February 22, 2002, DNFSB letter enclosing comments on the Draft DOE Quality Assurance Improvement Plan.

[DNFSB LETTERHEAD]

February 22, 2002

The Honorable Francis S. Blake
Deputy Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585- 1000

Dear Mr. Blake:

The Defense Nuclear Facilities Safety Board (Board) and its staff have focused considerable attention during the past several years on the matter of Quality Assurance (QA) as practiced by the Department of Energy (DOE) and its contractors in the design, procurement, construction, operation, and maintenance, of items serving vital safety functions. During 2001, the Board held three public meetings on the subject that amassed considerable information. The Board also issued two technical reports, DNFSB/TECH-31, Engineering Quality into Safety Systems and DNFSB/TECH 25, Quality Assurance for Safety-Related Software at Department of Energy Facilities. These reports provided additional insight into QA issues. The objective has been to improve the QA programs of DOE and its contractors to better ensure reliability of vital safety equipment. DOE has recognized the need to upgrade its QA programs, particularly in the software area, but has been slow in formulating an action plan and devoting necessary resources to address QA problems.

The Board is aware of your assignment of Ray Hardwick to head a team to assess the status of QA activities of DOE and its contractors and to devise, for your approval, a plan to address needed improvements. The Board understands that the action assigned some time ago to Mr. Dae Chung to address the software QA issue has been merged into the Hardwick-led effort.

The Board has assigned staff to work interactively with Mr. Hardwick and his team as the planning effort proceeds. The Board's staff has been provided a draft Quality Assurance Improvement Plan, Revision 3, dated January 17, 2002. The Board has been briefed by its staff on this draft. Their observations, which the Board believes to be appropriate, are enclosed. They are offered for consideration as the planning effort continues.

The Board would like to be briefed by DOE before the plan is finalized. One of our interests is to learn whether the plan . has been resource loaded and if the resources required to meet the schedule have been allocated. The Board also is interested in understanding how this QA upgrade effort will eventually be merged with the Integrated Safety Management program to which DOE is committed. Further, configuration management of analytical software (Tool Box Codes) by some central authority, still to be designated, is one of a number of cross-cutting, safety-related activities, like criticality safety, that will require sustained funding. Funding of such activities has been a problem since they do not fit uniquely under any one Program Secretarial Officer. This is a matter that needs to be addressed.

Since this QA upgrade program has been the result of considerable Board interest and involvement, the Board wishes to be briefed quarterly on the status of QA improvements. The Board is pleased to note your personal interest and involvement with this upgrade effort.

Sincerely,

John T. Conway
Chairman

c: Mr. Ray Hardwick
Mr. Dae Chung
Mr. Mark B. Whitaker, Jr.

Enclosure

Enclosure
Comments on the Draft DOE Quality Assurance Improvement Plan

The Department of Energy (DOE), Deputy Secretary of Energy, has identified a single point of contact, Mr. Ray Hardwick, for resolution of quality assurance issues within DOE. The staff of the Defense Nuclear Facilities Safety Board (Board) has been working interactively with Mr. Hardwick and his team, and on January 23,2002, met with Mr. Hardwick to review a draft of DOE's Quality Assurance Improvement Plan, Revision 3. The plan has four major goals, which are listed below along with major comments by the Board staff:

Goal 1: Improve the implementation of existing quality assurance program requirements throughout the complex to ensure the delivery of high-quality, cost-effective products.

Comment I: Implementation of Existing Requirements--Some of the actions in the draft plan for this goal address developing and/or revising quality assurance guidance and requirements. The major focus of Goal 1 should be on improved implementation by contractors of existing requirements. Action items that involve changing guidance and requirements for DOE staff would best be included in long-range Goal 4.

Comment 2: Ongoing Work--The draft plan does not acknowledge ongoing actions being taken by the contractors to improve the implementation of existing quality assurance requirements. The plan ought to complement and support the ongoing work, with care being taken not to disrupt that work. Based on recent quality assurance assessments and known quality assurance problems, DOE could make a list of the needed quality improvements for specific contractors and DOE field offices, and then determine which contractors and field offices have implemented, partially implemented, or not implemented those improvements. This list would reveal areas that need immediate corrective actions.

Comment 3: Quality Assurance Guide--The DOE-wide Quality Assurance Guide should include the best practices for determining the safety classification of products and software, and the quality assurance requirements that need to be applied to the different safety classifications.

Goal 2: Integrate quality assurance programs with Federal and contractor safety management systems.

Comment 4: Integration with Federal Safety Management--The action items under Goal 2 start with a review and revision of policy and guidance on the integration of Integrated Safety Management (ISM) descriptions and quality assurance program plans. However, the requirement to integrate quality assurance plans and safety management systems already exists in the DOE Nuclear Safety Rule, 10 CFR Part 830. The actions of Goal 2 ought to focus on the Function, Responsibilities and Authorities Manual, in order to clearly identify Federal responsibilities for overseeing the contractors' quality assurance programs.

Comment 5: Integration with Contractor Safety Management--The plan does not acknowledge the work of, or propose integration with, the Energy Facility Contractors Group (EFCOG). A special EFCOG task group has been formed to help improve the incorporation of quality assurance requirements into overall ISM programs. Responsibility for this task group has been assigned to the Chair of the ISM Working Group. The plan should address coordination with EFCOG.

Comment 6: Review of Contracts--The plan requires a review of contracts to determine if additional guidance for Contracting Officers is necessary. Experience to date has indicated that quality assurance problems are not associated with contract requirements or guidance for Contracting Officers, but rather are associated with the lack of effective implementation of existing contract requirements. The need to conduct a review of contracts should be reassessed.

Goal 3: Establish and implement a Software Quality Assurance (SQA) program to ensure the validity and reliability of the software used to support safety analyses and safety-related instrumentation and control software.

Comment 7: Application of Software Quality Assurance Improvements--The scope of the proposed SQA corrective actions under Goal 3 does not encompass all classes of software "important to safety" to ensure that all software is evaluated for its potential to affect safety. The proposed approach also should address more thoroughly the roles and responsibilities for software quality.

Comment 8: Detailed Guidance on Software Quality Assurance--The proposed SQA program could benefit from some of the procedures currently in place at the Savannah River Site, which implement many of the desirable attributes of an effective SQA program. The SQA corrective actions under Goal 3 should also include actions to develop guidance currently lacking in the directives system. Examples are gradation of requirements, performance of software safety reviews, performance of verification and validation, backfit of existing software, use of commercial off-the-shelf software, and improvement in user training.

Comments 9: Central Registry for Tool Box Codes--The plan calls for issuing a memorandum designating the location of the central registry and identifying a formal mechanism for accessing and maintaining the tool box codes. The designation of the central registry and its operation should be communicated by the Deputy Secretary.

Goal 4: Support the long-term implementation and continuous improvement of quality assurance programs through the application of ISM.

Comment 10: Quality Assurance Interim Management Board--The roles and responsibilities of the Quality Assurance Interim Management Board (QAIMB) need to be well defined so it will be clear how the QAIMB will function to cause quality assurance improvements in the field. Details should be provided to explain at what stage the ad hoc nature of this special task force will merge with those line Environmental, Safety, and Health groups administering the Integrated Safety Management program.