its safety functions.
Support SSCs to safety-significant SSCs that mitigate or prevent accidents with the
potential for significant onsite consequences should be classified as safety-significant if
their failures prevent a safety-significant SSC from performing its safety functions.
Support SSCs to safety-significant SSCs that mitigate or prevent accidents with the
potential for significant localized consequences need not be classified as safety
significant.
5.1.2.2 Interface Design
A nuclear safety design goal is to minimize interfaces between safety-class, safety-significant,
and nonsafety SSCs. Ideally, safety SSCs should not have any interfaces; however, this is not
always practical. Interfaces, such as pressure retention boundaries, integrity of fluid systems,
electrical equipment, I&C, and mechanical and support systems, exist between safety SSCs
and between safety SSCs and nonsafety SSCs. These interfaces shall be evaluated to identify
SSC failures that would prevent the safety SSCs from performing their intended safety
function. For these SSC failures, isolation devices, interface barriers, or design class upgrades
should be provided to ensure safety SSC protection and reliability. In many cases, systems
may consist of a group of subsystems, where each subsystem supports the operation of the
whole system. For example, an auxiliary power diesel generator system may consist of
lubricating oil, fuel oil, diesel engine, jacket cooling, and room ventilation subsystems.
System interface evaluations should clearly define these boundaries. In all instances, a case-
by-case evaluation should be performed.
5.1.3 Quality Assurance
The QA requirements for the design, fabrication, construction, and modification of safety
SSCs are developed using the facility safety analysis. At the earliest stages of the design, a
hazard analysis, which identifies the functional requirements of safety SSCs, should be used
as a basis for determining appropriate QA requirements.
As the design progresses, more detailed safety analyses will be performed to develop the
basis for safety SSCs performance requirements. Once the safety SSCs and their performance
requirements are identified, a set of detailed QA requirements can then be specified. As part
of the safety analysis, a list of all safety-class SSCs shall be prepared and maintained for the
life of the project through decommissioning. This listing shall identify the functions,
performance
requirements, and natural phenomena design requirements for each safety-class SSC and the
associated QA requirements. These detailed component-specific requirements are typically
contained in consensus codes and standards (e.g., ANSI/IEEE). A similar listing of all safety-
significant SSCs should also be prepared.
In most cases, components used in DOE nonreactor nuclear facilities will be "off the shelf,"
i.e., they will not be subjected to the rigorous Nuclear Quality Assurance (NQA)-1-based
requirements for "nuclear-grade" components. Therefore, safety SSC quality standards can
either be design based or achieved through testing, vendor control, and inspection. However,
the requirements of 10 CFR 830.120 still apply to safety SSCs.
5.2 Specific Criteria
The application of design criteria to safety SSCs entails the selection of appropriate and
relevant criteria commensurate with the levels of safety. A purely prescriptive approach to
the use of national codes and standards may fail to provide the appropriate level of safety.
While national codes and standards will provide guidance and the basic design criteria for
most systems, blanket application of such individual codes and standards or collections
thereof is not necessary. It is necessary to tailor selections of codes and standards for each
specific application based on the required safety function.
Note that the safety analysis conducted in accordance with DOE-STD-3009-94 that results in
a particular safety classification is also the same analysis used to identify and define design
criteria. Safety analyses identify the functions that must be performed and the conditions
under which these functions must perform. These analyses will then result in both the
functional safety classification and the identification of the appropriate and relevant criteria to
ensure the prescribed safety functions can be performed.
Categorization and listing of design codes and standards as a portion of the design criteria
process are performed to ensure that a correct and appropriate level of engineering design
detail and attention are used for each safety classification. The intent is to specify the design
codes and standards that will ensure that each safety SSC will perform its required safety
function, including due consideration of the intangible areas of influence.
The national codes and standards listed in the following sections provide guidance on the
minimum aggregation of codes, standards, and standard practices that should be considered in
identifying the design criteria and other considerations for each specific SSC commensurate
with its function. Additional design criteria may be applied as necessary to perform the
safety function.
Specific design criteria for safety SSCs often relate to a confinement function. Generally,
three confinement systems are used to achieve the complete confinement system objective.
The terms confinement and confinement barriers used in the following sections are used in
the context of the three types of confinement: primary, secondary, and tertiary, as defined in
the Glossary.
5.2.1 Structural
Structures classified as safety class or safety significant normally provide a passive
confinement barrier and do not require redundancy in their design. The design of safety-
significant and safety-class structures shall ensure satisfaction of the functional requirements
for the specific confinement system of which they are a part. In addition, safety-class
confinement barriers shall be designed to withstand likely secondary events as well as primary
events with an appropriate margin of safety. Potential secondary events might be fire,
explosion, or nuclear criticality caused by the primary event. Likely secondary events are
those with a probability greater than 0.1, given the primary event. See Table 5-1 for the
relevant codes and refer to Section 4.4 of DOE 420.1 and Section 3.3 of this IG for additional
NPH design guidance information.
Table 5-1. Codes for safety-significant and safety-class structures.
5.2.2 Mechanical
Mechanical equipment classified as safety significant or safety class provides both passive and
active safety functions. The redundancy criteria as described in Section 5.1.1.2 of this IG
shall be applied to the design of safety-class SSCs that provide an active safety function. The
redundancy criteria should be considered in the design of safety-significant SSCs that provide
an active safety function. Redundancy criteria are generally not applied to the design of
safety SSCs that provide a passive safety function.
5.2.2.1 Ventilation
In general, the safety function of ventilation and offgas systems is to provide confinement
integrity and to filter exhaust, thereby preventing or mitigating uncontrolled releases of
radioactive and/or hazardous materials to the environment. Ventilation and offgas systems are
included as a vital part of the primary and secondary confinement design. The need for
redundancy and the degree of redundancy in these systems shall be determined by the safety
analysis process and maintenance concerns for both active and passive components. Designs
shall provide for periodic maintenance, inspection, and testing of components. Adequate
shielding shall be included in the design of filters, absorbers, scrubbers, and other air
treatment components to ensure that occupational exposure limits are not exceeded during
maintenance and inspection activities.
Safety-significant and safety-class ventilation system designs shall include adequate
instrumentation to monitor and assess performance with necessary alarms for annunciation of
abnormal or unacceptable operation. Manual or automatic protective control features shall be
provided to prevent or mitigate an uncontrolled release of radioactive and/or hazardous
material to the environment and to minimize the spread of contamination within the facility.
Vent streams potentially containing significant concentrations of radioactive and/or hazardous
materials shall be processed through an offgas cleanup system before being exhausted to the
environment. Cleanup systems are to remove particulates and noxious chemicals and control
the release of gaseous radionuclides. The design of safety-significant and safety-class offgas
systems shall be commensurate with the sources and characteristics of the radioactive and
chemical components of the offgas air stream to prevent or mitigate the uncontrolled releases
of radioactive and/or hazardous materials to the environment. See Table 5-2 for the relevant
codes.
Table 5-2. Codes for safety-significant and safety-class ventilation system components.
5.2.2.2 Process Equipment
The usual safety function of process equipment is to provide primary confinement and prevent
or mitigate radioactive and/or hazardous material releases to the environment. Process
equipment that would be required to provide primary confinement includes the following:
piping, tanks, pressure vessels, pumps, valves, and glove boxes. These examples represent
process system components that could be used to contain radioactive or toxic materials
directly. Process equipment for some applications can provide secondary confinement.
Examples include double-walled piping systems, double-walled tanks, and glove boxes.
Safety-class and safety-significant process equipment providing passive confinement (piping,
tanks, holding vessels, etc.) shall be designed to suitably conservative criteria; redundancy in
their design is not required. The redundancy criteria as described in Section 5.1.1.2 of this IG
shall be applied to the design of safety-class SSCs that involve active confinement process
equipment (pumps, valves, etc.). The redundancy criteria should be considered in the design
of safety-significant SSCs that involve active confinement process equipment. See Table 5-3
for the relevant codes.
Table 5-3. Codes for safety-significant and safety-class process equipment.
5.2.2.3 Mechanical Handling Equipment
Safety-significant and safety-class handling equipment (cranes, manipulators, etc.) will only
be classified as such if their failure would create a radiological material release exceeding the
guidelines for either classification. The safety-significant classification, as a defense-in-depth
provision, will be the more common classification for remote material handling equipment.
Failure modes for mechanical handling equipment used to move radioactive materials shall
address mid-operational failures, and designs must include recovery methods for such
occurrences. Designs shall accommodate periodic maintenance and inspection. See Table 5-4
for the relevant codes.
Table 5-4. Codes for safety-significant and safety-class handling equipment.
5.2.3 Electrical
The safety function of an electrical power system is to provide power to systems and
components that require electrical power in order to perform their safety functions. A safety-
significant or safety-class electrical power system is defined as the system or component that
provides actuation or motive force to safety equipment. These systems consist of onsite ac/dc
power supply systems and associated distribution systems and components (e.g., conduits,
wiring, cable trays, etc.).
Safety-class electrical power shall be designed against single-point failure in accordance with
the criteria in Section 5.1.1.2 of this IG. Redundancy requirements for electrical systems
pertain to normal and alternative power sources and should be analyzed on a case-by-case
basis. For safety-significant systems, redundancy is not required if it can be shown that there
is sufficient response time to provide an alternative source of electrical power.
Environmental capability of safety-class electrical equipment shall be demonstrated by testing,
analysis, and operating experience, or a combination of these methods in accordance with
Section 5.1.3 of this IG.
For the commercial nuclear industry, a multitude of ANSI/Institute of Electrical and
Electronic Engineers (IEEE) Standards define the requirements for the manufacture,
installation, and testing of reactor Safety Class 1E electrical systems and components. The
Safety Class 1E requirements may not be directly applicable to the safety-class category
defined for nonreactor nuclear facilities. These standards, however, contain useful and
significant information that should be considered. Table 5-5 lists a minimal set of national
codes and standards that should be addressed for safety-significant and safety-class electrical
systems, keeping in perspective the applicable use of ANSI/IEEE Standards for Safety Class
1E components. Table 5-6 presents a list of ANSI/IEEE standards that can be used for
guidance in specific applications. Before using these standards, their applicability to the
design(s) being considered should be reviewed.
Table 5-5. Codes for safety-significant and safety-class electrical systems.
Table 5-6. ANSI/IEEE standards to be used as guidance for both safety-significant and safety-
class electrical systems as approp
5.2.4 Instrumentation, Control, and Alarm Systems
The safety functions of instrumentation, control, and alarm systems are to provide information
on out-of-tolerance conditions/abnormal conditions; ensure the capability for manual or
automatic actuation of safety systems and components; ensure safety systems have the means
to achieve and maintain a fail-safe shutdown condition on demand under normal or abnormal
conditions; and/or actuate alarms to reduce public or site-personnel risk (e.g., effluent
monitoring components and systems).
The design of safety-class and safety-significant instrumentation and control systems shall
incorporate sufficient independence, redundancy, diversity, and separation to ensure that all
safety-related functions associated with such equipment can be performed under postulated
accident conditions as identified in the safety analysis. Safety-significant components should
be evaluated as to the need for redundancy on a case-by-case basis. Under all circumstances,
safety-class instrumentation, controls, and alarms shall be designed so that failure of nonsafety
equipment will not prevent the former from performing their safety functions.
Safety-significant and safety-class instrumentation, control, and alarm-system designs shall
ensure accessibility for inspection, maintenance, calibration, repair, or replacement.
Safety-class instrumentation, control, and alarm systems shall provide the operators sufficient
time, information, and control capabilities to perform the following safety functions:
Readily determine the status of critical facility parameters to ensure compliance with
the limits specified in the Technical Safety Requirements.
Initiate automatic or manual safety functions.
Determine the status of safety systems required to ensure proper mitigation of the
consequences of postulated accident conditions and/or to safely shut down the facility.
ANSI/IEEE standards contain design, installation, and testing requirements that should be
considered for instrumentation, control, and alarm components without invoking all of the
Safety Class 1E requirements. See Table 5-7 for the relevant codes.
Table 5-7. Codes for safety-significant and safety-class instrumentation, control, and alarm
components.
Appendix A
References
Code of Federal Regulations
10 CFR 50.20, "Definitions," Code of Federal Regulations, Department of Energy,
Washington, DC, 1994.
10 CFR 830.120, "Quality Assurance," Code of Federal Regulations, Department of Energy,
Washington, DC, 1994.
"Implementation Guide For Use with 10 CFR 830.120, G-830.120," Code of Federal
Regulations, Department of Energy, Washington, DC, April 15, 1994.
10 CFR 834, "Radiation Protection of Public and the Environment" (Proposed Rule), Federal
Register, March 25, 1993.
10 CFR 835, "Occupational Radiation Protection," Code of Federal Regulations, Department
of Energy, Washington, DC, 1994.
29 CFR 1910, "Occupational Safety and Health Standards," Subpart G, Occupational Health
and Environmental Control; Subpart H, Hazardous Materials; and Subpart Z, Toxic
and Hazardous Substances, Code of Federal Regulations, Occupational Safety and
Health Administration, Department of Labor, Washington, DC, 1994.
29 CFR 1910.134, "Respiratory Protection," Code of Federal Regulations, Occupational
Safety and Health Administration, Department of Labor, Washington, DC, 1994.
29 CFR 1926, "Safety and Health Regulations for Construction," Occupational Safety and
Health Administration, Department of Labor, Washington, DC, 1994.
American Conference of Governmental Industrial Hygienists
ACGIH (1995), "Industrial Ventilation: A Manual of Recommended Practices," American
Conference of Governmental Industrial Hygienists, Cincinnati, OH, 1995.
American National Standards Institute/American Concrete Institute
ACI-318, "Building Code Requirements for Reinforced Concrete with Commentary,"
American Concrete Institute, Detroit, MI, 1992.
ANSI/ACI 349-85, "Code Requirements for Nuclear Safety Related Concrete Structures (ACI
349-85) and Commentary (ACI 349R-85)," American National Standards Institute,
New York, NY, 1985.
American National Standards Institute/American Institute of Steel Construction
AISC M011, "Manual of Steel Construction Allowable Stress Design," Chicago, IL, latest
edition.
ANSI/AISC N690-1994, "Specifications for the Design, Fabrication, and Erection of Steel
Safety Related Structures for Nuclear Facilities," American National Standards
Institute, New York, NY, 1994.
American National Standards Institute/American Nuclear Society
ANSI C2-1993, "National Electrical Safety Code," American National Standards Institute,
New York, NY, 1993.
ANSI N14.6-1993, "Radioactive Materials-Special Lifting Devices for Shipping Containers
Weighing 10,000 Pounds (4500 kg) or More," American National Standards Institute,
New York, 1993.
ANSI N43.2, "Radiation Safety for X-ray Diffraction and Fluorescence Analysis Equipment,"
American National Standards Institute, New York, NY, 1988.
ANSI N278.1-1975, "Self-operated and Power-Operated Safety Related Valves Functional
Specification Standard," American National Standards Institute, New York, NY, 1975.
ANSI N320-1979 (R1993), "Performance Specifications for Reactor Emergency Radiological
Monitoring Instrumentation," American National Standards Institute, New York, NY,
1993.
ANSI N323-1978 (R1993), "Radiation Protection Instrumentation Test and Calibration,"
American National Standards Institute, New York, NY, 1978, reissued 1993.
ANSI Z9.2, "Fundamentals Governing the Design and Operation of Local Exhaust Systems,"
American National Standards Institute, New York, NY, 1979.
ANSI Z124.2, "Plastic Shower Receptors and Shower Stalls," American National Standards
Institute, New York, NY, 1987.
ANSI Z358. 1, "Emergency Eyewash and Shower Equipment," American National Standards
Institute, New York, NY, 1990.
ANS 11.16, "Design Guides for Radioactive Material Handling Facilities and Equipment,"
American Nuclear Society, La Grange Park, IL, 1988.
ANSI/ANS 6.4.2, "Specification for Radiation Shielding Materials," American Nuclear
Society, La Grange Park, IL, 1985.
ANSI/ANS 8.3, "Criticality Accident Alarm Systems," American Nuclear Society, La Grange
Park, IL, 1986.
ANSI/ANS 59.2-1985, "Safety Criteria for Nuclear Power Plants-HVAC Systems Located
Outside Primary Containment," American National Standards Institute, New York, NY,
1985.
ANSI/ANS N2.3, "Immediate Evacuation Signal for Use in Industrial Installations," American
Nuclear Society, La Grange Park, IL, 1979.
ANSI/ANS N13.1, "Guide to Sampling Airborne Radioactive Materials in Nuclear Facilities,"
American National Standards Institute, New York, NY, 1993.
ANSI/ANS N42.18, "Specification and Performance of On-Site Instrumentation for
Continuously Monitoring Radioactivity in Effluents," American National Standards
Institute, New York, NY, revised 1991.
American National Standards Institute/American Petroleum Institute
ANSI/API-620-1992, "Rules for Design and Construction of Large, Welded, Low-Pressure
Storage Tanks," American Petroleum Institute, Washington, DC, 1992.
ANSI/API-650-1992, "Welded Steel Tanks for Oil Storage," American Petroleum Institute,
Washington, DC, 1992.
American National Standards Institute/American Society of Mechanical
Engineers
ASME, "Boiler and Pressure Vessel Code," American Society of Mechanical Engineers,
Fairfield, NJ.
ANSI/ASME B16.5-1988, "Pipe Flanges and Flanged Fittings (includes revision service),"
American Society of Mechanical Engineers, New York, NY, 1988.
ANSI/ASME B30.2-1990, "Overhead and Gantry Cranes," American National Standards
Institute, New York, NY, 1990.
ANSI/ASME B31.3-1993, "Chemical Plant and Petroleum Refinery Piping," American
Society of Mechanical Engineers, New York, NY, 1993.
ANSI/ASME B73.1M-1991, "Specifications for Horizontal End Suction Centrifugal Pumps for
Chemical Process," American National Standards Institute, New York, NY, 1991.
ANSI/ASME B73.2M-1991, "Specifications for Vertical In-Line Centrifugal Pumps for
Chemical Process," American National Standards Institute, New York, NY, 1991.
ANSI/ASME B96.1-1993, "Welded Aluminum-Alloy Storage Tanks," American National
Standards Institute, New York, NY, 1993.
ANSI/ASME N509, "Nuclear Power Plant Air-Cleaning Units and Components," American
Society of Mechanical Engineers, New York, NY, 1989.
ANSI/ASME N510, "Testing of Nuclear Air-Cleaning Systems," American Society of
Mechanical Engineers, New York, NY, 1989.
ANSI/ASME NOG-1-1989, "Rules for Construction of Overhead and Gantry Cranes (Top
Running Bridge, Multiple Girder)," American National Standards Institute, New York,
NY, 1989.
American National Standards Institute/American Society for Testing and
Materials
ANSI/ASTM C852, "Guide for Design Criteria for Plutonium Gloveboxes," American Society
for Testing and Materials, Philadelphia, PA, 1993.
American National Standards Institute/Institute of Electrical and Electronic
Engineers
ANSI/IEEE C37, American National Standards Institute, New York, NY (standards on
switchgear as required).
ANSI/IEEE 80-1986 (R1991) "Safety in AC Substation Grounding," American National
Standards Institute, New York, NY, 1986, reissued 1991.
ANSI/IEEE 141-1993, "Recommended Practice for Electric Power Distribution for Industrial
Plants (Red Book)," American National Standards Institute, New York, NY, 1993.
ANSI/IEEE 142-1991, "Grounding of Industrial and Commercial Power Systems," American
National Standards Institute, New York, NY, 1991.
ANSI/IEEE 242-1986 (R1991), "Recommended Practice for Protection and Coordination of
Industrial and Commercial Power Systems," American National Standards Institute,
New York, NY, 1986, reissued 1991.
ANSI/IEEE 308-1992, "Criteria for Class 1E Power Systems for Nuclear Power Generating
Stations," American National Standards Institute, New York, NY, 1992.
ANSI/IEEE 323-1984 (R1991), Qualifying Class 1E Equipment for Nuclear Power Generating
Stations," American National Standards Institute, New York, NY, 1984, reissued 1991.
ANSI/IEEE 334-1994, "Standard for Qualifying Continuous Duty Class 1E Motors for
Nuclear Power Generating Stations," American National Standards Institute, New
York, NY, 1994.
ANSI/IEEE 336-1985 (R1991), Installation, Inspection, and Testing Requirements for Power
Instrumentation and Control Equipment at Nuclear Facilities," American National
Standards Institute, New York, NY, 1985, reissued 1991.
ANSI/IEEE 338-1987 (R1994), "Criteria for the Periodic Surveillance Testing of Nuclear
Power Generating Station Safety Systems," American National Standards Institute,
New York, NY, 1987, reissued 1994.
ANSI/IEEE 344-1987 (R1993), "Recommended Practice for Seismic Qualification of Class 1E
Equipment for Nuclear Power Generating Stations," American National Standards
Institute, New York, NY, 1987 reissued 1993.
ANSI/IEEE 379-1994, "Application of the Single-Failure Criterion to Nuclear Power
Generating Station Safety Systems," American National Standards Institute, New York,
NY, 1994.
ANSI/IEEE 381-1977 (R1984), "Standard Criteria for Type Tests of Class 1E Modules Used
in Nuclear Power Generating Stations," Institute of Electrical and Electronic
Engineers, New York, NY, 1977, reissued 1984 and now withdrawn.
ANSI/IEEE 382-1985, "Qualification of Actuators for Power-Operated Valve Assemblies with
Safety-Related Functions for Nuclear Power Plants," American National Standards
Institute, New York, NY, 1985.
ANSI/IEEE 383-1974 (R1992), "Type Test of Class 1E Electric Cables, Field Splices, and
Connections for Nuclear Power Generating Stations," American National Standards
Institute, New York, NY, 1974, reissued 1992.
ANSI/IEEE 384-1992, "Criteria for Independence of Class 1E Equipment and Circuits,"
American National Standards Institute, New York, NY, 1992.
ANSI/IEEE 399-1990, "Recommended Practice for Power Systems, Analysis (IEEE Brown
Book)," American National Standards Institute, New York, NY, 1990.
ANSI/IEEE 420-1982, "Standard for the Design and Qualification of Class 1E Control
Boards, Panels, and Racks Used in Nuclear Power Generating Stations," Institute of
Electrical and Electronic Engineers, New York, NY, 1982.
ANSI/IEEE 450-1987, "Practice for Maintenance, Testing, and Replacement of Large Lead
Storage Batteries for Generating Stations and Substations," American National
Standards Institute, New York, NY, 1987.
ANSI/IEEE 484-1987, "Practice for Installation Design and Installation of Large Lead Storage
Batteries for Generating Stations and Substations," American National Standards
Institute, New York, NY, 1987.
ANSI/IEEE 493-1990, Recommended Practice for Design of Reliable Industrial and
Commercial Power Systems (IEEE Gold Book)," American National Standards
Institute, New York, NY, 1990.
ANSI/IEEE 535-1986 (R1994), "Qualification of Class 1E Lead Storage Batteries for Nuclear
Power Generating Stations," American National Standards Institute, New York, NY,
1986, reissued 1994.
ANSI/IEEE 577-1976 (R1993), "Requirements for Reliability Analysis in the Design and
Operation of Safety Systems for Nuclear Power Generating Stations," American
National Standards Institute, New York, NY, 1976, reissued 1993.
ANSI/IEEE 603-1991, "Criteria for Safety Systems for Nuclear Power Generating Stations,"
American National Standards Institute, New York, NY, 1991.
ANSI/IEEE 628-1987 (R1993), "Criteria for the Design, Installation, and Qualification of
Raceway Systems for Class 1E Circuits for Nuclear Power Generating Stations,"
American National Standards Institute, New York, NY, 1987, reissued 1993.
ANSI/IEEE 649-1992, Qualifying Class 1E Motor Control Centers for Nuclear Power
Generating Stations," American National Standards Institute, New York, NY, 1992.
ANSI/IEEE 650-1991, "Qualifications of Class 1E Static Battery Chargers and Inverters for
Nuclear Power Generating Stations," American National Standards Institute, New
York, NY, 1991.
ANSI/IEEE 833-1988, "Recommended Practices for the Protection of Electric Equipment in
Nuclear Power Generating Stations from Water Hazards," American National
Standards Institute, New York, NY, 1988.
ANSI/IEEE 934-1987 (R1993), "Requirements for Replacement Parts for Class 1E Equipment
in Nuclear Power Generating Stations," American National Standards Institute, New
York, NY, 1987, reissued 1993.
ANSI/IEEE 944-1986, "Recommended Practice for the Application and Testing of
Uninterruptible Power Supplies for Power Generating Stations," American National
Standards Institute, New York, NY, 1986.
ANSI/IEEE 946-1993, "Design of Safety-Related DC Auxiliary Power Systems for Nuclear
Power Generating Stations," American National Standards Institute, New York, NY,
1993.
ANSI/IEEE 1023-1988, "Guide for the Application of Human Factors Engineering to
Systems, Equipment, and Facilities of Nuclear Power Generating Stations," American
National Standards Institute, New York, NY, 1988.
ANSI/IEEE 1050-1989, "Guide for Instrumentation and Control Equipment Grounding in
Generating Stations," American National Standards Institute, New York, NY, 1989.
American Society of Heating, Refrigerating and Air Conditioning Engineers
ASHRAE Handbook, "Fundementals" (In-Pound Edition), R.A. Parsons, Ed., American
Society of Heating, Refrigerating and Air Conditioning Engineers, Inc., Atlanta, GA,
1993.
ASHRAE Standard 52.1-1992, "Gravimetric and Dust-Spot Procedures for Testing Air
Cleaning Devices Used in General Ventilation for Removing Particulate Matter,"
American Society of Heating, Refrigerating and Air Conditioning Engineers, Inc.,
Atlanta, GA, 1992.
ASHRAE Standard 62-89, "Ventilation for Acceptable Indoor Air Quality; Including
Addendum 62A," American Society of Heating, Refrigerating and Air Conditioning
Engineers, Inc., Atlanta, GA, 1990.
American Water Works Association
AWWA D100-84, "Welded Steel Tanks for Water Storage," American Water Works
Association, Denver, CO, 1984.
American Water Works Association Standards on pumps as required, American Water Works
Association, Denver, CO.
Crane Manufacturers Association of America
CMAA, Crane Manufacturers Association of America, Charlotte, NC (standards as required).
Department of Defense
DoD 6055.9-STD, "DoD Ammunition and Explosives Safety Standards," Department of
Defense, Washington, DC, October 1992.
DoD Explosives Safety Board Technical Paper No. 13, Department of Defense, Washington,
DC.
MIL-F-51068C, Filters, Particulate [High-Efficiency Fire Resistant]," Department of Defense,
Washington, DC, August 11, 1988.
MIL-STD-1472C, "Human Engineering Design Criteria for Military Systems, Equipment, and
Facilities," Department of Defense, Washington, DC.
TM5-1300, NAVFAC P-397, AFM 88-22, "Structures to Resist the Effects of Accidental
Explosions," Departments of the Army, the Navy, and the Air Force, Chairman,
Department of Defense Explosives Safety Board, Alexandria, VA.
Department of Energy
DOE, "Reliability, Availability, and Maintainability Guidelines" (Draft), Department of
Energy, Washington, DC, March 1988.
DOE 420.1, "Facility Safety," Draft, Department of Energy, Washington, DC, April 21, 1995.
DOE 430. 1, "Life-Cycle Asset Management," Department of Energy, Washington, DC,
August 24, 1995.
DOE 470, "Worker Protection Management," Draft, Department of Energy, Washington, DC,
March 31, 1995.
Companion Document to DOE 420.1 and 470, G-420/G-470/E-0, "Implementation Guide for
Use with DOE Orders 420 and 470, Fire Safety Program," Department of Energy,
Washington, DC, September 11, 1995.
DOE 5400.1E, "General Environmental Protection Program," Department of Energy,
Washington, DC, November 10, 1992.
DOE 5480. 11, "Radiation Protection for Occupational Workers," Department of Energy,
Washington, DC, June 17, 1992.
DOE 5480.21, "Unreviewed Safety Questions," Department of Energy, Washington, DC,
December 24, 1991.
DOE 5480.23, "Nuclear Safety Analysis Reports," Change 1, Department of Energy,
Washington, DC, March 10, 1994.
DOE 5480.30, "Nuclear Reactor Safety Design Criteria," Department of Energy, Washington,
DC, January 19, 1993.
DOE 5500.3A "Planning and Preparedness for Operational Emergencies," Department of
Energy, Washington, DC, February 27, 1992.
DOE 5820.2A, "Radioactive Waste Management," Department of Energy, Washington, DC,
1988.
DOE/EH-0256T, "Radiological Control Manual," Department of Energy, Washington, DC,
April 1994.
DOE/ID-10500, "Hoisting and Rigging Manual," U.S. Department of Energy, Washington,
DC, April 1993.
DOE M 440.1-1, "DOE Explosives Safety Manual," U.S. Department of Energy, Washington,
DC, September 1995.
DOE NE STD F 3-45, "Specifications for HEPA Filters Used by DOE Contractors,"
Department of Energy, Washington, DC.
DOE-STD-1020-94, "Natural Phenomena Hazards Design and Evaluation Criteria for
Department of Energy Facilities," Department of Energy, Washington, DC, April 1994.
DOE-STD-1021-93, "Natural Phenomena Hazards Performance Categorization Guidelines for
Structures, Systems, and Components," Revision 1, Department of Energy,
Washington, DC, July 1993.
DOE-STD-1022-94, "Natural Phenomena Hazards Site Characterization Criteria," Department
of Energy, Washington, DC, 1994.
DOE-STD-1023-94, "Natural Phenomena Hazards Assessment Criteria," Department of
Energy, Washington, DC, November 1994.
DOE-STD-1024-92, "DOE Standard Guidelines for Use of Probabilistic Seismic Hazard
Curves at Department of Energy Facilities," Department of Energy, Washington, DC,
December 1992.
DOE-STD-1027-92, "Guidance on Preliminary Hazard Classification and Accident Analysis
Techniques for Compliance with DOE Order 5480.23, Safety Analysis Reports,"
Department of Energy, Washington, DC, October 1992.
DOE-STD-1075-94, "Standard for Developing and Issuing Implementation and Safety
Guides," Department of Energy, Washington, DC, July 1994.
DOE-STD-3009-94, "Preparation Guide for U.S. Department of Energy Nonreactor Nuclear
Facility Safety Analysis Reports," Department of Energy, Washington, DC, 1994.
DOE/TIC-11268, "A Manual for the Prediction of Blast and Fragment Loading of Structures,"
Department of Energy, Washington, DC, November 1980.
Electronic Industries Association
EIA/IS-632, "Systems Engineering," Electronic Industries Association Interim Standard,
Washington, DC, December 1994.
Energy Research and Development Administration
ERDA 76-21, Burchsted, C.A., "Nuclear Air Cleaning Handbook: Design, Construction, and
Testing of High-Efficiency Air-Cleaning Systems for Nuclear Application" (Oak Ridge
National Laboratory, Oak Ridge, TN), 2nd Ed., Energy Research and Development
Administration, Washington, DC, 1976.
Faust
Faust (1988), Faust, L.G., et al., "Health Physics Manual of Good Practices for Plutonium
Facilities," PNL-6534, Pacific Northwest Laboratories, Richland, WA, May 1988.
Hydraulic Institute Standards
Hydraulic Institute Standards, Cleveland, OH (standards as required).
Illuminating Engineering Society
Rea, M. S., "Lighting Handbook: Reference and Application," Illuminating Engineering
Society of North America, New York, NY, 1993.
International Atomic Energy Agency
IAEA (1981), Safety Series 30, "Manual on the Safety Aspects of the Design and Equipment
of Hot Laboratories," International Atomic Energy Agency, Vienna, Austria, 1981.
IAEA (1981), Safety Series 50-P-1, "Application of Single Failure Criterion: Safety Practice,"
International Atomic Energy Agency, Vienna, Austria, 1990.
Instrument Society of America
Instrument Society of America, Research Triangle Park, NC (standards as required).
National Council on Radiation Protection and Measurements
NCRP Report 49, "Structural Shielding Design and Evaluation for Medical Use of X Rays
and Gamma Rays of Energies Up to 10 MeV," National Council on Radiation
Protection and Measurements, Bethesda, MD, 1976.
National Environmental Policy Act,
NEPA, National Environmental Policy Act, Pub. L. 89-753, 43 U.S.C. 431 et seq.
National Fire Protection Association
NFPA 30, "Flammable and Combustible Liquids Code," National Fire Protection Association,
Quincy, MA, 1993.
NFPA 70, "National Electrical Code," National Fire Protection Association, Quincy, MA,
1993.
NFPA 72, "National Fire Alarm Code," National Fire Protection Association, Quincy, MA,
1993.
NFPA 110, "Emergency and Standby Power Systems," National Fire Protection Association,
Quincy, MA, 1993.
NFPA 780, "Lightning Protection Code," National Fire Protection Association, Quincy, MA,
1992.
Nuclear Regulatory Commission
NUREG 0700, "Guidelines for Control Room Design Reviews," Nuclear Regulatory
Commission, Washington, DC, September, 1981.
Resource Conservation and Recovery Act
RCRA, Resource Conservation and Recovery Act of 1976 (41 U.S.C.A., Sec. 6901 et seq.), as
amended.
Sheet Metal and Air Conditioning Contractors National Association
SMACNA (manuals as required), Sheet Metal and Air Conditioning Contractors National
Association, Chantilly, VA.
Tubular Exchanger Manufacturers Association
TEMA, standards on heat exchangers Classes B, C, and R, Tubular Exchanger Manufacturers
Association, Inc., White Plains, NY.
<>