[Federal Register: December 20, 2002 (Volume 67, Number 245)]
[Notices]
[Page 77963-77965]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr20de02-26]
=======================================================================
-----------------------------------------------------------------------
DEFENSE NUCLEAR FACILITIES SAFETY BOARD
[Recommendation 2002-3]
Requirements for the Design, Implementation, and Maintenance of
Administrative Controls
AGENCY: Defense Nuclear Facilities Safety Board.
ACTION: Notice, recommendation.
-----------------------------------------------------------------------
SUMMARY: The Defense Nuclear Facilities Safety Board has made a
recommendation to the Secretary of Energy pursuant to 42 U.S.C.
2286a(a)(5) concerning requirements for the design, implementation, and
maintenance of administrative controls.
DATES: Comments, data, views, or arguments concerning the
recommendation are due on or before January 21, 2003.
ADDRESSES: Send comments, data, views, or arguments concerning this
recommendation to: Defense Nuclear Facilities Safety Board, 625 Indiana
Avenue, NW., Suite 700, Washington, DC 20004-2001.
FOR FURTHER INFORMATION CONTACT: Kenneth M. Pusateri or Andrew L.
Thibadeau at the address above or telephone (202) 694-7000.
Dated: December 16, 2002.
John T. Conway,
Chairman.
Background
The implementation of an effective and reliable set of controls
is one of the most important cornerstones of safe operation at
defense nuclear facilities. In this context, the term ``control''
refers to those structures, systems, and components (SSCs) and
administrative controls that prevent or mitigate undesirable
consequences of postulated accident scenarios. The Defense Nuclear
Facilities Safety Board (Board) has
[[Page 77964]]
compiled a set of observations that are particularly relevant to the
development and implementation of administrative controls in the
Department of Energy's (DOE) defense nuclear complex. The results of
these reviews and observations are summarized in this
recommendation.
It has been well recognized that administrative controls play an
important role in establishing and maintaining overall safety of
nuclear activities. Previous technical reports issued by the Board
have underscored the need for heightened vigilance in the selection
and implementation of task-specific administrative controls, as well
as those of a more programmatic nature (e.g., criticality control
programs). In particular, in DNFSB/TECH-28, Safety Basis
Expectations for Existing Department of Energy Defense Nuclear
Facilities and Activities (October 2000), the Board observed the
need for DOE to promulgate additional guidance in this area.
However, DOE has taken little action to provide the degree of
specificity necessary to properly design, implement, and monitor the
effectiveness of important administrative controls.
Administrative controls have been defined in the DOE Nuclear
Safety Management rule as, ``* * * the provisions relating to the
organization, management, procedures, recordkeeping, assessment, and
reporting necessary to ensure safe operation of a facility.'' 10 CFR
830.3(a). In practice, however, the concept of an administrative
control is used more broadly in the context of hazard prevention and
mitigation. In this regard, an administrative control can be viewed
as an extension of a hazard control and defined accordingly. Thus
from a broader and more operational perspective, some administrative
controls should be treated similarly to engineered or design
features that are used to eliminate, limit, or mitigate potential
hazards.
DOE has promulgated guidance to assist facilities in the
classification of controls. In general, controls necessary to
prevent or mitigate significant consequences to the public are
classified as ``safety-class'' and controls which contribute
significantly to defense-in-depth or worker safety are classified as
``safety-significant.'' However, this guidance has been directed
primarily at engineered controls and has been largely silent with
respect to the functional classification of administrative controls.
The Board has observed a number of instances in which administrative
controls have been implemented in situations where a corresponding
engineered feature would warrant functional classification as either
safety-significant or safety-class. A number of defense nuclear
facilities have explicitly characterized certain administrative
controls as either safety-class or safety-significant from a
functional classification perspective in the context of existing DOE
guidance.
In addition to controls involving discrete operator actions, a
number of administrative controls are more programmatic in nature.
Examples of such programmatic controls include combustible loading
programs (associated with fire protection programs), operator
training programs, and inservice inspection programs. The Board has
observed a number of instances, similar to the examples involving
specific operator actions, in which such programmatic controls are
credited for the prevention and mitigation of specific hazard
scenarios.
Weaknesses in the Implementation of Important Administrative Controls
The Board has observed that the development and implementation
of important administrative controls have not always conformed to
the expectations and quality standards that would be applied to
corresponding safety-class engineered features. The following
examples illustrate this point:
1. During a review of the process controls for a new aqueous
recovery line for plutonium 238 (Pu-238) at Los Alamos National
Laboratory (LANL), the Board found that the facility had placed
heavy reliance on administrative controls in lieu of engineered
controls. However, LANL had not planned to incorporate many of these
administrative controls, some of which were safety-related, into
Technical Safety Requirements (TSRs) prior to the startup of the Pu-
238 recovery process. Examples include procedural controls on the
makeup of strong acids used to elute ion exchange resin and
procedural controls designed to monitor for resin dryout. Strong
acids can react violently with the ion exchange resin, and resin
dryout can also lead to energetic reactions. These concerns were
communicated to DOE in a Board letter dated April 23, 2002.
2. During a review at the Y-12 National Security Complex, the
Board noted that the fire protection program for Building 9212 B-1
Wing identified 21 administrative controls needed to protect the
facility during testing and process restart. These administrative
controls include operational considerations in the use of organic
solvents, a transient combustible control program, control of
ignition sources, and designated laydown areas for combustible
materials. The Board determined that the various administrative
controls were not always updated or modified to reflect changes in
plans or equipment, and that there were significant deficiencies in
the contractor's compliance with these controls. Most important,
there was no program providing for a periodic review to verify that
the administrative controls associated with B-1 Wing remained fully
effective. Significantly, many of these administrative controls
could be supplanted by the installation of an engineered control-a
fire suppression system. These issues were communicated to DOE in a
letter from the Board dated May 13, 2002.
3. At the Savannah River Site, the safety analysis for HB-Line
Phase 2 operations contains requirements for strict control of
combustibles in rooms 410N and 410S to protect the process tanks in
the area. The controls limit the total quantity of combustibles to
400 pounds wood equivalent and specify separation distances between
combustibles and tank supports. However, the transient combustible
control procedure did not include this portion of HB-Line,
indicating that this administrative control was not complete.
Further, a review by Westinghouse Savannah River Company (WSRC)
indicated that the quantity of combustibles in the area may actually
be as high as 5,670 pounds wood equivalent, providing sufficient
fuel to produce a high-temperature (1200[deg]C) flashover fire in
the area and boil off the tank contents. As a result, it was
determined that combustible control was no longer a viable
administrative control for this area. Instead, WSRC has implemented
an additional administrative control to limit the concentration of
plutonium in the tanks to 5.5 grams per liter to prevent
unacceptable consequences of a fire in this area. The details of
these issues were documented in a letter from the Board dated July
20, 2001.
Recommendation
The development, selection, and implementation of an effective
set of hazard controls are among the most important elements of
nuclear safety. At defense nuclear facilities, DOE has established a
priority system that favors preventive over mitigative measures, and
passive design features over active controls. The approved system
recognizes that, where necessary or practical, administrative
controls may play an important role in hazard prevention and
mitigation.
In the Board's view, the activities associated with the
development, implementation, and ongoing verification and validation
of safety-class and safety-significant administrative controls
should be conducted with the same degree of rigor and quality
assurance as that afforded engineered controls or design features
with similar safety importance. Therefore, the Board recommends the
following:
1. DOE should promulgate a set of requirements for safety-class
and safety-significant administrative controls to establish
appropriate expectations for the design, implementation, and
maintenance of these important safety controls. The requirements
should address the following at a minimum:
(a) Specific design attributes to ensure effectiveness and
reliability;
(b) Specific TSRs and limiting conditions of operation;
(c) Specific training and qualifications to ensure that the
appropriate facility operators, maintenance and engineering
personnel, plant management, and other staff properly implement each
control;
(d) Periodic reverification that each control remains effective;
and
(e) Root cause and failure analyses, similar to those required
upon failure of an engineered system.
2. DOE should ensure that all existing administrative controls
that serve the function of a safety-class or safety-significant
control are evaluated against these new requirements and upgraded as
necessary and appropriate to meet DOE's expectations.
John T. Conway,
Chairman.
[[Page 77965]]
Appendix--Transmittal Letter to the Secretary of Energy
Defense Nuclear Facilities Safety Board
December 11, 2002.
The Honorable Spencer Abraham,
Secretary of Energy, 1000 Independence Avenue, SW., Washington, DC
20585-1000.
Dear Secretary Abraham: The prevention and mitigation of
potential accidents inherent in the mission activities at defense
nuclear facilities is a fundamental objective of both the Department
of Energy (DOE) and the Defense Nuclear Facilities Safety Board
(Board). This objective requires DOE and its contractors to identify
accident scenarios and then establish effective and reliable safety
controls to address them. Engineered controls are preferred over
administrative controls because, in general, engineered controls are
considered to be more reliable and effective than administrative
controls. However, in certain applications, DOE and its contractors
have concluded that discrete operator actions or administrative
controls are required to address consequences of accidents that
would otherwise be unacceptable.
The Board agrees with DOE's overall guidance for a hierarchy of
controls and agrees that administrative controls are sometimes
appropriate to prevent or mitigate accident consequences--even those
that exceed evaluation guidelines for risk to the public. However,
the Board has identified a number of administrative safety controls,
proposed or in use, at various defense nuclear facilities that are
technically inadequate. In many cases, DOE and/or its contractors
have asserted that the methods used to establish these
administrative controls comply with existing DOE directives. After
further analysis, the Board has concluded that the DOE directives
system does not contain adequate requirements for the design,
implementation, and maintenance of important safety-related
administrative controls to ensure that they will be effective and
reliable.
As a result, the Board on December 11, 2002, unanimously
approved Recommendation 2002-3, Requirements for the Design,
Implementation, and Maintenance of Administrative Controls, which is
enclosed for your consideration. After your receipt of this
recommendation and as required by 42 U.S.C. 2286d(a), the Board will
promptly make it available to the public. The Board believes that
the recommendation contains no information that is classified or
otherwise restricted. To the extent this recommendation does not
include information restricted by DOE under the Atomic Energy Act of
1954, 42 U.S.C. 2161-68, as amended, please see that it is promptly
placed on file in your regional public reading rooms. The Board will
also publish this recommendation in the Federal Register. The Board
will evaluate the Department of Energy response to this
recommendation in accordance with Board Policy Statement 1, Criteria
for Judging the Adequacy of DOE Responses and Implementation Plans
for Board Recommendations.
Sincerely,
John T. Conway,
Chairman.
[FR Doc. 02-32033 Filed 12-19-02; 8:45 am]
BILLING CODE 3670-01-P