Text

.

u-oooooooooooooaaeeaoaoao RELEASED TOTHE PDR

~

(

t('?%

i r)/h/W DBJ 5

3,

............... =.......:

a a

%.,y.*

POLICY ISSUE June 22.1998 SECY-98-144 EQB:

M Com.7,5cners

)

FROM L. Joseph Callan Executive Director for Operations

SUBJECT:

WHITE PAPER ON RISK-INFORMED AND PERFORMANCE-BASED REGUL.ATION PURPOSE:

To provide for Commission approval, a final draft of a while paper defining the terms and Commisslon expectations for risk-informed and performance-based reguiation.

BACKGROUND:

i Several months ago, the staff, ACRS and ACNW were provided with an initial draft of the subject white paper for review and comment. ACRG provided comments (in the form of a line-in, line-out version of the paper) in a letter to Chairman Jackson, dated March 11,1998, and ACNW provided comments in a letter to Chairman Jackson, dated March 26,1998.

DISCUSSION I

The staff has taken the ACRS and ACNW comments and developed a proposed final draft of the white paper (attached) for Commission review and approval. This final draft was developed beginning with the line-in, line-out version provided by ACRS in their letter of March 11,1998, and modified to address ACNW and staff comments. Thus, the attached draft white paper (g

presents a collective view of what is meant by the terms " risk-informed, " risk-based" and

" performance-based" regulation. It is intended to be used as gulNe to help ensure i

consistent interpretation of these terms and implementation of the 60mmission's expectations i

with respect to their use in regulatory activities.

l RECOMMENDATION The Commission approve and issue for use the attached white paper.

c.7 i

O i. p 1 l'V d5

Contact:

py Thomas L. King, DST /RES g' 4 d l M tsN y'

-301-415-5790 g Un 0

9007290348 980622

[9 h

PDR SECY 98-144 R PDR g

.y

. The Commissioners 2

COORDIN/ TION:

This paper has been coordinated with the Office of the General Counsel, which has no legal objection.

a l

)

L. J seph Callan E cutive Director for Operations

Attachment:

White Paper on Risk-Informed, Performance- -

Based Regulation Commissioners' completed vote sheets / comments should be provided directly to the Office of the Secretary by COB Wednesday, July 8, 1998.

-Commission Staff Office comments, if any, chould be submitted to the Commissioners NLT July 1. 1998, with an information copy to the Office of the Secretary.

If the paper is of such a nature that it requires additional review and comment, the Commissioners and the Secretariat should be apprised of when comments may be. expected.

l DISTRIBUTION:

Commissioners' i

OGC l

OCAA I

OIG I

.0PA i

'OCA l

ACRS l

ACNW l

CIO:

CFO EDO REGIONS SECY l-l

I Attachment i

DRAFT Risk-Informed. Performance-Based Regulation The NRC has established its regulatory requirements, in both reactor and i

materials applications, to ensure that "no undue risk to public health and safety" results from licensed uses of Atomic Energy Act (AEA) materials and facilities, The objective of these requirements has always been to assure that the probabilities of accidents with the potential for adversely affecting public health and safety are low. For reactors, these probabilities j

were not quantified in a systematic way until.1975 when the Reactor Safety Study (WASH-1400) was published. For non-reactor activities, such quantification is still evolving. Consequently, many of NRC's regulations were developed without the benefit of quantitative estimates of risk. The perceived benefit of the regulatory requirements was based mostly on experience, testing programs and expert judgment, considering factors such as engineering margins and defense-in-depth.

There have been significant advances in and experience with risk assessment methodology since 1975. Thus, the Commission is advocating certain changes to the development and implementation of its regulations through the use of risk-informed, and ultimately performance-based approaches. The Probabilistic Risk Assessment (PRA) Policy Statement (60 FR 42622, August 16,1995) formalized the Commission's commitment to :isk-informed regulation through the expanded use of PRA. The PRA~'

Policy Statement states, in part, "The use of PRA technology should be increased in all regulatory matters to the extent supported by the state of the art in PRA methods and data, and in a manner that complements th'e NRC's deterministic approach and supports the NRC's traditional defense-in-depth philosophy."

To understand and apply the commitment expressed in the PRA Policy Statement, it is important that the NRC, the regulated community, and the public at large have a common understanding of the terms and concepts involved; an awarenessof how these concepts (in both reactor and materials arenas) are to be applied to NRC rulemaking, licensing,

i 2

Attachment DRAFT inspection, assessment, enforcement, and other decision-making; and an

. appreciation of the transitional period in which the agency and industry currently operate.

1.

Risk and Risk Assessment: This paper defines risk in terms that can be applied to the entire range of activities involving NRC licensed use of AEA materials. The risk definition takes the view that when one asks, "What is the risk?" one is really asking three questions: "What can go wrong?" "How likely is it?" and "What are the consequences?"

These three questions can be referred to as the " risk triplet." The traditional definition of risk, that is, probability times consequences, is fully embraced by the " triplet" definition of risk.

The first question, "What can go wrong?" is usually answered in the form of a " scenario"(a combination of events and/or conditions that could occur) or a set of scenarios.

The second question, "How likely is it?" can be answered in terms of the available evidence and the processing of that evidence to quantify the probability and the uncertainties involved. In some situations, data may exist on the frequency of a particular type of occurrence or failure mode (e.g., accidental overexpcsures). In other situations, there may be little or no data (e.g., core damage in a reactor) and a predictive approach for analyzing probability and uncertainty will be required.

The third question, "What are the consequences?" can be answered for each scenario by assessing the probable range of outcomes (e.g.,

dose to the public) given the uncertainties. The outcomes or consequences are the "end states" of the analyses. The choice of consequence measures can be whatever seems appropriate for raasonable decision-making in a peticular regulated activity and t

could involve combinations of end states.

4 3

Attachment DRAFT A risk assessment is a systematic method for addressing the risk triplet as it relates to the performance of a particular system (which may include a human component) to understand likely outcomes, sensitivities, areas of importance, system interactions and areas of uncertainty. From this assessment the important scenarios can be identified.

2.

Traditional and Probabilistic Anoroaches: All safety regulation ultimately is concerned with risk and addresses the three questions discussed in item 1 above. In practice, NRC addresses these three questions through the body of regulations, guidance, and license conditions that it uses to regulate the many activities under its jurisdiction. The current body of regulations, guidance and license conditions is based largely on a " deterministic" approach. As described in the PRA Policy Statement, the deterministic approach to regulation establishes requirements for engineering margin and for quality assurance in design, manufacture, and construction. In addition, it assumes that adverse conditions can exist and establishes a specific set of design basis' events (i.e., what can go wrong?). The deterministic approach involves implied, but unquantified, elements of probability in the selection of the specific accidents to be analyzed as design basis events. It then requires that the design include safety systems capable of preventing and/or mitigating the consequences (i.e., what are the consequences?) of those design basis events in order to protect public health and safety. Thus, a deterministic approach explicitly addresses only two questions of the risk triplet.

1 A probabilistic approach to regulation (also described in the PRA l

Policy Stateme'nt) considers risk (i.e., all threa questions) in a more l

coherent, explicit, and quantitative manner. The procabilistic approach explicidy addresses a broad spectrum of initiating events l

and their event frequency. It then analyzes the consequences of l

those event scenarios and weights the consequences by the frequency, thus giving a meosure of risk.

4 j

L

4 Attachment DRAFT

$ince risk assessment methods were first used to gain a better understanding of the risk associated with some of the activities and facilities that NRC regulates, substantial event data and increased sophistication and experience in the use of certain risk assessment methods (e.g., Probabilistic Risk Assessment (PRA), Integrated Safety Assessment (ISA), and Performance Assessment (PA)) has been acquired. Accordingly, there is now the opportunity to enhance l

the traditional approach by more explicitly addressing risk and

)

incorporating the insights thus gained.

Whib the traditional approach to regulation has been successful in ensuring no undue risk to public health and safety in the use of l

nuclear materials, opportunities for improvement exist. Given the broad spectrum of equipment and activities covered, the regulations can be strengthened and resources allocated to ensure that they are focused on the most risk-significant equipment and activities, and to ensure a consistent and coherent framework for regulatory decision-making. The " risk-informed" and " risk-informed, performance-based" approaches to regulation described below, if properly applied, would provide such a framework.

3.

" Risk Insights" and " Risk-Informed" Acoroach: The term " risk insights", as used here, refers to the results and findings that come from risk assessments. The end results of such assessments relate directly to public health effects., as in the Commission's Safety Goals.

For specific applications the resuits and findings may take other forms. For example, for reactors these include such things as identification of dominant accident secuences, estimates of core damage frequency (CDF)' and large early release frequency (LERF)2,

' CDF is the frequ:ncy of the combinations of initiating events, hardware failures, and human errors leading to core uncovery with refloodirig cf the core not imminent.

LERF is the 'requency of those accidents leading to significant, unmitigated releases from containment in a time-frame prior to effective evacuation of the close-in population such that there is a potential for early health effects.

l

.s i

l*

5 Attachment DRAFT and importance measures of structures, systems, and components.

On the other hand, in other areas of NRC regulation, findings and 3

results include risk curves for disposal facilities for radioactive wastes, frequency of accidental smelting of sealed sources at steel mills, frequency of occupational exposures, predicted dose from decommissioned sites and many others.

e Risk insights have already been incorporated successfully into numerous regulatory activities, and have proven to be a valuable complement to traditional approaches. Given the current maturity of some risk assessment methodologies and the current body of event data, risk insights can be incorporated more explicitly into the regulatory process in a manner that will improve both the efficiency and effectiveness of current regulatory requirements.

- A " risk-informed" approach to regulatory decision-making represents a philosophy whereby risk insights are considered together with other factors to establish requirements that better focus licensee and regulatory attention on design and operational issues commensurate with their importance to health and safety. A " risk-informed" approach enhances the traditional approach by: (a) c'iowing explicit

)

consideration of a broader set of potential 'lallenges to safety, (b) providing a logical means for prioritizing these challenges based on risk significance, operating experience, and/or engineering judgment,

' (c) facilitating consideration of a broader set of resources to defend against these challenges, (d) explicitly identifying and quantifying sources of uncertainty in the analysis, and (e) leading to better decision-making by providing a means to test the sensitivity of the results to key assumptions. Where appropriate, a risk-informed regulatory approach can also be used to reduce unnecessary l

conservatism in deterministic approaches, or can be used to identify I

1

• Risk curves are estimates of the probability that a given consequence will be exceeded l

t

6 Attachment DRAFT areas with insufficient conservu a and provide the bases for additional requirements or regulatory actions.

4.

Risk-Informed and Defense-in-Deoth: The concept of defense-in-depth 4 has always been and will continue to be a fundamental tenet of regulatory practice in the nuclear field. Risk insights can make the elements of defense-in-depth more clear by quantifying them to the extent practicable. Although the uncertainties associated with the impo.tance of some elements of defense may be substantial, the fact that these elements and uncertainties have been quantified can aid in determining how much defense makes regulatory sense. Decisions on the adequacy of or the necessity for elements of defense should reflect risk insights gained through identification of the individual performance of each defense system in relation to overall performance.

5.

" Risk-Based": A " risk-based" approach to ragulatory decision-making is one in which a safety dec'ision is solely based on the numerical results of a risk assessment. This places heavier reliance on risk assessment results than may currently be practicable. Note that the Commission does nat endorse an approach that is " risk-based";

however, this does not invalidate the use of calculations to demonstrate compliance with certain criteria, such as dose limits.

)

6.

" Performance-Based": A regulation can be either prescriptive or performance-based. A prescriptive requirement specifies particular features, actions, or programmatic elements to be included in the j

design or process, as the means for achieving a desired objective. A l

performance-based requirement relies upon measurable (or calculable) outcomes (i.e., performance results) to be met, but 4 Defense-in-depth is an element of the NRC's Safety Philosophy that employs successive compensatory measures to prevent accidents or mitigate damage if a malfunction or accident occurs at a j

nuclea.- facility. The defense-in-depth philosophy ensures that safety will not be wholly dependent on any j

L single element of the design, construction, maintenance, or operation of a nuclear facility. The net effect of i

incorporating defense-in-depth into design, construction, maintenance, and operation is that the facility or system in question tends to be more tolerant of failures and extemal challenges.

l 1

.c 7

Attachment DRAFT provides more flexibility to the licensee as to the means of meeting those outcomes. A performance-based regulatory approach is one that establishes performance and results as'the primary basis for regulatory decision-making, and incorporates the following attributes:

(1) measurable (or calculable) parameters (i.e., direct measurement of t.he physical parameter of interest or of related parameters that can be used to calculate the parameter of interest) exist to monitor system, including licensee, performance against clearly defined, objective criteria, (2) licensees have flexibility to determine how to meet the established performance criteria in ways that will encourage and reward improved outcomes; and (3) a framework exists in which i

the failure to meet a performance criterion, while undesirable, will not l

in and of itself constitute or result in an immediate safety concern.

j The measurable (or calculable) parameters may be included in the l

regulation itself or in formal license conditions, including reference to regulatory guidance adopted by the licensee. This regulatory approach is not new to the NRC. For instance, the Commission previously has approved performance-based approaches in 10 CFR Parts 20,60, and 61. In particular, the Commission weighed the relative merits of prescriptive and performance-based regulatory approaches in issuing 10 CFR Part 60.

A performance-based approach can be implemented without the use of risk insights. Such an approach would require that objective performance criteria be based on deterministic safety analysis and performance history. This' approach would still provide flexibility to i

the licensee in determining how to meet the performance criteria.

Establishing objective performance criteria for performance monitoring may not be feasible for some applications and, in such cases, a performance-based approach would not be feasible.

l l

As applied to inspection, a performance-based approach tends to emphasize results (e.g., can the pump perform its intended function?)

over process and method (e.g., was the maintenance technician trained?). Note that a performance-based approach to inspection L

s 8

Attachment l

DRAFT does not supplant or displace the need for compliance with NRC requirements, nor does it displace the need for enforcement action, as appropriate, when non-compliance occurs.5

. As applied to licensee assessment, a performance-based approach focuses on a licensee's actual performance results (i.e., desired outcomes), rather than on products (i.e., outputs). In the broadest sense, the desired outcome of a performance-based approach to i

regulatory oversight will be to focus more attention and NRC resources on those licensees whose performance is declining or less than satisfactory.

7.

" Risk-informed. Performance-Based": A risk-informed, performance-based approach to regulatory decision-making combines the " risk-i informed" and " performance-based" elements discussed in Items 3 and 6, above, and applies these concepts to NRC rulemaking, licensing, inspection, assessment, enforcement, and other decision-making. Stated succinctly, risk-informed, performance-based regulation is an approach in which risk insights, engineering analysis and judgment, and performance history are used, to (1) focus attention on the most important activities, (2) establish objective criteria based upon risk insights for evaluating performance, (3) develop measurable or calculable parameters for monitoring system and licensee performance, and (4) focus on the results as the primary basis of regulatory decision-making.

The definitions and concepts in this paper have proven suitable for application to nuclear power plants and certain non-reactor activities (e.g.,

PA of geologic repositories). While different in detail, these activities are similar in terms of system complexity and the application of probabilistic l

5 l

Not every aspect of licensed activities can or should be inspected using this J

approach. For example. if a licensee is unsuccessful in meeting the criteria defined by a performance-based regulation, the inspector should then focus on the licensee's process and method, to understand the root cause of the breakdown in perfonnance, and to understand how future poor performance may be avoided.

9 Attachment DRAFT metho'ds to the determination of safety. In simpler situations, the concepts and definitions should prove equally suitable provided that NRC adopts a flexible framework for the implementation of risk-informed, and ultimately performance-based regulation across the full spectrum of the materials, processes, and facilities regulated by the NRC.

l l

i l

i l

\\

l i

_