The PDF version 
Display Related Directives to this directive.
DOE G 450.3-3
February 1997
TAILORING FOR INTEGRATED SAFETY
MANAGEMENT APPLICATIONS
U. S. DEPARTMENT OF ENERGY
Office of Environment, Safety and Health
Distribution: Initiated By:
All Departmental Elements Office of Environment,
Safety and Health �
CONTENTS
I. INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . .1
II. TAILORING . . . . . . . . . . . . . . . . . . . . . . . .2
III. EXPECTATIONS FOR TAILORING. . . . . . . . . . . . . . . .4
IV. STANDARDS, REQUIREMENTS, AND WORK CONTROLS. . . . . . . .6
V. TAILORING WORK MANAGEMENT FUNCTIONS . . . . . . . . . . . . .7
A. DESIGN WORK . . . . . . . . . . . . . . . . . . . . . . .8
B. ANALYZE HAZARDS . . . . . . . . . . . . . . . . . . . . .8
C. ELIMINATE HAZARDS . . . . . . . . . . . . . . . . . . . .9
D. EXAMINE THE INTERFACES. . . . . . . . . . . . . . . . . 10
E. ESTABLISH CONTROLS. . . . . . . . . . . . . . . . . . . 11
F. SUFFICIENCY OF CONTROLS . . . . . . . . . . . . . . . . 13
G. PERFORM WORK. . . . . . . . . . . . . . . . . . . . . . 13
H. ASSESS AND FEEDBACK . . . . . . . . . . . . . . . . . . 14
VI. TAILORING BY CONTRACT AND PROJECT AGREEMENTS. . . . . . 15
ATTACHMENTS
A. HAZARDS ANALYSIS. . . . . . . . . . . . . . . . . . . . . .A-1
B. EXAMPLES OF TAILORING . . . . . . . . . . . . . . . . . . .B-1
C. ATTRIBUTES OF SUFFICIENCY . . . . . . . . . . . . . . . . .C-1
List of Figures
Figure 1. The Five Work Management Functions . . . . . . . . . .3
Figure 2. Levels of Work Management. . . . . . . . . . . . . . .4
Figure 3. Work Management Business Agreements Translate Mission Into Work16
List of Tables
Table 1. Types of Work Performed at Different Management Levels.6
� TAILORING FOR INTEGRATED SAFETY MANAGEMENT
APPLICATIONS
I. INTRODUCTION
The Department of Energy (DOE) Integrated Safety Management (ISM) system must support
many different kinds of work, from the operation of nuclear and non-nuclear facilities to
laboratory experimentation to environmental restoration activities. To accomplish the work
safely, and to protect workers, the public, and the environment, the system must function to
identify and control all types of hazards, from commonly encountered workplace hazards to rare
or one-of-a kind process hazards, in existing, newly designed, and old, nonoperating facilities.
The system must also function to deal flexibly with the uncertainties associated with natural
phenomena, uncharacterized wastes, and experiments involving emergent technologies as well as
those associated with new missions and new designs. Further, the system must be able to
accommodate existing methods, processes, and infrastructures from a variety of domains within
and outside of DOE, including standards/requirements identification documents (SRIDs),
nuclear safety Authorization Bases (based on safety analysis reports, technical safety
requirements, and unreviewed safety questions), Occupational Safety and Health Administration
(OSHA) process safety management programs, and Environmental Protection Agency (EPA)
Comprehensive Environmental Response, Compensation, and Liability Act
(CERCLA/Superfund) requirements.
Within safety mandates, and considering budget and resource limitations, the management
system must also function cost effectively. It must enable tailoring of levels of effort so that
hazards are identified and controlled, yet work is not burdened with inflexible, prescriptive
management that needlessly inflates costs, does not enhance safety, but constrains work
performance. Thus, tailoring within work management functions (planning work, analyzing
hazards, establishing controls, performing work, assessing work and providing feedback) should
enable work to be managed at the appropriate levels, so that operational design and systems'
requirements imposed at each level will not unnecessarily constrain management decisions at
lower levels where more detailed information on work and hazards is available. In effect, work
management systems function to optimize work planning and work performance to enable those
closest to the work those who perform the work and those who manage or supervise it to
actually plan it, and to take responsibility for it, as well.
The purposes of this report are to illustrate how tailoring work management functions facilitate
the safe and effective accomplishment of work (including design), and to demonstrate that
tailoring is integral to the ISM system.
Within the five work management functions of the ISM system, standards play a vital role.
Likewise, the proper application of tailoring is directly linked to the use of standards within the
context of this report. The term "standards" is intended to have broad meaning.
"Standards are the expressed expectation for performance of work. Standards may be
reference points against which to measure excellence or may become enforceable
requirements (either under law or under Department contract). Standards include:
Federal, state, and local laws and regulations; Department Orders; nationally and
internationally recognized standards; and other documents (such as industrial
standards) that protect the environment and the safety and health of our workers and
the public. Documented standards are an accepted way of communicating to our
workers and the public the performance we expect in our daily operations. They are
supportive of work, not barriers or extra burdens." (Criteria for the Department's
Standards Program, [DOE/EH/-0416], Office of Environment, Safety and Health,
United States Department of Energy, August 1994)
II. TAILORING
Tailoring is planning and applying work management functions to accomplish the work at hand
within the established contract and project agreements. It ensures adequate protection for
workers, the public, and the environment and optimizes the use of available resources.
Tailoring means arriving at a proper fit. Applied to the five work management functions (see
Figure 1), it creates a work management system that handles all types of work and that runs
efficiently, effectively, and seamlessly. Applied to hazards analysis, it includes selecting hazards
analysis teams that are familiar with the work and the hazards, selecting appropriate hazards
analysis methods (see Attachment A), and assuring a robust analysis. Applied to controls, it is
selecting controls that fit the work and the hazards. Thus, tailoring implies attaining defined
expectations and needs.
Tailoring allows choices to be made from among a variety of engineering and administrative
controls that provide reasonable assurance that workers, the public, and the environment are
adequately protected during the performance of work. Moreover, tailoring can work both "top-
down" and "bottom-up." As a flow-down approach, tailoring of higher-level agreements,
contractual and project agreements between DOE and its contractors, enables contractors to
establish general standards for work that encompass pertinent statutory and regulatory
requirements and reflect DOE missions and resources. As a flow-up approach, individual tasks
are tailored so that each task has controls that fit the specific work and the hazards associated
with it and that are consistent with higher-level performance expectations. Many work controls
are derived from regulatory requirements; some have no regulatory basis but can be derived
from consensus standards or industry best practices; and some must be developed ad hoc to fit
the work.
Thus, tailoring is essentially a systems adaptation that operates at all levels and on all functions
of work planning and performance. It encompasses the three functions of work planning (design
work, analyze hazards, establish controls) and the two functions of work implementation
(perform work, assess and feedback) shown in Figure 1, and occurs at all levels of work�management, as shown in Figure 2.
Tailoring is dynamic and continuous and presumes that work functions are continuously monitored and adjusted to meet
changing mission, socio-political, regulatory requirements, and changing work conditions.
Work planning and work management operate within, across, and at the interfaces of
management levels. Detailed work planning is done and specific work controls are developed at
levels where detailed information on the work and the hazards is available. Managers at higher
levels are careful to impose standards that guide the work but do not overly constrain the work at
the levels where it is done. So, for example, "generic" requirements for personal protective
equipment (PPE) or other worker protection flow down from a project manager to a supervisor
or activity manager, based on the presence of radiological or industrial hygiene hazards in the
work. The worker(s) and
their supervisor, assisted by
an occupational safety and
health (OSH) professional
or a multi-disciplinary team,
as needed, together
determine what particular
PPE the workers will wear,
and/or what other protection
will be needed, to satisfy
both safety requirements
and safety needs, during the
various steps of the work
where hazards are extant.
Thus, standards flow down,
without inappropriate
constraints on
implementation or
performance, to the lowest appropriate level. Responsibility for compliance also resides at that
level. Similarly, needs defined by workers flow up to supervisors and then to managers to help
them identify and assign resources and manage interfaces with other activities and programs.
Different types of work are performed at the different work management levels shown in
Figure 2. Table 1 provides examples of the types of work managers and workers do, from DOE
headquarters personnel, who define missions, to DOE contractor employees, who perform tasks
to meet specific work objectives. Tailoring occurs within, across, and at the interfaces of these
levels.
III. EXPECTATIONS FOR TAILORING
To accomplish work safely, a work management system must function to ensure that work
hazards are identified and controlled, and that workers, the public, and the environment are
adequately protected. To accomplish work efficiently, the system should not prescribe controls
that needlessly inflate costs, do not enhance safety, or unnecessarily constrain work
performance. Tailoring through work management functions enables work to be managed at the
appropriate levels, so that operational design and systems requirements imposed at each level do
not unnecessarily constrain management decisions at lower levels, where more detailed
information on work and hazards is available. Hazards analyses are performed by those having
the best knowledge of the work. Decisions and responsibilities for work products flow down to
the level at which the work is performed so that "how" to do the work can be determined
primarily by
those doing the work. � Table 1. Types of Work Performed at Different Management Levels
Functions
Department
Mission
Planning
Establish Work Agreements
Perform Contract Work
DOE
Contractor
Manager
Supervisor
Worker
Design Work
Establish mission
objectives; allocate
resources
Establish mission-to-work
objectives and funding
priorities; negotiate
contract and project
agreements
Negotiate contract and
project agreements; plan
capital upgrades; plan,
schedule, and budget
projects
Plan, schedule, and
budget projects; lead
work planning teams;
design and schedule
work; coordinate
interfaces with other
projects
Lead work planning
teams; develop work
packages; assess
worker training,
qualifications, and
needs; develop job
descriptions
Participate in work
planning and work
package development;
assess training
qualification needs;
develop job descriptions
Analyze
Hazards
Identify, evaluate
socio-political
mission hazards
Establish analysis
expectations
Maintain analysis
capabilities; examine
site and sitewide
interface hazards;
examine hazards
elimination/reduction
potentials
Participate in hazards
reviews and engineering
hazards analyses;
examine project
interface hazards;
examine hazards
elimination potential
Participate in job,
activity, and process
hazards analyses;
examine job interface
hazards
Walkdown job; identify
potential problems;
participate in job and
activity hazards analyses
Establish
Controls
Issue DOE policies;
participate in
national and inter-
national standards
development
Establish process to
identify agreed-upon
standards; establish
processes to ensure work
outcomes
Agree upon standards;
establish work
management system;
establish training
programs; participate in
national, state, and local
standards development
Approve project controls
and work authorizations;
maintain staff
capabilities and training;
address hazards
analysis results;
examine hazards
elimination/reduction
potentials
Coordinate procedure
development; establish
work controls and
authorizations; sponsor
worker training and
education
Obtain, maintain skills,
training, and
qualifications; participate
in developing procedures
Perform Work
Oversee mission
progress
Establish work
performance measures;
monitor work progress
Establish work
performance measures;
schedule projects;
monitor project
milestones
Schedule and manage
work
Oversee and direct
work; report work status
Perform work
Assess and
Feedback
Review and
evaluate mission
objectives, resource
allocations, and
policies
Review and evaluate
existing agreements,
standards, and protocols
Review contract/project
agreements; evaluate
work plans, schedules,
budgets; evaluate
assessment protocols;
evaluate training/
qualification programs
Review work packages;
evaluate work authoriza-
tions; evaluate staff
qualifications and
training; evaluate
assessment protocols
Review activities;
evaluate adequacy of
work controls; evaluate
staff training; advise
manager of needed
improvements
Review conduct of work
and evaluate work
controls; advise
supervisor of status and
needed improvements
DOE Headquarters and Field Offices have two primary roles in the tailoring process. They are,
(1) defining mission goals and desired work outcomes, and (2) working with contractors to
establish resource parameters and technical approaches for work to safely and effectively carry
out mission goals, to identify statutory, regulatory, and contractual requirements that apply to the
work, and to evaluate the progress and success of the work. These roles are realized, in part,
through contract negotiations and through DOE approval of contractors' safety management
systems, as required by the Department of Energy Acquisition Regulation (DEAR) environment,
safety, and health clause. Contractors, in addition to working with DOE, have the added roles in
tailoring of (1) determining "how" work is actually conducted at all levels (site, project, activity,
task); (2) selecting and implementing work controls to fit the work; (3) meeting requirements;
and (4) optimizing the use of their resources. Both DOE and site contractor staff at all levels are
expected to tailor their work management functions.
Given effective tailoring of work management, DOE can expect site operators and contractors to
have work management systems that ensure safe and effective management of work in
fulfillment of the Department's missions. Meeting this expectation entails removing roadblocks
and eliminating activities that provide no benefit or that have a negative impact on safety or
performance, especially at the contractors' project and activity levels.
Likewise, given effective tailoring of work management, contractors can expect that, so long as
they meet statutory, regulatory, and contractual requirements, DOE Headquarters and field
personnel will allow them flexibility to manage the accomplishment of work to fulfill DOE
missions. Fulfilling this expectation also entails removing roadblocks, especially at higher
levels, and eliminating activities with no benefit or with negative impacts.
IV. STANDARDS, REQUIREMENTS, AND WORK CONTROLS
Within DOE, missions are turned into work designs and objectives at the highest agreement
levels between DOE and site contractors. At this level of work, management work designs and
objectives are defined and hazards are identified in broad terms. The nature of the work and the
hazards determine which statutes and regulations apply.
Performance expectations can be defined as required conditions or required outcomes.
Regulatory requirements often prescribe performance expectations but are silent on the processes
used to meet the expectations. Such performance- or outcome-based regulations allow greater
flexibility of response, so that the most efficient method of compliance can be implemented.
Tailoring includes selecting and implementing effective methods for compliance with
performance-based regulations. Providing flexibility to contractors in complying with
requirements allows them to select cost-effective methods for compliance.
Trade organizations and professional societies often issue consensus standards or recommended
practices to control hazards associated with their work. These standards can provide a useful
basis for demonstrating compliance with statutory, regulatory, and contractual requirements. �
However, the way in which standards are implemented to provide adequate protection may need
to be tailored. To ensure that this tailoring can be readily accomplished, an agreement is needed
between DOE and the site contractor about the process and criteria that the contractor will use to
determine when and how consensus standards will be used to control work. Adherence to this
agreement forms the basis for assuring the sufficiency of controls (see Attachment C).
Because part of DOE's mission is to challenge the frontiers of energy research and technology,
there may be cases where the development of work controls needs to go beyond existing
standards and practices. Especially in development of cutting-edge technologies, it is important
that the workers, supervisors, and technical experts who will be most intimately involved in the
work derive the standards for their performance.
Many DOE contractors currently have sitewide performance standards specific to the work done
at their sites. These standards ensure adherence to appropriate regulatory and contractual
requirements and adequate protection of workers, the public, and the environment. They also
reflect expectations for the performance of work consistent with the identification and
management of hazards specific to site facilities, projects, activities, and tasks. In addition,
sitewide performance standards are generally supported by institutional systems and procedures
that help identify hazards, select and implement controls, and provide feedback.
For site contractors, tailoring is most effective at the task level and in the management of tasks
as activities. The effectiveness of tailoring at this level is evidenced when the workers who
perform the tasks and the supervisors who provide the resources to those workers actually plan
the performance of the work to meet higher-level expectations. All five work management
functions are applied at this level, and real hazards identification and application of controls
occur here. It is the responsibility of the workers and their supervisors to provide assurance that
the performance of the work meets the work controls.
V. TAILORING WORK MANAGEMENT FUNCTIONS
Tailoring work management functions is an exercise in applying common sense at all
management and performance levels based on the knowledge of the work to be accomplished
and the barriers that may prevent achieving the objectives of the work. Figure 1 shows the five
functions of a safe work management system. These five functions are not independent,
sequential functions. Rather, they are an integrated whole. That is, the individual functions
cannot be tailored readily without affecting other functions and, potentially, the whole system.
Work design, for example, is a function that allows for excursions into the other functions of
work planning several times before a plan is implemented. If, for instance, hazards are
identified during work planning stages, then opportunities may arise at this stage to redesign the
work to eliminate the hazards or to reduce the potential for accidents arising from them.
Further, during work performance, assessment and feedback at any time can and should affect
future execution of work plans.
Thus, for tailoring, the five safe work management functions are considered as an integrated
whole. Nonetheless, for ease of presentation, we discuss tailoring within each function
separately.
A. DESIGN WORK
Work design is, inherently, a tailoring function. Designing work entails making decisions
about a continuous variety of options and tradeoffs. It is the balance of these options and
tradeoffs that determine if a work design will be successful. Many of these tradeoffs are
integrally related to tailoring the other elements. They include developing and resolving
the work scope, establishing a technical approach, adjusting resources, adapting personnel
(experience and expertise), adjusting schedule, and performing tasks sequentially or in
parallel to minimize hazards or to optimize the critical work path.
For example, work design considers the life cycle of the work and the ultimate fate of the
systems, processes, and/or facilities used to accomplish the work. Thus, the use or
addition of any feature, function, or structure is weighed not just against its safety benefits
and implementation costs, but also in terms of the hazards it may pose in decontamination
and disassembly.
Tailoring can also be applied to the formality and documentation associated with a work
plan. Too often, formality and documentation are associated, or equated, with budget or
cost, even when the work and the hazards are of a routine nature. A better gauge of the
need for formal documentation is the complexity of the work, the hazards associated with
it, and, in some cases, the regulatory requirements for documentation. Thus, if the hazards
are of such type and magnitude that multiple layers of controls or complex systems are
required, then greater formality within the planning process can help ensure completeness
of hazards identification and implementation of controls.
Tailoring at any level under this function may include
adjusting work scope and schedule to higher-level constraints;
resolving budgets and resources to work scope and schedule;
identifying and selecting personnel according to experience, expertise, and training;
adapting formality of documentation of work plan and work performance to
complexity of work and types and magnitude of hazards;
considering alternative technical approaches to performing work;
planning/replanning work to eliminate or reduce hazards; and
redesigning work based on assessment and feedback.
B. ANALYZE HAZARDS
Work hazards are addressed at all stages of work planning and work performance. For
example, in the early stages of work planning, or during design, hazards are often identified
and evaluated using only a checklist of hazard types. That is, hazards are identified as nuclear,
chemical, thermal, electrical, kinetic (movement), etc. At this time the hazards may also be
assessed as to the magnitude of the harm that accidents involving them could cause. For
example, the consequences or impacts of accidents could be evaluated as harm to immediate
worker only, harm to workers on adjacent processes or activities, or harm to the public or to
public resources. Thus, at this stage, the identification and assessment of hazards is a tool for
design evaluation and design improvement. Later, to manage work performance, more
detailed hazards analyses are needed to select appropriate types and numbers of controls to
prevent accidents or to mitigate their consequences. Even later, as a cyclic part of routine work
performance, these analyses are reviewed and updated to ensure that a process or facility that
has been in operation for a long time continues to maintain adequate controls to prevent
accidents or to mitigate their consequences. At this stage, the analysis of hazards is a tool for
evaluating whether safe operations are being maintained as the process or facility deviates from
original design or purpose.
Just as work hazards are addressed at all stages of work design and work performance,
work hazards are also addressed at all levels of work. For example, at the task or job
level, job hazards analyses are performed to identify hazards to the worker or workers
performing a job. For simple, routine jobs, these analyses can be simple checklists, and
can often be proceduralized. For jobs in which hazards are not well understood, they can
be thorough, systematic examinations by multidisciplinary teams that include workers and
their supervisors, and engineering and safety staff.
For existing facilities and projects, all types and levels of hazards evaluations, analyses,
and assessments should begin with a walkdown of the work, equipment, and facilities;
interviews with staff; and reviews of existing information/documents about the work.
This review encompasses more than just safety documents. For example, engineering
drawings, work or process flow diagrams, materials inventory lists, operating and
emergency procedures, and accident/incident reports all should be reviewed. See
Attachment A for a discussion of new facilities/new work.
Tailoring analysis of hazards encompasses selection of appropriate levels of hazards
evaluations, selection of appropriate hazards evaluation methods, and selection of
appropriate teams of individuals to accomplish the hazards evaluations. Because hazards
evaluations are a keystone to safe work management, they are discussed further in
Attachment A.
C. ELIMINATE HAZARDS
Elimination of hazards is an integral part of work design and work planning processes.
That is, where practical and effective, it is preferable to eliminate hazards rather than to
control them. For example, the first step in decommissioning a chemical laboratory is
usually to remove any jars or bottles of left-over chemicals. �
The place in the life-cycle of a project or process where hazards elimination can be most
effective is in the work design stage. In fact, all project or process design work should
consider not only elimination of hazards, but also larger, life-cycle issues, such as waste
minimization and decontamination and decommissioning (D&D).
Substitution of materials can eliminate hazards in some cases such as substituting non-
flammable solvents for kerosene for metal parts cleaning. When the potential
consequences of accidents are sufficiently serious that controls and mitigators do not
provide adequate protection, elimination of hazards is important. Accidents, analyses, and
tests showed that exposing nuclear weapons to high velocity impacts caused detonation of
their high explosives leading to dispersal of radioactive material. New high explosives
were developed which are very difficult to detonate by impact.
However, "inherently safer" work does not always mean "safer" work, and early
elimination of hazards does not always make work safer. For example, asbestos is a
hazardous material, and many old DOE buildings have asbestos insulated piping. As part
of D&D operations, this piping must be removed. However, removal of asbestos early in
the D&D process can actually lead to greater disruption of work and greater exposure
potential. If examination of the piping shows that outer coatings are intact, that is, that the
asbestos is sealed and not friable, then it may be safer to leave the asbestos in place, and
routinely inspect it, than to remove it early. In this example, it is better to initially manage
hazards in place, and to sequence work to minimize exposures, than to remove the
asbestos early. Thus, although early elimination of hazards may be a practical and
effective way to make work safer, controlling hazards in place is sometimes equally or
more practical and effective.
D. EXAMINE THE INTERFACES
There is a faded management adage that "systems break down at the interfaces." So, too,
do the benefits of hazards analyses, if no attention is paid to how workers' jobs can affect
one another to cause accidents; how juxtaposed (either directly connected or nearby)
activities or processes can influence one another; how multiple activities or projects within
a single facility can adversely affect or be affected by the shared support systems provided
by that facility; or how external events can affect multiple projects or facilities. For
example, researchers working in adjacent laboratories within a single laboratory building
each positioned a liquid waste container safely in an unused central hallway. The waste
containers, which were of a single standard design, were of proper size and composition to
handle the wastes and were well anchored to prevent spills. Examination of laboratory
"interface" hazards, however, showed that one waste container was labeled "cyanide
waste" and the other was labeled "acid waste." A small human error, an arm's reach in
the wrong direction, could have had fatal results.
Thus, it is important that a hazards analysis of a particular job, activity, or process
consider all of the circumstances that could cause an accident, and that various hazards
analyses be� coordinated to jointly consider these circumstances. Such interface analyses are
particularly important for aging facilities within the DOE complex, because these facilities
are often used for purposes other than those for which they were designed and, often,
engineering modifications or upgrades have not been made to ensure the adequacy of their
support systems. These facilities are also often shared and used for multiple purposes
without the benefit of any unifying analysis.
Systems lock outs and tag outs, the conduct of radiographic operations, and the transport
of radioactive materials across DOE sites are other examples of parallel activities where
interfaces may need careful examination.
Tailoring at any level under the hazards analysis function may include
performing hazards evaluations or assessments (preliminary hazards analyses)
before proceeding with detailed analyses;
selecting hazards evaluation methods commensurate with the level of work task,
activity, project, site, DOE;
evaluating and refining work designs for safety and for inherent safety;
identifying hazards elimination potentials; and
identifying and resolving hazards interface problems.
Tailoring at the project level or lower may include
selecting hazards analysis methods commensurate with the level of work
selecting hazards analysis methods commensurate with the life-cycle of the process
or facility
selecting hazards analysis methods commensurate with the complexity of the work
and the types and magnitude of the hazards (see Attachment A for further criteria);
identifying hazards analysis teams considering staff experience and expertise with
the work and the hazards;
adapting analysis processes to ensure interface reviews;
identifying multiple uses of hazards analysis information; and
coordinating multiple analyses for quality and efficiency.
E. ESTABLISH CONTROLS
Work hazards can be controlled by either engineering or administrative methods. For
example, pressure vessels, relief valves, contamination containment equipment, high
efficiency particulate air (HEPA) filters, and spill dikes are types of engineering controls.
Operating procedures and hazardous materials limits are types of administrative controls.
Both types of controls can be voluntary or mandated by regulation. Inherent in the
tailoring process, however, is the selection of controls to adequately protect against the
types and severity of potential accident consequences, without over-constraining the work
process, and potentially even making it less safe. For example, for high-hazard processes�
and activities, establishing and working within well-defined and controlled operating
limits may be necessary to ensure that safe process parameters are maintained. For low-
hazard processes and activities, only general operating parameters may be needed.
Tailoring work with engineering controls assumes that the controls are practical and
readily available, thus enabling work to proceed in a safe and timely manner. For
example, using contamination control equipment, such as glove bags, may enable work to
be completed safely without hindering workers with individual respiratory protection
equipment. Similarly, containment tents and portable HEPA filter units may allow
radiological decontamination work to be conducted in isolation from uncontrolled areas.
In addition, controls should be evaluated for their simplicity. Complex controls that
require special skills or training for use or maintenance may be less desirable than more
simple controls, especially for short-term operations.
Tailoring work with administrative controls includes maintaining clear and effective
operating procedures for equipment and processes, an effective work authorization
process, and a work control process that ensures timely and effective training. For
example, skilled craftsmen, such as electricians, who have been apprenticed, trained,
and/or certified in their crafts, do not need written procedures to perform the work for
which they have been trained. However, the work of all craftsmen is controlled by work
authorization processes. In addition, if craftsmen perform their work in environments
whose hazards are unfamiliar to them, the authorizations and training specific to the work
environment apply to ensure safe performance. Thus, administrative controls, including
procedures, work authorizations, and training, may be tailored to fit the work, the work
environment, and the workers. Conversely, assuring that workers are qualified to perform
work requires maintaining a balance of training, experience, and written procedures
tailored to the work and the hazards.
Most training programs can be tailored so that workers whose tasks are more difficult and
workers whose tasks are more important to successful operations receive more extensive
or intensive training. Likewise, safety training should be provided specific to the task and
the work. Workers engaged in low-hazard tasks may receive only general or site
occupational safety and health training.
Establishing effective controls for hazards involves interactions between management
levels. For example, a hazards analysis team can recommend that particular hazards have
enhanced protection. Experienced teams may even suggest specific control measures.
However, it is a management decision as to what or even whether controls are
implemented. That is, management must use a variety of criteria to select and prioritize
corrective actions and safety improvements. They include costs, other competing
priorities, implementation schedules, the effectiveness of risk reduction, and technical
feasibility.
� In terms of reliability, engineering controls are usually preferred over administrative
controls. Also, process controls are usually preferred over personal protective equipment
(PPE). However, for short-duration, non-routine processes and activities, management
may opt for administrative instead of engineering controls, or PPE instead of process
controls, because of cost, schedule, or other priorities.
F. SUFFICIENCY OF CONTROLS
Management makes decisions and accepts responsibility for the sufficiency of work
controls. They also approve controls as sufficient to perform work. However, the
expectations for sufficiency of controls should be defined early, during work design and
work planning, and agreed to by all responsible parties. In some cases, an operational
safety management system may suffice to ensure adequacy of controls. When work deals
with highly hazardous materials for work environments, however, further objective
evidence may be expected. In all cases, sufficiency expectations should be defined up
front. Attachment C provides a list of attributes for sufficiency of work controls.
Tailoring at any level under this function may include
adjusting work controls to lower or higher level constraints;
resolving budgets and resource allocations to meet work control needs;
selecting the level of experience, expertise, or training of personnel; and
adapting formality of work control documentation to complexity of work and types
and magnitudes of hazards.
Tailoring at the project level or lower may include
resolving the detail of operating procedures to the training and skill of the
workforce;
adjusting employee training and refresher training programs to work and hazards;
selecting standard industrial practices consistent with work and hazards;
selecting engineering and/or administrative controls to prevent, protect against, or
mitigate accidents; and
adjusting change-control programs to the needs of the work and significance of the
hazards.
G. PERFORM WORK
Aspects of work performance that can be tailored include readiness or "pre-startup"
reviews; mechanical integrity and maintenance programs; work authorizations; and
surveillance, inspection, and testing program. For example, readiness or "pre-startup"
review, usually performed at the project level, can be made more or less rigorous,
depending upon the hazards of the work. Testing and maintenance, usually performed at
the task or activity level, can vary in frequency as well as procedural rigor, again, usually�
depending upon knowledge of the hazards and the reliability needs for the equipment
examined.
For example, for equally important processes, operation and maintenance of high-hazard
processes are usually governed by more formal conduct of operations than operation and
maintenance of low-hazard processes.
Surveillance and maintenance programs are particularly important for aging facilities
within the DOE complex because these facilities often have not been refurbished and
continue to operate using outdated and fatigued equipment. Past surveillance and
maintenance may be inadequate to ensure the safe operation of the facilities. Increase
surveillance and maintenance activities are examples of tailoring for aged equipment that
continues to operate.
For example, an overhead crane that was originally specified for occasional use in an
active facility may, during D&D, encounter far more frequent use. The inspection and
maintenance of the crane should be tailored to the new operations and conditions.
Tailoring at any level under this function may include
adjusting work performance schedules to lower or higher level constraints,
including budgets and resources;
adjusting the depth and rigor of operational readiness or pre-startup reviews to the
significance of the work and hazards;
resolving the level of comprehensiveness of mechanical integrity programs; and
selecting the level of experience, expertise, or training of personnel.
Tailoring at the project level or lower may include
resolving the detail of maintenance procedures to the training and skill of the
workforce;
adjusting the level of proceduralization of work authorizations to the level of the
workforce;
adapting preventive maintenance frequency to needed equipment reliability;
adjusting surveillance and maintenance programs to the age of the process/
facility/equipment; and
adapting inspection and testing programs to equipment reliability.
H. ASSESS AND FEEDBACK
Self assessments and management assessments are done to determine whether work
controls and work performance adequately meet agreed-upon standards (see Attachment C
for attributes of sufficiency). The criteria, indicators, and measures used in assessments
are best developed at the time the work and the environment, safety, and health�
expectations are agreed upon. Such up-front work ensures that the criteria, indicators, and
measures are developed using the same factors that were used to develop the work
expectations.
Contractors should develop assessment programs and protocols that are tailored to the
details of their safety management systems to meet agreed-upon expectations. DOE
assessment programs and protocols should be aimed at ensuring that contractors' self-
assessment programs are effective and produce valid results. A history of effective self
assessment and continuous performance improvement by contractors can be a basis for
decreased assessment efforts by DOE.
Conducting good assessments requires knowledge of the work, the work environment, and
the agreed-upon expectations for performance of the work. It also requires inquisitive
minds and an understanding of the assessment methods that are effective. Thus, workers
must be trained in self assessment, and outside assessors must be trained or informed
about the work, the work environment, and the agreed-upon expectations pertinent to the
facility, activity, or operation being assessed.
DOE and contractor assessments improve when their respective methods and results are
shared openly and constructively. Open and constructive sharing requires a DOE-
contractor relationship based on trust. Such trust should be fostered by focusing on the
use of assessment results for continuous improvement, rather than for punitive actions.
Tailoring of assessments means
developing performance criteria, indicators, and measures that are specific to the
work, the work environment, and the agreed-upon expectations;
using methods that are keyed to each contractor's safety management system; and
providing feedback of assessment results into the safety management system where
it will be most useful.
VI. TAILORING BY CONTRACT AND PROJECT AGREEMENTS
As shown in Figure 2, tailoring of work management occurs at all management levels. Just so,
contracts and project agreements between DOE and contractors can be thought of as tailored, or
at least as providing the basis for tailoring. Agreements that are developed to direct work under
a specific contract or for a specific project effectively "translate" DOE mission goals into work
contracts. Figure 3 shows the elements of these "higher order" agreements in relation to the
work planning and work performance functions.
The agreement between DOE and Westinghouse Savannah River Company for the F-Canyon
Restart Project is an example of "translating" mission goal into work contract. It included
defining the work, identifying the hazards associated with the work, and agreeing upon standards
under which the work would be managed. The work involved the stabilization of hazardous
material. The risks of the work were of short duration. The agreement included a set of
standards to which the work would be performed. The standards were flexible and
nonprescriptive, and allowed the work to be performed with minimal hazard to workers and the
public. Examples of other DOE and contractor experiences in successful tailoring appear in
Attachment B.
Contracts between DOE and site contractors provide both authorization bases and authorization
agreements for the work of the contract, unless the contracts identify work for which additional
authorization bases and agreements must be made. When additional authorization bases and
agreements are needed, the contracts may specify the levels of formality and detail required.
Factors that affect the level of formality and detail in authorization bases and authorization
agreements include uncertainty in the characterization of the work, the hazards, and the work
environment; complexity of the work control systems; and level of political, operational, and/or
health risk.�
ATTACHMENT A
HAZARDS ANALYSIS
Introduction
Hazards analyses are performed at many different times and for many different purposes in the
work management process. For example, hazards analyses are performed at different stages in
the life-cycle of processes and facilities.
For new processes and facilities, at the conceptual (work) design stage, preliminary
hazards analyses are performed to identify opportunities to eliminate or reduce hazards,
before resources are committed to engineering design and construction.
During engineering design and construction, design hazards analyses are performed to
identify needed systems changes or process controls not identified at the conceptual stage.
Before initial startup of a new system or process, pre-startup or operational readiness
reviews are conducted to ensure that systems are in place to control all identified hazards.
Process hazards analyses are conducted periodically during the life time of operating
facilities/processes, and every time a process/facility undergoes significant modification,
to identify any new hazards resulting from process changes, and to ensure that all hazards
are adequately controlled.
For decontamination and decommissioning (D&D) and environmental restoration projects,
hazards characterizations are performed to characterize hazards and, if possible, to develop
a priority ranking for hazards elimination.
As D&D proceeds, hazards change. Hazards analyses become a routine part of the D&D
process to ensure that hazards are identified and controlled.
Hazards analyses are also performed at different levels of work for different purposes. At the
lowest working level, hazards analyses are performed on jobs or tasks.
Job Hazards Analysis
Job/task hazards analyses focus on the worker in relation to the work. That is, they are
performed to identify hazards to the worker or workers performing a particular job. These
integrated analyses address radiation, industrial hygiene (IH), and occupational safety and health
(OSH) hazards. They are most useful at the operations level to ensure adequate procedures and
personal protection.
For simple, routine jobs, these analyses can be simple checklists. For jobs in which hazards are
not well understood, they can be thorough, systematic examinations by workers and their
supervisors, assisted by engineering and safety staff.
The most common types of job hazards analyses are checklist, what-if, and what-if/checklist,
although other methods may be employed depending upon the job and the hazards. See
"Selection of a Hazards Analysis Method" below.
Engineering Hazards Analysis
Engineering or process hazards analyses are performed to identify process hazards materials or
circumstances that, inherently, have the ability to cause harm if uncontrolled. For example, the
chemical hazards of a process might include chemical and radiological toxicity, reactivities,
flammability, radiation fields, or shock sensitivity; the thermal hazards might include elevated
temperatures; the pressure-volume hazards might include liquified material stored under
pressure; and the electrical hazards might include elevated voltages.
Process hazards analyses examine engineering and administrative controls, process design, and
operational controls. They are most useful at engineering and operations levels to ensure
adequate process controls, preventers, protectors, and mitigators. For simple, well-understood
processes they can be as simple as a checklist. For complex processes, they can be systematic
and thorough examinations performed by a team of operators, engineers, maintenance and safety
staff, and other technical experts, as needed.
Types of process hazards analyses include what-if, checklist, what-if/checklist, hazard and
operability (HAZOP) study, failure modes and effects analysis (FMEA), fault tree analysis, and
event tree analysis. Selection of a process hazards analysis method depends on the type as well
as the complexity of the process. For example
For complex processes involving hazardous materials, the method of choice within the
chemical process industry is the HAZOP study, in which a team follows a rigorous
protocol to review a unit operation line by line and vessel by vessel to consider all process
deviations and to determine adequate preventive and/or mitigative controls. It is most
effective for continuous processes, but can also be useful for batch operations and for
maintenance. It is also very effective for analyzing operating procedures.
For analysis of electrical systems and other utilities, FMEA is often the method of choice.
Facility siting issues are usually analyzed using a checklist. Checklists also exist for
human factors considerations/analysis.
Selection of an engineering hazards analysis method also depends on the extent of the hazards
and how well they are understood. Routine hazards can generally be handled using checklists,
with any unusual or extenuating circumstances subject to what-if analysis.
Descriptions and uses of engineering or process hazards analyses are discussed in Chemical
Process Hazards Analysis, (DOE-HDBK-1100-96, February 1996). This handbook also
demonstrates five different process hazards analysis methods on two different engineered
systems, a hydrogen fluoride supply system and a cooling water chlorination system. In
addition, in 1992, the Center for Chemical Process Safety published Guidelines for Hazard
Evaluation Procedures: Second Edition with Worked Examples. The book is available from the
American Institute of Chemical Engineers, New York, NY.
Radiation hazards generally can be analyzed using the same methods discussed in the above
handbooks/guidelines. Even nuclear reactors are analyzed with the same methods as those used
for chemical processes. In both cases, the methods are selected congruent with the magnitude of
potential accident consequences to selected populations. See "Selection of a Hazards Analysis
Method" below.
Activity Hazards Analysis
Activity hazards analyses usually involve the analysis of multiple related tasks. These tasks may
be related to work within a specific facility or location, or to work of a specific technical nature.
When multiple tasks are involved, activity hazards analyses can be used to analyze hazards
arising at the interfaces of the tasks. They can also be used in planning to coordinate and
schedule or sequence tasks to minimize hazards. For example, if an electrician must work in a
facility in which other hazardous work is also being performed, then the electrician's work must
be coordinated with ongoing facility work, and the electrician must be made aware of the
hazardous activities going on in the facility.
Activity hazards analyses can help managers and supervisors coordinate tasks in time and space
to get work done safety. They can also be used to confirm training needs and work authorization
specifications for individual tasks.
Activity hazards analyses are most useful in D&D and environmental remediation operations,
after hazards have been characterized, during work planning and work performance. They are
performed as a routine part of the D&D and remediation processes. The description and uses of
activity hazards analyses are well discussed in Integrating Safety and Health During
Deactivation with Lessons Learned from Purex, (DOE/EH-0486, September 1995).
Other Types of Hazards Analyses
Within the DOE complex, specially-focused hazards analyses are conducted for distinct
purposes. Among these analyses are nuclear criticality analyses, fire hazards analyses, human
factors or human reliability analyses, emergency planning and preparedness analyses, and
safeguards and security vulnerability analyses. The purposes and analytic methods used in these
analyses differ. However, the opportunity exists to manage these analyses to ensure that results
are shared and consistent. In addition, an essential product of a tailored safety management
system is a repository for regularly updated facility, activity, task, and safety information from
which all hazards analysis teams can draw in order to perform their analyses.
Selection of a Hazards Analysis Method
The primary factors for selecting a hazards analysis method include:
The type and complexity of the work. In general, more complex work requires more
systematic and thorough hazards analysis methods. Also, as discussed above, some
hazards analysis methods are particularly well suited to specific systems or processes. For
example, FMEAs are well suited to electrical systems and other utilities. HAZOP studies
are well suited to chemical processes.
The type and magnitude of the hazards. In general, the greater the potential for harm
(hazard), the more systematic and thorough the hazards analysis method needed.
Potential impacts of accidents on workers, the public, and the environment. In
general, the more people potentially affected, the more systematic and thorough the
hazards analysis method needed.
Age of the process, facilities, or equipment. This factor generally considers the life
cycle stage of the process or facility conceptual design, engineering design/construction,
startup, etc., as described above. It also usually includes the accident/incident experience
of the particular process or facility. In general, beyond startup, the longer a process or
facility has been in operation, the greater the potential for deviations beyond design, and,
thus for accidents, and the greater the need for more thorough and systematic hazards
analyses. But, see below.
Operating history of the process or facility. This factor also considers the
accident/incident experience of the process or facility. However, it also usually includes
familiarity with the process or facility, or with similar processes or facilities. Well-known
and well-understood processes generally need less systematic and thorough review. For
example, checklists exist for many common processes/facilities. Thus, hazards analysis
teams may want to start with a checklist for a familiar process, then discuss how their
particular process or facility is different/special.
Secondary factors for selecting a hazards analysis method include the following:
Team method. Of the secondary factors, this one is probably the most important.
Hazards analyses performed by teams provide benefit beyond just a more thorough
analysis. They promote ownership and cooperation from those who participate in the
analyses. In addition, team members also gain a more thorough understanding of the
work, processes, or facilities they "analyze."
Ease of application/use. This factor generally includes the familiarity of the team leader
and/or team members with the methods. Especially for small or familiar systems, teams
usually work better using methods with which they are familiar.
Resource requirements. This factor usually considers staff time and availability.
Hazards analysis teams are usually made up of two types of members, core team members,
who participate throughout the entire analysis, and contributing members, who participate
when their particular jobs or areas of expertise are the focus of the analysis. Core team
members devote considerable (contiguous) time and energy to the hazards analysis
process.
Type of results needed. The results of hazards analyses may be qualitative or semi-
quantitative. However, some hazards analysis methods are inherently more amenable to
obtaining semi-quantitative results.
Traceability/auditability. This factor usually considers how much documentation is
needed, and the purposes for documenting the analysis. If documentation is a regulatory
requirement subject to audit, then methods that lend themselves to more formal and
systematic documentation may be preferred.
Selection of a Hazards Analysis Team
Hazards analysis teams are usually made up of two types of members, core team members, who
participate throughout the entire analysis, and contributing technical experts, who participate
when their particular jobs or areas of interest or expertise are the focus. Core team members
provide continuity to the hazards analysis process, and often devote considerable time and
energy to the process. Technical experts participate on an as-needed basis.
The core team for any hazards analysis should include facility/operations staff (in the case of a
job hazards analysis, the worker whose job or work is being evaluated and his/her supervisor)
assisted by a safety professional. For job hazards analyses, these may be the only staff that make
up the analysis team. Hazards analyses at the project or activity level of work, however, may
need to augment their teams with technical experts.
Technical experts are individuals with knowledge about a particular aspect of a project, activity,
or facility who participate in a hazards analysis on an as-needed basis. If internal
contractor/project staff have the appropriate expertise, then internal staff should be used as
technical experts to participate in hazards analyses. Thus, when possible, technical experts are
chosen from among internal project engineering, operations, maintenance, and safety personnel.
However, if a process or facility is new or if a recent modification has been made such that no
internal technical experts are available, then external technical experts may be used.
Just as the worker is the most important member of a job hazards analysis team, project/facility
operations and maintenance staff are the most important members of an engineering hazards
analysis team, because they have first-hand knowledge of the work. They run the systems.
They deal with the upsets. They know what can be done and how to do it. They also know what
does not work.
Also like job hazards analysis teams, engineering hazards analysis teams should be small. Core
teams of two to four members are optimal. Complete teams of four to eight members are
optimal, depending upon the complexity of the work (process or facility) being analyzed. If
teams are too small, hazards can be missed, because expertise is lacking. If teams are too large,
they are hard to control. The analysis may suffer from too many digressions, and consensus on
action items may be difficult to reach.
Action Items and Recommendations
The critical result of a hazards analysis is the list of action items developed by the hazards
analysis team. Action items are recorded any time the analysis team thinks that additional effort
is warranted to review further a specific potential accident, to eliminate a hazard, or to reduce
risks. Usually action items do not recommend specific corrective actions. They are meant to
alert management to potential problems. Sometimes action items suggest alternatives to be
considered. However, if a problem is simple, if a team is quite experienced, or if there is only
one obvious solution, an action item may be written to recommend a specific corrective action.
The action items from a hazards analysis are presented to management for review and
evaluation, and for determination of what, if any, actions should be taken to eliminate hazards or
to reduce risks through preventive, protective, or mitigative controls. Because many action
items may be generated during a hazards analysis, the team may choose to rank the action items
according to the probability of occurrence of their corresponding potential accidents, or the
severity of their consequences, or both. If the team is quite experienced, it may also choose to
rank the action items based on the anticipated time and resources required to implement changes.
Management can use a variety of criteria to select and prioritize corrective actions and safety
improvements. They include costs, other competing priorities, implementation schedules, the
effectiveness of risk reduction, and technical feasibility.
References
Bridges, William G., John Q. Kirkman, and Donald K. Lorenzo, 1994. "Include Human Errors
in Process Hazard Analyses," Chemical Engineering Progress, May 1994, pp 74-82.
Burk, Arthur F., 1992. "Strengthen Process Hazards Reviews," Chemical Engineering Progress,
June 1992, pp 90-94.
Center for Chemical Process Safety (CCPS), 1992. Guidelines for Hazard Evaluation
Procedures, Second Edition with Worked Examples; Publication G18; American Institute of
Chemical Engineers, New York.
Collins, Robert L., 1995. "Apply the HAZOP Method to Batch Operations," Chemical
Engineering Progress, April 1995, pp 48-51.
Dowell, A. M. III, 1994. "Managing the PHA Team," Process Safety Progress, January 1994,
Vol. 13, No. 1., pp 30-34.
Freeman, Raymond A., 1991. "Documentation of Hazard and Operability Studies,"
Plant/Operations Progress, July 1991, Vol. 10, No. 3.
Goodman, Len, 1996. "Speed Your Hazard Analysis with the Focused What If?" Chemical
Engineering Progress, July 1996, pp 75-79.
Goyal, Ram K., 1993. "FMEA, the Alternative Process Hazard Method," Hydrocarbon
Processing, May 1993, pp 95-99.
Hendershot, Dennis C., 1992. "Documentation and Utilization of the Results of Hazard
Evaluation Studies." AIChE 1992 Spring National Meeting, New Orleans, LA. Rohm and Haas
Company, Bristol, PA.
Mukesh, D., 1994. "Include HAZOP Analysis in Process Development," Chemical Engineering
Progress, June 1994, pp 76-78.
Nimmo, Ian, 1994. "Extend HAZOP to Computer Control Systems," Chemical Engineering
Progress, October 1994, pp 32-44.
U.S. Department of Energy, DOE Handbook, Chemical Process Hazards Analysis, DOE-
HDBK-1100-96, Washington, DC, February 1996.
U.S. Department of Energy, Example Process Hazard Analysis of a Department of Energy
Water Chlorination Process, DOE/EH-0340, September 1993.�
ATTACHMENT B
EXAMPLES OF TAILORING
Department-Level Tailoring
Plutonium Vulnerability Study. The Departmentwide plutonium vulnerability study, conducted
between March and November 1994, was a comprehensive review of the plutonium
vulnerabilities of 166 facilities at 35 sites. The study used a consistent evaluation methodology
to assess the adequacy of storage of more than 24 tons of plutonium contained in these facilities.
Plutonium inventory storage conditions and hazards were identified by multidisciplinary teams
of DOE and contractor staff. Vulnerabilities were identified, categorized by potentially affected
populations (workers, public, and environment), and prioritized. A corrective action plan that
tailored work efforts by focusing on the highest priority vulnerabilities first was issued as a
Memorandum by Undersecretary Charles Curtis.
This study allowed a Departmentwide view of plutonium storage vulnerabilities, which was
critical for DOE strategic planning. From the study, a Department-level tailored action plan was
developed for the safe storage of plutonium.
Contact: David Pyatt, 301-903-5614
Site-Level Tailoring
Standards/Requirements Identification Document for the Savannah River Site. The
Standards/Requirements Identification Document (SRID) for the Savannah River Site (SRS)
evolved as a series of agreements that were negotiated between DOE-Savannah River (DOE-SR)
and Westinghouse Savannah River Company (WSRC) about the logic and assumptions for the
development of a site SRID. The terms of the agreements were presented to DOE-SR for
approval, along with the SRID. The completed SRID not only contains the
standards/requirements set but also references site-level manuals and procedures that implement
each. The approved SRID has been incorporated into the DOE-WSRC contract by reference. It
represents an agreement between DOE-SR and WSRC about what standards/requirements will
be used by WSRC to translate DOE missions into work at SRS.
The completed SRID has enabled SRS to proceed with many activities in a more direct and cost
effective manner. It validates that most requirements are met by implementing site-level
programs augmented, as necessary, by project, activity, and task-level procedures.
Contact: Eric Oser, 803-952-9893
Rocky Flats Plant Safety Management Program Based on Hazard Categorization. At the Rocky
Flats Plant, a graded level of administrative control systems, including the site's configuration�
change control program, the site's "Conduct of Engineering Manual," quality assurance
procurement levels, independent safety reviews and unresolved safety question determinations,
and equipment calibration applicability, is correlated with the facility's hazard categorization. In
addition, the integrated work control program for maintenance activities is based on hazard
categorization.
In this example, tailoring safety management programs at the site level (the level of
authorization agreement) allowed limited resources to be more effectively used on higher hazard
activities. Lower hazard activities needed fewer reviews and approvals.
Contact: Terry Foppe, 303-966-7437
Lawrence Livermore Facility "Safety Basis" Based on Hazard Categorization. Lawrence
Livermore National Laboratory (LLNL) and its DOE field office agreed that investment of
extensive resources to produce safety analysis reports (SARs) for low hazard facilities was not
productive, and that safety bases could be defined at several other points in the safety analysis
process. They agreed that when material inventory screenings result in a low hazard
designation, with no special hazards, the screening report becomes the safety basis for a facility;
when inventory screenings result in greater than low hazard designation or when special hazards
are present, a preliminary hazards analysis (PHA) is required. If the PHA shows the facility to
be low hazard, then the PHA becomes the safety basis for the facility; when the PHA shows that
the hazard level is moderate or high, or a category 1, 2, or 3 classification, then a SAR is
required as the safety basis.
LLNL estimated that this agreement has saved about $1.2 million.
Contact: Jack Sims, 510-423-9742
EG&G Mound Potential Release Site Process for Site Remediation. EG&G Mound Applied
Technologies developed the potential release site (PRS) process for site remediation to replace
the operable unit concept. Approximately 200 facilities and 200 outside areas potentially
contaminated with chemical and/or radiological materials were identified. Information was then
collected for each facility/area and used as a basis for binning the potential release sites. Binning
was done according to whether characterization data were sufficient to determine that
remediation was necessary; sufficient to determine that no further action was necessary, i.e., the
contamination was below cleanup limits; or insufficient to make a decision, i.e., further sampling
was necessary to make a remediation decision. Many potential release sites required no further
action.
This new process allowed quicker differentiation and determination of sites needing remediation.
Contact: Jim Booth, 513-865-4504�Project-Level Tailoring
Rocky Flats Plant Critical Mass Laboratory Decommissioning. The Critical Mass Laboratory
(Building 886) at the Rocky Flats Plant performed nuclear criticality experiments with
plutonium and enriched uranium. Its original authorization basis, established in the mid-1960s
per the requirements of DOE 5480.6, consisted of a safety analysis review and technical
specifications. After its experimental mission was discontinued in the late 1980s, its
authorization basis was inadequate to address the building inventory of highly enriched uranium
nitrate solutions and the holdup of uranium and plutonium throughout equipment in the building.
A basis for interim operation with technical safety requirements was developed to establish an
authorization basis per DOE 5480.23 for the remaining limited life of the building in order to
maintain the safety envelope for storage and holdup hazards, but not to decontaminate or
decommission the building.
In this example, tailoring of hazards analysis and controls is based on the defined facility
mission of safe storage and maintenance of the safety envelope. Tailoring allowed a cost-
effective revision of the authorization basis for the Critical Mass Laboratory according to its new
storage mission.
Contact: Terry Foppe, 303-966-7437
Rocky Flats Plant Plutonium Recovery Facility Basis for Operations. Using the Work Smart
Standards process, a basis for operations (BFO) is being developed for the former Plutonium
Recovery Facility (Building 771) at the Rocky Flats Plant. The BFO addresses baseline
activities to maintain the safety envelope for storage of plutonium, enriched uranium, and
americium, and hazards associated with the holdup of material in equipment throughout the
building. It also addresses risk reduction activities to decommission the facility, which requires
draining of tanks and stabilization of plutonium nitrate solutions into plutonium oxide powders.
Although the Plutonium Recovery Facility BFO is still in the confirmation process, it is an
example of tailoring both the hazards analysis and the controls.
Contact: Terry Foppe, 303-966-7437
Lockheed Martin Standards Selection Based on Work and Hazards. As part of the work smart
standards (WSS) process, identification teams at Lockheed Martin Energy Systems, Inc.
recommended that only certain portions of consensus standards be included in the necessary and
sufficient set. For example, only the design portions of ANSI standards B30.1, B30.5, B30.16,
B30.20, and B30.21 related to hoists and cranes, were recommended. The teams'
recommendations were based on the types of operations conducted and the hazards associated
with those operations.
Contact: Bob Van Hook, 423-574-4322
Activity-Level Tailoring
Limited Restart of F-Canyon at the Savannah River Site. An agreement between DOE-
Savannah River and Westinghouse Savannah River Company was tailored to enable the limited
restart of F-Canyon at the Savannah River Site to stabilize specific materials into a safer form
for storage. A level of safety documentation and analysis was agreed upon to show that the
stabilization activity, conducted under the conditions described, would present less risk than
storage of the unstabilized materials until the complete nuclear facility documentation was
available.
The work plan, including appropriate authorization (site Standards/Requirements Identification
Document, safety basis, and resources) led the project to a successful conclusion.
Contact: Eric Oser, 803-952-9893
Elimination of Order-Specific Implementation Plans at Lawrence Berkeley. Lawrence Berkeley
National Laboratory eliminated transition and order-specific implementation plans, and now
evaluates the relevance of several federal and state regulations directly and specifically to work
activities and associated hazards. Examples of regulations whose usefulness have been directly
determined include the California Occupational Safety and Health Administration's construction
standard for oversight of California construction subcontractors, and 10 CFR 20, radiation safety
training for staff working in radiological facilities.
Contact: David McGraw, 510-486-5551
Enhanced Work Planning. Work planning processes using multidisciplinary teams have been
developed at Hanford, Fernald, Savannah River, Oak Ridge, Mound, Idaho, and Pantex.
Revised work control processes have strengthened work planning and hazards assessments.
Teams have broken down the "stove pipes" in the work planning process. Staff members that
formerly were excluded from work planning are integrated into multidisciplinary teams.
Redundant, obsolete, and unnecessary forms and permits were replaced with efficient work
planning documentation. Computer-based tools were developed. Tailoring of work packages
from a risk perspective allows resources to be focused on the significant risks.
The percentage of work packages receiving environment, safety, and health reviews has
doubled; average planning cycle times were reduced more than four fold; backlogs were
reduced; and medical surveillance was improved. The pilot data suggest that focusing tailoring
at the activity and task levels provides significant safety dividends, and the savings in resources
more than pay for needed improvements.
Contact: Tony Eng, 301-903-4210
Hazards Screening at the PUREX Deactivation Project. Hazards screening was used at the
PUREX Plant at Hanford to determine the appropriate level of hazards analysis. Each work
activity that required an engineering study or that used a work plan was screened by a
multidisciplinary team of workers, engineers, and safety and health professionals. The screening
provided the basis for determining the appropriate level of additional analysis/evaluation.
Determination of the appropriate level of additional analysis was based on the relative
complexity of the activity, the hazards associated with the activity, and the prior experience of
the workers with the activity. The team recommended one of several hazards analysis methods,
from simple checklists to hazard and operability studies, depending upon the findings of their
screening.
Tailoring of hazards analysis using this screening process produced more systematic and
comprehensive evaluations of hazards; decreased project costs; improved employee morale; and
improved worker safety, as evidenced by lost workday statistics. The process has been
incorporated into the Westinghouse Hanford Company's re-engineering initiative.
Contact: Tony Eng, 301-903-4210�
ATTACHMENT C
ATTRIBUTES OF SUFFICIENCY
Determination that work controls are sufficient must be made both prior to the performance of
new work as well as during the assessment of ongoing work. Moreover, management must not
only establish sufficiency of work controls, but also define the conditions under which controls
must be improved or processes/procedures changed. The attributes of sufficiency provided
below may be considered in developing the expectations for sufficiency of work controls.
These attributes are not only attributes of sufficiency of work controls, but also attributes of
sufficiency of higher-level standards. Thus, this list of attributes may be used/considered in
evaluating sufficiency from the highest level of work design selecting standards for the
performance of work to the most basic level of work performance selecting work controls to
protect against or mitigate the hazards associated with specific work tasks. In all cases,
decisions should be by consensus process, with participation by those affected. Discussion of
the attributes provided below should prompt responsible parties to arrive at expectations for
sufficiency of controls that are clear, balanced, and achievable.
I. Stewardship
Controls protect the health and safety of:
Environment
Public
Worker
Controls protect investment in:
People (workforce and public)
Environment/land assets/property
Physical assets (capital equipment, facilities, etc.)
Intellectual property
Controls maintain the confidence of:
Congressional and other governmental agencies
DOE and DOE contractors
Public
Worker
II. Recognized/Accepted Standards of Practice
Controls adhere to Guiding Principles (DOE P 450.4, 450.3, etc.).
Controls use recognized methods.
Controls provide systematic and thorough coverage.
Personnel are qualified.
Processes and/or products are auditable/demonstrable.
III. Cost-Benefit Considerations
Priorities are balanced (mission performance and protection).
Assessment methods are cogent.
Return is positive.
IV. Reasonable Person Acceptability
Controls promote confidence.
Based on stewardship, good practices, and cost-benefit considerations, a reasonable
person can conclude acceptability/sufficiency. That is, given the same information, an
objective third party could conclude that a decision of acceptability is reasonable.
<>