Disaster by Design/Safety by Intent #63
Safety by Intent
Westinghouse Electric Corporation notified the Nuclear Regulatory Commission (NRC) on July 14, 2016, that workers at its Columbia Fuel Fabrication Facility (CFFF) in South Carolina found significant accumulation of uranium in a ventilation system. The amount of enriched uranium exceeded limits established at the facility as protection against inadvertent criticality.
The uranium accumulated in process vent scrubber S-1030 shown towards the upper left side of Figure 1.
Fig. 1 (Source: Nuclear Regulatory Commission)
The NRC dispatched an Augmented Inspection Team (AIT) to the site to investigate the causes and corrective actions for the event. The NRC sends Special Inspection Teams and Augmented Inspection Teams to investigate discoveries like the one reported at CFFF that have the potential for increasing the risk of an accident.
The AIT concluded in its report dated October 26, 2016, that “Westinghouse failed to provide adequate levels of oversight, enforcement, and accountability to the organizations directly involved with configuration management, operations, and maintenance of the wet ventilation systems.” Specifically, Westinghouse had assumed that only minute quantities of uranium could collect in that portion of the ventilation system and took no actions to either validate or confirm that key assumption.
To this point, both Westinghouse and NRC followed established practices. Upon discovery a condition above the reporting threshold, Westinghouse notified the NRC. Upon receiving notification from Westinghouse about a condition above its normal response threshold, the NRC dispatched an Augmented Inspection Team.
The NRC’s Extra Effort
The NRC did not stop with its AIT probe into whatever problems Westinghouse had that resulted in the event at CFFF. Two days after issuing the AIT report, the NRC chartered a team to examine lessons the agency could learn from the event. This second team was not tasked with supplemental Westinghouse bashing. That had been the AIT’s role. The lessons-learned team was tasked with assessing whether the NRC could make changes in its efforts so as to lessen the likelihood events like the CFFF would recur. Specifically, the lessons learned team was asked to evaluate the NRC’s license review process, inspection program, operating experience program, organization of oversight groups, and knowledge management programs.
It is commendable that the NRC undertook this introspective review. The review would either confirm that the agency is effective applying its resources or recommend ways to reallocate resources for increased effectiveness.
The NRC’s Extra Safety Gains
The AIT verified that Westinghouse had taken or would be taking appropriate corrective actions to lessen the likelihood of recurrence of this problem at its CFFF. The lessons-learned task force identified steps the NRC could take in all five focus areas to lessen the likelihood that such an event could recur at any NRC-licensed fuel cycle facility.
The team concluded that the NRC’s license review process and its inspection program allocated resources based on perceived risk significance. In other words, items with high and moderate risk significance received more attention than items having low risk consequences. The team did not find this triage system unacceptable. It is imperative to properly focus limited resources. But the team did make recommendations on ways NRC’s reviewers and inspectors could verify that items deemed low risk truly have low risk.
The team characterized the agency’s operating experience and knowledge management programs as being more supplemental than integral parts of business. Some of the NRC staff interviewed by the team used the programs extensively; other staffers were aware of the programs but had not used them. The team made several recommendations intended to integrate the operating experience and knowledge management programs into day-to-day work practices. For example, the team recommended training on using the operating experience database to lower the height and shorten the duration of the learning curve needed for users to become proficient with this tool.
The NRC’s Safety Backstop
In theory, NRC’s reviewers and inspectors should find no safety problems. NRC’s licensees—the owners of nuclear power plants and fuel cycle facilities—are responsible under the law for complying with regulations intended to manage risk to workers and the public.
In practice, NRC’s reviewers and inspectors could, and do, find safety problems. Not because NRC’s licensees are deliberately violating safety regulations, but compliance is a dynamic challenge.
By undertaking the lessons learned review of the CFFF event, the NRC makes its safety backstop more robust and reliable. The recommendations made by the team will, when implemented, improve the effectiveness of NRC’s reviewers and inspectors. The NRC’s reviewers and inspectors were already good, but the agency’s efforts to make them better result in making workers and the public safer.
It may not be the ultimate win-win situation, but it’s got to be among the top ten.
—–
UCS’s Disaster by Design/Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.