The PDF version 
Display Related Directives to this directive.
Display Reference Documents to this directive.
ORDER
DOE O 420.1B
Approved: 12-22-05
Review: 12-22-07
SUBJECT: FACILITY SAFETY
1. OBJECTIVES. To establish facility and programmatic safety requirements for
Department of Energy (DOE), including the National Nuclear
Security Administration (NNSA), for—
a. nuclear and explosives safety design criteria,
b. fire protection,
c. criticality safety,
d. natural phenomena hazards (NPH) mitigation, and
e. the System Engineer Program.
2. CANCELLATION. This Order cancels DOE O 420.1A, Facility Safety,
dated 05-20-02. Cancellation of an Order does not, by
itself, modify or otherwise affect any contractual
obligation to comply with such an Order. Contractor
requirements documents (CRDs) containing directive
requirements already incorporated into, or attached to, a
contract remain in effect until the contract is modified to
eliminate the existing requirement or substitute a new set
of requirements.
3. APPLICABILITY.
a. DOE Elements. Except for the exclusions in paragraph 3c,
this Order applies to all DOE elements with responsibility
for DOE-owned or -leased facilities. (See Attachment 1 for a
complete list of DOE elements as of the date of this
Order. This Order automatically applies to DOE
elements created after that date.) Except for the
exclusions in paragraph 3c, the requirements in this
Order apply to the types of DOE facilities established
in the applicability paragraphs of each chapter of this
Order.
The requirements in this Order are applicable to
Department employees. Failure to include comparable
requirements in contracts does not relieve Department
employees of responsibilities in this Order.
The NNSA Administrator will ensure that NNSA employees
and contractors comply with their respective
responsibilities under this Order.
b. DOE Contractors.
(1) The CRD (Attachment 2) sets forth requirements that are to
be applied to contractors with responsibility for the design,
construction, management,operation, decontamination,
decommissioning, or the demolition of DOE sites or facilities.
(2) Once notified, the contracting officer is responsible for
incorporating the applicable requirements of the CRD into the
laws, regulations, and DOE directives clause of each contract of
contractors that perform work at or for any DOE facility affected
by the facility safety hazards described in and requirements
established by this Order.
(3) Regardless of the performer of the work, the contractor is
responsible for compliance with the requirements of the CRD that
are incorporated in its contract. The prime contractor is
responsible for flowing down the requirements of the CRD to
subcontractors at any tier to the extent necessary to ensure the
contractor’s compliance with the requirements and the safe
performance of work.
c. Exclusions.
(1) Requirements in this Order that overlap or duplicate
requirements of the Nuclear Regulatory Commission (NRC) related
to radiation protection, nuclear safety, (including quality
assurance), and safeguards and security of material, do not apply
to the design, construction, operations, and decommissioning of
DOE facilities. This exclusion does not apply to requirements
for which the NRC defers to DOE or does not exercise regulatory
authority.
(2) Pursuant to Executive Order (E.O.) 12344, Naval Nuclear
Propulsion Program, the Director, Naval Nuclear Propulsion
Program, will implement and oversee requirements of this Order
for programs under the Director’s cognizance as set forth in the
Defense Procurement Reform Act of 1984 [Public Law (P.L.) 98-525]
and the Military Lands Withdrawal Act of 1999 (P.L. 106-65).
(3) Requirements of this Order that overlap or duplicate
requirements of the Department of Transportation (DOT) do not
apply. This exclusion does not apply to requirements for which
DOT defers to DOE or does not exercise regulatory authority.
(4) Accelerator facilities covered by DOE O 420.2B, Safety of
Accelerator Facilities, dated 7-23-04, are excluded only from
requirements of chapters I, III, and V of this Order.
(5) Fusion facilities are excluded from requirements of chapters
I, III, and V of this Order.
(6) Activities under the Nuclear Explosives and Weapons Safety
Program for prevention of accidental or unauthorized nuclear
detonation are excluded from a requirement of this Order only if
the requirement would compromise the effectiveness or safety of
those activities.
(7) Requirements of this Order do not apply to the Bonneville
Power Administration.
4. REQUIREMENTS.
a. Each chapter of this document defines specific facility or
programmatic safety requirements.
b. In complying with this Order, DOE and contractors must
ensure that any work done is consistent with any other safety,
design, or other analysis or requirements applicable to the
affected facility. In particular, work must be performed in
accordance with the integrated safety management requirements of
48 Code of Federal Regulations (CFR) 970.5223-1, Integration of
Environment, Safety, and Health into Work Planning and Execution,
and the quality assurance requirements of either Subpart A of 10
CFR Part 830, Nuclear Safety Management, or DOE O 414.1C,
Quality Assurance, dated 6-17-05 or successor document, as
applicable. All new construction, as a minimum, must comply with
national consensus industry standards and the model building
codes applicable for the state or region, supplemented in a
graded manner1 with additional safety requirements for the
associated hazards in the facility that are not addressed by the
codes.
c. DOE implementation guidance and technical standards
referenced in this Order are not mandatory; however they must be
considered in conjunction with the specific requirements. Such
guidance, along with both DOE and industry standards referenced
therein, represent acceptable methods to satisfy the provisions
of this Order. Alternate methods that satisfy the requirements
of this Order are also acceptable. Any implementation method
selected must be justified to ensure that an adequate level of
safety commensurate with the identified hazards is achieved.
5. RESPONSIBILITIES.
a. Assistant Secretary for Environment, Safety and Health.
(1) Develops and maintains policy, requirements, guidance, and
technical standards relating to this Order and CRD.
(2) Provides interpretation of DOE safety policy relating to
requirements of this Order.
(3) Provides advice and assistance on policy implementation.
(4) Monitors and reviews field element and contractor
implementation of the requirements of this Order and CRD.
(5) Provides comments on requests for exemptions from
requirements of this Order.
b. Secretarial Officers (SOs).
(1) Ensure that requirements of this Order and the CRD are
implemented for facilities, activities, or programs under their
cognizance.
(2) Review and approve requests for exemptions from requirements
of this Order after resolving comments, if any, from the
Assistant Secretary for Environment, Safety and Health, or in the
case of NNSA, following consideration of comments from the
Assistant Secretary of Environment, Safety and Health.
(3) Review and approve implementation plans for nuclear and
explosives safety design criteria.
(4) Ensure that heads of field elements notify contracting
officers when contracts are affected by this Order.
(5) Review and approve implementation methods other than those
in referenced implementation guides and standards.
(6) Review and approve any situations that could result in
deviations from the double contingency principle in operations
involving criticality hazards.
(7) Review and approve the basis for exceptions to including
multiple physical barriers to prevent or mitigate the unintended
release of radioactive materials to the environment as part of
the nuclear facility design in the documented safety analysis
(DSA).
c. Director, Office of Security and Safety Performance
Assurance.
(1) Acts as an independent authority responsible for
environment, safety and health oversight for the Department.
(2) Plans and conducts appraisals to determine compliance with
requirements of this Order. (See DOE O 470.2B, Independent
Oversight and Performance Assurance Program, dated 10-31-02.)
d. Heads of Field Elements.
(1) Ensure that the facilities, activities, and programs under
their purview operate in compliance with the requirements of this
Order and the CRD.
(2) Notify contracting officers when contracts are affected by
this Order.
(3) Coordinate with contracting officers the revision of
contracts to comply with requirements of this Order and require
contractors to appropriately flow down requirements to
subcontractors.
(4) Ensure that procurement requests include applicable
requirements in the CRD for this Order to be applied to awards or
subawards.
(5) If delegated by the SO, review and approve exemption
requests after resolving comments, if any, the Assistant
Secretary for Environment, Safety and Health for non-NNSA
facilities and after considering requests for NNSA facilities.
If not delegated, forward requests for exemption to SO.
(6) Conduct comprehensive self assessments and assessments of
contractor fire protection programs and criticality safety
programs (CSPs).
(7) Specify the frequency of the contractor’s periodic facility
assessment for fire protection.
(8) Review and approve—
(a) fire department baseline needs assessments, where
applicable;
(b) CSP description documents;
(c) plans for upgrades to correct deficiencies in natural
phenomena hazards mitigation for existing structures, systems,
and components;
(d) recommendations to update NPH assessments;
(e) the qualification program for criticality safety staff;
(f) shipping containers for off-site shipment that are used to
exclude materials from the requirement for a criticality alarm
system (CAS) or a criticality detection system (CDS); and
(g) the method for preparing criticality safety evaluations.
(9) Ensure that all procurement requests for work within the
scope of this Order, including work requests to be performed
through subcontracts, include the appropriate requirements of the
attached CRD.
(10) Unless otherwise directed by the Secretarial Officer fulfill
the role and responsibilities for the authority having
jurisdiction (AHJ) for matters involving fire protection as
defined by the National Fire Protection Association (NFPA) codes
and standards. Ensure any comments from designated fire
protection subject matter experts (SMEs) are appropriately
addressed.
e. Contracting Officers.
(1) Incorporate the CRD into affected contracts in a timely
manner when notified.
(2) Ensure applicable building code and NFPA codes and standards
are incorporated in contracts and other procurement documents.
6. EXEMPTIONS.
a. Exemptions to this Order must follow the process defined for
exemptions in DOE M 251.1-1A, Directives System Manual, except
for the approval authority defined in the responsibilities
paragraphs of this Order.
b. Exemptions, exclusions, and equivalencies to standards or
other documents referenced in this Order should follow the
provisions explicitly set forth in those documents; for example:
the equivalency, alternative, and modification provisions in the
NFPA Code.
7. REFERENCES. The following documents are expressly referenced in the body
of this Order and should be considered when implementing
this Order and the associated CRD in the context in which
they are referenced in the document.
a. Public Law (P.L.).
(1) P.L. 98-525, Defense Procurement Reform Act of 1984.
(2) P.L. 106-65, Military Lands Withdrawal Act of 1999.
b. Executive Orders (E.O.).
(1) E.O. 12344, Naval Nuclear Propulsion Program
(February 1, 1982).
(2) E.O. 12699, Seismic Safety of Federal and Federally Assisted
or Regulated New Building Construction (as amended by E.O. 13286,
Amendment of Executive Orders, and Other Actions, in Connection
with the Transfer of Certain Functions to the Secretary of
Homeland Security, January 5, 1990).
(3) E.O. 12941, Seismic Safety of Existing Federally Owned or
Leased Buildings (December 1, 1994).
c. Code of Federal Regulations (CFR).
(1) 10 CFR Part 830, Nuclear Safety Management.
(2) 48 CFR 970.5223-1, Integration of Environment, Safety, and
Health into Work Planning and Execution.
d. DOE Directives.
(1) DOE O 151.1C, Comprehensive Emergency Management System,
dated 11-2-05.
(2) DOE M 251.1-1A, Directives System Manual, dated 1-30-98.
(3) DOE O 414.1C, Quality Assurance, dated 6-17-05.
(4) DOE G 420.1-1, Nonreactor Nuclear Safety Design Criteria and
Explosives Safety Criteria Guide for Use with DOE O 420.1,
Facility Safety, dated 3-28-00.
(5) DOE G 420.1-2, Guide for the Mitigation of Natural Phenomena
Hazards for DOE Nuclear Facilities and Nonnuclear Facilities,
dated 3-28-00.
(6) DOE O 420.2B, Safety of Accelerator Facilities,
dated 7-23-04.
(7) DOE O 430.1B, Real Property Asset Management, dated 9-24-03.
(8) DOE O 433.1, Maintenance Management Program for DOE Nuclear
Facilities, dated 6-1-01.
(9) DOE G 440.1-5, Implementation Guide for Use with DOE Orders
420.1 and 440.1, Fire Safety Program, dated 9-30-95.
(10) DOE O 440.1A, Worker Protection Management for DOE Federal
and Contractor Employees, dated 3-27-98.
(11) DOE M 440.1-1A, DOE Explosives Safety Manual, dated 1-9-06.
(12) DOE M 452.4-1A, Protection of Use Control Vulnerabilities
and Designs, dated 3-11-04.
(13) DOE O 452.4A, Security and Control of Nuclear Explosives and
Nuclear Weapons, dated 12-17-01.
(14) DOE O 452.2B, Safety of Nuclear Explosive Operations,
dated 8-7-01.
(15) DOE O 452.1C, Nuclear Explosive and Weapons Surety Program,
dated 9-20-05.
(16) DOE O 470.2B, Independent Oversight and Performance
Assurance Program, dated 10-31-02.
(17) DOE O 5480.20A, Personnel Selection, Qualification, and
Training Requirements for DOE Nuclear Facilities, dated 11-15-94.
(18) DOE O 5480.30, Nuclear Reactor Safety Design Criteria,
dated 1-19-93.
e. DOE Technical Standards (STD).
(1) DOE-STD-1066-99, Fire Protection Design Criteria.
(2) DOE-STD-1073-2003, Configuration Management Program.
(3) DOE-STD-1134-99, Review Guide for Criticality Safety
Evaluations.
(4) DOE-STD-1135-99, Guidance for Nuclear Criticality Safety
Engineering Training and Qualification.
(5) DOE-STD-1156-2002, Self-Assessment Standard for DOE
Contractor Criticality Safety Programs.
(6) DOE-STD-1186-2004, Specific Administrative Controls.
(7) DOE-STD-3007-93, Guidelines for Preparing Criticality Safety
Evaluations at Department of Energy Non-Reactor Nuclear
Facilities.
(8) DOE-STD-3024-98, Content of System Design Descriptions.
f. Department of Defense (DoD) Documents.
(1) DoD Explosive Safety Board (DDESB) Technical Paper 12,
Fragment and Debris Hazards, July 1975.
(2) DDESB Technical Paper 13, Prediction of Building Debris for
Quantity-Distance Siting, April 1991.
(3) DDESB Technical Paper 15 Approved Protective Construction,
June 2004.
(4) DDESB Technical Paper 16, Methodologies for Calculating
Primary Fragment Characteristics, dated December 1, 2003.
(5) DDESB Technical Paper 17, DDESB Blast Effects Computer
Version 5.0 User’s Manual and Documentation, with accompanying
program entitled DDESB Blast Effects Computer (BEC), Version 6.1.
(6) DOE/TIC-11268, Manual for the Prediction of Blast and
Fragment Loading for Structures, (July 1992).
(7) DoD Technical Manual (TM) 5-1300, Structural Design of
Facilities to Resist the Effects of Accidental Explosions,
(1990).
g. Non-Government Standards.
(1) American National Standards Institute (ANSI)/American
Nuclear Society (ANS) Subcommittee 8 standards, including, but
not limited to—
(a) ANSI/ANS-8.1, Nuclear Criticality Safety in Operations with
Fissionable Material Outside Reactors, and
(b) ANSI/ANS-8.19-1996, Administrative Practices for Nuclear
Criticality Safety.
(2) National Fire Protection Association (NFPA) Standards.
(3) National Fire Protection Association (NFPA) 5000®, Building
Construction and Safety Code®, 2003.
8. ACRONYMS.
AHJ authority having jurisdiction
ALARA as low as reasonably achievable
ANS American Nuclear Society
ANSI American National Standards Institute
BEC blast effects computer
BNA baseline needs assessment
CAS criticality alarm system
CDS criticality detection system
CFR Code of Federal Regulations
COR Code of Record
CRD contractor requirements document
CSE cognizant system engineer
CSP criticality safety program
DDESB Department of Defense Explosive Safety Board
DoD Department of Defense
DOE Department of Energy
DOT Department of Transportation
DSA documented safety analysis
E.O. Executive order
FHA fire hazards analysis
G Guide (DOE directive)
HPR highly protected risk
M Manual (DOE directive)
MPFL maximum possible fire loss
NFPA National Fire Protection Association
NNSA National Nuclear Security Administration
NPH natural phenomena hazards
NRC Nuclear Regulatory Commission
O Order (DOE directive)
PDSA preliminary documented safety analysis
P.L. Public Law
SME subject matter expert
SSC structures, systems, and components
SO Secretarial Officer
STD standard (DOE directive)
TM technical manual (DoD)
9. CONTACT. Address inquiries to the Office of Environment, Safety and
Health; Office of Nuclear and Facility Safety Policy,
301-903-0078.
BY ORDER OF THE SECRETARY OF ENERGY:
CLAY SELL
Deputy Secretary
1. OBJECTIVES.
a. Nuclear Safety.
(1) To ensure that new DOE hazard category 1, 2, and 3 nuclear
facilities are designed and constructed in a manner that ensures
adequate protection to the public, workers, and the environment
from nuclear hazards.
(2) To ensure that major modifications to hazard category 1, 2,
and 3 nuclear facilities comply with the design and construction
requirements for new hazard category 1, 2, and 3 nuclear
facilities.
(3) To ensure that new DOE nuclear reactors comply with the
requirements of this Order and the design requirements of DOE
O 5480.30, Nuclear Reactor Safety Design Criteria.
b. Explosives Safety. To establish mandatory design and construction standards for
safety in new DOE explosives facilities and for major
modifications to such facilities. Explosives
facilities include facilities and locations used for
storage or operations with explosives or ammunition.
2. APPLICABILITY.
a. This chapter applies to DOE elements that have
responsibility for the design and construction of—
(1) new hazard category 1, 2, and 3 nuclear facilities as
defined by 10 CFR Part 830;
(2) new explosives facilities; and
(3) major modifications to such facilities that could
substantially change the approved facility safety analysis.
b. This chapter does not impose requirements on existing
facilities, except for major modifications to those facilities,
but it can be used as a standard for comparison when judging the
adequacy of existing facilities.
c. This chapter does not apply to nuclear deactivation or
decontamination and decommissioning activities at end-of-facility-
life if the safety analysis demonstrates that adequate protection
is provided consistent with the requirements of 10 CFR Part 830
through alternate means and it is not cost beneficial to apply
the provisions of this chapter for the limited remaining life of
the activity.
3. REQUIREMENTS.
a. Integration of Design with Safety Analyses.
(1) Safety analyses must be used to establish—
(a) the identity and functions of safety class and safety
significant structures, systems, and components (SSCs), and
(b) the significance to safety of functions performed by safety
class and safety significant SSCs.
(2) Safety analyses must address—
(a) hazards inherent to the facility and its activities,
(b) NPH (See chapter IV for examples of NPH and additional
requirements), and
(c) external man-induced hazards, (factors such as proximity to
airports, pipelines, hazardous traffic on roads or waterways, and
adjacent facilities).
(3) Safety analyses must be performed as early as practical in
conceptual or preliminary design processes to ensure that
required safety SSCs are specified in the final design.
(4) Safety analyses must be performed in accordance with the
requirements for safety analysis defined in DOE directives and
technical standards for a DSA.
b. Nuclear Facility Design.
(1) Nuclear facility design objectives must include multiple
layers of protection to prevent or mitigate the unintended
release of radioactive materials to the environment, otherwise
known as defense in depth. These multiple layers must include
multiple physical barriers unless the basis for not including
multiple physical barriers is documented in the DSA and approved
by DOE.
(2) Defense in depth must include all of the following—
(a) choosing an appropriate site;
(b) minimizing the quantity of material at risk;
(c) applying conservative design margins and quality assurance;
(d) using successive physical barriers for protection against
radioactive releases;
(e) using multiple means to ensure critical safety functions
needed to—
1 control processes,
2 maintain processes in safe status, and
3 confine and mitigate the potential for accidents with
radiological releases;
(f) using equipment and administrative controls that—
1 restrict deviation from normal operations,
2 monitor facility conditions during and after an event, and
3 provide for response to accidents to achieve a safe
condition;
(g) providing means to monitor accident releases as required for
emergency response; and
(h) establishing emergency plans for minimizing the effects of
an accident.
(3) Hazard category 1, 2, and 3 nuclear facilities must be
sited, designed, and constructed in a manner that ensures
adequate protection of the health and safety of the public,
workers, and the environment from the effects of accidents
involving radioactive materials release.
(4) Hazard category 1, 2, and 3 nuclear facilities with
uncontained radioactive material (as opposed to material
determined by safety analysis to be adequately contained within
drums, grout, or vitrified materials) must have the means to
confine the uncontained radioactive materials to minimize their
potential release in facility effluents during normal operations
and during and following accidents. Confinement design
considerations must include:
(a) for a specific nuclear facility, the number, arrangement,
and characteristics of confinement barriers as determined on a
case-by-case basis;
(b) consideration of the type, quantity, form, and conditions
for dispersing the radioactive material in the confinement system
design;
(c) use of engineering evaluations, tradeoffs, and experience to
develop practical designs that achieve confinement system
objectives; and
(d) the adequacy of confinement systems to perform required
functions as documented and accepted through the preliminary DSA
(PDSA) and DSA.
(5) Hazard Category 1, 2, and 3 nuclear facilities must be
designed to—
(a) facilitate safe deactivation, decommissioning, and
decontamination at the end of facility life, including
incorporation of design considerations during the operational
period that facilitate future decontamination and
decommissioning;
(b) facilitate inspections, testing, maintenance, repair, and
replacement of safety SSCs as part of a reliability,
availability, and maintainability program with the objective that
the facility is maintained in a safe state; and
(c) keep occupational radiation exposures within statutory
limits and as low as reasonably achievable (ALARA).
(6) Facility process systems must be designed to minimize waste
production and mixing of radioactive and non-radioactive wastes.
(7) Safety SSCs and safety software must be designed,
commensurate with the importance of the safety functions
performed, to perform their safety functions when called upon and
to meet the quality assurance program requirements of either
10 CFR 830, Subpart A, or DOE O 414.1C, Quality Assurance, as
applicable.
(8) Safety class electrical systems must be designed to preclude
single point failure.
(9) New DOE nuclear reactors must comply with the requirements
of this Order, as well as the design requirements of DOE
O 5480.30, Nuclear Reactor Safety Design Criteria.
c. Explosives Safety Design.
(1) New DOE explosives facilities and all modifications to
existing explosives facilities must be designed consistent with
the DOE explosives safety requirements established in
DOE M 440.1-1A, DOE Explosives Safety Manual, dated 1-9-06 and
technical standards referenced in that manual. In particular,
they must be designed in accordance with—
(a) DoD TM5-1300, Structural Design of Facilities to Resist the
Effects of Accidental Explosions (1990);
(b) DOE/TIC-11268, Manual for the Prediction of Blast and
Fragment Loading for Structures (July 1992); and
(c) the following DoD Explosives Safety Board (DDESB) technical
papers:
1 DDESB Technical Paper 12, Fragment and Debris Hazards, July
1975.
2 DDESB Technical Paper 13, Prediction of Building Debris for
Quantity-Distance Siting, April 1991.
3 DDESB Technical Paper 15, Approved Protective Construction,
June 2004.
4 DDESB Technical Paper 16, Methodologies for Calculating
Primary Fragment Characteristics, dated December 1, 2003.
5 DDESB Technical Paper 17, DDESB Blast Effects Computer
Version 5.0 User’s Manual and Documentation, with accompanying
program entitled DDESB Blast Effects Computer (BEC), Version 6.1.
(2) Blast-resistant design to protect personnel and facilities
must be based on the TNT equivalency of the maximum quantity of
explosives and propellants permitted, increased by 20 percent in
accordance with DoD TM5-1300.
d. Implementation.
(1) For new facilities, an implementation plan must be submitted
to the responsible SO or designee describing the process for
ensuring that facility design and construction will be in
compliance with the nuclear facility safety requirements of this
Order.
(2) Deviations/exemptions from requirements must be
appropriately documented, justified, and approved by DOE in
accordance with the provisions stated in this Order.
CHAPTER II. FIRE PROTECTION
1. OBJECTIVES. To establish this Order15 as the primary requirement for a
comprehensive fire protection program for DOE sites,
facilities, and emergency service organizations to minimize
the potential for—
a. Occurrence of a fire or related event;
b. Fires that cause an unacceptable onsite or offsite release
of hazardous or radiological material that could impact the
health and safety of employees, the public, or the environment;
c. Unacceptable interruption of vital DOE programs as a result
of fire and related hazards;
d. Property loss from fire exceeding limits established by DOE;
and
e. Fire damage to critical process controls and safety class
systems structures and components (as documented by appropriate
safety analysis).
2. APPLICABILITY. This chapter applies to both fire protection programs and
facility safety design for all DOE elements that have
responsibility for DOE nuclear, non-nuclear, and weapons
facilities.
3. REQUIREMENTS.
a. General. Fire protection for DOE facilities, sites, activities, design,
and construction must—
(1) provide a level of safety sufficient to fulfill requirements
for highly protected risk (HPR);
(2) prevent loss of safety functions and safety systems as
determined by safety analysis and provide defense-in-depth; and
(3) meet or exceed applicable building codes for the region and
NFPA codes and standards as follows.
(a) Facilities or modifications thereto must be constructed to
meet codes and standards in effect, when design criteria are
approved, otherwise known as the Code of Record (COR).
(b) Provisions of subsequent editions of codes or standards
(promulgated after the COR) must be met to the extent that they
are explicitly stated to be applicable to existing facilities.
Other provisions of updated codes and standards must be applied
to existing facilities when a construction modification takes
place or when a potential for immediate risk to life safety or
health has been identified through either the facility assessment
or fire hazards analysis (FHA) review process, or during the
construction review or permitting process.
b. Fire Protection Program. Acceptable, documented fire
protection programs must be developed, implemented,
and maintained that include the
following elements and requirements.
(1) A policy statement that—
(a) incorporates fire protection requirements from this Order;
related DOE directives; and other applicable Federal, state, and
local requirements; and
(b) affirms DOE’s commitment to fire protection and fire
suppression capabilities sufficient to minimize losses from fire
and related hazards consistent with highly protected risk status
in private industry.
(2) Comprehensive, written fire protection criteria or
procedures that include—
(a) site-specific requirements;
(b) staff organization, training, and responsibilities;
(c) administrative responsibilities;
(d) design, installation, operability, inspection, maintenance,
and testing requirements;
(e) use and storage of combustible, flammable, radioactive, and
hazardous materials to minimize risk from fire;
(f) fire protection system impairments;
(g) smoking and hot work;
(h) safe operation of process equipment; and
(i) prevention measures that decrease fire risk.
(3) A system to ensure that fire protection program requirements
are documented and incorporated in plans and specifications for
new facilities and significant modifications to existing
facilities.
(4) Documented review of plans, specifications, procedures, and
acceptance tests by a qualified fire protection engineer.
(5) Fire hazard analyses (FHAs) using a graded approach
conducted for hazard category 1, 2 and 3 nuclear facilities,
significant new facilities,19 and facilities that represent unique
fire safety risks. The FHAs must be—
(a) performed under the direction of a qualified fire protection
engineer;
(b) reviewed every 3 years; and
(c) revised when—
1 changes to the annual DSA updates impact the contents in the
FHA,
2 a modification to an associated facility or process adds a
significant new fire safety risk, or
3 the 3 year review identifies the need for changes.
(6) FHA conclusions incorporated into the DSA and integrated
into design basis and beyond design basis accident conditions.
(7) Access to qualified, trained fire protection staff that
includes fire protection engineers, technicians, and fire
fighting personnel to implement the requirements of this Order.
(8) A baseline needs assessment (BNA) of the fire protection
emergency response organization that—
(a) establishes the site fire fighting capabilities to provide—
1 effective response to suppress all fires;
2 emergency medical and hazardous materials response
capabilities; and
3 staffing, apparatus, facilities, equipment, training,
pre-plans, offsite assistance, and procedures;
(b) reflects applicable NFPA codes and standards; and
(c) is updated at least every 3 years and in accordance with
applicable NFPA code provisions and whenever a significant new
hazard is introduced that is not covered by the current BNA.
(9) Site emergency plans, FHAs, and DSAs that incorporate BNA
information.
(10) Pre-fire strategies, plans, and standard operating
procedures to enhance the effectiveness of site fire fighting
personnel.
(11) Procedures governing the use of fire fighting water or other
neutron moderating materials to suppress fire within or adjacent
to moderation controlled areas.
(12) Where no alternative exists to criticality safety
restrictions on the use of water for fire suppression, the need
for such restrictions is fully documented with written technical
justification.
(13) A documented comprehensive fire protection self assessment
and an assessment of contractors’ programs performed by DOE every
3 years.
(14) Processes to identify, prioritize, and monitor the status of
fire protection assessment findings, recommendations, and
corrective actions until final resolution.
(15) A process for reviewing and recommending approval of fire
safety equivalencies to any fire protection code or standard
requirements to the DOE organization AHJ for fire safety.
(16) Procedures governing firefighting techniques to be used
during deactivation, decontamination, and demolition phases, when
applicable.
c. Fire Protection Design. A comprehensive fire
protection design program for facilitiesand supporting
systems must be developed, implemented,
and maintained to include the following elements:
(1) A reliable and adequate supply of water for fire
suppression.
(2) Noncombustible construction materials for facilities
exceeding the size limits established by DOE (See DOE STD-1066-99,
Fire Protection Design Criteria, for information on size
limitations).
(3) Complete fire-rated construction and barriers, commensurate
with the applicable codes and fire hazards, to isolate hazardous
areas and minimize fire spread and loss potential consistent with
limits as defined by DOE.
(4) Automatic fire extinguishing systems throughout all
significant facilities and in all facilities and areas with
potential for loss of safety class systems (other then fire
protection systems), significant life safety hazards,
unacceptable program interruption, or fire loss potential in
excess of limits defined by DOE.
(5) Redundant fire protection systems in areas where—
(a) safety class systems are vulnerable to fire damage, and no
redundant safety capability exists outside of the fire area of
interest, or
(b) the maximum possible fire loss (MPFL) exceeds limits
established by DOE.
(6) In new facilities, redundant safety class systems (other
than fire protection systems) located in separate fire areas.
(7) A means to notify emergency responders and building
occupants of a fire (e.g., fire alarm or signaling system).
(8) Emergency egress and illumination for safe facility
evacuation in the event of fire as required by applicable codes
or fire hazard analysis.
(9) Physical access and appropriate equipment that is accessible
for effective fire department intervention (e.g., interior
standpipe systems in multi-story or large, complex facilities).
(10) A means to prevent the accidental release of significant
quantities of contaminated products of combustion and fire
fighting water to the environment, such as ventilation control
and filter systems and curbs and dikes. Such features would only
be necessary if required by the FHA or DSA in conjunction with
other facility or site environmental protection measures.
(11) A means to address fire and related hazards that are unique
to DOE and not addressed by industry codes and standards.
Mitigation features may consist of isolation, segregation or the
use of special fire control systems (water mist, clean agent, or
other special suppression systems) as determined by the FHA.
(12) Fire protection systems designed such that their inadvertent
operation, inactivation, or failure of structural stability will
not result in the loss of vital safety functions or inoperability
of safety class systems as determined by the DSA.
CHAPTER III. NUCLEAR CRITICALITY SAFETY
1. OBJECTIVES. To establish requirements for a criticality
safety program (CSP) applicable to DOE nuclear facilities and
activities, including transportation activities, with potential for
criticality hazards so that adequate protection is provided
to the public, workers, and the environment.
2. APPLICABILITY. This chapter is applicable to DOE elements
with responsibility for nuclear facilities and activities that
involve, or potentially involve, nuclides in quantities that are equal
to or greater than the single parameter limits for
fissionable materials listed in ANSI/ANS-8.1 and 8.15.20 Any
facility or activity involving or potentially involving,
amounts of fissionable material in excess of these limits
has, by definition, a fissionable material operation.
3. REQUIREMENTS.
a. General.
(1) CSPs must be implemented to ensure that fissionable material
operations will be evaluated and documented to demonstrate that
operations will be sub-critical under both normal and credible
abnormal conditions.
(2) No single credible event or failure can result in a
criticality.
(3) The CSP description document must describe how the
contractor will implement the requirements in the CRD including
the standards invoked by this Chapter. The CSP description
document must be approved by DOE and implemented as approved.
(4) CSPs must include the following:
(a) Criticality safety evaluations for fissionable materials
operations that document parameters, limits, and controls
required to maintain sub-criticality for all normal and credible
abnormal conditions;
(b) The preferred order of controls must be passive engineered
controls, active engineered controls, followed by administrative
controls.
(c) Provisions for implementation of limits and controls
identified by the criticality safety evaluations;
(d) Periodic reviews of operations and conditions to ensure
that—
1 limits and controls are effectively implemented and
2 process conditions have not been altered resulting in
compromise of safety limits and controls; and
(e) Assessment of the need for and installation of criticality
accident alarm and detection systems where appropriate to conform
with paragraphs 3b(2) and 3b(3) of this chapter.
(5) Nuclear criticality safety staff21 responsible for
implementing the CSP must be trained and qualified in accordance
with a qualification program approved by DOE, unless the
qualification program is compliant with DOE-STD-1135-99, Guidance
for Nuclear Criticality Safety Engineering Training and
Qualification.
b. Specific Requirements.
(1) CSPs must apply to facilities and activities with
fissionable materials operations as defined in the paragraph 2 of
this chapter.
(2) CSPs must satisfy the requirements of the revisions to
consensus nuclear criticality safety standards of American
National Standards Institute (ANSI)/American Nuclear Society
(ANS) 8 in effect as of the date of this Order, unless otherwise
modified or approved by DOE.
(3) All recommendations in applicable ANSI/ANS standards must be
considered, and an explanation provided to DOE through the CSP
description document whenever a recommendation is not
implemented.
(4) The double contingency principle defined in ANSI/ANS 8.1,
Nuclear Criticality Safety in Operations with Fissionable
Material outside Reactors, is a requirement that must be
implemented for all processes, operations and facility designs
within the scope of this chapter unless the deviation is
documented, justified, and approved by DOE.
(5) The methodology for preparing criticality safety evaluations
must be approved by DOE unless the evaluations are conducted in
accordance with DOE-STD-3007-1993, Guidelines for Preparing
Criticality Safety Evaluations at Department of Energy Non-
Reactor Nuclear Facilities, or successor document and evaluated
in accordance with DOE-STD-1134-1999, Review Guide
for Criticality Safety Evaluations, or successor
document.
(6) Facilities that conduct operations using fissionable
material in a form that could inadvertently accumulate in
significant quantities must include a program and procedures for
detecting and characterizing accumulations.
(7) Guidelines for fire fighting must be established for areas
within or adjacent to moderator-controlled areas. The criteria
and process for developing the guidelines must be documented in
the CSP description document.
CHAPTER IV. NATURAL PHENOMENA HAZARDS MITIGATION
1. OBJECTIVES. To establish requirements for DOE facility design,
construction, and operations that protect the public,
workers, and the environment from the impact of all NPH
events (e.g., earthquake, wind, flood, and lightning).
2. APPLICABILITY. Requirements in this chapter apply to all DOE facilities and
sites.22 To the extent that design, construction, operation,
or decommissioning responsibilities for DOE facilities and
sites are assigned to DOE contractors, the cognizant DOE
elements must ensure that the requirements for this chapter
are implemented.
3. REQUIREMENTS. DOE facilities and operations must be
analyzed to ensure that SSCs and personnel will be able to
perform their intended safety functions effectively under
the effects of NPH. Where no specific requirements are
identified, model building codes or national consensus
industry standards must be used consistent with the
intended SSC functions.
a. Natural Phenomena Mitigation Design.
(1) Facility SSCs must be designed, constructed, and operated to
withstand NPH and ensure—
(a) confinement of hazardous materials;
(b) protection of occupants of the facility, as well as members
of the public;
(c) continued operation of essential facilities; and
(d) protection of government property.
(2) The design and construction of new facilities and major
modifications24 to existing facilities and SSCs must address—
(a) potential damage to and failure of SSCs resulting from both
direct and indirect NPH events;
(b) common cause/effect and interactions resulting from failures
of other SSCs; and
(c) compliance with seismic requirements of E.O. 12699, Seismic
Safety of Federal and Federally Assisted or Regulated New
Building Construction (as amended by E.O. 13286, Amendment of
Executive Orders, and Other Actions, in Connection With the
Transfer of Certain Functions to the Secretary of Homeland
Security, January 5, 1990).
(3) Additions and modifications to existing DOE facilities must
not degrade SSC performance during an NPH occurrence.
b. Evaluation and Upgrade Requirements for Existing DOE
Facilities
(1) SSCs in existing DOE facilities must be evaluated when there
is a significant degradation25 in the facility safety basis.
Evaluations must address the safety significance of the SSCs and
the seismic requirements of E.O. 12941, Seismic Safety of
Existing Federally Owned or Leased Buildings.
(2) If the evaluation of existing SSCs identifies NPH mitigation
deficiencies, an upgrade plan must be implemented on a
prioritized schedule based on the safety significance of the
upgrades, time or funding constraints, and mission requirements.
c. NPH Assessment.
(1) Both facility design and evaluation criteria must address
the potential types of NPH occurrences. The NPH assessment must
use a graded approach commensurate with the potential hazard of
the facility.
(2) NPH assessment for new facilities must use a graded approach
that considers the consequences of all types of NPHs. Site-wide
information may be considered when appropriate.
(3) NPH assessments must be reviewed and upgraded as necessary
for existing sites/facilities following significant changes in
NPH assessment methodology or site-specific information.
(4) An NPH assessment review must be conducted at least every 10
years and must include recommendations to DOE for updating the
existing assessments based on significant changes found in
methods or data. If no change is warranted from the earlier
assessment, then this only needs to be documented.
d. Seismic Detection. Facilities or sites with hazardous
materials must have instrumentation or other means
to detect and record the occurrence and severity of seismic events.
e. Post-Natural Phenomena Procedure. Facilities or sites
with hazardous materials must have procedures
for inspecting facilities for damage from
severe NPH events and placing a facility into a safe
configuration when damage has occurred.
CHAPTER V. SYSTEM ENGINEER PROGRAM
1. OBJECTIVES. To establish requirements for a System Engineer Program for
hazard category 1, 2, and 3 nuclear facilities and to ensure
continued operational readiness of the systems within its
scope.
2. APPLICABILITY.
a. Requirements of this chapter apply to all hazard category 1,
2, and 3 nuclear facilities.
b. The System Engineer Program must be applied to active safety
class and safety significant SSCs as defined in the facility’s
DOE-approved safety basis, as well as to other active systems
that perform important defense-in-depth functions, as designated
by facility line management.
3. REQUIREMENTS.
a. General.
(1) Hazard category 1, 2, and 3 nuclear facilities must have a
System Engineer Program, as well as a qualified cognizant system
engineer (CSE) assigned to each system within the scope of the
Program.
(2) System Engineer Programs must be incorporated into the
Integrated Safety Management System (ISMS)26 must flow down from
site and facility implementing procedures and must define CSE
functions, responsibilities, and authorities.
(3) A graded approach must be used in applying the requirements
of the System Engineer Program.
b. Program Elements. The program elements must include and integrate the
identification of systems within its scope,
configuration management, and CSE support for
operations and maintenance.
c. Configuration Management. An objective of the System
Engineer Program is to ensure operational readiness of the
systems within its scope. To achieve this, the principles of
configuration management must be applied to these systems.
Consequently, the following requirements are considered
integral parts of the Systems Engineer Program.
(1) Configuration management must be used to develop and
maintain consistency among system requirements and performance
criteria, documentation, and physical configuration for the SSCs
within the scope of the process.
(2) Configuration management must integrate the elements of
system requirements and performance criteria, system assessments,
change control, work control, and documentation control.
(3) System design basis documentation and supporting documents
must be compiled and kept current using formal change control and
work control processes or, when design basis information is not
available, documentation must include—
(a) system requirements and performance criteria essential to
performance of the system’s safety functions,
(b) the basis for system requirements, and
(c) a description of how the current system configuration
satisfies the requirements and performance criteria.
(4) Key design documents must be identified and consolidated to
support facility safety basis development and documentation.
(5) System assessments must include periodic review of system
operability, reliability, and material condition.29 Reviews must
assess the system for—
(a) ability to perform design and safety functions,
(b) physical configuration as compared to system documentation,
and
(c) system and component performance in comparison to
established performance criteria.
(6) System maintenance and repair must be controlled through a
formal change control process to ensure that changes are not
inadvertently introduced and that required system performance is
not compromised.
(7) Systems must be tested after modification to ensure
continued capability to fulfill system requirements.
d. System Engineer Support for Operations and Maintenance
(1) The functions of a System Engineer Program are required to
maintain the integrity of a facility’s safety basis. System
Engineer Program functions are typically accomplished by various
parts of a program’s operating organization. This organization
must designate one person as the CSE for each system to which the
System Engineer Program applies (See paragraph 2 of this
chapter). The CSE must maintain overall cognizance of the system
and be responsible for system engineering support for operations
and maintenance. The CSE must provide technical assistance in
support of line management safety responsibilities and ensure
continued system operational readiness.
(2) The CSE must—
(a) ensure that system configuration is being managed
effectively (See paragraph 3c of this chapter);
(b) remain apprised of operational status and ongoing
modification activities;
(c) assist operations review of key system parameters and
evaluate system performance;
(d) initiate actions to correct problems;
(e) remain cognizant of system-specific maintenance and
operations history and industry operating experience, as well as
manufacturer and vendor recommendations and any product warnings
regarding safety SSCs in their assigned systems;
(f) identify trends from operations;
(g) provide assistance in determining operability, correcting
out-of-specification conditions, and evaluating questionable
data;
(h) provide or support analysis when the system is suspected of
inoperability or degradation;
(i) review and concur with design changes; and
(j) provide input to development of special operating/test
procedures.
(3) Qualification requirements for CSEs must be consistent with
those defined for technical positions described in
DOE O 5480.20A, Personnel Selection, Qualification, and Training
Requirements for DOE Nuclear Facilities, dated 11-15-94, chapter
II, paragraph 2c, “Technical Staff for Reactor Facilities,” and
chapter IV, paragraph 2f, “Technical Staff for Non-Reactor
Nuclear Facilities.”
(4) The requirements of this chapter must be incorporated into
contractor training programs also required by DOE O 5480.20A.
(5) Development plans for CSEs should be part of overall
training and development programs.
(6) Qualification and training requirements must include
knowledge of—
(a) related facility safety basis including any relationship to
specific administrative controls;
(b) system functional classification and basis
(c) applicable codes and standards;
(d) system design, procurement, replacement, and related quality
assurance requirements;
(e) the existing condition of the system;
(f) a working knowledge of the facility’s operation; and
(g) vendor recommendations, manuals, and any product warnings.
(7) Evaluation of a CSE’s qualifications should include formal
education, prior training, and work experience as described in
chapter I, paragraph 13 of DOE O 5480.20A.
(8) Consistent with the graded approach, large, complex, or very
important systems may require assignment of more than one
technical level CSE while small, simple, less important systems
may only require assignment of a technician. Conversely, a
single individual may be assigned to be the CSE for more than one
system.
e. Graded Approach. Implementation of System Engineer
Program requirements should be tailored to facility
hazards and the systems relied upon to prevent or mitigate
those hazards. This should be done by using a graded
approach that considers the following factors.
(1) Remaining Facility Lifetime and the Safety Significance of
Remaining Operations. Facilities undergoing deactivation,
decontamination and/or decommissioning, may be
undergoing frequent changes, modifications, and in
some cases, removal of systems no longer needed to
support the safety basis of those operations.
System Engineer Programs may require
more attention in these operations than when the
facility was in normal operations. After
deactivation or when a facility is in long-term
surveillance and maintenance, there may be less
need for attention.
(2) Safety Importance of the System. Not all systems
are equal as measured by the likelihood and
consequences of the hazard and the accidents that
they prevent or mitigate. The level of system
documentation detail in configuration management
should be tailored to the importance of the
system.
DOE ELEMENTS TO WHICH
DOE O 420.1B, FACILITY SAFETY, IS APPLICABLE
Office of the Secretary
National Nuclear Security Administration
Office of Civilian Radioactive Waste Management
Office of Energy Efficiency and Renewable Energy
Office of Environment, Safety and Health
Office of Environmental Management
Office of Fossil Energy
Office of Legacy Management
Office of Nuclear Energy, Science and Technology
Office of Science
Office of Security and Safety Performance Assurance
Southeastern Power Administration
Southwestern Power Administration
Western Area Power Administration
CONTRACTOR REQUIREMENTS DOCUMENT
DOE O 420.1B, FACILITY SAFETY
Regardless of the performer of the work, the contractor is
responsible for complying with requirements of this Contractor
Requirements Document (CRD). The contractor is responsible for
flowing down the requirements to subcontractors at any tier to
the extent necessary to ensure the contractor’s compliance with
the requirements and the safe performance of work. In doing so,
the contractor must not flow down requirements to subcontractors
unnecessarily or imprudently.
1. REQUIREMENTS.
a. This CRD establishes facility safety requirements for
Department of Energy (DOE) and National Nuclear Security
Administration (NNSA) contractors responsible for design,
construction, operation, management, decontamination or
decommissioning of DOE sites or facilities. Contractors must
comply with the CRD requirements to the extent set forth in their
contracts. Contractors should refer to corresponding
requirements in DOE O 420.1B, Facility Safety, dated 12-22-05,
and all referenced rules, guidance, and standards when
implementing the requirements of this CRD.
b. Chapters of the CRD may have general and specific
requirements. In complying with the CRD, contractors must
determine acceptability of design and operations based on a
comparison with available safety basis information.
c. In complying with this CRD, contractors must ensure that any
work done is consistent with any other safety, design, or other
analysis or requirements applicable to the affected facility. In
particular, work must be performed in accordance with the
integrated safety management requirements of Title 48 Code of
Federal Regulations (CFR) 970.5223-1, Integration of Environment,
Safety, and Health into Work Planning and Execution, and the
quality assurance requirements of either Subpart A of 10 CFR Part
830, Nuclear Safety Management, or DOE O 414.1C, Quality
Assurance, dated 6-17-05, or successor document, as applicable.
All new construction, as a minimum, must comply with national
consensus industry standards and the model building codes
applicable for the state or region supplemented in a graded
manner30 with additional safety requirements for the associated
hazards in the facility that are not addressed by the codes.
d. DOE implementation guidance and technical standards
referenced in this CRD are not mandatory; however they must be
considered in conjunction with the specific requirements. Such
guidance, along with both DOE and industry standards referenced
therein, represent acceptable methods to satisfy the provisions
of this CRD. Alternate methods that satisfy the requirements of
this CRD are also acceptable. Any implementation method selected
must be justified to ensure that an adequate level of safety
commensurate with the identified hazards is achieved.
2. EXEMPTIONS.
a. Exemptions to this CRD must follow the process defined for
exemptions in DOE O 420.1B, Facility Safety.
b. DOE M 251.1-1A, Directives System Manual, provides
information on the process for requesting and justifying a
request for exemption to the requirements of DOE directives,
including CRDs.
c. Specific DOE exemption responsibilities and authorities are
defined in the Order.
d. Exemptions, exclusions, and equivalencies to standards or
other documents referenced in this CRD should follow the
provisions explicitly set forth in those documents; for example:
the equivalency, alternative, and modification provisions in the
NFPA Code.
3. REFERENCES. The following documents are expressly
referenced in the body of this contractor requirements document
(CRD) and should be considered when implementing this CRD in the
context in which they are referenced.
a. Executive Orders (E.O.).
(1) E.O. 12699, Seismic Safety of Federal and Federally Assisted
or Regulated New Building Construction (January 5, 1990).
(2) E.O. 12941, Seismic Safety of Existing Federally Owned or
Leased Buildings (December 1, 1994).
b. Code of Federal Regulations (CFR).
(1) 10 CFR Part 830, Nuclear Safety Management.
(2) 48 CFR 970.5223-1, Integration of Environment, Safety, and
Health into Work Planning and Execution.
c. DOE Directives.
(1) DOE O 151.1C, Comprehensive Emergency Management System,
dated 11-2-05.
(2) DOE M 251.1-1A, Directives System Manual, dated 1-30-98.
(3) DOE O 414.1C, Quality Assurance, dated 6-17-05.
(4) DOE G 420.1-1, Nonreactor Nuclear Safety Design Criteria and
Explosives Safety Criteria Guide for Use with DOE O 420.1,
Facility Safety, dated 3-28-00.
(5) DOE G 420.1-2, Guide for the Mitigation of Natural Phenomena
Hazards for DOE Nuclear Facilities and Nonnuclear Facilities,
dated 3-28-00.
(6) DOE O 433.1, Maintenance Management Program for DOE Nuclear
Facilities, dated 6-1-01.
(7) DOE G 440.1-5, Implementation Guide for Use with DOE Orders
420.1 and 440.1, Fire Safety Program, 9-30-95.
(8) DOE O 440.1A, Worker Protection Management for DOE Federal
and Contractor Employees, dated 3-27-98.
(9) DOE M 440.1-1A, DOE Explosives Safety Manual, dated 1-9-066.
(10) DOE M 452.4-1A, Protection of Use Control Vulnerabilities
and Designs, dated 3-11-04.
(11) DOE O 452.4A, Security and Control of Nuclear Explosives and
Nuclear Weapons, dated 12-17-01.
(12) DOE O 452.2B, Safety of Nuclear Explosive Operations,
dated 8-7-01.
(13) DOE O 452.1C, Nuclear Explosive and Weapons Surety Program,
dated 9-20-05.
(14) DOE O 5480.20A, Personnel Selection, Qualification, and
Training Requirements for DOE Nuclear Facilities, dated 11-15-94.
(15) DOE O 5480.30, Nuclear Reactor Safety Design Criteria,
dated 1-19-93.
d. DOE Technical Standards (STD).
(1) DOE STD-1066-99, Fire Protection Design Criteria.
(2) DOE-STD-1073-2003, Configuration Management.
(3) DOE-STD-1134-99, Review Guide for Criticality Safety
Evaluations.
(4) DOE-STD-1135-99, Guidance for Nuclear Criticality Safety
Engineering Training and Qualification.
(5) DOE-STD-3007-93, Guidelines for Preparing Criticality Safety
Evaluations at Department of Energy Non-Reactor Nuclear
Facilities.
(6) DOE-STD-3024-98, Content of System Design Descriptions.
e. Department of Defense (DoD) Documents.
(1) DoD Explosive Safety Board (DDESB) Technical Paper 12,
Fragment and Debris Hazards, July 1975.
(2) DDESB Technical Paper 13, Prediction of Building Debris for
Quantity-Distance Siting, April 1991.
(3) DDESB Technical Paper 15, Approved Protective Construction,
June 2004.
(4) DDESB Technical Paper 16, Methodologies for Calculating
Primary Fragment Characteristics, dated December 1, 2003.
(5) DDESB Technical Paper 17, DDESB Blast Effects Computer
Version 5.0 User’s Manual and Documentation, with accompanying
program entitled DDESB Blast Effects Computer (BEC), Version 6.1.
(6) DOE/TIC-11268, Manual for the Prediction of Blast and
Fragment Loading for Structures, (July 1992).
(7) DoD Technical Manual (TM) 5-1300, Structural Design of
Facilities to Resist the Effects of Accidental Explosions (1990).
f. Non-Government Standards.
(1) American National Standards Institute (ANSI)/American
Nuclear Society (ANS) Subcommittee 8 standards, including but not
limited to—
(a) ANSI/ANS-8.1, Nuclear Criticality Safety in Operations with
Fissionable Material Outside Reactors, and
(b) ANSI/ANS-8.19-1996, Administrative Practices for Nuclear
Criticality Safety.
(2) National Fire Protection Association (NFPA) Standards.
(3) National Fire Protection Association (NFPA) 5000®, Building
Construction and Safety Code®, 2003.32
CHAPTER I. NUCLEAR AND EXPLOSIVES SAFETY DESIGN CRITERIA
1. OBJECTIVES.
a. Nuclear Safety.
(1) To ensure that new DOE hazard category 1, 2, and 3 nuclear
facilities are designed and constructed in a manner that ensures
adequate protection to the public, workers, and the environment
from nuclear hazards.
(2) To ensure that major modifications to DOE hazard category 1,
2, and 3 nuclear facilities comply with design and construction
requirements for new hazard category 1, 2, and 3 nuclear
facilities.
(3) To ensure that new DOE nuclear reactors comply with the
requirements of this CRD and the design requirements of DOE
O 5480.30, Nuclear Reactor Safety Design Criteria.
b. Explosives Safety. To establish mandatory design and
construction standards for safety in new DOE explosives
facilities and for major modifications to such facilities.
Explosives facilities include facilities and locations used for
storage or operations with explosives or ammunition.
2. APPLICABILITY.
a. This chapter applies to DOE contractors that are responsible
for the design and construction of:
(1) new hazard category 1, 2, and 3 nuclear facilities as
defined by 10 CFR Part 830;
(2) new explosives facilities; and
(3) major modifications to such facilities that could
substantially change the approved facility safety analysis.
b. This chapter does not impose requirements on existing
facilities, except for major modifications to those facilities,
but it can be used as a standard for comparison when judging the
adequacy of existing facilities.
c. This chapter does not apply to nuclear deactivation or
decontamination and decommissioning activities at end-of-facility-
life if the safety analysis demonstrates that adequate protection
is provided consistent with the requirements of 10 CFR Part 830
through alternate means and it is not cost beneficial to apply
the provisions of this chapter for the limited remaining life of
the activity.
3. REQUIREMENTS.
a. Integration of Design with Safety Analyses.
(1) Safety analyses must be used to establish—
(a) the identity and functions of safety class and safety
significant structures, systems, and components (SSCs)37 and
(b) the significance to safety of functions performed by safety
class and safety significant SSCs.
(2) Safety analyses must address—
(a) hazards inherent to the facility and its activities,
(b) Natural phenomena hazards (NPH),38 and
(c) external man-induced hazards (factors such as proximity to
airports, pipelines, hazardous traffic on roads or waterways, and
adjacent facilities).
(3) Safety analysis must be performed as early as practical in
conceptual or preliminary design processes to ensure that
required safety SSCs are specified in the final design.
(4) Safety analyses must be performed in accordance with the
requirements for safety analysis defined in DOE directives and
technical standards for a documented safety analysis (DSA).
b. Nuclear Facility Design.
(1) Nuclear facility design objectives must include multiple
layers of protection to prevent or mitigate the unintended
release of radioactive materials to the environment, otherwise
known as defense in depth. These multiple layers must include
multiple physical barriers unless the basis for not including
multiple physical barriers is documented in the DSA and approved
by DOE.
(2) Defense in depth must include all of the following —
(a) choosing an appropriate site;
(b) minimizing the quantity of material at risk;
(c) applying conservative design margins and quality assurance;
(d) using successive physical barriers for protection against
radioactive releases;
(e) using multiple means to ensure critical safety functions
needed to—
1 control processes,
2 maintain processes in safe status, and
3 confine and mitigate the potential for accidents with
radiological releases;
(f) using equipment and administrative controls that—
1 restrict deviation from normal operations,
2 monitor facility conditions during and after an event, and
3 provide for response to accidents to achieve a safe
condition;
(g) providing means to monitor accident releases as required for
emergency response;
(h) establishing emergency plans for minimizing the effects of
an accident.
(3) Hazard category 1, 2, and 3 nuclear facilities must be
sited, designed, and constructed in a manner that ensures
adequate protection of the health and safety of the public,
workers, and the environment from the effects of accidents
involving radioactive materials release.
(4) Hazard category 1, 2, and 3 nuclear facilities with
uncontained radioactive materials (as opposed to material
determined by safety analysis to be adequately contained within
drums, grout, or vitrified materials) must have the means to
confine the uncontained radioactive materials to minimize their
potential release in facility effluents during normal operations
and during and following accidents. Confinement design
considerations must include:
(a) for a specific nuclear facility, the number, arrangement,
and characteristics of confinement barriers as determined on a
case-by-case basis;
(b) the type, quantity, form, and conditions for dispersing the
radioactive material in the confinement system design;
(c) use of engineering evaluation, tradeoff, and experience to
develop practical designs that achieve confinement system
objectives; and
(d) the adequacy of confinement systems to perform required
functions as documented and accepted through the preliminary DSA
(PDSA) and DSA.
(5) Hazard category 1, 2, and 3 nuclear facilities must be
designed to—
(a) facilitate safe deactivation, decommissioning, and
decontamination at the end of facility life, including
incorporation of design considerations during the operational
period that facilitate future decontamination and
decommissioning;
(b) facilitate inspections, testing, maintenance, repair, and
replacement of safety SSCs as part of a reliability,
availability, and maintainability program with the objective that
the facility is maintained in a safe state; and
(c) keep occupational radiation exposures within statutory
limits, and as low as reasonably achievable (ALARA).
(6) Facility process systems must be designed to minimize waste
production and mixing of radioactive and non-radioactive wastes.
(7) Safety SSCs and safety software must be designed,
commensurate with the importance of the safety functions
performed, to perform their safety functions when called upon,
and to meet the quality assurance program requirements of either
10 CFR 830, Subpart A, or DOE O 414.1C, Quality Assurance, as
applicable.
(8) Safety class electrical systems must be designed to preclude
single point failure.
(9) New DOE nuclear reactors must comply with the requirements
of this CRD, as well as the design requirements of DOE O 5480.30,
Nuclear Reactor Safety Design Criteria.
c. Explosives Safety Design.
(1) New DOE explosives facilities and all modifications to
existing explosives facilities must be designed consistent with
the DOE explosives safety requirements established in
DOE M 440.1-1A, DOE Explosives Safety Manual, dated 1-9-06, and
technical standards referenced in that manual. In particular,
they must be designed in accordance with—
(a) DoD TM5-1300, Structural Design of Facilities to Resist the
Effects of Accidental Explosions (1990);
(b) DOE/TIC-11268, Manual for the Prediction of Blast and
Fragment Loading for Structures (July 1992); and
(c) the following DoD Explosives Safety Board (DDESB) technical
papers:
1 DDESB Technical Paper 12, Fragment and Debris Hazards, July
1975.
2 DDESB Technical Paper 13, Prediction of Building Debris for
Quantity-Distance Siting, April 1991.
3 DDESB Technical Paper 15, Approved Protective Construction,
June 2004.
4 DDESB Technical Paper 16, Methodologies for Calculating
Primary Fragment Characteristics, dated December 1, 2003.
5 DDESB Technical Paper 17, DDESB Blast Effects Computer
Version 5.0 User’s Manual and Documentation, with accompanying
program entitled DDESB Blast Effects Computer (BEC), Version 6.1.
(2) Blast-resistant design to protect personnel and facilities
must be based on the TNT equivalency of the maximum quantity of
explosives and propellants permitted, increased by 20 percent in
accordance with DoD TM5-1300.
d. Implementation.
(1) For new facilities, an implementation plan must be submitted
to the responsible Secretarial Officer or designee describing the
process for ensuring that facility design and construction will
be in compliance with nuclear facility safety requirements of
this CRD.
(2) Deviations/exemptions from requirements must be
appropriately documented, justified, and approved by DOE in
accordance with the provisions stated in this CRD.
CHAPTER II. FIRE PROTECTION
1. OBJECTIVES. To establish requirements42 for a comprehensive
fire protection program for DOE sites, facilities, and emergency
service organizations to minimize the potential for—
a. Occurrence of a fire or related event;
b. Fires that cause an unacceptable onsite or offsite release
of hazardous or radiological material that could impact the
health and safety of employees, the public, or the environment;
c. Unacceptable interruption of vital DOE programs as a result
of fire and related hazards;
d. Property loss from fire exceeding limits established by DOE;
and
e. Fire damage to critical process controls and safety class
SSCs (as documented by appropriate safety analysis).
2. APPLICABILITY. This chapter applies to both fire protection
programs and facility safety design for DOE nuclear, non-nuclear,
and weapons facilities.
3. REQUIREMENTS.
a. General. Fire protection for DOE facilities, sites,
activities, design, and construction must—
(1) provide a level of safety sufficient to fulfill requirements
for highly protected risk (HPR),
(2) prevent loss of safety functions and safety systems as
determined by safety analysis and provide defense-in-depth, and
(3) meet or exceed applicable building codes for the region and
NFPA codes and standards as follows:
(a) Facilities or modifications thereto must be constructed to
meet codes and standards in effect, when design criteria are
approved, otherwise known as the Code of Record (COR).
(b) Provisions of subsequent editions of codes or standards
(promulgated after the COR) must be met to the extent that they
are explicitly stated to be applicable to existing facilities.
Other provisions of updated codes and standards must be applied
to existing facilities when a construction modification takes
place or when a potential for immediate risk to life safety or
health has been identified through either the facility assessment
or fire hazards analysis (FHA) review process, or during the
construction review or permitting process.
b. Fire Protection Program. An acceptable fire protection
program must be developed, implemented, and maintained by the
contractor, which includes the following elements and
requirements.
(1) A policy statement that—
(a) incorporates fire protection requirements of this CRD,
related DOE directives, and other applicable Federal, state, and
local requirements; and
(b) affirms contractor’s commitment to fire protection and fire
suppression capabilities sufficient to minimize losses from fire
and related hazards consistent with highly protected risk status
in private industry.
(2) Comprehensive, written fire protection criteria or
procedures that include—
(a) site-specific requirements;
(b) staff organization, training, and responsibilities;
(c) administrative responsibilities;
(d) design, installation, operability, inspection, maintenance,
and testing requirements;
(e) use and storage of combustible, flammable, radioactive, and
hazardous materials to minimize risk from fire;
(f) fire protection system impairments;
(g) smoking and hot work;
(h) safe operation of process equipment; and
(i) prevention measures that decrease fire risk.
(3) A system to ensure that fire protection program requirements
are documented and incorporated in plans and specifications for
new facilities and significant modifications to existing
facilities.
(4) Documented review of plans, specifications, procedures, and
acceptance tests by a qualified fire protection engineer.
(5) Fire hazard analyses (FHAs) using a graded approach for all
hazard category 1, 2, and 3 nuclear facilities, significant new
facilities,46 and facilities that represent unique fire safety
risks. The FHAs must be—
(a) performed under the direction of a qualified fire protection
engineer;
(b) reviewed every 3 years; and
(c) revised when —
1 changes to the annual DSA updates impact the contents in the
FHA,
2 a modification to an associated facility poses a significant
new fire safety risk, or
3 the 3 year review identifies the need for changes.
(6) FHA conclusions incorporated into the DSA and integrated
into design basis and beyond design basis accident conditions.
(7) Access to qualified, trained fire protection staff that
includes fire protection engineers, technicians, and fire
fighting personnel to implement the requirements of this CRD.
(8) A baseline needs assessment (BNA) of the fire protection
emergency response organization that—
(a) establishes the site fire fighting capabilities to provide—
1 effective response to suppress all fires;
2 emergency medical and hazardous materials response
capabilities; and
3 staffing, apparatus, facilities, equipment, training,
pre-plans, offsite assistance, and procedures;
(b) reflects applicable NFPA codes and standards; and
(c) is updated at least every 3 years and in accordance with
applicable NFPA code provisions and whenever a significant new
hazard is introduced that is not covered by the current BNA.
(9) Site emergency plans, FHAs, and DSAs that incorporate BNA
information.
(10) Pre-fire strategies, plans, and standard operating
procedures to enhance the effectiveness of site fire fighting
personnel.
(11) Procedures governing the use of fire fighting water or other
neutron moderating materials to suppress fire within or adjacent
to moderation controlled areas.
(12) Where no alternative exists to criticality safety
restrictions on the use of water for fire suppression, the need
for such restriction is fully documented and with written
technical justification.
(13) A documented comprehensive fire protection self assessment
program performed every 3 years.
(14) Periodic facility assessments on a schedule as directed by
DOE.
(15) Processes to prioritize and monitor the status of fire
protection assessment findings, recommendations, and corrective
actions until final resolution.
(16) A process for reviewing and recommending approval of fire
safety equivalencies to any fire protection code or standard
requirements to the DOE.
(17) Procedures governing fire fighting techniques to be used
during deactivation, decontamination, and demolition phases, when
applicable.
c. Fire Protection Design. A comprehensive fire protection
design program for facilities and supporting systems must be
developed, implemented, and maintained to include the following
elements.
(1) A reliable and adequate supply of water for fire
suppression.
(2) Noncombustible construction materials for facilities
exceeding the size limitations established by DOE (See
DOE-STD-1066-99, Fire Protection Design Criteria, for information
on size limitations).
(3) Complete fire-rated construction and barriers, commensurate
with the applicable codes and fire hazards, to isolate hazardous
areas and minimize fire spread and loss potential consistent with
limits as defined by DOE (See DOE-STD-1066-99).
(4) Automatic fire extinguishing systems throughout all
significant facilities and in all facilities and areas with
potential for loss of safety class systems (other than fire
protection systems), significant life safety hazards,
unacceptable program interruption, or fire loss potential in
excess of limits defined by DOE (See DOE-STD-1066-99).
(5) Redundant fire protection systems in areas where—
(a) safety class systems are vulnerable to fire damage, and no
redundant safety capability exists outside of the fire area of
interest or
(b) the maximum possible fire loss (MPFL) exceeds limits
established by DOE.
(6) In new facilities, redundant safety class systems (other
than fire protection systems) must be located in separate fire
areas.
(7) A means (e.g., fire alarm or signaling system) to notify
emergency responders and building occupants of a fire.
(8) Emergency egress and illumination for safe facility
evacuation in the event of fire as required by applicable codes
or fire hazards analysis.
(9) Physical access and appropriate equipment that is accessible
for effective fire department intervention (e.g., interior
standpipe systems in multi-story or large, complex facilities).
(10) A means to prevent the accidental release of significant
quantities of contaminated products of combustion and fire
fighting water to the environment, such as ventilation control
and filter systems, and curbs and dikes. Such features would
only be necessary if required by the FHA or DSA in conjunction
with other facility or site environmental protection measures.
(11) A means to address fire and related hazards that are unique
to DOE and not addressed by industry codes and standards.
Mitigation features may consist of isolation, segregation, or use
of special fire control systems (water mist, clean agent, or
other special suppression systems) as determined by the FHA.
(12) Fire protection systems designed such that their inadvertent
operation, inactivation, or failure of structural stability will
not result in the loss of vital safety functions or inoperability
of safety class systems as determined by the DSA.
CHAPTER III. NUCLEAR CRITICALITY SAFETY
1. OBJECTIVES.
a. To establish requirements for developing and implementing
nuclear criticality safety programs (CSPs) for hazard category 1
and 2 nuclear facilities and activities, including materials
transportation activities.
b. To provide adequate protection to the public, workers, and
the environment.
2. APPLICABILITY. This chapter is applicable to nuclear
facilities and activities that involve or will potentially
involve nuclides in such quantities that are equal to or greater
than the single parameter limits for fissionable materials listed
in the ANSI/ANS-8.1 and 8.15.47
3. REQUIREMENTS.
a. General.
(1) CSPs must be implemented to ensure that fissionable material
operations will be evaluated and documented to demonstrate that
operations will be sub-critical under both normal and credible
abnormal conditions.
(2) No single credible event or failure can result in a
criticality.
(3) The CSP description document must describe how the
contractor will implement the requirements in the CRD including
the standards invoked by this Chapter. The program description
must be approved by DOE and implemented as approved.
(4) CSPs must include the following:
(a) Criticality safety evaluations for fissionable materials
operations that document parameters, limits, and controls
required to maintain sub-criticality for all normal and credible
abnormal conditions;
(b) The preferred order of controls must be passive engineered
controls, active engineered controls, followed by administrative
controls.
(c) Provisions for implementation of limits and controls
identified by the criticality safety evaluations;
(d) Periodic reviews of operations and conditions to ensure
that—
1 limits and controls are effectively implemented, and
2 process conditions have not been altered resulting in
compromise of safety limits and controls; and
(e) Assessment of the need for installation of criticality
accident alarm and detection systems where appropriate to conform
with paragraphs 3b(2) and 3b(3) of this chapter.
(5) Nuclear criticality safety staff48 responsible for
implementing the CSP must be trained and qualified in accordance
with a qualification program approved by DOE, unless the
qualification program is consistent with DOE-STD-1135-99,
Guidance for Nuclear Criticality Safety Engineering Training and
Qualification.
b. Specific Requirements.
(1) CSPs must apply to facilities and activities with
fissionable materials operations as defined in section 2 of the
chapter and conditions that have potential for criticality
accidents.
(2) CSPs must satisfy the requirements of the revisions to
consensus nuclear criticality safety standards of the American
National Standards Institute (ANSI)/American Nuclear Society
(ANS) 8 in effect as of the date of the Order, unless otherwise
modified or approved by DOE.
(3) All recommendations in applicable ANSI/ANS standards must be
considered and a explanation provided to DOE through the CSP
description document whenever a recommendation is not
implemented.
(4) The double contingency principle defined in ANSI/ANS 8.1,
Nuclear Criticality Safety in Operations with Fissionable
Material outside Reactors, is a requirement that must be
implemented for all fissionable material processes, operations,
and facility designs within the scope of this chapter unless the
deviation is documented, justified, and approved by DOE.
(5) The methodology for conducting criticality safety
evaluations must be approved by DOE, unless the evaluations are
conducted in accordance with the DOE-STD-3007-1993, Guidelines
for Preparing Criticality Safety Evaluations at Department of
Energy Non-Reactor Nuclear Facilities, or successor document and
evaluated in accordance with DOE-STD-1134-1999, Review Guide for
Criticality Safety Evaluations, or successor document.
(6) Facilities that conduct operations using fissionable
material in a form that could inadvertently accumulate in
significant quantities must include a program and procedures for
detecting and characterizing accumulations.
(7) Guidelines for fire fighting must be established for areas
within or adjacent to moderator-controlled areas. The criteria
and process for developing the guidelines must be documented in
the CSP description document.
CHAPTER IV. NATURAL PHENOMENA HAZARDS MITIGATION
1. OBJECTIVES. To establish requirements for DOE facility
design, construction, and operations to protect the public,
workers, and the environment from the impact of all NPH event
(e.g., earthquake, wind, flood, and lightning).
2. APPLICABILITY. Requirements in this chapter apply to all
DOE facilities and sites.
3. REQUIREMENTS. DOE facilities and operations must be
analyzed to ensure that structures, systems, and components
(SSCs) and personnel will be able to perform their intended
safety functions effectively under the effects of NPH. Where no
specific requirements are identified, model building codes or
national consensus industry standards must be used consistent
with intended SSC functions.
a. Natural Phenomena Mitigation Design.
(1) Facility SSCs must be designed, constructed, and operated by
the contractors to withstand NPH and ensure—
(a) confinement of hazardous materials,
(b) protection of occupants of the facility, as well as members
of the public areas,
(c) continued operation of essential facilities,
(d) protection of government property.
(2) The design and construction of new facilities and major
modifications to existing facilities and SSCs must address—
(a) potential damage to and failure of SSCs resulting from both
direct and indirect NPH events;
(b) common cause/effect and interactions resulting from failures
of other SSCs; and
(c) compliance with seismic requirements of E.O. 12699, Seismic
Safety of Federal and Federally Assisted or Regulated New
Building Construction (as amended by E.O. 13286, Amendment of
Executive Orders, and Other Actions, in Connection with the
Transfer of Certain Functions to the Secretary of Homeland Security.
(3) Additions and modifications to existing DOE facilities must
not degrade SSC performance during an NPH occurrence.
b. Evaluation and Upgrade Requirements for Existing DOE
Facilities.
(1) SSCs in existing DOE facilities must be evaluated when there
is a significant degradation in the facility safety basis.
Evaluations must address the safety significance of the SSCs and
the seismic requirements delineated in E.O. 12941, Seismic Safety
of Existing Federally Owned or Leased Buildings
(December 1, 1994).
(2) If the evaluation of existing SSCs identifies NPH mitigation
deficiencies, an upgrade plan must be implemented on a
prioritized schedule based on the safety significance of the
upgrades, time or funding constraints, and mission requirements.
c. NPH Assessment.
(1) Both facility design and evaluation criteria must address
the potential types of NPH occurrences. The NPH assessment must
use a graded approach commensurate with the potential hazard of
the facility.
(2) NPH assessment for new facilities must use a graded approach
that considers the consequences of all types of NPHs. Site-wide
information may be considered when appropriate.
(3) NPH assessments must be reviewed and upgraded as necessary
for existing sites/facilities following significant changes in
NPH assessment methodology or site-specific information.
(4) An NPH assessment review must be conducted at least every 10
years and must include recommendations to DOE for updating the
existing assessments based on significant changes found in
methods or data. If no change is warranted from the earlier
assessment, then this only needs to be documented.
d. Seismic Detection. Facilities or sites with hazardous
materials must have instrumentation or other means to detect and
record the occurrence and severity of seismic events.
e. Post-Natural Phenomena Procedures. Facilities or sites with
hazardous materials must have procedures for inspecting
facilities for damage from severe NPH events and placing a
facility into a safe configuration when damage has occurred.
CHAPTER V. SYSTEM ENGINEER PROGRAM
1. OBJECTIVES. To establish requirements for a System Engineer
Program for hazard category 1, 2, and 3 nuclear facilities and to
ensure continued operational readiness of the systems within its
scope.
2. APPLICABILITY.
a. Requirements of this chapter apply to all hazard category 1,
2, and 3 nuclear facilities.
b. The System Engineer Program must be applied to active safety
class and safety significant SSCs as defined in the facility’s
DOE-approved safety basis, as well as to other active systems
that perform important defense-in-depth functions, as designated
by facility line management.
3. REQUIREMENTS.
a. General.
(1) Hazard category 1, 2, and 3 nuclear facilities must have a
System Engineer Program, as well as a qualified cognizant system
engineer (CSE) assigned to each system within the scope of the
Program.
(2) System Engineer Program must be incorporated into the
Integrated Safety Management System (ISMS), must flow down from
site and facility implementing procedures, and must define CSE
functions, responsibilities, and authorities.
(3) A graded approach must be used in applying the requirements
of the System Engineer Program.
b. Program Elements. The program elements must include and
integrate the identification of systems within its scope,
configuration management, and CSE support for operations and
maintenance.
c. Configuration Management. An objective of the System
Engineer Program is to ensure operational readiness of the
systems within its scope. To achieve this, the principles of
configuration management must be applied to these systems.
Consequently, the following requirements are considered an
integral part of the Systems Engineer Program.
(1) Configuration management must be used to develop and
maintain consistency among system requirements and performance
criteria, documentation, and physical configuration for the SSCs
within the scope of the Program.
(2) Configuration management must integrate the elements of
system requirements and performance criteria, system assessments,
change control, work control, and documentation control.
(3) System design basis documentation and supporting documents
must be compiled and kept current using formal change control and
work control processes, or when design basis information is not
available, documentation must include—
(a) system requirements and performance criteria essential to
performance of the system’s safety functions,
(b) the basis for the system requirements, and
(c) a description of how the current system configuration
satisfies the requirements and performance criteria.
(4) Key design documents must be identified and consolidated to
support facility safety basis development and documentation.
(5) System assessments must include periodic review of system
operability, reliability, and material condition.56 Reviews must
assess the system for—
(a) ability to perform design and safety functions,
(b) physical configuration as compared to system documentation,
and
(c) system and component performance in comparison to
established performance criteria.
(6) System maintenance and repair must be controlled through a
formal change control process to ensure that changes are not
inadvertently introduced and that required system performance is
not compromised.
(7) Systems must be tested after modification to ensure
continued capability to fulfill system requirements.
d. System Engineer Support for Operations and Maintenance.
(1) The functions of a System Engineer Program are required to
maintain the integrity of a facility’s safety basis. System
Engineer Program functions are typically accomplished by various
parts of a program’s operating organization. This organization
must designate one person as the CSE for each system to which the
System Engineer Program applies (See paragraph 2 of this
chapter). The CSE must maintain overall cognizance of the system
and be responsible for system engineering support for operations
and maintenance. The CSE must provide technical assistance in
support of line management safety responsibilities and ensure
continued system operational readiness.
(2) The CSE must—
(a) ensure that system configuration is being managed
effectively (See paragraph 3c of this chapter);
(b) remain apprised of operational status and ongoing
modification activities;
(c) assist operations review of key system parameters and
evaluate system performance;
(d) initiate actions to correct problems;
(e) remain cognizant of system-specific maintenance and
operations history and industry operating experience, as well as
manufacturer and vendor recommendations and any product warnings
regarding safety SSCs in their assigned systems;
(f) identify trends from operations;
(g) provide assistance in determining operability, correcting
out-of-specification conditions, and evaluating questionable
data;
(h) provide or support analysis when the system is suspected of
inoperability or degradation;
(i) review and concur with design changes; and
(j) provide input to development of special operating/test
procedures.
(3) Qualification requirements for CSEs must be consistent with
those defined for technical positions described in
DOE O 5480.20A, Personnel Selection, Qualification, and Training
Requirements for DOE Nuclear Facilities, dated 11-15-94, chapter
II, paragraph 2c, “Technical Staff for Reactor Facilities,” and
chapter IV, paragraph 2f, “Technical Staff for Non-Reactor
Nuclear Facilities.”
(4) The requirements of this chapter must be incorporated into
the contractor training programs also required by DOE O 5480.20A.
(5) Development plans for CSEs should be part of the overall
training and development program.
(6) Qualification and training requirements must include
knowledge of—
(a) related facility safety basis including any relationship to
administrative controls;
(b) system functional classification and basis;
(c) applicable codes and standards;
(d) system design, procurement, replacement, and related quality
assurance requirements;
(e) the existing condition of the system;
(f) a working knowledge of the facility’s operation; and
(g) vendor recommendations, manuals, and any product warnings.
(7) Evaluation of a CSE’s qualifications should include formal
education, prior training, and work experience as described in
chapter I, paragraph 13 of DOE O 5480.20A.
Consistent with the graded approach, large,
complex, or very important systems may require
assignment of more than one technical level
CSE while small, simple, less important
systems may only require assignment of a
technician. Conversely, a single individual
may be assigned to be the CSE for more than
one system.
e. Graded Approach. Implementation of System Engineer Program
requirements should be tailored to facility hazards and the
systems relied upon to prevent or mitigate those hazards. This
should be done by using a graded approach that considers the
following factors.
(1) Remaining Facility Lifetime and the Safety Significance of
Remaining Operations. Facilities undergoing deactivation, and
decontamination and decommissioning, may be undergoing frequent
changes, modifications, and in some cases, removal of systems no
longer needed to support the safety basis of those
operations. System Engineer Programs may require more attention
in these operations than when the facility was in normal
operations. After deactivation or when a facility is in long-
term surveillance and maintenance, there may be less need for
attention.
(3) Safety Importance of the System. Not all systems are equal
as measured by the likelihood and consequences of the hazard and
the accidents that they prevent or mitigate. The level of system
documentation detail in configuration management should be
tailored to the importance of the system.