Text

lb i

f"*\\,u qf gfq' UNITED STATES NUCLEAR REGULATORY COMMISSION y

U e

WASHINGTON, D.C. 20555-0001

.....+

March 10, 1998 CHA!RMAN Mr. David M. Abshire Center for Strategic & Intemationa Studies 1800 K Street, NW Washington, DC 20006

Dear Mr. Abshire:

By separate letter, I informed you about Commission and Nuclear Regulatory Commission (NRC) staff participation in the proposed Center for Strategic & Intemational Studies (CSIS) project on nuclear reguletory reirivention.

In your February 10,1998, letter, you indicated that the CSIS project on nuclear regulatory reinvention would center on a " risk-informed, performance-based" approach to reactor regulation. For your information, the Commission is currently reviewing a draft paper that attempts to define and/or clarify terms and concepts related to such an approach. This draft paper is enclosed.

I look forward to our discussions on this matter.

Sincerely, f

n Shirley Ann Jackson I

Enclosure:

As stated cc:

Commissioner Dieus Commissioner Diaz Commissioner McGaffigan K. Cyr, OGC j

L. Callan, EDO J. Funches, CFO A. Galante, CIO l

i l

pecP 9803230414 980310 PDR COMMS NRCC

]

CORF ESPONDENCE PDR

.. a a1 (i y s? I t L____________________________.-------

1 l

DRAFT Risk-Informed. Performance-Based Reculation The NRC has established its regulatory requirements, in both reactor and

{

materials applications, to ensure that "no undue risk to public health and j

safety" results from licensed uses of Atomic Energy Act materials. Based on advances in risk assessment methodology and the accumulation of experience, the Comission is advocating certain changes to the development and implementation of its regulations, through the use of risk-informed, performance-based approaches. The Probab4.11stic Risk Assessment (PRA) Policy Statement (60 FR 42622. August 16,1995) formalized the Commission's commitment to risk-informed regulation through the expanded use of PRA. The PRA Policy Statement states, in part, "The use of PRA technology should be d

increased in all regulatory matters to the extent supported by the state cf the art in PRA' methods and data, and in a manner that complements the NRC's deterministic approach and supports the NRC's traditional defense-in-depth philosophy.~

To understand and apply the commitment expressed in this policy statement, it is important that the NRC, the regulated community, and the public at large have a common understanding of the terms and concepts involved; an awareness of how these concepts (in both reactor and materials arenas) are to be applied to NRC rulemaking, licensing, inspection, assessment, enforcement, and other I

decision-making; and an appreciation of the transitional period in which the agency and the industry currently operate.

1.

Traditional Anoroach: The current body of NRC regulations is largely based cn a " deterministic" approach--that is, requirements have been devised based on a defined set of causes and effects (derived both empirically and predictively) associated with a given use of licensed material (e.g., in a reactor plant or s nuclear medicine application).

This approach employs the use of safety margins, operating experience, j

J accident analysis, and qualitative assessments of risk, relying heavily on the application of the " defense-in-depth ~ philosophy.2 Since this 3

l

{

' Defense in-depth is an eleme<1t of the NRC's Safety Philosophy that employs successive compensatory measures to prevent accidents or mitf ate darege if a malfunction or accident occurs at a nuclear facility. The defense-in dept philosophy ensures that safety will not be wholly dependent on any single element of the d sign, con *,truction, maintenance, or Padundancy (the use of multiple identical trains of a operation of a nuclear facility.

comnon system) and diversity f.the use of unlike methods to avoid susceptibility to common-mode failure) in the design of protective features are exattples of defense in-depth l

strategies--as are extensive quality assurance programs, operator training programs, ongoing DRAFT

[

l 2

DRAFT approach attempts to accourt for the predicted severity of adverse effects, it might be considered, at some level. "rlsk-informed."

However, as explained below, the acquisition of more event data and the increasing sophistication of certain risk assessment methods (e.g.,

Probabilistic Risk Assessment (PRA). Integrated Safety Assessment (ISA),

and Performance Assessment (PA)) provides the opportunity to enhance this traditional approach by improving the incorporation of risk insights.

2.

Areas for Imorovemant: While the traditional approach to regulation has been successful in ensuring adequate protection (i.e.

"no undue risk to public health and safety") in.the use of nuclear materials, several opportunities for enhancement exist. The body of regulations has evolved i'n response to evolving experience; therefore, some degree of

" patch-work" has resulted--leading to the appearance of inconsistency or unevenness in emphasis. Given the broad spectrum of equipment and activities covered, the regulations can be strengthened to ensure that they are focused on the most risk-significant equipment and activities, and to ensure consistent consideration of a coherent framework for regulatory decision-making. The " risk-informed" and " risk-informed.

performance-based" approaches to regulation described below, if properly applied, would provide such a coherent framework.

3.

Risk and Risk Assessment:

For the purposes of this paper, the term J

" risk" is used to express the combination of the consequences of an undesirable event and its probability of occurrence. The most fundamental expressions of " risk" relate directly to public health effects, as in the Commission's Safety Goals. Other expressions of

" risk" include c. ore damage frequency (CDF)2 and large early release frequency (LERF).3 The term " risk insights." as used here, refers to i

rams, and NRC regulatory oversight. 'ihe net effect of testing and maintenance pr incorporating defense-in-d th into design construction, maintenance, and operation is that the system in question tend tobemoretolerantoffailures.

CDF is the frequency of the combinations of initiating events, hardware failures, and 8

human errors leading to core uncovery with reflooding of the core not imminently expected.

LERF is the frequency of those accidents leading to significant, unmitigated releases 8

from containment in a time-frame prior to effective evacuation of the close in population l

such that there is a potential for early health effects.

l DRAFT 1

3 DRAFT the results and findings that come from risk assessments.

For reactors, these insights include such things as the identification of dominant accident sequences, core damage frequency, containment failure probability, changes in CDF and LERF dominant risk contributors, and importance measures.

A risk assessment is a systematic method for assessing system performance, including human performance, to understand likely outcomes, sensitivities, areas of importance system interactions, and areas of uncertainty. The risk insights yielded by these risk assessment techniques have been incorporated successfully into numerous regulatory activities, and have proven to be a valuable complement to traditional engineering approaches. Given the current body of event date and the improvements in some risk-assessment methods. risk assessment methodologies can be incorporated more explicitly into the regulatory process in a manner that will improve both the efficiency and the effectiveness of current regulatory requirements.'

4.

" Risk-Based":

A " risk-based" approach to regulatory deci.sion-making is an approach that relies exclusively on risk assessment results. Note that the Commission does aqt endorse, nor has it ever endorsed, a " risk-

' Risk assessments also can be used to quantify the relationship between uncertainty and defense-in depth. The magnitude of a single calculated risk number cannot be used to eliminate safety barriers without due consideration of uncertainty. Redundant and diverse i

protective features serve as multiple barriers against catastrophic events. Typically, each layer of a multi barrier system (whether human or hardware) will have much higher failure I

rates than a single. stand alone barrier. Each layer also generally has an associated operational database that can be used to provide some level of confidence in the performanc.e of that particular barrier. Relaxations based on risk informat'on would likely involve situations where one barrier of a multi-barrier system is believed to have a much higher availability than others, suggesting that the requirements on the others may be unnecessary.

Note, however, that the single barrier system with higher availability may not have an associated experience d3tabase that would provide the desired confidence in system performance. Consequently, any argument to remove barriers, if based on risk assessments, must be accompanied by a scrutable and rigorous methodology for addressing uncertainty.

Note, in addition, that the term " multiple barriers" has a slightly different meaning in the context of radioactive waste disposal systems. Specifically a waste disposal system l

must include multiple natural and engineered barriers (typically passive in nature) so that unavailability is not a particular concern. Also, multiple barriers in a waste disposal system normally are not redundant and it is possible to have the " top" event with one or even all barriers functional.

DRAFT 1

4 DRAFT hasstd" approach to regulatory decision-making.

5.

" Risk-Informed": A " risk-informed" approach to regulatory decision-j making represents a philosophy to be used in all regulatory matters j

whereby risk insights are considered together with other factors, such l

i as the basis for current regulations, engineering analysis and judgment, the defense-in-depth philosophy, and preserving adequate safety margins.

These integrated elements are used to establish requirements that focus

{

licensee and regulatory attention on design and operational issues

{

commensurate with their importance to public health and safety.

l

)

A " risk-informed" approach enhances the traditional approach by:

(a) allowing explicit consideration of a broader set of potential challenges i

to safet, (b) providing a logical means for prioritizing these challenges based on risk significance, operating experience, and/or i

l engineering judgment, and (c) facilitating consideration of a broader set of resources to defend against these challenges. A " risk-informed" approach can be used to focus regulatory attention on those areas most j

important to public health and safety by considering risk in a more coherent and comprehei ive manner. Where appropriate, a risk-informed regulatory approach can be used to reduce unnecessary conservatism in deterministic approaches, or can be used to identify areas with insufficient conservatism and provide the bases for additional requirements or regulatory actions.

Note that a risk-informed regulation can be either prescriptive or performance-based. A prescriptive requirement specifies particular features, actions, or programmatic elements to be included in the design or process, as the means for achieving a desired objective. A performance-based requirement specifies measurable (or calculable) outcomes (i.e., performance results) to be met, but provides more flexibility to the licensee as to the means of meeting those outcomes.

6.

" Performance-Based": A performance-based approach is an approach that establishes performance and results as the primary basis for regulatory decision-making, and incorporates the following attributes:

(1) measurable parameters to monitor, with clearly defined, objective criteria against which to assess plant and licensee performance: (2) licensee flexibility in determining how to meet the established performance criteria that will encourage and reward improved operations:

N

5 DRAFT and (3) a framework in which the failure to meet a performance criterion, while undesirable, will not in and of itself constitute or result in adverse consequences.

A performance-based approach can be implemented without the use of risk insights. Such an approach would require that objective performance criteria be based on deterministic safety analysis and performance history. This approach would still provide flexibility to the licensee in determining how to meet the performance criteria.

Establishing objective performance criteria for performance monitoring may not be feasible for some applications and in such cases, a performance-based approach would not be feasible.s As applie'd to inspection. a performance-based approach tends to emphasize results (e.g., does the pump work?) over process and method (e.g., was the maintenance procedure well-written?). Note that a performance-based approach to inspection does not supplant or displace the need for compliance with NRC requirements, nor does it displace the need for enforcement action, as appropriate, when non-compliance occurs.'

As applied to licensee assessment, a performance-based approach focuses on a licensee's actual performance results (i.e., desired outcomes),

rather than on predicted improvements or self-assessments (i.e..

outputs).

In the broadest sense, a performance-based approach to

' Substantial differences exist among various reactor and materials applications

-(including the approximately 40 activities, systems, and devices that use or addrcrs the disposal of nuclear materials), and alternative attributes should be considered in many cases. For example, the degree of accident potential, the level of hazard and the complexity of the application varies greatly between low activity sealed sources and large fuel cycle facilities, in addition, the data available for detemining compliance with performance based regulations varies from actual personnel monitoring data (as in These radiography applications) to predictions of geologic performance over 10.000 years.

and other differences should be considered when defining specific attributes for using a l

performance-based regulatory approach over a range of applications.'

j i

• Not every aspect of licensed activities can or should be inspected using this approach. For example, if a licensee is unsuccessful in meeting the criteria defined by a performance-based regulation, the inspector should focus on the licensee's process and method, to understand the root cause of the breakdown in performance, and to understand how future poor performance may be avoided.

[-

6 DRAFT regulatory oversight will focus more attention and NRC resources on those licensees whose performance is less than optimal.

7.

" Risk-Informed. Performance-Based": A risk-informed, performance-based approach to regulatory decision-making combines the " risk-informed" and

" performance-based" elements discussed in Items 5 and 6 above, and applies these concejts to NRC rulemaking, licensing, inspection, assessment, enforcement, and other decision-making. Stated succinctly, risk-informed, performance-based regulation is an approach in which risk insights, engineering analysis and judgment, and performance history are used, when feasible. (1) to develop measurable and/or calculable parameters for monitoring system and licensee performance, (2) to establish objective criteria for evaluating performance, and (3) tc focus on the results as the primary basis of regulatory decision-making.

DRAFT

- _ _ _ _