[Code of Federal Regulations]
[Title 10, Volume 4]
[Revised as of January 1, 2008]
From the U.S. Government Printing Office via GPO Access
[CITE: 10CFR830]
[Page 527-542]
TITLE 10--ENERGY
CHAPTER III--DEPARTMENT OF ENERGY
PART 830_NUCLEAR SAFETY MANAGEMENT--Table of Contents
Sec.
830.1 Scope.
830.2 Exclusions.
830.3 Definitions.
830.4 General requirements.
830.5 Enforcement.
830.6 Recordkeeping.
830.7 Graded approach.
Subpart A_Quality Assurance Requirements
830.120 Scope.
830.121 Quality Assurance Program (QAP).
830.122 Quality assurance criteria.
Subpart B_Safety Basis Requirements
830.200 Scope.
830.201 Performance of work.
830.202 Safety basis.
830.203 Unreviewed safety question process.
830.204 Documented safety analysis.
830.205 Technical safety requirements.
830.206 Preliminary documented safety analysis.
[[Page 528]]
830.207 DOE approval of safety basis.
Appendix A to Subpart B of Part 830--General Statement of Safety Basis
Policy
Authority: 42 U.S.C. 2201; 42 U.S.C. 7101 et seq.; and 50 U.S.C.
2401 et seq.
Source: 66 FR 1818, Jan. 10, 2001, unless otherwise noted.
Sec. 830.1 Scope.
This part governs the conduct of DOE contractors, DOE personnel, and
other persons conducting activities (including providing items and
services) that affect, or may affect, the safety of DOE nuclear
facilities.
Sec. 830.2 Exclusions.
This part does not apply to:
(a) Activities that are regulated through a license by the Nuclear
Regulatory Commission (NRC) or a State under an Agreement with the NRC,
including activities certified by the NRC under section 1701 of the
Atomic Energy Act (Act);
(b) Activities conducted under the authority of the Director, Naval
Nuclear Propulsion, pursuant to Executive Order 12344, as set forth in
Public Law 106-65;
(c) Transportation activities which are regulated by the Department
of Transportation;
(d) Activities conducted under the Nuclear Waste Policy Act of 1982,
as amended, and any facility identified under section 202(5) of the
Energy Reorganization Act of 1974, as amended; and
(e) Activities related to the launch approval and actual launch of
nuclear energy systems into space.
Sec. 830.3 Definitions.
(a) The following definitions apply to this part:
Administrative controls means the provisions relating to
organization and management, procedures, recordkeeping, assessment, and
reporting necessary to ensure safe operation of a facility.
Bases appendix means an appendix that describes the basis of the
limits and other requirements in technical safety requirements.
Critical assembly means special nuclear devices designed and used to
sustain nuclear reactions, which may be subject to frequent core and
lattice configuration change and which frequently may be used as mockups
of reactor configurations.
Criticality means the condition in which a nuclear fission chain
reaction becomes self-sustaining.
Design features means the design features of a nuclear facility
specified in the technical safety requirements that, if altered or
modified, would have a significant effect on safe operation.
Document means recorded information that describes, specifies,
reports, certifies, requires, or provides data or results.
Documented safety analysis means a documented analysis of the extent
to which a nuclear facility can be operated safely with respect to
workers, the public, and the environment, including a description of the
conditions, safe boundaries, and hazard controls that provide the basis
for ensuring safety.
Environmental restoration activities means the process(es) by which
contaminated sites and facilities are identified and characterized and
by which contamination is contained, treated, or removed and disposed.
Existing DOE nuclear facility means a DOE nuclear facility in
operation before April 9, 2001.
Fissionable materials means a nuclide capable of sustaining a
neutron-induced chain reaction (e.g., uranium-233, uranium-235,
plutonium-238, plutonium-239, plutonium-241, neptunium-237, americium-
241, and curium-244).
Graded approach means the process of ensuring that the level of
analysis, documentation, and actions used to comply with a requirement
in this part are commensurate with:
(1) The relative importance to safety, safeguards, and security;
(2) The magnitude of any hazard involved;
(3) The life cycle stage of a facility;
(4) The programmatic mission of a facility;
(5) The particular characteristics of a facility;
(6) The relative importance of radiological and nonradiological
hazards; and
(7) Any other relevant factor.
[[Page 529]]
Hazard means a source of danger (i.e., material, energy source, or
operation) with the potential to cause illness, injury, or death to a
person or damage to a facility or to the environment (without regard to
the likelihood or credibility of accident scenarios or consequence
mitigation).
Hazard controls means measures to eliminate, limit, or mitigate
hazards to workers, the public, or the environment, including
(1) Physical, design, structural, and engineering features;
(2) Safety structures, systems, and components;
(3) Safety management programs;
(4) Technical safety requirements; and
(5) Other controls necessary to provide adequate protection from
hazards.
Item is an all-inclusive term used in place of any of the following:
appurtenance, assembly, component, equipment, material, module, part,
product, structure, subassembly, subsystem, system, unit, or support
systems.
Limiting conditions for operation means the limits that represent
the lowest functional capability or performance level of safety
structures, systems, and components required for safe operations.
Limiting control settings means the settings on safety systems that
control process variables to prevent exceeding a safety limit.
Low-level residual fixed radioactivity means the remaining
radioactivity following reasonable efforts to remove radioactive
systems, components, and stored materials. The remaining radioactivity
is composed of surface contamination that is fixed following chemical
cleaning or some similar process; a component of surface contamination
that can be picked up by smears; or activated materials within
structures. The radioactivity can be characterized as low-level if the
smearable radioactivity is less than the values defined for removable
contamination by 10 CFR Part 835, Appendix D, Surface Contamination
Values, and the hazard analysis results show that no credible accident
scenario or work practices would release the remaining fixed
radioactivity or activation components at levels that would prudently
require the use of active safety systems, structures, or components to
prevent or mitigate a release of radioactive materials.
Major modification means a modification to a DOE nuclear facility
that is completed on or after April 9, 2001 that substantially changes
the existing safety basis for the facility.
New DOE nuclear facility means a DOE nuclear facility that begins
operation on or after April 9, 2001.
Nonreactor nuclear facility means those facilities, activities or
operations that involve, or will involve, radioactive and/or fissionable
materials in such form and quantity that a nuclear or a nuclear
explosive hazard potentially exists to workers, the public, or the
environment, but does not include accelerators and their operations and
does not include activities involving only incidental use and generation
of radioactive materials or radiation such as check and calibration
sources, use of radioactive sources in research and experimental and
analytical laboratory activities, electron microscopes, and X-ray
machines.
Nuclear facility means a reactor or a nonreactor nuclear facility
where an activity is conducted for or on behalf of DOE and includes any
related area, structure, facility, or activity to the extent necessary
to ensure proper implementation of the requirements established by this
Part.
Operating limits means those limits required to ensure the safe
operation of a nuclear facility, including limiting control settings and
limiting conditions for operation.
Preliminary documented safety analysis means documentation prepared
in connection with the design and construction of a new DOE nuclear
facility or a major modification to a DOE nuclear facility that provides
a reasonable basis for the preliminary conclusion that the nuclear
facility can be operated safely through the consideration of factors
such as
(1) The nuclear safety design criteria to be satisfied;
(2) A safety analysis that derives aspects of design that are
necessary to satisfy the nuclear safety design criteria; and
[[Page 530]]
(3) An initial listing of the safety management programs that must
be developed to address operational safety considerations.
Process means a series of actions that achieves an end or result.
Quality means the condition achieved when an item, service, or
process meets or exceeds the user's requirements and expectations.
Quality assurance means all those actions that provide confidence
that quality is achieved.
Quality Assurance Program (QAP) means the overall program or
management system established to assign responsibilities and
authorities, define policies and requirements, and provide for the
performance and assessment of work.
Reactor means any apparatus that is designed or used to sustain
nuclear chain reactions in a controlled manner such as research, test,
and power reactors, and critical and pulsed assemblies and any assembly
that is designed to perform subcritical experiments that could
potentially reach criticality; and, unless modified by words such as
containment, vessel, or core, refers to the entire facility, including
the housing, equipment and associated areas devoted to the operation and
maintenance of one or more reactor cores.
Record means a completed document or other media that provides
objective evidence of an item, service, or process.
Safety basis means the documented safety analysis and hazard
controls that provide reasonable assurance that a DOE nuclear facility
can be operated safely in a manner that adequately protects workers, the
public, and the environment.
Safety class structures, systems, and components means the
structures, systems, or components, including portions of process
systems, whose preventive or mitigative function is necessary to limit
radioactive hazardous material exposure to the public, as determined
from safety analyses.
Safety evaluation report means the report prepared by DOE to
document
(1) The sufficiency of the documented safety analysis for a hazard
category 1, 2, or 3 DOE nuclear facility;
(2) The extent to which a contractor has satisfied the requirements
of Subpart B of this part; and
(3) The basis for approval by DOE of the safety basis for the
facility, including any conditions for approval.
Safety limits means the limits on process variables associated with
those safety class physical barriers, generally passive, that are
necessary for the intended facility function and that are required to
guard against the uncontrolled release of radioactive materials.
Safety management program means a program designed to ensure a
facility is operated in a manner that adequately protects workers, the
public, and the environment by covering a topic such as: quality
assurance; maintenance of safety systems; personnel training; conduct of
operations; inadvertent criticality protection; emergency preparedness;
fire protection; waste management; or radiological protection of
workers, the public, and the environment.
Safety management system means an integrated safety management
system established consistent with 48 CFR 970.5223-1.
Safety significant structures, systems, and components means the
structures, systems, and components which are not designated as safety
class structures, systems, and components, but whose preventive or
mitigative function is a major contributor to defense in depth and/or
worker safety as determined from safety analyses.
Safety structures, systems, and components means both safety class
structures, systems, and components and safety significant structures,
systems, and components.
Service means the performance of work, such as design,
manufacturing, construction, fabrication, assembly, decontamination,
environmental restoration, waste management, laboratory sample analyses,
inspection, nondestructive examination/testing, environmental
qualification, equipment qualification, repair, installation, or the
like.
Surveillance requirements means requirements relating to test,
calibration, or inspection to ensure that the necessary operability and
quality of
[[Page 531]]
safety structures, systems, and components and their support systems
required for safe operations are maintained, that facility operation is
within safety limits, and that limiting control settings and limiting
conditions for operation are met.
Technical safety requirements (TSRs) means the limits, controls, and
related actions that establish the specific parameters and requisite
actions for the safe operation of a nuclear facility and include, as
appropriate for the work and the hazards identified in the documented
safety analysis for the facility: Safety limits, operating limits,
surveillance requirements, administrative and management controls, use
and application provisions, and design features, as well as a bases
appendix.
Unreviewed Safety Question (USQ) means a situation where
(1) The probability of the occurrence or the consequences of an
accident or the malfunction of equipment important to safety previously
evaluated in the documented safety analysis could be increased;
(2) The possibility of an accident or malfunction of a different
type than any evaluated previously in the documented safety analysis
could be created;
(3) A margin of safety could be reduced; or
(4) The documented safety analysis may not be bounding or may be
otherwise inadequate.
Unreviewed Safety Question process means the mechanism for keeping a
safety basis current by reviewing potential unreviewed safety questions,
reporting unreviewed safety questions to DOE, and obtaining approval
from DOE prior to taking any action that involves an unreviewed safety
question.
Use and application provisions means the basic instructions for
applying technical safety requirements.
(b) Terms defined in the Act or in 10 CFR Part 820 and not defined
in this section of the rule are to be used consistent with the meanings
given in the Act or in 10 CFR Part 820.
Sec. 830.4 General requirements.
(a) No person may take or cause to be taken any action inconsistent
with the requirements of this part.
(b) A contractor responsible for a nuclear facility must ensure
implementation of, and compliance with, the requirements of this part.
(c) The requirements of this part must be implemented in a manner
that provides reasonable assurance of adequate protection of workers,
the public, and the environment from adverse consequences, taking into
account the work to be performed and the associated hazards.
(d) If there is no contractor for a DOE nuclear facility, DOE must
ensure implementation of, and compliance with, the requirements of this
part.
Sec. 830.5 Enforcement.
The requirements in this part are DOE Nuclear Safety Requirements
and are subject to enforcement by all appropriate means, including the
imposition of civil and criminal penalties in accordance with the
provisions of 10 CFR Part 820.
Sec. 830.6 Recordkeeping.
A contractor must maintain complete and accurate records as
necessary to substantiate compliance with the requirements of this part.
Sec. 830.7 Graded approach.
Where appropriate, a contractor must use a graded approach to
implement the requirements of this part, document the basis of the
graded approach used, and submit that documentation to DOE. The graded
approach may not be used in implementing the unreviewed safety question
(USQ) process or in implementing technical safety requirements.
Subpart A_Quality Assurance Requirements
Sec. 830.120 Scope.
This subpart establishes quality assurance requirements for
contractors conducting activities, including providing items or
services, that affect, or may affect, nuclear safety of DOE nuclear
facilities.
[[Page 532]]
Sec. 830.121 Quality Assurance Program (QAP).
(a) Contractors conducting activities, including providing items or
services, that affect, or may affect, the nuclear safety of DOE nuclear
facilities must conduct work in accordance with the Quality Assurance
criteria in Sec. 830.122.
(b) The contractor responsible for a DOE nuclear facility must:
(1) Submit a QAP to DOE for approval and regard the QAP as approved
90 days after submittal, unless it is approved or rejected by DOE at an
earlier date.
(2) Modify the QAP as directed by DOE.
(3) Annually submit any changes to the DOE-approved QAP to DOE for
approval. Justify in the submittal why the changes continue to satisfy
the quality assurance requirements.
(4) Conduct work in accordance with the QAP.
(c) The QAP must:
(1) Describe how the quality assurance criteria of Sec. 830.122 are
satisfied.
(2) Integrate the quality assurance criteria with the Safety
Management System, or describe how the quality assurance criteria apply
to the Safety Management System.
(3) Use voluntary consensus standards in its development and
implementation, where practicable and consistent with contractual and
regulatory requirements, and identify the standards used.
(4) Describe how the contractor responsible for the nuclear facility
ensures that subcontractors and suppliers satisfy the criteria of Sec.
830.122.
Sec. 830.122 Quality assurance criteria.
The QAP must address the following management, performance, and
assessment criteria:
(a) Criterion 1--Management/Program.
(1) Establish an organizational structure, functional
responsibilities, levels of authority, and interfaces for those
managing, performing, and assessing the work.
(2) Establish management processes, including planning, scheduling,
and providing resources for the work.
(b) Criterion 2--Management/Personnel Training and Qualification.
(1) Train and qualify personnel to be capable of performing their
assigned work.
(2) Provide continuing training to personnel to maintain their job
proficiency.
(c) Criterion 3--Management/Quality Improvement.
(1) Establish and implement processes to detect and prevent quality
problems.
(2) Identify, control, and correct items, services, and processes
that do not meet established requirements.
(3) Identify the causes of problems and work to prevent recurrence
as a part of correcting the problem.
(4) Review item characteristics, process implementation, and other
quality-related information to identify items, services, and processes
needing improvement.
(d) Criterion 4--Management/Documents and Records.
(1) Prepare, review, approve, issue, use, and revise documents to
prescribe processes, specify requirements, or establish design.
(2) Specify, prepare, review, approve, and maintain records.
(e) Criterion 5--Performance/Work Processes.
(1) Perform work consistent with technical standards, administrative
controls, and other hazard controls adopted to meet regulatory or
contract requirements, using approved instructions, procedures, or other
appropriate means.
(2) Identify and control items to ensure their proper use.
(3) Maintain items to prevent their damage, loss, or deterioration.
(4) Calibrate and maintain equipment used for process monitoring or
data collection.
(f) Criterion 6--Performance/Design.
(1) Design items and processes using sound engineering/scientific
principles and appropriate standards.
(2) Incorporate applicable requirements and design bases in design
work and design changes.
(3) Identify and control design interfaces.
(4) Verify or validate the adequacy of design products using
individuals or groups other than those who performed the work.
[[Page 533]]
(5) Verify or validate work before approval and implementation of
the design.
(g) Criterion 7--Performance/Procurement.
(1) Procure items and services that meet established requirements
and perform as specified.
(2) Evaluate and select prospective suppliers on the basis of
specified criteria.
(3) Establish and implement processes to ensure that approved
suppliers continue to provide acceptable items and services.
(h) Criterion 8--Performance/Inspection and Acceptance Testing.
(1) Inspect and test specified items, services, and processes using
established acceptance and performance criteria.
(2) Calibrate and maintain equipment used for inspections and tests.
(i) Criterion 9--Assessment/Management Assessment. Ensure managers
assess their management processes and identify and correct problems that
hinder the organization from achieving its objectives.
(j) Criterion 10--Assessment/Independent Assessment.
(1) Plan and conduct independent assessments to measure item and
service quality, to measure the adequacy of work performance, and to
promote improvement.
(2) Establish sufficient authority, and freedom from line
management, for the group performing independent assessments.
(3) Ensure persons who perform independent assessments are
technically qualified and knowledgeable in the areas to be assessed.
Subpart B_Safety Basis Requirements
Sec. 830.200 Scope.
This Subpart establishes safety basis requirements for hazard
category 1, 2, and 3 DOE nuclear facilities.
Sec. 830.201 Performance of work.
A contractor must perform work in accordance with the safety basis
for a hazard category 1, 2, or 3 DOE nuclear facility and, in
particular, with the hazard controls that ensure adequate protection of
workers, the public, and the environment.
Sec. 830.202 Safety basis.
(a) The contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must establish and maintain the safety basis for the
facility.
(b) In establishing the safety basis for a hazard category 1, 2, or
3 DOE nuclear facility, the contractor responsible for the facility
must:
(1) Define the scope of the work to be performed;
(2) Identify and analyze the hazards associated with the work;
(3) Categorize the facility consistent with DOE-STD-1027-92
(``Hazard Categorization and Accident Analysis Techniques for compliance
with DOE Order 5480.23, Nuclear Safety Analysis Reports,'' Change Notice
1, September 1997);
(4) Prepare a documented safety analysis for the facility; and (5)
Establish the hazard controls upon which the contractor will rely to
ensure adequate protection of workers, the public, and the environment.
(c) In maintaining the safety basis for a hazard category 1, 2, or 3
DOE nuclear facility, the contractor responsible for the facility must:
(1) Update the safety basis to keep it current and to reflect
changes in the facility, the work and the hazards as they are analyzed
in the documented safety analysis;
(2) Annually submit to DOE either the updated documented safety
analysis for approval or a letter stating that there have been no
changes in the documented safety analysis since the prior submission;
and
(3) Incorporate in the safety basis any changes, conditions, or
hazard controls directed by DOE.
Sec. 830.203 Unreviewed safety question process.
(a) The contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must establish, implement, and take actions consistent
with a USQ process that meets the requirements of this section.
(b) The contractor responsible for a hazard category 1, 2, or 3 DOE
existing nuclear facility must submit for DOE
[[Page 534]]
approval a procedure for its USQ process by April 10, 2001. Pending DOE
approval of the USQ procedure, the contractor must continue to use its
existing USQ procedure. If the existing procedure already meets the
requirements of this section, the contractor must notify DOE by April
10, 2001 and request that DOE issue an approval of the existing
procedure.
(c) The contractor responsible for a hazard category 1, 2, or 3 DOE
new nuclear facility must submit for DOE approval a procedure for its
USQ process on a schedule that allows DOE approval in a safety
evaluation report issued pursuant to section 207(d) of this Part.
(d) The contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must implement the DOE-approved USQ procedure in
situations where there is a:
(1) Temporary or permanent change in the facility as described in
the existing documented safety analysis;
(2) Temporary or permanent change in the procedures as described in
the existing documented safety analysis;
(3) Test or experiment not described in the existing documented
safety analysis; or (4) Potential inadequacy of the documented safety
analysis because the analysis potentially may not be bounding or may be
otherwise inadequate.
(e) A contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must obtain DOE approval prior to taking any action
determined to involve a USQ.
(f) The contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must annually submit to DOE a summary of the USQ
determinations performed since the prior submission.
(g) If a contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility discovers or is made aware of a potential inadequacy of
the documented safety analysis, it must:
(1) Take action, as appropriate, to place or maintain the facility
in a safe condition until an evaluation of the safety of the situation
is completed;
(2) Notify DOE of the situation;
(3) Perform a USQ determination and notify DOE promptly of the
results; and (4) Submit the evaluation of the safety of the situation to
DOE prior to removing any operational restrictions initiated to meet
paragraph (g)(1) of this section.
Sec. 830.204 Documented safety analysis.
(a) The contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must obtain approval from DOE for the methodology used
to prepare the documented safety analysis for the facility unless the
contractor uses a methodology set forth in Table 2 of Appendix A to this
Part.
(b) The documented safety analysis for a hazard category 1, 2, or 3
DOE nuclear facility must, as appropriate for the complexities and
hazards associated with the facility:
(1) Describe the facility (including the design of safety
structures, systems and components) and the work to be performed;
(2) Provide a systematic identification of both natural and man-made
hazards associated with the facility;
(3) Evaluate normal, abnormal, and accident conditions, including
consideration of natural and man-made external events, identification of
energy sources or processes that might contribute to the generation or
uncontrolled release of radioactive and other hazardous materials, and
consideration of the need for analysis of accidents which may be beyond
the design basis of the facility;
(4) Derive the hazard controls necessary to ensure adequate
protection of workers, the public, and the environment, demonstrate the
adequacy of these controls to eliminate, limit, or mitigate identified
hazards, and define the process for maintaining the hazard controls
current at all times and controlling their use;
(5) Define the characteristics of the safety management programs
necessary to ensure the safe operation of the facility, including (where
applicable) quality assurance, procedures, maintenance, personnel
training, conduct of operations, emergency preparedness, fire
protection, waste management, and radiation protection; and
(6) With respect to a nonreactor nuclear facility with fissionable
material in a form and amount sufficient to pose
[[Page 535]]
a potential for criticality, define a criticality safety program that:
(i) Ensures that operations with fissionable material remain
subcritical under all normal and credible abnormal conditions,
(ii) Identifies applicable nuclear criticality safety standards, and
(iii) Describes how the program meets applicable nuclear criticality
safety standards.
Sec. 830.205 Technical safety requirements.
(a) A contractor responsible for a hazard category 1, 2, or 3 DOE
nuclear facility must:
(1) Develop technical safety requirements that are derived from the
documented safety analysis;
(2) Prior to use, obtain DOE approval of technical safety
requirements and any change to technical safety requirements; and
(3) Notify DOE of any violation of a technical safety requirement.
(b) A contractor may take emergency actions that depart from an
approved technical safety requirement when no actions consistent with
the technical safety requirement are immediately apparent, and when
these actions are needed to protect workers, the public or the
environment from imminent and significant harm. Such actions must be
approved by a certified operator for a reactor or by a person in
authority as designated in the technical safety requirements for
nonreactor nuclear facilities. The contractor must report the emergency
actions to DOE as soon as practicable.
(c) A contractor for an environmental restoration activity may
follow the provisions of 29 CFR 1910.120 or 1926.65 to develop the
appropriate hazard controls (rather than the provisions for technical
safety requirements in paragraph (a) of this section), provided the
activity involves either:
(1) Work not done within a permanent structure, or
(2) The decommissioning of a facility with only low-level residual
fixed radioactivity.
Sec. 830.206 Preliminary documented safety analysis.
If construction begins after December 11, 2000, the contractor
responsible for a hazard category 1, 2, or 3 new DOE nuclear facility or
a major modification to a hazard category 1, 2, or 3 DOE nuclear
facility must:
(a) Prepare a preliminary documented safety analysis for the
facility, and
(b) Obtain DOE approval of:
(1) The nuclear safety design criteria to be used in preparing the
preliminary documented safety analysis unless the contractor uses the
design criteria in DOE Order 420.1, Facility Safety; and
(2) The preliminary documented safety analysis before the contractor
can procure materials or components or begin construction; provided that
DOE may authorize the contractor to perform limited procurement and
construction activities without approval of a preliminary documented
safety analysis if DOE determines that the activities are not
detrimental to public health and safety and are in the best interests of
DOE.
Sec. 830.207 DOE approval of safety basis.
(a) By April 10, 2003, a contractor responsible for a hazard
category 1, 2, or 3 existing DOE nuclear facility must submit for DOE
approval a safety basis that meets the requirements of this Subpart.
(b) Pending issuance of a safety evaluation report in which DOE
approves a safety basis for a hazard category 1, 2, or 3 existing DOE
nuclear facility, the contractor responsible for the facility must
continue to perform work in accordance with the safety basis for the
facility in effect on October 10, 2000, or as approved by DOE at a later
date, and maintain the existing safety basis consistent with the
requirements of this Subpart.
(c) If the safety basis for a hazard category 1, 2, or 3 existing
DOE nuclear facility already meets the requirements of this Subpart and
reflects the current work and hazards associated with the facility, the
contractor responsible for the facility must, by April 9, 2001, notify
DOE, document the adequacy of the existing safety basis
[[Page 536]]
and request DOE to issue a safety evaluation report that approves the
existing safety basis. If DOE does not issue a safety evaluation report
by October 10, 2001, the contractor must submit a safety basis pursuant
to paragraph (a) of this section.
(d) With respect to a hazard category 1, 2, or 3 new DOE nuclear
facility or a major modification to a hazard category 1, 2, or 3 DOE
nuclear facility, a contractor may not begin operation of the facility
or modification prior to the issuance of a safety evaluation report in
which DOE approves the safety basis for the facility or modification.
Appendix A to Subpart B of Part 830--General Statement of Safety Basis
Policy
A. Introduction
This appendix describes DOE's expectations for the safety basis
requirements of 10 CFR Part 830, acceptable methods for implementing
these requirements, and criteria DOE will use to evaluate compliance
with these requirements. This Appendix does not create any new
requirements and should be used consistently with DOE Policy 450.2A,
``Identifying, Implementing and Complying with Environment, Safety and
Health Requirements'' (May 15, 1996).
B. Purpose
1. The safety basis requirements of Part 830 require the contractor
responsible for a DOE nuclear facility to analyze the facility, the work
to be performed, and the associated hazards and to identify the
conditions, safe boundaries, and hazard controls necessary to protect
workers, the public and the environment from adverse consequences. These
analyses and hazard controls constitute the safety basis upon which the
contractor and DOE rely to conclude that the facility can be operated
safely. Performing work consistent with the safety basis provides
reasonable assurance of adequate protection of workers, the public, and
the environment.
2. The safety basis requirements are intended to further the
objective of making safety an integral part of how work is performed
throughout the DOE complex. Developing a thorough understanding of a
nuclear facility, the work to be performed, the associated hazards and
the needed hazard controls is essential to integrating safety into
management and work at all levels. Performing work in accordance with
the safety basis for a nuclear facility is the realization of that
objective.
C. Scope
1. A contractor must establish and maintain a safety basis for a
hazard category 1, 2, or 3 DOE nuclear facility because these facilities
have the potential for significant radiological consequences. DOE-STD-
1027-92 (``Hazard Categorization and Accident Analysis Techniques for
compliance with DOE Order 5480.23, Nuclear Safety Analysis Reports,''
Change Notice 1, September 1997) sets forth the methodology for
categorizing a DOE nuclear facility (see Table 1). The hazard
categorization must be based on an inventory of all radioactive
materials within a nuclear facility.
2. Unlike the quality assurance requirements of Part 830 that apply
to all DOE nuclear facilities (including radiological facilities), the
safety basis requirements only apply to hazard category 1, 2, and 3
nuclear facilities and do not apply to nuclear facilities below hazard
category 3.
Table 1
------------------------------------------------------------------------
A DOE nuclear facility categorized as *
* * Has the potential for * * *
------------------------------------------------------------------------
Hazard category 1...................... Significant off-site
consequences.
Hazard category 2...................... Significant on-site
consequences beyond localized
consequences.
Hazard category 3...................... Only local significant
consequences.
Below category 3....................... Only consequences less than
those that provide a basis for
categorization as a hazard
category 1, 2, or 3 nuclear
facility.
------------------------------------------------------------------------
D. Integrated Safety Management
1. The safety basis requirements are consistent with integrated
safety management. DOE expects that, if a contractor complies with the
Department of Energy Acquisition Regulation (DEAR) clause on integration
of environment, safety, and health into work planning and execution (48
CFR 970.5223-1, Integration of Environment, Safety and Health into Work
Planning and Execution) and the DEAR clause on laws, regulations, and
DOE directives (48 CFR 970.5204-2, Laws, Regulations and DOE
Directives), the contractor will have established the foundation to meet
the safety basis requirements.
2. The processes embedded in a safety management system should lead
to a contractor
[[Page 537]]
establishing adequate safety bases and safety management programs that
will meet the safety basis requirements of this Subpart. Consequently,
the DOE expects if a contractor has adequately implemented integrated
safety management, few additional requirements will stem from this
Subpart and, in such cases, the existing safety basis prepared in
accordance with integrated safety management provisions, including
existing DOE safety requirements in contracts, should meet the
requirements of this Subpart.
3. DOE does not expect there to be any conflict between contractual
requirements and regulatory requirements. In fact, DOE expects that
contract provisions will be used to provide more detail on
implementation of safety basis requirements such as preparing a
documented safety analysis, developing technical safety requirements,
and implementing a USQ process.
E. Enforcement of Safety Basis Requirements
1. Enforcement of the safety basis requirements will be performance
oriented. That is, DOE will focus its enforcement efforts on whether a
contractor operates a nuclear facility consistent with the safety basis
for the facility and, in particular, whether work is performed in
accordance with the safety basis.
2. As part of the approval process, DOE will review the content and
quality of the safety basis documentation. DOE intends to use the
approval process to assess the adequacy of a safety basis developed by a
contractor to ensure that workers, the public, and the environment are
provided reasonable assurance of adequate protection from identified
hazards. Once approved by DOE, the safety basis documentation will not
be subject to regulatory enforcement actions unless DOE determines that
the information which supports the documentation is not complete and
accurate in all material respects, as required by 10 CFR 820.11. This is
consistent with the DOE enforcement provisions and policy in 10 CFR Part
820.
3. DOE does not intend the adoption of the safety basis requirements
to affect the existing quality assurance requirements or the existing
obligation of contractors to comply with the quality assurance
requirements. In particular, in conjunction with the adoption of the
safety basis requirements, DOE revised the language in 10 CFR
830.122(e)(1) to make clear that hazard controls are part of the work
processes to which a contractor and other persons must adhere when
performing work. This obligation to perform work consistent with hazard
controls adopted to meet regulatory or contract requirements existed
prior to the adoption of the safety basis requirements and is both
consistent with and independent of the safety basis requirements.
4. A documented safety analysis must address all hazards (that is,
both radiological and nonradiological hazards) and the controls
necessary to provide adequate protection to the public, workers, and the
environment from these hazards. Section 234A of the Atomic Energy Act,
however, only authorizes DOE to issue civil penalties for violations of
requirements related to nuclear safety. Therefore, DOE will impose civil
penalties for violations of the safety basis requirements (including
hazard controls) only if they are related to nuclear safety.
F. Documented Safety Analysis
1. A documented safety analysis must demonstrate the extent to which
a nuclear facility can be operated safely with respect to workers, the
public, and the environment.
2. DOE expects a contractor to use a graded approach to develop a
documented safety analysis and describe how the graded approach was
applied. The level of detail, analysis, and documentation will reflect
the complexity and hazard associated with a particular facility. Thus,
the documented safety analysis for a simple, low hazard facility may be
relatively short and qualitative in nature, while the documented safety
analysis for a complex, high hazard facility may be quite elaborate and
more quantitative. DOE will work with its contractors to ensure a
documented safety analysis is appropriate for the facility for which it
is being developed.
3. Because DOE has ultimate responsibility for the safety of its
facilities, DOE will review each documented safety analysis to determine
whether the rigor and detail of the documented safety analysis are
appropriate for the complexity and hazards expected at the nuclear
facility. In particular, DOE will evaluate the documented safety
analysis by considering the extent to which the documented safety
analysis (1) satisfies the provisions of the methodology used to prepare
the documented safety analysis and (2) adequately addresses the criteria
set forth in 10 CFR 830.204(b). DOE will prepare a Safety Evaluation
Report to document the results of its review of the documented safety
analysis. A documented safety analysis must contain any conditions or
changes required by DOE.
4. In most cases, the contract will provide the framework for
specifying the methodology and schedule for developing a documented
safety analysis. Table 2 sets forth acceptable methodologies for
preparing a documented safety analysis.
[[Page 538]]
Table 2
------------------------------------------------------------------------
May prepare its documented
The contractor responsible for * * * safety analyses by * * *
------------------------------------------------------------------------
(1) A DOE reactor...................... Using the method in U.S.
Nuclear Regulatory Commission
Regulatory Guide 1.70,
Standard Format and Content of
Safety Analysis Reports for
Nuclear Power Plants, or
successor document.
(2) A DOE nonreactor nuclear facility.. Using the method in DOE-STD-
3009, Change Notice No. 1,
January 2000, Preparation
Guide for U.S. Department of
Energy Nonreactor Nuclear
Facility Safety Analysis
Reports, July 1994, or
successor document.
(3) A DOE nuclear facility with a Using the method in either:
limited operational life. (1) DOE-STD-3009-, Change
Notice No. 1, January 2000, or
successor document, or
(2) DOE-STD-3011-94, Guidance
for Preparation of DOE 5480.22
(TSR) and DOE 5480.23 (SAR)
Implementation Plans, November
1994, or successor document.
(4) The deactivation or the transition Using the method in either:
surveillance and maintenance of a DOE (1) DOE-STD-3009, Change Notice
nuclear facility. No. 1, January 2000, or
successor document, or
(2) DOE-STD-3011-94 or
successor document.
(5) The decommissioning of a DOE (1) Using the method in DOE-STD-
nuclear facility. 1120-98, Integration of
Environment, Safety, and
Health into Facility
Disposition Activities, May
1998, or successor document;
(2) Using the provisions in 29
CFR 1910.120 (or 29 CFR
1926.65 for construction
activities) for developing
Safety and Health Programs,
Work Plans, Health and Safety
Plans, and Emergency Response
Plans to address public
safety, as well as worker
safety; and
(3) Deriving hazard controls
based on the Safety and Health
Programs, the Work Plans, the
Health and Safety Plans, and
the Emergency Response Plans.
(6) A DOE environmental restoration (1) Using the method in DOE-STD-
activity that involves either work not 1120-98 or successor document,
done within a permanent structure or and
the decommissioning of a facility with (2) Using the provisions in 29
only low-level residual fixed CFR 1910.120 (or 29 CFR
radioactivity. 1926.65 for construction
activities) for developing a
Safety and Health Program and
a site-specific Health and
Safety Plan (including
elements for Emergency
Response Plans, conduct of
operations, training and
qualifications, and
maintenance management).
(7) A DOE nuclear explosive facility Developing its documented
and the nuclear explosive operations safety analysis in two pieces:
conducted therein. (1) A Safety Analysis Report
for the nuclear facility that
considers the generic nuclear
explosive operations and is
prepared in accordance with
DOE-STD-3009, Change Notice
No. 1, January 2000, or
successor document, and
(2) A Hazard Analysis Report
for the specific nuclear
explosive operations prepared
in accordance with DOE-STD-
3016-99, Hazards Analysis
Reports for Nuclear Explosive
Operations, February 1999, or
successor document.
(8) A DOE hazard category 3 nonreactor Using the methods in Chapters
nuclear facility. 2, 3, 4, and 5 of DOE-STD-
3009, Change Notice No. 1,
January 2000, or successor
document to address in a
simplified fashion:
(1) The basic description of
the facility/activity and its
operations, including safety
structures, systems, and
components;
(2) A qualitative hazards
analysis; and
(3) The hazard controls
(consisting primarily of
inventory limits and safety
management programs) and their
bases.
(9) Transportation activities.......... (1) Preparing a Safety Analysis
Report for Packaging in
accordance with DOE-O-460.1A,
Packaging and Transportation
Safety, October 2, 1996, or
successor document and
(2) Preparing a Transportation
Safety Document in accordance
with DOE-G-460.1-1,
Implementation Guide for Use
with DOE O 460.1A, Packaging
and Transportation Safety,
June 5, 1997, or successor
document.
(10) Transportation and onsite transfer (1) Preparing a Safety Analysis
of nuclear explosives, nuclear Report for Packaging in
components, Navel nuclear fuel accordance with DOE-O-461.1,
elements, Category I and Category II Packaging and Transportation
special nuclear materials, special of Materials of National
assemblies, and other materials of Security Interest, September
national security. 29, 2000, or successor
document and
(2) Preparing a Transportation
Safety Document in accordance
with DOE-M-461.1-1, Packaging
and Transfer of Materials of
National Security Interest
Manual, September 29, 2000, or
successor document.
------------------------------------------------------------------------
[[Page 539]]
5. Table 2 refers to specific types of nuclear facilities. These
references are not intended to constitute an exhaustive list of the
specific types of nuclear facilities. Part 830 defines nuclear facility
broadly to include all those facilities, activities, or operations that
involve, or will involve, radioactive and/or fissionable materials in
such form and quantity that a nuclear or a nuclear explosive hazard
potentially exists to the employees or the general public, and to
include any related area, structure, facility, or activity to the extent
necessary to ensure proper implementation of the requirements
established by Part 830. The only exceptions are those facilities
specifically excluded such as accelerators. Table 3 defines the specific
nuclear facilities referenced in Table 2 that are not defined in 10 CFR
830.3
Table 3
------------------------------------------------------------------------
For purposes of Table 2, * * * means * * *
------------------------------------------------------------------------
(1) Deactivation....................... The process of placing a
facility in a stable and known
condition, including the
removal of hazardous and
radioactive materials
(2) Decontamination.................... The removal or reduction of
residual radioactive and
hazardous materials by
mechanical, chemical, or other
techniques to achieve a stated
objective or end condition
(3) Decommissioning.................... Those actions taking place
after deactivation of a
nuclear facility to retire it
from service and includes
surveillance and maintenance,
decontamination, and/or
dismantlement.
(4) Environmental restoration The process by which
activities. contaminated sites and
facilities are identified and
characterized and by which
existing contamination is
contained, or removed and
disposed
(5) Generic nuclear explosive operation A characterization that
considers the collective
attributes (such as special
facility system requirements,
physical weapon
characteristics, or quantities
and chemical/physical forms of
hazardous materials) for all
projected nuclear explosive
operations to be conducted at
a facility
(6) Nuclear explosive facility......... A nuclear facility at which
nuclear operations and
activities involving a nuclear
explosive may be conducted
(7) Nuclear explosive operation........ Any activity involving a
nuclear explosive, including
activities in which main-
charge, high-explosive parts
and pits are collocated.
(8) Nuclear facility with a limited A nuclear facility for which
operational life. there is a short remaining
operational period before
ending the facility's mission
and initiating deactivation
and decommissioning and for
which there are no intended
additional missions other than
cleanup
(9) Specific nuclear explosive A specific nuclear explosive
operation. subjected to the stipulated
steps of an individual
operation, such as assembly or
disassembly
(10) Transition surveillance and Activities conducted when a
maintenance activities. facility is not operating or
during deactivation,
decontamination, and
decommissioning operations
when surveillance and
maintenance are the
predominant activities being
conducted at the facility.
These activities are necessary
for satisfactory containment
of hazardous materials and
protection of workers, the
public, and the environment.
These activities include
providing periodic
inspections, maintenance of
structures, systems, and
components, and actions to
prevent the alteration of
hazardous materials to an
unsafe state
------------------------------------------------------------------------
6. If construction begins after December 11, 2000, the contractor
responsible for the design and construction of a new DOE nuclear
facility or a major modification to an existing DOE nuclear facility
must prepare a preliminary documented safety analysis. A preliminary
documented safety analysis can ensure that substantial costs and time
are not wasted in constructing a nuclear facility that will not be
acceptable to DOE. If a contractor is required to prepare a preliminary
documented safety analysis, the contractor must obtain DOE approval of
the preliminary documented safety analysis prior to procuring materials
or components or beginning construction. DOE, however, may authorize the
contractor to perform limited procurement and construction activities
without approval of a preliminary documented safety analysis if DOE
determines that the activities are not detrimental to public health and
safety and are in the best interests of DOE. DOE Order 420.1, Facility
Safety, sets forth acceptable nuclear safety design criteria for use in
preparing a preliminary documented safety analysis. As a general matter,
DOE does not expect preliminary documented safety analyses to be needed
for activities that do not involve significant construction such as
environmental restoration activities, decontamination and
decommissioning activities, specific nuclear
[[Page 540]]
explosive operations, or transition surveillance and maintenance
activities.
G. Hazard Controls
1. Hazard controls are measures to eliminate, limit, or mitigate
hazards to workers, the public, or the environment. They include (1)
physical, design, structural, and engineering features; (2) safety
structures, systems, and components; (3) safety management programs; (4)
technical safety requirements; and (5) other controls necessary to
provide adequate protection from hazards.
2. The types and specific characteristics of the safety management
programs necessary for a DOE nuclear facility will be dependent on the
complexity and hazards associated with the nuclear facility and the work
being performed. In most cases, however, a contractor should consider
safety management programs covering topics such as quality assurance,
procedures, maintenance, personnel training, conduct of operations,
criticality safety, emergency preparedness, fire protection, waste
management, and radiation protection. In general, DOE Orders set forth
DOE's expectations concerning specific topics. For example, DOE Order
420.1 provides DOE's expectations with respect to fire protection and
criticality safety.
3. Safety structures, systems, and components require formal
definition of minimum acceptable performance in the documented safety
analysis. This is accomplished by first defining a safety function, then
describing the structure, systems, and components, placing functional
requirements on those portions of the structures, systems, and
components required for the safety function, and identifying performance
criteria that will ensure functional requirements are met. Technical
safety requirements are developed to ensure the operability of the
safety structures, systems, and components and define actions to be
taken if a safety structure, system, or component is not operable.
4. Technical safety requirements establish limits, controls, and
related actions necessary for the safe operation of a nuclear facility.
The exact form and contents of technical safety requirements will depend
on the circumstances of a particular nuclear facility as defined in the
documented safety analysis for the nuclear facility. As appropriate,
technical safety requirements may have sections on (1) safety limits,
(2) operating limits, (3) surveillance requirements, (4) administrative
controls, (5) use and application, and (6) design features. It may also
have an appendix on the bases for the limits and requirements. DOE Guide
423.X, Implementation Guide for Use in Developing Technical Safety
Requirements (TSRs) provides a complete description of what technical
safety requirements should contain and how they should be developed and
maintained.
5. DOE will examine and approve the technical safety requirements as
part of preparing the safety evaluation report and reviewing updates to
the safety basis. As with all hazard controls, technical safety
requirements must be kept current and reflect changes in the facility,
the work and the hazards as they are analyzed in the documented safety
analysis. In addition, DOE expects a contractor to maintain technical
safety requirements, and other hazard controls as appropriate, as
controlled documents with an authorized users list.
6. Table 4 sets forth DOE's expectations concerning acceptable
technical safety requirements.
Table 4
------------------------------------------------------------------------
As appropriate for a
particular DOE nuclear
facility, the section of the Will provide information on * * *
technical safety requirements
on * * *
------------------------------------------------------------------------
(1) Safety limits............ The limits on process variables
associated with those safety class
physical barriers, generally passive,
that are necessary for the intended
facility function and that are required
to guard against the uncontrolled
release of radioactive materials. The
safety limit section describes, as
precisely as possible, the parameters
being limited, states the limit in
measurable units (pressure, temperature,
flow, etc.), and indicates the
applicability of the limit. The safety
limit section also describes the actions
to be taken in the event that the safety
limit is exceeded. These actions should
first place the facility in the safe,
stable condition attainable, including
total shutdown (except where such action
might reduce the margin of safety) or
should verify that the facility already
is safe and stable and will remain so.
The technical safety requirement should
state that the contractor must obtain
DOE authorization to restart the nuclear
facility following a violation of a
safety limit. The safety limit section
also establishes the steps and time
limits to correct the out-of-
specification condition.
(2) Operating limits......... Those limits which are required to ensure
the safe operation of a nuclear
facility. The operating limits section
may include subsections on limiting
control settings and limiting conditions
for operation.
[[Page 541]]
(3) Limiting control settings The settings on safety systems that
control process variables to prevent
exceeding a safety limit. The limited
control settings section normally
contains the settings for automatic
alarms and for the automatic or
nonautomatic initiation of protective
actions related to those variables
associated with the function of safety
class structures, systems, or components
if the safety analysis shows that they
are relied upon to mitigate or prevent
an accident. The limited control
settings section also identifies the
protective actions to be taken at the
specific settings chosen in order to
correct a situation automatically or
manually such that the related safety
limit is not exceeded. Protective
actions may include maintaining the
variables within the requirements and
repairing the automatic device promptly
or shutting down the affected part of
the process and, if required, the entire
facility.
(4) Limiting conditions for The limits that represent the lowest
operations. functional capability or performance
level of safety structures, systems, and
components required to perform an
activity safely. The limiting conditions
for operation section describes, as
precisely as possible, the lowest
functional capability or performance
level of equipment required for
continued safe operation of the
facility. The limiting conditions for
operation section also states the action
to be taken to address a condition not
meeting the limiting conditions for
operation section. Normally this simply
provides for the adverse condition being
corrected in a certain time frame and
for further action if this is
impossible.
(5) Surveillance requirements Requirements relating to test,
calibration, or inspection to assure
that the necessary operability and
quality of safety structures, systems,
and components is maintained; that
facility operation is within safety
limits; and that limiting control
settings and limiting conditions for
operation are met. If a required
surveillance is not successfully
completed, the contractor is expected to
assume the systems or components
involved are inoperable and take the
actions defined by the technical safety
requirement until the systems or
components can be shown to be operable.
If, however, a required surveillance is
not performed within its required
frequency, the contractor is allowed to
perform the surveillance within 24 hours
or the original frequency, whichever is
smaller, and confirm operability.
(6) Administrative controls.. Organization and management, procedures,
recordkeeping, assessment, and reporting
necessary to ensure safe operation of a
facility consistent with the technical
safety requirement. In general, the
administrative controls section
addresses (1) the requirements
associated with administrative controls,
(including those for reporting
violations of the technical safety
requirement); (2) the staffing
requirements for facility positions
important to safe conduct of the
facility; and (3) the commitments to the
safety management programs identified in
the documented safety analysis as
necessary components of the safety basis
for the facility.
(7) Use and application The basic instructions for applying the
provisions. safety restrictions contained in a
technical safety requirement. The use
and application section includes
definitions of terms, operating modes,
logical connectors, completion times,
and frequency notations.
(8) Design features.......... Design features of the facility that, if
altered or modified, would have a
significant effect on safe operation.
(9) Bases appendix........... The reasons for the safety limits,
operating limits, and associated
surveillance requirements in the
technical safety requirements. The
statements for each limit or requirement
shows how the numeric value, the
condition, or the surveillance fulfills
the purpose derived from the safety
documentation. The primary purpose for
describing the basis of each limit or
requirement is to ensure that any future
changes to the limit or requirement is
done with full knowledge of the original
intent or purpose of the limit or
requirement.
------------------------------------------------------------------------
H. Unreviewed Safety Questions
1. The USQ process is an important tool to evaluate whether changes
affect the safety basis. A contractor must use the USQ process to ensure
that the safety basis for a DOE nuclear facility is not undermined by
changes in the facility, the work performed, the associated hazards, or
other factors that support the adequacy of the safety basis.
2. The USQ process permits a contractor to make physical and
procedural changes to a nuclear facility and to conduct tests and
experiments without prior approval, provided these changes do not cause
a USQ. The USQ process provides a contractor with the flexibility needed
to conduct day-to-day operations by requiring only those changes and
tests with a potential to impact the safety basis (and therefore the
safety of the nuclear facility) be approved by DOE. This allows DOE to
focus its review on those changes significant to safety. The USQ process
helps keep the safety basis current by ensuring appropriate review of
and response to situations that might adversely affect the safety basis.
[[Page 542]]
3. DOE Guide 424.X, Implementation Guide for Addressing Unreviewed
Safety Question (USQ) Requirements, provides DOE's expectations for a
USQ process. The contractor must obtain DOE approval of its procedure
used to implement the USQ process.
I. Functions and Responsibilities
1. The DOE Management Official for a DOE nuclear facility (that is,
the Assistant Secretary, the Assistant Administrator, or the Office
Director who is primarily responsible for the management of the
facility) has primary responsibility within DOE for ensuring that the
safety basis for the facility is adequate and complies with the safety
basis requirements of Part 830. The DOE Management Official is
responsible for ensuring the timely and proper (1) review of all safety
basis documents submitted to DOE and (2) preparation of a safety
evaluation report concerning the safety basis for a facility.
2. DOE will maintain a public list on the internet that provides the
status of the safety basis for each hazard category 1, 2, or 3 DOE
nuclear facility and, to the extent practicable, provides information on
how to obtain a copy of the safety basis and related documents for a
facility.