Disaster by Design/Safety by Intent #55
Safety by Intent
Merriam-Webster defines regulation as “an official rule or law that says how something should be done” and as “the act of regulating something.”
The Energy Reorganization Act of 1974 created the Nuclear Regulatory Commission (NRC) and tasked the agency with both saying how things should be done and regulating to ensure that those things get done right. How does the NRC discharge its statutory responsibilities?
Fortunately, the NRC does it way more straight-forward than they picture doing it (Fig. 1). If there’s such a thing as “circular logic,” then the NRC has discovered “circular illogic.” How do you get to Step 5? When does Step 4 backtrack to Step 3 and when does it recycle to Step 1? Can Step 5 be used to skip Step 2 from Step 1, a la Chutes and Ladders?
(The NRC’s circular squares have little to do with this commentary. But it is UCS’s policy to illustrate every web posting with at least one graphic. So it was this NRC illustration or, sigh, yet another cooling tower image. My apologies to the cooling tower enthusiasts; all three of you.)
The NRC uses regulations backed by standard review plans, regulatory guides, and official endorsements of industry guides to clearly articulate its regulatory expectations. The NRC uses publicly available inspection procedures to clearly convey how it plans to gauge compliance with its regulatory expectations. Such efforts literally put the NRC and owners on the same pages when it comes to nuclear power plant safety requirements.
The safety regulations developed by the NRC are readily available online in Title 10 of the Code of Federal Regulations. Title 10 contains dozens of parts tailored to specific aspects of nuclear safety. For example, Part 100 defines the criteria applied when locating a nuclear power reactor. Part 20 establishes the requirements that protect workers and the public from radiation. Part 50 governs the licensing of nuclear power plants. Part 73 covers the security measures needed to protect nuclear plants from radiological sabotage. And so on.
For example, Section 100.10 in Part 100 defined “Factors to be considered when evaluating sites” for proposed nuclear power reactors. Applications for reactor operating licenses had to describe the site’s seismology, meteorology, hydrology, geology and the evaluations concluding these physical characteristics posed no undue hazard to the reactor.
The applicants for licenses and certificates from the NRC and the holders of licenses and certificates issued by the NRC have the responsibility of complying with the agency’s regulations. The NRC supplemented its regulations with Regulatory Guides that helped applicants meet their obligation through increased understanding of the regulatory expectations.
Continuing the example from Section 100.10, the NRC issued Regulatory Guide 1.70. Section 220.127.116.11 of this guidance document describes the expectations for meteorology. The NRC expressed its expectation that nuclear plants be designed to accommodate the weight of snowfall from a once in 100-year event.
Similarly, Regulatory Guide 1.76 describes the expectations for tornadoes, including assumptions for wind speeds of 230 miles per hour for the central United States and 160 miles per hour in the western United States (Fig. 2). In addition, the guidance explains the expectations for debris transported by tornado winds and striking parts of the nuclear plant.
As reflected by the name, a regulatory guide is not born as a regulatory requirement. It can be adopted as a requirement when an owner commits to its provisions to comply with a regulation. But owners are entirely free to comply with the regulation through methods other than those described in regulatory guides. To do so, the owners need only convince the NRC that the alternate methods are comparable to, or better, than the methods in the regulatory guides.
NRC-Endorsed Industry Standards
The NRC has frequently endorsed standards developed by the industry as acceptable means of complying with its regulations. Like regulatory guides, NRC-endorsed industry standards are not born as regulatory requirements. But they can become adopted as requirements when owners commit to comply with regulations by meeting the industry standards.
“No Surprise” Regulatory Guides and Endorsed Industry Standards
Regulatory Guides and industry standards are typically developed through an iterative process. A draft will be circulated for review and comment by all parties. Drafts will be updated to incorporate comments and, if necessary, distributed for additional review and comment periods. As a result, the final regulatory guides issued by the NRC and industry standards endorsed by the NRC should reflect a common understanding between the agency and its licensees as to their contents.
Standard Review Plan
The Standard Review Plan (NUREG-0800 for nuclear power reactors) was developed to help the NRC’s reviewers determine whether applications for operating licenses properly showed compliance with applicable regulations. This “answer key” also helps applicants conduct all the homework necessary to prepare high quality submittals.
The Standard Review Plan is a valuable complement to the regulations and regulatory guides. Regulatory guides identify the NRC’s expectations for factoring meteorology into reactor siting and design decisions. The Standard Review Plan identifies the spectrum of regulations that include meteorological considerations. The regulatory guides define the tornado wind speeds and the snowfall amounts the NRC expects to be considered; the Standard Review Plan describes how these parameters are to be applied in judging the integrity of plant structures and in the radiological protection of the public following an accident.
The NRC conducts numerous inspections at each operating nuclear plant under its Reactor Oversight Process. The owners are notified in advance about upcoming inspections and the inspection procedures are available online.
For example, in March 2016, the NRC informed the owner of the Comanche Peak nuclear plant in Texas that it planned to inspect plant modifications and 50.59 evaluations using procedure 71111.17T beginning September 12, 2016; to inspect the plant’s cooling systems or heat sink using procedure 71111.07T beginning February 6, 2017; to inspect radiation protection of workers using procedure 71124.04 beginning November 6, 2017; and to conduct 24 other inspections at the plant.
The glass-half-empty gang will point out that giving owners months of notice as well as the test questions so far in advance makes it easier for them to look good on the inspections.
The glass-half-full crowd will likely agree with this point, but will recognize that looking good on safety inspections has positive safety connotations.
Disaster by Design
Prior to joining UCS, I worked for awhile as a consultant in the engineering department for a company with two operating nuclear reactors. Engineering had issued a procedure for coatings applied to piping and equipment for protection against rusting and degradation. The procedure prohibited applying a certain epoxy to equipment inside containment. So, during a refueling outage workers unbolted a component, moved it outside containment, and applied the epoxy coating. They then moved the component back inside containment and reconnected it.
The letter of the procedure had been satisfied, but not its spirit. The reason the epoxy was banned was that following certain accidents, it could react chemically with fluid discharged into containment with harmful consequences. Fortunately, the mis-applied epoxy coating was detected and corrected before the reactor restarted from the outage.
This benign example illustrates the potentially more serious consequences that can occur when the NRC and plant owners are not on the same pages. The NRC can set the safety bar at an appropriate height to adequately manage a risk, but owners need to see the bar and understand all its associated fine print in order to facilitate compliance.
The NRC’s readily available regulations, regulatory guides, standard review plans, and inspection procedures guard against miscommunications and misinterpretations that can undermine safety.
UCS’s Disaster by Design/Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.