Display Related Directives to this directive.

DOE G 450.4-1B
3-1-01
Volume 2 of 2

INTEGRATED SAFETY
MANAGEMENT SYSTEM GUIDE

for use with

SAFETY MANAGEMENT SYSTEM POLICIES (DOE P 450.4, DOE P
450.5, AND DOE P 450.6); THE FUNCTIONS, RESPONSIBILITIES, AND
AUTHORITIES MANUAL; AND THE DEPARTMENT OF ENERGY
ACQUISITION REGULATION

Volume Two: Appendixes

Assistant Secretary for
Environment, Safety and Health
This page intentionally left blank.
CONTENTS

APPENDIX A: GLOSSARY. . . . . . . . . . . . . . . . . . . .A-1

APPENDIX B: RESOURCES FOR COMPLYING WITH THE SMS POLICIES, THE FRAM,
AND THE DEAR . . . . . . . . . . . . . . . . . . . . . . . . .B-1

APPENDIX C: DEVELOPMENT AND EVALUATION GUIDANCE FOR AN
ISMS AT A HAZARD CATEGORY 2 NUCLEAR FACILITY. . . .C-1

APPENDIX D: DISCUSSION OF SAFETY MANAGEMENT ASSESSMENT. . .D-1

1. Introduction. . . . . . . . . . . . . . . . . . . . . .D-1
2. (Types of) Assessments. . . . . . . . . . . . . . . . .D-2
3. Principles of the Assessment Effort . . . . . . . . . .D-3
4. Attributes of Assessments . . . . . . . . . . . . . . .D-4
4.1 Identification of Problems/Issues . . . . . . . . .D-4
4.2 Prioritization of Deficiencies. . . . . . . . . . .D-6
4.3 Problem Correction. . . . . . . . . . . . . . . . .D-6
4.4 Sharing of Significant Assessment Issues. . . . . .D-7
5. Other Considerations. . . . . . . . . . . . . . . . . .D-8
6. Conclusion. . . . . . . . . . . . . . . . . . . . . . .D-9

APPENDIX E: ISMS EVALUATION GUIDANCE. . . . . . . . . . . .E-1

1. Background. . . . . . . . . . . . . . . . . . . . . . .E-1
1.1 Role of the Approval Authority. . . . . . . . . . .E-1
1.2 Role of the Verification Team . . . . . . . . . . .E-2
1.3 Concept of the Review . . . . . . . . . . . . . . .E-2
2. Integrated Safety Management Core Expectations. . . . .E-3
2.1 Phase I Core Expectations . . . . . . . . . . . . .E-4
2.2 Phase II Core Expectations. . . . . . . . . . . . .E-6
3. Conduct of the Review . . . . . . . . . . . . . . . . .E-8
3.1 Team Selection. . . . . . . . . . . . . . . . . . .E-8
3.2 Team Assignments. . . . . . . . . . . . . . . . . .E-9
3.3 Review Sequence . . . . . . . . . . . . . . . . . E-10
3.4 Combined Phase I and II Reviews . . . . . . . . . E-11
3.5 The Use of Routine Evaluations for ISMS Reviews . E-12
4. Example CRADS . . . . . . . . . . . . . . . . . . . . E-12
5. Example Evaluation. . . . . . . . . . . . . . . . . . E-14

APPENDIX F: EXAMPLES OF TOPICS ADDRESSED IN ISMS DESCRIPTION
DOCUMENTS. . . . . . . . . . . . . . . . . . . . . . . . . . .F-1

1. Example from SRS. . . . . . . . . . . . . . . . . . . .F-1
2. Example from the Y-12 Plant . . . . . . . . . . . . . .F-4
2.1 ISMS Infrastructure: An Overview. . . . . . . . . .F-4
2.2 Details of the ISMS Structure . . . . . . . . . . .F-8

APPENDIX G: FEEDBACK AND IMPROVEMENT MECHANISMS . . . . . .G-1

1. Background. . . . . . . . . . . . . . . . . . . . . . .G-1
2. Description of Feedback And Improvement Mechanisms. . .G-1
2.1 Government Performance and Results Act
and Performance-Based Management. . . . . . . . . .G-2
2.2 Lessons Learned . . . . . . . . . . . . . . . . . .G-4
2.3 Assessments . . . . . . . . . . . . . . . . . . . .G-9
2.4 Safety Performance Measures . . . . . . . . . . . G-11
2.5 Corrective Actions. . . . . . . . . . . . . . . . G-14
3. Examples of Feedback and Improvement Mechanisms Implemented at Various
Organizational Levels. . . . . . . . . . . . . . . . . . . . G-14
3.1 Facility or Task Activities . . . . . . . . . . . G-15
3.2 Site/Contract Activities. . . . . . . . . . . . . G-17
3.3 Headquarters or Corporate Activities. . . . . . . G-18
4. Resolution of Safety Issues Identified by DOE Independent Oversight OfficesG-21
4.1 Safety Issue Identification . . . . . . . . . . . G-21
4.2 Corrective Action Plan Development (Disposition). G-24
4.3 Corrective Action Plan Approval . . . . . . . . . G-24
4.4 Deputy Secretary Notification . . . . . . . . . . G-26
4.5 Corrective Action Plan Implementation . . . . . . G-26
4.6 Corrective Action Plan Verification . . . . . . . G-28
4.7 Safety Issue Follow-up. . . . . . . . . . . . . . G-29
5. Corrective Action Plan Dispute Resolution Process . . G-29
6. References. . . . . . . . . . . . . . . . . . . . . . G-30
6.1 Rules and Directives. . . . . . . . . . . . . . . . G-
6.2 Additional References . . . . . . . . . . . . . . . G- APPENDIX A

GLOSSARY

ADMINISTRATIVE CONTROLS. Provisions relating to organization and management,
procedures, record keeping, assessment, and reporting necessary to ensure safe operation of a facility.
With respect to nuclear facilities, administrative controls means the section of the Technical Safety
Requirements (TSRs) containing provisions for safe operation of a facility including (1) requirements for
reporting violations of TSRs, (2) staffing requirements important to safe operations, and (3)
commitments to the safety management programs and procedures identified in the Safety Analysis
Report as necessary elements of the facility safety basis provisions.

AUTHORIZATION AGREEMENT. A documented agreement between the Department of
Energy (DOE) and the contractor for high-hazard facilities (Categories 1 and 2), incorporating the
results of DOE's review of the contractor's proposed authorization basis for a defined scope of work.
The authorization agreement contains key terms and conditions (controls and commitments) under
which the contractor is authorized to perform work. Any changes to these terms and conditions would
require DOE approval.

AUTHORIZATION BASIS. Safety documentation supporting the decision to allow a process or
facility to operate. Included are corporate operational and environmental requirements as found in
regulations and specific permits, and, for specific activities, work packages or job safety analyses.
(See also nuclear safety authorization basis.)

AUTHORIZATION PROTOCOLS. Those processes used to communicate acceptance of the
contractor's integrated plans for hazardous work. Such protocols are expected to range from
preperformance review and approval by DOE of detailed safety-related terms and conditions for
performing work (authorization agreement) to less rigorous oversight and postperformance assessment
of the contractor's work.

CHANGE CONTROLS. A process that ensures all changes are properly identified, reviewed,
approved, implemented, tested, and documented.

COGNIZANT SECRETARIAL OFFICER. That first-tier Headquarters office with
responsibility and authority for the particular activity under consideration.

CONTRACTING OFFICER. A DOE official with the authority to purchase or contract for goods
and services in excess of $25,000. Contracting officers are appointed using Standard Form 1402,
following procedures in DOE O 541.1, APPOINTMENT OF CONTRACTING OFFICERS AND
CONTRACTING OFFICER REPRESENTATIVES, which superseded DOE 4200.4A. For
Headquarters support contracts, the contracting officer is generally a member of the staff of the
Assistant Secretary for Human Resources and Administration.

CONTRACTOR. Any person under contract (including subcontractors or suppliers) with DOE with
the responsibility to perform activities or supply services or products.

CORE SAFETY MANAGEMENT FUNCTIONS. The core safety management functions for
DOE P 450.4, SAFETY MANAGEMENT SYSTEM POLICY, which are to (1) define the scope of
work, (2) analyze the hazards; (3) develop and implement hazard controls; (4) perform work within
controls; and (5) provide feedback and continuous improvement. These functions are also identified in
DOE Acquisition Regulations (DEAR) 48 CFR 970.5223-1(c).

CORE TECHNICAL GROUP (CTG). The CTG maintains a system and process to share
Federal technical resources within DOE and across organizational lines. A database is maintained by
technical specialty area to assist customers in identifying the best individuals or mixes of expertise
needed to support the customer's projects.

DEACTIVATION. The process of placing a facility in a stable and known condition, including the
removal of hazardous and radioactive materials to ensure adequate protection of the
worker, public health and safety, and the environment, thereby limiting the long-term cost of surveillance
and maintenance. Actions include the removal of fuel, draining and/or de-energizing nonessential
systems, removal of stored radioactive and hazardous materials, and related actions. Deactivation does
not include all decontamination necessary for the dismantlement and demolition phase of
decommissioning (e.g., removal of contamination remaining in the fixed structures and equipment after
deactivation).

DECOMMISSIONING. Takes place after deactivation and includes surveillance and maintenance,
decontamination, and/or dismantlement. These actions are taken at the end of the life of a facility to
retire it from service with adequate regard for the health and safety of workers and the public and
protection of the environment. The ultimate goal of decommissioning is unrestricted release or
restricted use of the site.

DECONTAMINATION. The removal or reduction of residual radioactive and hazardous materials
by mechanical, chemical, or other techniques to achieve a stated objective or end condition.

DEFENSE IN DEPTH. An approach to facility safety that builds in layers of defense against
release of hazardous materials so that no one layer by itself, no matter how good, is completely relied
upon. To compensate for potential human and mechanical failures, defense in depth is based on several
layers of protection with successive barriers to prevent the release of hazardous material to the
environment. This approach includes protection of the barriers to avert damage to the plant and to the
barriers themselves. It includes further measures to protect the public, workers, and the environment
from harm in case these barriers are not fully effective.

DIRECTIVES. Includes Policies, Regulations, Orders, Notices, Manuals, Guides, and Technical
Standards, as defined in DOE M 251.1-1A, under Chapter 1, "General Directives Structure," Section
3, "Description," and as also described in DOE P 151.1.

DISPOSITION. Those activities that follow completion of program mission, including, but not limited
to, surveillance and maintenance, deactivation, and decommissioning.

ENHANCED WORK PLANNING. A process that evaluates and improves the program by
which work is identified, planned, approved, controlled, and executed. The key elements of enhanced
work planning are line management ownership; a graded approach to work management based on risk
and complexity; worker involvement beginning at the earliest phases of work management;
organizationally diverse teams; and organized, institutionalized communication.

ENGINEERED CONTROLS. Physical controls, including set points and operating limits; as
distinct from administrative controls.

ENVIRONMENTAL MANAGEMENT SYSTEM. That part of the overall management system
that includes organizational structure, planning activities, responsibilities, practices, procedures,
processes, and resources for developing, implementing, achieving, reviewing, and maintaining the
environmental policy (see DOE/EH-0573 and http://www.qs9000.com/iso14000.html).

EXTERNAL EVENTS. Natural phenomena or man-caused hazards not related to the facility.

FACILITY. The buildings, utilities, structures, and other land improvements associated with an
operation or service and dedicated to a common function.

FIELD ELEMENT. A non-Headquarters DOE organization that is geographically distinct. Field
elements can be area offices; support offices; operations offices; field offices; regional offices; or offices
located at environmental restoration, construction, or termination sites.

"FLOOR-LEVEL" PROCEDURES. Detailed instructions used by technicians, researchers, and
other workers to directly accomplish work activities or tasks.

GUIDING PRINCIPLES. Conditions for performance of work that a safety management system
must address. The guiding principles for the Safety Management System Policy (DOE P 450.4) are
Line Management Responsibility for Safety, Clear Roles and Responsibilities, Competence
Commensurate with Responsibilities, Balanced Priorities, Identification of Safety Standards and
Requirements, Hazard Controls Tailored to Work Being Performed, and Operations
Authorization. These principles are also identified in DEAR 48 CFR 970.5223-1(b).

HAZARD. A source of danger (i.e., material, energy source, or operation) with the potential to cause
illness, injury, or death to personnel or damage to a facility or to the environment (without regard to the
likelihood or credibility of accident scenarios or consequence mitigation).

HAZARD ANALYSIS. The determination of material, system, process, and plant characteristics
that can produce undesirable consequences, followed by the assessment of hazardous situations
associated with a process or activity. Largely qualitative techniques are used to pinpoint weaknesses in
design or operation of the facility that could lead to accidents. The SAR hazard analysis examines the
complete spectrum of potential accidents that could expose members of the public, on-site workers,
facility workers, and the environment to hazardous materials.

HAZARD CLASSIFICATION. Evaluation of the consequences of unmitigated releases,
performed to classify facilities or operations into the following hazard categories:

Category 1: The hazard analysis shows the potential for significant off-site consequences.
Category 2: The hazard analysis shows the potential for significant on-site consequences.
Category 3: The hazard analysis shows the potential for significant localized consequences.

HAZARDS CONTROLS. Design features; operating limits; and administrative or safety practices,
processes, or procedures to prevent, control, or mitigate hazards.

HEAD OF THE CONTRACTING ACTIVITY. Head of a DOE element who has been
delegated authority by the Deputy Assistant Secretary for Procurement and Assistance Management to
(1) award and administer contracts, sales contracts, and/or financial assistance instruments; (2) appoint
contracting officers; and (3) exercise the overall responsibility for managing the contracting activity.

IMPLEMENTATION PLAN. A document prepared by a contractor that sets forth (1) when and
how the actions appropriate to comply with DOE or other regulatory requirements, including the
requirements of a plan or program committed to by the contractor, shall be taken, and (2) what relief
will be sought if a contractor cannot attain full compliance with a requirement in a reasonable manner.

INTEGRATED SAFETY MANAGEMENT SYSTEM. A Safety Management System (SMS)
to systematically integrate safety into management and work practices at all levels as required by DOE
P 450.4, SAFETY MANAGEMENT SYSTEM POLICY, and the other related Policies: DOE P
450.5 AND DOE P 450.6.

LIFE CYCLE. The life of an asset from planning through acquisition, maintenance, operation, and
disposition.

LINE MANAGEMENT. Any management level within the line organization, including contractor
management, that is responsible and accountable for directing and conducting work.

LINE ORGANIZATION. That unbroken chain of command that extends from the Office of the
Secretary to Secretarial Offices that set program policy and plans and develop assigned programs, to
the field element organizations responsible for execution of these programs, to the contractors that
conduct the work.

MANAGEMENT CONTROLS (INTERNAL CONTROLS). The organization, procedures,
and methods managers use to achieve their goals, including processes for planning, organizing, directing,
and controlling operations. Management controls are designed to provide reasonable assurance that
(1) programs achieve intended results; (2) resource use is consistent with DOE's mission and resources
are protected from waste, loss, unauthorized use, and misappropriation; (3) laws and regulations are
followed; and (4) decisions are based on reliable data. Management controls apply to all programs and
administrative functions.

MANUALS/CODES OF PRACTICE. As applied to integrated safety management, documented
instructions that define methods, processes, and procedures for DOE and the contractor to use in
implementing safety requirements and guidelines. These manuals/codes of practice document the safety
infrastructure of an ISMS and provide the basis for work planning, authorization protocols, formality of
operations, and feedback and improvement processes.

NUCLEAR SAFETY. Aspects of safety that encompass activities and systems that present the
potential for (1) uncontrolled releases of fission products or other radioactive materials to the
environment or (2) inadvertent criticality.

NUCLEAR SAFETY AUTHORIZATION BASIS. The basis for the safe operation of a DOE
nuclear facility, nuclear safety authorization basis includes hazard classification documents, Safety
Analysis Reports, TSRs, DOE-issued safety evaluation reports, and facility-specific commitments made
to comply with DOE nuclear safety requirements.

OCCURRENCE REPORT. A documented evaluation of an event or condition that is prepared in
sufficient detail to enable the reader to assess its significance, consequences, or implications and to
evaluate the actions being proposed or employed to correct the condition or to avoid recurrence.

OPERATIONAL READINESS REVIEW/ASSESSMENT. A disciplined, systematic,
documented, performance-based examination of facilities, equipment, personnel, procedures, and
management control systems to ensure that a facility will be operated safely within its approved safety
envelope as defined by the facility safety basis.

OPERATIONAL SAFETY CONTROLS. Safety limits, operating limits, surveillance
requirements, safety boundaries, and management and administrative controls that significantly
contribute to protecting workers, the public, and the environment from hazards other than nuclear
detonation, high-explosive detonation and deflagration, and fire (which are addressed by Nuclear
Explosive Safety Rules) for specific nuclear explosive operations and associated activities.

OVERSIGHT. Assessment of the adequacy of DOE and contractor performance. The Assistant
Secretary for Environment, Safety and Health has the responsibility and authority to independently
assess the adequacy of DOE and contractor performance. Under DOE P 450.5, DOE line
management also has responsibility for assessment of the adequacy of the contractor's ES&H
performance.

PERFORMANCE INDICATOR. Operational information indicative of the performance or
condition of a facility, group of facilities, or site.

PERFORMANCE-BASED REGULATIONS. Regulations that are outcome-oriented rather
than procedure-oriented.

POLLUTION PREVENTION. The use of materials, processes, and practices that reduce or
eliminate the generation and release of pollutants, contaminants, hazardous substances, and waste into
land, water, and air. For DOE, this includes recycling activities.

PROCEDURE. A document that prescribes a process (a sequence of actions) to be performed to
achieve a desired outcome.

PROCESS. A series of actions that achieves an end or result.

PROGRAM MANAGER.

a. (Chief Financial Officer) An individual in an organization or activity responsible for the
management of a specific function or functions and responsible for budget formulation and
execution of the approved budget. The individual is the recipient of an approved funding program
from the Office of Chief Financial Officer identifying his or her program dollars available to
accomplish the assigned function.

b. (Environment, Safety and Health) The Headquarters individual, or his/her designee, designated by
and under the direction of a Secretarial Officer, who is directly involved in the operation of
facilities under his/her cognizance, and holds signature authority to provide technical direction
through heads of field elements/operations office organizations to contractors for these facilities.

PROGRAM OFFICE. A Headquarters organization responsible for executing program
management functions and for assisting and supporting field elements in safety and health,
administrative, management, and technical areas.

PROGRAM SECRETARIAL OFFICERS (PSO). See SECRETARIAL OFFICER.

RISK. The quantitative or qualitative expression of possible loss that considers both the probability
that a hazard will cause harm and the consequences of that event.

RISK-INFORMED. Using knowledge of the risk.

SAFETY ANALYSIS. A documented process to (1) provide systematic identification of hazards
within a given DOE operation; (2) describe and analyze the adequacy of the measures taken to
eliminate, control, or mitigate identified hazards; and (3) analyze and evaluate potential accidents and
their associated risks.

SAFETY ANALYSIS REPORT (SAR). A report that documents the safety analysis for a nuclear
facility to provide the basis for a determination that the facility can be constructed, operated,
maintained, shut down, and decommissioned safely and in compliance with applicable laws and
regulations.

SAFETY CONTROLS. Safety significant controls or safety class controls (see also administrative
controls).

SAFETY DOCUMENTATION. Reports, memorandums, and other signed and dated documents
that identify the hazards of a process or facility, and describe the measures for their control.

SAFETY ENVELOPE. The range of conditions covered by the safety documentation of a process
or facility under which safe operation is adequately controlled.

SAFETY EVALUATION REPORT (SER). A DOE document that describes the extent and
detail of DOE review of a SAR or equivalent analysis report, the bases for approving the SAR (or
equivalent), and any conditions of SAR (or equivalent) approval. Approval signifies that DOE has
accepted the analysis as appropriately documenting the safety basis of a facility and as serving as the
basis for operational controls necessary to maintain an acceptable operating safety envelope.

SAFETY CLASS STRUCTURES, SYSTEMS, AND COMPONENTS. Nuclear safety
structures, systems, and components (SSCs) that are relied upon to protect the safety and health of the
off-site public as identified by safety analyses.

SAFETY PROGRAMS. Programs, required by DOE or other regulatory authority or committed to
in the contractor's SMS description, that will be adhered to for a scope of work by a facility or site in
support of the work.

SAFETY SIGNIFICANT STRUCTURES, SYSTEMS, AND COMPONENTS. Structures,
systems, and components (SSCs) that are not designated as safety class SSCs, but whose preventive
or mitigative function is a major contributor to defense in depth (i.e., prevention of uncontrolled material
release) and/or worker safety as determined from hazard analyses.

SAFETY STRUCTURES, SYSTEMS AND COMPONENTS. Both safety significant SSCs
and safety class SSCs.

SECRETARIAL OFFICER. The head of a first-tier organization; a DOE Headquarters employee
reporting directly to the Secretary, the Under Secretary, or the Deputy Secretary.

STANDARD. A generic, all-encompassing term used to describe documents that provide a specified
set of mandatory or discretionary rules, requirements, or conditions concerned with performance,
design, operation, or measurements of quality to accomplish a specific task. Standards may include
Federal laws, regulations, State laws, Federal agency directives, national and internal technical
standards, codes of conduct, or even organizational "internal use only" documents.

SURVEILLANCE. Any periodic monitoring to ensure operability or adequacy of performance.

TAILORING. Adapting something, such as a safety program, practice, or requirement, within the
ISMS to suit the need or purposes of a particular operation/activity, taking into account the type of
work and associated hazards.

TECHNICAL SAFETY REQUIREMENTS (TSRs). Those requirements that define the
conditions, safe boundaries, and management or administrative controls necessary to ensure the safe
operation of a nuclear facility and to reduce the potential risk to the public and facility workers from
uncontrolled releases of radioactive materials or from radiation exposures due to inadvertent criticality.
TSRs consist of safety limits, operating limits, surveillance requirements, administrative controls, use and
application instructions, and the basis thereof.

TECHNICAL STANDARD. A document that sets down a discretionary set of actions that must be
accomplished to meet the purpose of the encompassing document. These actions are generally
concerned with descriptions or steps that must be met to accomplish a specific task, such as
classification of components, operation of equipment, enhancement of quality, or protection of
personnel. They may also be used for procurement activities, such as specification of materials,
products, or services in accordance with a specific set of conditions for delivery. Technical standards
may only be made mandatory by direct reference in a requirements-type document, such as a contract,
law, rule, or Federal agency directive.

UNREVIEWED SAFETY QUESTION (USQ).

a. A USQ exists if one or more of the following conditions is identified:

(1) the probability of occurrence or the consequences of an accident or malfunction of
equipment important to safety as previously evaluated in the facility safety analyses could be
increased;

(2) the possibility for an accident or malfunction of a different type than any evaluated
previously in the facility safety analyses could be created; or

(3) any margin of safety as defined in the bases of the TSRs could be reduced.

b. A USQ determination is made when one of the following circumstances occurs:

(1) temporary or permanent changes in the facility as described in existing safety analyses;

(2) temporary or permanent changes in the procedures as derived from existing safety analyses;
and

(3) tests or experiments not described in existing safety analyses.

USQ PROCESS. A process to determine when DOE is to be involved in decision making involving
a USQ.

VOLUNTARY PROTECTION PROGRAM. The Department of Energy Voluntary Protection
Program (DOE-VPP), which promotes safety and health excellence through cooperative efforts among
labor, management, and government at DOE contractor sites. DOE has also formed partnerships with
other Federal agencies and the private sector for both advancing and sharing its VPP experiences and
preparing for program challenges in the next century. The safety and health of contractor and Federal
employees are a high priority for the Department (see http://tis-nt.eh.doe.gov/vpp/).

WORK. Process of performing a defined task or activity; for example, research and development,
operations, maintenance and repair, administration, software development and use, inspection,
safeguards and security, data collection, and analysis.

WORK AUTHORIZATION. The process used by line management to permit a task or activity to
be initiated as planned, having determined that it can be performed safely.

WORK FOR OTHERS. The performance of work for non-DOE entities by DOE/contractor
personnel and/or the use of DOE facilities that is not directly funded by DOE appropriations.

WORK PERFORMANCE. The act of performing work.

WORK PLANNING. The process of planning a defined task or activity. Addressing safety as an
integral part of work planning includes execution of the safety-related functions in preparation for
performance of a scope of work. These functions include (1) definition of the scope of work;
(2) formal analysis of the hazards bringing to bear in an integrated manner specialists in both ES&H and
engineering, depending on specific hazards identified; (3) identification of resulting safety controls
including safety structures, systems and components, and other safety-related commitments to address
the hazards; and (4) approval of the safety controls. APPENDIX B

RESOURCES FOR COMPLYING WITH THE SMS POLICIES,
THE FRAM, AND THE DEAR

1. INTRODUCTION

This appendix is intended to be used as a resource for complying with 48 CFR Chapter 9 (DEAR) Part
970.5204-2, "Laws, Regulations, and DOE Directives," which standardizes the manner in which
applicable requirements are included in Department of Energy (DOE) contracts. The appendix is
developed as a resource tool rather than as a comprehensive list. DOE maintains a web site that allows
access to current Department directives (http://www.directives.doe.gov). To
focus the selection and aid tailoring of standards, DOE has prepared many guides for particular safety
activities (e.g., fire protection) that link to acceptable codes and industry standards. Many canceled or
partially canceled DOE directives are included in this list because they may still be incorporated into a
contract (see Section 2.8 of this appendix).

2. RESOURCES BY TOPICAL AREA

2.1 Define Scope of Work And Balanced Priorities

Federal Rules

48 CFR 970.1100-1 and 970.5223-1: Department of Energy Acquisition Regulations

DOE Policies, Notices, and Orders

DOE P 450.4: DOE SAFETY MANAGEMENT SYSTEM POLICY
DOE O 130.1: BUDGET FORMULATION PROCESS
DOE O 135.1: BUDGET EXECUTION - FUNDS DISTRIBUTION AND CONTROL
DOE O 137.1: PLAN FOR OPERATING IN THE EVENT OF A LAPSE IN
APPROPRIATIONS
DOE O 224.1: CONTRACTOR PERFORMANCE - BASED MANAGEMENT PROCESS
DOE O 241.1: SCIENTIFIC AND TECHNICAL INFORMATION MANAGEMENT
DOE O 251.1A: DIRECTIVES SYSTEM
DOE P 251.1: DIRECTIVES SYSTEM
DOE O 331.1: DEPARTMENTAL EMPLOYEE PERFORMANCE MANAGEMENT
SYSTEM
DOE O 350.1: CONTRACTOR HUMAN RESOURCE MANAGEMENT PROGRAMS
DOE O 413.1: MANAGEMENT CONTROL PROGRAM
DOE O 414.1A: QUALITY ASSURANCE
DOE P 430.1: LAND AND FACILITY USE PLANNING
DOE O 430.1A: LIFE-CYCLE ASSET MANAGEMENT
DOE O 440.1A: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES
DOE N 441.3: EXTENSION FOR DOE N 441.1, RADIOLOGICAL PROTECTION FOR
DOE ACTIVITIES
DOE P 450.6: ENVIRONMENT, SAFETY AND HEALTH
DOE O 452.1A: NUCLEAR EXPLOSIVE AND WEAPON SURETY PROGRAM
DOE O 460.2: DEPARTMENTAL MATERIALS TRANSPORTATION AND
PACKAGING MANAGEMENT
DOE O 470.1: SAFEGUARDS AND SECURITY PROGRAM
DOE O 471.1: IDENTIFICATION AND PROTECTION OF UNCLASSIFIED
CONTROLLED NUCLEAR INFORMATION
DOE O 471.2A: INFORMATION SECURITY PROGRAM
DOE O 472.1B: PERSONNEL SECURITY ACTIVITIES
DOE O 541.1: APPOINTMENT OF CONTRACTING OFFICERS AND CONTRACTING
OFFICER REPRESENTATIVES
DOE O 542.1: COMPETITION IN CONTRACTING
DOE 4300.1C: REAL PROPERTY MANAGEMENT
DOE 4320.2A: CAPITAL ASSET MANAGEMENT PROCESS

DOE Guides and Technical Standards

DOE-STD-1082-94: Preparation, Review, and Approval of Implementation Plans for
Nuclear Safety Requirements
DOE-DP-STD-3023-98: Guidelines for Risk-Based Prioritization of DOE Activities
DOE/HR-0066: Total Quality Management Implementation Guidelines
DOE/RW-0333P: Quality Assurance Requirements and Descriptions for the Civilian
Radioactive Waste Management Program
DOE G 120.1-5: GUIDELINES FOR PERFORMANCE MEASUREMENT
DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE for use with
10 CFR 830.120 and DOE O 414.1
DOE G 430.1-1: COST ESTIMATING GUIDE
DOE G 440.1-1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES GUIDE FOR USE WITH DOE O 440.1
DOE G 440.1-2: CONSTRUCTION SAFETY MANAGEMENT GUIDE FOR USE WITH
DOE O 440.1
DOE G 440.1-4: CONTRACTOR OCCUPATIONAL MEDICAL PROGRAM GUIDE
FOR USE WITH DOE O 440.1
DOE G 440.1-6: IMPLEMENTATION GUIDE FOR USE WITH
SUSPECT/COUNTERFEIT ITEMS REQUIREMENTS FOR DOE O 440.1, WORKER
PROTECTION MANAGEMENT; 10 CFR 830.120, AND DOE 5700.6C, QUALITY
ASSURANCE
DOE G 450.3-3: TAILORING FOR INTEGRATED SAFETY MANAGEMENT
APPLICATIONS
DOE G 460.2-1: IMPLEMENTATION GUIDE FOR USE WITH DOE O 460.2,
DEPARTMENT MATERIALS TRANSPORTATION AND PACKAGING
MANAGEMENT

DOE Manuals and Handbooks

DOE M 135.1-1: BUDGET EXECUTION MANUAL
DOE M 251.1A: DIRECTIVES SYSTEM MANUAL
DOE M 411.1-1: MANUAL OF SAFETY MANAGEMENT FUNCTIONS,
RESPONSIBILITIES AND AUTHORITIES (FRAM)
DOE M 471.2-1B: MANUAL FOR CLASSIFIED MATTER PROTECTION & CONTROL

Defense Nuclear Facilities Safety Board Technical Reports

2.2 Analyze Hazards

Federal Rules

10 CFR 830: Nuclear Safety Management
10 CFR 835: Radiation Protection for Occupational Workers
10 CFR 1021: (DOE) National Environmental Policy Act Implementing Procedures
29 CFR 1910: Occupational Safety and Health Standards
29 CFR 1926: Occupational Safety and Health Regulations for Construction
40 CFR 50 to 195: EPA Air, Water and Radiation Protection Requirements
40 CFR 61 and 761 Toxic Substances Control Act Requirements
40 CFR 240 to 280 Resource Conservation and Recovery Act Requirements
40 CFR 300 to 306 Comprehensive Environmental Response, Compensation and Liabilities Act
Requirements
40 CFR 1500 to 1508 National Environmental Policy Act Requirements

DOE Policies, Notices, and Orders

DOE P 410.1A: DEVELOPING NUCLEAR SAFETY REQUIREMENTS
DOE O 420.1: FACILITY SAFETY
DOE O 420.2: SAFETY OF ACCELERATOR FACILITIES
DOE O 430.1A: LIFE CYCLE ASSET MANAGEMENT
DOE O 440.1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES
DOE O 440.2: AVIATION
DOE O 452.1A: NUCLEAR EXPLOSIVE AND WEAPONS SURETY PROGRAM
DOE O 452.2A: SAFETY OF NUCLEAR EXPLOSIVE OPERATIONS
DOE O 452.4: SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND
NUCLEAR WEAPONS
DOE O 460.1A: PACKAGING AND TRANSPORTATION SAFETY
DOE 5480.23: NUCLEAR SAFETY ANALYSIS REPORTS
DOE 5480.30: NUCLEAR REACTOR SAFETY DESIGN CRITERIA

DOE Guides and Technical Standards

DOE-STD-1021-93: Natural Phenomena Hazards Performance Categorization Guidelines
for Structures, Systems, and Components
DOE-STD-1022-94: Natural Phenomena Hazards Site Characterization Criteria
DOE-STD-1023-95: Natural Phenomena Hazards Assessment Criteria (including Change
Notice 1; January 1996)
DOE-STD-1027-92: Guidance on Preliminary Hazard Classification and Accident
Analysis
DOE-STD-1088-95: Fire Protection for Relocatable Structures
DOE-STD-1101-96: Process Safety Management for Highly Hazardous Chemicals
DOE-STD-1104-96: Review and Approval of Nonreactor Nuclear Facility Safety Analysis
Reports
DOE-STD-1120-98: Integration of Safety and Health into Facility Disposition Activities
DOE-STD-3007-93: Guidelines for Preparing Criticality Safety Evaluations at
Department of Energy Non-Reactor Nuclear Facilities
DOE-STD-3009-94: Preparation Guide for U.S. Department of Energy Nonreactor
Nuclear Facility Safety Analysis Reports
DOE-STD-3014-96: Accident Analysis for Aircraft Crash into Hazardous Facilities
DOE-STD-3015-97: Nuclear Explosive Safety Study Process
DOE-STD-6002-96: Safety of Magnetic Fusion Facilities: Requirements
DOE-STD-6003-96: Safety of Magnetic Fusion Facilities: Guidance
DOE-DP-STD-3016-99: Hazard Analysis Reports for Nuclear Explosive Operations
DOE-EM-5502-94: Hazard Baseline Documentation
DOE-EM-5503-94: EM Health and Safety Plan Guidelines
DRAFT DOE G 420.1-X: IMPLEMENTATION GUIDE FOR NONREACTOR NUCLEAR
SAFETY DESIGN CRITERIA AND EXPLOSIVES SAFETY CRITERIA
DRAFT DOE G 420.1-Y: IMPLEMENTATION GUIDE FOR THE MITIGATION OF
NATURAL PHENOMENA HAZARDS FOR DOE NUCLEAR FACILITIES AND
NON-NUCLEAR FACILITIES
DOE G 450.3-1: DOCUMENTATION FOR WORK SMART STANDARDS
APPLICATIONS: CHARACTERISTICS AND CONSIDERATIONS
DOE G 450.3-2: ATTRIBUTES OF EFFECTIVE IMPLEMENTATION
DOE G 450.3-3: TAILORING FOR INTEGRATED SAFETY MANAGEMENT
APPLICATIONS
DOE G 450.3-5: CRITERIA FOR THE DEPARTMENT'S STANDARDS PROGRAM
DOE G 452.2A-1A: IMPLEMENTATION GUIDE FOR DOE ORDER 452.2A SAFETY
OF NUCLEAR EXPLOSIVE OPERATIONS
DOE G 460.1-1: IMPLEMENTATION GUIDE FOR USE WITH DOE 0 460.1A,
PACKAGING AND TRANSPORTATION SAFETY

DOE Manuals and Handbooks

DOE M 440.1-1: DOE EXPLOSIVES SAFETY MANUAL
DOE-HDBK-1139-2000: Chemical Management
DOE-HDBK-1100-96: Chemical Process Hazards Analysis
DOE-HDBK-1101-96: Process Safety Management for Highly Hazardous Chemicals
DOE-HDBK-3010-94: Airborne Release Fractions/Rates and Respirable Fractions for
Nonreactor Nuclear Facilities, Vols. I & II
DOE-DP-HDBK-XXXX: Draft HAR Handbooks for Pantex and Nevada

Non-DOE Documents

Guidelines for Hazard Evaluation Procedures, Second Edition with Worked Examples,
Center for Chemical Process Safety, AIChe, 1992
Risk Assessment and Risk Management for the Chemical Process Industry, Stone and
Webster Engineering Corporation, 1991
Management of Process Hazards, American Petroleum Institute Recommended Practice 750,
1990
System Safety Society, System Safety Analysis Handbook: A
Source Book for Safety Practitioners, 1993.
OSHA, 1981, Job Hazard Analysis: A Tool to a Safer, More
Healthful Workplace, 1981.
NUREG-0492, Fault Tree Handbook, U.S. Nuclear Regulatory
Commission, January 1981.
OSHA 3071, 1988 (reprint), Job Hazard Analysis, Occupational Safety
and Health Administration, U.S. Department of Labor,
DNFSB/TECH-5, Fundamentals for Understanding Standards-Based Safety Management
of Department of Energy Defense Nuclear Facilities
DNFSB/TECH-6, Safety Management and Conduct of Operations at the Department of
Energy's Defense Nuclear Facilities
DNFSB/TECH-16, Integrated Safety Management

2.3 Develop/Implement Hazards Controls, Identification of Safety Standards and
Requirements; and Hazard Controls Tailored to Work Being Performed

Federal Rules

10 CFR 708: DOE Contractor Employee Protection Program
10 CFR 830: Nuclear Safety Management
10 CFR 834: Radiation Protection of the Public and the Environment (Draft)
10 CFR 835: Radiation Protection for Occupational Workers
10 CFR 1021: (DOE) National Environmental Policy Act Implementing Procedures
29 CFR 1910: Occupational Safety and Health Standards
29 CFR 1912: Occupational Safety and Health Standards: Process Safety Management
29 CFR 1926: Occupational Safety and Health Regulations for Construction
40 CFR 50 to 195: EPA Air, Water and Radiation Protection Requirements
40 CFR 61 and 761 Toxic Substances Control Act Requirements
40 CFR 68: EPA Chemical Risk Management Program
40 CFR 240 to 280 Resource Conservation and Recovery Act Requirements
40 CFR 300 to 306 Comprehensive Environmental Response, Compensation and Liabilities Act
Requirements
40 CFR 1500 to 1508 National Environmental Policy Act Requirements

DOE Policies, Notices, and Orders

DOE O 360.1: TRAINING
DOE O 420.1: FACILITY SAFETY
DOE O 420.2: SAFETY OF ACCELERATOR FACILITIES
DOE O 433.1: MAINTENANCE PROGRAM FOR NUCLEAR FACILITIES
DOE O 440.1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES
DOE N 440.1: INTERIM CHRONIC BERYLLIUM DISEASE PREVENTION PROGRAM
DOE N 441.1: RADIOLOGICAL PROTECTION FOR DOE ACTIVITIES
DOE P 441.1: DEPARTMENT OF ENERGY RADIOLOGICAL HEALTH AND SAFETY
POLICY
DOE N 441.4: EXTENSION OF DOE N 441.1, RADIOLOGICAL PROTECTION FOR
DOE ACTIVITIES
DOE P 450.1: ENVIRONMENT, SAFETY, AND HEALTH POLICY FOR THE
DEPARTMENT OF ENERGY COMPLEX
DOE P 450.2A: IDENTIFICATION, IMPLEMENTATION, AND COMPLIANCE WITH
ENVIRONMENT, SAFETY AND HEALTH REQUIREMENTS
DOE P 450.3: AUTHORIZING USE OF THE NECESSARY AND SUFFICIENT
PROCESS FOR STANDARDS-BASED ENVIRONMENT, SAFETY AND HEALTH
MANAGEMENT
DOE P 450.4: SAFETY MANAGEMENT SYSTEM POLICY
DOE P 450.5: LINE ENVIRONMENT, SAFETY AND HEALTH
DOE P 450.6: ENVIRONMENT, SAFETY AND HEALTH
DOE O 451.1A: NATIONAL ENVIRONMENTAL POLICY ACT COMPLIANCE
PROGRAM
DOE O 452.4: SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND
NUCLEAR WEAPONS
DOE O 460.1A: PACKAGING AND TRANSPORTATION SAFETY
DOE O 460.2: DEPARTMENTAL MATERIALS TRANSPORTATION AND
PACKAGING MANAGEMENT
DOE O 470.1: SAFEGUARDS AND SECURITY PROGRAM
DOE O 471.1: IDENTIFICATION AND PROTECTION OF UNCLASSIFIED
CONTROLLED NUCLEAR INFORMATION
DOE O 471.2A: INFORMATION SECURITY PROGRAM
DOE O 472.1B: PERSONNEL SECURITY ACTIVITIES
DOE 4330.4B: MAINTENANCE MANAGEMENT PROGRAM (see O 433.1)
DOE 5480.20A: PERSONNEL SELECTION, QUALIFICATION, AND TRAINING
REQUIREMENTS FOR DOE NUCLEAR FACILITIES
DOE 5480.21: UNREVIEWED SAFETY QUESTIONS
DOE 5480.22: TECHNICAL SAFETY REQUIREMENTS
DOE 5480.23: NUCLEAR SAFETY ANALYSIS REPORTS
DOE 5530.1A: ACCIDENT RESPONSE GROUP
DOE 5530.2: NUCLEAR EMERGENCY SEARCH TEAM
DOE 5530.3: RADIOLOGICAL ASSISTANCE PROGRAM
DOE 5530.4: AERIAL MEASURING SYSTEM
DOE 5610.13: JOINT DEPARTMENT OF ENERGY/DEPARTMENT OF DEFENSE
NUCLEAR WEAPON SAFETY, SECURITY, AND CONTROL ACTIVITIES
DOE 5820.2A: RADIOACTIVE WASTE MANAGEMENT

DOE Guides and Technical Standards

DOE-STD-1023-95: Natural Phenomena Hazards Assessment Criteria (including Change
No. 1; January 1996)
DOE-STD-1027-92: Guidance on Preliminary Hazard Classification and Accident
Analysis Techniques for Compliance with DOE 5480.23 NUCLEAR SAFETY ANALYSIS
REPORTS (above)
DOE-STD-1029-92: Writer's Guide for Technical Procedures
DOE-STD-1030-92: Guide to Good Practices for Lockouts and Tagouts
DOE-STD-1040-93: Guide to Good Practices for Control of On-Shift Training
DOE-STD-1053-93: Guideline to Good Practices for Control of Maintenance Activities at
DOE Nuclear Facilities
DOE-STD-1066-97: Fire Protection Design Criteria
DOE-STD-1070-94: Guidelines for Evaluation of Nuclear Facility Training Programs
DOE-STD-1073-93: Guide for Operational Configuration Management Program
DOE-STD-1077-94: Training Accreditation Program Standard: Requirements and
Guidelines
DOE-STD-1082-94: Preparation, Review, and Approval of Implementation Plans for
Nuclear Safety Requirements
DOE-STD-1083-95: Requesting and Granting Exemptions to Nuclear Safety Rules
DOE-STD-1088-95: Fire Protection for Relocatable Structures
DOE-STD-1120-98: Integration of Safety and Health into Facility Disposition Activities
DOE-STD-1128-98: Guide of Good Practices for Occupational Radiological Protection in
Plutonium Facilities
DOE-STD-3007-93: Guidelines for Preparing Criticality Safety Evaluations at DOE Non-
Reactor Nuclear Facilities
DOE-STD-3009-94: Prep. Guide for U.S. DOE Nonreactor Nuclear Facility Safety
Analysis Reports
DOE-STD-3011-94: Guidance for Preparation of DOE 5480.22 TECHNICAL SAFETY
REQUIREMENTS (TSR) and DOE 5480.23 NUCLEAR SAFETY ANALYSIS REPORTS
(SAR) Implementation Plans
DOE-STD-3020-97: Specification for HEPA Filters Used by DOE Contractors (revision
to DOE NE F3-45)
DOE-STD-3022-98: DOE HEPA Filter Test Program
DP-STD-0135-98: (DOE) Model Pollution Opportunity Assessment Guidance
EH-STD-0256T: Radiological Control Manual
EH-STD-0365-94: A Comparison of the RCRA Corrective Action and CERCLA Remedial
Action Processes
EH-STD-0427-94: Guide to Selecting Compliant Off-Site Hazardous Waste Treatment,
Storage and Disposal Facilities
EH-STD-0416: Criteria for the Department's Standards Program
EH-STD-0433: DOE Voluntary Protection Program, Part I: Program Elements
EH-STD-0433: DOE Voluntary Protection Program, Part II: Procedures Manual
EH-STD-0433: DOE Voluntary Protection Program, Part III: Application Guidelines
EH-STD-0433: DOE Voluntary Protection Program, Part IV: On-site Review Handbook
EH-STD-0435-95: Removal Actions under the Comprehensive Environmental Response,
Compensation and Liability Act (CERCLA)
EH-STD-0486: Integrating Safety and Health During Deactivation, With Lessons Learned
from Purex
EH-STD-0506-95: Phased Response/Early Actions
EH-STD-0535: Handbook for Occupational Health and Safety During Hazardous Waste
Activities
EH-STD-0536: Management Perspectives on Worker Protection During DOE Hazardous
Waste Activities
EH-STD-0573: Environmental Management System Primer for Federal Facilities
EH-STD-0580: Integrated Safety Management Activity-Level Work Control Tools Index
EM-STD-5502-94: Hazard Baseline Documentation
EM-STD-5503-94: EM Health and Safety Plan Guidelines
TSL-1-97: DOE Technical Standards List
DOE-76-45-19: Job Safety Analysis, 1979
DOE-76-45: Barrier Analysis, 1985
DOE G 151.1-1: EMERGENCY MANAGEMENT GUIDE
DRAFT DOE G 430.1-2: SURVEILLANCE AND MAINTENANCE DURING FACILITY
DISPOSITION
DRAFT DOE G 430.1-3: DEACTIVATION IMPLEMENTATION GUIDE
DRAFT DOE G 430.1-4: DECOMMISSIONING IMPLEMENTATION GUIDE
DOE G 440.1-1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES GUIDE FOR USE WITH DOE O 440.1
DOE G 440.1-2: CONSTRUCTION SAFETY MANAGEMENT GUIDE
DOE G 440.1-4: CONTRACTOR OCCUPATIONAL MEDICAL PROGRAM GUIDE
FOR USE WITH DOE O 440.1
DOE G 440.1-5: IMPLEMENTATION GUIDE FOR FIRE SAFETY PROGRAM
DOE G 440.1-6: IMPLEMENTATION GUIDE FOR USE WITH
SUSPECT/COUNTERFEIT ITEMS REQUIREMENTS OF DOE O 440.1, WORKER
PROTECTION MANAGEMENT; 10 CFR 830.120; AND DOE 5700.6C, QUALITY
ASSURANCE
DOE G 440.1-7: IMPLEMENTATION GUIDE FOR USE WITH DOE N 440.1, INTERIM
CHRONIC BERYLLIUM DISEASE PREVENTION PROGRAM
DOE G 450.3-3: TAILORING FOR INTEGRATED SAFETY MANAGEMENT
APPLICATIONS
DOE G 450.3-5: CRITERIA FOR THE DEPARTMENT'S STANDARDS PROGRAM
DOE G 460.1-1: IMPLEMENTATION GUIDE FOR USE WITH DOE O 460.1A,
PACKAGING AND TRANSPORTATION SAFETY
DOE G 10 CFR 835: Implementation Guide for Use with Title 10, Code of Federal Regulations,
Part 835, Occupational Radiation Protection.

DOE Manuals and Handbooks

DOE M 450.3-1: THE DEPARTMENT OF ENERGY CLOSURE PROCESS FOR
NECESSARY AND SUFFICIENT SETS OF STANDARDS
DOE M 471.2-1: CLASSIFIED MATTER PROTECTION & CONTROL MANUAL
DOE-HDBK-1078-94: Training Program Handbook: A Systematic Approach to Training
DOE-HDBK-1079-94: Primer for Tritium Safe Handling Practices
DOE-HDBK-1139-2000: Chemical Management
DOE-HDBK 1100-96: Chemical Process Hazards Analysis
DOE-HDBK 1101-96: Process Safety Management for Highly Hazardous Chemicals
DOE-HDBK 1105-96: Radiological Training for Tritium Facilities
DOE-HDBK 1106-97: Radiological Contamination Control Training for Laboratory
Research
DOE-HDBK 1107-97: Knowledge, Skills, and Abilities for Key Radiation Protection
Positions at DOE Facilities

DOE Documents

Department Report, Standards/Requirements Identification Document Development and
Approval Instruction, September 1994
Department Report, Standards/Requirements Implementation Assessment Instruction,
September 1994

Non-DOE Documents

CMA-15M, Responsible Care in Action: 1993-1994 Progress Report, October 1994
EPA 300R-94-009, Environmental Management System Benchmark Report: A Review of
Federal Agencies and Selected Private Companies, December 1994.
EPA 315-B-97-001, Implementation Guide for the Code of Environmental Management
Principles for Federal Agencies, March 1997.
Management of Process Hazards, American Petroleum Institute Recommended Practice
750, 1990
ISO/FDIS 2919: Radiation protection Sealed radioactive sources General requirements
and classification
ISO 8194:1987, Radiation protection Clothing for protection against radioactive
contamination Design, selection, testing and use
ISO 14001:1996, Environmental management systems Specification with guidance for
use
ISO 14004:1996, Environmental management systems General guidelines on principles,
systems, and supporting techniques
DNFSB/TECH-5, Fundamentals for Understanding Standards-Based Safety Management
of Department of Energy Defense Nuclear Facilities
DNFSB/TECH-6, Safety Management and Conduct of Operations at the Department of
Energy's Defense Nuclear Facilities
DNFSB/TECH-15, Operational Formality for Department of Energy Nuclear Facilities
and Activities: An Evaluation Guide
DNFSB/TECH-16, Integrated Safety Management
OSHA 3071, Job Hazard Analyses, 1998, R

2.4 Perform Work and Operations Authorization

Federal Rules

10 CFR 830: NUCLEAR SAFETY MANAGEMENT
10 CFR 71: PACKAGING AND TRANSPORTATION

DOE Policies, Notices, and Orders

DOE O 151.1: COMPREHENSIVE EMERGENCY MANAGEMENT SYSTEM
DOE O 414.1A: QUALITY ASSURANCE
DOE O 425.1A: STARTUP AND RESTART OF NUCLEAR FACILITIES
DOE O 433.1: MAINTENANCE PROGRAM FOR NUCLEAR FACILITIES
DOE O 440.1A: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES
DOE O 451.1A: NATIONAL ENVIRONMENTAL POLICY ACT COMPLIANCE
PROGRAM
DOE O 452.2A: SAFETY OF NUCLEAR EXPLOSIVE OPERATIONS
DOE 4330.4B: MAINTENANCE MANAGEMENT PROGRAM (see O 433.1)
DOE 5480.19: CONDUCT OF OPERATIONS REQUIREMENTS FOR DOE FACILITIES
DOE 5480.20A: PERSONNEL SELECTION, QUALIFICATION, AND TRAINING
REQUIREMENTS FOR DOE NUCLEAR FACILITIES
DOE 5480.22: TECHNICAL SAFETY REQUIREMENTS
DOE 5530.1A: ACCIDENT RESPONSE GROUP
DOE 5530.2: NUCLEAR EMERGENCY SEARCH TEAM
DOE 5530.3: RADIOLOGICAL ASSISTANCE PROGRAM
DOE 5530.4: AERIAL MEASURING SYSTEM

DOE Guides and Technical Standards

DOE-STD-1029-92: Writer's Guide for Technical Procedures
DOE-STD-1030-92: Guide to Good Practices for Lockouts and Tagouts
DOE-STD-1032-92: Guide to Good Practices for Operations Organization and
Administration
DOE-STD-1037-93: Guide to Good Practices for Operations Aspects of Unique Processes
DOE-STD-1039-93: Guide to Good Practices for Control of Equipment and System
Status
DOE-STD-1040-93: Guide to Good Practices for Control of On-Shift Training
DOE-STD-1041-93: Guide to Good Practices for Shift Routines and Operating Practices
DOE-STD-1050-93: Guideline to Good Practices for Planning, Scheduling, and
Coordination of Maintenance at DOE Nuclear Facilities
DOE-STD-1051-93: Guideline to Good Practices for Maintenance Organization and
Administration at DOE Nuclear Facilities
DOE-STD-1052-93: Guideline to Good Practices for Types of Maintenance Activities at
DOE Nuclear Facilities
DOE-STD-1053-93: Guideline to Good Practices for Control of Maintenance Activities at
DOE Nuclear Facilities
DOE-STD-1055-93: Guideline to Good Practices for Maintenance Management
Involvement at DOE Nuclear Facilities
DOE-STD-1056-93: Guide to Good Practices for Line and Training Manager Activities
Related to Training and Qualification
DOE-STD-1057-93: Guide to Good Practices for the Selection, Training, and
Qualification of Shift Technical Advisors, February 1993
DOE-STD-1059-93: Guide To Good Practices for maintenance Supervisor Selection and
Development, February 1993
DOE-STD-1060-93: Guide to Good Practices for Continuing Training, February 1993
DOE-STD-1061-93: Guide to Good Practices for the Selection, Training, and
Qualification of Shift Supervisors, February 1993
DOE-STD-1065-94: Guideline to Good Practices for Postmaintenance Testing at DOE
Nuclear Facilities
DOE-STD-1070-94: Guidelines for Evaluation of Nuclear Facility Training Programs
DOE-STD-1077-94: Training Accreditation Program Standard: Requirements and
Guidelines
DOE-STD-1107-97: Knowledge, Skills, and Abilities for key Radiation Protection
Positions at DOE facilities
DOE-STD-3006-95: Planning and Conduct of Operational Readiness Reviews
DOE-STD-3012-96: Guide to Good Practices for Operational Readiness Reviews
EH-STD-0256T: Radiological Control Manual
EH-STD-0580: Integrated Safety Management Activity-Level Work Control Tools Index
DOE G 120.1-5: GUIDELINES FOR PERFORMANCE MEASUREMENT
DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE for use with
10 CFR 830.120 and DOE O 414.1
DRAFT DOE G 430.1-2: SURVEILLANCE AND MAINTENANCE DURING FACILITY
DISPOSITION
DOE G 440.1-1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES GUIDE FOR USE WITH DOE O 440.1
DOE G 440.1-2: CONSTRUCTION SAFETY MANAGEMENT GUIDE
DOE G 440.1-4: CONTRACTOR OCCUPATIONAL MEDICAL PROGRAM GUIDE
FOR USE WITH DOE O 440.1
DOE G 440.1-5: IMPLEMENTATION GUIDE FOR FIRE SAFETY PROGRAM

DOE Manuals and Handbooks

DOE-HDBK 1001-96: Guide to Good Practices for Training and Qualification of
Instructors, March 1996 (replaces DOE-NE-STD-1001-91)
DOE-HDBK-1002-96: Guide to Good Practices for Training and Qualification of
Chemical Operators, March 1996 (replaces DOE-NE-STD-1002-91)
DOE-HDBK-1003-96: Guide to Good Practices for Training and Qualification of
Maintenance Personnel, March 1996 (replaces DOE-NE-1003-91)
DOE-HDBK-1074-95: Alternative Systematic Approaches to Training, January 1995
DOE-HDBK-1076-94: Table-Top Job Analysis, December 1994
DOE-HDBK-1078-94: Training Program Handbook: A Systematic Approach to Training
DOE-HDBK-1079-94: Primer for Tritium Safe Handling Practices
DOE-HDBK-1080-97: Guide to Good Practices for Oral Examinations
DOE-HDBK-1081-94: Primer on Spontaneous Heating and Pyrophoricity, September
1994
DOE-HDBK-1084-95: Primer on Lead-Acid Storage Batteries, September 1995
DOE-HDBK-1086-95: Table-Top Training Program Design, April 1995
DOE-HDBK-1099-96: Establishing Nuclear Facility Drill Programs, October 1995
DOE-HDBK-1103-96: Guide to Good Practices for Training and Qualification of
Maintenance Personnel, March 1996 (replaces DOE-NE-1003-91)
DOE-HDBK-1105-96: Radiological Training for Tritium Facilities
DOE-HDBK-1106-97: Radiological Contamination Control Training for Laboratory
Research
DOE-HDBK-1108-97: Radiological Safety Training for Accelerator Facilities
DOE-HDBK-1109-97: Radiological Safety Training for Radiation Producing (X-Ray)
Devices
DOE-HDBK-1110-97: ALARA Training for Technical Support Personnel
DOE-HDBK-1113-98: Radiological Safety Training for Uranium Facilities
DOE-HDBK-1114-98: Guide to Good Practices for Line and Training Manager Activities
DOE-HDBK-1116-98: Guide to Good Practices for Developing and Conducting Case
DOE-HDBK-1139-2000: Chemical Management
DOE-HDBK-1200-97: Guide to Good Practices for Developing Learning Objectives
(supersedes DOE-STD-1005-92)
DOE-HDBK-1201-97: Guide to Good Practices: Evaluation Instrument Examples
(replaces DOE-STD-1006-92)
DOE-HDBK-1202-97: Guide to Good Practices for Teamwork Training and Diagnostic
Skills Development (replaces DOE-STD-1007-92)
DOE-HDBK-1203-97: Guide to Good Practices for Training of Technical Staff and Managers
(replaces DOE-STD-1008-92)
DOE-HDBK-1204-97: Guide to Good Practices for Development of Test (replaces DOE-
STD-1009-92)
DOE-HDBK-1205-97: Guide to Good Practices for the Design, Development, and
Implementation of Examinations (replaces DOE-STD-1011-92)
DOE-HDBK-1206-98: Guide to Good practices for On-the-Job Training
DOE-HDBK-3012-96: Guide to Good Practices for Operational Readiness Reviews
(ORR), Team Leader's Guide
DOE-HDBK-5504-95: Guidance for Evaluation of Operational Emergency Plans

Non-DOE Documents

DNFSB/TECH-5, Fundamentals for Understanding Standards-Based Safety Management
of Department of Energy Defense Nuclear Facilities
DNFSB/TECH-6, Safety Management and Conduct of Operations at the Department of
Energy's Defense Nuclear Facilities
DNFSB/TECH-15, Operational Formality for Department Of Energy Nuclear Facilities
and Activities: An Evaluation Guide
DNFSB/TECH-16, Integrated Safety Management
DNFSB/TECH-19, Authorization Agreements for Defense Nuclear Facilities and Activities
ASME NQA-1, Quality Assurance Requirements for Nuclear Facility Applications
ISO 9001, Quality Management Systems Requirements
ASQ E4, Specifications and Guidelines for Environmental Data Collection and
Environmental Technology Programs
2.5 Feedback/Improvement

DOE Policies, Notices, and Orders

DOE O 210.1: PERFORMANCE INDICATORS AND ANALYSIS OF OPERATIONS
INFORMATION
DOE O 225.1A: ACCIDENT INVESTIGATIONS
DOE O 231.1: ENVIRONMENT, SAFETY, AND HEALTH REPORTING
DOE O 232.1A: OCCURRENCE REPORTING AND PROCESSING OF OPERATIONS
INFORMATION
DOE O 413.1: MANAGEMENT CONTROL PROGRAM
DOE O 414.1A: QUALITY ASSURANCE
DOE O 442.1: DEPARTMENT OF ENERGY EMPLOYEE CONCERNS PROGRAM
DOE P 450.5: LINE ENVIRONMENT, SAFETY AND HEALTH
DOE O 470.2: SAFEGUARDS AND SECURITY INDEPENDENT OVERSIGHT
PROGRAM
DOE 5484.1: ENVIRONMENTAL PROTECTION, SAFETY AND HEALTH
PROTECTION INFORMATION REPORTING REQUIREMENTS

DOE Guides and Technical Standards

DOE-STD-1036-93: Guide to Good Practices for Independent Verification
DOE-STD-1055-93: Guideline to Good Practices for Maintenance Management
Involvement at DOE Nuclear Facilities
DOE-STD-1063-93: Establishing and Maintaining a Facility Representative Program at
DOE Nuclear Facilities
DOE-STD-1065-94: Guideline to Good Practice for Postmaintenance Testing at DOE
Nuclear Facilities
DOE-STD-1070-94: Guidelines for Evaluation of Nuclear Facility Training Programs
DOE-STD-1077-94: Training Accreditation Program Standard: Requirements and
Guidelines
DOE-STD-7501-95: Development of DOE Lessons Learned Programs
EH-STD-0001-94: RCRA Corrective Action and CERCLA Remedial Action Reference
Guide
EH-STD-0441-95: Reporting Continuous Releases of Hazardous and Extremely Hazardous
Substances under CERCLA and EPCRA
EM-STD- 5505-96: Operations Assessments
DOE G 120.1-5: GUIDELINES FOR PERFORMANCE MEASUREMENT
DOE G 225.1A-1: IMPLEMENTATION GUIDE FOR USE WITH DOE O 225.1A,
ACCIDENT INVESTIGATIONS
DOE G 414.1-1: IMPLEMENTATION GUIDE FOR USE WITH INDEPENDENT AND
MANAGEMENT ASSESSMENT REQUIREMENTS OF 10 CFR PART 830.120 AND DOE
5700.6C, QUALITY ASSURANCE
DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE for use with
10 CFR 830.120 and DOE O 414.1
DOE G 440.1-3: IMPLEMENTATION GUIDE FOR USE WITH DOE O.440.1
OCCUPATIONAL EXPOSURE ASSESSMENT
DOE G 440.1-6: IMPLEMENTATION GUIDE FOR USE WITH
SUSPECT/COUNTERFEIT ITEMS REQUIREMENTS OF DOE O 440.1, WORKER
PROTECTION MANAGEMENT; 10 CFR 830.120; AND DOE 5700.6C, QUALITY
ASSURANCE
DOE G 442-1-1: DEPARTMENT OF ENERGY EMPLOYEE CONCERNS PROGRAM

DOE Manuals and Handbooks

DOE M 140.1-1A: INTERFACE WITH THE DEFENSE NUCLEAR FACILITIES SAFETY
BOARD
DOE M 231.1-1: ENVIRONMENT, SAFETY AND HEALTH REPORTING MANUAL
DOE M 232.1-1A: OCCURRENCE REPORTING AND PROCESSING OF
OPERATIONS INFORMATION
DOE M 473.2-1 Chg. 1: FIREARMS QUALIFICATION COURSES MANUAL
DOE M 474.1-2 Ch 1, Chg 2: NUCLEAR MATERIALS MANAGEMENT AND
SAFEGUARDS SYSTEM REPORTING AND DATA SUBMISSION
DOE-HDBK-1085-95: DOE Enforcement Program Roles and Responsibilities
DOE-HDBK-1089-95: Guidance for Identifying, Reporting, and Tracking Nuclear Safety
Noncompliances
DOE-HDBK-1205-97: Guide to Good Practices for the Design, Development, and
Implementation of Examinations (replaces DOE-STD-1011-92)
DOE-HDBK-5504-95: Guidance for Evaluation of Operational Emergency Plans
DOE-HDBK-7502-95: Implementing U.S. Department of Energy Lessons Learned
Programs
DOE and contractor management self-assessment requirements
DOE-SAFT-0065-97: Draft Integrated Safety Management System Verification (ISMSV)
Process, Team Leader's Handbook

Other Documents

DOE and contractor management self-assessment requirements, including

Health and Safety Audit Report guidance
Industrial Hygiene Report guidance
Radiological Protection Audit Report guidance
Quality Assurance Audit Report guidance
Specific details from the contract being administered by DOE
Specific Site/Facility/Process/Activity Assessment and programs
Oversight Programs, such as Occurrence Reporting, Facility Representative, Corrective
Action, and Quality Assurance Programs.

2.6 Line Management Responsibility for Safety and Clear Roles and
Responsibilities

References

10 CFR 820: PROCEDURAL RULES FOR DOE NUCLEAR ACTIVITIES
10 CFR 830: Nuclear Safety Management
DOE M 411.1-1: MANUAL OF SAFETY MANAGEMENT FUNCTIONS,
RESPONSIBILITIES AND AUTHORITIES (FRAM)
DOE P 411.1: SAFETY MANAGEMENT FUNCTIONS, RESPONSIBILITIES, AND
AUTHORITIES POLICY
DOE O 414.1A: QUALITY ASSURANCE
DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE for use with
10 CFR 830.120 and DOE O 414.1
ASME NQA-1, Quality Assurance Requirements for Nuclear Facility Applications
ISO 9001, Quality Management Systems Requirements
ASQ E4, Specifications and Guidelines for Environmental Data Collection and
Environmental Technology Programs

2.7 Competence Commensurate with Responsibility

References

Federal Acquisition Regulation 15.605
41 U.S.C. 253a
10 CFR 830: Nuclear Safety Management
DOE O 360.1: TRAINING
DOE O 414.1A: QUALITY ASSURANCE
DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE for use with
10 CFR 830.120 and DOE O 414.1
DOE P 426.1: FEDERAL TECHNICAL CAPABILITY POLICY FOR DEFENSE
NUCLEAR FACILITIES
DOE G 426.1-1: RECRUITING, HIRING, AND RETAINING HIGH QUALITY
TECHNICAL STAFF
DOE O 440.1: WORKER PROTECTION MANAGEMENT FOR DOE FEDERAL AND
CONTRACTOR EMPLOYEES
DOE M 473.2-1 Chg 1: FIREARMS QUALIFICATION COURSES MANUAL
DOE O 541.1: APPOINTMENT OF CONTRACTING OFFICERS AND CONTRACTING
OFFICER REPRESENTATIVES
DOE 5480.20A: PERSONNEL SELECTION, QUALIFICATION, AND TRAINING
REQUIREMENTS FOR DOE NUCLEAR FACILITIES
DOE-STD-1056-93: Guide to Good Practices for Line and Training Manager Activities
Related to Training and Qualification
DOE-STD-1057-93: Guide to Good Practices for the Selection, Training, and
Qualification of Shift Technical Advisors, February 1993
DOE-STD-1059-93: Guide to Good Practices for Maintenance Supervisor Selection and
Development, February 1993
DOE-STD-1060-93: Guide to Good Practices for Continuing Training, February 1993
DOE-STD-1061-93: Guide to Good Practices for the Selection, Training, and
Qualification of Shift Supervisors, February 1993
DOE-HDBK-1001-96: Guide to Good Practices for Training and Qualification of
Instructors
DOE-HDBK-1002-96: Guide to Good Practices for Trng. and Qual. of Chemical
Operators
DOE-HDBK-1003-96: Guide to Good Practices for Trng. and Qual. of Maintenance
Personnel
DOE-HDBK-1107-97: Knowledge, Skills, and Abilities for Key Radiation Protection
Positions at DOE Facilities
DOE/HR-0066: Total Quality Management Implementation Guidelines
DOE-RW-0333P: Quality Assurance Requirements and Descriptions for the Civilian
Radioactive Waste Management Program
ASME NQA-1, Quality Assurance Requirements for Nuclear Facility Applications
ISO 9001, Quality Management Systems Requirements
ASQ E4, Specifications and Guidelines for Environmental Data Collection and
Environmental Technology Programs

2.8 Canceled DOE Directives

Many canceled or partially canceled DOE directives remain on the list because they may have been
incorporated into a contract. Requirements of the canceled directives remain applicable until the
contract has been renegotiated.

DOE G 151.1-1: EMERGENCY MANAGEMENT GUIDE (CANCELED)
DOE 1540.1A: MATERIAL TRANSPORTATION AND TRAFFIC MANAGEMENT
PROGRAM (CANCELED)
DOE 1540.2A: HAZARDOUS MATERIAL PACKAGING FOR TRANSPORTATION -
ADMINISTRATIVE PROCEDURES (CANCELED)
DOE 3790.1B: FEDERAL EMPLOYEE OCCUPATIONAL SAFETY PROGRAM
(PORTIONS CANCELED)
DOE 3792.2A: FEDERAL EMPLOYEE MOTOR VEHICLE SAFETY PROGRAM
(CANCELED)
DOE 4700.1: PROJECT MANAGEMENT SYSTEM (CANCELED)
DOE 5400.1: GENERAL ENVIRONMENT PROTECTION PROGRAM (PORTIONS
CANCELED)
DOE 5400.2A: ENVIRONMENTAL COMPLIANCE ISSUE COORDINATION
(CANCELED)
DOE 5400.4: CERCLA REQUIREMENTS (CANCELED)
DOE 5400.5: RADIATION PROTECTION OF THE PUBLIC (CANCELED)
DOE 5440.4E: NATIONAL ENVIRONMENTAL POLICY ACT COMPLIANCE
PROGRAM (PORTIONS CANCELED)
DOE 5480.4: ENVIRONMENTAL PROTECTION, SAFETY, AND HEALTH
PROTECTION (PORTIONS CANCELED)
DOE 5480.6: SAFETY OF DEPARTMENT OF ENERGY-OWNED NUCLEAR
REACTORS (CANCELED)
DOE 5480.7A: FIRE PROTECTION (CANCELED)
DOE 5480.8A: CONTRACTOR OCCUPATIONAL MEDICAL PROGRAM
(CANCELED)
DOE 5480.9A: CONSTRUCTION PROJECT SAFETY AND HEALTH MANAGEMENT
(CANCELED)
DOE 5480.10: CONTRACTOR INDUSTRIAL HYGIENE PROGRAM (CANCELED)
DOE 5480.11: RADIATION PROTECTION FOR OCCUPATIONAL WORKERS
(CANCELED)
DOE 5480.13: AVIATION SAFETY (CANCELED)
DOE 5480.15: DEPARTMENT OF ENERGY LABORATORY ACCREDITATION
PROGRAM FOR PERSONNEL DOSIMETRY (CANCELED)
DOE 5480.16A: FIREARMS SAFETY (CANCELED)
DOE 5480.17: SITE SAFETY REPRESENTATIVES NUCLEAR (CANCELED)
DOE 5480.18B: NUCLEAR FACILITY TRAINING ACCREDITATION PROGRAM
(CANCELED)
DOE 5480.24: NUCLEAR CRITICALITY SAFETY (CANCELED)
DOE 5480.25: SAFETY OF ACCELERATOR FACILITIES (CANCELED)
DOE Order 5480.29, EMPLOYEE CONCERNS MANAGEMENT SYSTEM
(CANCELED)
DOE 5480.31: STARTUP AND RESTART OF NUCLEAR FACILITIES (CANCELED)
DOE 5481.1B: SAFETY ANALYSIS AND REVIEW SYSTEM (CANCELED)
DOE 5482.1B: ENVIRONMENT, SAFETY AND HEALTH APPRAISAL PROGRAM
ASSESSMENT REQUIREMENTS OF 10 CFR PART 830.120 AND DOE 5700.6C,
QUALITY ASSURANCE (CANCELED)
DOE 5483.1B: OCCUPATIONAL, SAFETY AND HEALTH PROGRAM FOR DOE
CONTRACTOR EMPLOYEES AT GOVERNMENT-OWNED CONTRACTOR-
OPERATED FACILITIES (CANCELED)
DOE 5484.1: ENVIRONMENTAL PROTECTION, SAFETY, AND HEALTH
PROTECTION INFORMATION REPORTING REQUIREMENTS (PORTIONS
CANCELED)
DOE 5500.1B: EMERGENCY MANAGEMENT (CANCELED)
DOE 5500.2B: EMERGENCY CATEGORIES, CLASSES, AND NOTIFICATION AND
REPORTING REQUIREMENTS (CANCELED)
DOE 5500.3A: PLANNING AND PREPAREDNESS FOR OPERATIONAL
EMERGENCIES (CANCELED)
DOE 5500.4A: PUBLIC AFFAIRS POLICY AND PLANNING REQUIREMENTS FOR
EMERGENCIES (CANCELED)
DOE 5500.6B: SHUTDOWN OF DEPARTMENTAL OPERATIONS UPON FAILURE BY
CONGRESS TO ENACT APPROPRIATIONS (CANCELED)
DOE 5500.7B: EMERGENCY OPERATING RECORDS PROGRAM (CANCELED)
DOE 5500.10: EMERGENCY READINESS ASSURANCE PROGRAM (CANCELED)
DOE 5610.11: NUCLEAR EXPLOSIVE SAFETY (CANCELED)
DOE 5700.6C: QUALITY ASSURANCE (CANCELED) APPENDIX C

DEVELOPMENT, IMPLEMENTATION, AND EVALUATION
GUIDANCE
FOR AN ISMS AT A HAZARD CATEGORY 2 NUCLEAR FACILITY

The need for Appendix C in this revision of the ISMS Guide (Rev. 1) has been superseded by revisions
to Chapter III and Appendixes E and F. These revisions incorporate guidance and examples based on
ISMS development and evaluation experience with implementing ISMSs at a number of Category 2
nuclear facilities. The guidance in Chapter III and Appendixes E and F on expectations, attributes, and
experience in the development, review, and approval processes encompasses the Category 2 nuclear-
facility-specific guidance that was previously in Appendix C, Rev. 0.

This page intentionally left blank. APPENDIX D

DISCUSSION OF SAFETY MANAGEMENT ASSESSMENT

1. INTRODUCTION

The purpose of this appendix is to provide supplemental guidance for the use of assessments in
Integrated Safety Management Systems (ISMSs). Additional guidance is provided in DOE G 414.1-1,
IMPLEMENTATION GUIDE FOR USE WITH INDEPENDENT AND MANAGEMENT
ASSESSMENT REQUIREMENTS OF 10 CFR PART 830.120 AND DOE 5700.6C, QUALITY
ASSURANCE.

The Feedback and Improvement Safety Function is directly dependent on the effectiveness of
assessments. To effectively accomplish the objectives of an assessment program, the assessment
process needs to do more than develop a list of deficiencies. The process must produce a robust,
rigorous, and credible assessment that is acceptable to the Department of Energy (DOE) and the
contractor. The results can be used with confidence to accomplish the following:

Identify areas that do not meet the requirements. These departures from requirements are
generally called "deficiencies" or "findings." Coincident with identifying problems, specific
strengths and successes may be discovered that may be worthy of identification.

Prioritize those problems identified using a prioritization system based upon each problem's
importance in the execution of ISMS policies. Such priority classification can be assigned by the
assessor or the manager responsible for the expenditure of resources and program execution in
the work area assessed or by both.

Correct problems and follow up to help ensure that the problems assessed and prioritized for
correction have in fact been corrected, and that the correction has been effective enough to result
in sustained, long-term improvement for generic problems. Deficiencies or potential problem
areas (e.g., from "lessons learned") would generally result in a "watch list" of items for follow-up
assessments.

A key component of the assessment process is an effective tracking and follow-up system. Additional
information on assessment and corrective actions for the Department's independent oversight process is
described in Appendix. G.

Although finding and correcting problems associated with the implementation of an ISMS, as described
in the three steps above, is fundamental to the proper and effective execution of an ISMS in the
organization assessed, a fourth effort is required to help ensure that other organizations learn from the
problems identified and do not repeat them: that is, effective sharing of significant assessment issues and
identified strengths and successes, which can and should be an important mechanism for improving the
effectiveness of ISMS in the DOE complex. Such an effort will enhance safety, save scarce resources,
and improve mission effectiveness.

2. (TYPES OF) ASSESSMENTS

An overarching assessment program must be developed within the framework of DOE Policy P 450.5,
LINE ENVIRONMENT, SAFETY AND HEALTH OVERSIGHT, DOE regulation 10 CFR
830.120, Quality Assurance (for nuclear and radiological facilities or activities) and DOE Order
414.1A, Quality Assurance. This Policy's key element is a rigorous and credible contractor self
assessment program that is linked to the DOE Safety Management System (SMS). Assessments are
linked to, and derive substantial benefit from,

performance measures and performance indicators,
line and independent evaluations,
compliance with applicable requirements,
data collection, analysis, and corrective actions, and
continuous feedback and performance improvement.

The results and conclusions of the contractor's assessments are available to DOE.

There are many different types of, and purposes for, individual assessments conducted within DOE and
contractor organizations. For example, some assess compliance with the law and contract
requirements, while others seek areas for improvement beyond simple compliance. Some assessments
evaluate a product or service while others evaluate the organizations management system and its ability
to yield the desired products and services.

Some assessments are required by DOE and external regulations. Others are required by DOE
directives as implemented at a site or facility through contracts. Many of the documents listed in
Appendix B to Volume 2 of this Guide, "Resources for Complying with the SMS Policies, the FRAM,
and the DEAR," describe assessment requirements, and some describe specific assessment processes.

Examples of these referenced requirements and descriptions include DOE O 225.1A, ACCIDENT
INVESTIGATIONS, and DOE O 232.1A, OCCURRENCE REPORTING AND PROCESSING
OF OPERATIONS INFORMATION, which describe specific types of assessments that focus
generally on a specific event. DOE O 425.1A, STARTUP AND RESTART OF NUCLEAR
FACILITIES, describes the much broader assessment processes involved in operational readiness
reviews (ORRs) and readiness assessments required to evaluate the readiness of DOE nuclear facilities
to conduct initial startup or to restart after specific types of shutdowns. DOE G 414.1-1,
IMPLEMENTATION GUIDE FOR USE WITH THE INDEPENDENT AND MANAGEMENT
ASSESSMENT REQUIREMENTS OF 10 CFR 830.120 AND DOE 5700.6C, QUALITY
ASSURANCE, provide guidance in assessing work and quality management systems.

Other types of assessments include

assessments conducted by the Office of the Deputy Assistant Secretary, Oversight (EH-2),

assessments associated with the administration of the Price-Anderson Amendments Act,

routine and frequent performance assessments conducted in DOE facilities by Facility
Representatives,

verification (see Appendix E) of effective implementation of the requirements of an ISMS, which
is a specific type of assessment associated with the establishment of an ISMS.

The Management System Verification (MSV) process, which is routinely used by member companies
of the Chemical Manufacturers Association (CMA) in the implementation of responsible care, is
another mature type of assessment that could be used by DOE field offices and contractors for
evaluating the effectiveness of their ISMS programs. The MSV involves a structured panel-to-panel
dialogue process that can be readily adapted to enhance ISMS reviews and assessments. One major
advantage includes participation of a public representative on the reviewer panel. The MSV process
was successfully applied to enhance ISMS verification efforts at Hanford's Plutonium Finishing Plant in
December 1999. Hanford's work modified the MSV process to include a worker participant on the
reviewer panel. Information on the elements of responsible care, including MSV and examples of
excellence, is available through CMA's web site: http://www.cmahq.com/. Also, see the new
handbook DOE-HDBK-1139-2000 Chemical Management. This handbook includes a discussion of
chemical management in the context of a safety management system.

3. PRINCIPLES OF THE ASSESSMENT EFFORT

As stated in DOE P 450.5, the contractor and DOE have the following common principles:

a. Work together to develop environment, safety, and health (ES&H) performance objectives,
measures, and expectations that are tied to Department strategic goals and objectives, as well as
to performance goals and objectives of the SMS elements. Mutual agreement is reached on
expected ES&H performance.

b. Work together to develop contract performance measures and performance indicators that are
linked to the DOE SMS.

c. Work together to develop a high level of performance assurance that results in improved ES&H
performance.

4. ATTRIBUTES OF ASSESSMENTS

The introduction to this appendix briefly discussed the attributes of assessments. Those attributes were
identification of problems/issues, prioritization of issues found with respect to significance, correction of
identified issues, and promulgation of lessons learned from the identified issues/problems at other sites
and facilities when doing so will add value to the complex. This section of Appendix D provides
additional information about these attributes.

4.1 Identification of Problems/Issues

A systematic, organized approach to assessing performance in a facility with respect to integrated safety
is required. An ad hoc approach in assessing performance will, more than likely, not be focused and,
as a result, will be ineffective in evaluating the key aspects of compliance with requirements. Chapter
III of this Guide provides guidance to assist contractors in developing and implementing ISMS.
Chapter III can also assist assessment personnel in determining areas for review. The features
discussed in this section should be considered when planning an assessment.

Those facilities in which the hazards are greatest should be the facilities that are assessed with the
greatest rigor. Likewise, activities that have the greatest impact on increasing or decreasing hazards
should be assessed with greater rigor. However, all facilities should be assessed over some finite
period of time.

Most assessments are scheduled so that those doing the assessments can prepare for the assessment
and those being assessed can arrange the facility's schedule to accommodate the assessment and
minimize the impact on facility work. Because all assessments may affect a facility's ability to do work,
the impact of the assessments should be minimized wherever and whenever possible. For example, it is
more cost effective to observe work when it is in progress than to schedule that work for observation
outside normal operations.

In addition, there is a distinct advantage to conducting some assessments on an unannounced basis. It
is only human nature to want to do well during any evaluation. Consequently, strong efforts to prepare
for an assessment that has been scheduled are not unusual. Conversely, it is probable that there may be
a natural relaxing of performance after an assessment is completed. The possibility of unannounced
assessments will help to minimize the potential for reduced performance, especially if some
unannounced assessments are periodically conducted. The routine day-to-day assessments of
performance by facility managers at any level and by DOE facility representatives similarly need to be
sufficiently random to prevent complacency in a facility. If a manager or facility representative always
does the same thing when he or she spends time in the facility or if those people only conduct their
assessments during the normal work day, Monday through Friday, the workers in the facility may
assume that areas not being assessed or efforts ongoing on back shifts, weekends, or holidays are not
as important to assessors. As a result, workers may tend to emphasize effective safety performance
only in those places and during those times that their management or local DOE personnel emphasize.
Data derived from such observations will be a very valuable input to the assessment process.

Assessors must also be knowledgeable in the areas they assess. They need to understand the
requirements applicable to the areas they are assessing. These assessors also need to have technical
competence in the areas being assessed. Assessors who are not knowledgeable in both the
requirements to be evaluated and how to assess professionally will more than likely be ineffective.
Assessors also need to be trained to the requirements for access to the facilities being assessed to the
maximum extent practical to minimize the need for escorts from the facility. Additionally, training in
areas in which facility personnel are trained, such as Rad Worker II, Criticality Safety, Conduct of
Operations, etc., will prepare the assessor to consider those areas during the evaluation. An assessor
who lacks the training required to perform effectively and professionally will not be credible and the
effort may very well be wasted.

In conducting most assessments, it is essential that the evaluation be based on identified requirements
and not the assessor's expectations. Assessors who have their own agenda, used instead of the
identified requirements, cause a counterproductive diversion of effort. On the other hand, an assessor
who has good ideas for improving the requirements or the methods used for operating a facility should
provide those ideas to the appropriate organization for evaluation. These good ideas should be offered
for what they are, an improvement opportunity. They should not be subject to the same rigorous
approach appropriate for correcting safety deficiencies. Managers assessing their own organization
have more freedom to base their evaluation on criteria that may be more subjective and outside of the
established requirements in order to identify improvement opportunities.

It is not unusual during an assessment to identify individual departures from requirements that may be
inappropriate to formally report and track to closure. The facility manager and assessor should have an
understanding how these findings will be handled. For example, a single fire door is found blocked
open and unable to perform its safety function (it should be closed). The assessor is responsible for
reporting the condition to the facility authorities so that the safety function of the fire door can be
restored promptly. If no other symptoms are found related to fire doors or similar fire safety discipline
issues, it may not be necessary to report this item as a deficiency requiring a formal corrective action
plan. The facility should have a process to record and track correction of minor issues locally. The
assessment report can indicate the finding and the method used by facility management to correct it.
Most facility representatives provide information concerning this type of deficiency to facility
management at the appropriate level. If continued assessment reveals generic problems rather than
isolated individual problems, more formal deficiency identification and correction tracking action would
be appropriate.

4.2 Prioritization of Deficiencies

Once a deficiency has been formally identified as significant enough to be processed for correction, it
should be assigned a priority for attention consistent with its significance. Either the organization doing
the assessment or the one being assessed may assign the priority. If one of these two organizations
disagrees on the priority assigned, a means should be available to resolve this difference.

The priority assigned to the deficiencies identified should be based on the safety significance of the
items. There are many different schemes of assigning priorities to deficiencies. Whatever the scheme, it
should not be too complicated and should help facility management focus on correcting the highest-
priority and most important safety-related issues first. Both the assessors and the facility staff should
understand the scheme used.

The number of priority categories should be sufficient to adequately categorize the comparative
importance of the issues to be corrected and yet not so numerous as to make management impractical.
Schemes observed have ranged from two to eleven priorities. Two categories probably do not give
sufficient definition to prioritize; eleven make management of deficiency correction too complicated.
Dividing priorities into three or four categories based on significance to safety will probably suffice.

4.3 Problem Correction

The combination of managing deficiencies of limited significance on the floor of the facility when they are
found and the more formal process of identifying issues/deficiencies using an effective prioritization
scheme should establish the foundation for managing facility safety in compliance with requirements.
But all of this effort will be of little consequence without an effective way of managing the correction of
the deficiencies, validating that the correction has been completed, and, if the problem is generic, as
some of the significant deficiencies may be, ensuring that the corrective actions taken are realistically
extended to the areas in which they apply and not just to the correction of a specific deficiency. This
diagnostic approach is the hallmark of effective assessment programs.

Many sites and facilities use an "issue management" or "deficiency tracking" scheme to manage the
correction of identified problems, whether those problems are identified by the contractor, DOE locally
or externally, or other assessment/oversight organizations such as EH-2 and the Defense Nuclear
Facilities Safety Board. Normally, these management efforts use a computer tabulation of deficiencies,
which can be sorted by priority as well as by other schemes useful to those responsible for managing
the correction effort. Identification date, correction due date, variance with respect to schedule,
responsible organization (such as "Maintenance"), or safety disciplines such as radiological controls or
electrical safety are examples of other sorting categories that could be used.

At some sites, a computer printout of the issues being tracked is used effectively as a management
review document. At other sites, the computer program in use may be so cumbersome and user
unfriendly that it may not be readily available for use as a management aid at all. At some sites, facility
managers and their staffs use the tracking system daily to monitor the status of the highest-priority
deficiency listing. Whatever the scheme, responsible managers should review the highest-priority
deficiencies most frequently and all deficiencies periodically depending upon priority assigned. This
management technique helps facility management and staff focus on what is needed to correct the
problems identified and helps them to determine what assets are needed to do the job; it also helps
those responsible for the facility to be acutely aware of the safety status of the facility.

Tracking systems should be updated after each review and significant change in status. A user-friendly
system, reviewed and updated at an appropriate frequency, and available to those who need it, can be
an extremely effective management tool. A facility manager who ensures the tracking system is current
and accurate at an appropriate periodicity can make this data available to his staff for their use, to the
management to whom he reports, and to the local DOE management interested in that facility. All
concerned can keep themselves informed of problem resolution status without unduly intruding on the
managers involved with the corrective action.

4.4 Sharing of Significant Assessment Issues

The results of assessments that contain significant issues/problems of general applicability should be
shared with other parts of the organization (i.e., other facilities at the same site) and with other
organizations in the DOE complex to preclude those problems from occurring elsewhere. As
appropriate, the process used to correct the problem should also be shared.

The objective of this sharing effort is to enable other organizations to evaluate their practices to
determine if the same problem or a similar one exists requiring action to prevent safety problems that
could adversely affect the public, the workers, or the environment. Using information developed from
assessments to avoid problems is an effective way to enhance safety and facility mission performance
that will enhance ISMS when used well.

An excellent example of feedback concerning operational issues with respect to DOE nuclear facilities
is the "Operating Experience Weekly Summary" published by the Office of Nuclear and Facility Safety
(NFS). This summary is available in either hard or electronic copy. This document provides
assessment-like information (mostly from the Occurrence Reporting and Processing System reports),
which contains timely, well-written, easily understood descriptions of the problem reported; some
analysis of previous problems that were similar; and descriptions of some actions that were used or
should be used to correct the problem and prevent recurrence. Even though these weekly summaries
use information from nuclear facilities for the most part, the information provided for most of the events
is valuable for evaluating safety performance in non-nuclear as well as nuclear facilities. Review of the
material in these summaries on a weekly basis by those responsible for facility operations, both
Government and contractor, will take but a few minutes, but has the potential to help enhance facility
safety if the lessons learned are effectively applied.

5. OTHER CONSIDERATIONS

Many modern management methods have been tried and are being used to enhance performance in the
work place. Quality circles, process improvement teams, and process action teams are among those
efforts, and when done correctly, can result in improved organizational performance and safety. These
methods, however, are not a substitute for assessments that evaluate the results of the assessed
organization's safety performance. On the other hand, assessment results should be used as a source of
information in the exercise of management techniques aimed at improving performance.

Some approaches for improving safety performance rely on the individual worker being responsible for
assessing their work or their peer's work. These "self-assessments", when done correctly, are a major
contribution to safety assessment programs. There is no question that the work force should participate
in improving safety performance with involvement, for example, in developing new procedures or in
revising others, in enhanced work planning, in ensuring that all hazards are evaluated before performing
work, and in self-checking, etc. Employee-related programs, such as a beneficial suggestion program,
an employee concerns program, or a "hot line" reporting scheme, are appropriate and can enhance
safety. But these alone do not represent a complete assessment program.

Some assessment regimes limit the window of time allotted to assessments. These limits, when applied,
are intended to limit the impact of the assessment effort upon the facility being assessed from a time
perspective and to force those doing the assessment to be organized and ready to perform the
assessment in a reasonable period of time. Today, DOE ORRs are generally completed within 2
weeks. Several years ago, they required a significantly longer period of time. The DOE ORR process
was improved when DOE streamlined the process and required facilities being assessed to be as ready
as possible when the start of the DOE ORR was recommended. In this context, limiting the time
allotted to assessment efforts has been effective. But declaring that other assessment efforts may be
limited to a specific time window may be counterproductive. Obvious examples include self-
assessments conducted by a facility's manager. As a general rule, these managers should spend some
significant portion of their time on a continuing basis evaluating the performance of work in their
facilities.

The purpose of facility management assessment is two-fold:

1. to satisfy the facility managers doing the assessment that work is being done safely and effectively,
in accordance with the requirements and standards that have been prescribed, and

2. to find areas of execution of the prescribed safety requirements and facility mission that are not
being done satisfactorily so that the assessing manager can take action to correct the problems
found and bring the organization back into compliance.

If these managers perform their assessment efforts effectively, assessors from outside the facility will
find little during their assessments. Assessments conducted by external organizations on facilities that
have been effective in managing their own assessment programs will have minimal impact because the
facility staff will be found to be doing their work safely and effectively within the bounds of the specified
requirements.

Based on the discussion in the paragraph above, one might conclude that a well-run facility would not
need external assessments. Ideally, that is so. Probably the better conclusion would be that a facility
found to have an exemplary ISMS would require less external assessment than a facility whose ISMS is
not as strong. Key to DOE P 450.5 is the concept that DOE will first "verify, then trust." The best way
to ascertain that a strongly performing facility stays strong is to assess facility performance. Some
periodic assessment effort is required to ensure ISMS is still effective. The promise of routine
scheduled, or unscheduled, external assessment also has the benefit of helping stimulate the facility to
remain focused on performing its ISMS functions effectively.

Many people who conduct assessments tend to focus on administrative areas or documentation
reviews. Such efforts may be appropriate for many assessments but only if limited to the extent that
they help assess the daily performance of the workforce. Performance-based assessments that
evaluate conformance to safety requirements are the most effective assessment approach. When
weaknesses are uncovered that may be caused by inadequate programs, the administrative programs
can be explored to help determine how much of the problem is programmatic.

6. CONCLUSION

Assessments in support of an ISMS are essential to: validate compliance with requirements;
demonstrate management commitment to safety performance awareness; identify weaknesses requiring
correction; and, improving the safety management system. Unless problems identified during the
assessment are prioritized according to safety significance and corrected, the assessment process will
be ineffective, no matter how well the assessment itself was done. Using lessons learned from the
problems uncovered in assessments of other organizations is a cost-effective way to improve safety
performance in a timely fashion.

Well-run, effective assessment programs have been proven drivers for improving and sustaining
performance by providing managers and workers with meaningful information on actual conditions.
DOE P 450.4 establishes the Core Safety Functions, which are discussed in Chapter II of this Guide.
Assessments are a cornerstone of the ISMS core function to "Provide Feedback and Continuous
Improvement. Assessments are an integral part of an ISMS. Assessing performance of an
organization in execution of each of the five Core Safety Functions and Principles can be accomplished
to improve environment, safety, health and quality. APPENDIX E

ISMS EVALUATION GUIDANCE

1. BACKGROUND

Department of Energy (DOE) Headquarters direction for performing Integrated Safety Management
System (ISMS) evaluations for the 10 priority defense nuclear facilities was first established by an
Under Secretary Memorandum on February 21, 1997. This appendix describes a protocol for the
review and approval of documented safety management system descriptions associated with defense
nuclear facilities. This protocol has been used in the first six ISMS evaluations conducted across the
complex. This appendix provides an overview of some of the more significant lessons learned as the
process has become more mature throughout the complex.

Conducting an ISMS evaluation is a significant event and thorough planning efforts are required to
achieve success. Sites and facilities have found that they must devote significant management attention
to preparing for and conducting these evaluations. Line managers, the majority of safety management
personnel, and facility operations, maintenance, and health and safety support personnel are involved in
preparing for and/or supporting the review. ISMS evaluations significantly affect the normal routine.
Support and involvement of senior line managers in the review are essential to success.

1.1 Role of the Approval Authority

The process of evaluating ISMS programs is described as verification or as the assurance that ISMS is
implemented. DOE M 411.1, MANUAL OF SAFETY MANAGEMENT FUNCTIONS,
RESPONSIBILITIES AND AUTHORITIES (LEVEL I FRAM), assigns to the head of the
contracting activity (HCA) responsibilities to approve the safety management system description and
revisions. Responsibilities as HCA are normally assigned to the manager of the cognizant DOE
Operations Office, who is generally known as the approval authority. This terminology will be used in
the following discussions for consistency. To carry out these responsibilities, the approval authority
must decide whether a team review is needed and, if a team is needed, select members of the review
team. The approval authority selects the team leader from a list approved by the Deputy Secretary. In
addition to this guidance, the team leader and the assembled team should use the Draft Integrated
Safety Management System Verification Process, Team Leader's Handbook (DOE SAFT-0065), to
plan for and conduct the ISMS verification.

The approval authority should emphasize to the contractor the importance of having a complete,
defensible ISMS before the verification review is scheduled. Having incomplete or missing
documentation when the team begins its review only delays the process and wastes valuable resources.
Additional details of the role of the approval authority during the verification process are provided in
Appendix 4 of the Team Leader's Handbook.

1.2 Role of the ISMS Verification Team

The strategy for reviewing ISMS documentation and recommending its approval, and the strategy for
evaluating the adequacy of these systems' implementation is to employ a cadre of recognized senior
safety and management professionals to conduct the review. The approval authority should have as a
goal the development of such a cadre to locally support these evaluations.

The ISMS verification team's primary purpose is to review the adequacy of the ISMS and its
implementation in order to provide a recommendation to the approval authority. A secondary purpose
is to evaluate the role of DOE in support of the contractor's ISMS. The ISMS documentation, as
submitted by the contractor, should meet the requirements of DOE policies, the DOE Acquisition
Regulation (DEAR), and the contracting officer's guidance. The review should confirm the capability of
DOE and the contractor to implement all aspects of the ISMS as described in DOE policies, the
DEAR, and the FRAM. DOE's role in the success of the contractor's ISMS implementation is major
and cannot be overstated.

1.3 Concept of the Review

The status of ISMS development and implementation varies across the complex. Each verification
team, as directed by the approval authority, is faced with the challenge of establishing a tailored process
to determine the adequacy of the documented ISMS, evaluate the success of the ISMS
implementation, and provide a recommendation to the approval authority. Phase I is a review of the
ISMS documentation as submitted to the approval authority by the contractor. Phase II is a review to
verify that the ISMS has been satisfactorily implemented. To be successful, Phase I should not be
restricted to an administrative review of the ISMS description but should extend to the procedures,
policies, and manuals of practice used to implement safety management. The review should evaluate
how these procedures, policies, and manuals of practice have been implemented at the upper levels of
management and should also include detailed discussions with key management personnel who are
assigned, or will be assigned, safety management responsibilities. The primary goal for the review is to
provide a recommendation to the approval authority as to whether the ISMS documentation should be
approved. To reach that conclusion, the team must develop a complete understanding of the safety
management programs and determine that, when implemented, they will satisfy DOE requirements for
ISMS and will adequately manage the safety aspects of the work and operations.
The form of the ISMS description is flexible and should identify all safety management plans, programs,
and manuals of practice. The identified documents should be available for review. Review of these
documents and determination of their adequacy forms the essence of the Phase I review. In the review
of the ISMS at a site, for example, it is important that the site implementation mechanisms are in place.

The Phase II review, which should be accomplished following review and approval of the ISMS
documentation, is a review of the implementation of that ISMS. This is normally accomplished by
sampling at various facilities and programs to determine that the safety management system outlined in
the ISMS Description(s) is in fact being effectively carried out. At sites or facilities where a mature
ISMS already exists, it may be possible to perform both phases of the review at the same time. It must
be understood that experience to date with combined Phase I/II verifications has shown that they are
difficult to do (see Section 3.4).

The verification team leader, with assistance from the team members, should prepare a detailed review
plan. A key part of preparing the review plan is developing detailed, site-specific criteria review and
approach documents (CRADs). These documents establish the initial scope of the ISMS verification
and provide guidance to the ISMS verification team members. The importance of appropriately
tailoring the CRADs to the management systems and operations of each site cannot be over-
emphasized. The CRADs serve to focus the initial investigation by the review team. If the CRADs are
too general, the review team may waste considerable time by (1) failing to focus on the pertinent ISMS
issues and concerns and (2) duplicating the efforts of other members of the team. However, it should
also be made clear to the reviewers that the review plan may need to be modified as the review
progresses in order to accommodate new information that may have been overlooked in the initial site
visit.

The review plan also serves as the primary means to communicate to the inspected contractor and
DOE office the breadth and scope of the review. Sample CRADs and a completed ISMS Assessment
Form from an example verification are included with this appendix. Further detailed information
concerning these subjects is contained in the Team Leader's Handbook. ISMS descriptions,
verification reports, and other significant information addressing the planning, scheduling, and
accomplishing of ISMS evaluations may be viewed on the ISMS home page (http://tis-
nt.eh.doe.gov/ism).

2. INTEGRATED SAFETY MANAGEMENT CORE EXPECTATIONS

The following core expectations were developed from the requirements of the DOE policies, the
requirements of the DEAR, and the fundamental attributes that support the implementation of ISMS.
These core expectations can serve as the basis for developing the CRADs. The following core
expectations are annotated as being applicable to Phase I and Phase II. Phase I core expectations are
used to evaluate the adequacy of the safety management documentation and the establishment of these
programs at the site/corporate level. Phase II core expectations are used to evaluate the status of
implementation at the facility, activity, or process level.

Note that the core expectations include expectations for the DOE field office. The DOE Policies, the
DEAR, and the FRAM lay out expectations and requirements for DOE. The core expectations related
to DOE are focused on those functions, responsibilities, and authorities that have a clear interface with
the contractor's ISMS.

Sections 2 and 3 of Chapter III, Volume 1, discuss expectations for DOE and contractor ISMS
development and implementation including system descriptions, gap analyses, manuals of practice, and
integrating mechanisms. Such documents and descriptions can provide a focus to the investigation and
are important to the development of a site-specific review plan.

2.1 Phase I ISMS Core Expectations

Nine core expectations are recommended for conducting the Phase I review. To be fully effective, the
Phase I review should evaluate whether safety management programs and institutional processes have
been implemented at the site/corporate level. The specific core expectations, which are italicized, are
followed by a brief discussion that amplifies its meaning.

1. The ISMS documentation is consistent with DOE P 450.4, the DEAR, and the guidance
provided to the contractor by the approval authority. The contractor's policies and
procedures ensure that the ISMS is updated, maintained, and implemented and that the
implementing mechanisms are sufficient to result in integrated safety management. This core
expectation establishes the basis for acceptance of the ISMS description and serves to emphasize
that DOE ISMS policy, DEAR requirements, and DOE's guidance to the contractor are the
criteria being used for the evaluation. This core expectation may be viewed as a summary of the
verification and, as such, forms the primary basis of the recommendation of acceptability of the
ISMS to the approval authority.

2. DOE and the contractor effectively translate mission into work, set expectations, provide
for integration, and prioritize and allocate resources. This core expectation supports the
functions and principles of Define the Scope of Work and Balanced Priorities. DOE and the
contractor should identify activities necessary to accomplish the assigned mission safely. The
contractor should develop DOE-approved proposals into discrete work activities with manpower
loadings and schedules. The contractor's ISMS should establish processes for establishing
performance objectives that include DOE budget execution guidance and direction and that
incorporate the principles of performance-based contracting. The ISMS should delineate how
the environment, safety, and health functions are integrated into work planning and execution and
should ensure that resources are effectively allocated to address safety, programmatic, and
operational considerations. It is important to review the DOE and contractor budget and
planning processes to determine that there is an integrated approach between DOE and the
contractor to meet these criteria.

3. An ISMS should include methods for identifying, analyzing, and categorizing hazards. This
core expectation supports the function of Analyze Hazards. The ISMS should identify how
hazard analyses are performed at each organizational level from the work defined in the sitewide
mission, to the processes at an individual facility (as in a Safety Analysis Report), to the individual
operational or maintenance activity that is contemplated within a facility (as in a job task analysis
or job hazard analysis). The hazards analyzed should include nuclear as well as chemical and
common industrial hazards. The analysis should be balanced to the complexity and significance of
the risk. Both contractor and DOE processes to review and approve hazards analyses should be
evaluated.

4. The ISMS should include methods for establishing and maintaining an agreed-upon set of
safety standards before work is performed. This core expectation supports the functions and
principles of Develop/Implement Hazard Controls, Identify Safety Standards and Requirements,
and Hazards Controls Tailored to Work Being Performed. Standards and requirements for the
safe accomplishment of work consistent with the DEAR and a process for establishing
administrative controls, safety controls, safety programs, and other conditions on the work should
be established. The ISMS should include processes the contractors and subcontractors will use
to implement controls. The ISMS should delineate the means by which the controls are
established at each organizational level from the work defined in the sitewide mission (as
established by DOE-approved processes; e.g., S/RIDS, Work Smart Standards, etc.) to the
processes at an individual facility (as in Technical/Operational Safety Requirements) to the
individual operational or maintenance activity that is contemplated within a facility (as in controls
established by job hazard analyses and work control procedures). The methods should ensure
that the controls remain in effect so long as the hazard is present. The process whereby DOE and
the contractor agree to, maintain, and revise the standard set should be reviewed.

5. Contractor policies, procedures, and documents are established and are adequate for the
work or process to be performed safely. This core expectation supports the functions and
principles of Perform Work and Operations Authorization. Procedures and programs should be
adequate to ensure work is performed within controls that have been developed and
implemented. Controls may include site or facility commitments, such as conduct of operations
programs, worker safety programs, specified engineered safety systems, or specific controls in
worker safety permits. The ISMS should establish a process to ensure that the facility or process
and the operational work force are adequate for the work or processes to be performed safely
and that safety requirements are integrated into work performance. A process should be
established to gain authorization to conduct operations. Provisions should be included to grant
operations and authorizations for each level of efforts at the site, facility, activity, or process. The
ISMS should include a process to identify performance measures, including safety system
performance measures for the work. Procedures to maintain the Operations Authorization
current should be described.

6. The ISMS should be continuously improved through an assessment and feedback process
which should be established at each level of work and at every stage in the work process.
This core expectation supports the function of Feedback and Improvement. The ISMS should
be subject to continuous improvement through an assessment and feedback process. At each
level of work and at every stage in the work process, the feedback and continuous improvement
programs should be functioning. Feedback information on the adequacy of controls is gathered,
opportunities for improving the execution and planning of the work are identified and
implemented, line and independent oversight is conducted, and if necessary, regulatory
enforcement actions occur. The role of DOE in reviewing the contractor's work quality,
assessing the adequacy of safety controls, conducting oversight, and enforcement should be
included as a part of this criterion. The ISMS should describe a process to implement safety
performance objectives and performance measures and should delineate the means to be used to
measure system performance. See Volume II, Appendix D, for a further discussion.

7. The ISMS should establish that at every level of control, line management must be
responsible for safety. Clear and unambiguous roles and responsibilities should be defined
and maintained at all levels within the organization. This core expectation supports the
principles of Line Management Responsibility for Safety and Clear Roles and Responsibilities.
All aspects of work identification, planning, and execution must be under the control and
responsibility of line management. Support organizations such as ES&H or Human Resources
must have clearly defined roles and responsibilities in support of line management, that ensure
work is performed safely, within the clearly defined principle that line management is responsible
for safety.

8. The ISMS should ensure that personnel are competent commensurate with their
responsibility for safety. This core expectation supports the principle of Competence
Commensurate with Responsibility. The ISMS should ensure that personnel possess the
experience, knowledge, skills, and abilities necessary to discharge their responsibilities. Support
and line personnel workers as well as managers should have core competencies. Actual
competence as well as the programs to define expectations, provide training, and evaluate
whether expectations are met, should be addressed. The process for determining the required
competence should consider the roles and responsibilities of each position and the knowledge and
the performance of the incumbents.

9. The DOE approval authority should have a set of processes that interface efficiently and
effectively with the contractor organization. DOE processes must include elements of the
other core expectations as they apply to the responsibilities of DOE to translate missions into
work, set expectations, and allocate resources as well as approve, control, and authorize
operations. DOE's safety management responsibilities should be met as described in the FRAM.
The correlation between the Headquarters FRAM and the site FRA should be evaluated.

2.2 Phase II Core Expectations

The following eight core expectations should be considered during a Phase II assessment of ISMS
implementation following approval of the ISMS description. This assumes that the approval authority
has formally approved the ISMS description or has approved it with comments. This acknowledges
that contractor-integrated safety management programs are satisfactory at the corporate or site level.
Any comments that affect the adequacy of the safety management programs should be resolved and
incorporated before the Phase II review occurs. Specific core expectations are italicized and a brief
discussion follows each core expectation statement to amplify its meaning.

1. An integrated process has been established and is utilized to identify and prioritize specific
mission discrete tasks, mission process operations, modifications and work items. The
above should be translated into discrete tasks that personnel can understand and control.
Specific tasks, operations, or work items should be identified and prioritized through a process
that integrates responsible organizations if multiple organizations are involved.

2. The full spectrum of hazards associated with the work or task has been identified,
analyzed, and categorized. Those individuals responsible for the analysis of the
environmental, health and safety, and worker protection hazards are integrated with those
personnel assigned to analyze the processes. Formal approval of the analyses should be
evident and workers should be aware of the consequences of dealing with the hazards. The
analyses should be a comprehensive review of all hazards and a process should be established to
integrate all spectrums of hazards (e.g., from the consequences of analyses developed by a SAR
to the consequences of worker protection concerns). Personnel responsible for the analysis of
environment, safety, and health effects should be effectively integrated into the contractor's line
organization and work closely with those individuals responsible for the analysis of the processes.

3. An integrated process has been established and is utilized to develop controls which
mitigate the identified hazards present within a facility or activity. The set of controls
ensure adequate protection of the public, worker, and the environment and are established
as agreed upon by DOE. These mechanisms provide integration which merge together at
the workplace. Safety requirements are identified and are effectively adapted within a process
that integrates the diverse activities and hazards present within the facility or activity. The set of
requirements must be comprehensive and should ensure adequate protection of the public,
worker, and the environment.

4. An integrated process has been established and is utilized to effectively plan, authorize and
execute the identified work for the facility or activity. Both workers and management
demonstrate a commitment to ISMS. Personnel assigned responsibility for completing work
are instructed on the hazards and the engineered and administrative controls that will be used to
control them. Management has established and is committed to processes that effectively
integrate resources including ES&H professionals to control all hazardous activities. Appropriate
mechanisms are in place to authorize the performance of the work, including a process that
confirms readiness to perform the work before it is started. The established safety culture
promotes a good understanding and support for ISMS.

5. An integrated process has been established and is utilized which ensures that mechanisms
are in place to ensure continuous improvements are implemented through an assessment
and feedback process, which functions at each level of work and at every stage in the work
process. Safety performance is routinely measured by line managers and is periodically validated
by independent assessment techniques. Recommended improvements are appropriately
evaluated and are implemented when proven to be needed to enhance safety.

6. Clear and unambiguous roles and responsibilities are defined and maintained at all levels
within the facility or activity. Facility or activity line managers are responsible and
accountable for safety. Facility or activity personnel are competent commensurate with
their responsibility for safety. There is a good understanding of the flow of responsibilities from
the facility manager to the floor level workers and operators. A well defined statement for the
responsibility and accountability for safety exists and is understood. Workers/operators are
qualified to perform their duties and perform them safely. Managers are involved in establishing
the details of the training programs and participate in them as appropriate.

7. DOE ISMS procedures and mechanisms should ensure that work is formally and
appropriately authorized and performed safely. DOE line managers should be involved in
the review of safety issues and concerns and should have an active role in authorizing and
approving work and operations. The appropriate level of DOE managers should be involved in
the review of safety issues and concerns and should have an active role in authorizing and
approving operations.

8. DOE ISMS procedures and mechanisms ensure that hazards are analyzed, controls are
developed, and that feedback and improvement programs are in place and effective. DOE
line managers are using these processes effectively, consistent with FRAM and FRA
requirements. DOE line managers have implemented all interface processes identified in the
Phase I review and are using these processes effectively.

3. CONDUCT OF THE REVIEW

The quality of the ISMS evaluation is determined by a variety of factors. The team selected must have
the required expertise or must be trained accordingly. Team member activities must be carefully
planned and coordinated so that the full scope of the review is accomplished. The review sequence
must be planned to efficiently accomplish the review within the prescribed time period. Should the
approval authority direct a combined Phase I and II review, the review must be carefully planned to
ensure that the objectives of both phases are adequately evaluated. In some cases, normally
established site performance evaluation processes can be used to conduct ISMS reviews.

3.1 Team Selection

Selection of the proper team is a key element in conducting a successful ISMS verification. The
following team member experience has been considered to be beneficial:

expertise in a functional area;
site experience (especially familiarity and understanding of site programs);
assessment experience (assessments/audits/ORRs/RAs);
ISMS training (knowledge of ISMS Policy, Guide, and Team Leader's Handbook); and
familiarity with DOE FRAMs.

Additional details on the important attributes of the team members are provided in Sections 5.5.2 and
6.3.2.2 of the Team Leader's Handbook.

Dedication and continuity of the team in the review process are essential. It is useful to have one team
member assigned to each objective or common objective set. This simplifies the report-writing
responsibilities and ensures ownership for the report product. When the review phases are separate, it
is beneficial for the Phase I reviewer to continue as a Phase II reviewer. The Phase I review prepares
the reviewer to do a thorough and competent Phase II review. Consideration of the size of the team is
an important decision. Too large a team makes coordination difficult. From the perspective of recent
site ISMS reviews, a team of 15-18 was determined to be required for the Phase I review. A Phase II
review of one of the facilities at this site required a team of 7-8. The complexity of the site/facility and
hazards involved should be instrumental factors in determining team size.

3.2 Team Assignments

To most efficiently conduct the review, it is useful to delineate related safety management and support
programs in discrete groups called "functional areas." By establishing these groupings, personnel can
be assigned team responsibilities in designated review areas for which they have the required expertise.
Functional areas used in past reviews have been synthesized in the ISMS Team Leader's Handbook
into distinct Phase I and Phase II areas that can be further synthesized for combined Phase I/ Phase II
verifications. These include the following:

Phase I
Business, Budget, and Contracts (BBC),
Hazards Identification and Standards
Selection (HAZ),
Management (MG),
DOE. Phase II
Operations and Implementation (OPI),
Subject Matter Experts (SMEs),
Hazards Identification and Standards
Selection (HAZ),
Management (MG),
DOE.
Within Phase II it has been necessary to include SMEs to ensure that specific safety management
functions are effectively addressed. SMEs to be considered may include experts in the following
disciplines:

Criticality Safety,
Fire Protection,
Industrial Hygiene and Safety,
Radiation Protection,
Security,
Training and Qualification,
Maintenance and Work Control,
Quality Assurance,
Configuration Management, and
Environmental Compliance (including pollution prevention/waste minimization).

The specific SMEs to be used should reflect the level of risk, complexity of the operation, and past
performance. For example, if recent operational readiness reviews (ORRs) or site evaluation
processes have indicated that a programmatic functional area such as radiation protection is rigorously
established, it may not be necessary to review this program in great depth during the ISMS verification.
This type of tailoring should be used in preparing the ISMS verification review plan. Evaluation of
maintenance and work control is recommended in every instance.

3.3 Review Sequence

The sequence for conducting the review should be carefully considered. The following is a typical
chronology of a 4-week review sequence used for a Phase I ISMS verification at a major DOE site. A
Phase II verification sequence would be similar, but generally could be accomplished in fewer days on
site.

An initial site visit by the team leader is conducted well before the start of the review to meet site
personnel responsible for ISMS and discuss the conduct of the review.

A 3-day site visit prior to the review is used to train the team, explain the verification
methodology, and develop the CRADs to be used for the review. The pre-visit provides an
opportunity for the team to meet management personnel responsible for developing the ISMS
description.

The review commences with a 1-week period allotted for contractor and DOE management
briefings to the team. The goal is to allow the contractor to fully explain the status of ISMS.
Following these presentations, the team develops a list of personnel to be interviewed and
records requested for review. The briefings are considered essential for the team to enable them
to fully understand the safety management programs. The quality of the briefings is important.
The contractor's expertise in providing the necessary information, with the correct amount of
detail, is important to ensure the team has enough information to enable them to efficiently
conduct the review. If conducted correctly, these briefings provide instant feedback about the
strengths and weaknesses of the ISMS mechanisms. Guidance from the team leader to the
contractor and DOE on the content and format of the briefings is a key factor in the success of
this effort. It is necessary for the contractor to assign a point of contact for coordinating all
aspects of the ISMS review with the ISMS review team.

A 1-week period is allotted for the actual review. This review occurs 2 weeks following the
contractor briefings. The report is written the following week before the team departs the site.

The process of obtaining the contractor information by receiving the detailed briefings discussed above
can be achieved in a variety of ways. Some success has been experienced with eliminating the site pre-
visit. Instead, appropriate documentation was sent electronically or mailed to team members and
teleconferencing was used for initial team coordination. This approach is viable, but becomes less so as
the scope and complexity of the review increases. Experience with this technique has shown that
eliminating the pre-visit should only be considered with an experienced team. The ISMS description,
verification review plan, and supporting documentation should be available to the team members
approximately 2 months before the verification. This will permit ample time for the team to study the
documentation, ask questions, and receive answers and clarification. It has also been found necessary
to hold at least two teleconference calls before arriving at the site.

3.4 Combined Phase I and II Reviews

The approval authority may elect to direct a combined Phase I and Phase II review at sites or facilities
with a mature ISMS effectively in place. While this appears to be a timely way to accomplish the
verification, a combined review can be complicated and difficult to coordinate. Combined reviews
conducted to date have shown that it is important to carefully factor into the decision the size and
complexities of hazards and the maturity of the existing safety management system. If it is still
considered proper to combine the two phases into one review, the following comments should be
carefully considered:

The review of the ISMS description and the review of manuals of practice must be carefully
coordinated with the review of the implementation of the ISMS mechanisms. The natural
tendency is to concentrate too much on the Phase II portion of the review to the detriment of
evaluating Phase I issues and concerns. The CRADs for a combined review should be carefully
developed to ensure the review approaches are clearly described.

The verification team should be well experienced. It is beneficial to assemble a team that has had
some experience in conducting both phases of ISMS verifications.

The verification team should have ample opportunity to review the ISMS description, verification
plan, and supporting documentation well ahead of the scheduled verification. Ample time should
be provided to allow the team to study the documentation, ask questions, and receive answers
and clarification of their issues and concerns prior to starting the review.

The combination of Phase I and Phase II reviews has recently been attempted at a number of sites.
Separating Phase I issues and concerns from Phase II issues and concerns in the report documentation
is challenging. One technique that appears to have merit is to split the team along functional area
assignments. In this instance the Phase I team consisted of the management team; business, budget,
and contracts team; and the hazard team. The Phase II team consisted of the Operations and
Implementation team, including the subject matter experts.

A careful review of CRADs developed in the ISMS Team Leader's Handbook is recommended prior
to finalizing a verification approach.

3.5 The Use of Routine Evaluations for ISMS Reviews

At sites where formal performance evaluation teams are functioning, it is appropriate to include ISMS
verifications in conjunction with normal performance evaluations. For example, one site has chosen to
conduct facility ISMS Phase II verifications in conjunction with the normally occurring facility evaluation
process. To assist the performance evaluation team in determining if the evaluation was effective,
personnel experienced in conducting ISMS reviews observed a recent facility evaluation, including an
ISMS Phase II review.

4. EXAMPLE CRADS

The following CRAD is provided as an example used to conduct a Phase I review for the business,
budget, and contracts team during a recent verification. A full set of sample CRADs is provided in
Appendixes 2 and 3 of the ISMS Verification Team Leader's Handbook. EXAMPLE
CRITERIA AND REVIEW APPROACH DOCUMENT
FOR ISMS VERIFICATION AT OAK RIDGE Y-12 PLANT

BUSINESS, BUDGET, AND CONTRACTS (BBC)

OBJECTIVE:

BBC.1 Department of Energy (DOE) and contractor procedures ensure that missions are translated into
work, expectations are set, tasks are identified and prioritized, and resources are allocated.

Criteria:

DOE procedures translate programmatic missions reflected in strategic plans, binding commitments,
and other requirements into work expectations and priorities that are authorized and communicated
to the contractor.

Contractor procedures translate work expectations received from DOE into tasks that permit
identification of resource requirements, relative prioritization, and performance measures.

DOE and contractor procedures provide for DOE approval of the contractor's proposed tasks and
prioritization of the mission expectations transmitted to the contractor, and for feedback and
continuous improvement.

DOE and contractor procedures provide for change control of the approved task identification,
prioritization, and funding.

DOE has incorporated DOE Acquisition Regulation (DEAR) 970.5223-1 "Integration of
Environment, Safety and Health into Work Planning and Execution" into their contract and contract
procedures, which provide for flowdown of the DEAR requirements into subcontracts involving
complex or hazardous work.

Site procedures ensure that translation of mission into tasks flows from DOE to the Management
and Operating Contractor (M&O) to the subcontractors, to the individual facility, process, or work
task as appropriate.

Tasks at the facility level are funded in accordance with the specified procedures. Funding of
safety is integrated with funding of the tasks.

Approach:

Record Review:

Defense Programs Strategic Plan, the Directive Work Schedule and other site agreements
and action commitments. Review AC-500, Task-Based Management System; ESS-MS-131,
Integrated Resource Management System; ESS-FE-101, Cost Estimating; PC-164PD
Services Subcontract Safety and Health Management; and Y10-202 Integrated Safety
Management Program. Review procedures for control and integration of weapons program
task and funding with DOE Headquarters infrastructure and program funding. Review
contractor Work Authorization Directives, as well as the procedures for their development.
Review DOE-YSO and/or DOE-ORO procedures for identification of mission requirements,
resources allocations, and approval of contractor Task-Based Management System (TBMS).
Review Lockheed Martin Energy Systems (LMES) and DOE change control procedures.
Review LMES procedures for work authorization and control in compliance with the DOE
approved TBMS. Review LMES and DOE procedures requiring safety requirements
flowdown into subcontracts. Review tasks funded and the funding process for individual
facilities.

Review YSO and ORO procedures that define the process and expectations for translation of
mission and commitment requirements into tasks and direction for contractor action. Review
processes for review, approval, and change control of the TBMS or other binding budget
documents.

Select mission tasks from the Defense Programs Strategic Plan and the Directive Work
Schedule and track the tasks through the process to evaluate how the above criteria are met.
Review past year planning for current year authorized work as well as future year planning.
Select several current year authorizations and track change control from DOE (Albuquerque
and Headquarters) to the LMES and to the affected Y-12 Plant facility. Select several
LMES subcontracts and review for appropriate flowdown clauses.

Interviews: Interview DOE personnel responsible for managing the budget process. Interview line
managers responsible for Headquarters as well as Albuquerque Weapons Program directed mission
accomplishment. Interview LMES managers responsible for the budget process, including
members of the Executive Steering Group. Interview line managers at each level from the LMES
vice president to the facility manager to determine understanding and implementation of the defined
process for translation of mission into work authorization. Interview ES&H professionals and line
managers at each level to determine how safety is incorporated into the budget plans and
authorization. Interview DOE and LMES procurement personnel regarding subcontract flowdown
requirements.

Observations: If possible, observe an Executive Steering Group meeting and actual budgetary
discussions (including meetings involving the development of the FY99 or FY00 TBMS) within and
between LMES and DOE to observe the practical application and results of the procedures.

5. EXAMPLE EVALUATION

The following completed ISMS Assessment Form from a recently completed ISMS verification is
provided as an example in documenting the results of a Phase I review for the Management subteam
during a recent verification. EXAMPLE
ISMS ASSESSMENT FORM
FOR ISMS VERIFICATION AT OAK RIDGE Y-12 PLANT

Management

FUNCTIONAL AREA: MG
OBJECTIVE: 2
DATE: August 12, 1998

OBJECTIVE: Feedback information on the effectiveness of the ISMS is gathered, opportunities for
improvement are identified and implemented, line and independent oversight is conducted, and, if
necessary, regulatory enforcement actions occur.

Criteria:

Contractor ISMS procedures describe clear roles and responsibilities to provide feedback and
continuous improvement including line management responsibility for safety.

Contractor ISMS procedures require line and independent oversight or assessment activities at all
levels. Oversight and assessment activities verify that work is performed within agreed upon
controls.

Contractor ISMS procedures ensure oversight or assessment results are managed to ensure lessons
are learned and applied throughout the site; that issues are identified and managed to resolution; that
fundamental causes are determined and effective corrective action plans are developed and
implemented.

Contractor ISMS procedures ensure that performance measures or indicators and performance
objectives are developed in coordination with DOE as required. Further, contractor ISMS
procedures require effective management and use of performance measures and objectives.

Contractor ISMS procedures provide for regulatory compliance and enforcement as required by
rules, laws, and permits such as PAAA, NEPA, RCRA, CERCLA, FFCA, etc.

Approach:

Record Review: Review Y/DN-317, Y60-028, QA-312, QA-331, QA-901, QA-911, and the
Conduct of Operations Manuals to determine the procedures, processes and requirements which
meet this objective. Assessments include regulatory compliance in accordance with laws, rules, and
permits.

Review the results and schedules of self assessments and independent assessments at each
organizational level. Review procedures for scheduling and tracking routine assessments. Review
procedures for analysis of the results of assessments and the results of those analyses.

Review selected assessment results. Review results and actions resulting from resumption
readiness reviews and from assessments in response to Defense Nuclear Facilities Safety Board
Recommendation 94-4. Track issues identified during the assessments to completion. Assess the
effectiveness of the assessment and feedback process to achieve process improvement.

Review the issues management program for adequacy, effectiveness, and support for process
improvement.

Review the performance measures or indicators and performance objectives. Review the process
for development of the indicators including how the development and change is coordinated with
DOE.

Interviews: Interview managers down to facility levels to determine the adequacy and
effectiveness of the assessment activities. Interviews should include all aspects of this objective.
Interview Contractor Assessment personnel to determine the adequacy and effectiveness of the
Site Integrated Oversight Program, as well as other compliance or independent assessment
programs at any level of management.

Observation: If possible, observe senior management assessment or self-assessment activities,
including documentation and post activity briefing of results. Observe a critique or management
review including development of lessons learned and root causes.

Record Review:

QA-312, Issues Management Program, Rev. 1
QA-331, Lessons Learned Program, Rev. 0
QA-901, Independent Assessments, Rev. 1
QA-911, Management Assessment, Rev. 0
ESS-MS-131, Integrated Resource Management Systems
Y60-028, Y-12 Plant Management Assessment, 9/20/96
Y/DN-317, Assessment Program Description for Y-12, Rev. 1
Standing Order SO-EUO-98-015, Enriched Uranium Operations (EUO) Management
Assessment Program, 6/30/98
CY-1998 Performance Plan for Disassembly and Storage Organization
Disassembly and Storage Organization Facility Tour Reports PRW-1, PRW-2, PRW-3,
PRW-98-4, PRW-98-5, PRW-98-6, 6/98, 7/98, JER-98-002, JER-98-004, JER-98-003, JER-
98-001, 98-5, PRW-98-7
Depleted Uranium Operations (DUO) Integrated Management Assessments (CY98)
Annual Management Assessment Schedules for LMES
Y10-202, Integrated Safety Management Program, 6/23/98
Y15-635PD, Energy Systems Integrated Safety Management System, 6/30/98
Standing Order SO-EUO-98-014, Enriched Uranium Operations (EUO) Energy Systems
Action Management System (ESAMS) Closure Process, 5/22/98
Y60-183, Surveillance, 11/11/98
QA-904, Surveillance, Rev. 1
CY-1998 Performance Plans for management and staff within DUO and Disassembly and
Storage Operations (DSO)
Numerous e-mails on lessons learned and required responses
Minutes from the Issues Management Prioritization and Risk Board
Charter for the Y-12 Issues Management Prioritization and Risk Board, Rev 2, June 1997
Chapter 6 of the Nuclear Operations Conduct of Operations Manual
Select DUO Management Review Reports, June - August, 1998

Interviews Conducted:

Facility Safety Manager, Nuclear Safety Organization
Manager, Product Certification
Lessons Learned Coordinator, Enriched Uranium Operations
Manager, EUO Administrative Support
Operations Manager, Building 9204-4
Manager, Quality Services
Y-12 Plant Lessons Learned Program Manager
Operations Manager, Disassembly and Storage Operations
Issues Manager, Depleted Uranium Operations
Shift Technical Advisor, Lithium Processing
Restart Issues Manager, Enriched Uranium Operations
Issues Manager, Disassembly and Storage Operations
Y-12 Plant Assessments Program Manager
Y-12 Plant Issues Manager
Lessons Learned Data Programmer
Manager, Nuclear Operations
Deputy Manager, Nuclear Operations
Manager, Environmental Compliance

Observations:

Monthly Y-12 Plant Issues Management Meeting
Monthly Central Safety, Health, and Environmental Affairs Committee

Discussion of Results:

Record Review: The ISMS program description (Y15-635PD) and numerous procedures were
reviewed to determine whether roles and responsibilities were clearly defined regarding feedback
and continuous improvement. There is an adequate flow down of ISMS philosophy (regarding the
need for feedback and continuous improvement) from Y15-635PD to the implementing procedures.
Procedures Y60-028, Y-12 Plant Management Assessment, and QA-312, Issues Management
require line management to establish and implement an assessment program of their operations.
Procedure QA-901, Independent Assessments defines the roles and responsibilities for those
LMES organizations that perform independent assessments. Procedure QA-331, Lessons
Learned, requires the identification and dissemination of operating experiences that may be
applicable to other line management organizations. Throughout all these documents, line
management is clearly identified as being responsible for safety.

However, a plethora of assessment procedures exist within LMES, which may lead to confusion
regarding reporting requirements and individual assessment responsibilities. For example, there are
two management assessment procedures (QA-911 and Y60-028), as well as two surveillance
procedures (QA-904 and Y60-183). The level of documentation and record retention requirements
varies based on the procedure used to conduct the assessment. These redundant procedures are a
carryover from when LMES managed five plants in the Oak Ridge complex and had a central
organization as well as plant-specific organizations with corresponding procedures. However, this
organization no longer exists and LMES solely manages the Y-12 Plant. LMES management
recognizes this problem and plans to review, consolidate, delete, or upgrade procedures as
appropriate. The prompt completion of this consolidation effort is sorely needed (MG2-3).

Annual assessment schedules have been prepared for all management, direct report organizations
reporting to the Vice President of Defense Programs. These schedules contain information such as
the assessment type, the subject of the assessment, functional area, scheduled date, completion
date, and who performed the assessment. This is commendable; however, there is a significant
disparity in the level of assessment activity within the different Y-12 Plant organizations. For
example, both DSO and DUO have developed and implemented a fairly extensive management
assessment program. Organizations such as General Manufacturing and Environmental Compliance
have a limited assessment program. Based on a review of the annual assessment schedules, the
General Manufacturing Organization has only scheduled two assessments for FY 1998. Likewise,
the Environmental Compliance Organization has performed limited self-assessments during FY
1998 (MG2-4).

There is also a disparity in the breadth of line management assessment activity within an
organization. Even though DSO has a fairly well-developed and implemented management
assessment program, management assessments have not been consistently performed by line
managers within all levels of DSO. For example, numerous line managers within Building 9204-2E
have not scheduled or performed management assessments of their operations. Management
within all levels of an organization should assess their operations for improvement opportunities.

Independent assessments have also been scheduled and performed. An integrated independent
assessment schedule was reviewed as well as assessment results. The Quality Services
organization primarily carries out the independent assessment program. This program is developed
and functioning.

Regarding issues management, the governing procedure is QA-312, Issues Management. Per the
procedure, an issue is broadly defined to include "problems, deficiencies, findings, concerns, alerts,
recommendations, observations, and other conditions requiring evaluation for corrective action."
Likewise, QA-312 addresses tracking, the need for root cause analysis, and the level of independent
verification needed to close an issue.

Although QA-312 does provide a framework for managing issues, it lacks clarity and consistency in
a number of areas. For example, issues are managed differently if identified by an internal rather
than an external source. (External sources include LMES independent assessments.) QA-312
states that the procedure does not apply to "Divisional management assessments." This has been
interpreted by some to include management assessments performed in accordance with Y60-028.
QA-312 requires that issues be ranked in accordance with the risk matrix found in ESS-MS-131,
Integrated Resource Management System. QA-312 also requires formal root cause analysis and
independent verification of closure for issues identified as "significant." However, during
interviews with line management personnel, risk ranking, root cause analysis, and independent
verification of closure is only required for issues identified by external organizations. Consequently,
many issues identified during internal management assessments (i.e., Y60-028) are not always
analyzed with the same degree of rigor (MG2-5).

The tracking of issues also varies based on whether the issue was identified by an internal or
external organization. Issues identified externally are clearly tracked through the Energy Systems
Action Management System (ESAMs). Procedure QA-312, in conjunction with ESS-MS-131,
provides requirements on managing the ESAMs tracking system. However, issues identified
internally within an organization are tracked in a variety of ways. For example, within DUO, issues
identified during DUO management assessments are tracked by a unique DUO tracking system
(not connected with ESAMs). Issues identified during DSO management assessments are tracked
in ESAMs as "management commitments." EUO also tracks management assessment issues as
management commitments in ESAMs.

QA-312 and ESS-MS-131 are silent on how issues (entered into ESAMs as management
commitments) are managed. More specifically, the degree of root cause analysis, prioritization, and
verification are not defined for ESAMs issues identified as management commitments. The
potential exists to place "significant" issues into ESAMs as management commitments and preclude
a thorough analysis of risk, root cause, and independent verification. In fact, a recent DOE
operational readiness review (ORR) identified this as an issue within EUO. In short, the ORR
found that the closure of EUO management commitments in ESAMs were often incomplete. As a
result, Standing Order SO-EUO-98-014 was implemented to address this concern. This standing
order requires the use of an OSB to review management commitments for significance and possible
root cause analysis. In this case, the OSB may serve as a substitute for the Issues Management
Prioritization and Risk Board (IMPRB).

Lastly, QA-312 is silent on the use and function of the IMPRB. This board is chartered with risk
prioritization of issues identified by external organizations. Although a charter exists and meeting
minutes have been drafted, nowhere is the function of the IMPRB described in any LMES program
or procedural documentation.

The use of performance indicators was also evaluated. Performance indicators are used at various
levels of the LMES organization. For example, at the upper management level, DOE has
incorporated performance measures in the LMES-DOE contract. At the other end of the
spectrum, DSO has incorporated performance measures within the performance plans of key
management personnel. These indicators include both production and safety goals. In addition,
performance indicators are used extensively in the environmental protection area. Permit
noncompliances, the number of spills, and regulatory inspection results are tracked and reported.

Interviews: Numerous interviews were held with a variety of personnel to evaluate their
understanding of the Y-12 Plant feedback and assessment process. Key personnel such as the Y-
12 Plant issues manager, assessment manager, lessons learned coordinators, and line managers
were interviewed. In general, personnel were aware of the importance of a thorough and well-
developed feedback and assessment program.

Those involved in the lessons learned program were knowledgeable of their roles and
responsibilities. The lessons learned program is web based and basically available to all LMES and
DOE Oak Ridge personnel. The lessons learned program appears to be well managed and a
helpful aid in sharing operational information with line managers. The LMES Lessons Learned
Program Manager was proactive in disseminating lessons learned information regarding the recent
fatality at the Idaho National Engineering and Environmental Laboratory (INEEL) due to the
inadvertent activation of the carbon dioxide fire suppression system.

However, there were varied interpretations on how issues should be managed. Once again, a key
factor in how rigorously an issue was managed depends on whether the issue was identified by an
internal or external organization. Clearly, issues identified by an external organization (e.g., DOE,
State or Federal regulators, the LMES Quality Services Organization) are managed, analyzed, and
tracked differently than issues identified internally through management assessments. The issue
coordinators for DUO and DSO clearly confirmed this. Issues identified during management
assessments are not risk ranked per ESS-MS-131, root cause analysis is not performed, and
independent verification is not required. Management assessment issues are tracked as
"management commitments" in ESAMs.

Two noteworthy practices regarding issues management were the use of management reviews by
the Nuclear Operations Organization and the Y-12 Plant Year 2000 (Y2K) initiative.

Management reviews are performed for those events that do not require formal notification under
the DOE occurrence reporting system. Management reviews are described in Chapter 6 of the
Nuclear Operations Conduct of Operations Manual. Chapter 6 provides for compensatory
measures, root cause determination, and lessons learned. DUO and DSO have performed
numerous management reviews within the past 3 months. This is a commendable practice, which
may be beneficial throughout the LMES organization (MG2-1).

The Y-12 Plant is actively working on the Y2K problem. A project team, led by the Y-12 Plant
Site Management Services Manager, is collecting and correlating the initial inputs from the facilities
and buildings. Business systems as well as process systems are included in this initiative. The Y-
12 Plant is developing the action plan to verify the survey results and address the problems. The
plan will include additional testing to identify the problems and to validate the solutions. It is
anticipated that the ESG will be briefed concerning the project within the next month. This effort
has not been directly funded. A funding request for the corrective actions is being developed in
parallel with the action plan (MG2-2).

Observations: The Y-12 Plant monthly issues management meeting was attended to observe the
interaction between LMES management on issues management. Several performance indicators
were reviewed that addressed areas such as percent of overdue issues, the number of rejected
corrective action plans, and the timeliness of occurrence reports. A detailed status report on the 30
key issues at the Y-12 Plant was also provided. In addition, the August Central Safety, Health, and
Environmental Affairs meeting was observed. The meeting was well attended by personnel
throughout the LMES organization. Performance indicators, an ISMS case study, and the recent
fatality at INEEL were discussed. Overall, the meeting was productive.

Conclusion: LMES has a documented and implemented assessment program that provides
feedback on performance. LMES uses line management assessments, surveillances, and
independent assessments to measure performance. However, issues management has several
programmatic and implementation weaknesses that need attention.

Issues:

Strengths:

The use of management reviews by Nuclear Operations is noteworthy. (MG2-1)

The Y-12 Plant Y2K issue is being actively managed. (MG2-2)

Concerns:

There are numerous redundant assessment procedures that may lead to confusion regarding
reporting requirements and assessor responsibilities. (MG2-3)

Assessments are not uniformly implemented within all LMES line management organizations.
(MG2-4)

The issues management program lacks clarity and consistency in a number of areas. This
includes the lack of management attention in the up-front screening of identified issues for
severity (regardless of whether the issue was identified by an internal or external
organization), how issues entered into ESAMs as "management commitments" are managed
(i.e., prioritization, root cause analysis, independent verification), and a description of the role
and function of the Issues Management Prioritization Risk Board. (MG2-5)

Inspector:

Team Leader:

This page intentionally left blank. APPENDIX F

EXAMPLES OF TOPICS ADDRESSED IN ISMS
DESCRIPTION DOCUMENTS

Clause 970.5223-1(c) of the Department of Energy Acquisition Regulations (DEAR) requires the
contractor to manage and perform work in accordance with a documented Safety Management
System. In most instances Department of Energy (DOE) contractors have documented safety
management systems in place. The issue that remains is whether these documented systems fulfill all the
conditions in the DEAR. Some contractors have found it advantageous to create a new document and
incorporate it into their Integrated Safety Management Systems (ISMSs). The function of this new
document, which in some cases has been called an ISMS description, is to provide information
concerning how the documentation (policies, procedures, manuals of practice, etc.), is used to fulfill all
the DEAR requirements. As discussed in Chapter III, there may be a need to revise or provide
documentation in addition to an ISMS description document if "gaps" are identified, but a description
document appears to be needed in most cases.

Based on experience to date, the ISMS description document provides a road map to the all the other
system documentation and also describes roles and responsibilities of the organization in using the
documents. This appendix provides several illustrations from description documents that have been
reviewed as part of the ISMS reviews at the Savannah River Site (SRS) and at the Y-12 Plant.

1. EXAMPLE FROM SRS

This example illustrates implementation of appropriate hazard controls at various organizational levels.
The ISMS should provide a method to implement the controls identified at every level of work and
hazard. The methods should ensure that the controls remain in effect so long as the hazard is present.
The ISMS should briefly describe a method for translating/transmitting formal control documentation to
the working-level ("floor level") procedures used by workers (see Chapter II, Section 4.3). An ISMS
should include processes the contractor and subcontractors will use to implement the controls.
Figure F.1 illustrates the applicability of various procedures and documentation that Westinghouse uses
to implement necessary controls at the Savannah River Site. Table F.1 provides the list of titles for the
Westinghouse documents in Figure F.1.

Table F.1. Westinghouse/Savannah River SMS Documents

WSRC No.
Title

1-01
Management Policy Manual

4B
Training and Qualification Manual

5B
HR Policies, Practices, and Procedures

8B
Compliance Assurance Manual

9B
Site Item Reportability and Issue Management

7E
Configuration Management

1Q
Quality Assurance Manual

2Q
Fire Protection Program

3Q
Environmental Compliance Manual

4Q
Industrial Hygiene Manual

5Q
Radiological Control Manual

6Q
Emergency Management Program Procedure Manual

8Q
Employee Safety Manual

11Q
Facility Safety Document Manual

12Q
Assessment Manual

14Q
Material Control and Accountability

18Q
Safe Electrical Practices and Procedures

19Q
Transportation Safety

20Q
Health and Safety for Hazardous Waste Operations

1S
SRS Waste Acceptance Criteria Manual

2S
Conduct of Operations Manual

1Y
Conduct of Maintenance Manual

E7
Conduct of Engineering and Technical Support Procedure Manual

SCD-3
Criticality Safety Manual

IM-90-135
SRS Process Safety Management Manual

2. EXAMPLE FROM THE Y-12 PLANT

This example illustrates an approach to describing the structure of the ISMS in terms of the policies,
procedures, and manuals of practice. Figure F.2 provides a top-level summary of the key ISMS
implementing documents for site-, facility-, and activity-level processes. This is an alternative way of
exhibiting the role of existing safety manuals of practice to that of the five-by-seven matrix discussed in
Chapter III. The description of Figure F.2 from the Y-12 Plant ISM System Description is as follows:

2.1 ISMS Infrastructure: An Overview

Figure F.2 illustrates the ISMS infrastructure, showing the key programs that flow requirements from
the site to the facility and task levels.

The overall ISMS program at Y-12 is described in procedure Y10-202, Integrated Safety
Management Program. At the site level, the ISMS begins with the documents that describe the scope
of work to be accomplished. DOE defines the site-level scope of work on an annual basis. Priorities
are established between DOE Headquarters, local DOE, and the contractor. Production schedules
and commitments are formalized in the Management and Operating Contract as Work Authorization
Directives. Budgets are developed using estimates generated by the operations line organizations that
include the necessary environment, safety, and health (ES&H) resources required to execute the work
safely and to maintain the infrastructure of the facilities. This budgeting and contract administration
process is defined in draft procedure Y32-100, Y-12 Plant Budget and Contract Administration.
Appendix B to that procedure includes a detailed description of the business planning, budgeting, and
contract administration processes, along with flow charts that summarize the activities involved in
planning and budgeting.

The Executive Steering Group (ESG) provides Y-12 Plant policy and strategic planning support,
oversight, and direction of the ISMS policies and practices. The ESG is led by the Vice President for
Defense Programs responsible for the execution of the business planning and budgeting processes,
including the prioritization of tasks and resources in support of the business planning and budget
processes. The ESG works with DOE to establish the Contractual Work Authorization Directives,
performance metrics, incentive fee criteria, and performance milestones for each budget execution year.

Requirements flow down to the facility level for planning, scheduling, and work execution. At the
facility level, the Operations Manager is the line manager responsible to his or her organization and
senior line managers for all work conducted in the facility, for the maintenance of the facility safety
envelope, and for the protection of the workers, the public, and the environment. The Operations
Manager is supported by the Operational Safety Board (OSB), which was established in each nuclear
facility in accordance with procedure Y10-202, Integrated Safety Management Program. The OSB
is the staff of technical, ES&H, and other support organization personnel who are formally assigned to
assist the Operations Manager in the evaluation, analysis,

planning, and oversight of activities in the facility. Core production capabilities and processes are
authorized for each nuclear facility through a formal set of documentation that is verified by readiness
assessments or operational readiness reviews. These authorized production activities in the facility are
documented in the approved basis for interim operation or safety analysis report (SAR) and
implemented through the facility's operational safety requirements (OSRs) or technical safety
specifications. These documents, along with applicable environmental permits, form the safety envelope
of the facility and are codified in the facility's authorization agreement with DOE.

The Operations Manager is responsible at the task level to ensure all activities in the facility are
authorized within the safety envelope prior to execution. For the most part, annual production
requirements use existing processes and capabilities. However, each new production requirement is
evaluated against the approved authorization basis (AB) in accordance with procedure Y10-190, New
Activity Startup Requirements. The Y10-190 process ensures

(1) the work can be performed within the approved AB [if necessary the AB is updated to support
the requirements via procedure Y70-809, Unreviewed Safety Question Determination
(USQD)];

(2) task-level hazards are identified and analyzed using procedures Y10-012, Hazard
Identification Planning for Maintenance and New Work Tasks and Y70-043, Job Hazard
Analysis;

(3) controls are integrated and implemented prior to startup; and

(4) procedures are written, training is conducted, and the appropriate level of restart requirement is
executed in accordance with procedure Y10-190, New Activity Startup Requirements.

Occasionally, production requirements introduce a new capability that is not included in the approved
AB (for example, a new type of laser cutting technology) or a change to existing facility structures,
systems, and components (SSCs) is necessary. These result in process development, engineering,
design, installation, and testing before the new process or facility modification is analyzed, incorporated
into the facility's AB, and accepted by Operations. Any change to the facility, regardless of whether it
is a modification to an existing SSC or a new process startup, undergoes the same programmatic life
cycle, which is governed by formal engineering procedures. This life cycle incorporates reviews and
inputs from production subject matter experts and appropriate ES&H support personnel to ensure
safety controls are designed into the final product.

Changes to existing SSCs are initiated through procedure Y10-012, Hazard Identification Planning
for Maintenance and New Work Tasks, which in turn invokes procedure Y10-187, Change Control
Process. From within the change control process, the detailed scope of work is transmitted to the
Central Engineering organization using procedures EP-B-03, Engineering Service Order, and EP-
DC3-01, Design Criteria. These procedures, in turn, invoke the appropriate engineering procedures
for

defining the requirements (EP-E-05, System Requirements Document),

identifying hazards (EP-DC3-05, Design Checklists),

performing design (EP-C-20, Design Analysis and Calculations; EP-C-02, Squad Checks
for Design Drawings),

analyzing hazards and ensuring appropriate controls are built into the design (EP-E-07, Safety
Review and Documentation; EP-E-19, Criticality Safety; EP-C-17, Design Verification),
and

obtaining approval of the design by the customer (EP-DC2-04, Design Process Interface for
Minor Modifications; EP-DC2-05, Design Process Interface for Minor Construction
Modifications).

Once the design is completed and approved, depending on whether it is a construction installation or a
maintenance installation, the hazards associated with the installation and testing are identified and
analyzed and appropriate controls are implemented. If the design is a construction installation,
procedures EP-CC3-04, Construction Safety and Health Work Requirements, EP-CC3-04-01,
Safety and Health Work Requirements and Checklist, and EP-CC3-04-02, Field Activity
Exceptional Hazard Assessment Checklist, are used to identify, analyze, and control the hazards
associated with the installation. If the design is a maintenance installation, procedure Y10-012 is again
invoked to identify the hazards associated with the installation activities. Procedure Y70-043, Job
Hazard Analysis, is then used to analyze the hazards so that controls can be identified and implemented
using procedure Y10-35-008, Maintenance Planner's Guide.
If the activity is a new process under the control of procedure Y10-190, a project team is initiated
using procedure EG-A-06, Project Team Organization and Responsibilities. The scope of work is
transmitted to the design organization using procedures EP-DC3-01 and EP-E-05. Design is
generated and hazards are identified and analyzed using procedures EP-C-20, EP-C-02, EP-E-07,
EP-E-19, and EP-C-17. Since most new design is installed by the construction organization, EP-CC3-
04, EP-CC3-04-01, and EP-CC3-04-02 are used to identify, analyze, and control the hazards
associated with the installation. Acceptance of the design and installation is accomplished using
procedure EP-E-20, Operational Readiness Process, and turnover and operation by the customer
follows the guidance in Y10-190.

The other major component of work at the facility and task levels is maintenance work. The scope of
the work is defined and the hazards are identified using procedure Y10-012, Hazard Identification
Planning for Maintenance and New Work Tasks. Execution of this procedure determines the level
of planning required for the task, based on the hazards identified as well as the function of the
equipment to be serviced. Maintenance work packages are prepared in accordance with
Y10-35-008, Maintenance Planners Guide, and approved by the responsible line manager. The
Operations Manager (assisted by the OSB) is responsible for ensuring that maintenance work is
properly planned; controls are integrated and implemented to protect the workers, the public, and the
environment; and work is authorized and executed within the approved safety envelope.

Work is authorized and scheduled to be performed by means of the facility "plan of the day." Work is
executed in the nuclear facilities in accordance with the Nuclear Operations Conduct of Operations
Manual.

Improvements in the assessment and feedback programs have focused in the near-term on the
management self-assessment program (MSA) and on the use of management critiques and reviews.
The MSA program is being restructured with an emphasis on performing operational assessments using
operations line managers, increasing organization and senior managers' time in the facility, and
improving the follow-up and corrective actions when issues are identified.

2.2 Details of the ISMS Structure

The Y-12 Plant ISMS description addresses the next level of detail by organizing the applicable ISMS
mechanisms (policies, procedures, processes, and manuals of practice) as they relate to ISMS core
functions. Specifically, the site-level mechanisms are listed in Table F.2 and the facility- and activity-
level mechanisms are listed in Table F.3. Although the approach of identifying applicable mechanisms
for each core function and for each organizational level leads to some duplication, the approach
provides a useful structure that can be related directly to the requirements of the DEAR.
Table F.2. Site-Level ISM Mechanisms

Define Scope
* Y10-36-001, LMES Budgeting and Cost Control
* Directive Work Schedule and Defense Programs Strategic Plan
* DOE Orders
* Incentive Fee Criteria, Assessment Metrics, and Schedule Commitments
* LMES Management and Operating Contract
* Y-12 Plant Standards/Requirements Identification Document
* AL56XB, Rev. 1
* AC-500, Task-Based Management System
* EP-E-01, Systems Engineering
* ESS-CM-101, Configuration Management
* ESS-CS-101, Nuclear Criticality Safety Program Elements
* ESS-EM-101, Emergency Management Program Administration
* ESS-SP-101, Environmental Protection Program
* FS-103PD, Safety Documentation
* OP-101, Conduct of Operations Program Procedure
* RP-113, Radiation Protection Program
* Y72-001, Environmental, Safety, and Health Activities
* SH-152PD, Occupational Safety and Health Program
* Y73-171PD, Construction Safety and Health Management Program
* Y/AD-635, Y-12 Plant Integrated Safety Management System
* Y/RA-3191
* Y10-202, Integrated Safety Management Program
* Y70-100, Y-12 Plant Radiological Control Program
* EP401099/B, Product Realization Process
* TBP-000, Program Management
* TBP-PRP, Product Realization Process

Identify/Analyze
Hazards

* ES/CSET-2, Hazard Identification and Facility Classification Application Guide
* ESS-CS-101, Nuclear Criticality Safety Program Elements
* ESS-CS-102, Nuclear Criticality Safety Approval
* ESS-EM-103, Environmental Hazard and Consequence Analysis
* FP-105PD, Fire Protection Program
* FS-103PD, Safety Documentation
* PC-164PD, Service Contract Safety and Health Program
* Y73-171PD, Construction Safety and Health Management Program
* Y70-134, Y-12 Plant ALARA Program for Rad Protection
* Y70-150, Nuclear Criticality Safety Program
* TBP-900, Nuclear Explosive and Weapon Safety

Develop/Implement
Controls

* EP-E-01, Systems Engineering
* EP-E-02, Engineering Configuration Management Program
* ESS-CM-101, Configuration Management
* ESS-CS-101, Nuclear Criticality Safety Program Elements
* FP-105PD, Fire Protection Program
* FS-103PD, Safety Documentation
* Y/DQ-61, Rad Con Manual
* Environmental Permits

Table F-3. Facility- and Activity-Level ISM Mechanisms

Define Scope
* Authorization Agreements
* BIOs and SARs
* EP-E-05, System Requirements Documents
* EP-E-19, Criticality Safety
* Y10-012, Hazard Identification Planning for Maintenance and New Work Tasks
* Y10-103, Writer's Guide for Y-12 Plant Technical Procedures
* Y10-190, New Activity Startup Requirements

Identify/Analyze
Hazards

* BIOs and SARs
* CM-43, Functional Classification of SSCs
* DOE Order 3011
* DOE Order 6430.1A
* Environmental Permits
* Process Hazards Analyses (PHAs)
* Criticality Safety Evaluations (CSEs)
* EP-DC3-12, Equivalency Evaluation Process
* EP-E-07, Safety Review and Documentation
* ESS-CS-103, Criticality Safety Calculations
* Y/DQ-61, Rad Con Manual
* Y10-012, Hazard Identification Planning for Maintenance and New Work Tasks
* Y70-043, Job Hazard Analysis
* Y10-103, Writer's Guide for Y-12 Plant Technical Procedures
* Y10-190, New Activity Startup Requirements
* Y10-198, AB Update Preparation, Review, Approval, and Issuance
* Y70-150, Nuclear Criticality Safety Program
* Y70-160, Criticality Safety Approval System
* Y70-809, Unreviewed Safety Questions
* Y75-122, Rad Worker Permits
* Y10-187, Integrated Safety and Change Control Process

Develop/Implement
Controls
* Facility BIOs or FSARs
* Facility OSRs or TSRs
* Job Permits
* Surveillance and Test Procedures
* EP-DC3-05, Design Checklists
* EP-E-20, Operational Readiness Process
* Y73-107, Lockout/Tagout
* Y10-027, Plant Conduct of Training Procedure
* Y10-039, Field Calibration Program
* Y10-102, Technical Procedure Process Control
* Y10-103, Writer's Guide for Y-12 Plant Technical Procedures
* Y10-153, Temporary Modification Control
* Y10-187, Integrated Safety and Change Control Process
* Y10-190, New Activity Startup Requirements
* Y10-194, Preventive Maintenance Program
* Y10-35-004, Executing Maintenance Jobs

Table F-3. Facility- and Activity-Level ISM Mechanisms (continued)

Develop/Implement
controls (continued)
* Y10-35-008, Work Planner's Guide
* Y10-35-0204, Executing Post Maintenance Testing
* Y70-809, Unreviewed Safety Questions
* Y75-122, Rad Worker Permits
* Criticality Safety Analyses (CSAs)
* Y70-810, Flowdown of OSR/TSR Requirements

Perform Work
* Job Packages
* Criticality Control Procedures
* Operating Procedures
* Maintenance Procedures
* Nuclear Operations Conduct of Operations Manual
* OSB Charters
* Y10-35-009, Supervisor's Guide
* QA-912, ORRs and RAs
* Y75-122, Rad Worker Permits
* Authorization Agreements

Feedback
* QA-301, Control of Nonconforming Items
* QA-312, Issues Management
* QA-331, Lessons Learned
* QA-551, Stop Work
* QA-901, Independent Assessments
* QA-904, Surveillance
* QA-911, Management Assessments
* QA-912, ORRs and RAs
* RP-113, Radiation Protection Program
* Y60-024, Y-12 Plant Readiness Assessment Program
* Y60-028, Y-12 Plant Management Assessment Program
* Y70-134, Y-12 Plant ALARA Program for Rad Protection

APPENDIX G

FEEDBACK AND IMPROVEMENT MECHANISMS

1. BACKGROUND

Feedback and improvement is a Safety Management Function required by the Department of Energy
Acquisition Regulation (DEAR) 970.5223-1 and by DOE P 450.4, SAFETY MANAGEMENT
SYSTEM POLICY. The feedback and improvement function closes the Integrated Safety
Management System (ISMS) loop by connecting the practical experiences of work to the planning for
future work. This appendix provides supporting details and examples of typical feedback and
improvement mechanisms and discusses how these mechanisms are implemented at the activity, facility,
and institutional levels within the Department of Energy (DOE) and its contractor organizations. The
feedback and improvement function applies to individuals and organizations that perform work;
hardware (safety equipment performance); and software (procedures, policies, instructions). Feedback
and improvement are applied to the site-wide ISMS and to the Federal role in the field and at
Headquarters. Feedback and improvement may also be applied to an individual safety management
function or principle.

Requirements for various elements of feedback and improvement are addressed in DOE M 411.1-1B,
FUNCTIONS, RESPONSIBILITIES, AND AUTHORITIES MANUAL (FRAM); DOE Orders;
and regulations. DOE has mechanisms and activities in place to address each FRAM requirement.
The following sections describe elements of feedback and improvement that are contained in the
FRAM, and the DOE Orders, and that are associated with DOE and contractor activities implemented
at activity, facility, and institutional levels.

2. DESCRIPTION OF FEEDBACK AND IMPROVEMENT MECHANISMS

The following are examples of various feedback and improvement mechanisms typically used within
DOE.

2.1 Government Performance and Results Act and Performance-Based Management

DOE seeks to improve program management and execution and promote the comparison of results
achieved with costs incurred by implementing the Government Performance and Results Act of 1993
(GPRA). The Department responded to GPRA by developing a strategic plan, setting performance
goals, and measuring program performance against these goals. Annual Performance Plans,
Performance Agreements with the President, and Accountability Reporting complete the cycle of
GPRA documents produced by the Department.

The Department considers performance-based management as a strategic management tool to plan for,
manage, and evaluate organizational, employee, and contractor performance; improve the delivery of
products and services; facilitate communications with customers and stakeholders; encourage
employees and contractors to achieve excellence; and guide decision making.

Our approach to performance-based management includes the following actions:

clearly identifying what needs to be accomplished;
determining performance objectives;
delegating authorities to the level closest to that at which the work is to be performed;
deciding what to measure and the appropriate data collection methods;
establishing challenging and realistic performance expectations;
maintaining operational awareness;
collecting performance data;
assessing actual performance against expectations; and
using the results to improve performance.

The Department uses performance-based oversight to improve its processes for overseeing contractor
business management activities. This approach moves away from traditional compliance methodologies
for meeting oversight objectives and instead emphasizes performance measurement, self-assessments,
validation of outcomes, and financial analysis. A similar pilot process has been completed for
Headquarters oversight of field Federal activities. To meet our oversight objectives, each field office is
required to maintain a set of business management performance measures. Current plans include
institutionalizing performance-based oversight of field sites by Headquarters business functions,
coordinating planned on-site reviews of field sites by Headquarters, updating the DOE Order and
related guidelines for performance-based oversight, and continuously improving the process in
conjunction with the Business Management Oversight Process Steering Committee.

2.2 Lessons Learned

Lessons learned programs are an important safety mechanism to communicate the lessons (share
knowledge) from ISMS experience, assessments, and operational occurrences. Sharing experiences
benefits the future work of the organization. Lessons learned are used to identify, communicate, and
record good practices and adverse experiences with implications that may often be broader than
individual corrective actions. This is intended to make management, supervisors, subject matter
experts, and workers aware of experiences that should be replicated or avoided in future work. The
DOE Society for Effective Lessons Learned Sharing (SELLS) is a champion for the generation and
dissemination of lessons learned across DOE. More information about SELLS is available at
http://tis.eh.doe.gov/ll/. Lessons learned programs should search the local organization's data
generation and analysis mechanisms for recurring trends or good practices with broad organizational
implications. Lessons learned programs should also search beyond the local organization for
experiences of other DOE facilities and sites, private industry, and other governmental organizations
involved with similar work, hazards, or technical components. Internal and external experience should
be analyzed for local implications and communicated to relevant local audiences to aid in performance
of future work.

2.2.1 Responsibilities for Lessons Learned Program

Feedback and improvement sections of the FRAM require the Program Secretarial Officer to

implement lessons learned programs,
require contractors to develop lessons learned programs,
oversee the implementation of these lessons learned programs,
participate in DOE-wide sharing of lessons learned, and
ensure that an occurrence reporting system is developed, maintained, and implemented.

DOE STD-7501-95, Change 2, The DOE Corporate Lessons Learned Program, provides guidance
for the development and operation of DOE-wide lessons learned programs. The Standard describes
lessons learned programs for DOE and contractor organizations to facilitate improvement at all
organizational levels and for all work activities within each of the ISMS functions. Robust lessons
learned programs play an important role in continuous improvement and provide a valuable source of
information for confirming the ISMS and preparing the annual ISMS update as required by DEAR
48CFR 970.5223-1 (d) and (e).

2.2.2 Sources of Lessons

Contractors can generate lessons learned data by studying information from the sources in Table G.1.

Table G.1. Sources of Lessons

Internal Sources
External Sources

Process data

Environmental monitoring data

Peer technical/safety monitoring

Management assessments

Independent assessments

Walk-arounds

Supplier quality evaluations

Receipt inspections

Worker experience reports

Occurrence reports

Accident investigation reports

Emergency exercises or drills
DOE line ES&H oversight

DOE independent oversight

DOE Price-Anderson Amendments Act
(PAAA) enforcement

DOE Inspector General

Customers and suppliers

External regulators (OSHA, NRC, EPA,
state/local regulators)

Safety boards (Defense Nuclear Facilities
Safety Board, SEAB)

Professional/technical societies (ASME,
ANS, ASQ, CCPS)

Peer/industry organizations (EFCOG,
GIDEP, INPO, IAEA, SELLS)

Stakeholders and Community Advisory
Boards

2.2.3 Lessons Learned Data Application

Headquarters, field, and contractor elements have flexibility to implement lessons learned in a manner
appropriate for their organizations.

Defense Programs - The Office of Defense Programs has previously prepared and issued
comprehensive a periodic report titled, DP Facilities Semi-Annual Occurrence Summary
Report. This report reviews and highlights all Occurrence Reporting and Processing System
(ORPS) reports screened for Office of Defense Programs (DP) purposes. The report also
summarizes information obtained from the DOE Quality Assurance Working Group, SELLS, and
DP field and contractor lessons learned programs. ORPS is a Department-wide occurrence
reporting system. The DP summary report is typically distributed to the Assistant Secretary for
Defense Programs (DP-1), and to DP line and field managers. DP has produced the Facilities
Semi-Annual Occurrence Summary Report to assist line managers in their safety management
responsibilities.

Additionally, DP developed a Department-wide program called ORBITT that provides easy
access to an engineered database containing all ORPS data and assigned relevant event bins
(11 major bins and 70 sub-bins). Each new ORPS report or addition is sorted into categories and
uploaded into ORBITT on a daily basis. The engineered filter is accomplished daily for each new
ORPS report addition. The Office of Environment, Safety and Health operates and maintains the
ORPS system and supports and manages the binning and uploading of ORBITT data. The
ORBITT Program is available on the Internet at http://twilight.saic.com/orbitt/Login.asp. Access is
limited to Federal and Federal contractor personnel.

DP also uses a number of important sources of feedback and lessons learned. The Government
Industry Data Exchange Program (GIDEP) program is particularly noteworthy. GIDEP is a
program required by a Presidential Executive Order (OMB-91-3), which requires all Federal
agencies to share information of all types, including lessons learned data. GIDEP was recently
expanded to include hundreds of industrial organizations that produce parts, components,
equipment, and systems for Federal agencies. In addition, the Canadian Department of Defense is
now a member of GIDEP. Six DOE program offices [DP; Energy Efficiency and Renewable
Energy (EE); Environmental Management (EM); Nuclear Energy Science and Technology (NE);
Fossil Energy (FE); and Science (SC)] contribute funding and relevant information to GIDEP. The
GIDEP database is also available on the Internet at http://ww.gidep.corona.navy.mil/. Access to
GIDEP is password-protected; however, application for access can begin on-line (see "How to
Join").

Environmental Management Programs - The Office of Environmental Management (EM)
maintains a Lessons Learned Program that is part of the DOE Corporate Lessons Learned
Program. In April 1992, the U.S. General Accounting Office published a report titled, More Can
Be Done to Better Control Environmental Restoration Costs. One of the key
recommendations in this report was that the DOE Office of Environmental Restoration (EM-40)
implement a lessons learned program to avoid repeating mistakes and to share successful work
practices. EM-40 responded by initiating a three-phased process to develop a lessons learned
program, including research and scoping, program development, and implementation. Shortly after
the research and scoping phase was completed, DOE established a process improvement team to
develop a crosscutting DOE-wide Lessons Learned Program. The team was chartered to develop
an infrastructure for effectively sharing lessons learned across the DOE complex.

By working with the Lessons Learned process improvement team, which eventually became
SELLS, EM-40 helped to establish a DOE infrastructure that directly supports an Environmental
Restoration Lessons Learned Program. EM-40 has moved forward with these efforts and has
begun to expand its program to serve the entire Environmental Management complex. As part of
the DOE-wide initiative, the EM Lessons Learned Program aims to improve safety, aid in risk
management, enhance cost effectiveness, and encourage process improvement through
dissemination, analysis, and use of environmental management-related lessons learned information.

The EM Web site is intended to function as a vehicle to promote and accelerate the development
of the EM Lessons Learned Program by

providing a central clearinghouse for all environmental management lessons learned;

providing a customized list server to which field, Headquarters, and contractor personnel may
subscribe;

identifying Headquarters and field points of contact to assist with program coordination,
implementation, or improvement;

establishing links to other DOE Web sites for similar initiatives related to lessons learned or
environmental restoration; and

supplying a quick and easy means of submitting environmental management lessons learned via
an online submittal form.

The EM lessons learned Web site can be accessed at http://www.em.doe.gov/lessons/index.html.

EM also maintains the Benchmarking Clearinghouse, which provides full text for DOE articles
whenever possible, but does not provide full text for industry papers. The abstracts are listed by
title in key word areas, including

Best Practices/World Class,
Business Process Re-Engineering,
Continuous/Quality Improvement,
Cost/Productivity,
DOE Benchmarking,
General Benchmarking,
Implementation,
Measures/Performance,
Planning a Study,
Process Analysis,
Strategic Planning/Management, and
Technology/Transfer.

2.3 Assessments

A common feedback mechanism used for improvement across DOE is assessment. Assessments use a
formal process to evaluate work or organizational performance to determine if requirements, outcomes,
and expectations are being met. Assessments are performed by those people responsible for the work
performance or by individuals independent from responsibility for the work.

2.3.1 Assessment Requirements and Guides

DOE comprehensive assessment program requirements are defined in 10 CFR 830.120, Quality
Assurance; DOE O 414.1A, QUALITY ASSURANCE; and DOE P 450.5, LINE
ENVIRONMENT, SAFETY AND HEALTH OVERSIGHT. DOE also maintains special focus
safety assessment processes for

accident investigations (DOE O 225.1A, ACCIDENT INVESTIGATIONS);

nuclear facility operational readiness (DOE O 425.1, STARTUP AND RESTART OF
NUCLEAR FACILITIES);

emergency management, (DOE O 151.1, COMPREHENSIVE EMERGENCY
MANAGEMENT PROGRAM, and DOE O 470.2A, SECURITY AND EMERGENCY
MANAGEMENT INDEPENDENT OVERSIGHT AND PERFORMANCE ASSURANCE
PROGRAM); and

radiological protection program (10 CFR 835).

External Federal agencies (e.g., Nuclear Regulatory Commission or Environmental Protection Agency)
also impose assessment requirements on DOE for certain regulated activities. These external
requirements are incorporated into the regulated organization's comprehensive assessment program.

DOE developed the following guidance for implementing a comprehensive assessment program that
helps integrate safety management with mission accomplishment, while giving line management
maximum flexibility in program design. This guidance includes references to DOE and national
standards for assessment programs, integration of the other feedback and improvement elements
(e.g., lessons learned and performance indicators), and assessment of specific safety programs and
hazard controls (e.g., conduct of operations).

DOE G 414.4-1, IMPLEMENTATION GUIDE FOR USE WITH INDEPENDENT AND
MANAGEMENT ASSESSMENT REQUIREMENTS OF 10 CFR PART 830.120 AND DOE
5700.6C, QUALITY ASSURANCE.

DOE M 231.1-1, ENVIRONMENT, SAFETY AND HEALTH REPORTING MANUAL.

Appendix D of this Guide.

2.3.2 Assessment Responsibility

Line management is responsible for developing a comprehensive assessment program that addresses
these requirements in a balanced manner and that is consistent with the feedback and improvement
function. DOE and its contractors are required to develop and implement assessment programs. The
QA Order, DOE O 414.1A, requires DOE elements and their contractors to assess their internal
performance and that of their contractors (suppliers) by performing management and independent
assessments. Nuclear facility contractors have regulatory assessment requirements (10 CFR 830.120)
that are identical to those in the QA Order. DOE P 450.5 establishes expectations for coordinating
DOE line management oversight of their contractors. DOE P 450.5 also describes the necessity for
contractors to have robust, rigorous, and credible assessment programs to facilitate DOE line
management oversight. Emergency management programs have additional assessment requirements
described in DOE O 151.1, and DOE O 470.2A.

The Secretary of Energy has the following significant assessment tools that are independent of line
management organizations (e.g., Office of Science).

The Office of Oversight (EH-2) conducts evaluations of DOE and contractor safety management
performance.

The Office of Enforcement and Investigation (EH-10) conducts investigations of contractor nuclear
and radiological safety performance and enforces the DOE Price-Anderson Amendments Act
(PAAA) regulations (10 CFR 830 and 835).

The Office of Independent Oversight and Performance Assurance (OA) conducts evaluations of
DOE and contractor security and emergency management oversight function.

These independent assessment organizations report unfiltered safety performance evaluations to the
Secretary. All three of these independent processes require line management to make a formal
response to any safety issues, track any corrective actions, and resolve the safety issues.

2.3.3 Assessment Results Action Tracking

A key component of the assessment process is an effective tracking and follow-up system. Most
contractors and DOE elements use an electronic database to continuously update a prioritized list of
improvements and corrections and to track their resolution. The tracking and resolution of independent
oversight evaluations performed by EH-2 and OA is required by DOE O 414.1A and described in
Section 4 of this appendix. The Department's electronic tracking system for EH-2 and OA safety
issues, known as the Corrective Action Tracking System (CATS), is available at the following Internet
address: http://tis.eh.doe.gov/portal/ism/cats.htm. PAAA enforcement cases are tracked in the
Noncompliance Tracking System (NTS), as described in The Office of Enforcement and
Investigation Operational Procedures - Identifying, Reporting, and Tracking Nuclear Safety
Noncompliances Under Price-Anderson Amendments Act of 1988. The NTS is available to
registered users at the following Internet address: http://tis.eh.doe.gov/enforce/.

2.4 Safety Performance Measures

The Deputy Secretary's memorandum, "Implementation of Integrated Safety Management
Performance Measures," dated 12-23-99, established performance standards and systems requested
by the Secretary to hold Federal personnel and contractors accountable for effective and timely
implementation of integrated safety management (ISM). These standards and systems fall into three
categories: Federal Personnel Accountability, Implementation Milestone Completion, and Effective
ISM Implementation.

2.4.1 Federal Personnel Accountability

Federal management personnel performance standards include the following ISM performance
language (or equivalent language to meet the intent):

The Federal Manager has taken the necessary initiatives to implement fully the
principles of the Department's Safety Management System Policy in programs for
which the Manager is responsible. This includes the demonstration of an appropriate
emphasis on ensuring the technical competence of the Federal staff associated with
those programs and the conduct of effective oversight of the accomplishment of related
work products and schedules.

This statement provides a standard to which DOE managers are accountable for implementing the
Safety Management System Policy.

2.4.2 DOE-Wide ISM Implementation Progress Reviews

The Department's overall status of the ISM implementation progress is overseen by the Deputy
Secretary using relevant information. The initial four milestones used to measure progress are

completion of Phase I and II ISM verifications,
approval of authorization agreements,
implementation of the line ES&H oversight Policy, DOE P 450.5, and,
program progress and field office declaration of full ISM implementation by September 2000.

In the future, the Deputy will use Departmental leadership groups, such as the Field Management
Council, to review and transition from these finite milestones to other indicators of safety management
progress and performance across the Department. An example of DOE-wide effectiveness includes
performance indicators.

2.4.3 Effectiveness of ISM Implementation DOE-wide

After senior line management declaration of full ISM implementation (scheduled for September, 2000),
a method to monitor safety performance across the Department is needed preserve our gains and
continue to improve the effectiveness of safety management. Achieving a mature set of useful
performance indicators requires significant effort over a long period of time. A mature methodology will
reflect ISM influence on ES&H performance in a manner that resolves any related process issues (e.g.,
uniform applicability, reporting frequency, report format, roles and responsibilities, etc.). The effort to
achieve a mature set will also consider other measures, such as pollution prevention goals and leading
behavioral indicators, with an eye toward piloting promising approaches at DOE facilities.

The initial set of indicators established to monitor DOE-wide safety performance include the following:

total recordable case rate,
occupational safety cost index,
hypothetical radiation dose to the public,
worker radiation dose, and
reportable occurrences of releases to the environment.

The Deputy Secretary will convene a leadership group to annually review the initial set of complexwide
performance indicators to guide safety policy decisions and consider the need for changes to the set of
indicators. Senior management can use the initial set of indicators over time as one input to determine if
DOE safety management policy is having a positive effect on safety. Individual sites and contractors
can use the indicators to compare their ISM performance to DOE's composite performance. In turn,
DOE and its contractors can use the indicators as a starting point for safety assessment. For example,
a contractor may observe significant differences between its worker radiation dose and DOE-wide
performance. This information can be used to develop an assessment of the contributing factors of
exposure (e.g., hazard analysis, barrier design, training, work process compliance, or worker turnover)
in order to identify improvements.

The initial set of indicators are defined as follows:

Total recordable case rate. Work-related death, injury, or illness, that resulted in loss of
consciousness, restriction of work or motion, transfer to another job, or required medical treatment
beyond first aid.

Occupational safety and health cost index. The approximate number of dollars lost (indirect and
direct) per 100 hours worked for all injuries/illnesses. DOE sites use this index to measure progress in
improving worker safety and health.

Hypothetical radiation dose to the public. Estimated collective radiation dose (person-rem) to the
public within 50 miles of DOE facilities due to radionuclide airborne releases. ("Collective radiation
dose" is the sum of the effective dose equivalent to all off-site people within a 50-mile radius of a DOE
facility over a calendar year. This figure is estimated by each site using a mathematical model with data
on airborne radionuclide releases, meteorology, and population distribution.)

Worker radiation dose. Average measurable dose to workers at DOE facilities, calculated by dividing
the collective total effective dose equivalent by the number of individuals with measurable dose.

Reportable occurrences of releases to the environment. Releases of radionuclides, hazardous
substances, or regulated pollutants that are reportable to Federal, State, or local agencies.

2.5 Corrective Actions

Corrective action is an improvement mechanism typically used to document, track, and verify
correction in instances where expectations are not met. Such instances are often referred to as errors,
deficiencies, nonconformances, defects, or other similar terms. Nonconformance to expectations may
be detected in hardware (design, fabrication, equipment performance); in software (procedures,
training, management systems); or in the performance of work tasks. Expectations may be derived
from a variety of sources, including regulations, standards, quality or safety goals, and cost or
production goals. Nonconformances are typically identified through the direct observation of work,
periodic surveillance, and internal and external assessments. DOE and DOE contractor organizations
should have mechanisms in place to document nonconformances, assign and track corrective actions,
and document implementation of corrective actions.

DOE requirements for responding to EH-2 evaluations that identify safety issues are found in the
FRAM, DOE O 225.1A, and DOE O 414.1A. DOE O 470.2A, provides DOE requirements for
responding to emergency management issues identified by the Office of Independent Oversight and
Performance Assurance. Section 4, below, and DOE G 225.1A-1, GUIDE FOR DOE O 225.1
ACCIDENT INVESTIGATIONS, provide guidance on proper implementation of these requirements
and may be used to develop response and corrective action instructions/procedures. A contractor may
also use this guidance to develop procedures to address safety issues identified internally or by
organizations other than EH-2 and OA. Exhibit 1 includes a sample checklist for preparing or
reviewing feedback and improvement processes.

EXHIBIT 1
Sample Checklist for Evaluating Feedback and Improvement Processes

IDENTIFY FEEDBACK

Individuals or groups are responsible for identifying feedback information.
Assessment and other data sources are established to identify feedback issues.
Feedback requiring evaluation is clearly identified and described.
Factual accuracy of feedback is assured.

EVALUATE FEEDBACK

Line management evaluates feedback to identify safety issues and significance, and to
determine causes.
Line management determines actions to address the immediate issue and to prevent
recurrence.
Line management assigns appropriate priorities and defines the schedule for issue
resolution.
Line management approves improvements and corrective action plans, which include a
statement of the corrective actions, associated deliverables, responsible parties for
implementation, and due dates.
Line management shares Lessons Learned for broader application.
The individual or group originally identifying the feedback issues is given an opportunity
to review the improvement and corrective action plans and provide comments for line
disposition.

RESOLVE ISSUES

Line management implements improvements and corrective actions.
Line management tracks and manages the status of improvements and corrective actions
to ensure timely and adequate issue resolution

CLOSE ISSUES

Line management verifies completion.
Feedback issues are closed when improvements and corrective actions effectively resolve
the issues.

OVERALL PROCESS

Requirements and procedures are clearly established.
Roles and responsibilities are clearly established.
A tracking system is established.
Periodic reports to management are provided.

Y___ N____N/A___
Y ___ N ___ N/A ___
Y ___ N ___ N/A ___
Y ___ N ___ N/A ___

Y ___ N ___ N/A ___

Y ___ N ___ N/A ___
Y ___ N ___ N/A ___

Y ___ N ___ N/A ___
Y ___ N ___ N/A ___
Y ___ N ___ N/A ___
Y ___ N ___ N/A ___

Note: This sample checklist is based on the requirements of DOE O 414.1A and DOE M 411.1-1B, SAFETY
MANAGEMENT FUNCTIONS, RESPONSIBILITIES, AND AUTHORITIES MANUAL. The checklist should be
amended to suit local needs and management expectations.

EXHIBIT 1 3. EXAMPLES OF FEEDBACK AND IMPROVEMENT MECHANISMS
IMPLEMENTED AT VARIOUS ORGANIZATIONAL LEVELS

The feedback and improvement mechanisms of lessons learned, assessment, corrective actions, and
performance indicators are tailored for the particular work to be done, the hazards associated with the
work, and the organizational level at which the work is performed. The following sections contain
examples of how these mechanisms are implemented within activity, facility and institutional levels of
DOE and DOE contractors.

3.1 Facility or Task Activities

3.1.1 Work Task Feedback

As work is accomplished, whether by a contractor or by DOE [at a Government-owned, Government-
operated facility (GOGO)], workers identify and report opportunities for improvement, deficiencies, or
conditions adverse to quality. These worker-identified changes surface during post-job briefings or via
"suggestion box" programs. This information is received through a variety of mediums, such as work
requests, nonconformance reports, problem reports, work process improvement suggestions, and
employee concern reports. Work process improvements at this level often require minimal effort to
realize and can be effected in a short time. Typical improvements result from eliminating unnecessary
steps, clarifying critical interfaces with workers from other groups, or changing the sequence of the
process steps. Deficiencies identified at this level may relate to physical conditions, though problems or
potential improvements in procedures may also be identified. Once identified, these issues must be
evaluated, resolved, and closed out, as with any safety issue. The requirement to have systems to
identify and correct problems is contained in the Quality Assurance Rule (10 CFR 830.120) and Order
(DOE O 414.1A). In general, evaluation of issues raised at this level focus on the immediate cause and
on action to correct the immediate issue. However, the evaluation may also lead to actions to prevent
recurrence, site-wide SMS improvements, and lessons learned for broader application.

3.1.2 Facility or Site Feedback Assessment

Facility assessments are conducted to

determine whether the management systems, processes, procedures, and practices support the
facility's ability to perform work safely,
identify opportunities for improvement, and
detect and correct errors.

Assessments of this type tend to focus on "how" the work is being done, versus "what" work needs to
be done. They may be performed by the workers or by personnel independent from the work.
Assessments of this type assess supplier and subcontractor capability to provide acceptable items and
services. Several DOE contractors have established Facility Evaluation Boards (e.g., Westinghouse
Savannah River Corp.) that report to senior management and independently assess the safety
performance at a facility.

Management assessments are performed by the managers to evaluate effectiveness of their
organization. This proactive management tool can result in quick safety improvements because the
managers have authority to make change happen. Management assessments focus on management
issues versus simple compliance. These assessments should question such issues as resources, work
direction, system integration, prioritization, and responsibilities that directly affect the success of the
SMS.

Process improvement teams chartered by senior management can evaluate complex processes that cut
across the organization and also interface with external suppliers and customers. Teams can be formed
as a result of management assessments, internal independent assessments, external oversight reports, or
declining safety performance indicators. Tracking and trending of data from the working-level issue
identification and corrective actions systems are often examined to identify systemic facility or site-wide
issues.

3.2 Site/Contract Activities

3.2.1 DOE Field Office Line Management Oversight

Field office oversight focuses on the performance of individual facilities and on the site as a whole. The
mechanisms typically used to perform this oversight include

operational awareness;
review against established performance measures and performance indicators;
formal reviews and assessments, such as required readiness assessments, operational readiness
reviews, Safety Management System verification reviews, and authorization basis document
reviews;
periodic, value-added performance appraisals; and
for-cause reviews, as necessary.

DOE O 414.1A requires DOE to conduct independent assessments of contractor performance. It also
requires DOE organizations to assess their own work performance and management systems. As
compared to contract management and enforcement, this level of feedback is more direct and timely,
and therefore more useful to the contractor. Line management oversight at the field office level is a
primary means for providing routine feedback on the contractor's performance.

3.2.2 DOE Contract Management and Enforcement

DOE contract management and enforcement are closely related to field office line management
oversight, but focus on the formal contractual relationship between DOE and its contractors. Contract
management and enforcement are used to clarify expectations and to monitor performance to the terms
of the contract. DOE and its contractors reach agreements about mission and safety expectations in
their mutually agreed-upon contracts. Each contract establishes the formal framework for safety and
performance management by means of the safety management clause the laws clause, the list of
applicable rules and Orders, and the conditional payment of fee clause. In response to DOE direction,
the contractor provides its annual plan, including performance objectives, performance measures, and
commitments. DOE reviews and approves the contractor's Safety Management System description
and initial implementation and periodically reviews ongoing implementation through a variety of
feedback mechanisms. DOE performs an annual performance appraisal and provides annual
performance awards where agreed-upon in contracts. DOE may also reduce or eliminate award fees
where safety performance is not acceptable. DOE may chose to replace the contractor in severe cases
of poor safety performance. These methods do not apply to GOGO facilities since there is no
contractor. Performance expectations at GOGO facilities are formally established in job descriptions
and formally evaluated in performance appraisals.

3.2.3 DOE PAAA Enforcement

DOE contractors responsible for nuclear and radiological facilities are subject to the regulatory
requirements of 10 CFR 830 and 835 (PAAA rules). The PAAA enforcement program provides
assurance to Congress and the public that DOE-owned facilities are being operated safely. The 1988
PAAA extended indemnification to DOE operating contractors. At the same time, Congress required
DOE to undertake enforcement actions against those contractors who violate nuclear safety rules.
DOE contractors, and their subcontractors and suppliers as covered by the Act, are subject to civil
penalties for violations of applicable DOE nuclear safety rules. The PAAA enforcement program
provides for discretion in pursuing enforcement actions where contractors demonstrate initiative in
safety management performance, self-identification of deficiencies, self-reporting, and prompt and
comprehensive corrective actions. PAAA enforcement is administered by DOE's Office of
Enforcement and Investigation, which establishes PAAA enforcement policies and procedures,
investigates potential violations, and initiates and resolves enforcement actions, as warranted. In
contrast to contract management/enforcement, PAAA enforcement is performed independently of line
management and provides added assurance to Congress and the public that DOE contractors are
meeting DOE's nuclear safety requirements.

3.3 Headquarters or Corporate Activities

3.3.1 DOE Headquarters Line Management Oversight

DOE Headquarters focuses, from a corporate level, on the performance of individual sites and facilities
and on complexwide programs. The focus of this level is on whether the DOE field elements are
performing work safely. The principal mechanisms used by Headquarters are

monitoring field element and contractor performance through review of existing feedback
information;
participating in field element appraisals, assessments, surveillance, and walk-throughs;
conducting on-site reviews of field element performance, including verification of their
appraisals of the contractors; and
for-cause reviews, as necessary.

DOE O 414.1A requires DOE to conduct independent assessments of contractor performance. It also
requires DOE organizations to assess their work performance and management systems.

3.3.2 DOE Internal Independent Oversight

The Department's Office of Oversight (EH-2), within the Office of Environment, Safety and Health, is
solely responsible for DOE's internal independent environment, safety, and health oversight function.
The Office of Independent Oversight and Performance Assurance (OA) is solely responsible for
DOE's internal independent security and emergency management oversight function. These offices
provide information and analysis needed to ensure that the Secretary, Department, contractor
managers, and the public have an accurate, comprehensive understanding of the effectiveness,
vulnerabilities, and trends of DOE's environment, safety, health, security and emergency management
policies and programs. The independent oversight functions are "independent" of DOE's line program
offices in that they have no responsibility for operations or programs, policy development, or assistance
to line managers. This independent oversight complements line management oversight efforts
conducted in accordance with DOE P 450.5. Benefits of effective independent oversight include
objective, unbiased evaluations from a complexwide perspective; an unbiased source of information on
safety effectiveness to Department senior managers; and increased confidence and credibility with
outside constituents. Major vehicles for internal, independent oversight of environment, safety, and
health include evaluations, special reviews, special studies, and type-A accident investigations.

3.3.3 External Oversight

External oversight is established independently of the Department through Federal and State statutes.
The purpose of these oversight bodies is generally to provide the public and workers with assurance
that they are being properly protected from environmental, safety, and health hazards. In most cases,
such as with the Nuclear Regulatory Commission, the Environmental Protection Agency, or the
Occupational Safety and Health Administration, external oversight applies to DOE as well as to other
Federal and industrial organizations within their jurisdiction. In some cases, Congress has established a
DOE-specific external oversight body, such as the Defense Nuclear Facilities Safety Board (DNFSB).
The DNFSB's mandate is provided by its enabling statute, 42 U.S.C. 2286, which directs the Board
to

review and evaluate the content and implementation of the standards,
investigate events or practices,
review the design and construction of new facilities,
analyze facility design and operational data, and
provide a meaningful opportunity for public participation in the recommendation process.
DOE has formal response, corrective action, resolution, and tracking processes for DNFSB, General
Accounting Office, and Inspector General reports.

4. RESOLUTION OF SAFETY ISSUES IDENTIFIED BY DOE INDEPENDENT
OVERSIGHT OFFICES

DOE requirements for responding to safety issues and judgments of need identified by OA and EH-2
during the conduct of appraisal activities are provided in

the FRAM;
DOE O 225.1A;
DOE O 414.1A; and
DOE O 470.2A

This section of the Guide provides a robust process to address and resolve safety issues identified by
OA and EH-2. However, DOE and its contractors can use a process similar to the one described here
for issues identified by other internal and external means.

Headquarters and field Federal personnel should use this Guide, DOE O 470.2A, and DOE G
225.1A-1 to properly implement the requirements. DOE O 470.2A and DOE O 225.1 contain certain
differences in corrective action plan deliverables and timelines for safety issues relating to emergency
management and accident investigation. However, the process below generally supports these Orders
and should be used after consulting the requirements. This guidance should also be used by each
Headquarters and field organization to develop instructions for implementing the response and
corrective action process.

Throughout this guidance, the term "safety issues" will also apply to "judgments of need," unless
otherwise specified. A safety issue is also considered a quality problem in the context of the DOE QA
Order and rule. The DOE QA Order and rule require line management to resolve all quality problems
regardless of the source or method of identification.

A safety issue defines conditions of concern identified during an EH-2 or OA appraisal that adversely
affect the environment, safety, or health of the site, its workers, the public, and/or the DOE mission.
Safety issues are clearly described in appraisal reports. Safety issues require line management
attention, formal resolution and tracking of corrective actions to eliminate the vulnerability (ies), and
verification of corrective action completion.

Responsibilities - The independent oversight offices are responsible for conducting independent
oversight of DOE and its contractors' performance in accordance with their protocols (available on the
Internet at http://tis.eh.doe.gov/iopa/index.html, and http://tis.eh.doe.gov/oversight/). Line management
is responsible for developing, approving, implementing, completing, verifying closure, and tracking
Corrective Action Plans (CAPs) in response to the safety issues identified by OA and EH-2. The
Office of Information Management, EH-72, maintains the DOE Corrective Action Tracking System
(CATS) Users Guide on the Internet at http://tis.eh.doe.gov/portal/ism/cats.htm. The CATS Users
Guide describes the CATS data fields and terminology, and explains how to enter and search
information. The Office of the Secretary will ultimately resolve disputes arising from CAPs, if
unresolved at a lower organizational level.

The following summary describes the major process steps, requirements, functions, responsibilities, and
authorities defined in DOE O 414.1A, and provides guidelines for their implementation. The
generalized feedback and improvement process is illustrated in Figure 1 and discussed below. Generalized Feedback and Improvement Process Framework
Applied to Safety Issue Resolution

Feedback and improvement is one of the five core safety functions of ISM. Specific feedback and improvement
processes can and do vary based on the specific source and type of feedback information. Regardless of the
specific feedback mechanism, this core safety function is accomplished through the following generalized steps.

Identify Issues. Feedback information is collected from a variety of sources, including management self-
assessments, line management oversight, independent oversight, and external oversight. Assessments, appraisals,
analyses, evaluations, reviews, and other feedback mechanisms provide clear, factually accurate information, issues,
and areas for improvement.

Evaluate Issues. Cognizant line managers evaluate identified issues and determine appropriate corrective actions, if
any, including plans, schedules, and relative priorities compared to other ongoing safety improvements.
Dispositions include cause identification, actions to address the immediate issue, actions to prevent recurrence, and
lessons learned for broader application.

Resolve Issues. Cognizant line managers implement corrective actions to resolve issues as determined by issue
dispositions. Action status is tracked and reported to ensure timely and adequate issue resolution.

Close Issues. Cognizant line managers complete corrective actions and verify completion. This verification should
be performed as an Independent Assessment per DOE O 414.1A, Section 4b(3)(b). Issues are closed by line
management upon determining that the original issue has been effectively resolved by the actions taken.
4.1 Safety Issue Identification

EH-2 conducts independent appraisals of DOE's environment, safety, and health; line management
addresses and resolves safety issues identified by EH-2 and Accident Investigation Boards during the
conduct of these appraisal activities. EH-2 submits its formal appraisal report simultaneously to the
cognizant line manager (CLM) and applicable line cognizant secretarial officer (CSO). When EH-2
appraisals identify safety issues that apply to multiple organizations and/or CSOs, a lead CSO to
monitor and coordinate corrective action feedback and improvement of the safety issues will be
mutually agreed-to or appointed by the Chief Operating Officer (COO). Issuance of the report
establishes "Day 0" for the CAP approval and comment time frames described below. EH-2 then
enters source report and safety issue information into CATS once the report has been issued. CATS
data entry should be made within 5 working days of report issuance. CATS is available on the Internet
at http://tis.eh.doe.gov/portal/ism/cats.htm.

4.2 Corrective Action Plan Development (DISPOSITION)

4.2.1 Evaluate the Safety Issue

A clear understanding and ownership of the safety issues is essential to a successful CAP. The CLM
should coordinate with EH-2 to ensure that the identified safety issues and supporting information in the
report are fully understood. The CSO assigns a CLM with input from field management if it is not
obvious who should prepare the CAP. When necessary, the Secretary, the CSO, or another senior
line manager may direct a response that is broader than the scope of the report.

The CLM will enter the report data and the first six fields [i.e., CLM, Responsible Organization,
Responsible CSO, Approval Due Date (system generated), CAP Status, and CAP Approval Status] of
the CAP data in CATS. The CATS data entry should be made within 5 working days from receipt of
the EH-2 appraisal report.

4.2.2 Prepare the Corrective Action Plan

In consultation with the applicable CSO, the CLM prepares a single written, comprehensive CAP to
address the safety issues raised in the report. The basic requirements for the structure and content of
CAPs are listed in DOE O 414.1A, Attachment 2, Section 3b. Safety issues identified during accident
investigations (termed, "judgments of need") have specific protocols and milestones (per DOE O
225.1A) that vary slightly from this and must be followed.

The CAP must define actions that correct each safety issue (e.g., any clear variance from established
requirements), determine root cause(s) of the safety issue, and prevent recurrence of the safety issue.
The CAP provides a basis for CLM's disposition of the identified safety issues. Corrective actions
should be integrated and prioritized in relation to other significant safety issues present in the facility or
organization. As outlined in paragraph 2.2 of this appendix, CSOs are to implement lessons learned
programs and participate in DOE-wide sharing of lessons learned. This includes lessons learned in
responding to safety issues identified by EH-2 and OA. Once lessons learned are developed for the
safety issues and distributed locally, they are submitted to the DOE Lessons Learned program. A
sample checklist to aid preparation of the CAP is provided in Exhibit 1.

For each safety issue the CAP must address

the safety issue number and description from CATS,
root cause(s) and causal factor(s) of the safety issue,
actions to correct any clear variance from requirements and prevent recurrence, and
lessons learned for broader application.

Each corrective action in response to each of the safety issues in the CAP must

describe the corrective action;

include a single, responsible point of contact who is held accountable for timeliness and
effectiveness of the corrective action;

indicate the date of initiation and status of the corrective action;

indicate the expected completion date for the action;

indicate the action deliverable that will signify action completion (report, new procedure,
calibration report, certification, etc.);

describe a method for tracking the action to closure; and

specify a mechanism for independently verifying action completion and ensuring that the actions
taken will prevent recurrence.

The CLM may determine that no corrective action is warranted for a particular issue. In this case, the
CAP describes line management's rationale and supporting technical analysis that demonstrates how
safety will be adequately maintained. Corrective actions may be taken during the appraisal process or
prior to the report being issued, especially when a significant hazard or imminent risk must be mitigated.

4.3. Corrective Action Plan Approval

4.3.1 Approve the CAP on Schedule

The CLM prepares the CAP on a schedule that supports CSO approval of the CAP within
60 calendar days (30 for accident investigation and emergency management issues) of the issuance of
the appraisal report. The CSO may delegate all CAP approval activities.

The CSO has the ultimate approval authority for CAPs, but may delegate this authority to the CLM or
other designee. Approval authority must be delegated in writing, specifying the scope for which the
delegation is valid. A sample checklist to aid in preparing the CAP is provided in Exhibit 1.

For CAPs that cover multiple sites and/or organizations, the lead CSO will designate one CLM as
overall manager responsible for developing the CAP and entering the CAP and CAP implementation
status data in CATS. Each responsible CLM will forward his/her portion of the CAP to the designated
CLM, who will consolidate the input and submit the CAP to the lead CSO for approval.

If approval cannot be achieved within 60 days, the CLM submits a written request asking the
applicable CSO for an extension. This request should describe the conditions causing the delay and
provide an estimated completion date. The CSO may approve an extension and set a new CAP
approval due date. A copy of the extension request and CSO approval with revised CAP approval
due date will be provided to EH-2 for review and comment.

The CLM must enter the status for overdue approval of the CAP in the CAP Data "CAP Status" block
of CATS. This status should be updated every 30 days until the CAP is approved. Each update
should begin with the date of input by the CLM (i.e., 6-14-01). The update should include
accomplishments since the last entry, conditions causing the delay, and anticipated date for approval.
The CAP status information entered in the "CAP Status" block of CATS will be included in the
Secretary's Quarterly Report from CATS.

Approved CAP data (e.g., CLM, responsible organizations, CAP approval date, attached plan, and
reviewed by EH-2 fields) will be entered in CATS by the CLM.. The data should be entered within
5 working days after CSO approval of the CAP. The CLM should attach a copy of the approved
CAP to the "Report and CAP Data" form in CATS. The CLM will also enter the corrective action
data (i.e., the description, deliverable, planned completion date, responsible manager, status
description, actual completion date, and verification status) in CATS for each safety issue outlined in the
CAP. The Corrective Action Data entries to CATS should be completed for all planned and any
completed actions within 30 calendar days following approval of the CAP.

4.3.2 Obtain Office of Oversight CAP Review

The CAP approving official will forward a copy of the approved CAP to EH-2 for its review. If
disagreements exist between CLM and the CSO disagree on any issues, the CLM should raise these
issues via the dispute resolution process described in DOE O 414.1A, Attachment 2, Paragraph 4.

EH-2 will complete a review of the CAP to determine the adequacy and timeliness of the planned
corrective actions within 30 calendar days of the CAP approval and provide any written comments to
the CLM and CSO. EH-2can then review line management's corrective actions to address all safety
issues raised in the EH-2 appraisal report and provide feedback to line management on any questions
or disagreements concerning the timeliness or adequacy of the CAP. The CLM and CSO must
evaluate the CAP comments and inform EH-2 of their disposition. The response to EH-2 should be in
writing and describe how their comments on recommended changes to the CAP have been addressed.
This review and comment period in no way diminishes the responsibility of the line organization to
analyze and assess the identified safety issues based on their understanding of the activity and
conditions, nor does it conflict with the independent nature of the appraisals conducted by EH-2. If
disagreements between line management and EH-2 concerning the CAP remain, EH-2 may raise these
issues via the dispute resolution process described in DOE O 414.1A, Attachment 2.

4.3.3 Make Revisions to the CAP (if needed)

A written CAP revision must be submitted to the original approval authority if the CLM decides to
make changes to an approved CAP (e.g., in response to Office of Oversight comments, change in
planned corrective action completion date, etc.). A copy of the approved CAP revision will be
forwarded to EH-2 for review and written response within 30 calendar days of approval. The CLM
will enter the changes in CATS within 5 working days of the CAP change approval. Certain data in
CATS cannot be edited once entered and approved in order to protect the integrity of the approved
data. The CATS User's Guide includes a process to notify the ES&H Information Center, EH-72, and
revise approved data. A copy of the CSO approval for the CAP change will be included with the
request.

4.4 Deputy Secretary Notification

The applicable CSO informs the Deputy Secretary that a CAP is approved to address the safety issues
and a briefing can be presented. This supports the Deputy's role as COO with leadership responsibility
for DOE line management's effort to achieve full implementation of ISM and Quality Assurance. The
briefing will include the CLM, Assistant Secretary for ES&H, and EH-2. The briefing should discuss
the purpose and scope of the assessment; the identified safety issues; adverse impact of the safety issue
on the safe conduct of work, the public, or the environment; the planned or completed corrective
actions; and any associated resource or prioritization concerns that might affect prompt resolution of the
safety issue.

4.5 Corrective Action Plan Implementation

4.5.1 Resolving the Safety Issue

The CLM is responsible for timely and effective implementation of the CAP. All persons assigned
responsibility for individual corrective actions implement the CAP as approved or request revisions
through the CLM. The CLM oversees CAP implementation as appropriate.

4.5.2 Tracking and Reporting the CAP Implementation

The CLM ensures that corrective actions are effectively tracked to closure by maintaining accurate
information in CATS. The CLM should review and update the corrective action data (i.e., status
description, actual completion date, verification status) as it changes, or at least monthly.

When the responsible line organization has determined that an issue and associated corrective action(s)
are closed, the CLM will review their bases for closure and determine if the action(s) should be
described as completed on CATS (i.e., CATS Completion Date field filled in). Once the CLM has
determined that an action is completed and the CATS Completion Date is filled, the CLM will then
ensure that closure verification is conducted (Section 4.6).

If a corrective action has not been completed within the planned completion date listed in the CATS
Corrective Action Data, the CLM must update the status for completing the late action in the
"Descriptive Status" block for the specific corrective action. This status is to be updated every 30 days
until the corrective action is completed. Each update should begin with the date of input by the CLM
(i.e., 8-18-01). The update should include accomplishments since the last entry, conditions causing the
delay, and anticipated date for approval.

If all corrective actions have not been completed within the planned corrective action completion date
listed in the "Latest Corrective Action in CAP" block of the CAP Data, an overall summary status for
completing the late actions should be provided in the "CAP Status" block of the CAP Data. Each
update should begin with the date of input by the CLM (i.e., 8-18-01). The update should include the
number of corrective actions in the CAP that have not been completed (i.e., two of the 41 corrective
actions in the CAP have not been completed), accomplishments since the last entry, conditions causing
the delay, and anticipated revised date to complete all the corrective actions in the CAP. The corrective
action status information entered in the "CAP Status" block of the CAP Data will be included in the
Secretary's Quarterly Report from CATS.

If the planned completion dates for corrective actions listed in the CAP need to be changed, a Data
Change Request Form should be submitted through the CSO to the DOE ES&H Information Center as
outlined in the CATS User's Guide.

4.5.3 Using the Corrective Action Tracking System

CATS provides management-level CAP status information. The Office of the Secretary, the CSO, and
EH-2 review CAP status, as necessary, in conducting their line management and independent oversight
responsibilities. CATS is also used to prepare the Secretary's Quarterly Status Report on safety issue
resolutions. Within 5 working days after the end of each fiscal quarter, the Secretary's Quarterly
Report will be printed and forwarded to the COO. Any questions on corrective action status will be
directed to the responsible CSO. The Secretary's Quarterly Report for the previous quarter will be
available on the CATS Web site. The public also has read-only access to CATS.

It is important to note that CATS in no way takes the place of the formal written documentation
required by the FRAM, DOE O 225.1A, DOE O 470.2A, or DOE O 414.1A. It is intended only as
a management information tool to (1) track the status of corrective actions and (2) evaluate
performance of responsible managers in resolving safety issues.

4.5.4 Independent Monitoring the CAP Progress

EH-2 may review implementation of the approved CAPs, including the timeliness and adequacy of
corrective actions, as part of routine or for-cause assessments. EH-2 reports unsatisfactory progress to
CSO and CLM. If CAP implementation is found to be unsatisfactory, the dispute elevation process
may also be used.

Completed corrective actions are reviewed during subsequent Office of Oversight appraisal activities..
If the completed corrective action does not resolve the issue, a new safety issue will be addressed in the
EH-2 appraisal report.

4.6 Corrective Action Plan Verification

The CLM coordinates with all organizations responsible for corrective actions to ensure that all closed
corrective actions have been verified by persons with sufficient independence from those who
performed the work described in the CAP. DOE O 414.1A requires line management to apply the
independent assessment criteria to obtain an objective and independent verification of CAP completion.
Adequate records of the corrective actions and verification should be maintained in accordance with the
local QA Program. The CLM enters the final update of the CAP status (complete and verified) and
confirms that all corrective action data fields are complete in CATS.

4.7 Safety Issue Follow-up

EH-2 may choose to examine the records and the physical activities that have been taken to resolve the
identified safety issues. A new safety issue will be identified by EH-2 in a new report if EH-2
determines the CAP has not adequately resolved the original safety issue.
EXHIBIT 2

Sample Checklist for Reviewing Adequacy of Corrective Action Plans (CAPs)

No.

Criteria
YES
NO

Has the field element manager (FEM) prepared a single, comprehensive CAP to
address all of the safety issues in the assessment report?

2
Does the CAP clearly state the causes [the root cause(s) and causal factors] of the
issue?

3
Does the CAP describe the basis for the disposition of each identified safety issue?

4
Does the CAP clearly state which corrective action(s) are responsive to the
immediate condition/issue?

5
Does the CAP clearly state which corrective action(s) are responsive to prevent
recurrence of the issue?

6
If the FEM determines that no action will be taken in response to a given safety
issue, does the CAP describe the basis for this determination, and does it
demonstrate how safety will be maintained?

7
Does the CAP indicate for each safety issue the responsible individual (the CLM)?

8
Does the CAP indicate for each safety issue the expected date of completion?

9
Does the expected CAP due date allow time for verification of the corrective
action(s)?

10
Does the CAP indicate for each safety issue the mechanism for the line's
independent verification of closure to ensure that the actions are appropriate to
prevent recurrence?

11
Does the CAP indicate for each safety issue the lessons learned for broader
application?

Note: This checklist constitutes the minimum criteria for a CAP preparation. It is based on the
requirements of DOE O 414.1A and DOE M 411.1-1B. The checklist should be amended to suit local
needs and management expectations.

EXHIBIT 2 5. Corrective Action Plan Dispute Resolution Process

Differences in professional opinion could occur at several points during the process of resolving safety
issues:

disagreement between line organizations regarding the completeness, priority, cost-effectiveness
or funding of the proposed CAP;

Office of Oversight disagreement with the adequacy of the line's CAP;

Office of Oversight or line disagreement with the adequacy of CAP efforts at some time after
implementation has begun;

technical disagreement or funding inadequacies that arise during CAP implementation;

disputes identified during the CAP completion/closure verification process.

When a dispute is initially identified during this process, attempts are normally made to resolve it at the
lowest organizational level possible using a traditional process of discussion, mutual agreement, or
compromise. It is assumed that within 30 days of stated objections, most areas of dispute can be
resolved without the involvement of the Secretary. Both oral and written communications are
considered effective tools for focusing issues, stating facts and rationale, and communicating information
consistently to all interested parties. If informal discussions successfully resolve the dispute, the
resolution should be documented in a mutually agreeable way.

If an identified dispute cannot be resolved by informal discussions, it is elevated for resolution through a
process that incorporates the following attributes, as appropriate.

The dispute is appropriately documented to support its consideration by higher authority, with
each party having equal opportunity for input on such documentation.

The appropriate higher authorities are solicited to negotiate or arbitrate the dispute.

Disputes are elevated to the minimum extent necessary to reach resolution, following the chain-
of-command of the organizations involved.

Dispute resolution is pursued as a priority, tracked in CATS, and completed by the higher
authority within 30 days. Additional information, actions, or mutual decision to elevate the
dispute to the next organizational level, should also be completed within the 30-day target
period.

Discussions between organizations are coordinated in advance to ensure full participation of all
parties.

Resolution is documented in a mutually agreeable way or elevated to the Office of the
Secretary.

If an issue is not resolved through the process described above, it is elevated to the Office of the
Secretary for resolution through a process that incorporates the following attributes.

The dispute is appropriately documented, each party has equal input on such documentation,
and the heads of the affected organizations concur with the documentation.

The heads of the affected organizations work together to identify and brief the appropriate
individual. An initial briefing may be provided at the senior policy/program advisor level, or the
parties may prefer to discuss the matter directly with the Secretary or designee.

Resolution by the Secretary or designee is documented in accordance with established
methods. The heads of the affected organizations provide any additional documentation
required to support this effort.

Notwithstanding the above, as the chief safety advisor of the Department, the Assistant Secretary for
Environment, Safety and Health may discuss safety issues with the Secretary at any time as appropriate.

6. REFERENCES

6.1 Rules and Directives

DOE P 411.1, SAFETY MANAGEMENT FUNCTIONS, RESPONSIBILITIES, AND
AUTHORITIES POLICY

DOE M 411.1-1B, SAFETY MANAGEMENT FUNCTIONS, RESPONSIBILITIES,
AND AUTHORITIES MANUAL

DOE O 414.1A, QUALITY ASSURANCE

DOE G 414.1-2, QUALITY ASSURANCE MANAGEMENT SYSTEM GUIDE FOR USE
WITH 10 CFR 830.120 AND DOE O 414.1

DOE P 450.4, SAFETY MANAGEMENT SYSTEM POLICY

DOE P 450.5, LINE ENVIRONMENT, SAFETY AND HEALTH OVERSIGHT

DOE P 450.6, SECRETARIAL POLICY STATEMENT ENVIRONMENT, SAFETY
AND HEALTH

DOE O 470.2A, SECURITY AND EMERGENCY MANAGEMENT INDEPENDENT
OVERSIGHT AND PERFORMANCE ASSURANCE PROGRAM

10 CFR 820, Procedural Rules for DOE Nuclear Activities

10 CFR 830, Nuclear Safety Management

10 CFR 834, Radiation Protection of the Public and the Environment

10 CFR 835, Occupational Radiation Protection

DEAR 970.5223-1, Integration of ES&H into work planning and execution

DEAR 970.5204-2, Laws, regulations, and DOE directives

DEAR 970.5215-3, Conditional payment of fee, profit, or incentives

6.2 Additional References

Report on Feedback and Improvement, Deputy Secretary Moler to Chairman John Conway,
dated June 1998.

Memorandum from Secretary Richardson, Safety Performance and Accountability, dated 3-3-
99.

DOE Implementation Plan to Address and Resolve Safety Issues Identified by DOE
Internal, Independent Oversight, dated 3-10-99, approved by Secretary Richardson.