ML090480018

From kanterella
Jump to navigation Jump to search
Public Comments Regarding the Safety Culture Policy Statement
ML090480018
Person / Time
Site: Davis Besse, Diablo Canyon, San Onofre  Southern California Edison icon.png
Issue date: 02/17/2009
From: Boyd J
State of CA, Energy Commission
To:
NRC/OE
Sapountzis A
References
Download: ML090480018 (46)
v  d  e


Text

1 Safety Culture Policy Statement (Safety & Security) Comments I.

Mr. James D. Boyd California Energy Commission Commissioner and Vice Chair State Liaison Officer to the U.S. Nuclear Regulatory Commission Introduction The State of California appreciates the opportunity to comment on the U.S. Nuclear Regulatory Commissions (NRC) development of a policy statement on safety culture and security culture and the opportunity to participate in the public workshop on February 3, 2009.1 One of the most important factors affecting plant safety is maintaining a robust safety culture at each plant. We strongly support NRCs efforts to enhance the safety culture and the safety conscious work environment at nuclear power plants.

NRCs efforts to improve the safety culture at nuclear power plants stem from NRCs direction, based on the Davis-Besse experience, to improve the NRC Reactor Oversight Process (ROP) to more fully address safety culture, ensure that inspectors are properly trained, and develop a process for determining the need for a specific safety culture evaluation of plants in a degraded cornerstone. Since the Davis-Besse event, NRC staff implemented several improvements to the ROP that relate to safety culture. In addition, NRC developed a web-based training program for inspectors and managers based on the Columbia Space Shuttle accident which demonstrated the importance of maintaining a questioning attitude toward safety and how shortcomings in an organizations safety culture can lead to technological failures.

California has two operating nuclear power plants - Diablo Canyon and the San Onofre Nuclear Generating Station (SONGS) -- which account for 12% of the states electricity generation. Their safe and reliable operation is an ongoing concern for California. Our comments below on the proposed safety culture policy statement are based, in part, upon two major reports on these plants which the California Energy Commission completed in 2008.2 These reports, as required by California Assembly Bill 1632, assessed the potential vulnerability of Diablo Canyon and San Onofre to a major disruption due to a seismic event or plant aging and assessed the impacts of such a disruption on system reliability, public safety, and the economy. These reports included an examination of the safety culture programs at Diablo Canyon and San Onofre, as well as at Palo Verde.

1 NRC defines safety culture as the assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear plant safety issues receive the attention warranted by their significance.

2 An Assessment of Californias Nuclear Power Plants: AB 1632 Report, November 2008, CEC-100-2008-009-CMF, California Energy Commission and AB 1632 Assessment of Californias Operating Nuclear Plants: Final Consultant Report, October 2008, CEC-100-2008-005-F, California Energy Commission.

2

GENERAL COMMENT

S

1. Although NRC has taken a proactive approach to improve its Reactor Oversight Process (ROP), improvements are still needed in assessing the safety culture and address shortcomings at nuclear power plants.

NRC has improved its Reactor Oversight Process (ROP), which began in 2000, although continued efforts are needed to address shortcomings, particularly improving NRCs ability to identify and address early indications of declining plant safety performance.3 NRC has undertaken a major initiative to improve its ability to address the safety culture at nuclear power plants. NRC has increased its focus on crosscutting safety issues -

issues that comprise many of the elements of safety cultureand has developed new requirements under the ROP to more directly assess safety culture at poorer performing plants. The Davis-Besse incident in 2002 (the unexpected discovery of a football-sized hole due to corrosion in the reactor vessel head) represents a significant breakdown in safety standards at all levels and exposed a failure by the NRC to assure that plants are operated safely. Just before the discovery of the damaged reactor-vessel head, the Davis-Besse plant received the highest ratings possible in the NRC ROP, with green ratings in all 17 performance indicators. After reviewing the Davis-Besse incident, the NRC Inspector General found that:

The fact that (the licensee) sought and the [NRC] staff allowed Davis-Besse to operate past December 31, 2001, without performing these inspections was driven in large part by the desire to lessen the financial impact on (the licensee) that would result in an early shutdown.4 NRC conducted a lessons learned review of the Davis-Besse event and published a report with recommendations and action plans including substantive changes to the ROP and NRCs internal procedures. However, the Keystone Centers Nuclear Power Joint Fact-Finding Report in June 2007 concluded that some members of their Project Team maintained that these lessons learned have not addressed a fundamental weakness in the regulatory process itself regarding the inclination of some NRC staff and Commissioners to favor the financial interests of the nuclear power industry, sometimes at the expense of public health and safety.

In addition, the NRC uses an approach that involves cross-cutting issues that may be hidden in a complex array of the plant performance indicators. The concern is that NRC requires a determination of substantive cross-cutting issues to trigger special NRC enhanced safety culture investigations. However, there may be a single Davis-Besse-type phenomenon occurring at a plant that does not lend itself to being identified as a substantive cross-cutting issue.

The NRC should develop clear expectations for an adequate safety culture at nuclear power plants. These NRC expectations should be supported by a strong enforcement and/or incentive program to help ensure that these expectations are being met.

3 U.S. Government Accountability Office, Oversight of Nuclear Power Plant Safety Has Improved, but Refinements Are Needed, September 2006, GAO-06-1029, p. 5.

4 NRC Inspector General, NRCs Regulation of Davis Besse Regarding Damage to the Reactor Vessel Head. Dec. 30, 2002. P. 23.

3 Similarly, we believe that it is essential that NRC continue to evaluate the adequacy of a safety conscious work environment at plants.5 The nuclear industry has proposed that sites conduct safety culture self-assessments every two years. However, we believe that safety culture assessments should be conducted at more frequent intervals than every two years. If a Davis-Besse-type phenomenon is developing at a plant that could compromise plant safety, routine and frequent assessments are necessary in order to avoid a more serious problem that might jeopardize plant safety.

2. NRCs pro-active safety culture assessment at nuclear power plants should not be eliminated.

During the public workshop on February 3, 2009, the nuclear industry and Southern California Edison proposed relying upon plant self-assessment and eliminating NRCs pro-active safety culture assessments at nuclear power plants. However, the Davis-Besse discovery in 2002, the guards found sleeping while on duty at the Peach Bottom plant in 2007, safety culture problems at plants including Palo Verde and San Onofre, and the control room operators found sleeping at the Peach Bottom plant in 1987 highlight the importance of a strong independent safety culture oversight program rather than relying on plant self-assessments.

The experience at Palo Verde indicates that safety culture issues can be very far reaching and difficult to address. The Energy Commissions 2008 report concluded that self assessment at Palo Verde was insufficient to correct safety culture issues, and that problems have persisted there for years after they were originally identified in 2004. It is not clear how effective Arizona Public Services safety culture action plan will be at correcting the safety culture problems at Palo Verde and the Arizona Corporation Commission expects Palo Verde to remain in the Multiple/Repetitive Degraded Cornerstone category for years to come. Self assessment in some plants may be insufficient to proactively identify problems and deal with lapses in safety culture before a serious safety problem develops.

Therefore, we conclude that NRCs pro-active safety culture assessment at nuclear power plants should not be eliminated. Although we support industrys attempts to improve the self assessment process at plants, we do not agree that a self-assessment process should replace the parallel NRC process for safety culture assessments or result in NRC not performing proactive safety culture assessments. Instead, the industry self-assessment process should complement NRC oversight.

5 NRC defines a Safety Conscious Work Environment and an environment in which employees are encouraged to raise safety concerns, are free to raise concerns both to their own management and to the NRC without fear of retaliation, where concerns are promptly reviewed, given the proper priority, and appropriately resolved, and timely feedback is provided to those raising concerns.

4

3. NRC should continue to strengthen oversight and assessment of the adequacy of the safety culture and safety conscious work environment at reactors.

As reported in the Keystone Centers Nuclear Power Joint Fact-Finding Report, while there is agreement that a strong safety culture is necessary to ensure the protection of public health and safety, not all believe that it is strong enough at all the U.S. nuclear plants.6 There is some concern that there are outlier plants that lack a strong safety culture. Davis-Besse is cited as the example of safety culture problems due primarily to organizational and leadership issues. Much of NRCs focus is on identifying plants with poorer scores in the ROP. NRCs response is to increase the amount of inspection and evaluation (increase above the base level of 2,000 inspection hours each year) at those plants with poorer scores.

The Keystone Report concluded that there is a high degree of disagreement as to how appropriately and effectively the NRC has responded to safety issues. Although there was broad agreement as to the capability and dedication of the NRC working-level staff, there was no such agreement regarding the Commission and the senior management staff. While some of the Keystone Report Project Team believed that most Commissioners, responding in part to Congressional oversight, have emphasized industry economic and promotional interests inappropriately in relation to public protection, others believed that the NRC has made significant strides in balancing the public interest in nuclear safety with the operational interests of the industry.7

4. NRC should continue to strengthen its oversight of the safety culture and safety conscious work environment at California nuclear power plants.

Although Diablo Canyon Nuclear Power Plant has not received any significant enforcement actions from the NRC since 1995, there has been an increase in safety allegations regarding Diablo Canyon. For example, the San Luis Obispo Mothers for Peace (MFP) filed an allegation in April 2008 saying that it had received information from Diablo Canyon employees reporting that workers perceive a high likelihood of managerial retaliation if they raise safety concerns. In addition, MFP alleged that workers have lost trust in the Employee Concerns group and that PG&E has skirted qualifications requirements in hiring new supervisors and managers. In December 2008, PG&E employees picketed at Diablo Canyon to call attention to what they claim are unsafe working conditions.

NRC over the past decade has issued several enforcement actions and notices of violations for operations at the San Onofre Nuclear Power Plant. Among the findings, the NRC identified crosscutting aspects of human performance, problem identification and resolution, and work practices as safety culture issues. As a result of several incidents and violations at San Onofre, there has been increasing concern about an underlying 6 Keystone Center, Nuclear Power Joint Fact-Finding Report, 2007.

7 Examples provided in the Keystone Report of the NRC inappropriately emphasizing industry economics and promotional interest over public health included the NRC assessment of its own safety culture in 2002 which found that slightly more than half of its employees feel that it was safe to speak up in the NRC, an improvement from a similar survey done four years earlier. Also, former Senator Pete Domenici in his book claimed that by threatening to cut its budget by one-third during a 1998 meeting with the then NRC chair, he successfully persuaded the NRC to make changes to its regulatory approach which some consider weakened NRC safety oversight. In addition, Davis - Besse received the top rating in all 18 categories of NRCs performance owner/operator rating system just before it was discovered to have a hole in the pressure vessel head.

5 problem with safety culture at SONGS. Both NRC and the Energy Commission have expressed concern to SCE regarding reports of lapses in the safety culture. In January 2008, the NRC ordered SCE to undertake a series of tasks to improve SONGS safety culture.

In September 2008, the NRC noted new instances of employees not being provided with adequate procedures or work instructions and of corrective action programs failing to address the root causes of problems. Concerned with the persistence of these problems, the NRC requested that SCE address these safety culture issues at a public meeting with the NRC.

NRC should continue to strengthen its oversight in reviewing the safety culture and the safety conscious work environment at Californias nuclear power plants. This oversight should include continued NRC review and assessment of plant worker safety allegations.

5. NRC oversight of security measures at commercial nuclear power plants may need improvement.

The Government Accountability Office has posed questions about the NRCs oversight of security measures at commercial nuclear power plants. GAO found that NRC inspectors often used a process involving non-cited violations that may have minimized licensee attention to security problems.8 Also, NRC has no routine, centralized process for collecting, analyzing, and disseminating security-inspection findings that may be common to other plants. GAO noted potential issues in NRC security inspections; for example, a lapse in the protection of information about the planned scenario for a mock attack may have given the plants security officers knowledge that allowed them to perform better than they otherwise would have.9 NRC Commissioner Gregory Jaczko noted his concern that NRC has not yet completed a rulemaking to add new security requirements for nuclear power plants.10 We concur that it is important that this rulemaking be completed to strengthen security requirements for currently operating reactors and new reactors.

6. Safety culture assessments should be a major component of plant license renewal reviews and evaluations.

NRC plant license renewal reviews currently emphasize the hardware and equipment of a plant and whether plant components, that are subject to age-related degradation, can continue to operate safely for an additional 20 years with license extension. We believe that the safety culture at a plant, the safety conscious work environment, and the adequacy of plant maintenance programs are also critical to the safe and reliable operation of a plant for an additional 20 years. Therefore, an evaluation of the adequacy of a plants safety culture and safety conscious work environment should be included in license renewal reviews.

8 See Nuclear Regulatory Commission: Oversight of Nuclear Power Plant Safety Has Improved, But Refinements are Needed. September 2006. GAO-06-1029.

9 http://www.gao.gov/new.items/d06388.pdf 10 Testimony before the Senate Committee on Environment and Public Works, Subcommittee on Clean Air and Nuclear Safety, February 28, 2008.

6 In its 2008 Integrated Energy Policy Report, the Energy Commission recommended that the California utilities license renewal feasibility studies for the California Public Utilities Commission should address the adequacy of the plants maintenance programs and safety cultures.11 In addition, in light of the critical importance of the safety culture at nuclear power plants to help ensure their safe and reliable operation, the Energy Commission has asked the utilities to report to the Energy Commission on their safety culture programs as part of the Energy Commissions 2009 Integrated Energy Report process.

ANSWERS TO SPECIFIC QUESTIONS

1. How should the Commission communicate a common understanding of the components of safety/security culture?

The NRC should provide clear guidelines and expectations for the safety/security culture at nuclear power plants and for safety/security culture assessments. The Resident Inspector, to the extent these guidelines provide more detail than current inspector guidelines, should include them as a component of his/her inspections and oversight at the plant. The plant owner/operator should be required to follow these guidelines and meet NRCs safety culture and security culture expectations.

2. Should there be new regulatory requirements specifically addressing safety culture?

If so, please explain. Or, how should safety culture insights to be used, e.g., to inform regulatory response to findings or violations within existing requirements?

Yes. The NRC should clearly describe in new regulatory requirements its safety culture and safety conscious work environment expectations for power plants and explain how a plants performance in meeting these expectations will be evaluated and enforced.

In addition, new regulatory requirements should address nuclear plant license renewal reviews. NRC should require a thorough evaluation of a plants safety culture and safety conscious work environment during plant license renewal reviews. Currently plant license reviews focus on plant hardware and equipment and age-related plant component degradation. However, the adequacy of a plants safety culture is also a significant factor in determining whether a plant can safely operate an additional 20 years.

3. Given the range of NRC licensees and certificate holders, how can the Commission best communicate its expectations regarding the scope of programs and processes to address safety/culture in a manner that appropriately considers the different licensee and certificate holders environment?

Similar to NRCs post-9/11 security directives that were issued by each general licensee category, NRC might consider issuing enhanced safety culture and security culture expectations and directives to each major licensee category.

11 California Energy Commission 2008, 2008 Integrated Energy Policy Report Update,, CEC-100-2009-008-

CNF,

7

4. In the following situations the NRC may/or will request a licensee to perform a safety culture assessment (licensee self-assessment, independent assessment, or a third-party assessment):
a. The same substantive cross-cutting issue had been identified in three consecutive assessment letters (generated from assessments conducted at 6 month intervals);
b. A 95002 inspection (inspection for One Degraded Cornerstone or Any Three White Inputs in a Strategic Performance Area) that confirmed the licensee had not identified a safety culture component that either caused or significantly contributed to the risk-significant performance issue that resulted in the supplemental inspection.
c. A plant enters Column 4 of the Action Matrix.

Under what other situations should the NRC consider requesting that a licensee perform a safety culture assessment?

NRC should require safety culture assessments as part of license renewal applications and evaluations.

5. What additional safety culture related ROP changes could help the NRC to improve the focus of NRC and licensee attention on site safety culture issues?

NRC should include in the ROP specific safety culture and security culture directives and expectations for nuclear power plants including how periodic reviews will be performed and how these expectations will be encouraged through incentives and/or penalties.

8 II.

Mr. Ronald Teed Director - Fleet Nuclear Security Constellation Energy Safety Culture Policy Statement Stakeholder Workshop Proposed Questions for Safety/Security Issue Key question:

Should NRC combine its expectations in the policy statement for safety culture and security culture or should NRC keep its expectations separate?

a. The policy statement for safety culture should be a single statement that addresses safety culture expectations for all personnel with unescorted access to a nuclear power station. Security should not be addressed separately within that single statement. Security forces are in most cases fully integrated into the plant processes, procedures, and expectations for safe operation and protection of public health and safety. Significant progress has been made in recent years to ensure security personnel have the same expectations regarding a nuclear safety culture that other plant workers involved in safety related activities have.

They have the same processes available to report nuclear safety issues or concerns. These expectations and processes are routinely reinforced through training and refresher materials. To address security in a separate policy or within a single policy may only provide negative reinforcement that security is held to a different standard and current proven processes are not sufficient. This would be an undesirable outcome.

Sub-questions:

1. Within organizations, one can think about safety and security in different ways. For example, safety may take precedence over security, security may take precedence over safety, or both may be treated equally. Different types of licensees, certificate holders and organizations have a variety of experiences and perspectives. How does your organization view the relationship or hierarchy between safety and security functions and decision making?
a. Safety and security work together to provide protection of public health and safety. NRC regulations require integration to ensure they both remain effective across a wide range of normal and contingency events. Security works closely with station operations and ultimate authority and responsibility is given to the Operations Shift Manager to assure that both disciplines work together to assure nuclear safety is maintained during a contingency event. This is another reason to ensure that security is fully integrated into plant processes as they provide a uniform and controlled mechanism to maintain nuclear safety.
2. While efforts to maintain safety and security have the same common goal of protecting public health and safety, there can be distinct differences in the approach used to achieve that goal and that may have competing outcomes. One example is how information is shared to mitigate risks, where increased sharing of information may contribute to maintaining safety, but presents increased security risks. What are other examples where efforts to maintain safety and security require different

9 approaches or result in competing outcomes that need to be addressed to achieve the desired outcome or goal?

a. Meeting nuclear safety objectives and assuring security measures are maintained is not particularly difficult to manage. As the first sentence in this question states, they have the same common goal. The key is to integrate and manage processes as outlined in the answer to question #.1. Leaders at the stations recognize the importance of security in the safe operation of their plants and expectations are established that all plant disciplines work with security to assure work is well planned and executed without compromising security objectives. Similarly, security activities are planned and executed in a manner that doesnt compromise the ability to conduct work and maintain nuclear safety.

All personnel are expected to have a security culture as well as a safety culture.

3. When resolving differences or conflicts while seeking to maintain safety and security such as when managing risk, sharing information, planning work, correcting problems, etc. and where changes or actions that are taken to address either a safety issue or a security issue could have an adverse effect on the other (i.e.,

security or safety, respectively); what challenges does your organization face?

a. When issues arise that have the potential to negatively impact on either discipline, they are entered into the stations corrective action system for resolution and to prevent recurrence. Although the corrective action program is the preferred, and in most cases the most effective, means to resolve potential conflicts, a variety of avenues are available to any individual that may wish to identify a issue or concern. Some of these include reporting the issue to their supervisor, reporting the issue to operations or plant leaders, utilizing the employee concerns program, and reporting the issue to NRC. If the individual raising the concern would prefer anonymity, several of these processes can accommodate it.
4. What challenges or complexities arise when licensees and certificate holders work with contractors and vendors where the organizations either take different approaches to resolving conflicting outcomes when they seek to maintain safety and security or the organizations may balance the conflicting outcomes of efforts to maintain safety and security differently?
a. The licensee is ultimately responsible for the safe and secure operation of the plant. Licensees are responsible to establish and enforce expectations related to nuclear safety and security. Contracts are established that contain these expectations and training and licensee oversight, is provided to assure that contractors and vendors meet station expectations. Oversight of contractors is provided by observation of work by licensee supervisors, QA surveillance, management observation tours, behavior observation programs, and security observations, among other methods. Contractors and vendors have access to processes and programs provided by the licensee or have equivalent processes to promote a nuclear safety culture. Issues are entered into the station corrective action program or reported through the other processes previously discussed.

10

5. What practices have been used to effectively address the conflicts to achieve the desired outcomes or goals?
a. Use of the corrective action program, reporting an issue to a supervisor, reporting an issue to operations or plant leaders, utilizing the employee concerns program, and reporting the issue to NRC have all been successfully used to resolve issues and achieve desired outcomes. All of these processes are provided to individuals in training and periodically reinforced through refresher information and recurring training. Health of the programs is monitored by station management through surveys and audits.
6. Given that there are several ways to think about safety culture and security culture within organizations, the NRC wishes to express a policy in a way that best furthers its goals of protecting the public and environment and ensuring the secure use and management of radioactive materials. If the above issues are viewed in terms of safety culture and security culture implementation, what benefits or challenges would licensees, certificate holders, Agreement States, or others foresee with a single policy statement? Two separate policy statements?
a. See the answer to the key question.
7. How can the NRC best express a policy that gives appropriate weight to safety culture and security culture across the range of licensees and certificate holders?

Given the diversity among the licensees and certificate holders regulated by the NRC and the Agreement States, how should the policy statement address any differences in emphasis on safety and security at the different types of licensees and certificate holders?

a. Diversity among licensees and certificate holders should not result in differing standards when it comes to maintaining a nuclear safety and security culture that protects the health and safety of the public. The policy should be written at a level that allows licensees to choose differing approaches to achieve the same objectives. Different approaches may be required for organizations of different sizes, management structures, regulatory requirements, site configurations, etc.

However, the overarching objective of maintaining a strong safety and security culture can be met regardless of these differences if the policy is constructed in a manner that sets clear expectations for maintaining processes and procedures that promote a healthy nuclear safety culture, but does not prescribe methodology.

11 III.

Mr. Jim Lieberman Regulatory and Nuclear Consultant I have reviewed the draft proposed Safety Culture Components. Thinking back on my more than twenty years of involvement in NRC inspection findings and enforcement actions between 1977 to 1999, many of the root causes of the findings can be traced back to aspects of the proposed safety culture components that were not met. In my view it is an excellent document. However, I would modify:

1) PIE to add the need for employees to be aware of and understand the processes for problem identification and that they be used.

PIE1 - (low threshold/wide scope) Problem identification processes (e.g., raising issues to management, the corrective action program - CAP, self-and independent assessments, oversight groups, any alternative processes for raising concerns) are understood and used by employees, and have a low threshold and wide scope for identifying issues. Personnel identify issues promptly, completely and accurately, including fitness-for-duty, radiological, industrial, or chemical safety concerns, and nuclear safety and security issues.

1) PR to add a provision addressing the tracking of concerns so that employees can know what is happening to concerns that are raised.

PR1 - (timeliness) The licensee implements actions, in a timely manner, to address safety/security issues and adverse trends (both of which may be identified from any source, such as the CAP, reviews of internal lessons learned and lessons learned by others, self-and independent assessments, input from oversight groups, or alternative processes for raising safety and security concerns and resolving differing professional opinions), commensurate with their significance and complexity.

Concerns are tracked from initiation to closure in a way that employees can monitor the companys treatment of their concerns.

I do not believe that there should be a general regulatory requirement for safety culture.

However, maintaining a robust safety culture is fundamental to successful operation and good regulatory compliance. A policy statement is warranted similar to the 1996 policy statement on safety conscious work environment. Since the root cause for many violations can be related to aspects of failure to consistently achieve a proper site wide safety culture, NRC should be monitoring licensees safety cultures. I recommend that NRC do this by documenting in inspection reports attributes of lack of a safety culture that appear to be root causes of violations. The standard letter should be asking licensees to address NRC findings as part of the response to the NOV pursuant to section 182 of the AEA. This would provide for a process to track NRC perspectives on the sites safety culture and provide a mechanism for the licensee to dispute the NRC findings if warranted.

While I do not support a general requirement for a safety culture, NRC does have the authority to order a licensee to adopt a program to improve its safety culture if based on sufficient violations with root causes that demonstrate the lack of a safety culture. NRC in the past has issued orders to licensees to address performance issues by requiring

12 actions tailored to the issues at the particular sites and should continue to do so when needed.

I would treat safety and security together. Licensees employees involved in safety are diverse. Engineers, operators, mechanics, HPs, EPs, etc. Security staffs are just another group of employees.

13 IV.

Mr. Robert Lommler Radiation Safety Officer Illinois Emergency Management Agency Topic 1 Comment When I was in the military the combination of safety and security cultures was called surety. At various times I was part of the Chemical Weapons and Nuclear Weapons Surety Programs. The way expectations were addressed was a goal system.

Expectation is a term a lawyer uses and not the people who deal with the day-to-day safe and secure use of radioactive material. Culture is a way of life. Creating an organization work environment that keeps people focused on safety and security is difficult in a recession where there is no assurance a job or company will exist the next day. Life is uncertain in this environment. The confidence to freely express safety and security concerns with the assurance of no adverse personnel action occurring is strongly lacking everywhere.

Under such conditions and with its definite lack of experience, the NRC should concentrate on defining safety and security policies separately. Obvious conflicts should be avoided between the statements. A method of resolving conflicts in these policies found by licensees should be implemented and allow resolution at the lowest possible level, such as the Agreement State.

Topic 2 Comment Sending an email with only a few days to comment definitely shows licensees that it is business as usual at the NRC. The NRC has increased our attention for all the wrong reasons by such an action. It demonstrates a lack of an overall safety and security culture at the NRC. Everything is in its own compartment based on materials use.

Having regional meetings with materials licensees and other stakeholders would have indicated a more serious concern. The previous meetings appear to only address fuel-cycle licensees at fuel-cycle meetings and not the bulk of the radioactive materials licensees that need addressed at this time.

Topic 3 Comment I can only comment that the safety culture, at whatever location, should be part of a continuous improvement process.

14 V.

Mr. Thomas C. Houghton Nuclear Energy Institute Director, Strategic Regulatory Programs Nuclear Generation Division On behalf of the nuclear industry, the Nuclear Energy Institute (NEI)1 offers the following comments in response to the January 23, 2009 Federal Register Notice (FRN) (4260 volume 74) regarding the development of an NRC Safety Culture Policy Statement. The industry appreciated the opportunity to participate with other stakeholders in the public meeting held February 3, 2009. This letter provides our response to the three key questions posed in the FRN, and enclosure (1) has more detailed comments, including our perspective on the revised safety culture components.

1. Should NRC combine its expectations in the policy statement for safety culture and security culture or should NRC keep its expectations separate?

The NRC should issue one policy statement on safety culture that incorporates expectations for security for all personnel with unescorted access to a nuclear power station. Industry efforts are underway to better integrate security officers into the plant processes, procedures and expectations for safe operation, and protection of public health, safety, and common defense and security. Significant progress has been made in recent years to ensure security personnel have the same expectations regarding a nuclear safety culture that other plant workers involved in safety-related activities have.

They have the same processes available to report nuclear safety issues or concerns.

These expectations and processes are routinely reinforced through training and refresher materials. To address security in a separate policy statement may only provide negative reinforcement that security is held to a different standard and current proven processes are not sufficient. This would be an undesirable outcome.

2. How should NRC increase attention by licensees and certificate holders to safety culture in the materials area?

In the area of fuel-cycle and byproduct materials licensees, we offer the following specific points. First, consistent with the position of the commercial nuclear power industry, there is general consensus among materials licensees that a single policy statement be drafted to address both safety and security. The policy should clearly state the Commissions expectation that licensees and certificate holders ensure that an appropriate safety culture, that includes a security culture component, exists at each facility. This approach would reflect the fact that safety programs in place today are comprised of several components, e.g., radiation protection, chemical safety, security, etc. Second, the policy should recognize and allow for a graded approach to facility safety and security culture based on the relative risks of the authorized materials and activities. For example, the sophistication, formality and level of detail in an effective safety culture program at a uranium enrichment plant would far exceed the program at a 1 NEI is the organization responsible for establishing unified industry policy on matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEI's members include all entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect/engineering firms, fuel fabrication facilities, nuclear materials licensees, and other organizations and entities involved in the nuclear energy industry.

15 facility that manufacturers tritium exit signs. Third, more coordination with the Agreement States and the wide variety of fuel-cycle and byproduct materials licensees is needed prior to finalizing and implementing a policy statement. The purpose of such coordination would be to gain additional insights on existing safety and security cultures to better define and articulate the agencys specific goals and expectations regarding enhancements to the current safety and security culture at regulated facilities.

3. Does safety culture as applied to reactors need to be strengthened?

The nuclear power industry believes that a strong nuclear safety culture is an essential element in the safe and reliable production of electricity and that leadership at each site is the appropriate body to take responsibility for setting and implementing expectations for nuclear safety culture. The industry employs the INPO Principles for a Strong Nuclear Safety Culture to provide a common language for all employees to understand their responsibilities and the importance of effective processes and procedures in assuring nuclear safety. The industry also believes that it is the responsibility of the NRC to oversee the licensees safe operation of the stations and adherence to regulations. The current NRC approach to safety culture is too limited in that it only looks at a limited set of data (10-15 findings that occur at a plant over a year) and makes subjective judgments on this very limited set of data every six months. This approach is backward-looking and distracts industry and NRC management from their appropriate roles of direct responsibility for nuclear safety culture and oversight of industry, respectively. The industry has proposed an alternative approach which will strengthen nuclear safety culture. This approach was discussed at the public meeting and is described in enclosure (2) to this letter. The industry alternative uses all the data that is available (inspection results, culture surveys/assessments, employee concerns, industry evaluations, quality assurance audits, self assessments, operating experience, performance trends, etc.) to the site leadership team to provide a holistic and integrated look at nuclear safety culture and to act in a timely manner to correct weaknesses. The NRCs appropriate regulatory footprint will remain its baseline and supplemental inspection program, with, we believe, an enhanced Problem Identification and Resolution inspection procedure which will look at the effectiveness of the nuclear safety culture program. We recommend that the NRC staff work with the industry to transition from the NRCs current approach to the industry proposed alternative, an effort which will include a pilot program. In addition, we believe that the NRC and industry should be using a common language to describe the elements of nuclear safety culture. We recommend that the NRC safety policy statement support both of these efforts.

Enclosure (1) Comments:

Topic 1: Should NRC combine its expectations in the policy statement for safety culture and security culture or should NRC keep its expectations separate?

The policy statement for safety culture should be a single statement that addresses safety culture expectations for all personnel with unescorted access to a nuclear power station. Security should not be addressed separately within that single statement.

Security forces are in most cases fully integrated into the plant processes, procedures, and expectations for safe operation and protection of public health and safety.

Significant progress has been made in recent years to ensure security personnel have the same expectations regarding a nuclear safety culture that other plant workers

16 involved in safety related activities have. They have the same processes available to report nuclear safety issues or concerns. These expectations and processes are routinely reinforced through training and refresher materials. To address security in a separate policy or within a single policy may only provide negative reinforcement that security is held to a different standard and current proven processes are not sufficient.

This would be an undesirable outcome.

1. Within organizations, one can think about safety and security in different ways.

For example, safety may take precedence over security, security may take precedence over safety, or both may be treated equally. Different types of licensees, certificate holders and organizations have a variety of experiences and perspectives. How does your organization view the relationship or hierarchy between safety and security functions and decision making?

The safety and security organizations work together to provide protection of public health and safety. NRC regulations require integration to ensure they both remain effective across a wide range of normal and contingency events. Security works closely with station operations and ultimate authority and responsibility is given to the Operations Shift Manager to assure that both disciplines work together to assure nuclear safety is maintained during a contingency event. This is another reason to ensure that security is fully integrated into plant processes as they provide a uniform and controlled mechanism to maintain nuclear safety.

2. While efforts to maintain safety and security have the same common goal of protecting public health and safety, there can be distinct differences in the approach used to achieve that goal and that may have competing outcomes.

One example is how information is shared to mitigate risks, where increased sharing of information may contribute to maintaining safety, but presents increased security risks. What are other examples where efforts to maintain safety and security require different approaches or result in competing outcomes that need to be addressed to achieve the desired outcome or goal?

Meeting nuclear safety objectives and assuring security measures are maintained is not particularly difficult to manage. As the first sentence in this question states, they have the same common goal. The key is to integrate and manage processes as outlined in the answer to question 1. Leaders at the stations recognize the importance of security in the safe operation of their plants and expectations are established that all plant disciplines work with security to assure work is well planned and executed without compromising security objectives. Similarly, security activities are planned and executed in a manner that doesnt compromise the ability to conduct work and maintain nuclear safety.

The NRC has a Draft Regulatory Guide DG-5021, Managing the Safety/Security Interface. This document is expected to be issued final in April 2009. The approaches and examples described in this guidance provide a method of compliance for the interface between safety and security. Each licensee is responsible for balancing the needs of both safety and security to ensure that it can and will meet all program goals, requirements, and procedures. The guidance in this regulatory guide is intended to facilitate the effective interface between safety and security to ensure that a licensee can implement changes to its safety and security

17 programs without adversely affecting its other site programs and its ability to satisfy NRC regulations.

The intended purpose of establishing the effective interface between safety and security is to ensure that the respective staffs coordinate and assess planned and emergent safety-or security-related changes and activities at the facility to identify potential adverse effects on safety and security measures before implementation of the proposed changes or activities.

Licensees of operating power reactors currently have management controls or processes for reviewing, assessing, and managing plant activities or changes to provide continued assurance of adequate safety and security.

3. When resolving differences or conflicts while seeking to maintain safety and security such as when managing risk, sharing information, planning work, correcting problems, etc. and where changes or actions that are taken to address either a safety issue or a security issue could have an adverse effect on the other (i.e., security or safety, respectively); what challenges does your organization face?

When issues arise that have the potential to negatively impact on either discipline, they are entered into the stations corrective action system for resolution and to prevent recurrence. Although the corrective action program is the preferred, and in most cases the most effective, means to resolve potential conflicts, a variety of avenues are available to any individual that may wish to identify a issue or concern.

Some of these include reporting the issue to their supervisor, reporting the issue to operations or plant leaders, utilizing the employee concerns program, and reporting the issue to NRC. If the individual raising the concern would prefer anonymity, several of these processes can accommodate it.

4. What challenges or complexities arise when licensees and certificate holders work with contractors and vendors where the organizations either take different approaches to resolving conflicting outcomes when they seek to maintain safety and security or the organizations may balance the conflicting outcomes of efforts to maintain safety and security differently?

The licensee is ultimately responsible for the safe and secure operation of the plant.

Licensees are responsible to establish and enforce expectations related to nuclear safety and security. Contracts are established that contain these expectations and training and licensee oversight is provided to assure that contractors and vendors meet station expectations. Oversight of contractors is provided by observation of work by licensee supervisors, QA surveillance, management observation tours, behavior observation programs, and security observations, among other methods.

Contractors and vendors have access to processes and programs provided by the licensee or have equivalent processes to promote a nuclear safety culture. Issues are entered into the station corrective action program or reported through the other processes previously discussed.

18

5. What practices have been used to effectively address the conflicts to achieve the desired outcomes or goals?

Use of the corrective action program, reporting an issue to a supervisor, reporting an issue to operations or plant leaders, utilizing the employee concerns program, and reporting the issue to NRC have all been successfully used to resolve issues and achieve desired outcomes. All of these processes are provided to individuals in training and periodically reinforced through refresher information and recurring training. Health of the programs is monitored by station management through surveys, assessments and audits.

6. Given that there are several ways to think about safety culture and security culture within organizations, the NRC wishes to express a policy in a way that best furthers its goals of protecting the public and environment and ensuring the secure use and management of radioactive materials. If the above issues are viewed in terms of safety culture and security culture implementation, what benefits or challenges would licensees, certificate holders, Agreement States, or others foresee with a single policy statement? Two separate policy statements?

The policy statement for safety culture should be a single statement that addresses safety culture expectations for all personnel with unescorted access to a nuclear power station. Security should not be addressed separately within that single statement. Security forces are in most cases fully integrated into the plant processes, procedures, and expectations for safe operation and protection of public health and safety. Significant progress has been made in recent years to ensure security personnel have the same expectations regarding a nuclear safety culture that other plant workers involved in safety related activities have. They have the same processes available to report nuclear safety issues or concerns. These expectations and processes are routinely reinforced through training and refresher materials. To address security in a separate policy or within a single policy may only provide negative reinforcement that security is held to a different standard and current proven processes are not sufficient. This would be an undesirable outcome.

Regarding fuel cycle and materials licensees and certificate holds, the industry supports a single policy statement to establish the expectation that the safety culture inherently includes a security culture as an integral and necessary component.

Extraction of one key component, such as security, chemical safety, or radiation protection, from the overall facility safety program would potentially result in a disproportionate level of resources being devoted to one program component that could have a negative impact on the overall safety program. Such program elements must be integrated to ensure that the overall safety goal is met. As such, two separate policy statements, one for safety and one for security, could cause confusion and create conflicts regarding the level of emphasis to be placed on each component of the safety culture.

19

7. How can the NRC best express a policy that gives appropriate weight to safety culture and security culture across the range of licensees and certificate holders? Given the diversity among the licensees and certificate holders regulated by the NRC and the Agreement States, how should the policy statement address any differences in emphasis on safety and security at the different types of licensees and certificate holders?

The policy should be written at a level that allows licensees to choose differing approaches to achieve the same objectives. Different approaches may be required for organizations of different sizes, management structures, regulatory requirements, site configurations, etc. However, the overarching objective of maintaining a strong safety and security culture can be met regardless of these differences if the policy is constructed in a manner that sets clear expectations for maintaining processes and procedures that promote a healthy nuclear safety culture, but does not prescribe methodology.

8. Given the diversity among the licensees and certificate holders regulated by the NRC and the Agreement States, how should the policy statement address any differences in emphasis on safety and security at the different types of licensees and certificate holders?

Diversity among licensees and certificate holders should not result in differing standards when it comes to maintaining a nuclear safety and security culture that protects the health and safety of the public.

Topic 2: How should NRC increase attention by licensees and certificate holders to safety culture in the materials area?

In the area of fuel-cycle and byproduct materials licensees, we offer the following specific points. First, consistent with the position of the commercial nuclear power industry, there is general consensus among materials licensees that a single policy statement be drafted to address both safety and security. The policy should clearly state the Commissions expectation that licensees and certificate holders ensure that an appropriate safety culture, that includes a security culture component, exists at each facility. This approach would reflect the fact that safety programs in place today are comprised of several components, e.g., radiation protection, chemical safety, security, etc. Secondly, the policy should recognize and allow for a graded approach to facility safety and security culture based on the relative risks of the authorized materials and activities. For example, the sophistication, formality and level of detail in an effective safety culture program at a uranium enrichment plant would far exceed the program at a facility that manufacturers tritium exit signs. Third, more coordination with the Agreement States and the wide variety of fuel-cycle and byproduct materials licensees is needed prior to finalizing and implementing a policy statement. The purpose of such coordination would be to gain additional insights on existing safety and security cultures to better define and articulate the agencys specific goals and expectations regarding enhancements to the current safety and security culture at regulated facilities.

20

1. What is the NRC doing that is working well to help materials licensees and certificate holders to maintain their safety culture and security culture?

To date, NRC has not developed rules, regulations or guidance on safety and security culture in the materials area. Such a performance-based approach allows licensees and certificate holders the necessary flexibility to implement safety culture components specific to their facility and make changes to their programs in response to events, self assessments or other initiators without prior NRC approval or coordination. We appreciate that NRC has not dictated a specific approach or criteria which may work for some licensees but would be detrimental for others. We believe that this performance-based approach is working well and is beneficial to both NRC and the regulated community both from a safety and resource perspective.

2. What might the NRC do differently, or that it is not currently doing, to increase NRC, licensee, or certificate holder attention to safety culture at materials licensees and certificate holders?

The question implies that the current level of attention to safety culture at regulated facilities by the licensee or certificate holder is inadequate. We are not aware of any data to support this assumption. We also disagree with the NRC comment made during the February 3, 2009 workshop that the number of Abnormal Occurrences (AO) reported annually to Congress is the basis for an increased NRC regulatory role in safety and security culture. In fact, the probability of an AO occurring at a regulated facility is extremely low (11 in 2007) when compared to the extremely high volume of regulated activities, uses and applications of licensed material on a daily basis (e.g., >10,000 medical dosages nationwide).

We suggest that NRC consider revising its current approach to enforcement action when assessing the safety and security culture at a facility. Specifically, in a few cases, the NRCs involvement has been detrimental to the safety and security culture at a regulated facility. Licensees work very hard to engrain in their workers the responsibility to report safety violations or unsafe conditions. However, NRC inspection reports and License Performance Reports very seldom acknowledge program successes, highlights or best practices. Instead, the NRC inspection report focuses only on potential violations, thereby diminishing the level of effort to implement and maintain an effective safety and security culture. Industry also believes that there is a negative impact on the program when NRC inspectors mine the facilitys corrective action files and internal audits and include such findings in their reports as if the NRC had identified them. Finally, NRC should consider not citing a violation that is self-identified and where NRC determines that effective correction action was taken to prevent a recurrence. Such a performance-based and more cooperative approach to safety culture would encourage facilities to more routinely self-audit and self-identify potential violations and this approach would likely enhance safety culture at regulated facilities.

3. How could the NRC better interact with materials licensees and certificate holders to help them to pay greater attention to maintaining their safety culture and/or security culture?

As stated previously, certain NRC questions imply that the current level of safety and security at regulated facilities is inadequate. That being said, NRC could better

21 interact with licensees and certificate holders by acknowledging the success of maintaining safe and secure operation of these facilities today and by engaging licensees to gain specific insights on the safety and security culture in place today and our mutual goals for culture enhancements. A more cooperative approach whereby the regulator and regulated work together to meet their common goal of safe and secure operations would, in the end, achieve loftier results.

4. If the NRC expresses a policy for materials licensees and certificate holders to maintain safety culture and security culture, or made its references to safety culture and security culture more explicit in its interactions with these licensees and certificate holders, how would their performance change?

The current level of performance would likely not change at many facilities or change very little at best. The biggest concern is that any policy statement or guidance from the NRC on safety and security culture could be detrimental to existing programs if it is prescriptive, focuses more on one aspect of safety culture to the detriment of others, or does not provide the facility with flexibility to make changes to safety culture components as needed without NRC approval or coordination.

5. What should the NRC consider when developing policy statement(s) on safety culture and security culture?

The first question that NRC should consider is, What problem or perceived problem is NRC attempting to address? Many regulated facilities have been operating safely under existing safety and security cultures for decades. That being said, facilities recognize, as with any program element, there is always room for improvement.

Toward this end, NRC should work more closely with the Agreement States and the regulated community to determine key components of safety culture and incentives for facilities to more routinely conduct self-assessments or periodic independent audits to identify enhancements, in the absence of a requirement to do so. A lot can be shared and learned from site to site and, even between categories of licensees.

Further, it would be beneficial if NRC recognized that facility operators work diligently each day to ensure safe and secure operations at regulated facilities because doing otherwise is unacceptable and in no ones best interest.

5.1 What is the current level of understanding of materials licensees and certificate holders of the NRCs expectations that they maintain a safety culture that is cognizant of issues relating to security? How does this level of understanding change with the type of licensee or certificate holder?

The licensees understanding of the NRCs expectation for maintaining a safety culture and cognizant of the security aspect is that the licensee will develop and maintain a safety culture which includes a security component. To date, this approach appears adequate and recognizes that the level of program complexity varies depending on the category of licensee and inherent risks, e.g., from a fuel fabrication facility to an industrial gage user.

5.2 How should the NRC consider the different activities (e.g., risk, type of material, quantities of materials, how the material is used, location, etc.)

22 conducted at materials licensees and certificate holders when evaluating whether, or how, to express its policy?

The policy should be generic and not express specific expectations for one licensee category versus another. However, the policy should recognize that due to the risks associated with different categories of regulated facilities, one size does not fit all and include the expectation that individual licensees or certificate holders will use their intimate knowledge of regulated activities to determine the specific necessary attributes or components of a successful safety and security culture.

5.3 How should NRC consider differences in the materials licensees and certificate holders (e.g., size of workforce, relationship to activities not regulated by the NRC, etc.) when evaluating whether, or how, to express its policy? What differences should the NRC consider?

As stated in response to question 5.2., the policy should be generic, not express specific expectations for one licensee category versus another, and recognize that one size does not fit all. The policy should also include the expectation that individual licensees or certificate holders will use their intimate knowledge of regulated activities to determine the specific necessary attributes or components of a successful safety and security culture.

5.4 What are the unique aspects of security at materials licensees and certificate holders that the NRC should consider when expressing its policy?

Material licensees cover the extremes from facilities which have Design Basis Events to facilities which have basic industrial security provisions. The NRC policy needs to recognize that this extreme exists and not, as stated previously, apply a one size fits all mentality except to state its expectation that licensees ensure an appropriate safety and security culture commensurate with regulated activities.

5.5 What topics should be addressed in the policy statement(s) that would be of value to materials licensees and certificate holders?

It would be most valuable if the policy recognized that NRC and the Agreement States cannot and should not regulate the safety and security culture at facilities but they can and should encourage facilities to develop and implement effective programs, and build and maintain safety culture through periodic self assessments or audits. It should be recognized that it is not in anyones best interest to have performance problems at regulated facilities due to the safety or security culture. Licensees work diligently through their corrective action programs, employee concern programs, their day-to-day operations, management controls, etc to help ensure that an appropriate culture exists.

23 5.6 How could the policy statement(s) effectively address issues that involve both safety and security (at the safety/security interface) at materials licensees and certificate holders?

The policy should recognize that security culture is one of several integrated parts of safety culture, i.e. there is no real distinction between cultures, there is not a standalone radiation safety culture, a nuclear criticality safety culture, a fire safety culture, or an environmental protection culture. All of these programs are focused on safety for a particular discipline; the licensee safety culture is approached in an integrated manner across discipline boundaries.

5.7 How can the NRC best express a policy that gives appropriate weight to safety culture and security culture across the range of licensees and certificate holders?

The policy should state the Commissions expectation in generic terms and encourage a performance-based approach to maintaining and enhancing the safety and security culture at regulated facilities. The NRC should not indicate that there is a distinction between safety and security, just like it does not distinguish between nuclear safety and radiation protection. There is a recognized difference between the facility which processes high-enriched uranium and a facility which processes Mo-99 generators or manufactures tritium exit signs. The risks at each facility cover an extremely broad range but the safety culture is based on the risks specific to the facility.

5.8 Given the diversity among the licensees and certificate holders regulated by the NRC and the Agreement States, how should the policy statement address any differences in emphasis on safety and security at the different types of licensees and certificate holders?

As stated previously, the NRC policy should be generic such that the differences between licensees are recognized, allowed for and can be accommodated by both NRC and the regulated facility.

6. How should the NRC work with the Agreement States to encourage increased attention being focused on safety culture, including the unique aspects of security, at Agreement State licensees?

The NRC should use existing mechanisms to solicit Agreement State input on their programs and their understanding of Agreement State licensee programs to better inform the NRCs draft policy statement. Such mechanisms include NRC-Agreement State working groups, task forces, steering committees, phone surveys, public meetings, workshops, etc. After all, Agreement State licensees make up ~80% of byproduct materials licensees nationwide so it is imperative that they be involved to ensure attention to these matters nationwide. Also, some NRC licensees work within Agreement State jurisdiction and vice versa. Therefore, it is in everyones best interest that further coordination occurs and that any NRC policy is adopted in a similar manner by the Agreement States.

24 6.1 What is the level of understanding at Agreement State licensees regarding the value in maintaining safety culture and security culture?

This question is best answered by the Agreement States or their licensees but we believe that most, if not all, Agreement State licensees value the development and maintenance of a safety culture and its relevance to security culture. There is no reason to believe that a licensee located in Delaware is any less focused on safety and security at its facility than a licensee located next door in Maryland.

6.2 What is the level of understanding of safety culture and security culture within the Agreement States?

Again, this question is best answered by the Agreement States but we believe that the Agreement States have a similar understanding and appreciation for safety culture and security culture as the NRC and licensees nationwide.

6.3 How do the Agreement States view the NRCs goal of increasing the attention paid to safety culture and security culture at materials licensees and certificate holders?

Again, this question is best answered by the Agreement States but we believe that the Agreement States value NRCs efforts and goal to help ensure safety culture and security culture at regulated facilities. We also believe that many if not all Agreement States would support a limited role for the regulator while supporting a performance-based approach that recognizes the wide variety in regulated facilities.

6.4 What topics do the Agreement States believe should be addressed in the policy statement(s)?

Again, this question is best answered by the Agreement States but we have no reason to assume that the Agreement States would offer topics for the policy statement that would be unique to them or their licensees since they regulate in a manner that is compatible with NRC.

6.5 How could the NRC help the Agreement States to increase attention to safety culture and security culture at their licensees?

Again, this question is best answered by the Agreement States but we believe that NRC needs to utilize existing coordination mechanisms as discussed in the response to question 6 to solicit input from Agreement States, their licensees and thereby increasing attention to the need for an adequate safety and security culture at regulated facilities.

6.6 How should the NRC address safety culture and security culture at Agreement State licensees that engage in activities within NRC jurisdiction under reciprocity?

As stated previously, the policy statement should include the expectation that the Agreement States will implement an approach to safety and security culture

25 that is similar to NRCs approach on this matter. As we have stated in earlier communication with NRC on other matters, we encourage the NRC and Agreement States to find additional tools and mechanisms to share information of mutual interest regarding performance of licensees who work within both the NRC and Agreement State jurisdictions, e.g., industrial radiographers, mobile medical services. Information sharing in the areas of inspection and enforcement are particularly important for ensuring worker and public health and safety.

6.7 How might NRC use stakeholder involvement to increase the attention that materials licensees and certificate holders give to maintaining a safety culture, including the unique aspects of security?

NRC should share information, as it becomes available, in the form of a Regulatory Issue Summary or Information Notice that regulated facility operators could consider for incorporation into their programs to enhance the safety and security culture. Sharing of information between licenses and between categories of licensees is extremely useful and provides an incentive for facilities to periodically assess their programs for enhancements. As such, NRC could consider holding workshops across the nation with various categories of licensees and certificate holders to share information on safety and security culture, best practices, lessons-learned, etc to better inform NRC as it considers a policy statement and to provide a forum for the regulated community to share information on this important topic.

Topic 3: Does safety culture as applied to reactors needs to be strengthened?

The nuclear power industry believes that a strong nuclear safety culture is an essential element in the safe and reliable production of electricity and that leadership at each site is the appropriate body to take responsibility for setting and implementing expectations for nuclear safety culture. The industry employs the INPO Principles for a Strong Nuclear Safety Culture to provide a common language for all employees to understand their responsibilities and the importance of effective processes and procedures in assuring nuclear safety. The industry also believes that it is the responsibility of the NRC to oversee the licensees safe operation of the stations and adherence to regulations. The current NRC approach to safety culture is too limited in that it only looks at a limited set of data (10-15 findings that occur at a plant over a year) and makes subjective judgments on this very limited set of data every six months. This approach is backward looking and distracts industry and NRC management from their appropriate roles of direct responsibility for nuclear safety culture and oversight of industry, respectively. The industry has proposed an alternative approach which will strengthen nuclear safety culture. This approach was discussed at the public meeting and is described in enclosure (2) to this letter. The industry alternative uses all the data that is available (inspection results, culture surveys/assessments, employee concerns, industry evaluations, quality assurance audits, self assessments, operating experience, performance trends, etc.) to the site leadership team to provide a holistic and integrated look at nuclear safety culture and to act in a timely manner to correct weaknesses. The NRCs appropriate regulatory footprint will remain its baseline and supplemental inspection program, with, we believe, an enhanced Problem Identification and Resolution inspection procedure which will look at the effectiveness of the nuclear safety culture program. We recommend that the NRC staff work with the industry to transition

26 from the NRCs current approach to the industry proposed alternative, an effort which will include a pilot program. In addition, we believe that NRC and industry should be using a common language to describe the elements of nuclear safety culture. We recommend that the NRC safety policy statement support both of these efforts.

A number of enhancements were made to the ROP in 2006 to address safety culture (for example: safety culture cross-cutting aspect assignment to findings; identifying substantive cross-cutting issues; performing an independent NRC safety culture assessment for column 4 plants).

1. What are the strengths and weaknesses of the current approach for evaluating licensee safety culture in the ROP?

Industry believes the current NRC approach is ineffective: (1) The approach is limited to one set of data (inspection findings) and does not consider data on culture, such as attitudes, values, behaviors, and also does not consider other sources of data, such as industry evaluations, quality assurance audits, employee concerns program, operating experience, site performance indicators, benchmarking, etc. (2)

Conclusions on a plants safety culture, and whether there is a crosscutting issue (which implies a cultural problem across departments or across processes), are based only on four inspection findings in a years time. (3) NRC decisions whether adequate action has been taken are not predictable or transparent. Neither licensees nor the public can understand how decisions are made.

For example, one of the most common crosscutting issues is procedure adherence.

Four usually green (very low significance) inspection findings in procedure adherence in an entire year is weak evidence of a crosscutting problem at a site where there are several hundred procedures carried out every day, 365 days a year.

During the 18 month initial implementation period, the number of substantive crosscutting issues (SCCIs) more than doubled, and after 24 months more than a third of the sites in the industry had one or more SCCI. During this same time period, industry performance, as measured by the ROP performance indicators and inspection findings and the INPO performance indicators, continued to improve in safety. There is no apparent relationship between measured plant performance and the significant increase in SCCIs.

Despite this anomaly, the NRC has not conducted an assessment of the effectiveness of the SCCI approach, although the NRC had stated that it would do so in RIS 2006-13, Information on the changes made to the reactor oversight process to more fully address safety culture (page 6)1. An assessment would include answers to such questions as: Did the new process meet intended objectives and outcomes?

Did it predict safety problems? Was the threshold for substantive crosscutting issues appropriate? Did it add value above its cost in NRC and licensee resources? Before implementing the ROP and the MSPI the NRC conducted pilots and an extensive assessment. The SCCI approach similarly warrants a hard look, not just public meetings to roll out lessons learned changes.

The founding principles of the ROP are to be transparent, understandable, objective, predictable, risk informed and performance based. Based on industry experience with the NRCs safety culture approach, it fails to meet these principles. Industry

27 believes that it diverts both industry and NRC resources from their primary focus on plant safety equipment performance and essential plant procedures and processes.

In the area of people (safety culture), it relies on limited insights from inspection findings (only four, usually green inspection findings in an entire year) in order to draw conclusions regarding issues with safety culture across an entire site.

2. How has the use of safety culture cross-cutting aspects that are assigned to inspection findings helped to identify potential safety culture issues? Suggest any alternative approaches that licensees could use to identify potential safety culture issues.

The nuclear power industry believes that a strong nuclear safety culture is an essential element in the safe and reliable production of electricity and that leadership at each site is the appropriate body to take responsibility for setting and implementing expectations for nuclear safety culture. The industry employs the INPO Principles for a Strong Nuclear Safety Culture to provide a common language for all employees to understand their responsibilities and the importance of effective processes and procedures in assuring nuclear safety. The industry also believes that it is the responsibility of the NRC to oversee the licensees safe operation of the stations and adherence to regulations. The industry has proposed an alternative approach which will strengthen nuclear safety culture. This approach was discussed at the public meeting and is described in enclosure (2) to this letter. The industry alternative uses all the data that is available (inspection results, culture surveys/assessments, employee concerns, industry evaluations, quality assurance audits, self assessments, operating experience, performance trends, etc.) to the site leadership team to provide a holistic and integrated look at nuclear safety culture and to act in a timely manner to correct weaknesses. The NRCs appropriate regulatory footprint will remain its baseline and supplemental inspection program, with, we believe, an enhanced Problem Identification and Resolution inspection procedure which will look at the effectiveness of the nuclear safety culture program. We recommend that the NRC staff work with the industry to transition from the NRCs current approach to the industry proposed alternative, an effort which will include a pilot program. In addition, we believe that NRC and industry should be using a common language to describe the elements of nuclear safety culture. We recommend that the NRC safety policy statement support both of these efforts.

3. What may be better or more effective methods or tools that the NRC could use to help identify precursors to future plant performance deficiencies?

A more effective tool to identify precursors is to focus more on the physical condition of the power plant and the operation of the licensees corrective action program.

Inspectors should have more of their time allocated to ensuring that the licensee is appropriately identifying and prioritizing adverse conditions, analyzing the cause of the condition, including extent of cause and extent of condition, developing appropriate corrective actions and implementing corrective actions in a timely manner. This is the key to identifying precursors and would have been effective in the Davis Besse case.

28

4. In the following situations the NRC may/or will request a licensee to perform a safety culture assessment (licensee self-assessment, independent assessment, or a third-party assessment): (a) the same substantive cross-cutting issue had been identified in three consecutive assessment letters (generated from assessments conducted at 6 month intervals); (b) a 95002 inspection (Inspection for One Degraded Cornerstone or Any Three White Inputs in a Strategic Performance Area) that confirmed the licensee had not identified a safety culture component that either caused or significantly contributed to the risk-significant performance issue that resulted in the supplemental inspection; and (c) a plant enters Column 4 of the Action Matrix.

Under what other situations should the NRC consider requesting that a licensee perform a safety culture assessment?

Licensees currently are required by INPO to conduct a safety culture assessment on a biennial basis. Industry is developing a guideline which will use the same methodology but apply greater levels of independence moving from self to independent to third party. (See enclosure 2.) INPO also assesses safety culture in its biennial evaluations, so there is now an annual assessment of safety culture.

Another ROP enhancement was for the NRC to perform an independent safety culture assessment for plants that enter the multiple repetitive/degraded cornerstone column (column 4).

5. In what other circumstances might the NRC consider performing an independent safety culture assessment?

Industry believes that once the industry has put in place its guideline on conducting nuclear safety culture assessments, including third party assessments, the 95003 inspection procedure should be revised to consist of evaluating the licensees assessment and not conducting its own assessment.

6. What other entity, other than the NRC, could perform an independent safety culture assessment or simply verify the results of the licensees assessments and corrective actions?

The industry guideline on conducting nuclear safety culture assessments will provide for independent and third party assessments.

7. What additional safety culture related ROP changes could help the NRC to improve the focus of NRC and licensee attention on site safety culture issues?

See questions 1 and 2.

29 The NRC has held public meetings where draft changes to several ROP guidance documents resulting from a lessons learned evaluation of the initial implementation period of the ROP safety culture enhancements have been made available for public comment.

8. What areas beyond the draft changes (for example, a provision in IP95003 for the NRC to be able to conduct a graded safety culture assessment) presented by the NRC have the potential to further enhance how the ROP addresses safety culture?

Please see question 2 and enclosure (2).

The NRC has not conducted an assessment of the effectiveness of the SCCI approach, although the NRC had stated that it would do so in RIS 2006-13, Information on the changes made to the reactor oversight process to more fully address safety culture (page 6)2. An assessment would include answers to such questions as: Did the new process meet intended objectives and outcomes? Did it predict safety problems? Was the threshold for substantive crosscutting issues appropriate? Did it add value above its cost in NRC and licensee resources? Before implementing the ROP and the MSPI the NRC conducted pilots and an extensive assessment. The SCCI approach similarly warrants a hard look, not just public meetings to roll out lessons learned changes.

8.1 How would these potential changes enhance or improve how the NRC addresses safety culture through the ROP? Under the industry approach, the NRC would focus on oversight, especially through the Problem Identification and Resolution inspection procedure, which includes both routine and biennial review of the corrective action system. Safety culture concerns will be entered into the CAP.

9. In what ways does the current process lead to consistency/predictability of implementation by the NRC? Provide examples to support your view.

It is not consistent and predictable across plants and regions.

9.1 In what ways does it lead to inconsistency or unpredictability?

Assignment of aspects or not is dependent on individual inspectors and is not consistent or repeatable. The decision whether the licensee has adequately assessed and taken action to correct a crosscutting issue (four or more aspects) is not consistent across regions and is not predictable. It is not understood by the public or licensees.

10. How effective is the ROP in addressing security culture issues?

The ROP includes a performance indicator, inspection, significance determination, assessment and enforcement of security. In addition, safety culture aspects are sometimes applied to inspection findings. As stated earlier, industry believes the industry approach to assessing safety culture is preferable to the NRC approach; the industry approach includes assessing the security department. Substantial progress has been made over several years toward the goal of fully integrating security into

30 plant processes. Effectiveness would not be enhanced by a separate set of security culture aspects.

10.1 What ROP changes could help the NRC to improve the focus of NRC and licensee attention on site security culture issues?

Industry does not believe there should be a distinction made between safety and security culture issues. A security culture is one important element of a safety culture. If a station has a good safety culture, it would include personnel at the site understanding their role in supporting security as a component of nuclear safety.

In previous public meetings, the NRC has discussed using the Reactor Oversight Process safety culture components and modified aspects as a tool to understand the challenges to safety culture during new reactor construction.

11. How can challenges to safety culture in new reactor construction be identified and addressed in regulatory oversight?

Safety culture for construction differs from an operating plant environment. For a construction environment, safety culture can be inferred from three basic programmatic elements: a safety conscious work environment, quality assurance, and the Occupational Safety and Health Administration (OSHA) program.

Questions on Safety Culture Components

1. Is there an area(s) important to safety or security culture that does not appear to be captured by the set of nine components? Is the missing area(s) relevant to a particular set of licensees or certificate holders? Or is it generically applicable? If so, please specify.

Industry has not had sufficient time to review the new set of nine components. They appear to cover the same areas as the previous set of thirteen. Industry believes that the best approach for the ROP and the industry would be to use a common set of components and aspects or principles and attributes so that we are speaking with a common language. Industry would be pleased to work with the NRC to achieve that goal.

2. Of the identified components, is there a safety culture component(s) that you consider to not be important, or to not contribute, to safety culture and should therefore be dropped? If so, please specify.

See question 1.

3. How should the Commission communicate a common understanding of the components of safety/security culture?

We should be communicating with the same language.

31

4. How should the Commission, through the policy statement, influence licensee and certificate holders to use their understanding of safety/security culture to improve performance?

The policy statement should encourage industry to take the lead in developing common guidelines for assessing safety culture and correcting weaknesses.

5. Should there be new regulatory requirements specifically addressing safety culture? If so, please explain. Or, how should safety culture insights to be used, e.g., to inform regulatory response to findings or violations within existing requirements?

Industry does not believe that there should be regulatory requirements in the area of safety culture.

6. Given the range of NRC licensees and certificate holders, how can the Commission best communicate its expectations regarding the scope of programs and processes to address safety/security culture in a manner that appropriately considers the different licensee and certificate holders environment?

Industry believes there should be a graded approach based on the size and type of safety issues involved in the facility.

7. How should the Commission define the components of safety and security culture (i.e., one set of components addressing both safety and security culture in an integrated manner or two sets of components, one to address safety culture and another to address security culture)? What are the risks and benefits of combining or separating them?

Regarding making distinctions between safety and security culture please see the responses to topic 1 questions. Industry believes there should be one set, and that the industry and NRC should work toward a common set of components or principles.

32 Enclosure (2) Comments:

I. Description of Industry Approach The industry approach to assessing and addressing nuclear safety culture issues places primary responsibility on line management, and in particular, on the site leadership team.

The objective is to provide an objective, transparent and safety-focused process, which uses all of the resources available (e.g., performance trends, NRC inspections, industry evaluations, nuclear safety culture assessments, self assessments, audits, operating experience, employee concerns program, etc.) to provide an early indication of potential problems, develop effective corrective actions and monitor the effectiveness of the actions.

While it is not possible to directly measure culture, and thus there must be some subjectivity, there are aspects of plant conditions which can be trended to provide a warning to site leadership to determine if cultural issues contributed to the condition.

Process weaknesses, discovered through audits, self assessments, inspections, etc.,

also can provide symptoms of cultural problems. Similarly, the attitudes and behaviors of site personnel can be assessed through surveys, interviews and behavioral observations. It is the responsibility of the site leadership team to employ all of these tools and take effective action.

Overview of Proposed Industry Process The proposed process is shown below and is comprised of eight distinct elements.

1. Process Inputs
5. Site Response
2. Corrective Actions
6. Communication
3. Other Input Sources
7. External Input
4. Site Leadership Team
8. Regulatory Oversight Industry Nuclear Safety Culture Process

33

1. Process Inputs The following are the inputs to the nuclear safety culture process. For each input, there are data (e.g., deficiencies, violations, or weaknesses) which can be reviewed in combination with data from other inputs to determine whether there is a nuclear safety culture issue. The INPO Principles for a Strong Nuclear Safety Culture describes the essential attributes of a healthy nuclear safety culture. They provide a useful framework for assessing and categorizing the data, and in combination, are used to identify potential cultural issues for action. Using a consistent model and terminology throughout the entire process will allow clear communication of cultural issues which the entire site can understand and respond to. Each input has an owner whose responsibilities include assessing the data against the INPO principles and attributes and reporting their results to the site leadership team on a periodic basis.

NRC inspection results. These include the baseline inspections of plant and processes (especially the problem identification and resolution inspection which also looks at safety conscious work environment and any past safety culture assessments), supplemental inspections, event follow-up, etc. These are extremely valuable inputs for the site.

Nuclear Safety Culture Assessment. Using a common industry guideline, sites conduct a self assessment of nuclear safety culture on a biennial basis. This is already an INPO SOER 02-4 requirement. What has been added is a common industry approach. The proposed approach is discussed in Section III.

Industry Evaluations. For example, INPO evaluations are conducted on an approximately biennial basis, in the alternate year from the culture assessment. Included in the INPO evaluation is an assessment of nuclear safety culture. Thus the site would receive a nuclear safety culture assessment almost every year. These industry evaluations are available to NRC on site.

Operating Experience. Data on previous deficiencies (such as operations, design, and equipment) are used to improve procedures and processes and to avoid future problems. Information from OE can also be used to look for nuclear safety culture issues.

QA/Self Assessment/Benchmarking. Each site requires a variety of self reviews.

These include audits required in the quality assurance programs, department self assessments, and benchmarking of other sites in the industry (or other industries).

Employee Concerns Program. This required program looks at the sites safety conscious work environment. It may not be appropriate to enter some of the ECP issues in the corrective action program, but the issues will be considered by the site leadership team.

Site Performance Trends. Each site has a broad suite of indicators which it uses to assess performance. They do not include ROP performance indicators which generally measure plant-wide outcomes, but rather they provide intermediate outcomes, which, if not corrected, could lead to safety system failures, scrams or events. Trends can be developed in these indicators and the cause of the trend - be it process or design deficiencies, training, resources, or nuclear safety culture issues - can be examined and corrective action taken.

34 Examples include operator workarounds, control room deficiencies, preventive maintenance deferred, open positions, etc. These trends would not be reported to NRC, because they are not performance outcomes. They would be available to NRC on site.

  • Note that a site may have additional process inputs that it finds effective in helping to assess nuclear safety culture.
2. Corrective Actions Problems in all of these areas are fed into the sites corrective action program where they are assessed for significance, including whether apparent cause or root cause analyses will be conducted. Both apparent and root cause analyses will include an assessment against the INPO principles and attributes. In some cases, the corrective action program is not the appropriate location for the problem; for example, some ECP issues, allegations, perhaps some nuclear safety culture assessment issues, and some organizational or personal issues. Cultural and organizational issues may more appropriately be placed in the Site Improvement Plan, or whatever term the site uses.
3. Other Inputs There may be additional inputs that come directly to the attention of the site vice president, such as allegations or other sensitive information, which are not appropriate to be handled through the corrective action program.
4. Site Leadership Team The Site Leadership Team is responsible for reviewing plant performance and taking a holistic view of all of the potential indications of nuclear safety culture. The team should be guided by the INPO principles and attributes. In addition to having very subtle issues which the team discerns from several inputs, the team will also, of course, have situations which are more direct, such as ECP and nuclear safety culture surveys and assessments. While maintaining an ongoing sensitivity to nuclear safety culture issues, the team will also meet quarterly to discuss and assess cultural issues. Reports from the managers responsible for each of the process inputs will provide information for the team.
5. Site Response The Site Leadership Team is responsible for determining what actions are necessary to address any nuclear safety culture issues. In addition, the team is responsible for assessing the effectiveness of prior actions and redirecting these actions where appropriate. Site Response suggests some actions that might be taken: changes in policies, program modifications, training, additional assessments, benchmarking, etc.

The site responses, of course, provide feedback into the process inputs and into the corrective action program and/or site improvement plan.

6. Communication The Site Leadership Team is responsible for ensuring there is appropriate Communication of its conclusions and actions. This communication is internal to the site workforce and if appropriate, corporate, and external, if appropriate, to the public.

Raw data and reports, such as the INPO evaluation and the nuclear safety culture assessment would be available on site for NRC review.

35

7. External Input The Nuclear Safety Review Board (or equivalent) provides an additional perspective to the site leadership team. The experience and outside eyes of the board can assist the site leadership team in many ways, including bringing a fresh look at cultural problems which may be invisible to those living in the culture day to day. Corporate organizations or fleets may also be used to provide external input.
8. NRC Oversight The NRC retains a Regulatory Oversight footprint in the process through its residents and baseline and supplemental inspections. While inspectors will not assign crosscutting aspects to inspection findings, their observations can provide valuable insight to the licensee. In particular, the Identification and Resolution of Problems (IP 71152) inspection procedure objectives are:

01.01 To provide for early warning of potential performance issues that could result in crossing thresholds in the action matrix.

01.02 To help the NRC gage supplemental response should future action matrix thresholds be crossed.

01.03 To provide insights into whether licensees have established a safety conscious work environment.

01.04 To allow for follow-up of previously identified compliance issues (e.g., NCVs).

01.05 To provide additional information related to the crosscutting areas that can be used in the assessment process.

01.06 To determine whether licensees are complying with NRC regulations regarding corrective action programs.

01.07 To verify that the licensee is identifying operator workarounds at an appropriate threshold and entering them in the corrective action program.

This inspection procedure includes specific questions related to raising safety questions.

(Upon adoption, this procedure and other NRC internal guidance would need to be revised to remove the references to crosscutting themes and aspects.) Additionally, the inspectors review any safety culture assessments which have been performed. The NRC footprint would also include observation on site of various aspects of the industry safety culture approach. NRC communicates results to the public through inspection reports, assessment letters and public meetings.

Comparison with Reactor Oversight Process The industry nuclear safety culture process, in many respects, mirrors the Reactor Oversight Process, which is shown below. In both processes a range of inputs (in the case of the ROP, performance indicators and inspection findings) are individually reviewed for significance. In the site process, deficiencies and weaknesses are entered into the corrective action process. They are assessed for significance, extent of condition and cause. Actions are developed to preclude recurrence and implemented. In both the ROP and the industry process, all of the information is assessed in combination to determine what actions should be taken by the responsible management. In the ROP case, senior NRC management determines the additional inspection and communication that are appropriate. For the site nuclear safety culture process, the site leadership team

36 is responsible for determining the appropriate action. (Of course, in a broader sense, the nuclear safety culture model reflects how site leadership oversees all of the site activities, not just safety culture.)

Advantages of Industry Process The advantages of this process are many. The process is built around the INPO principles and attributes which emphasize that EVERYONE is responsible for nuclear safety. The principles provide a common language across the site and across the industry so that communication and actions are understood. The process uses a broad spectrum of input available from plant condition, process and people issues. In addition, the majority of the data were already in use at the site, albeit for other purposes. Finally, the process places clear responsibility on line management, with the site leadership team at the top.

The NRC approach uses a different set of attributes, and a different language, than the industry. Many of NRC attributes may not be nuclear safety cultural issues at all. They may be training or procedures, or process weaknesses as opposed to cultural issues.

Unfortunately, the NRC sampling approach relies on categorizing violations, of which there are on average only 15 or so a year per site, whereas the industry approach has literally thousands of inputs. The NRC counting scheme for assessing a crosscutting theme is only four data points in a year. When NRC is not convinced that the site has

37 taken sufficient action for these four (usually) safety-insignificant violations, it issues a substantive crosscutting issue which can divert precious resources and management time away from safety significant issues and ensuring that processes and procedures are being effectively implemented. It also presents a distorted and negative image of the site which is misleading to the public. NRC resources are also diverted from their attention on inspecting plant and processes toward subjective judgments on minor inspection findings and attempting to assess the culture based on limited data. Then more senior NRC management is diverted by having to make subjective judgments on whether cultural issues have been resolved.

A more appropriate role, or footprint, for the NRC is focus on objective, tangible evidence of plant safety, compliance with the regulations and using risk-informed tools to determine significance and regulatory response. It should use its inspections of the corrective action program to determine if plant and process deficiencies are being corrected in a timely manner and that events are being properly evaluated. The corrective action program inspection also can look at the sites actions to correct safety culture issues which have been identified. The NRC informs the public through its inspection reports, assessment letters and public meetings.

Conclusion The industry nuclear safety culture process provides a structured approach of looking at multiple inputs to assess the culture using the lens of the INPO principles and attributes. It looks at plant conditions, processes, and peoples attitudes, opinions and behaviors. It appropriately places responsibility for assessing and improving nuclear safety culture on the line management, while emphasizing that everyone on site is responsible for nuclear safety.

II. Nuclear Safety Culture Assessment Including Third Party Assessments Introduction This section discusses current requirements for nuclear safety culture assessments, and a graded nuclear safety culture assessment guideline. The objective is to:

Create a consistent, quality guideline and approach for conducting nuclear safety culture assessments which will be used across industry and will be used for self assessment, independent assessment and third party assessment.

The approach was developed by an NEI task force, building on a very successful assessment process developed and implemented over the past five years by the Utilities Service Alliance (USA) member stations.

Current Requirement for Nuclear Safety Culture Assessment INPO SOER 02-4 calls for a nuclear safety culture assessment every other year. There are no specific requirements. Some utilities do an assessment entirely in house using company resources (either all on site resources, or a combination of fleet resources);

some are in the USA program 17 stations) which include both internal assessors and external loaned utility assessors; some use consultants (cost varies but is in the range of

$100,000 to $150,000); and there may be other variations.

NRC demands a third party nuclear safety culture assessment for plants in column 4 of the action matrix and has required an independent assessment in certain other instances when it is concerned about performance and significant crosscutting issues.

38 These assessments are ad hoc and usually do not build on the same model as the self assessments, resulting in no economies of scale and difficulty in comparing the two assessments. (This is often the case because self assessments commonly use the INPO nuclear safety culture model of principles and attributes, whereas the independent or third party assessments are organized around specific issues and the NRCs nuclear safety culture aspects.)

Graded Nuclear Safety Culture Assessment Guideline The industry nuclear safety culture assessment guideline is built on the successful USA approach which uses the industry standard INPO principles and attributes for surveys, interviews, and behavioral observations. The USA self assessment approach differs from some utilities self assessments in that it uses a team made up of half site assessors, and half independent assessors. The strength of this team structure is that there are people on the team with site knowledge, and independent assessors who may be more sensitive to cultural issues on site because they are not a part of that culture.

The assessors conduct interviews of senior managers and managers, first line supervisors, various departments and craft groups, security and oversight in two person teams, usually with one onsite and one offsite member. Two person teams allow greater reliability in assessing nuclear safety culture attributes, and also allow for one person to take notes while the other person conducts the interview. The team also conducts behavioral observations (e.g., morning meeting, CARB, pre-job briefs, control room).

Usually there are four two-person teams. In addition there is a team host, an external team executive, an external team lead, and two site administrative support staff. More details are provided in the table below.

The self assessment approach can be readily adapted to the needs of an independent assessment (requested by a site VP who requires a deeper or more specific review), or to a 95003 assessment. The differences between the variations between self, independent and third party assessments are an increase in sample size, more independence by the assessment team and additional focus on areas of concern.

39 Graded Nuclear Safety Culture Assessment Self Assessment Independent Assessment Third Party Assessment Purpose To meet INPO SOER 02-4 (Davis Besse) biennial assessment Requested by Site VP who wants deeper/more specific review 95003: Plant in Column 4 of action matrix Base Assumptions Standard Assessment (pre-survey1, document review, interviews, behavioral observation, four 2 person teams, exit, written report) One week.

Standard Assessment plus review of additional area(s) of concern to Site VP Could require an additional team of assessors to address issues. Typically one week.

Standard Assessment plus review of additional areas of concern determined by Site VP and Team Leader.

Two weeks.

Work Product Assessment Report, including:

executive summary, survey and interview results by principle and attribute, follow-up from previous assessment, positive traits observed, conclusions and recommendations for improvement.

Same as Standard Assessment, with conclusions and recommendations on additional topic requested by Site VP.

Same as Standard Assessment with conclusions and recommendations addressing 95003 issues.

Coverage INPO principles and attributes; minimal additional topics.

Typically 60-85 interviews, 15 observations, survey offered to 100%; goal of 70% response (including write in comments)

Same as self assessment with coverage of additional areas of concern and perhaps 20% more interviews and observations.

INPO principles and attributes and additional topics selected to address 95003 issues.

Approximately twice the number of interviews and observations as self assessment Team Makeup Team Leader (outside utility)

Team Executive (outside utility) 4 external assessors (fleet or outside) 4 internal assessors 1 Host peer 2 admin (host station)

Team Leader (outside utility)

Team Executive (outside utility) 8-10 external assessors (at least half outside utility, remainder fleet) 1 Host peer 2 admin (host station)

Optional: Behavioral scientist (MA level)

Team Leader (outside utility)

Team Executive (outside utility) 10 external assessors (outside utility) 1 Host peer 2 admin (host station)

Behavioral scientist (MA level) 1 Surveys performed by contractors may be substituted for the USA survey if the results are provided to the assessment team in terms of the INPO principles and attributes.

40 Self Assessment Independent Assessment Third Party Assessment Team Roles Team Leader: Interfaces with host site and team members prior to the assessment; conducts 1/2 day training with team Sunday before assessment; leads team to ensure adequate number of interviews and observations are conducted; briefs site management; conducts exit; prepares report obtaining team concurrence.

Team Executive: Provides senior oversight of the team; preferred attendance for entire week; required Wed-Friday.

Interfaces with site VP.

Assessors: Conduct interviews and observations as two person teams; develop conclusions and findings Host Peer: Ensures logistics including badging, interview and observation scheduling; coordinates survey administration Admin: Ensure smooth execution of assessment and manage data collection Same as Self Assessment.

Behavioral scientist works at the direction of the Team Leader. Can provide insights into data analysis, interviewing techniques, and team findings and recommendations.

Same as Self Assessment.

Behavioral scientist works at the direction of the Team Leader. Can provide insights into data analysis, interviewing techniques, and team findings and recommendations.

Training Team Leader: Industry workshop training and previous assessor experience Assessors: Interviewing skills training (or experience in conducting evaluations which involve interviewing) and 1/2 day team training prior to the assessment.

Admin: orientation by qualified Team Leader Same.

Behavioral scientist will be familiar with assessment methodology.

Same.

Behavioral scientist will be familiar with assessment methodology.

Document Review CAP, root cause evaluations past 2 years, policies on nuclear safety culture and SCWE, site process PIs, QA audits, self assessment and benchmarking reports, last nuclear safety culture assessment, NRC assessment letters, review ROP results on NRC website.

Same, with any additional materials provided by Site VP.

Same, with any additional materials provided by Site VP, and 95003 related reports.

41 Activities Necessary to Enhance the USA product for Nuclear Safety Culture Assessments for Industry Use (including 95003 third party nuclear safety culture assessments)

The Utilities Service Alliance has created an excellent nuclear safety culture assessment product which it has been implementing and improving over the past five years. A team of leaders of the USA effort reviewed the current product and considered what additional improvements would be necessary. These enhancements include:

1. Modify document to reflect three levels of assessment (self, independent, and third party).
2. Update survey tool to distinguish between departments and respondents organization level.
3. Develop survey criterion and content validity.
4. Upgrade to Microsoft Access 2007.

42 VI.

Mr. William D. (Bill) Shaeffer Employee Concerns Manager Energy Northwest - Columbia Generating Station QUESTIONS ON SAFETY CULTURE COMPONENTS

1. Is there an area(s) important to safety or security culture that does not appear to be captured by the set of nine components? Is the missing area(s) relevant to a particular set of licensees or certificate holders? Or is it generically applicable? If so, please specify.

Response: No

2. Of the identified components, is there a safety culture component(s) that you consider to not be important, or to not contribute, to safety culture and should therefore be dropped? If so, please specify.

Response: No

3. How should the Commission communicate a common understanding of the components of safety/security culture?

Response: Regulatory Issue Summary (RIS)

4.

How should the Commission, through the policy statement, influence licensee and certificate holders to use their understanding of safety/security culture to improve performance?

Response: Clearly define safety and security culture as Priority 1, in everything the industry does.

5. Should there be new regulatory requirements specifically addressing safety culture? If so, please explain. Or, how should safety culture insights to be used, e.g., to inform regulatory response to findings or violations within existing requirements?

Response: No, continue with the revised ROP (need more run time)

6. Given the range of NRC licensees and certificate holders, how can the Commission best communicate its expectations regarding the scope of programs and processes to address safety/security culture in a manner that appropriately considers the different licensee and certificate holders environment?

Response: If the incorporation of security is kept at the same high level in the policy statement as nuclear safety there shouldnt be a reason to have to address the different licensees individually.

How should the Commission define the components of safety and security culture (i.e.,

one set of components addressing both safety and security culture in an integrated manner or two sets of components, one to address safety culture and another to address security culture)? What are the risks and benefits of combining or separating them?

Response: See attachment below

43 CODE OF FEDERAL REGULATIONS (CFR)

PROTECTION OF PUBLIC HEALTH AND SAFETY, COMMON DEFENSE AND SECURITY NUCLEAR SAFETY CULTURE NUCLEAR SECURITY CULTURE Nuclear Safety Culture is that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear plant safety issues receive the attention warranted by their significance.*

Nuclear Security Culture is that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear plant security issues receive the attention warranted by their significance.

NRC SAFETY CULTURE COMPONENTS

1. Safety Conscious Work Environment (SCWE) - Management maintains a SCWE in which personnel feel free to raise concerns without fear of retaliation.
2. Accountability (A) - Roles, responsibilities and authorities for safety and security are clearly defined and reinforced.
3. Licensee Decision-Making (LDM) - Licensee decisions ensure that safety and security are maintained.
4. Work Practices (WP) - As individual contributors, personnel demonstrate ownership for safety and security in their day-to-day work activities.
5. Work Planning and Control (WPC) - Processes for planning and controlling work ensure that individual contributors, supervisors and work groups communicate, coordinate, and execute their work activities in a manner that supports safety and security.
6. Problem Identification and Evaluation (PIE) - Management ensures that issues potentially impacting safety or security are promptly identified and fully evaluated, commensurate with their significance.
7. Problem Resolution (PR) - The licensee ensures that safety and security issues are promptly addressed and corrected, commensurate with their significance.
8. Continuous Learning Environment (CLE) - Management maintains a continuous learning environment in which opportunities to improve safety and security are sought out and implemented.
9. Resources (R) - The licensee ensures that the personnel, equipment, procedures, and other resources needed to assure safety and security are available.
  • Adopted from the IAEAs International Nuclear Safety Advisory Group (INSAG) as presented in INSAG-4 publication

44 VII.

Mr. Peter Stockton Project On Government Oversight Great job staff for recognizing there is a security problem at the power plants.

Unfortunately, they were voted down on recent DBT increase and security information transparency issue.

We are agnostic on a policy statement. The current one states that reactor operators should not be drunk or asleep in the control room. The policy statement seems self-evident. But, the process of trying to identify these culture problems can be productive.

Problem starts at the top with NRC Commissioners o A year ago POGO interviewed each Commissioner. Some simply dont believe there is a serious terrorist threat to the nuclear power plants. One measure of this problem is the vote last week to turn down the staff recommendation to make the DBT more robust (the number of adversaries included and number of lethal weapons available to terrorists, 50 cal. Bangalore torpedoes and RPGs).

o One Commissioner made misleading and disparaging remarks to Congress about a security whistleblower in a Senate Peach Bottom hearing, that lead to an IG investigation o Recently, Commissioners voted against increasing the transparency and public information about the results of security inspections. (TA-18) o President Obama should appoint someone to the Commission who has a commitment to nuclear security. This is an opportunity to show that he is serious about his commitment to prevent nuclear terrorism.

Since 2002, POGO has interviewed or met with several hundred security officers.

From those interviews, we believe security culture is a real problem.

Security officers recognize that the DBT is unrealistic and that they would be cannon-fodder in a real attack. They refer to the DBT as the Dollar Based Threat.

o BRE - are iron coffins o They know they wont get effective outside help because of timelines o They know they will be outgunned o Excessive overtime leads to lack of attentiveness o When questioned about the lame DBTNRC claims, that is all you can expect of private guard force. This is dangerous. This attitude trickles down to create a culture.

There is too much advance notice of security tests (force-on-force). There is a culture of wanting the plants to look good. Not a culture of: How well protected are the power plants? Should win overwhelmingly-no surprise, no speed, or no violence of action (the major advantages that terrorists have).

NFS/BWXT serious problems with DBT

45 Security officers concerns are not taken seriously by the security contractor or the licensees. Security officers stop bringing up issues when nothing gets addressed. In a number of cases they are afraid to bring up issues because the fear of retaliation, including the threat to their jobs.

No real whistleblower protections.

Contractor and licensee responses to problems that are raised by saying we dont have the money or were in compliance with NRC regulations.

At Peach Bottom, security officers went to the press instead of the NRCdidnt trust the NRC Regional offices o McGaffigan experiences with Region 1 at Salem Hope Creek o Peach Bottom OIG report, no heads roll o March 2007 no safety problems, but then in September 2007, hearing about a potential video, it then became possible safety problems Enforcement/Fines $65K, sleeping guards cost NRC $500K for investigations VIII.

Mr. Greg Yuhas Safety Culture Comments:

Its all about profit, pressure and pain.

Profit is the driving force that ultimately controls the resources allocated to safety. It doesnt matter if the profit is monetary, as in private industry; prestige as in educational institutions or budget/mission as found in government and non-profits. In the end if you cant make money, attract students, stay within your budget, or successfully complete your mission, your organization will fail.

Pressure is a force that can change direction. It can be a simple as a road sign warning of a sharp curve ahead.

Pain is the antithesis of profit. It is the counter weight that must be heavy enough to balance the primal urge for profit. If you ignore the warning signs and there is no consequence or pain, you may come to believe you dont have to heed the warnings.

Safety culture is an organizational paradigm that represents a level of pressure in the decision making process. Its a set of procedures that help us recognize warning signs and act accordingly.

NRC should prepare and promulgate a Regulatory Guide presenting the programs and procedures commonly found in organizations with effective safety cultures. Since Regulatory Guides are not mandatory, they represent a form of pressure. License reviewers, inspectors, and senior managers should point to the Regulatory Guide rather than offering their own ideas of what procedures or programs should be present in

46 fostering an effective safety culture. NRC must avoid the temptation to co-manage licensees activities.

However, its up to NRC to establish clear, performance based safety significant regulations that are consistently and effectively enforced. NRC and the Agreement states are ultimately responsible for providing sufficient pain to balance the profit incentive if we are to have the public believe radioactive materials can be safely utilized.

Retrieved from "https://kanterella.com/w/index.php?title=ML090480018&oldid=5320196"