[Federal Register Volume 65, Number 52 (Thursday, March 16, 2000)]
[Notices]
[Pages 14255-14258]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-6571]


=======================================================================
-----------------------------------------------------------------------

DEFENSE NUCLEAR FACILITIES SAFETY BOARD

[Recommendation 2000-2]


Configuration Management, Vital Safety Systems

AGENCY: Defense Nuclear Facilities Safety Board.

ACTION: Notice, recommendation.

-----------------------------------------------------------------------

SUMMARY: The Defense Nuclear Facilities Safety Board has made a

[[Page 14256]]

recommendation to the Secretary of Energy pursuant to 42 U.S.C. 
2286a(a)(5) concerning configuration management, vital safety systems.

DATES: Comments, data, views, or arguments concerning this 
recommendation are due on or before April 17, 2000.

ADDRESSES: Send comments, data, views, or arguments concerning this 
recommendation to: Defense Nuclear Facilities Safety Board, 625 Indiana 
Avenue, NW, Suite 700, Washington, DC 20004-2901.

FOR FURTHER INFORMATION CONTACT: Kenneth M. Pusateri or Andrew L. 
Thibadeau at the address above or telephone (202) 694-7000.

    Dated: March 13, 2000.
John T. Conway,
Chairman.

Recommendation 2000-2

    The Defense Nuclear Facilities Safety Board (Board) continues a 
strong interest in safety systems and their effectiveness at defense 
nuclear facilities. These systems are at the heart of safety at the 
facilities. Department of Energy (DOE) Standards 3009 and 3016 provide 
guidance for the identification of safety systems and associated 
Technical Specifications as important elements of maintaining safety of 
facilities and operations. In addition, the implementation guide to DOE 
Order 420.1, Facility Safety, provides guidance on design and 
procurement of safety systems to attain and sustain reliability in 
performance.
    Most of the facilities of interest to the Board were constructed 
many years ago, and are undergoing the deterioration attached to aging. 
It is important that their protective features be maintained 
serviceable and effective. In the following, the Board recommends 
measures necessary to ensure reliable performance of the safety systems 
of both the older facilities and the ones that are relatively new, and 
in particular stresses the actions required to ensure viability of 
confinement ventilation systems. Confinement ventilation systems are 
relied on almost everywhere by DOE as the principal system to protect 
the public and collocated workers at its more hazardous facilities.

Previous Issuances by the Board on Safety Systems

    In May 1995, the Board issued DNFSB/TECH-5, Fundamentals for 
Understanding Standards-Based Safety Management of Department of Energy 
Defense Nuclear Facilities, which stressed the importance, among other 
things, of functions that preserve those structures, systems, and 
components that are relied upon to protect the public, workers, and the 
environment (e.g., configuration management, training, and 
maintenance). In October 1995, the Board issued DNFSB/TECH-6, Safety 
Management and Conduct of Operations at the Department of Energy's 
Defense Nuclear Facilities. The report underscored the importance of 
conduct of operations as the body of practice, or operational 
formality, that implements the Safety Management System for a defense 
nuclear facility. Operational formality includes ``Supervision by 
highly competent personnel who are knowledgeable as to the results of 
the safety analysis and operating limits for the facility or 
activity.'' Key aspects of facility Safety Management Systems discussed 
in these two reports are central to the issues addressed herein.
    In 1996, in response to Recommendation 95-2, Safety Management, DOE 
provided the Board a plan for upgrading safety management of its 
defense nuclear facilities. DOE Orders 5480.22, Technical Safety 
Requirements, and 5480.23, Nuclear Safety Analysis Reports, established 
requirements for identifying design features important to safety and 
the conditions/controls to ensure safe operation. DOE authorized its 
contractors to grade facilities by hazard category and to tailor the 
comprehensive safety assessments according to hazard potential and 
operational future. This upgrade effort has reaffirmed the important 
safety role played by confinement ventilation systems. (See enclosed 
Appendix B of DNFSB/TECH-26). In general, these systems have been 
designated as important to safety, making them subject to more 
stringent quality assurance, maintenance, surveillance, and 
configuration management programs in recognition of their safety 
functions. Commitments to such programs are typically made in the 
Authorization Agreements that capture the contractor-DOE agreed upon 
conditions for performing the work.

Issuances Concerning Confinement Ventilation Systems

    Some of the Board's analyses concerning safety systems focused on 
confinement ventilation systems in particular. In March 1995, the Board 
issued DNFSB/TECH-3, Overview of Ventilation Systems at Selected DOE 
Plutonium Processing and Handling Facilities, which addressed the 
design of confinement ventilation systems. In its June 15, 1995, letter 
forwarding that report, and in subsequent correspondence in July 1995, 
the Board requested that DOE evaluate the design, construction, 
operation, and maintenance of ventilation safety systems in terms of 
applicable DOE and industry standards.
    In a letter dated October 30, 1997, the Board pointed out the 
problem of wetting high efficiency particulate air (HEPA) filters 
during tests of fire sprinkler systems, and the need for complex-wide 
guidance from DOE concerning the relationship between maintaining 
filter integrity and fire fighting strategies. HEPA filters are key 
components of confinement ventilation systems. In its June 8, 1999, 
letter concerning HEPA filters installed in confinement ventilation 
systems, the Board requested a report outlining the steps DOE plans to 
take to resolve those issues. In recent weeks, individual Board members 
and the Board's staff have met informally with DOE representatives to 
resolve differences concerning DOE's proposed response to the Board's 
request.

Current Status of Ventilation Systems

    As a part of its continuing oversight of these vital safety 
systems, the Board's staff has recently completed a review of the 
operational data on confinement ventilation systems as reported in 
DOE's Operational Reporting and Processing System (ORPS). The data 
reviewed covered the period July 1998 to December 1999. An analysis of 
these data is documented in report DNFSB/TECH-26. This review indicates 
that the reliability of these systems, for reasons not readily evident, 
may not be adequate, given the vital safety function they serve.
    The operational data reveal deficiencies in areas of test and 
surveillance, quality assurance (replacement components), maintenance, 
configuration management, training and qualification, and conduct of 
operations. One can reasonably deduce from such observations that there 
exists no single entity assigned responsibility for the configuration 
and operational state of these systems as a whole.
    The Board recognizes that many confinement ventilation systems now 
require less air flow and permit more particulate loading than in 
original designs. This allows for more extended useful life than might 
otherwise be tolerable, particularly with adequate preventive care. 
However, the operational data suggest that less than optimum care is 
being given to these systems, considering their age.

[[Page 14257]]

Status of Safety Systems in General

    Many of DOE's nuclear facilities were constructed years ago and are 
approaching end-of-life status. Under these circumstances, some 
degradation of reliability and operability of systems designed to 
ensure safety can reasonably be expected. To some extent, the effects 
of aging can be offset by increased surveillance and maintenance. A 
point occurs, however, where costs for upkeep justify major upgrades or 
replacement, particularly where mission needs are projected well into 
the future. While a considerable number of high-hazard defense nuclear 
facilities have such long-term missions (greater than 10 years, for 
example), others undergoing phase-outs and decommissioning do not. Some 
facilities must continue to rely on operational safety systems, such as 
ventilation systems, to serve a safety function even after their 
operational mission has ended and well into the decommissioning 
process. Long-term or short-term, however, the performance required for 
safety must be ensured.
    It has been a long-standing practice in the nuclear business to 
designate a ``system engineer'' for each major system vital to 
successful operation of hazardous processes. Some DOE contractors have 
done so on occasions (e.g., the Defense Waste Processing Facility at 
the Savannah River Site), but this practice is not as prevalent as it 
should be. The Board believes that having specific individuals outside 
the operational forum, tasked with the configuration management (design 
and operational constraints) of systems designated as important to 
safety, would go a long way to ensuring the dependable service such 
systems must provide.

Recommendation

    Considerable upgrading of programs for ensuring reliable and 
effective performance of confinement ventilation systems has occurred 
during the years 1995-1999. However, the frequency and variety of off-
normal occurrences that continue to be reported clearly indicate that 
more attention to these vital systems is needed. Likewise, other 
systems serving equally vital safety functions might well benefit from 
similar attention. Towards such an end, the Board recommends that the 
Department of Energy:
    1. Establish a team, expert in confinement ventilation systems, to 
survey the operational records during the past 3 years and the current 
operational condition of all confinement ventilation systems now 
designated or that should be designated as important to safety in 
defense nuclear facilities (i.e., safety class, safety significant, 
defense-in-depth). In so doing:
    a. Assess the root cause or causes for less than satisfactory 
operational history of these systems and recommend an action plan to 
address the causes. In so doing evaluate such programs as may exist to 
ensure reliable system performance. These should include surveillance, 
maintenance (including quality assured inventory of replacement parts), 
configuration management (system descriptions, drawings and 
specifications), and requisite training and qualification of operators.
    b. Estimate the remaining system lifetime with and without 
refurbishing as a function of reliability; (e.g., 1 year--95%, 10 
years--50%) and recommend such upgrades or compensating measures as may 
be appropriate to ensure reliability, current or future, commensurate 
with the safety functions being served.
    2. Include key elements of the plan for addressing the HEPA filters 
issues identified in the Board's June 8, 1999, letter in any plan 
developed in response to this recommendation.
    3. Amend appropriate directives and associated contract 
requirements documents (e.g., DOE Order 430.1A, Life Cycle Asset 
Management, DOE Order 420.1, Facility Safety), to require for the 
confinement ventilation system and every other major system designated 
as important to safety:
    a. The development and maintenance of documentation that captures 
key design features, specifications, and operational constraints to 
facilitate configuration management throughout the life cycle.
    b. The designation of a ``system engineer'' during each facility 
life cycle--design, construction, operation and decommissioning with:
    (1) The requisite knowledge of the system safety design basis and 
operating limits from the safety analysis; and
    (2) The lead responsibility for the configuration management of the 
design.
    c. The education and training of successor ``system engineers'' as 
may be required because of contractor organizational changes, facility 
life cycle change, or other causes for reassignments.
    4. Task the Federal Technical Capability Panel established in 
response to Board Recommendation 93-3 to:
    a. Survey the availability and sufficiency of personnel in DOE with 
expertise in these vital safety systems.
    b. Recommend to DOE senior management such actions as may be 
appropriate to augment, redeploy or otherwise bring such expertise more 
effectively to bear in the life-cycle-management of vital safety 
systems.
    c. Add to DOE's technical staff qualification program the 
requisites for qualifying as subject matter experts for these vital 
systems.
    d. Develop descriptions of functions and responsibilities for 
inclusion in the Function and Responsibilities Authorities Manual for 
individuals serving as subject matter experts on vital safety systems.
    5. Make the scrutiny of the status of all systems serving to 
protect the public, workers and the environment a regularized part of 
the assessments performed as required by DOE P 450.5, Line Environment, 
Safety and Health Oversight. Include in such review the programs, such 
as quality assurance, maintenance, configuration management and conduct 
of operations, that contribute much to ensuring these systems will 
operate as intended.

John T. Conway,
Chairman.

Appendix--Transmittal Letter to the Secretary of Energy, Defense 
Nuclear Facilities Safety Board

                March 8, 2000

The Honorable Bill Richardson
Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585-1000

    Dear Secretary Richardson: Designs of the Department of Energy's 
(DOE's) high hazard defense nuclear facilities typically include 
systems whose reliable operation is vital to the protection of the 
public, workers and the environment. Operations are constrained by 
technical safety requirements and operational limits established by 
analyzing the hazards of the operations and the capability of design 
features to prevent or mitigate consequences of potential mishaps or 
operational disruptions caused by either man or natural phenomena. 
The availability and operability of such systems and the conditions 
specifying operational limits are included in the written agreements 
established by DOE with its contractors as conditions for 
authorizing performance of work.
    Ventilation systems installed in many defense nuclear facilities 
are among those that provide vital safety functions. Such systems 
contribute much to the safe environment for workers and serve a 
vital confinement function should work process upsets and mishaps 
result in airborne releases of hazardous materials.
    The Defense Nuclear Facilities Safety Board (Board) has advised 
DOE in various ways during the past several years of the need to 
increase attention to ventilation systems and of the steps we 
believe would lead to more certain performance of their important 
safety functions. Although DOE has responded to some extent, the 
upgrade

[[Page 14258]]

efforts to date have been less comprehensive and effective than the 
matter merits.
    The Board further believes that DOE's upgrades of ventilation 
systems could well serve as a model for implementing similar 
programs for other vital safety systems that may be needed in 
defense nuclear facilities.
    The Board believes this matter requires additional DOE 
attention. More explicitly, the Board recommends for your 
consideration an action plan structured to address the elements set 
forth in the enclosed Recommendation 2000-2, Configuration 
Management, Vital Safety Systems.
    The Board's recommendation is directed explicitly at systems for 
ensuring nuclear safety. This is in keeping with the Board's 
enabling legislation. However, the concepts advocated could be 
applied to good advantage to systems designed for safety management 
of hazardous material and processes of non-nuclear nature as well. 
In the spirit of Integrated Safety Management (ISM) to which DOE is 
committed, DOE is encouraged to do so.
    Recommendation 2000-2, Configuration Management, Vital Safety 
Systems, was unanimously approved by the Board, and is submitted to 
you pursuant to 42 U.S.C. Sec. 2286a(a)(5), which requires the 
Board, after receipt by you, to promptly make this recommendation 
available to the public. The Board believes the recommendation 
contains no information which is classified or otherwise restricted. 
To the extent this recommendation does not include information 
restricted by the Department of Energy under the Atomic Energy Act 
of 1954, 42 U.S.C. Secs. 2161-68, as amended, please arrange to have 
this recommendation promptly placed on file in your regional public 
reading rooms.
    The Board will publish this recommendation in the Federal 
Register.
          Sincerely,

John T. Conway,
Chairman.

[FR Doc. 00-6571 Filed 3-15-00; 8:45 am]
BILLING CODE 3670-01-P