Text

.

1. " "'% >.................o...-* l

!\ .m 5 RELEASED TO THE PDR .

e

\,......-)

i je DhM . SN9 !, \

. ca e.au

~"~"~"~

POLICY ISSUE (Notation Vote)

July 22, 1999 SECY-99-191 FOR The Commissioners FROM: William D. Travers Executive Director for Operations

SUBJECT:

MODIFICATIONS TO THE SAFETY GOAL POLICY STATEMENT PURPOSE:

To inform the Commission of staff progress in developing recommendations regarding possioie modifications of the reactor Safety Goal Policy Statement in response to the Commission's Staff Requirements Memoranda on SECY-97-208 (October 16,1997) and on SECY-98101 (June 30,1998). We also propose beginning a feasibility study of the development of overarching safety principles for the agency.

I BACKGROUND:

l As discussed in SECY-98-101, the Commission's Safety Goal Policy Statement, issued in 1986, should be modified to make the statement consistent with current practices as stated in Regulatory Guide 1.174,"An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," to reflect Commission

. guidance received since the 1986 Policy Statement was issued, and to clarify the role of safety goalc in NRC's regulatory process.

By a Staff Requirements Memorandum dated June 30,1998, the Commission approved the staff's plans and cautioned that "The revised policy statement should remain a high-level document describing the principles consistent with the Commission's views on 'how safe is safe enough.' The staff should be mindful that the revised Safety Goal Policy Statement needs to be consistent with the PRA Policy Statement, and should not include too many quantitative guidelines which would make the Safety Goal Policy Statement overly prescriptive."

l l

Contact:

• &' Qhl Joseph A. Murphy, RES 3 '1s'kR831 a O y rm 6, .s R m 9910290350 990722

-19 PDR O d PrI ~ C#b I1 l 9

w 2 DISCUSSION:

1.0 Reactor Safety Goal Policy The staff is proceeding with the review of the eleven issues identified in SECY-98-101 and in March 2000 will recommend to the Commission whether or not to modify the cu rent Safety Goal Policy Statement. This delay will provide time for coordination with a study on the development of overarching safety principles (discussed later in this paper), permit integration with the other ongoing risk-informed initiatives, and provide for stakeholder, ACRS and CRGR feedback. The NRC Steering Committee for Risk-Informed Activities has reviewed the concepts and recommendations contained in this paper and their guidance has been incorporated into the paper. As work proceeds on the Safety Goal Policy issues, the overarching safety principles, as well as the other items in the PRA Implementation Plan, the Steering Committee will continue to review and provide integrated guidance on these activities.

The status of our evaluation of each of the issues is provided below. Two of the eleven issues (definition of adequate protection and consideration of defense in depth) have been combined in the discussion which follows.

1 Plant Specific Usaae of Safetv Goals i

The present Policy Statement restricts the use of the safety goals to generic applications. We {

intend to recommend amending the Safety Goal Policy Statement, consistent with Commission '

guidance on Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis" to indicate that i safety goals 97,0 be considered as part of a risk-informed evaluation of individual reactor regulatory actions, in addition to consideration in generic agency actions, subject to the adequacy of the underlying probabilistic risk analysis. This will make the Policy Statement consistent with existing guidance. The five general principles on the use of risk information in making regulatory changes, stated in Regulatory Guide 1.174, may be appropriate for inclusion into the Safety Goal Policy to provide guidance for such plant-specific use.

Subsidiarv Obiectives includina Elevation of C are Damaae Freauency as Fundamental Goal Considering the uncertainties associated with' predicting severe accidents, the staff believes that additional. emphasis should be placed on accident prevention in the Policy Statement. This should be done in a qualitative fashion so that it is clear that accident prevention should receive priority over mitigation. However, a quantitative accident prevention goal does not appear necessary, since it is currently adequately covered by the existing subsidiary objective for core damage frequency (CDF) and related regulatory guidance documents, such as Regulatory Guide 1.174, and in the Regulatory Analysis Guidelines (NUREG/BR-0050). It may be reasonable, however, to include in the Policy Statement a discussion of the subsidiary objectives (CDF and large early release frequency, LERF) as well as any additional subsidiary objectives that may result from further study (e.g., temporary changes in risk).

We willinclude a discussion of the pros and cons associated with elevation of the core damage frequency to the level of a fundamental goal in our final paper.

Treatment of Uncertainty

- The existing Safety Goals consider uncertainties implicitly by setting the, goals in terms of

, the mean of the probability distribution for the qualitative health objectives (OHOs). Guidance is provided in Regulatory Guide 1.174 on the importancc of consideration of not only parameter uncertainty, but also model uncertainty and completeness uncertainty in r:sk-informed decisions. Guidance is also being developed by international bod;es. We believe it would be desirable to amend the Safety Goal Policy Statement to make clear that all types of uncertainty must be considered when making a safety decision.

Use of Safety Goals to Define "How safe is safe enouah" The guidance provided to the staff in the June 15,1990 SRM on safety goals articulates that it is the intent of the Safety Goal Policy Statement to define "how safe is safe enough." The SRM guidance should be incorporated into the Policy Statement.

Definiting_pf Adeauate Protection and Defense-in-Death Several stakeholders have called for a definition of " adequate protection." For example, the Center for Strategic and International Studies in their draft report on " Nuclear Regulatory Process Review," noted the importance of a clear definition of adequate protection and a consistent application of safety requirements. The co=ept of adequata protection has multiple attributes and both legal and technical considerations. Therefore, it is not clear if the reactor Safety Goal Policy is the correct vehicle for exploring this issue. For example, it may be.more j appropriate to address this issue as part of a baader set of safety principles as discussed later i in this paper.

As stated in its June 15,1990, SRM the Commission did not consider it necessary to create a i generic definition of adequate protection. However, use of a three-tiered regulatory philosophy j (a region where adequate protection is required regardless of cost, a region where cost-beneficial actions are considered provided they pass the Backfit Rule, and a region below the safety goals where additional requirements would not be justified) could benefit from a definition of adequate protection.

As an alternative to " defining" adequate protection, there may be benefit in defining a " zone of presumptive adequate protection," as an extension of the " presumptive" approach to adequate protection for the current set of deterministic regulations as articulated in Maine Yankee. ALAB-161,6 AEC 1003 (1973). Under this approach, qualitative and/or quantitative elements and threshold values would be identified which, if met, would be regarded as presumptively providing adequate protection.' However, failure to meet the threshold values would not pgr gg be regarded as a failure to provide adequate protection. Rather, the failure to meet the threshold values would require more detailed consideration of relevant factors, including risk, to determine whether adequate protection would be provided.

(

l I

l If it is decided to pursue a definition of adequate protection, defense in depth will be defined and placed in context in the regulatory framework as part of that discussion. If not, it will be considered separately in formulating recommended changes to the Policy Statement. The Staff will also determine the feasibility of establishing a c' ncept of adequate protection for non-power facilities and materials users. This will likely pose trie same issues that were identified in  !

SECY-99-100 with respect to establishing a safety goal (or goals) for materials users. 1 Societal Risk i i

Societal risk is currently addressed through a qualitative statement and a OHO on latent cancer fatalities. Comparisons to the OHO are calculased based on the individual risk of latent cancer 4 fatality, averaged over 10 miles. This averaging process, expressed in terms of average  !

individual risk, does not explicitly limit societal risk. However, since new rule changes are  !

subjected to backfit analysis using the regulatory analysis guidelines. societal risk (in person-rem) is explicitly considered when determining if the cost of s afety improvements is commensurate with societal risk averted. Therefore, the policy stateFent should be expanded to acknowledge this approach in implementing the existing qualitative societai risk goal, but additional quantitative goals are not necessary.

Land Contamination The Commission's Strategic Plan calls for protection of the environment in a manner that is responsive to environmental concerns and is consistent with the Commission's responsibility for protecting the radiological health and safety of the public. Risk analyses indicate that, in case i of.a severe accident involving large off site releases, most of the population dose associated

~

with the latent cancer fatalities (or cancer incidence) comes from ground shine and ingestion ,

dose, rather than from a cloud inhalation dose. The magnitude of this dose, thus, is strongly i affected by protective measures employed after an accident. However, decisions associated with recommending land interdiction following an accident are directly dependent on protective action guid,elines and actions taken by others (e.g., States, EPA). Given these concerns, we are evaluating the pros and cons associated with a separate goal in this area. Such a goal l would need to consider the differences between land interdiction following an accident and the I criteria in the License Termination Rule. We note that in the recent revision to Part 100, the i Low Population Zone distance was evaluated to ensure it was sufficient to keep the likelihood of l contaminating a large population center, such that it is uninhabitable, at a very low value. Thus, land contamination has, to some extent, been considered in developing the siting regulations.

Temporary Chances in Risk l We believe that the Safety Goal Policy should address in general terms the Commission's policy regarding temporary changes in risk as a result of equipment failures, maintenance activities, and human actions. We are evaluating the pros and cons of various approaches. i It may be appropriate to consider the impact of temporary changes on defense in depth. This evaluation is being coordinated with the treatment of configuration controlin the pending amendments to the Maintenance Rule.

l I

l

Update Poliev Statement To Reflect Recent Guidance and Current Use of Risk Information The policy statement will be updated to reflect the use of a risk-informed approach to implement {

regulatory requirements. '

General Performance Guideline for Freouency of a Laroe Release of Radioactive Material l l

SECY-93-138 concluded that a guideline of 1 x 104 for the frequency of a large release of radioactive material could not be developed without being significantly more restrictive than the OHOs and recommended that work on such a guideline be terminated. Consistent with the {

i related SRM, dated June 10,1993, which approved that termination, statements in the policy l statement on the frequency of a large release of 1 x 104per year will be deleted. I R.0 Overarchino Safety Princioles l Several factors have emerged over the past year that suggest consideration should be given to developing a high level" safety policy" that would describe those overarching safety principles that apply to all agency safety activities. These factors include the following:

The criticism received in the context of our Congressional hearings'in July 1998, regarding the lack of consistency and transparency in our safety decisions, o Similar feedback received in reviews by the General Accounting Office in their reports on " Major Management Challenges and Program Risks - Nuclear Regulatory Commission" (GAO/OCG-99-19) and " Strategy Needed to Regulate Safety Using Information on Risk"(GAO/RCED-99 95) and the Center for Strategic and International Studies in their draft report on " Nuclear Regulatory Process Review,"

e The fact that many of the issues discussed in SECY-98-101 are agency- wide issues, not just reactor issues, and should be addressed in an overall agency context. These include the following issues:

• Role and use of an adequate protection definition and safety goals to l express a basic safety philosophy, l

• Plant specific usage of safety goals, 1

e Treatment of uncertainty, e Appropriate application of defense in depth, and e Use of riok-informed and performance based regulation.

C

• The submission of SECY-99-100, which recommends actions to risk inform i NMSS activities and the Commission's response in a June 28,1999, SRM. l Implementation of the direction provided in the June 28,1999, SRM, would  !

benefit from articulation of these overarching safety principles. Further, the development of these principles will benefit from NMSS input by helping to

]

i assure that there is an appropriate level of generality. )

l These principles could be qualitative and would address items such as: l l

e Qualitative goals for public, worker, and environmental protection, e Description of the approach to regulation and a statement that changes to rules and regulations will be made consistent with Regulatory Analysis Guidelines.

The consideration of the cost-benefit relationship will be made in context of the various activities regulated, e Role and definition of adequate protection, j e The role and definition of risk-informed and performance-based requirements, '

expanding on the guidance given in the Commission's White Paper, o Role and definition of defense in depth, recognizing the insights in the White Paper, in comments from ACRS in this regard, and expanding on the discussion in the Strategic Plan, j e Other considerations such as treatment of uncertainty, population at risk,  !

temporary risk increases, and the different time scale of risk considerations  !

between reactor considerations and those associated with high level waste, and j l

e The need for consistency and integration among these principles and other NRC 1 regulatory principles such as the Severe Accident Policy Statement, Regulatory Analysis Guidelines, and the Backfit Rule.

Attachment 1 illustrates, in concept, examples of the types of principles that we might explore in this high level policy. We are proposing a small feasibility study to explore the viability of developing such principles.

The objective of developing a set of integrated high level safety principles is to document in a hierarchical fashion those high level objectives, goals, and practices that shape regulatory requirements and decision-making and ensure compliance with the Atomic Energy Act. Their developrnent will require substantial stakeholder involvement. However, once developed, they l will help promote regulatory stability, consistency, and public confidence by consolidating and clearly stating the Commission's philosophy and approach to safety and regulatory actions.

l These principles should also provide the public with a better understanding of how NRC's regulatory actions are developed and what our regulatory actions are trying to achieve, thus facilitating communication with our stakeholders and enhancing public confidence. These principles will also provide the NRC staff with the framework to develop and take regulatory actions and facilitate the move to risk-informed regulation by providing a foundation for making risk-informed decisions with respect to the scope of and objectives for regulation. Ultimately, such high level principles would facilitate and could be included in an overall agency strategy to 1

l E

c~

]

I risk inform its activities, as proposed by GAO in its report, GAO/RCED- 99 95, and discussed in the Chairman's response to GAO. They could also become part of the Agency's Strategic Plan.

However, it should be recognized that principles are not enforceable, and our ability to apply them to the regulatory process may involve the need for ru'smaking.

QOORDINATION:

The Office of the General Counsel has reviewed this paper and has no legal objection. The 4 Office of the Chief Financial Officer has reviewed this Commission paper for resource implications and has no objections. The Office of the Chief Information Officer has reviewed the Commission Paper for information technology and information management implications and concurs in it. The NRC Steering Committee for Risk-Informed Activities has reviewed the concepts and recommendations contained in this paper and their guidance has been incorporated into the paper. As work proceeds on the Safety Goal Policy issues and the overarching safety principles, the Steering Committee will continue to review and provide guidance on these activities.

RESOURCES:

The staff proposes a small effort, in parallel with continuing evaluation of the reactor Safety Goalissues, to draft a set of high level safety principles. This effort would build upon and complement the work on the reactor Safety Goal issues by helping to ensure that these issues

. are addressed in an agency-wide fashion. This effort would also involve obtaining feedback l from stakeholders and additionalinteraction with ACRS and ACNW. A report to the l Commission on the feasibility and usefulness of continuing this effort would be prepared and  !

provided to the Commission after the preliminary work is completed. This approach is  ;

consistent with feedback received from ACRS in their letter of April 19,1999, it is estimated l that this effort to evaluate feasibility would take approximately 9 months and would be done with 1 in-house resources (1-2 FTE combined from RES, NMSS, OGC and NRR) that would be .

reprogrammed from other lower priority work (NMSS resources are discussed in SECY-99-iOO).

RECOMMENDATION:

1. - That the Commission authorize the staff to proceed with a study of the feasibility of developing overarching safety principles,

2. That the Commission note that a recommendation will be provided by March 30,2000, I regarding the need to modify the current Safety Goal Policy Statement. This represents '

a delay of eight months from that previously reported, but is necessary recognizing the

1 complexity of the issues involved, the need to ensure coordination and consistency with the feasibility study on overarching safety principles and with those risk-informed initiatives already underway under the PRA implementation Plan, and the need for stakeholder, ACRS and CRGR review.

t -

r NY V William D. Tvavers Executive Director for Operations 1

Attachment:

1. Conceptual Outline for Proposed High Level Safety Principles l

Commissioners' completed vote sheets / comments should be provided directly to ]

the Office of the Secretary by COB Friday, August 6, 1999. 1 Commission Staff Office comments, if any, should be submitted to the Commissioners NLT July 30, 1999, with an information copy to the Office of the Secretary. If l the paper is of such a nature that it requires additional review and comment, the Commissioners and the Secretariat should be apprised of when comments may be expected.

DISTRIBUTION: ,

Comm!ssioners OGC OCAA l OIG l

OPA l_ OCA l ACRS l ACNW I l CIO l CFO l EDO REGIONS SECY l

e-0 ATTACHMENT 1 Conceptual Outline for Proposed Hiah Level Safety Princioles (The concepts presented here are provisional and are subject to review as the staff develops these safety principles.)

)

• .QBJECTIVE:

To document in a hierarchical fashion those high level objectives, principles, and practices that shape regulatory requirements and decision-making and ensure compliance with the Atomic Energy Act. Such high level principles will help promote i regulatory stability, consistency, and public confidence by consolidating and clearly stating the Commission's philosophy and approach to safety and regulatory actions.

This will provide the public with a better understanding of how NRC's regulatory actions are developed and what they are trying to achieve, as well as provide the NRC staff with the framework to develop and take those actions. It will also facilitate the move to risk-informed regulation by providing a foundation for making risk-informed decisions with respect to the scope of and objectives for regulation. Rule changes associated with later implementation of the principles would be subject to the Backfit Rule and evaluated using the Regulatory Analysis Guidelines, as appropriate.

e SCOPE:

High level principles and practices that apply to all NRC activities (reactor and non-reactor), including normal and off-normal operation.

e PRINCIPLES AND PRACTICES THAT APPLY TO ALL NRC ACTIVITIES A. Qualitative Goals for Public. Worker. and Environmental Protection 1

Individual members of the public should be provided a level of protection from the use of radioactive material such that individuals bear no significant additional risk to life and health.'

Individual workers who are exposed to radiation or handle radioactive materials as part of their occupation should be provided a level of protection from the .

consequences of such exposures commensurate with the risks to life and health' l and the cost of preventing such exposure. Adequate protection should be i provided regardless of costs, with further reductions in exposures in accordance  ;

with an ALARA (as low as reasonably achievable) principle.  !

1 Societal risk to life and health from the use of radioactive materials should be omparable to or less than the risks from other similar activities and should not ,

be a significant addition to other societal risks.  !

' Life and health refers to early and latent fatalities

a B. Reculatorv Approach To Meet Public. Worker Protection Goals A level of protection (safety) provided to the public and workers should be established such that a sufficient level is provided without regard to cost (adequate protection ) and additional protection is provided where the benefits of such protection outweigh the costs (cost-beneficial) and result in a substantial improvement in protection. Risk to workers should be comparable to or lower than the risk to workers in comparable industries.

Safety decisions and regulatory actions must be commensurate with the levels of i protection achieved in the design and operation of regulated activities. In general, regulated activities will not take place unless adequate protection is achieved and will comply with all cost-beneficial requirements unless special circumstances permit an exception to the cost-bent 'icial requirements.

C. Imolementation of Reoulatory Acoroach ,

I Wherever practical, regulatory requirements will be risk-informed and  ;

performance-based.a J

t Regulatory requirements are to provide a balance between prevention and i mitigation, as appropriate.

]

1 Regulatory requirements will address uncertainties by application of sound l principles. These may include considerations such as defense in depth,' safety i margins, and the use of appropriate codes and standards, depending on the nature of the issue at hand.

l Consideration will be given to the ICRP Principles of Radiation Protection. l Regulatory requirements will address long term (high level waste) as well as short ,

term (temporary conditions) risks.  !

Regulatory requirements will reflect due consideration of the population at risk, 4 the time scale of the regulated activity, and the various modes of operation of the regulated activity.

Regulatory requirements will consider accident initiators caused by equipment error, human error, and natural hazards.

rA definition of adequate protection will be needed.

Suse definitions from Risk informed Performance Based white paper (Yellow Announcement-019, dated 3/11/99).

dA definition of defense in depth will be needed.