IMC 0308 Reactor Oversight Process Basis Document

ML22125A164
Person / Time
Issue date:	10/04/2022
From:	Alex Garmoe NRC/NRR/DRO/IRAB
To:
Alex Garmoe, NRR/DRO/IRAB, 415-3814
Shared Package
ML22276A152, ML22161A954	List:
References
CN 22-020, DC 22-014
Download: ML22125A164 (51)
v • d • e

Text

NRC INSPECTION MANUAL IRAB INSPECTION MANUAL CHAPTER 0308 REACTOR OVERSIGHT PROCESS BASIS DOCUMENT Effective Date: 01/01/2023

CONTENTS 0308-01 PURPOSE .................................................................................................................. 1 0308-02 OBJECTIVES .............................................................................................................. 1 0308-03 APPLICABILITY .......................................................................................................... 1 0308-04 RESPONSIBILITIES AND AUTHORITIES ................................................................. 1 04.01 Director, Division of Reactor Oversight (DRO)............................................................ 1 04.02 Chief, Reactor Assessment Branch (IRAB) ................................................................ 1 04.03 Chief, Reactor Inspection Branch (IRIB) ..................................................................... 1 0308-05 GUIDANCE ................................................................................................................. 2 05.01 Introduction ................................................................................................................. 2 05.02 Background ................................................................................................................. 2 05.03 The ROP Regulatory Framework .............................................................................. 10 05.04 Cornerstones of Safety ............................................................................................. 12 05.05 Cross-Cutting Areas and Safety Culture Oversight .................................................. 16 05.06 Risk-Informed Scale. ................................................................................................. 21 05.07 Very Low Safety Significance Issue Resolution ........................................................ 24 05.08 ROP Self-Assessment and Related Evaluations ...................................................... 25 05.09 ROP for New Reactors ............................................................................................. 27 05.10 Additional Commission Commitments ...................................................................... 29 0308-06 REFERENCES ......................................................................................................... 32 Attachments (Standalone): ......................................................................................................... 34 Exhibit 1 Reactor Oversight Process .................................................................................... Ex1-1 Exhibit 2: Reactor Oversight Process Framework ................................................................ Ex2-1 Exhibit 3: Initiating Events Cornerstone ................................................................................ Ex3-1 Exhibit 4: Mitigating Systems Cornerstone ........................................................................... Ex4-1 Exhibit 5: Barrier Integrity Cornerstone - Fuel Cladding ....................................................... Ex5-1 Exhibit 6: Barrier Integrity Cornerstone - Reactor Coolant System ...................................... Ex6-1 Exhibit 7: Barrier Integrity Cornerstone - Containment ......................................................... Ex7-1 Exhibit 8: Emergency Preparedness Cornerstone ................................................................ Ex8-1 Exhibit 9: Occupational Radiation Safety Cornerstone ......................................................... Ex9-1 Exhibit 10: Public Radiation Cornerstone ........................................................................... Ex10-1 Exhibit 11: Security Cornerstone ........................................................................................ Ex11-1 Exhibit 12: Conceptual Model for Evaluating Licensee Performance ................................. Ex12-1 : Revision History for IMC 0308 ....................................................................... Att7-1 Issue Date: 10/04/22 i 0308

0308-01 PURPOSE The purpose of this IMC is to document the basis for significant decisions reached by the U.S.

Nuclear Regulatory Commission (NRC) staff during the development and subsequent implementation of the Reactor Oversight Process (ROP) for operating commercial nuclear power plants. This document shall serve as the basis for all applicable ROP program documents such as Inspection Manual Chapters (IMCs), Inspection Procedures (IPs), the Performance Indicators (PIs) program, the Assessment Program, and the Significance Determination Process (SDP).

0308-02 OBJECTIVES 02.01 To summarize the history of, and reasons for, significant changes made to the oversight processes.

02.02 To discuss significant developmental steps and decisions reached in the formation of the ROP.

02.03 To describe in general how the ROP works.

0308-03 APPLICABILITY This IMC is applicable to all ROP governing documents. The governing documents may at times be referred to as guidance; however, the provisions of the IMCs shall be followed unless flexibility is explicitly stated.

0308-04 RESPONSIBILITIES AND AUTHORITIES 04.01 Director, Division of Reactor Oversight (DRO)

Responsible for the content of the basis document.

04.02 Chief, Reactor Assessment Branch (IRAB)

a. Responsible for periodic updates to IMC 0308 in accordance with IMC 0040, Preparing, Revising and Issuing Documents for the NRC Inspection Manual.

b. When making changes to other IMCs, or applicable ROP documents, those changes shall be reviewed and considered for possible inclusion in this IMC basis document.

04.03 Chief, Reactor Inspection Branch (IRIB)

a. Responsible for periodic updates to IMC 0308 in accordance with IMC 0040.

b. When making changes to other IMCs, or applicable ROP documents, those changes shall be reviewed and considered for possible inclusion in this IMC basis document.

Issue Date: 10/04/22 1 0308

0308-05 GUIDANCE 05.01 Introduction

a. On April 2, 2000, the NRC implemented a new oversight process at all operating commercial nuclear power plants replacing the former Systematic Assessment of Licensee Performance (SALP) Process. The objective for developing the various components of this new oversight process was to provide tools for inspecting and assessing licensee performance and enforcing NRC requirements in a manner that was more risk-informed, objective, predictable, and understandable than previous oversight processes. The new process, called the ROP was designed to:

1. Maintain safety;

2. Increase openness;

3. Make NRC activities and decisions more effective, efficient, and realistic; and

4. Reduce unnecessary regulatory burden.

In developing the ROP, many aspects of the old oversight process, such as the Inspection Program, Assessment Process, and Enforcement Policy were revised to meet the above stated objectives and be better integrated and streamlined. Additionally, several new oversight processes were developed, such as the PI Program and an SDP for inspection findings. An overview of the ROP and how each of these individual processes interact is seen in Exhibit 1.

b. The following discussion provides background on how the ROP was developed and the basis for the key attributes of the new oversight process. Additional detail regarding the development and basis for each of the individual oversight processes and programs is included in the attachments to this document.

1. Attachment 1 discusses the PIs, the basis for selecting the initial set of PIs and their thresholds, and how the PIs were benchmarked.

2. Attachment 2 describes the Inspection Program and discusses the concepts of the baseline and supplemental inspections.

3. Attachment 3 discusses the basis for the different SDPs that have been developed to evaluate the safety significance of inspection findings.

4. Attachment 4 discusses how the Assessment Program was developed to identify the appropriate NRC actions to take based on PI and inspection finding inputs.

5. Attachment 5 describes the significant changes made to the Enforcement Policy to support the ROP.

6. Attachment 6 describes the basis behind the Security Cornerstone of the ROP 05.02 Background

a. Development of an assessment process, 1975-1985:

Issue Date: 10/04/22 2 0308

During the early years of the NRC, the focus of the agency was on inspection and enforcement with little focus on overall assessment of plant performance. An outcome from the incident at Three Mile Island in 1979 was that each operating nuclear power plant licensee should be periodically subjected to intensive and open review of its performance according to the requirements of its license and applicable regulations. This recommendation resulted in the creation of the SALP Program. SALP evaluations were conducted by regional and headquarters staff every 12 to 24 months to assess performance of each licensed nuclear power plant. The SALP process was an attempt to pause and assess plant performance holistically and was comprised of graded functional areas, management reviews, an assessment period, and a resultant report. The SALP process initially had seven functional areas but was later revised to four: Operations, Maintenance, Engineering, and Plant Support.

b. Improvements in the late 1980s:

During the late 1980s, in response to lessons-learned regarding the NRCs approach to assessing licensee safety performance stemming from the Davis-Besse loss of feedwater event in 1985, the Senior Management Meeting (SMM) review process and associated NRC Watch List were developed. The SMM process provided a forum for senior managers to assess nuclear reactor safety performance. The SMM review process consisted of an expert panel to review plants from their region. These managers would review data from each site to determine if the site needed to be placed on the Watch List. Many stakeholders felt that the process for determining this was very subjective, not predictable or repeatable, and not risk-informed. There were also vast regional differences between the ways plants were treated. The Regional Administrators (RAs) had veto power and could override any decisions made by the SMM. Often when this happened, decisions were made that might not be consistent with the given plant data. To help remedy this, cross regional visits were performed to improve the process.

Plants that were placed on the Watch List were usually subject to a meeting with the Commission and a 1-2 year shutdown to fix problems, which could have a significant financial impact (possibly around $250M-$500M in 1980-90s dollar). The process also had unintended financial consequences on the licensees such as negative effects on Wall Street.

In addition to the SALP evaluations and SMMs, the NRC also developed another process for assessing performance called the Plant Performance Review (PPR) process. The PPR process, provided a shorter term (semi-annual) integrated review of licensee performance than was provided by the SALP program. PPR results were sent to licensees in a letter that included relevant performance issues (which were documented in the Plant Issues Matrix (PIM)), as well as the NRC's inspection and activity schedule for the next six to twelve months. The letter also provided the reasons for any revisions to the previous inspection schedule.

The PIM and other selected sources of information constituted the raw assessment data used in the PPR. Assessment information for each plant was summarized in the PIM, which allowed for a more efficient and thorough integration of information during the PPR. PIMs contained a historical listing of plant issues according to the four functional areas of the SALP program (Operations, Maintenance, Engineering, and Plant Support).

The PIM contained only items from inspection reports or other publicly available Issue Date: 10/04/22 3 0308

correspondence between the NRC and the licensee. PIMs were also made publicly available as part of the letters sent to all licensees following the PPR.

c. Growing criticism in the late 1990s:

In the mid to late 1990s, growing concerns from the public, industry, and Congress were raised about the predictability, objectivity, and timeliness of NRC decisions and the fair assessment of licensee performance. Criticism included:

1. The focus of NRC activities;

2. The implementation of NRC programs;

3. Aggregation of Severity Level IV violations;

4. Use of regulatory significance (vs risk significance as a concept which resulted in the NRC not clearly focusing on the most important safety issues);

5. Overly subjective processes with NRC action taken in a manner that was neither scrutable nor predictable; and

6. Inconsistencies between NRC regional offices in the significance assigned to similar inspection issues in determining licensee safety performance.

d. Evaluation of the assessment processes in the late 1990s:

1. June 28, 1996: In a Staff Requirements Memorandum (SRM), the Commission directed the staff to assess the SMM process and evaluate the development of indicators that could provide a basis for judging whether a plant should be placed on or deleted from the NRC Watch List (Ref. 1).

2. December 30, 1996: In response to the Commissions direction, a study of the effectiveness of the SMM process was completed by the Arthur Anderson Company (Ref. 2).

3. April 2, 1997: The staff issued SECY-97-072 to inform the Commission of the staffs plans to address the recommendations made by the Arthur Andersen Company (Ref.

3).

4. June 24, 1997: The Commission issued SRM M970424B in which it approved the staffs plan to develop improvements to the SMM process (Ref. 4).

e. Efforts from the former Office for Analysis and Evaluation of Operational Data (AEOD) to evaluate improvements to the SMM process combined direction from several SRMs, which led the staff to improve the objectivity, accuracy, and efficiency of the current assessment process. They also led the staff to evaluate the merits of defining and formalizing a unified licensee performance assessment program that integrates the various separate processes being utilized.

1. June 6, 1997: The staff issued SECY-97-122 to inform the Commission of the staffs plans to perform an Integrated Review of the Assessment Processes (IRAP),

including plant performance reviews (PPRs), SALPs, and SMMs (Ref. 5).

Issue Date: 10/04/22 4 0308

2. August 19, 1997: The Commission issued SRM 9700238 which approved the staffs plans to perform the integrated review (Ref. 6).

f. The IRAP team took a process re-engineering approach to identify those objectives, attributes, and activities that a new assessment process would need in order to adequately assess licensee performance and to identify the sources of information necessary to support the assessment. The team evaluated the current assessment processes, such as the SALP, PPR, and the SMM, using continuous quality improvement techniques to determine which attributes may be retained to support the new process.

1. March 9, 1998: The staff issued SECY-98-045 which forwarded the staffs recommendation for a new integrated assessment process (Ref. 7). The fundamental concepts that formed the basis of the IRAP proposal were:

(a) Inspection findings provided the basis for the assessment; (b) Inspection findings would be categorized by performance template areas and would be scored according to safety significance; (c) Assessment would be accomplished by totaling the scores in each template area and comparing these scores against threshold values; and (d) NRC actions would be taken based on a decision model.

2. June 30, 1998: The Commission issued the SRM for SECY-98-045, in which the Commission expressed concerns with: the apparent use of enforcement as a "driving force" for the assessment process; the quantitative scoring of PIM entries; and the use of color coding to define performance rating categories. However, the Commission did approve the solicitation of public comment on the IRAP proposal and requested the staff to: provide a recommendation for changes to the assessment process; address regional consistency and equitable treatment of plants receiving varying levels of inspection effort; and include conceptual changes to the inspection program needed to conform with the new assessment process (Ref. 8).

g. Industry proposal for a new oversight process in the late 1990s:

In parallel with the staffs development of the IRAP proposal, the industry developed an independent proposal for improving the oversight process that was documented in a draft white paper (Ref. 9). This effort, led and coordinated by the Nuclear Energy Institute (NEI), resulted in a concept that was fundamentally and philosophically different from the IRAP proposal.

This approach established tiers of licensee performance based on maintaining the barriers to radionuclide release, minimizing events that could challenge the barriers, and ensuring that systems can perform their intended functions. Performance in these tiers would be measured through reliance on high-level, objective indicators with thresholds set for each indicator to form a utility response band, a regulator response band, and a band of unacceptable performance (which became Columns 1-5 of the Action Matrix).

In response to the NEI proposal, Commission comment on the IRAP proposal, and comments made at the July 17, 1998, Commission meeting with public and industry Issue Date: 10/04/22 5 0308

stakeholders, the staff set out to develop a single set of recommendations for making improvements to the regulatory oversight processes.

h. Stakeholder collaboration on a new oversight process:

The IRAP public comment period and a series of public meetings were used to facilitate internal and external stakeholder input into the development of these recommendations.

The 60-day IRAP public comment period, which ended on October 6, 1998, was used to seek comment on improvements to the assessment process. As part of the public comment period, the staff sponsored a 4-day public workshop from September 28 through October 1, 1998, to interact with the industry and public to obtain and evaluate input on improving the regulatory oversight processes. During the workshop, a consensus was reached on the overall philosophy for regulatory oversight and general agreement was achieved among workshop participants on the defining principles for the oversight processes.

After the workshop, the staff began several short-term activities to continue developing the improvements to the regulatory oversight process that had been initiated at the workshop. All of these activities involved broad participation from all four regions, the Office of Nuclear Reactor Regulation (NRR), the Office of Enforcement (OE), the Office of Nuclear Regulatory Research (RES), and AEOD. The staff selected to participate in these activities were agency experts in various aspects of regulatory oversight, such as risk analysis, use of PIs, inspection, and assessment techniques. Each of these activities also involved frequent interaction with the industry and the public during the development of recommended improvements.

Three task groups were formed to develop these recommendations: a technical framework task group, an inspection task group, and an assessment task group.

1. The technical framework task group was responsible for completing the regulatory oversight framework and for identifying the PIs and appropriate thresholds that could be used to measure performance.

2. The inspection task group was responsible for developing the scope, depth, and frequency of a risk-informed baseline inspection program that would be used to supplement and verify the PIs.

3. The assessment process task group developed methods for integrating PI and inspection data, determining NRC action based on assessment results, and communicating results to licensees and the public.

OE activities to improve the enforcement process were coordinated with the three task groups to ensure that enforcement process changes were properly evaluated in the framework structure, and that changes to the inspection and assessment programs were integrated with changes to the enforcement program.

i. New oversight recommendation, January 1999:

January 8, 1999: The staff issued SECY-99-007 forwarding the staffs recommendations for an ROP for commercial nuclear power plants. These recommendations consisted of a framework for regulatory oversight that established seven cornerstones of safety. Fundamental to this concept was the Issue Date: 10/04/22 6 0308

idea that licensee performance that met the objectives and key attributes of each of these cornerstones would provide reasonable assurance that public health and safety was maintained (Ref. 10).

In the ROP, licensee performance within each cornerstone is measured by a combination of PIs and inspection results. PIs were developed for each of the cornerstones to provide an objective indication of licensee performance. A risk-informed baseline inspection program was developed to both independently verify the PIs and to inspect those aspects of licensee performance not adequately covered by a PI. The risk-informed baseline inspection program established the minimum inspection effort that all licensees would receive, regardless of their performance.

Risk-informed thresholds were developed for both the PIs and inspection findings to establish performance bands. These performance bands provide for increased regulatory action as licensee performance degrades, as indicated by crossing more risk significant thresholds. A key aspect of using performance thresholds is that it establishes a level of licensee performance that does not warrant additional NRC involvement beyond the baseline inspection program. The assessment process was redesigned to be more streamlined and objective by using the PIs and inspection findings as assessment inputs and applying an Action Matrix, Figure 1 of IMC 0308 Attachment 4, to determine the appropriate follow-up to indications of degrading licensee performance. The enforcement process was also revised to be better integrated and consistent with the inspection program and assessment process.

j. Development of a pilot program, 1999:

1. March 22, 1999: The staff issued SECY-99-007A that provided the Commission additional information on the concepts for the ROP and presented the staffs plans for a 6-month pilot of the new oversight processes at two sites per region (Ref. 11).

2. June 18, 1999: The SRM on SECY-99-007 and SECY-99-007A was issued which approved the scope and concepts for the ROP and approved the staff plan for the pilot program (Ref. 12). The SRM also included the following direction:

(a) The staff should consider ways to ensure that the assessment process is sufficiently robust to address programmatic breakdowns (e.g., breakdown of a corrective actions program or aspects of a particular quality assurance program) which are different from issues involving many minor findings. Consistent with this approach, and the overall direction of the changes to the inspection, assessment, and enforcement programs, the staff should not continue to evaluate the feasibility of designing a system to analyze the risk significance of numerous problems of lower safety significance, which in the aggregate could be significant.

(b) The Commission should be briefed annually regardless of whether any plants are identified for agency-level action.

(c) The staff should provide licensees (and the public) with fourth quarter assessments prior to the annual Commission meeting to aid licensees' efforts to address NRC concerns, to provide due process, and to ensure against surprises coming out at the meeting.

Issue Date: 10/04/22 7 0308

(d) The staff should consider how it will address licensee-identified issues so as to not discourage licensees from having an aggressive problem-identification process.

3. The 6-month pilot program for the ROP was conducted from May 30 to November 27, 1999. The pilot program was conducted in accordance with the guidelines and procedures forwarded by memorandum from the Director of NRR to the four RAs, dated May 20, 1999 (Ref. 13). The sites participating in the pilot program were:

Region I Region II Region III Region IV Salem/Hope Creek Shearon Harris Prairie Island Fort Calhoun FitzPatrick Sequoyah Quad Cities Cooper The purpose of the pilot program was to apply the ROP and identify lessons learned so that the various processes and procedures could be refined and revised as necessary prior to initial implementation. The objectives of the pilot program were:

(a) To exercise the various components of the ROP to evaluate whether or not they could function efficiently; (b) To identify significant process and procedure problems and make appropriate changes prior to initial implementation; and (c) To the extent possible, evaluate the effectiveness of the new process.

Pilot program criteria were established to evaluate the results of implementing the ROP at the pilot plants.

k. Obtaining stakeholder feedback:

1. In addition to evaluating the new process against these pilot program criteria, the staff employed a number of methods to obtain internal and external stakeholder feedback and comments during the pilot program. Internal feedback and comments from NRC staff were obtained using various methods.

(a) Weekly teleconferences were held with regional management and biweekly teleconferences with the pilot program resident inspectors to solicit feedback (b) Monthly counterpart meetings were held with the regional Division Directors (c) Executive Forum meetings were periodically conducted with the four Deputy RAs to solicit feedback and comments on the ROP (d) Inspection procedure and oversight process feedback forms were developed and used during the pilot program for regional staff to document questions and concerns on the various components of the ROP (e) Comments from these feedback forms were utilized by the staff in making needed modifications to procedures as the pilot program progressed (f) Finally, an internal stakeholder survey of the RAs and staff who participated in the pilot program was conducted at the end of the pilot to gather additional insights to be considered while evaluating the pilot program lessons learned Issue Date: 10/04/22 8 0308

2. Public comment was solicited on the ROP and the results of the pilot program using a Federal Register notice (FRN) (Ref. 14). The FRN established a public comment period that ended on December 31, 1999, and included a questionnaire to focus public comment on specific topics. This questionnaire requested comment and feedback on the ROPs ability to meet the four agency performance goals, and also requested feedback and comments on topics such as the role of positive inspection findings in the ROP and the need to develop overall assessment ratings for nuclear power plants.

To keep local public stakeholders informed of the new oversight process, public meetings were held in the vicinity of each pilot plant. Public meetings were first held at the beginning of the pilot program, and then a series of Public Roundtable meetings were conducted at the end of the pilot program. These meetings were designed to both explain the new program and solicit feedback from the public on their views of the ROP.

3. Finally, a pilot program evaluation panel (PPEP) was established by the agency to serve as an independent advisory committee to the agency. This panel was a cross-disciplinary group of managers and industry experts representing many different nuclear power interests, including the Union of Concerned Scientists, NEI, pilot plant licensee management, and the Illinois Department of Nuclear Safety, in addition to NRC headquarters and regional management. The purpose of the PPEP was to independently evaluate the results of the pilot program and draw conclusions regarding required process changes and the readiness for initial implementation.

4. Culminating the feedback activities, the staff conducted a public lessons learned workshop from January 10-13, 2000. The purpose of the workshop was to bring internal and external stakeholders together to identify lessons learned and approaches to resolving key issues of concern. The workshop was successful in enabling the staff to achieve a good level of consensus on those issues requiring action prior to initial implementation, longer-term resolution, and continued monitoring during initial implementation.

l. Results from the Pilot Program and initial implementation of the ROP, 2000s:

1. February 24, 2000: The staff issued Commission Paper SECY-00-0049 that provided the results and lessons learned from the 6-month pilot program, results from internal and external stakeholder comments on the ROP, and the PPEP independent evaluation on the readiness of the new process for initial implementation. This paper also requested Commission approval to implement the ROP at all nuclear power plants (Ref. 15).

2. March 28, 2000: The Commission approved initial implementation of the new ROP (Ref. 16). Initial implementation of the new ROP for all commercial nuclear power plants commenced on April 2, 2000. A second SRM from SECY-00-0049, dated May 17th, 2000 (Ref. 22) included the following direction:

(a) The staff should minimize deviations from the Action Matrix, clearly document the basis for the deviations, and clearly explain the basis for deviations to all stakeholders.

Issue Date: 10/04/22 9 0308

(b) NRR and regional management should take steps to assure that inspector observations are placed in an appropriate context and do not undermine the overall effort to put inspection and enforcement efforts on a more objective and consistent foundation.

(c) The staff should show that cross-cutting issues they identify have a clear and strong link to significant inspection findings or degraded PIs before the staff attempts to take action on programmatic concerns.

m. Although implemented at all nuclear power plants, the staff considered the first year of ROP implementation to be a time to collect additional insights and identify areas for program improvement. Similar to the 6-month pilot program, the staff collected internal and external stakeholder feedback and comments and evaluated the new oversight process for lessons learned.

As part of this effort, the staff developed a self-assessment program, described in IMC 0307, "Reactor Oversight Process Self-Assessment Program," which evaluates the overall effectiveness of the ROP through its success in meeting its pre-established goals and intended outcomes, examining the efficacy of recent changes to the program, and by verifying agency adherence to program governance (see section 05.08). Internal feedback and comments were obtained from headquarters and regional staff while feedback and comments from external stakeholders, such as public interest groups, industry representatives, and state and local government agencies was also solicited.

The results and lessons learned from the first year of ROP implementation were documented by the staff in SECY-01-0114 (Ref. 17). As noted in this Commission paper, the staff will continue to periodically monitor and assess the effectiveness of the ROP to identify areas for improvement.

05.03 The ROP Regulatory Framework

a. The foundation for the ROP is based on the regulatory framework (Exhibit 2). The staff used a top-down, hierarchical approach to develop the concept for a new regulatory oversight framework. The regulatory framework for reactor oversight consists of three key strategic performance areas: reactor safety, radiation safety, and safeguards. Within each strategic performance area are cornerstones that reflect the essential safety aspects of facility operation. These seven cornerstones include: initiating events, mitigating systems, barrier integrity, emergency preparedness, public radiation safety, occupational radiation safety, and physical protection (now known as security).

Satisfactory licensee performance in the cornerstones provides reasonable assurance of safe facility operation and that the NRCs safety mission is being accomplished. Each cornerstone contains inspection procedures and PIs to ensure that their objectives are being met. The SDP, Enforcement, and Assessment programs are used to verify, assess, and enforce NRC regulations to ensure adequate protection of public health and safety.

b. Mission:

The overall mission of the NRC is to license and regulate the Nation's civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.

Issue Date: 10/04/22 10 0308

This mission ensures that commercial nuclear power plants are operated in a manner that provides adequate protection of public health and safety.

c. Major ROP Programs and Principles:

1. There will be a risk-informed baseline inspection program that establishes the minimum regulatory interaction for all licensees.

2. Thresholds can be set for licensee safety performance. If these thresholds are exceeded increased NRC interaction (including enforcement) would be warranted.

3. Adequate assurance of licensee performance at the cornerstone level requires assessment of both PIs and inspection findings.

4. Both the PIs and results of inspections used to assess a cornerstone will have risk-informed thresholds.

5. Crossing a PI threshold and an inspection threshold will have the same meaning with respect to safety significance and directly define the level of NRC involvement and action.

6. The baseline inspection program will cover those risk-significant attributes of licensee performance not adequately covered by PIs.

7. The baseline inspection program will verify the accuracy of the PIs and the ROP will provide for event response.

8. Enforcement actions taken (e.g., the number of cited violations, the amount of a civil penalty) should not be an input into the assessment process. However, issues that lead to the enforcement action will continue to be considered in the assessment.

9. Assessment process results might be used to modulate enforcement actions (although assessment results would not affect the determination of violation severity level).

10. Guidelines will establish criteria for identifying and responding to unacceptable licensee performance.

It is important to note that the intent of these defining principles was to result in an oversight process that provides adequate margin in the assessment of licensee performance so that appropriate licensee and NRC actions are taken before unacceptable performance occurs.

d. Strategic Performance Areas:

1. Keeping the mission of the NRC in mind, the staff then identified those aspects of licensee performance that are important to the mission and therefore merit regulatory oversight. At the time of creation of the ROP framework, the NRC Strategic Plan identified the following performance goals to be met for ensuring nuclear reactor safety and security:

(a) Maintain a low frequency of events that could lead to a nuclear reactor accident; Issue Date: 10/04/22 11 0308

(b) Zero significant radiation exposures resulting from civilian nuclear reactors; (c) No increase in the number of offsite releases of radioactive material from civilian nuclear reactors that exceed 10 CFR Part 20 limits; and (d) No substantiated breakdown of physical protection (now known as security) program that significantly weakens protection against radiological sabotage, or theft or diversion of special nuclear materials.

2. These performance goals reflect those areas of licensee performance for which the NRC has regulatory responsibility in support of the overall agency mission. These performance goals were represented in the framework structure as the strategic performance areas and formed the second level of the regulatory oversight framework:

(a) Reactor Safety (b) Radiation Safety (c) Safeguards

e. Cornerstones:

With a risk-informed perspective, the staff then identified the most important elements in each of these strategic performance areas that form the foundation for meeting the overall agency mission. These elements were identified as the cornerstones of safety in the third level of the regulatory oversight framework. These cornerstones serve as the fundamental building blocks for the ROP, and acceptable licensee performance in these cornerstones provides reasonable assurance that the overall mission of adequate protection of public health and safety is met. The cornerstones are:

1. Initiating Events

2. Mitigating Systems

3. Barrier Integrity

4. Emergency Preparedness

5. Public Radiation Safety

6. Occupational Radiation Safety

7. Physical Protection (now known as Security) 05.04 Cornerstones of Safety

a. The Cornerstones of Safety were chosen to:

1. Limit the frequency of initiating events (Initiating Events);

2. Ensure the availability, reliability, and capability of mitigating systems (Mitigating Systems);

Issue Date: 10/04/22 12 0308

3. Ensure the integrity of the fuel cladding, reactor coolant system, and containment boundaries (Barrier Integrity);

4. Ensure the adequacy of the emergency preparedness functions (Emergency Preparedness);

5. Protect the public from exposure to radioactive material releases (Public Radiation Safety);

6. Protect nuclear plant workers from exposure to radiation (Occupational Radiation Safety); and

7. Provide assurance that the physical protection program can protect against the design-basis threat of radiological sabotage (Safeguards). The physical protection cornerstone later became the security cornerstone.

b. The staff used a risk-informed approach when developing each cornerstone in an effort to:

1. Identify the objective and scope of the cornerstone;

2. Identify the desired results and important attributes of the cornerstone;

3. Identify what should be measured to ensure that the cornerstone objectives are met;

4. Determine which of the areas to be measured can be monitored adequately by PIs;

5. Determine whether inspection or other information sources are needed to supplement the PIs; and

6. Determine the thresholds of performance for each cornerstone, below which additional NRC actions would be taken.

c. Where possible, the staff sought to identify objective PIs as a means of measuring the performance of key attributes in each of the cornerstone areas. Where such a PI could not be identified, or where a PI was identified but was not sufficiently comprehensive, the staff identified a baseline inspection activity. The staff also identified the inspections necessary to verify the accuracy and completeness of the reported PI data. The results of applying the top-down, hierarchical approach to identify the PIs and baseline inspection necessary to meet the objectives of each cornerstone of safety are shown in Exhibits 3 through 10. Additional detail and discussion on the PIs and baseline inspection program for each cornerstone are found in IMC 0308, Attachment 1 and 2.

d. Reactor Safety Strategic Performance Area:

1. Initiating Events - The objective of this cornerstone is to limit the frequency of those events and operations that upset plant stability and challenge critical safety functions, during shutdown as well as power operations. Licensees can reduce the likelihood of a reactor accident by maintaining a low frequency of these initiating events. Such events include reactor trips due to turbine trips, loss of feedwater, loss of off-site power, and other reactor transients.

Issue Date: 10/04/22 13 0308

2. Mitigating Systems - The objective of this cornerstone is to ensure the availability, reliability, and capability of systems that mitigate plant transients and reactor accidents. Licensees reduce the possibility and consequences of reactor accidents by enhancing the availability and reliability of mitigating systems. Mitigating systems include those systems associated with safety injection, residual heat removal, and their support systems, such as emergency AC power. This cornerstone includes mitigating systems that respond to both operating and shutdown events.

3. Barrier Integrity - The objective of this cornerstone is to ensure that physical barriers protect the public from radionuclide releases caused by accidents. Licensees can reduce the effects of reactor accidents or events if they do occur by maintaining the integrity of the barriers. The barriers are the fuel cladding, reactor coolant system boundary, and the containment.

4. Emergency Preparedness - The objective of this cornerstone is to ensure that actions required by the emergency plan provide protection of the public health and safety during a radiological emergency. Licensees ensure that the emergency plan is implemented correctly by conducting drills and training. This provides reasonable assurance that the licensee can effectively protect the public health and safety in the event of a radiological emergency. This cornerstone does not include the off-site actions, which are covered by the Federal Emergency Management Agency.

For the reactor safety area to fail to meet the goal of adequate protection of public health and safety, an initiating event would have to occur, followed by failures in one or more mitigating systems, and ultimately failure of multiple barriers. If not properly mitigated and multiple barriers are breached, a reactor accident could result which would compromise the public health and safety. At that stage, the emergency plan is implemented as the last defense-in-depth measure for public protection.

e. Radiation Safety Strategic Performance Area:

1. Public Radiation Safety - The objective of this cornerstone is to ensure adequate protection of public health and safety from exposure to radioactive material released into the public domain as a result of routine civilian nuclear reactor operations. These releases include routine gaseous and liquid radioactive effluent discharges, the inadvertent release of solid contaminated materials, and the offsite transport of radioactive materials and wastes. Licensees maintain public protection by meeting the applicable regulatory limits and "as low as is reasonably achievable" (ALARA) guidelines.

2. Occupational Radiation Safety - The objective of this cornerstone is to ensure adequate protection of worker health and safety from exposure to radiation from radioactive material during routine civilian nuclear reactor operation. This exposure could come from poorly controlled or uncontrolled radiation areas or radioactive material that unnecessarily exposes workers. Licensees maintain occupational worker protection by meeting applicable regulatory limits and ALARA guidelines.

f. Safeguards Strategic Performance Area:

1. Physical Protection - The objective of the Physical Protection cornerstone (later to become the Security cornerstone) is to provide assurance that the licensee's security Issue Date: 10/04/22 14 0308

system and material control and accounting program use a defense-in-depth approach and can protect against:

(a) The design basis threat of radiological sabotage from external and internal threats (b) The theft or loss of radiological materials PIs in the Physical Protection cornerstone were selected for availability of security systems and failures of the personnel screening and fitness-for-duty process.

Inspections in the Physical Protection cornerstone were recommended for testing of barrier intrusion, detection, and alarm systems; search, identification, and control processes; response to security-related incidents; and reporting of significant events.

2. Background and development of the Physical Protection Cornerstone:

As a consequence of the terrorist attacks of September 11, 2001, the ROP underwent a number of changes to ensure that individuals could not obtain and use sensitive, security-related information about a nuclear facilitys design, operation, and protective capabilities for malevolent purposes.

(a) March 29, 2004: The Commission issued SRM for SECY-04-0020 directing the staff to develop a separate process to address how security-related inspection findings and performance indicators would be considered when determining appropriate agency response. In developing a separate but parallel ROP process for physical protection, the staff should engage the industry through the existing Security Working Group arrangement, seeking clarification from the Security Steering Committee on emerging issues and consult with the Commission, as appropriate, when warranted (Ref. 23).

(b) May 12, 2005: In SECY-05-0082, Revised Assessment Process for the Security Cornerstone of the Reactor Oversight Process, the staff described the new security oversight process that it had developed as separate from the ROP but still within the ROP framework. On August 22, 2005, the staff issued IMC 0320, Operating Reactor Security Assessment Program, thereby implementing the new program.

(c) January 9, 2007: In SECY-07-0008, Evaluation of Revised Security Oversight Process for Nuclear Power Reactors, the staff informed the Commission that it planned to make one change to the publicly available cover letters for security inspection reports to align them with the then recent changes in the ROP on the identification of substantive cross-cutting issues (SCCIs). The staff subsequently made the necessary program modifications to allow the cover letters for security inspection reports to mention whether any security findings had cross-cutting aspects associated with them. This change enabled the staff to identify SCCIs across all cornerstones of safety based on publicly available information.

In its efforts to protect security-related information by withholding it from public disclosure, the staff developed a security assessment process separate from the safety cornerstones within the ROP framework. However, the staff recognized that the application of separate assessment processes had the potential to Issue Date: 10/04/22 15 0308

programmatically constrain its regulatory response and not holistically evaluate licensee performance. By 2011, sentiment had changed regarding the appropriateness of separate processes.

(d) June 5, 2011: In SECY-11-0073, the staff proposed that security assessment inputs (security inspection findings and PIs) be reintegrated into one ROP Action Matrix that would include inputs from all seven ROP cornerstones, consistent with the original design of the ROP framework (Ref 30).

(e) July 20, 2011: In SRM for SECY-11-0073 the Commission approved the staffs proposal to reintegrate the security cornerstone into the ROP Action Matrix for commercial nuclear power licensees. With the inclusion of the security cornerstone, the ROP Action Matrix more accurately reflects a holistic representation of licensee performance. The security cornerstone was reintegrated into the ROP Action Matrix on July 1, 2012 (Ref. 31).

05.05 Cross-Cutting Areas, Substantive Cross-Cutting Issues (now Cross-Cutting Issues), and Safety Culture Oversight

a. In addition to identifying the seven cornerstones of safety, the staff also identified certain elements of licensee performance that were seen as potentially impacting more than one cornerstone and were therefore "cross-cutting". Elements of licensee performance such as human performance, the establishment of a safety-conscious work environment (SCWE), and the effectiveness of licensee problem identification and resolution programs, although not identified as specific cornerstones, are still important to meeting the agencys safety mission. The staff concluded that these items generally manifest themselves as the root causes of performance problems. Adequate licensee performance in these cross-cutting areas will be assessed either explicitly in each cornerstone area or will be inferred through cornerstone performance results from both PIs and inspection results.

These cross-cutting issues are discussed below to characterize their significance and the means by which they were addressed during the cornerstone development process and subsequently in the June 2006 revision to the ROP to more fully address safety culture.

As part of the development activities for the June 2006 ROP revision, the staff adopted the International Atomic Energy Agencys International Nuclear Safety Advisory Groups definition of safety culture which is that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear plant safety issues receive the attention warranted by their significance. Further, Regulatory Issue Summary 2006-13, Information on the Changes Made to the Reactor Oversight Process to More Fully Address Safety Culture, describes the changes made to selected ROP inspection procedures, manual chapters, and the assessment process to address safety culture. In June of 2011, the NRC published the Safety Culture Policy Statement which re-defined nuclear safety culture as the core values and behaviors resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment.

In 2013, the NRC published NUREG-2165, Safety Culture Common Language, which describes the essential traits and attributes of a healthy nuclear safety culture and is based on the common language that was agreed to during a series of public workshops Issue Date: 10/04/22 16 0308

in 2012, and 2013, and was documented in the enclosure to the meeting summary (ADAMS Accession No. ML13031A343). The public workshop included a panel of representatives from the Institute for Nuclear Power Operations (INPO), NEI, all four NRC regional offices, several offices within NRC headquarters, and members of the public. The workshops used the Policy Statement definition and traits as a starting point and developed common attributes and definitions of the Policy Statement traits. Selected attributes were incorporated into IMC 0310, Aspects Within Cross Cutting Areas, to establish common terms for both the NRC and the nuclear industry. The Safety Culture Policy Statement (76 FR 34773; June 14, 2011) sets forth the Commission's expectations for individuals and organizations to establish and maintain a positive safety culture commensurate with the safety and security significance of their activities and the nature and complexity of their organizations and functions.

b. The cross-cutting aspects are fully described in IMC 0310.Cross-Cutting Areas:

1. Human Performance:

By the nature of the design of nuclear power plants and the role of plant personnel in maintenance, testing, and operation, human performance plays an important role in normal, off-normal, and emergency operations. Following the accident at Three Mile Island (TMI), the NRC implemented a number of programs that significantly improved the reliability of personnel performance and the safety of nuclear power plants by reducing the likelihood of core damage and containment failure. Major initiatives included:

(a) Detailed control room design reviews resulted in substantial improvements to the human engineering design of control rooms, as well as to control stations and panels outside the main control room.

(b) Emergency operating procedures were modified to include symptom-oriented mitigation strategies and were refined to be more usable, reducing errors in their implementation.

(c) Training programs for licensed operators, and later for other important plant personnel, were modified such that job-task analyses were performed which formed the basis for the development of learning objectives, training materials and approaches, objective-specific testing, and appropriate program improvements based on feedback from personnel performance in the field.

(d) Other policies and programs implemented by the NRC improved: staffing; overtime controls; fitness-for-duty of plant personnel; security and safeguards operations; emergency planning and response; and health physics controls (both occupational and public).

(e) Broad-reaching verification and validation efforts were conducted to ensure the proper implementation of the programs.

Together, these programs have significantly improved human performance.

Risk-informed, performance-based regulation will, at least in part, involve a shift in the NRC role from improving human reliability to one of monitoring human reliability.

Past efforts were appropriately pro-active (rather than performance based) because Issue Date: 10/04/22 17 0308

the accident at TMI had clearly illustrated the serious deficiencies in programs to support effective and safe human performance.

The success of the human performance improvement programs allows the NRC to now take a more performance-based approach to regulatory oversight of human performance. Thus, if plant performance is acceptable (as monitored through risk-informed inspections and PIs), then the performance of plant personnel is assumed to be acceptable as well. That is, if risk-informed inspection and plant PIs for each cornerstone together indicate that plant performance is meeting the cornerstone objectives, then those findings also provide an indication of the acceptability of the associated human activities.

This relationship between plant and human performance is assumed to be especially strong with regard to the broad range of normal operations, including maintenance and testing activities during power and shutdown operations. Routine baseline inspections of licensee problem identification and resolution programs are conducted to ensure that human performance (and those factors such as training, procedures, and the like that influence human performance) is specifically and appropriately investigated through licensees root cause analyses and corrective action programs, including the investigation of potential common cause failures caused by human actions.

2. Safety-Conscious Work Environment:

A SCWE is defined as an environment in which employees feel free to raise safety concerns, both to their management and to the NRC, without fear of retaliation, harassment, intimidation, retaliation, discrimination, and where such concerns are promptly reviewed, given the proper priority based on their potential safety significance, and appropriately resolved with timely feedback to employees (by licensee management). SCWE is an important attribute of safety culture. In general, management commitment to safety will promote a SCWE. Possible indications of an "unhealthy" safety culture include a high number of allegations, a reluctance of licensee employees to use internal processes to raise safety concerns, and a high corrective maintenance backlog.

SCWE is a cross-cutting area since an unhealthy SCWE can affect performance in any of the cornerstone areas. For example, weaknesses in an environment for raising concerns or for not preventing, detecting, and mitigating perceptions of retaliation and reluctance of licensee staff to raise nuclear safety concerns can result in deficiencies going unresolved, which could complicate plant response to a subsequent event (mitigating systems or barriers cornerstone).

The importance of a SCWE is similar to, if not integral with, the role of licensee problem identification and corrective action processes. As with the problem identification and corrective action cross-cutting issue, an assumption was made regarding the role of a SCWE in NRC assessments of licensee performance.

Specifically, if a licensee had a poor SCWE, problems and events would continue to occur at that facility to the point where either they would result in exceeding thresholds for various PIs, or they would be surfaced during NRC baseline inspection activities, or both. Additionally, because inspection of licensee problem identification and corrective action programs will be included in the baseline inspection program (through IP 71152, "Identification and Resolution of Problems"), some indirect Issue Date: 10/04/22 18 0308

assurance will be gained as to the health of a licensees safety culture. In short, no separate and distinct assessment of licensee safety culture is needed because it is subsumed by either the PIs or baseline inspection activities.

3. Problem Identification and Resolution:

Defining and implementing an effective Problem Identification and Resolution program (PI&R) is a key element underlying licensee performance in each cornerstone area. A fundamental goal of the NRC's reactor inspection and assessment process is to establish confidence that each licensee is detecting and correcting problems in a manner that limits the risk to members of the public.

The NRC expects licensees to be technically and organizationally self-sufficient regarding PI&R. Ineffective PI&R programs, including poor conduct of root cause analysis of self-identified or self-revealing issues, has been a common theme among problem plants in the past. The scope of PI&R programs includes processes for self-assessment, root cause analysis, safety committees, operating experience feedback, and corrective action.

With regard to licensee PI&R effectiveness, there are several areas that are not specifically evaluated by either the individual cornerstone PIs or the individual risk-informed inspections. As such, additional focused inspection is needed to evaluate licensee performance as it relates to this cross-cutting issue. Specifically, baseline inspection of a licensees PI&R is necessary for the NRC to:

(a) Conduct reviews of precursors to events which occur relatively infrequently but could have significant consequences; (b) Independently identify potentially "generic" concerns that a licensee may have missed, including specific problems involving safety equipment, procedure development, design control, etc.; and (c) Have assurance that licensees adequately address potential "common cause" equipment failure concerns, identified either by internal events and issues or by receipt of operating experience feedback from other licensees, vendors, etc.

Also, these inspections provide the NRC with early warning of potential performance issues that could result in crossing thresholds in the Action Matrix and help the NRC gauge supplemental response should future Action Matrix thresholds be crossed.

The inspections provide insights into whether licensees have established a SCWE and allow for follow-up of previously identified compliance issues (e.g., non-cited violations). The inspections also provide additional information that can be used in the assessment process, beyond that which is provided by the SDP.

c. Substantive Cross-Cutting Issues (now Cross-Cutting Issues)

1. August 30, 2004: The SRM for SECY-04-0111 directed the staff to enhance the ROP treatment of cross-cutting issues to more fully address safety culture (Ref. 24).

2. May 25, 2005: The SRM from the Commission meeting Briefing on Results of the Agency Action Review Meeting - M050525B - directed the staff to take further effort to clarify the guidance on substantive cross-cutting issues (Ref. 25).

Issue Date: 10/04/22 19 0308

3. RIS 2006-13: Provided additional information regarding changes made to the ROP to more fully address safety culture.

4. 2014 ROP Enhancement Project: In 2014, the staff completed an effectiveness review and data analysis of the SCCI process. The staff concluded that SCCIs were not a precursor to declining licensee performance, and the resource cost for implementing the SCCI process was not commensurate with the safety benefit. As a result, the staff revised the criteria for a cross-cutting theme, created a backstop for a cross-cutting theme at the cross-cutting area level, removed the term substantive from SCCIs, and eliminated the subjective questions for opening a Cross-Cutting Issue (CCI) (Ref 42).

SCCIs were enhanced in the ROP as a result of Commission direction approving the staff recommendations from the Davis-Besse Lessons Learned report. The NRC developed criteria for notifying the licensee when a substantive cross-cutting issue existed at a particular site. The purpose of identifying an SCCI was to inform the licensee on the docket that the NRC had a significant level of concern with the licensees performance in the cross-cutting area. The June 2006 revision to IMC 0305, Operating Reactor Assessment Program modified the decision making process for determining a SCCI, as well as the possible NRC actions if a SCCI is not addressed in a timely manner. In 2014, the ROP Enhancement Project revised the SCCI process, notably the removal of the term substantive from SCCI. A more detailed description of the changes made during the ROP Enhancement Project in 2014 is given in Attachment 4. The specific guidance on implementing the assessment of cross-cutting issues is described in IMC 0305.

d. Safety Culture Oversight

1. August 30, 2004: The SRM for SECY-04-0111 directed the staff to enhance the ROP treatment of cross-cutting issues to more fully address safety culture. The staff should include as part of the inspection activities for plants in the degraded cornerstone column of the ROP action matrix, a determination of the need for a specific evaluation of the licensee's safety culture and develop a process for making the determination and conducting the evaluation (Ref. 24).

2. Action Matrix. The staff should document significant changes to the ROP addressing safety culture in the ROP guidance documents and/or basis documentation. The staff should ensure the resulting modifications to the ROP are consistent with the regulatory principles that guided the development of the ROP (Ref. 26).

In addition to the safety culture aspects that fall into the three cross-cutting areas, which are assessed during the baseline inspection program and assessment process, the staff identified twelve additional safety culture attributes that may be considered when performing or reviewing safety culture assessments during the conduct of the supplemental inspections. These safety culture common language attributes are described in IMC 0310.

All safety culture common language attributes, including those described as the supplemental cross-cutting aspects, should be considered by the licensee when performing root cause, extent of condition, and safety culture evaluations. These activities are reviewed by inspectors during the biennial problem identification and resolution inspection (IP 71152), reactive inspections (IPs 93800, "Augmented Issue Date: 10/04/22 20 0308

Inspection Team," and 93812,"Special Inspection") and supplemental inspections (IPs 95001, "Supplemental Inspection for One or Two White Inputs in a Strategic Performance Area," 95002, "Supplemental Inspection for One Degraded Cornerstone or Any Three White Inputs in a Strategic Performance Area," and 95003, "Supplemental Inspection for Repetitive Degraded Cornerstones, Multiple Degraded Cornerstones, Multiple Yellow Inputs or One Red Input").

While inspectors may verify that the licensee has appropriately considered safety culture attributes in its evaluations during baseline and reactive inspections, the supplemental cross-cutting aspects are not assigned during these inspections. However, the scope of supplemental inspections usually includes a partial- or full-scope evaluation of the licensees safety culture. During IP 95001 inspections, the staff specifically verifies that the licensee has considered potential weaknesses in safety culture. During IP 95002 inspections, the staff independently determines whether safety culture weaknesses contributed to risk-significant performance issues. During IP 95003 inspections, the staff independently evaluates the licensees third-party safety culture assessment and conducts a graded assessment of the licensees safety culture based on the results of that evaluation. Because these supplemental inspections consider all attributes of the licensees safety culture, the supplemental cross-cutting aspects are considered for assignment in addition to those that fall into the three cross-cutting areas described above.

05.06 Risk-Informed Scale.

a. In developing the ROP performance assessment process, one of the tasks was to establish risk-informed thresholds for PIs and corresponding thresholds for inspection findings, so that indications of performance degradation obtained from inspection findings and from changes in PI values could be put on an equal footing. The concept for setting these performance thresholds included consideration of risk and regulatory response to different levels of licensee performance. The approach was intended to be consistent with other NRC risk-informed regulatory applications and policies as well as consistent with regulatory requirements and limits. The primary attributes of the original concept were:

1. The scheme should include multiple levels with clearly defined thresholds to allow unambiguous observation and assessment of declining (or improving) performance;

2. The thresholds should be risk-informed to the extent practical, but should accommodate defense-in-depth and indications based on existing regulatory requirements and safety analyses;

3. The risk implications and regulatory actions associated with each performance band and associated threshold should be consistent with other NRC risk applications, and based on existing criteria where possible (e.g., Regulatory Guide [RG] 1.174 [Ref.

19]);

4. The scheme should provide for consistency of risk-informed indications of performance which are based on existing regulatory requirements and safety analyses to the extent practical;

5. The scheme should be capable of accounting for performance indicated by risk-informed inspection findings; Issue Date: 10/04/22 21 0308

6. Thresholds that cannot be risk-informed should be set at levels that will result in the level of regulatory response necessary to address the finding;

7. Thresholds should provide sufficient differential to allow meaningful differentiation in performance and limit false positives (e.g., allow an order of magnitude in the risk differential between thresholds);

8. Sufficient margin should exist between nominal performance bands to allow for licensee initiatives to correct performance problems before reaching escalated regulatory involvement thresholds; and sufficient margin should exist between thresholds that signify initial declining performance to allow for both NRC and licensee diagnostic and corrective actions to be effective before licensee performance becomes unacceptable;

9. Each individual PI should have its own performance thresholds; and

10. Where appropriate, plant-specific design differences should be accommodated.

The basis for establishing these performance thresholds was RG 1.174, which brings in the Regulatory Analysis Guidelines (Ref. 20), and the Safety Goal Policy Statement (Ref. 21). The metrics that have been adopted in RG 1.174 for the characterization of risk are core damage frequency (CDF) and large early release frequency (LERF). These are surrogates for health effects, which are the principal metrics in the Safety Goal Policy Statement, and, in addition, they are consistent with the metrics used in the Regulatory Analysis Guidelines. In RG 1.174, acceptance guidelines were established for assessing changes to the licensing basis of a plant. Acceptance is predicated on increases in CDF and LERF implied by the change to the licensing basis being small.

The philosophy behind the establishment of the thresholds for PIs and inspection findings was essentially to assume that an increase in PI values or conditions indicated by the finding, would, if their root causes were uncorrected, be equivalent to accepting a de facto increase in the CDF and LERF metrics. This is clearer for the PIs than it is for the inspection findings, which may relate to a time-limited undesired condition. For such cases, the model used is that the event is indicative of an underlying performance issue that, if uncorrected, would be expected to result in similar occurrences with the same frequency.

Therefore, the challenge was how to calculate the impact of changes in PI values and inspection findings on these metrics. Since PIs correspond (at least in some approximate sense) to parameters of Probabilistic Risk Assessment (PRA) models, it was relatively straightforward to make the connection between changes in PI values to changes in risk. The thresholds were established by taking a set of PRA models, and varying the parameter that corresponded to the PI until the change in CDF became 10-5 or 10-4 per year, and these values were chosen as the thresholds for the White/Yellow and Yellow/Red thresholds. Therefore, the risk significance of an inspection finding should be measured in the same way. When the impact of the finding can be characterized in terms of the unavailability of a structure, system, or component for some specified duration, then the SDP gives an estimate of the change in CDF.

b. As shown in Exhibit 12, a conceptual model was developed to incorporate the attributes listed above. This model was used as the basis for developing the thresholds and Issue Date: 10/04/22 22 0308

performance bands for PIs and inspection findings, and a discussion of their general performance characteristics follows:

1. The licensee response band is characterized by acceptable performance in which cornerstone objectives are fully met; nominal risk with nominal deviation from expected performance. This performance band is designated as the Green band.

Performance problems would not be of sufficient significance that escalated NRC engagement would occur. Licensees would have maximum flexibility to "manage" corrective action initiatives.

2. The increased regulatory response band would be entered when licensee performance is outside the normal performance range, but would still represent an acceptable level of performance. This performance band is designated as the White band. Cornerstone objectives met with minimal reduction in safety margin; outside bounds of nominal performance; within Technical Specification limits. Degradation in performance in this band is typified by changes in risk of up to 10-5 CDF or 10-6 LERF associated with either PIs or inspection findings. The CDF and LERF threshold characteristics were selected to be consistent with RG 1.174 applications.

3. The required regulatory response band involves a decline in licensee performance that is still acceptable with cornerstone objectives met, but with significant reduction in safety margin; Technical Specification limits reached or exceeded. This performance band is designated as the Yellow band. Degradation in performance in this band is typified by changes in risk of up to 10-4 CDF or 10-5 LERF associated with either PIs or inspection findings. These threshold characteristics and required regulatory response are also selected to be consistent with risk-informed regulatory applications and mandatory actions for regulatory compliance.

4. The extensive regulatory response band is typified by changes in performance that are indicative of changes in risk greater than 10-4 CDF or 10-5 LERF associated with either PIs or inspection findings. This band is designated as the Red band. Plant performance represents an unacceptable loss of safety margin. It should be noted that should licensees performance result in a PI reaching the Red Band, margin would still exist before an undue risk to public health and safety would be presented.

This conceptual model was also applied to the determination of overall plant performance through the assessment process Action Matrix. As described in IMC 0308, Attachment 4, the thresholds for each column of the Action Matrix were established using the conceptual model in Exhibit 12 to indicate declining licensee performance of a more pervasive and systemic nature as you proceed from the left-most column across the Action Matrix. However, there were fundamental differences between applying the concept of performance bands to individual assessment inputs (PIs and inspection findings) and to overall plant performance (Action Matrix).

First and foremost is that while an individual performance issue in the Yellow band may indicate a significant safety concern regarding a specific aspect or area of licensee performance, this single issue represents only a minimal reduction in overall plant safety.

This is the result of the defense-in-depth concept used in the design of plants, and causes the columns of the Action Matrix to not align directly with the performance bands of Exhibit 12.

Issue Date: 10/04/22 23 0308

The second major difference is that the Action Matrix is composed of five performance columns, while the conceptual model only has four performance bands. This was necessary to reflect the fact that a Red input may in some cases, but not always, reflect an overall level of licensee performance that is unacceptable. Just as was the case for the Yellow band discussed above, while an individual Red input may indicate a performance issue that is significantly degraded, overall plant performance may not be unacceptable due to the defense-in-depth design of the plants. Therefore to reflect this situation, two columns were created to describe the NRCs response to both an acceptable and unacceptable overall level of performance due to a Red assessment input.

The ROP retained provisions for contesting a violation, and the staff established a process for appealing to reduce the significance of an inspection finding. As part of a later revision to the ROP, licensees can formally disagree with the cross-cutting aspect assigned to an inspection finding. Historically, as the number of findings with the same cross-cutting aspect at a site increased, some licensees would challenge the cross-cutting aspect assignment much later in the assessment period to avoid developing a cross-cutting theme. Therefore, the NRC incorporated a time limit of 30 days for the licensee to provide additional information to support its position. These structured provisions for contesting a violation, appealing the significance of a finding, or disagreeing with a cross-cutting aspect ensure the timely resolution of disagreement on a regulatory decision so regulatory action can be timely.

05.07 Very Low Safety Significance Issue Resolution A working group was established in 2018 in response to stakeholder feedback about the need for a process to resolve very low safety significant issues associated with ambiguity in the licensing basis. The working group found that both the NRC staff and licensees believed that current NRR practices at the time with respect to very low safety significance issues, particularly arising out of circumstances where the plants licensing basis is unclear, may lead to unnecessary regulatory burden. One such scenario occurs when NRC inspections identify issues and conditions that may be potential violations of governing requirements. However, it may be difficult to determine whether an issue is in the plant licensing basis because of lack of clarity, ambiguity, lack of detail, issue complexity, or subjectivity in interpretation. These issues can give rise to a difference in view between the licensee and the NRC as to whether the licensee is in compliance with its licensing basis. While situations like these are unusual, resolving them through the NRCs current processes can be resource-intensive, inefficient, and untimely. Past assessments also revealed that, for some licensing basis issues, the time and resources expended by both NRC and licensees have not been balanced relative to the underlying issues importance to public health and safety.

The approach recommended by the working group and approved by the Director of the Office of Nuclear Reactor Regulation and was implemented in the August 2019 revision to IMC 0611 (ML18043A807) and the December 2019 revision to IMC 0612, Appendix B, (ML19247C384). The VLSSIR process was developed to more efficiently apply agency resources by focusing them on issues of greater safety significance and reducing unnecessary regulatory burden for issues of very low safety significance. Both internal and external stakeholders had recognized that there was a subset of issues for which the current licensing basis was not clear. Agency dispositioning of these issues had been taking significant time and resources and in many cases the safety Issue Date: 10/04/22 24 0308

significance of the issues was not greater than very low safety significance (Green). The VLSSIR process provides an opportunity to disposition with limited resources issues of very low safety significance for which the current licensing basis is not clear and would require a significant amount of effort to clarify. In order for an issue to be dispositioned via the VLSSIR process, it must involve (1) uncertainty as to the current licensing basis applicability, (2) the issue is not greater than very low safety significance, and (3) the issue must require significant additional effort to ascertain whether it is within the current licensing basis. Additionally, the Technical Assistance Request Process (COM-106) in NRR includes VLSSIR consideration in the pre-screening of issues. It is important to note that dispositioning of issues via the VLSSIR process does not preclude the agency from re-opening the issue if the agency becomes aware of additional information that clarifies whether the issue is within the current licensing basis or raises questions as to whether the issue is truly of very low safety significance.

05.08 ROP Self-Assessment and Related Evaluations

a. The ROP was designed and implemented in 2000 to provide an objective, risk-informed, understandable, and predictable approach to the regulatory oversight of nuclear power plant performance. A contributor to its ongoing success has been the opportunity for, and inclusion of, continuous feedback and ongoing improvements via the staffs ROP self-assessment program. IMC 0307, Reactor Oversight Process Self-Assessment Program, and its appendices, provide details on the Self-Assessment Program.

The ROP self-assessment process has been a part of the staffs implementation of the ROP since its inception in April 2000. The ROP development model presented in SECY-99-007, Recommendations for Reactor Oversight Process Improvements, dated January 8, 1999, included a steady-state process evaluation, or self-assessment process, that would utilize measured objectives and predetermined success criteria to monitor the performance of the ROP. On February 24, 2000, the staff issued SECY 0049, "Results of the Revised Reactor Oversight Process Pilot Program." In the resulting SRM, issued on March 28, 2000, the Commission approved initial implementation of the ROP as recommended by the staff. In a follow-up SRM issued on May 17, 2000, the Commission directed the staff to report on the ROP results after the first year of implementation. The staff documented the results and lessons learned from the first year of ROP implementation in SECY-01-0114, "Results of the Initial Implementation of the New Reactor Oversight Process," issued June 25, 2001. SECY-01-0114 also noted the staff's intention to continue to perform an annual self-assessment of the ROP.

Accordingly, the staff has issued an ROP self-assessment Commission paper each year before the Agency Action Review Meeting (AARM) and has briefed the Commission on the ROP self-assessment results following the AARM.

The scope and focus of the annual ROP self-assessment Commission paper has evolved over the years based on feedback from the Commission and streamlining initiatives. Since 1992, a regulatory impact summary has been submitted to the Commission annually as a result of stakeholder concerns that the NRC was encumbering the industry with unnecessary regulatory burden. Since 1998, resident inspector demographic analysis has been submitted to the Commission annually based on the concern that resident inspector experience was diminishing and the regions were challenged to attract and retain highly qualified resident inspection staff. Soon after implementation of the ROP, the regulatory impact summary and resident inspector Issue Date: 10/04/22 25 0308

demographic analysis were combined with the annual ROP self-assessment as enclosures.

b. Several SRMs resulting from the briefing on the results of the AARM have resulted in changes to the ROP self-assessment and related processes, including:

1. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 31 May, 2007 - M070531 (Ref. 28), noted that in the next self-assessment report on the ROP, the staff should expand the resident inspector demographics, including Region by Region data, as well as summary data. The report should evaluate recruitment, training, and development to confirm that there are adequate human resources to meet changing needs. The staff should also consider ways to enable senior resident inspectors to be promoted and still remain within the resident inspector program.

2. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting on 4 June, 2008 - M080604 (Ref. 29), noted that in its next paper on ROP self-assessment, the staff should evaluate possible improvements to the ROP self-assessment metrics for performance indicators and the Significance Determination Process. If the staff evaluations of resident demographics and the reasons for leaving the resident program reflect a need for additional measures including, for example, adjustments in compensation, the staff should make appropriate recommendations to the Commission.

c. In COMSECY-14-0030, Proposed Suspension of the Reactor Oversight Process Self-Assessment for Calendar Year 2014, the staff requested Commission approval to suspend the ROP self-assessment for one year so the staff could use those resources instead to:

1. Develop a more effective self-assessment program with more meaningful metrics for use in 2015 and beyond; and

2. Address ROP improvement recommendations from the multiple independent and focused ROP-related assessments performed in CY 2013 and CY 2014.

In the SRM to COMSECY-14-0030, the Commission approved the staffs suspension of the annual ROP self-assessment for CY 2014 and noted that the staff should inform the Commission of the status of ROP enhancements in the CY 2015 ROP self-assessment.

d. As a result of early staff discussions on potential program improvements and efficiencies, the staff developed COMSECY-15-0014, Proposed Elimination of Annual Reporting Requirements for Specific Evaluations within the Reactor Oversight Process Self-Assessment Process (Ref. 39). In this COMSECY, the staff recommended eliminating three evaluations that had been enclosures to the annual ROP self-assessment: the regulatory impact summary; the resident inspector demographic analysis; and the ROP resource expenditure analysis. The staff noted that these detailed evaluations had been shown to offer only limited insights, were redundant to other processes, and did not appear to add the level of value as they did when they were initiated by Commission direction. The staff further noted its intent to incorporate certain objective aspects of these three evaluations into the revised ROP self-assessment process performance metrics. While the existing resident inspector demographics report was recommended for elimination, the staff also recommended exploring ways to better Issue Date: 10/04/22 26 0308

measure inspection staffing and demographics with a revised analysis that would be performed on a less frequent (triennial) basis. In the SRM to COMSECY-15-0014, the Commission approved the staff's request to eliminate annual reporting of these three evaluations from the existing ROP self-assessment process. A revised inspector demographics analysis approach is governed by IMC 0307, Appendix D, Power Reactor Resident Inspector Retention and Recruitment Program Monitoring and Assessment.

The staff significantly revised the ROP self-assessment process in IMC 0307 and its appendices in November 2015 using a three-element approach designed to assess the effectiveness of a mature program. The staff issued SECY-15-0156, Improvements to the Reactor Oversight Process Self-Assessment Program, on December 11, 2015, to inform the Commission of the staffs revised approach to and implementation plans for the annual self-assessment of the ROP for calendar year 2015 and beyond (Ref. 40).

e. In 2019, the staff performed a holistic review of the ROP self-assessment program to determine whether there were additional opportunities (beyond the 2015 program revisions) to reduce redundancy, provide clear guidance for each element of the program, measure ROP effectiveness and implementation in a more modern, risk-informed way, and better leverage technology. The staff notified the Commission of its intent to conduct the holistic review in SECY-19-0037, Reactor Oversight Process Self-Assessment for Calendar Year 2018. In the holistic review, the staff determined that while the 2015 changes to the ROP self-assessment program were effective and resulted in tangible improvements, additional improvements could be made.

In 2020, the staff revised the self-assessment process, maintaining the 3-element approach while realigning the periodicity, scope, and type of reviews (SECY-20-0039, Revisions to the ROP Self-Assessment Program, dated April 30, 2020). The enhanced self-assessment approach ensures that the ROP is being implemented reliably (consistently and as designed) across all regional and headquarters offices. Additionally, the approach ensures that the staff appropriately invests resources to streamlined reviews and assessments that reveal high-value improvements in ROP program efficiency and effectiveness. Finally, the revised program ensures that to the maximum extent possible, self-assessment activities leverage ROP program data monitoring and analytics to evaluate ROP effectiveness.

05.09 ROP for New Reactors

a. With the development of new passive safety-system reactors under construction and approaching operations, the staff has been working to develop, revise, and implement changes to the ROP as required. One of the major areas of focus was whether existing risk thresholds used in the ROP would be same for these new reactor designs. Baseline risk estimates for most new reactor designs are expected to be lower than those for a design similar to that of the current fleet, potentially by an order of magnitude or more.

The lower risk values raised questions about how to apply acceptance guidelines for changes to the licensing basis and regulatory response in the ROP. Over several years, the staff has corresponded with the Commission, as well as the Advisory Committee on Reactor Safeguards (ACRS), to address the staffs recommendations related to risk-informed guidance for new light water reactor applications. The following is a compilation of Commission documents supporting and framing potential modifications to the ROP.

As the staff works to further this effort, this section will be updated.

Issue Date: 10/04/22 27 0308

b. September 14, 2010: SECY-10-0121, Modifying the Risk-Informed Regulatory Guidance for New Reactors, was issued by the staff. This paper defined several possible options for consideration by the Commission. The staff recommended an option in which the stakeholders, together with the NRC staff, identified appropriate changes to the existing risk-informed guidance for changes to the licensing basis, including operational programs, and to the ROP (Ref. 37).

In the resulting SRM, the Commission directed the staff to continue to use the existing risk-informed framework, including current regulatory guidance, for licensing and oversight activities for new plants pending additional analysis and review (Ref. 35).

Additionally, the Commission reaffirmed that the existing safety goals and safety performance expectations, along with the key principles and quantitative metrics for implementing risk-informed decision making, are sufficient for new plants. The Commission expects that the advanced technologies incorporated in new reactors will result in enhanced margins of safety, and noted that these enhanced margins and safety features should have greater operational flexibility than current reactors, and that this flexibility will provide for a more efficient use of NRC resources and allow a fuller focus on issues of true safety significance.

The Commission directed the staff to engage with external stakeholders in a series of tabletop exercises to test various realistic performance deficiencies, events, modifications, and licensing bases changes against current NRC policy, regulations, guidance and all other requirements to either confirm the adequacy of those regulatory tools or identify areas for improvement, such as potential adjustments to the Reactor Oversight Process. They further directed the staff to prepare a notation vote paper with options and recommendations that provide greater specificity and definition than was contained in SECY-10-0121.

c. June 6, 2012: SECY-12-0081, Risk-Informed Regulatory Framework for New Reactors, was issued by the staff detailing the results of the tabletop exercises (Ref. 32). These results demonstrated that current risk thresholds were appropriate; however, some changes to the ROP may be warranted to implement the existing risk-informed concepts for new reactors. The staff recommended an option in which after working with internal and external stakeholders, the staff would identify appropriate changes to augment the existing risk-informed guidance with deterministic backstops to ensure an appropriate regulatory response for the new reactor designs.

In the resulting SRM, the Commission directed the staff to give additional consideration to the use of relative risk metrics, or other options, that would provide a more risk-informed approach to the determination of the significance of inspection findings for new reactors (Ref. 31). Additionally, if the staff believed that this was not a viable option for new reactor oversight, it should provide a technical basis for its conclusions.

The Commission further directed the staff to prepare a notation vote paper that provides:

1. A technical basis for the staffs proposal for the use of deterministic backstops, including examples;

2. A technical evaluation of the use of relative risk measures, including a reexamination of the pros and cons listed in the staffs 2009 white paper; and Issue Date: 10/04/22 28 0308

3. A discussion of the appropriateness of the existing performance indicators and the related thresholds for new reactors.

d. December 17, 2013: SECY-13-0137, Recommendations for Risk-Informing the Reactor Oversight Process for New Reactors, was issued by the staff. Based on its evaluations and interactions with stakeholders, the staff recommended the development of an integrated risk-informed approach using qualitative measures (formerly referred to as deterministic backstops) along with quantitative risk insights to inform regulatory decisions in a structured manner. The staff also concluded that although the relative risk approach has some merit, the shortcomings of the relative risk approach outweigh its benefits. Finally, the staff concluded that many of the PIs are based on regulations or standards that also apply to new reactor designs; however, some PIs in the Initiating Events and Mitigating Systems cornerstones warrant further analysis to fully develop appropriate PIs, thresholds, or guidance for new reactor applications (Ref. 38).

In the resulting SRM, the Commission directed the staff to enhance the SDP by developing a structured qualitative assessment for events or conditions that are not evaluated in the supporting plant risk models. Areas where such a qualitative assessment may prove useful include evaluation of performance deficiencies associated with passive safety systems, digital instrumentation and controls, and human performance issues. The SDP should continue to place emphasis on the use of the existing quantitative measures of the change in plant risk for both operating and new reactors. The staff should develop guidance to address circumstances that are unique to new reactors, for example due to uncertainty of the reliability of passive systems, structures and components (SSCs) or other SSCs with limited operational experience.

The Commission also approved the staffs recommendation to develop appropriate PIs and thresholds for new reactors, specifically those PIs in the Initiating Events and Mitigating Systems cornerstones, or develop additional inspection guidance to address identified shortfalls to ensure that all cornerstone objectives are adequately met. The Commission further noted that the overall structure of the existing ROP should be preserved, and that the staff should notify the Commission through the annual report on the ROP self-assessment if they identify any further changes that are necessary, once the staff has gained operating experience with the new Generation III+ plants.

e. The staff transmitted requested changes to the ROP to accommodate new large light water reactors in SECY-18-0091, Recommendations for Modifying the Reactor Oversight Process for New Large Light Water Reactors with Passive Safety Systems Such as the AP1000 (Generation Ill+ Reactor Designs). In this paper the staff recommended that the Mitigating Systems Performance Index PIs not apply to AP1000 plants with no new PIs necessary. The staff also discussed less significant changes that did not require Commission approval, including revisions to IMC 0609 Appendix A, The Significance Determination Process (SDP) for Findings At-Power, Appendix G, Shutdown Operations SDP, Appendix H, Containment Integrity SDP, and Appendix M, SDP Using Qualitative Criteria, as well as revisions to a number of baseline inspection procedures. The proposed elimination of MSPI for AP1000 plants was approved by the Commission in the SRM for SECY-18-0091.

05.10 Additional Commission Commitments

a. During the development of the ROP, the Commission provided significant direction to the staff regarding certain attributes that the ROP should address. These items helped form Issue Date: 10/04/22 29 0308

the foundation of the ROP, and establish the basis for many important features of the ROP. These items, for the most part, come from Commission SRMs that were issued in response to many of the papers written and briefs conducted during ROP development.

A summary of the more significant items that influenced the development of the ROP (which have not already been addressed in the body of the IMC) and subsequent Commission direction follows:

b. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 25 May, 2005 - M050525B (Ref. 25)

1. The staff should consider further improvements to performance indicators to give the NRC good indicators of performance in which to focus inspection resources. See Attachment 1 to this IMC.

2. The staff should continue to emphasize the importance of effective implementation of a good corrective action program as it participates in conferences, workshops, and meetings with licensees.

3. The staff should ensure that the Mitigating System Performance Index (MSPI) process is as transparent as possible to external and internal stakeholders. See Attachment 1 to this IMC.

c. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting - Reactors/Materials, on 16 May, 2006 - M060516B (Ref. 27)

1. The staff should continue to work with stakeholders to improve the performance indicator program in order to better identify those plants with declining safety performance. See Attachment 1.

2. The staff should also continue to focus on improving the timeliness and efficiency of the Significance Determination Process. See Attachment 3.

3. Within the reactor oversight program, the staff should reconsider the point at which licensee senior management should be requested to meet with the Commission to discuss actions being taken to improve performance (e.g., plants remaining in Column IV for a protracted period) and make a recommendation to the Commission.

See Attachment 4.

d. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 31 May, 2007 - M070531 (Ref. 28)

1. The staff should provide to the Commission for approval a paper that describes the Baseline Risk Index for Initiating Events and plans for its use as a new industry-wide indicator. As part of this paper, the staff should discuss its communication plan.

2. The staff should, as practical, continue to look for leading performance indicators, as well as for ways to modify or improve the existing indicators.

e. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 4 June, 2008 - M080604 (Ref. 29)

Issue Date: 10/04/22 30 0308

The staff should look for ways to clarify to industry and the public the meaning and use of green performance indicators within the ROP. See Attachment 1.

f. SRM for SECY-12-0081, dated October 22, 2012 (Ref. 33), Risk-Informed Regulatory Framework for New Reactors The Commission would benefit from a fresh review of the practices and approaches the NRC has developed for the Reactor Oversight Program over the course of years. The staff should pursue an independent review of the programs objectives and implementation, including the relative roles of headquarters and regional staff, our interactions with industry over performance indicator assessments, and the effectiveness of NRCs assessment of substantive cross-cutting issues. Such an assessment would provide a reinforced foundation upon which the agency can plan for the operational review of new nuclear power plants based on Generation III+ reactor technology.

g. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 3 June, 2014 - M140603 (Ref. 34)

h. The staff should provide the Commission with the timeline for addressing the recommendations and suggestions of the Reactor Oversight Process Independent Assessment.SRM from the Commission meeting, Strategic Programmatic Overview of the Operating Reactors Business Line, on 7 July, 2016 - M160707 (Ref. 41)

The Commission was briefed by NRC staff on strategic considerations associated with the Operating Reactors Business Line. The staff was directed to ensure that individual changes to the ROP are assessed for aggregate impacts, to avoid any unintended consequences. Also as the staff considers its proposed revisions to the Significance Determination Process, they should pilot the revisions and hold public meetings or workshops to clarify their approach to risk-informing the process.

i. SRM for SECY-15-0108, dated 2 December, 2015, (Ref. 35), Recommendation to Revise the Definition of Degraded Cornerstone as Used in the Reactor Oversight Process The Commission has approved the staffs recommendation to revise the definition of degraded cornerstone to three or more White inputs or one Yellow input and to make conforming changes to Inspection Manual Chapter 0305. See Attachment 4 for additional information.

j. SRM from the Commission meeting, Briefing on Results of the Agency Action Review Meeting, on 2 June, 2016 - M160602B (Ref. 36)

Proposed significant changes or pilot programs related to the Reactor Oversight Process and the Significance Determination Process should be provided to the Commission, accompanied by thorough, data-driven analysis that clearly identifies the program performance issues that need to be addressed. The staff should provide for Commission approval the set of criteria being developed to define when Commission approval is needed. See Attachment 3.

Issue Date: 10/04/22 31 0308

0308-06 REFERENCES "Integrated Review of the NRC Assessment Process for Operating Commercial Nuclear Reactors," SECY-97-122, June 6, 1997 "Results of the Initial Implementation of the New Reactor Oversight Process," SECY-01-0114, June 25, 2001 "Staff Action Plan to Improve the Senior Management Meeting Process," SECY-97-072, April 2, 1997 "Staff Requirements - Briefing on Results of the Agency Action Review Meeting -

Reactors/Materials, Staff Requirements Memorandum, May 16, 2006 - M060516B "Staff Requirements - SECY-05-0187 - Status of Safety Culture Initiatives and Schedule for Near term Deliverables," Staff Requirements Memorandum, December 21, 2005 "Staff Requirements SECY-97-122C Integrated Review of the NRC Assessment Process for Operating Commercial Nuclear Reactors," SRM 9700238, August 19, 1997 Improvements to the Reactor Oversight Process Self-Assessment Program, SECY-15-0156, December 11, 2015. ML15310A086 Modifying the Risk-Informed Regulatory Guidance for New Reactors, SECY-10-0121, -

September 14, 2010 Reactor Oversight Process Self-Assessment for Calendar Year 2018, SECY-19-0037, April 30, 2019 Recommendations for Reactor Oversight Process Improvements (Follow-up to SECY-99-007),"

SECY-99-007A, March 22, 1999 Recommendations for Reactor Oversight Process Improvements," SECY-99-007, January 8, 1999 Recommendations for Risk-Informing the Reactor Oversight Process for New Reactors, SECY-13-0137, June 30, 2013 Results of the Revised Reactor Oversight Process Pilot Program," SECY-00-0049, February 24, 2000 Revisions to the Reactor Oversight Process Self-Assessment Program, SECY-20-0039, April 30, 2020 Risk-Informed Regulatory Framework for New Reactors, SECY-12-0081, 6 June, 2008 Staff Proposal to Reintegrate Security into the Action Matrix of the Reactor Oversight Process Assessment Program, SECY-11-0073, June 5, 2011 Staff Requirements - SECY-04-0020 - Treatment of Physical Protection Under the Reactor Oversight Process," Staff Requirements Memorandum, March 29, 2004 (Non-Publicly Available)

Issue Date: 10/04/22 32 0308

Status of the Integrated Review of the NRC Assessment Process for Operating Commercial Nuclear Reactors," SECY-98-045, March 9, 1998 2014 ROP Enhancement Project: Various projects all can be found on the Reactor Inspection Branch (IRIB) SharePoint site under ROP Enhancement Project.

Andersen, "Recommendations to Improve the Senior Management Meeting Process,"

December 30, 1996 Commission meeting, 24 April, 1997, " Briefing on Staff Response to Arthur Andersen Study Recommendations," SRM - M970424B Commission meeting, 24 June, 2016 Briefing on Results of the Agency Action Review Meeting, SRM - M160602B Commission meeting, 25 June, 1996, Briefing on Operating Reactors and fuel Facilities, SRM - M960625 Commission meeting, 25 May, 2005 " Briefing on Results of the Agency Action Review Meeting SRM - M050525B Commission meeting, 3 June, 2014 Briefing on Results of the Agency Action Review Meeting, SRM - M140603 Commission meeting, 31 May, 2007 " Briefing on Results of the Agency Action Review Meeting (AARM), SRM - M070531 Commission meeting, 4 June, 2008 " Briefing on Results of the Agency Action Review Meeting (AARM), SRM,-- M080604 Commission meeting, 7 July, 2016 Strategic Programmatic Overview of the Operating Reactors Business Line, SRM - M160707 COMSECY-15-0014, Proposed Elimination of Annual Reporting Requirements for Specific Evaluations within the Reactor Oversight Process Self-Assessment Process 7 May, 2015 Deleted: USNRC, "U.S. Nuclear Regulatory Commission, Strategic Plan, Fiscal Year 2000 -

Fiscal Year 2005, Vol. 2, Parts 1 and 2 NEI, "A New Regulatory Oversight Process," July 27, 1998 S. J. Collins, "Pilot Program for the New Regulatory Oversight Process," Memorandum, May 20, 1999 SRM for SECY-00-0049 Results of The Revised Reactor Oversight Process Pilot Program (Part 1)," March 28, 2000 SRM for SECY-00-0049 Results of the Revised Reactor Oversight Process Pilot Program (Part 2)," May 17, 2000 SRM for SECY-04-0111 Recommend Staff Actions Regarding Agency Guidance in The Areas of Safety Conscious Work Environment and Safety Culture," August 30, 2004 Issue Date: 10/04/22 33 0308

SRM for SECY-11-0073 Staff Proposal to Reintegrate Security into the Action Matrix of the Reactor Oversight Process Assessment Program, July 20, 2011 SRM for SECY-12-0081 Risk-Informed Regulatory Framework for New Reactors, October 22, 2012 SRM for SECY-15-0108, Recommendation to Revise the Definition of Degraded Cornerstone as Used in the Reactor Oversight Process, 2 December, 2015 SRM for SECY-98-045 Status of The Integrated Review of The NRC Assessment Process For Operating Commercial Nuclear Reactors," June 30, 1998 SRM for SECY-99-007 and SECY-99-007A Staff Requirements - SECY-99-007 -

Recommendations For Reactor Oversight Process Improvements and SECY-99-007A -

Recommendations For Reactor Oversight Process Improvements (Follow-up to SECY-99-007)," June 18, 1999 USNRC, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," Regulatory Guide 1.174, July 1998 USNRC, "Public Comment on the Pilot Program for the New Regulatory Oversight Program,"

Federal Register, Vol. 64, p. 40394 (64 FR 40394), July 26, 1999 USNRC, "Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission,"

NUREG/BR-0058, Rev. 3, June 2000 USNRC, "Safety Goals for the Operation of Nuclear Power Plants; Policy Statement," Federal Register, Vol. 51, p. 30028 (51 FR 30028), August 4, 1986 END Exhibits:

1. Reactor Oversight Process

2. Reactor Oversight Process Framework

3. Initiating Events Cornerstone Diagram

4. Mitigating Systems Cornerstone Diagram

5. Barrier Integrity Cornerstone Diagram - Fuel Cladding

6. Barrier Integrity Cornerstone Diagram - RCS

7. Barrier Integrity Cornerstone Diagram - Containment

8. Emergency Preparedness Cornerstone Diagram

9. Occupational Radiation Safety Cornerstone Diagram

10. Public Radiation Cornerstone Diagram

11. Security Cornerstone Diagram

12. Conceptual Model for Evaluating Licensee Performance Attachments (Standalone):

1. Technical Basis for Performance Indicators

2. Technical Basis for Inspection Program Issue Date: 10/04/22 34 0308

3. Technical Basis for Significance Determination Process Appendices to Attachment 3 A. Technical Basis for At Power Significance Determination Process B. Technical Basis for Emergency Preparedness Significance Determination Process C. Technical Basis for Occupational Radiation Safety Significance Determination Process D. Technical Basis for Public Radiation Safety Significance Determination Process E. Technical Basis for the Baseline Security Significance Determination Process F. Technical Basis for Fire Protection Significance Determination Process At Power Operations G. Technical Basis for Shutdown Operations Significance Determination Process H. Containment Integrity Significance Determination Process Technical Basis I. Technical Basis for Operator Requalification Human Performance Significance Determination Process J. Technical Basis for Steam Generator Tube Integrity Findings K. Technical Basis for Maintenance Risk Assessment and Risk Management Significance Determination Process L. Technical Basis for Extensive Damage Mitigation Guidelines Significance Determination Process M. Technical Basis for the Significance Determination Process Using Qualitative Criteria

4. Technical Basis for Assessment

5. Technical Basis for Enforcement

6. Basis Document for Security Cornerstone of the Reactor Oversight Process : Revision History for IMC 0308 Issue Date: 10/04/22 35 0308

Exhibit 1 Reactor Oversight Process Issue Date: 10/04/22 Ex1-1 0308

Exhibit 2: Reactor Oversight Process Framework Issue Date: 10/04/22 Ex2-1 0308

Exhibit 3: Initiating Events Cornerstone Issue Date: 10/04/22 Ex3-1 0308

Exhibit 4: Mitigating Systems Cornerstone Issue Date: 10/04/22 Ex4-1 0308

Exhibit 5: Barrier Integrity Cornerstone - Fuel Cladding Issue Date: 10/04/22 Ex5-1 0308

Exhibit 6: Barrier Integrity Cornerstone - Reactor Coolant System Issue Date: 10/04/22 Ex6-1 0308

Exhibit 7: Barrier Integrity Cornerstone - Containment Issue Date: 10/04/22 Ex7-1 0308

Exhibit 8: Emergency Preparedness Cornerstone Issue Date: 10/04/22 Ex8-1 0308

Exhibit 9: Occupational Radiation Safety Cornerstone Issue Date: 10/04/22 Ex9-1 0308

Exhibit 10: Public Radiation Cornerstone Issue Date: 10/04/22 Ex10-1 0308

Exhibit 11: Security Cornerstone Issue Date: 10/04/22 Ex11-1 0308

Exhibit 12: Conceptual Model for Evaluating Licensee Performance CONCEPTUAL MODEL FOR EVALUATING LICENSEE PERFORMANCE. Captured for historical reference.

GREEN Licensee Response Band Cornerstone objectives fully met. Nominal risk with nominal deviation from expected performance.

WHITE Increased Regulatory Response Band Cornerstone objectives met with minimal reduction in safety margin. Changes in performance consistent with CDF<10-5 (LERF<10-6).

YELLOW Required Regulatory Response Band Cornerstone objectives met with significant reduction in safety margin. Changes in performance consistent with CDF<10-4 (LERF<10-5).

RED Extensive Regulatory Response Band Performance within the cornerstone represents an unacceptable loss of safety margin. Changes in performance consistent with CDF>10-4 (LERF >10-5). Sufficient safety margin still exists to prevent undue risk to public health and safety.

Issue Date: 10/04/22 Ex12-1 0308

Attachment 7: Revision History for IMC 0308 Commitment Accession Number Description of Change Description of Comment and Tracking Issue Date Training Feedback Number Change Notice Required and Resolution Completion Date Accession Number (Pre-Decisional, Non-Public) 02/21/2003 Initial issuance.

CN 03-006 ML042100385 Revised 07/27/2004 CN 04-020 N/A ML062890417 This IMC has been revised to incorporate N/A N/A 10/16/06 comments from the Commission in which the CN 06-027 term public confidence has been change to openness N/A ML071860181 This IMC has been revised to incorporate N/A ML072830090 11/08/07 changes in response to Feedback Forms CN 07-035 0308-0950, use of terms SCWE and safety culture, 0308-0952, remove containment PI from Exhibit 7, clarify definitions to performance band colors, and to revise reference numbering and remove/ move references to other portions of IMC 0308.

N/A ML14164A209. This IMC has been revised to incorporate N/A 09/04/14 reintegration of security into the ROP Action CN 14-020 Matrix, update Commission direction, a discussion on appealing cross-cutting aspects and removal of the acronym section.

Issue Date: 10/04/22 Att1-1 0308

Commitment Accession Number Description of Change Description of Comment and Tracking Issue Date Training Feedback Number Change Notice Required and Resolution Completion Date Accession Number (Pre-Decisional, Non-Public)

N/A ML16306A386 This IMC has been revised to provide updates N/A ML16307A047 10/04/17 for changes to the ROP since 2012 and to 0305-2226 CN 17-021 provide a more comprehensive history of the 0310-1945 development of the ROP. Updated to include changes in IMC 0310.

N/A ML22125A164 Editorial updates due to routine five-year N/A ML22168A214 10/04/22 review. FBF 71152-2016 closed by this CN 22-020 revision. FBF 0308-2016 ML22161A959 Issue Date: 10/04/22 Att1-2 0308