The PDF version 
Display Related Directives to this directive.
Display Reference Documents to this directive.
DOE M 450.4-1 11-16-06
ERRATA SHEET
This Errata Sheet transmits the following minor changes to DOE M 450.4-1,
Integrated Safety Management System Manual, dated 11-1-06. Chapter I,
paragraph 3h(2) and (3) should be numbered as paragraph 3h(2).
Paragraph 3h(4) through (8) are now numbered as paragraph 3h(3) through (7).
The changes are reflected in this Manual.
This Errata Sheet must remain with DOE M 450.4-1.
U. S. DEPARTMENT OF ENERGY MANUAL
Washington, DC DOE M 450.4-1
Approved 11-1-06
INTEGRATED SAFETY MANAGEMENT SYSTEM MANUAL
1. PURPOSE. The purpose of this Manual is to clearly identify and
institutionalize DOE requirements and responsibilities regarding
development and implementation of Integrated Safety Management
(ISM) systems within DOE. This Manual provides requirements and
guidance for DOE and contractors to ensure development and
implementation of an effective ISM system that is periodically
reviewed and continuously improved.
2. CANCELLATION. None
3. APPLICABILITY.
a. DOE Elements. Except for the exclusions in paragraph 3c, this Manual
applies to all Departmental elements. (Go to
http://www.directives.doe.gov for the current listing of Departmental
elements. This list automatically includes all Departmental elements
created after the Order is issued.)
The Administrator of the National Nuclear Security Administration
(NNSA) shall assure that NNSA employees and contractors comply with
their respective responsibilities under this Manual. Nothing in this
Manual will be construed to interfere with the NNSA Administrator’s
authority under section 3212(d) of Public Law (P.L.) 106-65 to establish
Administration specific policies, unless disapproved by the Secretary.
b. DOE Contractors. The Contractor Requirements Document (CRD),
Attachment 1, sets forth requirements of this Manual that will apply to
contractors performing design, construction, operation, and
decommissioning of Department-owned facilities whose contracts include
the CRD. This CRD must be included, as appropriate, in all contracts that
include DEAR 970.5223-1, Integration of environment, safety, and health
into work planning and execution.
c. Exclusion. Activities conducted under the authority of the Director, Naval
Nuclear Propulsion Program, as described in Executive Order 12344 and
set forth in Public Laws 98-525 and 106-65.
4. CONTACT. Direct requests for additional information to the Office of Health,
Safety and Security, Office of Health and Safety, at (301) 903-6061.
BY ORDER OF THE SECRETARY OF ENERGY:
CLAY SELL
Deputy Secretary
Chapter I. OVERVIEW AND RESPONSIBILITIES
1. INTRODUCTION. The objective of ISM is to perform work in a safe and
environmentally sound manner. More completely, as described in DOE P 450.4,
Safety Management System Policy: “The Department and Contractors must
systematically integrate safety into management and work practices at all levels
so that missions are accomplished while protecting the public, the worker, and the
environment. This is to be accomplished through effective integration of safety
management into all facets of work planning and execution. In other words, the
overall management of safety functions and activities becomes an integral part of
mission accomplishment.” The desired result is that work is accomplished in a
safe manner. ISM is applicable to all facility life-cycle phases including design,
construction, operation, and decontamination and decommissioning. In ISM, the
term “safety” is used synonymously with environment, safety, and health (ES&H)
to encompass protection of the public, the workers, and the environment.
Throughout this Manual, ISM is defined to include applicable integration with
Environmental Management System (EMS) and Quality Assurance Program
(QAP). Requirements for this integration exist in related directives such as the
integration of EMS per DOE O 450.1, Environmental Protection Program, and the
integration of QAP per DOE O 414.1C, Quality Assurance.
The Department developed and began implementation of ISM in 1996. Since that
time, the Department has gained significant experience with its implementation.
This experience has shown that the basic framework and substance of the
Department’s ISM program remains valid. The experience also shows that
substantial variances exist across the complex regarding familiarity with ISM,
commitment to implementation, and implementation effectiveness. The
experience also shows that more clarity on DOE’s role in effective ISM
implementation is needed. Contractors and DOE alike have reported that clearer
expectations and additional guidance on annual ISM maintenance and continuous
improvement processes are needed.
Since 1996, external organizations that are also performing high-hazard work,
such as commercial nuclear organizations, Navy nuclear organizations, National
Aeronautics and Space Administration, and others, have also gained significant
experience and insight relevant to safety management. The ISM core function of
“feedback and improvement” calls for DOE to learn from available feedback and
make changes to improve. This concept applies to the ISM program itself.
Lessons learned from both internal and external operating experience are reflected
in this Manual to update the ISM program. Two significant sources of external
lessons learned have contributed to this Manual: (1) the research and conclusions
related to high-reliability organizations (HROs), and (2) the research and
conclusions related to the human performance improvement (HPI) initiatives in
the commercial nuclear industry, the U.S. Navy, and other organizations. HRO
and HPI tenets are very complementary with ISM and serve to extend and clarify
the program’s principles and methods.
As part of the ISM revitalization effort, the Department wants to address known
opportunities for improvement based on DOE experience, and integrate the
lessons learned from HRO organizations and HPI implementation into the
Department’s existing ISM infrastructure. This Manual should be viewed as a
natural evolution of the ISM program, using feedback for improvement of the
ISM program itself. The Department wants to integrate the ISM core functions,
ISM principles, HRO principles, HPI principles and methods, lessons learned, and
internal and external best safety practices into a proactive safety culture where:
facility operations are recognized for their excellence and high-reliability,
everyone accepts responsibility for their own safety and the safety of others,
organization systems and processes provide mechanisms to identify systematic
weaknesses and assure adequate controls, and continuous learning and
improvement is expected and consistently achieved. The revitalized ISM system
is expected to define and drive desired safety behaviors, to help DOE and its
contractors create a world-class safety culture, and ultimately to result in
achievement of performance excellence.
This Manual is being issued to get the Department started in re-vitalizing ISM
implementation. The Department recognizes that the existing ISM directives and
DEAR clause contain some differences in comparison to this Manual. Every
attempt was made to keep these inconsistencies to a minimum. As the
Department gains experience in implementing the new DOE requirements
contained in this Manual, it is expected that this Manual will need to be revisited
and revised within two years to incorporate experience, best practices, and lessons
learned. In the same timeframe, it is also expected that the full suite of ISM
directives (described below) will be reviewed in parallel and adjusted as needed to
bring them into full alignment. The ultimate location of the guidance contained in
this Manual will be reviewed as part of this process. The Department’s primary
ISM directives are the following:
a. DOE P 450.4, Safety Management System Policy – The ISM policy
establishes the ISM program, its objective, its guiding principles and core
functions, and its implementing mechanisms. This Policy defines the ISM
program that the requirements and responsibilities in this Manual are
targeted for implementing.
b. DOE G 450.4-1B, Integrated Safety Management System Guide for Use
with Safety Management System Policies (DOE P 450.4, DOE P 450.5,
and DOE P 450.6); the Functions, Responsibilities, and Authorities
Manual; and the DOE Acquisition Regulation– The ISM Guide provides
guidance for contractors who are developing, implementing, and
maintaining ISM systems. It also provides guidance for DOE to facilitate
development, implementation and maintenance of contractor ISM
systems. Much of the guidance in the ISM Guide may be useful to DOE
offices that are developing ISM systems in response to the requirements in
this Manual.
c. DOE-HDBK-3027-99, Integrated Safety Management Systems
Verification Team Leader's Handbook – The ISM Verification Team
Leader’s Handbook provides guidance on the planning, conduct, and
reporting of ISM verification reviews. The requirements and guidance of
this Manual should be considered by ISM verification team leaders in
addition to the guidance in the Team Leader’s Handbook.
d. DEAR 970.5223-1, Integration of environment, safety, and health into
work planning and execution – The ISM DEAR clause provides
requirements for DOE contractors regarding the development,
implementation, and maintenance of ISM systems. The Contractor
Requirements Document in this Manual is intended to supplement the
requirements in the DEAR clause and only apply to those contractors for
which the DEAR clause is already applicable.
Other DOE directives, such as the Oversight Order (DOE O 226.1,
Implementation of Department of Energy Oversight Policy), the Quality
Assurance Order (DOE O 414.1C, Quality Assurance), the Environmental
Protection Program Order (DOE O 450.1, Environmental Protection Program),
the Nuclear Safety Management rule (10 CFR 830), and the Worker Health and
Safety Program rule (per 10 CFR 851, Worker Safety and Health Program)
contain related and overlapping requirements and responsibilities with the ones
contained in this Manual. This Manual requires DOE offices to understand and
integrate these related programs.
1. REFERENCES.
a. DOE O 151.1C, Comprehensive Emergency Management System, dated
11-2-05.
b. DOE P 226.1, Department of Energy Oversight Policy, dated 6-10-05.
c. DOE O 226.1, Implementation of Department of Energy Oversight Policy,
dated 9-15-05;
d. DOE O 414.1C, Quality Assurance, dated 6-17-05.
e. DOE G 414.1-1A, Management Assessment and Independent Assessment
Guide, dated 5-21-01.
f. DOE M 411.1-1C, Safety Management Functions, Responsibilities, and
Authorities Manual, dated 12-31-03 (DOE FRAM).
g. DOE O 440.1A, Worker Protection Management for DOE Federal and
Contractor Employees, dated 3-27-98.
h. DOE O 450.1 Chg 2, Environmental Protection Program, dated 12-07-05.
i. DOE G 450.1-1A, Implementation Guide for Use with DOE O 450.1,
Environmental Protection Program, dated 10-24-05.
j. DOE G 450.1-2, Implementation Guide for Integrating Environmental
Management Systems into Integrated Safety Management Systems, dated
8-20-04.
k. DOE P 450.2A, Identifying, Implementing and Complying with
Environment, Safety and Health Requirements, dated 5-15-96.
l. DOE P 450.4, Safety Management System Policy, dated 10-15-96.
m. DOE G 450.4-1B, Integrated Safety Management System Guide for Use
with Safety Management System Policies (DOE P 450.4, DOE P 450.5,
and DOE P 450.6); the Functions, Responsibilities, and Authorities
Manual; and the DOE Acquisition Regulation, dated 3-1-01.
n. DOE P 450.7, Environment, Safety and Health (ES&H) Goals, dated 8-2-
04.
o. DOE Implementation Plan to Improve Oversight of Nuclear Operations
(in response to Defense Nuclear Facilities Safety Board Recommendation
2004-1), Revision 2, dated 10-12-06.
p. Public Law (P.L.) 106-65, Title 32, National Defense Authorization Act
for FY 2000, as amended, which established the NNSA as a separately
organized agency within the Department of Energy.
q. DOE-HDBK-3027-99, Integrated Safety Management Systems
Verification Team Leader's Handbook, June 1999.
r. DEAR 970.5223-1, Integration of environment, safety, and health into
work planning and execution.
s. 10 CFR 830, Nuclear Safety Management.
t. 10 CFR 851, Worker Safety and Health Program.
2. RESPONSIBILITIES.
a. Secretary.
(1) Establish and communicate expectations to ensure the safe and
environmentally sound operation of Department facilities.
(2) Maintain a broad awareness of the status of ISM implementation
throughout the Department, and take necessary actions to improve
implementation effectiveness.
b. Deputy Secretary.
(1) Establish and communicate expectations to ensure the safe
operation of Department facilities.
(2) Establish and approve DOE safety goals and objectives.
(3) Maintain a broad awareness of the status of ISM implementation
throughout the Department, and take necessary actions to improve
implementation effectiveness.
(4) Designate the DOE ISM Champion to lead the DOE ISM
Champions Council, which reports through the Chief Health,
Safety and Security Officer to the Deputy Secretary (see
Attachment 5).
c. Under Secretary of Energy, Administrator of National Nuclear Security
Administration (NNSA) and Under Secretary for Science.
(1) Establish and communicate expectations to ensure the safe
operation of Department facilities.
(2) Establish and approve safety goals and objectives for their
organization.
(3) Maintain a broad awareness of the status of ISM implementation
throughout their organization, and take necessary actions to
improve implementation effectiveness.
d. Central Technical Authorities. (Note: The Department has established
three Central Technical Authorities (CTAs), for NNSA (Principal Deputy
Administrator), Energy (Under Secretary of Energy), and for science
(Under Secretary for Science). The CTA responsibilities are reflected in
the DOE FRAM).
(1) Review ISM system descriptions, annual ISM reviews,
declarations, and performance objectives, measures and
commitments for Secretarial offices under their purview.
(2) Provide observations and recommendations to Secretarial Officers
and Field Office Managers to improve ISM effectiveness with
regard to nuclear safety.
(3) Review concerns with meeting implementation schedule targets
that are identified by Secretarial offices under their purview (in
accordance with Chapter II, paragraph 1.a).
e. Secretarial Officers. (Note: For the purposes of this Manual, specific
responsibilities for the Secretary, the Deputy Secretary, and the Under
Secretary of Energy are delineated separately in this section. The
responsibilities below apply to all other Secretarial Officers with
responsibilities for safety management at DOE facilities.)
(1) Develop, approve, maintain, and implement Secretarial office ISM
systems, as described in ISM system descriptions, which are
complete, accurate and up-to-date; provide Secretarial office ISM
system descriptions to the Central Technical Authority for
information (Note: HSS will provide its ISM system description to
the Deputy Secretary).
(2) Integrate EMS and QAP into Secretarial office and field office
ISM systems, pursuant to DOE O 450.1, Environmental Protection
Program, and DOE O 414.1C, Quality Assurance.
(3) Conduct line oversight of the implementation of ISM at field
offices assigned to the Secretarial office, consistent with the
requirements and guidance of DOE O 226.1, Implementation of
Department of Energy Oversight Policy, and Attachment 4 of this
Manual, Guidelines for Improving DOE ISM System
Implementation.
(4) Perform an annual ISM effectiveness review, and using the results
of this review, make an annual declaration of the status of ISM
implementation within the Secretarial office to the next level of
DOE management (Deputy Secretary for HSS, and CTAs for
NNSA, EM, and NE, Under Secretary for Science for SC).
(5) Approve annual safety performance objectives, measures, and
commitments and provide to the cognizant Central Technical
Authority (Note: HSS will provide these to the Deputy Secretary).
(6) Designate an ISM Champion to support ISM implementation
activities as directed.
(7) Use results from annual ISM reviews and declarations to drive
ownership and improvement by providing clear, timely, and
accurate feedback, including identifying new goals and directions
for improvement in the following year, good practices and lessons
learned for effective ISM implementation, inputs to the annual
planning and budgeting cycle, goal setting as in the DOE
Management Challenges, and performance appraisals, to DOE
personnel.
(8) Provide direction, including reporting dates, to field offices for
annual ISM effectiveness reviews, annual ISM declarations, and
annual safety performance objectives, measures, and
commitments.
f. Field Office Managers. (Note: the term “field office” is used throughout
to indicate the DOE field office with direct management and oversight of
operational activities, which may be performed by contractors or at
Government-Owned, Government-Operated (GO-GO) facility personnel.
“Field offices” may have various other designations, including operations
office, site office, and project office. Where multiple levels of DOE field
organizations exist, applicable DOE Secretarial offices should determine
in their ISM system descriptions how to apply these responsibilities.)
(1) Develop, approve, maintain, and implement field office ISM
systems, as described in ISM system descriptions, which are
complete, accurate and up-to-date; provide field office ISM system
descriptions to the applicable Secretarial office for information.
(2) Integrate EMS and QAP into the field office ISM system, pursuant
to DOE O 450.1, Environmental Protection Program, and DOE O
414.1C, Quality Assurance.
(3) Review and approve the contractor’s ISM system descriptions and
updates, as needed. This review includes verifying that the
Contractor’s ISM system effectively coordinates with the DOE
field office ISM system as a condition of approval. If the
contractor states that changes are not needed, then review and
approve the rationale for that decision. Conduct line oversight of
the field office’s contractor implementation of ISM, consistent
with the requirements and guidance of DOE O 226.1,
Implementation of Department of Energy Oversight Policy.
(4) Perform an annual ISM effectiveness review and using the results
of this review, make an annual declaration in writing of the status
and effectiveness of ISM implementation within the field office
and the contractor’s organizations, and submit this declaration to
the applicable Secretarial office.
(5) Prepare annual field office safety performance objectives,
measures, and commitments, and provide to the applicable DOE
Secretarial office.
(6) Designate an ISM Champion to support ISM implementation
activities as directed.
(7) Use the results of the annual ISM effectiveness review and the
annual ISM declaration to drive ownership and improvement.
Communicate implementation and improvement expectations
through clear, timely, and accurate feedback to DOE personnel
(through performance appraisals, for example) and to contractor
organizations (through contract fee determinations and contract
performance objectives and incentives, for example).
(8) Provide direction, including reporting dates, to contractors for
annual ISM effectiveness reviews, Annual ISM declarations, and
Annual safety performance objectives, measures, and
commitments.
(9) Determine whether and when to conduct full ISM verifications of
field office ISM activities, encompassing both federal and
contractor implementation of ISM, consistent with the guidance in
Attachment 4 of this Manual, Guidelines for Improving DOE ISM
System Implementation.
g. Contracting Officer.
(1) As directed by the field office manager, transmit feedback on
contractor ISM system descriptions and annual updates, if changes
are needed. (Note: Contracting officers may transmit authority for
provisional approval of annual updates to the contractor after
initial approval; DOE retains the responsibility this approval).
(2) As directed by the field office manager, establish and maintain the
latest version of the following Department of Energy Acquisition
Regulations (DEAR clauses) in applicable DOE contracts: 48
CFR 970.5223-1, “Integration of Environment, Safety, and Health
into Work Planning and Execution,” 48 CFR 970.5204-2 (Laws,
Regulations and DOE Directives), 48 CFR 970.5215-3
(Conditional Payment of Fee, Profit, and other Incentives) and 48
CFR 970.5203-2 (Performance Improvement and Collaboration).
(3) Establish and maintain the latest version of this Manual (see
Attachment 1, Contractor Requirements Document) as a
requirement in all DOE contracts that already include DEAR
Clause 970.5223-1, “Integration of environment, safety, and health
into work planning and execution.
(4) As directed by the Field Office Manager, transmit annual direction
to contractors on ISM including schedule for providing contractor
submittals of (1) annual ISM effectiveness reviews and annual
ISM declarations, (2) ISM system description updates, and (3)
safety performance objectives, measures, and commitments.
(5) Provide contractors with the latest approved version of the
applicable DOE field office ISM system description.
(6) As directed by the field office manager, transmit DOE field office
feedback on contractor ISM system performance objectives,
measures, and commitments.
h. Chief Health, Safety and Security Officer.
.
(1) Develop DOE safety policy, requirements, and guidance necessary
for the effective implementation of the DOE ISM program,
consistent with the Department’s directives and standards systems.
(2) As part of the HSS ISM system description, describe ongoing
safety initiatives in the context of DOE-wide ISM implementation
and link these initiatives to ISM systems, functions, performance
objectives and measures. Provide the HSS ISM system description
to the Deputy Secretary and line programs so they will understand
how ongoing HSS safety initiatives fit within the Department’s
ISM system implementation.
(3) Support improvement in ISM programs by providing technical
assistance to line management.
(4) Perform periodic independent oversight of ISM implementation at
all levels (i.e., DOE Headquarters Secretarial offices, DOE field
offices, and DOE contractors), consistent with the requirements of
DOE O 226.1, Implementation of DOE Oversight Policy.
(5) Provide observations and recommendations to reviewed
organizations to improve ISM effectiveness, consistent with the
requirements of DOE O 226.1, Implementation of DOE Oversight
Policy.
(6) Provide an annual report to the Secretary concerning the overall
status of implementation of ISM at DOE and identifying strengths,
best practices, common weaknesses, and opportunities for
improvement.
(7) Designate an ISM Champion to support ISM implementation
activities as directed, and support the DOE ISM Champions
Council in improving the effectiveness of the DOE ISM systems
throughout the DOE complex.
i. Chair, ISM Champions Council (DOE ISM Champion).
(1) Lead the ISM Champions Council to fulfill the functions defined in
the Charter for the ISM Champions Council (see Attachment 5).
(2) Report on the activities of the ISM Champions Council to the
Deputy Secretary, through the Chief Health, Safety and Security
Officer.
j. Secretarial Office and Field Office ISM Champions.
(1) Assist line management in developing and sustaining vital, mature
ISM systems.
(2) Participate in the ISM Champions Council and support the DOE
ISM Champion in accomplishing the council functions, as defined
in the Charter for the ISM Champions Council (see Attachment 5).
Chapter II. REQUIREMENTS
1. DEVELOPING DOE ISM SYSTEM DESCRIPTIONS.
a. Secretarial Offices. DOE HQ Secretarial offices must develop and
implement ISM systems. DOE HQ Secretarial offices must develop and
maintain ISM system descriptions to ensure that they are complete,
accurate and up-to-date. Each Secretarial office must issue an approved
Secretarial office ISM system description within six months of the
issuance of this Manual and must achieve full implementation of the
system description within two years of issuance of the system description.
Secretarial offices with concerns about meeting this implementation
schedule due to resource constraints must develop an impact analysis,
notify their responsible Central Technical Authority (for HS, notify the
Deputy Secretary), request any necessary resources in the upcoming
budget cycle, and provide a schedule for full implementation in their ISM
system description.
(1) ISM system descriptions for DOE Secretarial offices must be
approved by the responsible DOE Headquarters Secretarial
Officer. These system descriptions must describe the following:
(a) how the Secretarial office defines its work activities related
to achieving the ISM objective of safe mission
accomplishment, as defined in DOE P 450.4, Safety
Management System Policy;
(b) the ISM implementing mechanisms, processes and methods
by which the Secretarial office implements the ISM guiding
principles to create an effective environment for ISM
implementation, as defined in Attachment 2;
(c) the ISM implementing mechanisms, processes and methods
by which the Secretarial office implements the ISM core
functions;
(d) how EMS, QAP, and other management processes and
systems are integrated into the ISM system;
(e) how the Secretarial office will measure ISM effectiveness,
perform annual ISM effectiveness reviews, prepare annual
ISM declarations, and continuously improve the
effectiveness of the ISM system;
(f) how the Secretarial office will establish, document, and
implement relevant safety performance objectives,
measures, and commitments in response to Secretarial
direction and budget execution guidance while maintaining
the integrity of the system;
(g) how the Secretarial office will maintain its ISM system
description so that it is accurate and up-to-date, and
demonstrate continuous improvement in its performance of
safe work activities; and
(h) the ISM implementing mechanisms and processes that will
be used to meet the Secretarial Office responsibilities
delineated in this Manual.
(2) Secretarial office ISM system descriptions must be consistent with
established DOE safety directives, except where exemptions are
approved. These ISM system descriptions should follow
applicable DOE direction and guidance, including that found in—
(a) Attachment 3 of this Manual, Guidelines for Developing
DOE ISM System Descriptions,
(b) DOE G 450.4-1B, Integrated Safety Management System
Guide, and
(c) DOE G 450.1-2, Implementation Guide for Integrating
Environmental Management Systems into Integrated Safety
Management Systems.
(3) Each ISM system description will be the primary management
system description for the particular Secretarial office for
accomplishing work in a safe and environmentally sound manner,
and must be integrated with the corresponding Secretarial office
Quality Assurance programs (see existing requirement in DOE O
414.1C, Quality Assurance) and other relevant safety and
management systems, such as emergency management systems
(see DOE O 151.1C, Comprehensive Emergency Management
System). Each Secretarial office ISM system must be integrated
with the office business processes for work definition and
planning, budgeting, authorization, execution, financial
management and control, change control, performance
measurement, and performance evaluation incorporating lessons
learned and continuous improvement. For example, ISM
accountabilities and performance should be reflected in employee
performance objectives and evaluations. Secretarial office ISM
system descriptions may be combined into a single document or a
set of documents that also include the associated Secretarial
office’s functions, responsibilities and authorities document, the
quality assurance plan, and the line oversight program description.
ISM system descriptions must be reviewed at least annually to
determine whether updates are needed. If no changes are needed
to maintain ISM system description complete, accurate, and up-to-
date, then no annual update is necessary. A statement to this effect
should be included in the annual ISM declaration. If changes are
needed, these will be approved by the Secretarial Officer and
provided for information to the applicable Central Technical
Authority or applicable senior DOE official.
(4) Secretarial offices must establish and maintain implementing
mechanisms, including processes, policies, protocols, procedures,
documentation, and training, to translate ISM system expectations
into implementation activities and desired human behaviors.
These mechanisms must address all active and applicable facility
life-cycle phases including design, construction, operation, and
decontamination and decommissioning.
(5) The level of rigor in the ISM System Descriptions must be
consistent with the hazards and complexity of the applicable
facilities and activities.
b. Field Offices. DOE field offices (including NNSA site offices and EM
project offices) must develop and implement ISM systems. They must
develop and maintain approved ISM system descriptions that are
complete, accurate and up-to-date. Each Field office must issue an
approved Field Office ISM system description within six months of the
issuance of the applicable DOE Secretarial office ISM system description
and must achieve full implementation of the system description within one
year of issuance of the field office system description. Field offices with
concerns about meeting this implementation schedule due to resource
constraints must develop an impact analysis, notify their responsible
Secretarial Office, request any necessary resources in the upcoming
budget cycle, and provide a schedule for full implementation in their ISM
system description.
(1) ISM system descriptions for DOE field offices must be provided
for information to the responsible Secretarial office. These
systems descriptions will describe the following:
(a) how the field offices define work activities related to
achieving the ISM objective of safe mission
accomplishment, as defined in DOE P 450.4, Safety
Management System Policy.
(b) the ISM implementing mechanisms, processes and methods
by which the field office implements the ISM guiding
principles to create an effective environment for ISM
implementation, as defined in Attachment 2.
(c) the ISM implementing mechanisms, processes and methods
by which the field office implements the five ISM core
functions.
(d) how EMS, QAP, and other management systems and
processes are integrated into the ISM system.
(e) how the field office will measure ISM effectiveness,
perform annual ISM effectiveness reviews, prepare annual
ISM declarations, and continuously improve the
effectiveness of the ISM system.
(f) how the field office will establish, document, and
implement relevant safety performance objectives,
measures, and commitments in response to Secretarial and
budget execution guidance while maintaining the integrity
of the system.
(g) how the field office will maintain its ISM system
description so that it is accurate and up-to-date, and
demonstrate continuous improvement in its performance of
safe work activities.
(h) the ISM implementing mechanisms and processes that will
be used to meet the field office responsibilities delineated
in this Manual.
(2) Field office ISM system descriptions must be consistent with
established DOE safety directives, except where exemptions are
approved. Field office ISM system descriptions should also be
consistent with the associated Secretarial office ISM system
description(s). Field office ISM system descriptions should follow
applicable DOE direction and guidance, including that found in—
(a) Attachment 3 of this Manual, Guidelines for Developing
DOE ISM System Descriptions,
(b) DOE G 450.4-1B, Integrated Safety Management System
Guide, and
(c) DOE G 450.1-2, Implementation Guide for Integrating
Environmental Management Systems into Integrated Safety
Management Systems.
(3) Each field office’s ISM system description will be the primary
management system description for the field office for
accomplishing work in a safe and environmentally sound manner,
and must be integrated with the Quality Assurance program (see
existing requirement in DOE O 414.1C, Quality Assurance) and
other relevant safety and management systems, such as emergency
management systems (see DOE O 151.1C, Comprehensive
Emergency Management System). Each field office system must
be integrated with the office’s business processes for work
definition and planning, budgeting, authorization, execution,
financial management and control, change control, performance
measurement, and performance evaluation. Field office ISM
system descriptions may be combined into a single document or a
set of documents that also include the field office functions,
responsibilities and authorities document, the quality assurance
plan, and the line oversight program description.
(4) Field office ISM system description will be reviewed at least
annually to determine whether updates are needed. If no changes
are needed to maintain ISM system description complete, accurate,
and up-to-date, then no annual update is necessary. A statement to
this effect should be included in the annual ISM declaration. If
changes are needed, these will be approved by the field office
manager, and provided for information to the applicable Secretarial
officer.
(5) Field offices must establish and maintain implementing
mechanisms, including processes, policies, protocols, procedures,
documentation, and training, to effectively translate ISM system
expectations into implementation activities and desired human
behaviors.
(6) The level of rigor in the ISM System Descriptions must be
consistent with the hazards and complexity of the applicable
facilities and activities.
2. IMPROVING DOE ISM SYSTEM IMPLEMENTATION. Guidelines for
improving DOE ISM system implementation are provided in Attachment 4. DOE
G 414.1-1A, Management Assessment and Independent Assessment Guide, also
provides useful guidance on a variety of assessments required below.
a. Line Oversight. DOE Secretarial offices and field offices will perform
line oversight of ISM implementation at the next lower tier, consistent
with the requirements and guidance of DOE O 226.1, Implementation of
Department of Energy Oversight Policy. DOE Secretarial offices will
oversee implementation at the field office level, with sampling at the
contractor level, as needed based on available performance information, to
evaluate the effectiveness of the field office. DOE Field offices will
oversee implementation at the contractor level.
b. Annual ISM Effectiveness Reviews and Annual ISM Declarations.
(1) DOE Secretarial offices and field offices will perform an annual
ISM effectiveness review to develop their annual ISM
declarations. The annual ISM review will encompass a review of
the content and results of relevant self-assessments, line oversight,
lower-level ISM reviews, and the annual integrated review of
lower-level ISM reviews; a review of performance against the past
year’s safety performance objectives, measures, and commitments;
and pertinent feedback data from a variety of relevant mechanisms.
Guidelines for performing annual ISM effectiveness reviews are
provided in Attachment 4.
(2) DOE Secretarial offices and field offices will annually issue a
declaration report of the status of implementation of ISM within
that office, including applicable site and contractor operations.
The DOE Secretarial offices must evaluate applicable DOE
Headquarters and field office activities, and applicable contractor
activities; and the DOE field offices must evaluate applicable DOE
field office activities and applicable contractor activities. The
report must include:
(a) a summary of relevant activities and assessments that were
completed during the year and provide the basis for the
determination of overall ISM effectiveness;
(b) a determination of the overall effectiveness of
implementation of ISM, using one of these summary
evaluations: “Effective Performance,” “Needs
Improvement,” or “Significant Weakness”;
(c) summary of strengths, weaknesses, and opportunities for
improvement;
(d) planned or ongoing actions to enhance ISM effectiveness;
(e) a discussion of potential site vulnerabilities to provide an
opportunity to develop and implement risk management
options and strategies, including re-scoping activities, re-
allocating funds and resources to address the
vulnerabilities, or identifying the consequences of
proceeding without addressing them; and
(f) any directive exemptions per changes in the contract during
the year.
(3) Annual ISM declarations must provide the bases for their
conclusions. These bases should include the annual ISM
effectiveness review, self-assessments, line oversight reviews,
annual integrated ISM reviews, lower-level ISM reviews, pertinent
feedback data from a variety of mechanisms, and action plans
including corrective or compensatory actions to address
weaknesses and opportunities for improvement.
(4) For Secretarial offices, the annual ISM declarations must be
provided to the applicable Central Technical Authority or
designated senior official. For field offices, annual ISM
declarations must be provided to the applicable Secretarial office
for review.
c. Annual Performance Expectations and Performance Objectives. DOE HQ
Secretarial offices will annually prepare safety performance objectives,
measures, and commitments, and provide these to the applicable CTA or
DOE senior official over the office (the Deputy Secretary for HSS, the
NNSA CTA for NNSA, the Energy CTA for EM and NE, etc.). DOE
field offices will annually prepare and submit safety performance
objectives, measures, and commitments, and provide these for information
to the applicable HQ Secretarial office.
d. Full ISM Verifications. DOE field offices will determine whether and
when to conduct full ISM verifications of field office ISM activities,
including both federal and contractor implementation of ISM, in
accordance with the guidance provided in Attachment 4 of this Manual,
Guidelines for Improving DOE ISM System Implementation.
e. ISM Champions Council. DOE Secretarial Officers and Field Element
Managers must designate their ISM Champions and identify their
Champion to their organizations and to the DOE ISM Champion. The
DOE ISM Champions Council will operate in accordance with its Charter,
provided in Attachment 5.
APPENDIX A
ACRONYMS AND ABBREVIATIONS
ASME American Society of Mechanical Engineers
BBS Behavior Based Safety
CAIRS Computerized Accident/Incident Reporting System
CCE Continuing Core Expectation
CFR Code of Federal Regulations
COO Conduct Of Operations
Council DOE ISM Champions Council
CRAD Criteria and Review Approach Document
CRD Contractor Requirements Document
CTA Central Technical Authority
DEAR Department of Energy Acquisition Regulation
DNFSB Defense Nuclear Facilities Safety Board
DOE Department of Energy
DOE G Department of Energy Guide
DOE-HDBK Department of Energy Handbook
DOE M Department of Energy Manual
DOE O Department of Energy Order
DOE P Department of Energy Policy
DS Deputy Secretary of Energy
EM DOE Office of Environmental Management
EMS Environmental Management System
ES&H Environment, Safety and Health
EWP Enhanced Work Planning
FRA Functions, Responsibilities and Authorities
FRAM Functions, Responsibilities, and Authorities Manual
GO-GO Government-Owned, Government-Operated
HDBK Handbook
HPI Human Performance Improvement
HQ (DOE) Headquarters
HRO High-Reliability Organization
HSS Office of Health, Safety and Security
IAEA International Atomic Energy Agency
INPO Institute for Nuclear Power Operations
ISM Integrated Safety Management
ISO International Standards Organization
ISSM Integrated Safeguards and Security Management
NE DOE Office of Nuclear Energy
NNSA National Nuclear Security Administration
NRC Nuclear Regulatory Commission
OSHA Occupational Safety and Health Administration
ORPS Occurrence Reporting and Processing System
PAAA Price Anderson Amendments Act
QA Quality Assurance
QAP Quality Assurance Program
SC DOE Office of Science
TSR Technical Safety Requirement
US Under Secretary of Energy
VPP Voluntary Protection Program
APPENDIX B
GLOSSARY OF TERMS
ACTIVE ERROR—Human action (behavior) that changes equipment, system, or plant
state triggering immediate undesired consequences.
ADMINISTRATIVE CONTROLS—Provisions related to organization and management,
procedures, record keeping, assessment, and reporting necessary to ensure safe operation
of a facility. With respect to nuclear facilities, administrative controls means the section
of the Technical Safety Requirements (TSRs) containing provisions for safe operation of
a facility including (1) requirements for reporting violations of TSRs, (2) staffing
requirements important to safe operations, and (3) commitment to the safety management
programs and procedures identified in the Safety Analysis Report as necessary elements
of the facility safety basis provisions.
ALIGNMENT—A measure or judgment of the extent to which the values, processes,
management, and existing factors within an organization influence human performance in
a complementary and non-contradictory way; facilitating organizational processes and
values to support desired behavior.
ANNUAL ISM DECLARATION—A determination by a DOE or contractor
organization regarding whether it is in full conformance with the requirements and
expectations for an effective Integrated Safety Management system and its bases for this
determination. An annual ISM declaration must be based on an annual ISM effectiveness
review.
ANNUAL ISM EFFECTIVENESS REVIEW—An annual review conducted by a DOE
or contractor organization for determining whether its Integrated Safety Management
System is in full conformance with the requirements and expectations for effective
implementation. The annual ISM effectiveness review is a qualitative review that
encompasses multiple elements, including review of: self-assessments, oversight reviews
results, integrated reviews across multiple reporting elements; performance against
established performance objectives, measures, and commitments; and other feedback and
performance information.
AUTHORIZATION AGREEMENT—A documented agreement between the DOE and
the contractor for high-hazard facilities (Categories 1 and 2), incorporating the results of
DOE's review of the contractor's proposed authorization basis for a defined scope of
work. The authorization agreement contains key terms and conditions (controls and
commitments) under which the contractor is authorized to perform work. Any changes to
these terms and conditions would require DOE approval.
AUTHORIZATION BASIS—Those aspects of the facility design basis and operational
requirements relied upon by DOE to authorize operation. These aspects are considered
important to the safety of facility operations. The authorization basis is described in
documents such as the facility Safety Analysis Report and other safety analyses; Hazard
Classification Documents, the Technical Safety Requirements, DOE-issued safety
evaluation reports, and facility-specific commitments made in order to comply with DOE
Orders or policies.
BEHAVIOR—(1) Observable (movement, speech) and unobservable (perception,
thought, decisions not to act or inaction, emotional response, and so forth) activity by an
individual; (2) The mental and physical efforts to perform a task.
BEHAVIOR BASED SAFETY—A proactive approach to injury prevention that focuses
on at-risk behaviors that can lead to an injury -or on safe behaviors that can contribute to
injury prevention.
BEST PRACTICES—Management practices and work processes that lead to world-class,
superior performance.
CAUSAL ANALYSIS—A process used to analyze an incident and determine the actual
factors that caused the incident, thus identifying which factors if corrected would prevent
the recurrence of the incident.
CENTRAL TECHNICAL AUTHORITY—The Department has established three Central
Technical Authorities (CTAs) for NNSA, Energy (including EM and NE), and Science.
Each CTA is a line management executive who will be responsible for the following core
nuclear safety functions for their organizations and facilities: (1) concurs with the
determination of the applicability of DOE Directives involving nuclear safety included in
contracts; (2) concurs with nuclear safety requirements included in contracts; (3) concurs
with all exemptions to nuclear safety requirements in contracts that were added to the
contract; (4) recommends issues and proposed resolutions concerning DOE safety
requirements, concurs in the adoption or revision of nuclear safety requirements
(including supplemental requirements), and provides expectations and guidance for
implementing nuclear safety requirements as necessary for use by DOE employees and
contractors; (5) maintains operational awareness of the implementation of nuclear safety
requirements and guidance, consistent with the principles of ISM across the DOE
complex (including, for example, reviewing Documented Safety Analyses, Authorization
Agreements and readiness reviews as necessary to evaluate the adequacy of safety
controls and implementation); (6) periodically reviews and assesses whether DOE is
maintaining adequate numbers of technically competent personnel necessary to fulfill
nuclear safety responsibilities; and, (7) provides inputs to, reviews, and concurs with
DOE-wide nuclear safety related research and development activities.
COGNIZANT SECRETARIAL OFFICER—The first-tier Headquarters office with
responsibility and authority for the particular activity under consideration.
CONSERVATIVE DECISION MAKING—Reaching conclusions by placing value on
facility safety above the production goals of the station. Facility results demonstrate
recognition and avoidance of activities that unnecessarily reduce safety margins.
CONTRACTING OFFICER—A person with authority to enter into, administer, and
terminate contracts and make related determinations and findings; includes certain
authorized representatives of the contracting officer acting within the limits of authority
as delegated by the contracting officer. [DOE O 541.1B]
CONTROLS—Administrative and engineering mechanisms that can affect the chemical,
physical, metallurgical or nuclear process of a nuclear facility in such a manner as to
effect the protection of the health and safety of the public and workers, or the protection
of the environment. Also, error-prevention techniques adopted to prevent error and to
recover from or mitigate the effects of error; to make an activity or process go smoothly,
properly, and according to high standards. Multiple layers of controls provide defense in
depth.
CONTRACTOR—Any entity under contract with the Department of Energy with the
responsibility to perform activities at a DOE site or facility. [10 CFR 835.2]
CORE FUNCTIONS (or ISM CORE FUNCTIONS)—The core safety management
functions are defined in DOE P 450.4, Safety Management System Policy, to be: (1)
define the scope of work; (2) analyze the hazards; (3) develop and implement hazard
controls; (4) perform work within controls; and (5) provide feedback and continuous
improvement. These functions are also identified in DEAR 48 CFR 970.5223-1(c).
CULTURE—An organization’s system of commonly held values and beliefs that
influence the attitudes, choices and behaviors of the individuals of the organization.
DEFENSE IN DEPTH - An approach to facility safety that builds in layers of defense
against release of or exposure to hazardous materials so that no one layer by itself, no
matter how good, is completely relied upon. To compensate for potential human and
mechanical failures, defense in depth is based on several layers of protection with
successive barriers to prevent the release of or exposure to hazardous materials. This
approach includes protection of the barriers to avert damage to the plant and to the
barriers themselves. It includes further measures to protect the public, workers, and the
environment from harm in case these barriers are not fully effective. Defense in depth
controls include engineering controls, administrative processes, and personnel staffing
and capabilities.
DEVIANCE—See NORMALIZATION OF DEVIANCE.
ENHANCED WORK PLANNING—A process that evaluates and improves the program
by which work is identified, planned, approved, controlled, and executed. The key
elements of enhanced work planning are line management ownership; a graded approach
to work management based on risk and complexity; worker involvement beginning at the
earliest phases of work management; organizationally diverse teams; and organized,
institutionalized communication.
ENGINEERING CONTROLS—Physical controls, including set points and operating
limits; as distinct from administrative controls.
ENVIRONMENTAL MANAGEMENT SYSTEM—The part of the overall management
system that includes organization structure, planning activities, responsibilities, practices,
procedures, processes, and resources for developing, integrating, achieving, reviewing,
and maintaining, environmental policy; a continuing cycle of planning, implementing,
evaluating, and improving processes and actions undertaken to achieve environmental
goals.
ERROR—An action that unintentionally departs from an expected behavior.
ERROR-LIKELY SITUATION—A work situation in which there is greater opportunity
for error when performing a specific action or task due to error precursors (also known as
"error trap").
FIELD ELEMENT—A non-headquarters DOE organization that is geographically
distinct. Field elements can be area offices, support offices; operations offices; field
offices; regional offices; or offices located at environmental restoration, construction, or
termination sites.
GUIDING PRINCIPLES (or ISM GUIDING PRINCIPLES)—Conditions for
performance of work that an integrated safety management system must address. The
guiding principles are defined in DOE P 450.4, Safety Management System Policy, to be:
(1) Line management Responsibility for Safety, (2) Clear Roles and Responsibilities, (3)
Competence Commensurate with Responsibilities, (4) Balanced Priorities, (5)
Identification of Safety Standards and Requirements, (6) Hazard Controls Tailored to
Work Being Performed, and (7) Operations Authorization. These principles are also
identified in DEAR 48 CFR 970.5223-1(b).
HAZARD—A source of danger (i.e., material, energy source, or operation) with the
potential to cause illness, injury, or death to personnel or damage to a facility or to the
environment (without regard to the likelihood or credibility of accident scenarios or
consequence mitigation).
HAZARD CONTROLS—Measures to eliminate, limit, or mitigate hazards to workers,
the public, or the environment, including (1) physical, design, structural, and engineering
features; (2) safety structures, systems, and components; (3) safety management
programs; (4) technical safety requirements; and (5) other controls necessary to provide
adequate protection from hazards.
HIERARCHY OF CONTROLS - The following hierarchy of defense in depth controls is
recognized and applied: (1) elimination or substitution of the hazards, (2) engineering
controls, (3) work practices and administrative controls, and (4) personal protective
equipment. Inherently safe designs are preferred over ones requiring engineering
controls. Prevention is emphasized in design and operations to minimize the use of, and
thereby possible exposure to, toxic or hazardous substances.
HIGH-RELIABILITY ORGANIZATION—Organizations that consistently operate
under trying and hazardous conditions, and manage to have relatively few accidents.
These organizations operate in settings where the potential for error and disaster is very
high. They have no choice but to function reliably because failure results in severe
consequences. HRO theory holds that significant accidents can be prevented through
proper management of prevention and mitigation activities. Examples of high-reliability
organizations: nuclear aircraft carriers, nuclear power generating plants, power grid
dispatching centers, air traffic control systems, aircraft operations, hospital emergency
departments, hostage negotiating teams, firefighting crews, continuous processing firms.
HRO characteristics include: (1) personal technical excellence and commitment to
continuous training: (2) sustained, high levels of operational performance, encompassing
both productivity and safety objectives; (3) robust technical systems and structures, and
organizational processes that provide redundancy and flexibility; (4) decentralized
authority patterns, including deference to capable individuals with the most technical
expertise and individuals closest to the problem; (5) a committed workforce where every
individual understands and accepts their roles and responsibilities for safe mission
performance; (6) a deep commitment to continuous performance improvement, openness
and trust, and cultivation of a continuous learning environment; and (7) the use of
systems of checks and audits to build reliability.
HUMAN ERROR—A phrase that generally means the slips and mistakes of humankind.
See also active error and latent error.
HUMAN PERFORMANCE—(1) Individual sense: A series of behaviors executed to
accomplish specific task objectives (results); (2) Organizational sense: The sum of what
people (individuals, leaders, managers) are doing and what people have done; the
aggregate system of processes, influences, behaviors, and their ultimate results that
eventually become manifest in the physical plant.
HUMAN PERFORMANCE IMPROVEMENT—Human Performance Improvement is
fundamentally about reducing errors and managing defenses. Striving for excellence in
human performance is an ongoing effort to reduce events caused by human error. Human
error is caused by a variety of conditions related to individual behavior, management and
leadership practices, and organizational processes and values. Behaviors at all levels
need alignment to improve individual performance, reduce errors and prevent events.
Alignment involves facilitating organizational processes and values to support desired
behaviors.
INTEGRATED SAFETY MANAGEMENT—The DOE approach for systematically
integrating safety into management and work practices at all levels so that missions are
accomplished while protecting the public, the worker, and the environment.
INTEGRATED SAFETY MANAGEMENT SYSTEM—A safety management system
that provides a formal, organized process whereby people plan, perform, assess, and
improve the safe conduct of work efficiently and in a manner that ensures protection of
workers, the public, and the environment. This management system is used to implement
ISM to systematically integrate safety into management and work practices at all levels
so that missions are accomplished while protecting the public, the worker, and the
environment.
ISM CHAMPION—DOE employees designated to support their line management in
implementing ISM and serving on the ISM Champions Council. The DOE ISM
Champion is designated by the Deputy Secretary and chairs the ISM Champions Council.
Each DOE Secretarial office and field office designates an ISM Champion to support
them in ISM implementation activities.
ISM CHAMPIONS COUNCIL—The Council chartered to support line management in
developing and sustaining vital, mature ISM systems throughout the Department. The
Council promotes continuous learning and improvement of ISM effectiveness throughout
the DOE complex.
ISO STANDARD 14001—Internationally recognized voluntary environmental
management system standard that provides organizations with the elements of an
effective environmental management system that can be integrated with other
management requirements to help organizations to achieve environmental and economic
goals.
JUST CULTURE—A culture that understands and values the distinction between blame-
free and culpable actions, and does not seek to punish errors that are unintentional and
reasonable given the context. In a just culture, line managers demonstrate an
understanding that humans are fallible and when mistakes are made, the organization
seeks first to learn as opposed to blame. In a just culture, employees are more likely to
report errors, near-misses, and error-likely situations, which help the organization to learn
and improve.
LAGGING INDICATOR (or OUTCOME INDICATOR)—A parameter or measure,
changes in which provide information about previous performance as reflected in events,
observations, problem reports, and similar occurrences.
LATENT ERROR—An error, act, or decision that results in organization-related
weaknesses or equipment flaws that lie dormant until revealed either by human error,
testing, or self-assessment.
LATENT ORGANIZATIONAL WEAKNESSES—Loopholes in the system’s defenses,
barriers, and safeguards whose potential existed for some time prior to the onset of the
accident sequence, though usually without any obvious bad effect. These loopholes
consist of imperfections in features such as leadership/supervision, training and
qualification, report of defects, engineered safety features, safety procedures, and hazard
identification and evaluation. Most accidents originate from or are propagated by latent
weaknesses.
LEADING INDICATOR (or Process Indicator)—A parameter or measure, changes in
which are frequently followed by a correlated change in one or more other performance
measures some time later; provides information about developing or changing conditions
upstream in the organization that tend to influence future human performance at the job
site.
LEARNING ORGANIZATION—One that values continuous learning. An organization
that is deeply committed to continuous performance improvement and develops and
sustains organizational processes, such as incident critiques, that facilitate continuous
improvement; encourage openness and trust so that problems are reported; cultivate an
environment that encourages and rewards ongoing efforts to learn from experience, learn
from others, and from self-directed studies; aggressively seek to know what it doesn’t
know; demonstrate excellence in performance monitoring, problem analysis, solution
planning, and solution implementation; systematically eliminate or mitigate error-likely
situations; and remain obsessed with the liabilities of success.
LINE MANAGEMENT—Any management level within the line organization, including
contractor management that is responsible and accountable for directing and conducting
work.
MENTAL MODEL—Structured organization of knowledge a person has about how
something works (usually in terms of generalizations, assumptions, pictures, or key
words). Mental models may be deeply ingrained and even unconscious.
MINDFULNESS—The combination of ongoing scrutiny of existing expectations,
continuous refinement and differentiation of expectations based on newer experiences,
willingness and capability to invent new expectations that make sense of unprecedented
events, a more nuanced appreciation of context and ways to deal with it, and
identification of new dimensions of context that improve foresight and current
functioning. Mindfulness is a pre-occupation with updating. Mindful people accept the
reality of ignorance and work hard to smoke it out, knowing full well that each new
answer uncovers a host of new questions. Mindfulness is exhibited by high reliability
organizations through the following five hallmarks of reliability: (1) preoccupation with
failure, (2) reluctance to simplify interpretations, (3) sensitivity to operations, (4)
commitment to resilience, and (5) deference to expertise. [Reference: Weick & Sutcliffe]
NORMALIZATION OF DEVIANCE—The tendency to redefine and accept previously-
unexpected anomalies over time as expected events and ultimately as acceptable risks.
Diane Vaughan developed this term based on her study of the O-ring failures in the
Challenger accident. In this accident, “the range of expected error enlarged from the
judgment that it was normal to have heat on the primary O-ring, to normal to have
erosion on the primary O-ring, to normal to have gas blowby, to normal to have blowby
reaching the secondary O-ring, and finally to the judgment that it was normal to have
erosion on the secondary O-ring.”
PERFORMANCE INDICATOR—Operational information indicative of the performance
or condition of a facility, group of facilities, site, or process. (See also leading and
lagging indicator.)
QUESTIONING ATTITUDE—An attitude that encourages a person's foresight to
precede his or her action such that planning, judgment, and decision-making are
appropriate for the situation.
SAFETY—In ISM, the term “safety” is used synonymously with environment, safety,
and health (ES&H) to encompass protection of the public, the workers, and the
environment [DOE P 450.4]. Safety is a dynamic non-event; a stable outcome produced
by constant adjustments to system parameters. To achieve stability, change in one
system parameter must be compensated for by changes in other parameters, through a
process of continuous mutual adjustment [Reference: Weick & Sutcliffe].
SAFETY CULTURE—The safety culture of an organization is the product of individual
and group values, attitudes, competencies, and patterns of behavior that determine the
commitment to, and the style and proficiency of, an organization’s health and safety
programs. Organizations with a positive safety culture are characterized by
communications founded on mutual trust, by shared perceptions of the importance of
safety, and by confidence in the efficacy of preventive measures. The term safety culture
entered public awareness through the vocabulary of nuclear safety after the Chernobyl
nuclear power plant explosion.
SAFETY PERFORMANCE OBJECTIVES, MEASURES, AND COMMITMENT—
Safety performance objectives are long-term management system goals. Safety
performance commitments are specific actions that will be taken during a specific year to
further achievement of long-term performance objectives. Performance commitments
would be expected to address significant identified weaknesses or areas for improvement.
These may include either major corrective actions or major improvement actions. Safety
performance measures are used to monitor achievement of performance objectives and
commitments.
SAFETY PROGRAMS—Programs, required by DOE or other regulatory authority or
committed to in the contractor's ISM description, that will be adhered to for a scope of
work by a facility or site in support of the work.
SECRETARIAL OFFICER—Secretarial Officers are: the Secretary, Deputy Secretary,
and Under Secretaries; and the Assistant Secretaries and Staff or Program Office
Directors reporting to the Secretary either directly or through the Deputy Secretary or
Under Secretaries. The NNSA Administrator and Deputy Administrators are Secretarial
Officers.
SELF-ASSESSMENT—A review, analysis or evaluation, that can be informal or formal
and structured, of a program or management system performed by the organization
responsible for the program or system to determine whether its implementation is in
conformance with established requirements and/or defined expectations.
SITUATIONAL AWARENESS—The mental activity of developing and maintaining an
accurate mental model of the facility state and the work situation based on knowledge of
critical parameters, observations of system or equipment condition, work environment,
team members, and recall of fundamental knowledge of the facility.
STANDARD—
a. The term "standard," or "technical standard" as cited in Public Law 104-
113, includes all of the following:
(1) Common and repeated use of rules, conditions, guidelines or
characteristics for products or related processes and production
methods, and related management system practices.
(2) The definition of terms; classification of components; delineation
of procedures; specification of dimensions, materials, performance,
designs, or operations; measurement of quality and quantity in
describing materials, processes, products, systems, services, or
practices; test methods and sampling procedures; or descriptions of
fit and measurements of size or strength.
b. The term "standard" does not include the following:
(1) Professional standards of personal conduct.
(2) Institutional codes of ethics.
SUPPLEMENTAL SAFETY CULTURE ELEMENTS—Four elements, to supplement
the original seven ISM guiding principles, to help organizations to develop the
appropriate context or environment for effective implementation of ISM systems: (1)
Individual Attitude and Responsibility for Safety, (2) Operational Excellence, (3)
Oversight for Performance Assurance, and (4) Organizational Learning for Performance
Improvement.
VIOLATION—Deliberate, intentional acts to evade a known policy or procedure
requirement for personal advantage usually adopted for fun, comfort, expedience, or
convenience.
VOLUNTARY PROTECTION PROGRAM—The Department of Energy Voluntary
Protection Program (DOE-VPP), which promotes safety and health excellence through
cooperative efforts among labor, management, and government at DOE contractor sites.
Closely paralleling the Occupational Safety and Health Administration Voluntary
Protection Program the DOE program identified where DOE contractors and
subcontractors can go beyond compliance with DOE Orders and OSHA standards. The
program encourages the creative stretch for excellence through systematic approaches
and cooperative efforts at the DOE sites. Requirements for participation are based on
comprehensive management systems, with employees actively involved in assessing,
preventing, and controlling the potential health and safety hazards at the site. The formal
program provides recognition of the various levels of excellence with the DOE VPP
STAR being awarded for truly outstanding protection of employee safety and health.
CONTRACTOR REQUIREMENTS DOCUMENT
DOE M 450.4-1, Integrated Safety Management System Manual
Regardless of the performer of the work, the contractor is responsible for complying with
the requirements of this Contractor Requirements Document (CRD) and flowing down
CRD requirements to subcontractors at any tier to the extent necessary to ensure
contractor compliance.
The primary source of requirements for contractors regarding implementation of ISM is
DEAR 970.5223-1, Integration of environment, safety, and health into work planning and
execution. Guidance for contractor implementation is provided in DOE G 450.4-1B,
Integrated Safety Management System Guide, dated 3-1-01. The requirements in this
CRD supplement the existing DEAR clause requirements. As directed by the contracting
officer, the contractor must meet the following requirements.
1. RESPONSIBILITIES.
Contractors are required to implement an effective ISM system for the facilities
they operate. The Department also requires integration of Quality Assurance
(QA) and Environmental Management System (EMS) into ISM systems, as
delineated in DOE O 414.1C, Quality Assurance and DOE O 450.1,
Environmental Protection Program. The contractor must comply with the
following requirements to ensure establishment of implementing procedures for
the provisions of the Contractor Requirements Document (CRD), compliance
with applicable requirements, and effective and efficient performance.
2. REQUIREMENTS.
a. Develop a contractor ISM system description and submit it for field office
approval (Note: this is an existing DEAR clause requirement repeated for
continuity). Maintain cognizance of the associated DOE field office’s
ISM system description, as provided by the DOE contracting officer.
b. Support DOE in implementing this Manual through submittals of (1)
annual ISM effectiveness reviews and annual ISM declaration reports on
ISM effectiveness, (2) ISM system description updates, if changes are
needed, and (3) safety performance objectives, measures, and
commitments, in accordance with time schedules established by the DOE.
c. Clearly describe the contractor’s ISM maintenance and continuous
improvement processes (i.e., annual ISM effectiveness reviews, annual
ISM declaration reports, ISM system description reviews and updates, and
annual updates to the safety performance objectives, measures, and
commitments) in the contractor’s ISM system description.
d. Establish and implement a program and process for identifying potential
site-wide improvement opportunities relative to ISM (both within and
beyond the contractor's scope) and reporting them to the applicable DOE
field office manager. This may be done as part of the annual declaration
report.
ISM PRINCIPLES AND ATTRIBUTES
FOR EFFECTIVE ISM IMPLEMENTATION
1. BACKGROUND AND INTRODUCTION.
a. In 1996, the Department defined the Integrated Safety Management (ISM)
system as its programmatic framework for accomplishing work safely.
Ten years of implementation experience have proven that ISM is a
fundamentally sound safety management approach with broad
applicability. The ISM concept is also well supported by Department
personnel and contractors. The Department is committed to ISM as its
enduring framework for performing work in a safe and environmentally
sound manner. [Note: In ISM, the term “safety” is used synonymously
with environment, safety, and health (ES&H) to encompass protection of
the public, the workers, and the environment.]
b. During 2004, the Department recognized and acknowledged the need to
revitalize ISM implementation. This need to revitalize or reinvigorate
ISM is due to two factors:
(1) incompleteness and inconsistencies in implementing ISM
principles and functions in programs, sites, offices, and facilities
throughout the complex, and
(2) a general waning of attention to and use of ISM as it was intended
to create and sustain continuous, measurable improvement.
c. In addition, the Department has recognized that ongoing maturation of
ISM systems at some sites and facilities enables the associated
organizations to shift focus and expected outcomes from primarily
compliance to a balance of compliance and operational excellence.
d. To address inconsistencies in implementation, the Department has targeted
three long-recognized weaknesses for renewed attention:
(1) work planning and control,
(2) feedback and improvement processes, and
(3) ISM system description and implementation by DOE federal
organizations.
e. To help reinvigorate the use of ISM as the guiding framework for
organizational performance improvement, this attachment seeks to
describe the context or environment that ISM systems must create and
within which ISM systems must function in order to be effective. With
this vision, leaders throughout the organization can direct efforts to create
the necessary environment for effective ISM implementation and,
ultimately, positive culture change that supports safe, environmentally
sound and highly productive operations.
f. This attachment seeks to clearly describe and articulate the attributes –
expected, observable behaviors and organizational characteristics – typical
of the total environment within which ISM must be implemented to be
fully effective. Leaders need to implement appropriate change strategies
to make these behaviors recognizable and typical in their work
environments. In implementing the ISM principles, line managers may
want to use the attributes for a given principle as performance indicators to
determine how well the principle is being implemented and where
additional attention is needed. Achieving these desired work behaviors
will result in greater productivity as well as improved safety.
Within the ISM hierarchy, it is the ISM principles that describe the
environment or context for work activities, in that most ISM principles
apply to each and every ISM function. Experience and research with
safety cultures and high-reliability organizations (HRO) over the past ten
or more years have raised new insights and deeper understanding relevant
to the desired work environment for effective safety management.
Experience from the commercial nuclear industry, including the Institute
for Nuclear Power Operations (INPO), has been reviewed for relevant
lessons. An analysis of this experience and research over the past decade
has identified four supplemental safety culture elements that may be
helpful to focus attention and action in the right areas to create the desired
ISM environments. These elements also promote a shift from compliance
toward excellence. They emphasize continuous improvement and long-
term performance, and are entirely consistent with the original intents of
ISM. These elements are identified and described beginning on page 12
of this attachment.
2. GUIDING PRINCIPLES FOR INTEGRATED SAFETY MANAGEMENT.
The Department has established the following principles to guide implementation
of Integrated Safety Management (ISM) systems, as defined in DOE P 450.4,
Safety Management System Policy.
· Line Management Responsibility For Safety. Line management is directly
responsible for the protection of the public, the workers, and the
environment.
· Clear Roles and Responsibilities. Clear and unambiguous lines of
authority and responsibility for ensuring safety shall be established and
maintained at all organizational levels within the Department and its
contractors.
· Competence Commensurate with Responsibilities. Personnel shall
possess the experience, knowledge, skills, and abilities that are necessary
to discharge their responsibilities.
· Balanced Priorities. Resources shall be effectively allocated to address
safety, programmatic, and operational considerations. Protecting the
public, the workers, and the environment shall be a priority whenever
activities are planned and performed.
· Identification of Safety Standards and Requirements. Before work is
performed, the associated hazards shall be evaluated and an agreed-upon
set of safety standards and requirements shall be established which, if
properly implemented, will provide adequate assurance that the public, the
workers, and the environment are protected from adverse consequences.
· Hazard Controls Tailored to Work Being Performed. Administrative and
engineering controls to prevent and mitigate hazards shall be tailored to
the work being performed and associated hazards.
· Operations Authorization. The conditions and requirements to be satisfied
for operations to be initiated and conducted shall be clearly established
and agreed upon.
Note: The ISM core functions (defined in DOE P 450.4, Safety Management
System Policy) describe the specific work activities that must be accomplished,
and these are not explicitly addressed by this attachment:
(1) “Define the Scope of Work,”
(2) “Analyze the Hazards,”
(3) “Develop and Implement Hazard Controls,”
(4) “Perform Work within Controls,” and
(5) “Provide Feedback and Continuous Improvement.”
It is vitally important that each organizational element effectively implement
these five core functions, beginning with defining its own work, to the extent
necessary to support the safe conduct of operational work activities. The core
functions are described in detail in DOE G 450.4-1B, Integrated Safety
Management System Guide, and have received considerable attention. This
attachment focuses on the ISM principles because these have received less
attention than needed to achieve the requisite environment for effective ISM
implementation. The emphasis in this attachment on ISM principles should not
be interpreted as a slight in any way on the essential role of the ISM core
functions. The current ISM Guide adequately addresses expectations for ISM
core functions.
LINE MANAGEMENT RESPONSIBILITY FOR SAFETY
Line management is directly responsible for the protection of the public, the workers, and
the environment.
Attributes
· Line managers (from the Secretary to the DOE cognizant Secretarial Officer to
the DOE Field Office Manager to the Contractor Senior Manager to the front-line
worker) understand and accept their safety responsibilities inherent in mission
accomplishment. Line managers do not depend on supporting organizations to
build safety into line management work activities.
· Line managers have a clear understanding of their work activities and their
performance objectives, and how they will conduct their work activities safely
and accomplish their performance objectives.
· Line managers demonstrate their commitment to safety. Top-level line managers
are the leading advocates of safety and demonstrate their commitment in both
word and action. Line managers periodically take steps to reinforce safety,
including personal visits and walkthroughs to verify that their expectations are
being met.
· Line managers spend time on the floor. Line managers practice visible leadership
in the field by placing “eyes on the problem,” coaching, mentoring, and
reinforcing standards and positive behaviors. Deviations from expectations are
corrected promptly and, when appropriate, analyzed to understand why the
behaviors occurred.
· Line managers maintain a strong focus on the safe conduct of work activities.
· Line managers maintain awareness of key performance indicators related to safe
work accomplishment, watch carefully for adverse trends or indications, and take
prompt action to understand adverse trends and anomalies.
· Line managers throughout the organization set an example for safety through their
direct involvement in continuous learning by themselves and their followers on
topics related to technical understanding and safety improvement.
· Line managers are skilled in responding to employee questions in an open, honest
manner. They encourage and appreciate the reporting of safety issues and errors.
They do not discipline employees for the reporting of errors. They encourage a
vigorous questioning attitude toward safety, and constructive dialogues and
discussions on safety matters.
· Credibility and trust are present and continuously nurtured. Line managers
reinforce perishable values of trust, credibility, and attentiveness. The
organization is just – that is, the line managers demonstrate an understanding that
humans are fallible and when mistakes are made, the organization seeks first to
learn as opposed to blame. The system of rewards and sanctions is aligned with
strong safety policies and reinforces the desired behaviors and outcomes.
CLEAR ROLES AND RESPONSIBILITIES
Clear and unambiguous lines of authority and responsibility for ensuring safety shall be
established and maintained at all organizational levels within the Department and its
contractors.
Attributes
· Responsibility and authority for safety are well defined and clearly understood as
an integral part of performing work.
· Organizational safety responsibilities are sufficiently comprehensive to address
the work activities and hazards involved.
· The line of authority and responsibility for safety is defined from the Secretary to
the individual contributor. Each of these positions has clearly defined roles,
responsibilities, and authorities, designated in writing and understood by the
incumbent.
· Ownership boundaries and authorities are clearly defined at the institutional,
facility, and activity levels, and interface issues are actively managed.
· Organizational functions, responsibilities, and authorities documents are
maintained current and accurate.
· Reporting relationships, positional authority, staffing levels and capability,
organizational processes and infrastructure, and financial resources are
commensurate with and support fulfillment of assigned or delegated safety
responsibilities.
· All personnel understand the importance of adherence to standards.
· Line managers provide ongoing reviews of performance of assigned roles and
responsibilities to reinforce expectations and ensure that key safety
responsibilities and expectations are being met.
· Personnel at all levels of the organization are held accountable for shortfalls in
meeting standards and expectations related to fulfilling safety responsibilities.
Accountability is demonstrated both by recognition of excellent safety performers
as well as identification of less-than-adequate performers. In holding people
accountable, in the context of a just culture, managers consider individual
intentions and the organizational factors that may have contributed.
COMPETENCE COMMENSURATE WITH RESPONSIBILITIES
Personnel shall possess the experience, knowledge, skills, and abilities that are necessary
to discharge their responsibilities.
Attributes
· People and their professional capabilities, experiences, and values are regarded as
the organization’s most valuable assets. Organizational leaders place a high
personal priority and time commitment on recruiting, selecting, and retaining an
excellent technical staff.
· The organization maintains a highly knowledgeable workforce to support a broad
spectrum of operational and technical decisions. Technical and safety expertise is
embedded in the organization. Outside expertise is employed when necessary.
· Individuals have in-depth understanding of safety and technical aspects of their
jobs. Technical qualification standards are defined and personnel are trained
accordingly. Technical support personnel have expert-level technical
understanding. Managers have strong technical backgrounds in their area of
expertise.
· Assignments of safety responsibilities and delegations of associated authorities
are made to individuals with the necessary technical experience and expertise. In
rare cases, if this is not possible, corrective and compensatory actions are taken.
· The organization values and practices continuous learning, and requires
employees to participate in recurrent and relevant training and encourages
educational experiences to improve knowledge, skills, and abilities. Professional
and technical growth is formally supported and tracked to build organizational
capability.
· Training to broaden individual capabilities and to support organizational learning
is available and encouraged – to appreciate the potential for unexpected
conditions; to recognize and respond to a variety of problems and anomalies; to
understand complex technologies and capabilities to respond to complex events;
to develop flexibility at applying existing knowledge and skills in new situations;
to improve communications; to learn from significant industry and DOE events.
· Mental models, practices, and procedures are updated and refreshed based on new
information and new understanding.
· Training effectively upholds management’s standards and expectations. Beyond
teaching knowledge and skills, trainers are adept at reinforcing requisite safety
values and beliefs.
· Managers set an example for safety through their personal commitment to
continuous learning and by their direct involvement in high-quality training that
consistently reinforces expected worker behaviors.
· Managers encourage informal opinion leaders in the organization to model safe
behavior and influence peers to meet high standards.
BALANCED PRIORITIES
Resources shall be effectively allocated to address safety, programmatic, and operational
considerations. Protecting the public, the workers, and the environment shall be a
priority whenever activities are planned and performed.
Attributes
· Organization managers frequently and consistently communicate the safety
message, both as an integral part of the mission and as a stand-alone theme.
· Managers recognize that aggressive mission and production goals can appear to
send mixed signals on the importance of safety. Managers are sensitive to detect
and avoid these misunderstandings, or to deal with them effectively if they arise.
· The organization demonstrates a strong sense of mission and operational goals,
including a commitment to highly reliable operations, both in production and
safety. Safety and productivity are both highly valued.
· Safety and productivity concerns both receive balanced consideration in funding
allocations and schedule decisions. Resource allocations are adequate to address
safety. If funding is not adequate to ensure safety, operations are discontinued.
· Staffing levels and capabilities are consistent with the expectation of maintaining
safe and reliable operations.
· The organizational staffing provides sufficient depth and redundancy to ensure
that all important safety functions are adequately performed.
· The organization is able to build and sustain a flexible, robust technical staff and
staffing capacity. Pockets of resilience are established through redundant
resources so that adequate resources exist to address emergent issues. The
organization develops sufficient resources to rapidly cope and respond to
unexpected changes.
· Key technical officials are assigned for long terms of service to provide
institutional continuity and constancy regarding safety requirements and
expectations. Organizational knowledge is valued and efforts are made to
preserve it when key players move on.
· Systems of checks and balances are in place and effective at all levels of the
organization to make sure that safety considerations are adequately weighed and
prioritized.
· Safety and quality assurance positions have adequate organizational influence.
· Adequate resources are allocated for safety upgrades and repairs to aging
infrastructure. Modern infrastructure and new facility construction are pursued to
improve safety and performance over the long term.
IDENTIFICATION OF SAFETY STANDARDS AND REQUIREMENTS
Before work is performed, the associated hazards shall be evaluated and an agreed-upon
set of safety standards and requirements shall be established which, if properly
implemented, will provide adequate assurance that the public, the workers, and the
environment are protected from adverse consequences.
Attributes
· Facilities are designed, constructed, operated, maintained, and decommissioned
using consensus industry codes and standards, where available and applicable, to
protect workers, the public, and the environment.
· Applicable requirements from laws, statutes, rules and regulations are identified
and captured so that compliance can be planned, expected, demonstrated, and
verified.
· Clear, concise technical safety directives are centrally developed, where
necessary, and are based on sound engineering judgment and data. DOE
directives and technical standards are actively maintained up to date and accurate.
· A clearly-defined set of safety requirements and standards is invoked in
management contracts, or similar agreements. An accepted process is used for
identification of the appropriate set of requirements and standards. This set of
requirements is comprehensive and includes robust quality assurance, safety, and
radiological and environmental protection requirements.
· Implementing plans, procedures and protocols are in place to translate
requirements into action by the implementing organization.
· Technical and operational safety requirements clearly control the safe operating
envelope. The safety envelope is clearly specified and communicated to
individuals performing operational tasks.
· Exemptions from applicable technical safety requirements are both rare and
specific, provide an equivalent level of safety, have a compelling technical basis,
and are approved at an appropriate organizational level.
· Compliance with applicable safety and technical requirements is expected and
verified.
· Willful violations of requirements are rare, and personnel and organizations are
held strictly accountable in the context of a just culture. Unintended failures to
follow requirements are promptly reported, and personnel and organizations are
given credit for self-identification and reporting of errors.
· The organization actively seeks continuous improvement to safety standards and
requirements through identification and sharing of effective practices, lessons
learned, and applicable safety research. The organization is committed to
continuously rising standards of excellence.
HAZARD CONTROLS TAILORED TO WORK BEING PERFORMED
Administrative and engineering controls to prevent and mitigate hazards shall be tailored
to the work being performed and associated hazards.
Attributes
· Work hazards are identified and controlled to prevent or mitigate accidents, with
particular attention to high consequence events with unacceptable consequences.
Workers understand hazards and controls before beginning work activities.
· The selection of hazard controls considers the type of hazard, the magnitude of
the hazard, the type of work being performed, and the life-cycle of the facility.
Controls are designed and implemented commensurate with the inherent level and
type of hazard.
· Safety analyses identifying work hazards are comprehensive and based on sound
engineering judgment and data.
· Defense in depth is designed into highly-hazardous operations and activities, and
includes independent, redundant, and diverse safety systems, which are not overly
complex. Defense in depth controls include engineering controls, administrative
processes, and personnel staffing and capabilities.
· Emphasis is placed on designing the work and/or controls to reduce or eliminate
the hazards and to prevent accidents and unplanned releases and exposures.
· The following hierarchy of defense in depth is recognized and applied: (1)
elimination or substitution of the hazards, (2) engineering controls, (3) work
practices and administrative controls, and (4) personal protective equipment.
Inherently safe designs are preferred over ones requiring engineering controls.
Prevention is emphasized in design and operations to minimize the use of, and
thereby possible exposure to, toxic or hazardous substances.
· Equipment is consistently maintained so that it meets design requirements.
· Safety margins are rigorously maintained. Design and operating margins are
carefully guarded and changed only with great thought and care. Special attention
is placed on maintaining defense-in-depth.
· Organizations implement hazard controls in a consistent and reliable manner.
Safety is embedded in processes and procedures through a functioning formal
integrated safety management system. Facility activities are governed by
comprehensive, efficient, high-quality processes and procedures.
· Hazard controls are designed with an understanding of the potential for human
error. Error-likely situations are identified, eliminated, or mitigated. Existence of
known error-likely situations is communicated to workers prior to commencing
work along with planned mechanisms to assure their safety.
OPERATIONS AUTHORIZATION
The conditions and requirements to be satisfied for operations to be initiated and
conducted shall be clearly established.
Attributes
· Formal facility authorization agreements are in place and maintained between
owner and operator.
· Readiness at the facility level is verified before hazardous operations commence.
Pre-operational reviews confirm that controls are in place for known hazards.
· Facility operations personnel maintain awareness of all facility activities to ensure
compliance with the established safety envelope.
· Work authorization is defined at the activity level. The work authorization
process verifies that adequate preparations have been completed so that work can
be performed safely. These preparations include verifying that work methods and
requirements are understood; verifying that work conditions will be as expected
and not introduce unexpected hazards; and verifying that necessary controls are
implemented.
· The extent of documentation and level of authority for work authorization is
based on the complexity and hazards associated with the work.
3. SUPPLEMENTAL SAFETY CULTURE ELEMENTS
Based on experience and learning over the past ten years since the inception of
Integrated Safety Management, the Department has identified the following four
supplemental safety culture elements to be used, along with the existing ISM
guiding principles, to help develop the appropriate context or environment for
effective implementation of Integrated Safety Management (ISM) systems within
the Department of Energy and at its sites and facilities in the future:
INDIVIDUAL ATTITUDE AND RESPONSIBILITY FOR SAFETY.
Every individual accepts responsibility for safe mission performance. Individuals
demonstrate a questioning attitude by challenging assumptions, investigating anomalies,
and considering potential adverse consequences of planned actions. All employees are
mindful of work conditions that may impact safety, and assist each other in preventing
unsafe acts or behaviors.
· OPERATIONAL EXCELLENCE. Organizations achieve sustained, high levels
of operational performance, encompassing all DOE and contractor activities to
meet mission, safety, productivity, quality, environmental, and other objectives.
High-reliability is achieved through a focus on operations, conservative decision-
making, open communications, deference to expertise, and systematic approaches
to eliminate or mitigate error-likely situations.
· OVERSIGHT FOR PERFORMANCE ASSURANCE. Competent, robust,
periodic and independent oversight is an essential source of feedback that verifies
expectations are being met and identifies opportunities for improvement.
Performance assurance activities verify whether standards and requirements are
being met. Performance assurance through conscious, directed, independent
reviews at all levels brings fresh insights and observations to be considered for
safety and performance improvement.
· ORGANIZATIONAL LEARNING FOR PERFORMANCE IMPROVEMENT.
The organization demonstrates excellence in performance monitoring, problem
analysis, solution planning, and solution implementation. The organization
encourages openness and trust, and cultivates a continuous learning environment.
INDIVIDUAL ATTITUDE AND RESPONSIBILITY FOR SAFETY.
Every individual accepts responsibility for safe mission performance. Individuals
demonstrate a questioning attitude by challenging assumptions, investigating anomalies,
and considering potential adverse consequences of planned actions. All employees are
mindful of work conditions that may impact safety, and assist each other in preventing
unsafe acts or behaviors.
Attributes:
· Individuals understand and demonstrate responsibility for safety. Safety and its
ownership are apparent in everyone's actions and deeds. Workers are actively
involved in identification, planning, and improvement of work and work
practices. Workers follow approved procedures. Workers at any level can stop
unsafe work or work during unexpected conditions.
· Individuals promptly report errors and incidents. They feel safe from reprisal in
reporting errors and incidents; they offer suggestions for improvements.
· Individuals are mindful of the potential impact of equipment and process failures;
they are sensitive to the potential of faulty assumptions and errors, and
demonstrate constructive skepticism. They appreciate that mindfulness requires
effort.
· Individuals recognize that errors and imperfections are likely to happen. They
recognize the limits of foresight and anticipation, and watch for things that have
not been seen before. They appreciate that error-likely situations are predictable,
manageable, and preventable, and seek to identify and eliminate latent conditions
that give rise to human performance errors.
· Individuals cultivate a constructive, questioning attitude and healthy skepticism
when it comes to safety. Individuals question deviations, and avoid complacency
or arrogance based on past successes. Team members support one another
through both awareness of each other’s actions and constructive feedback when
necessary.
· Individuals are aware of and counteract human tendencies to simplify
assumptions, expectations, and analysis. Diversity of thought and opposing views
are welcomed and considered. Intellectual curiosity is encouraged.
· Individuals are intolerant of conditions or behaviors that have the potential to
reduce operating or design margins. Anomalies are thoroughly investigated,
promptly mitigated, and periodically analyzed in the aggregate. The bias is set on
proving work activities are safe before proceeding, rather than proving them
unsafe before halting. Personnel do not proceed and do not allow others to
proceed when safety is uncertain.
· Individuals outside of the organization (including subcontractors, temporary
employees, visiting researchers, vendor representatives, etc.) understand their
safety responsibilities.
OPERATIONAL EXCELLENCE
Organizations achieve sustained, high levels of operational performance, encompassing
all DOE and contractor activities to meet mission, safety, productivity, quality,
environmental, and other objectives. High-reliability is achieved through a focus on
operations, conservative decision-making, open communications, deference to expertise,
and systematic approaches to eliminate or mitigate error-likely situations.
Attributes
· Line managers are in close contact with the front-line; they pay attention to real-
time operational information. Maintaining operational awareness is a priority.
Line managers identify critical performance elements and monitor them closely.
· Operational anomalies, even small ones, get prompt attention and evaluation –
this allows early detection of problems so necessary action is taken before
problems grow.
· Individuals are systematic and rigorous in making informed decisions that support
safe, reliable operations. Workers are expected and authorized to take
conservative actions when faced with unexpected or uncertain conditions. Line
managers support and reinforce conservative decisions based on available
information and risks.
· Candid dialogue and debate and a healthy skepticism are encouraged when safety
issues are being evaluated. Differing professional opinions are welcomed and
respected. Robust discussion and constructive conflict are recognized as a natural
result of diversity of expertise and experience.
· Line managers regularly and promptly communicate important operational
decisions, their basis, expected outcomes, potential problems, and planned
contingencies.
· Organizations know the expertise of their personnel. Line managers defer to
qualified individuals with relevant expertise during operational upset conditions.
Qualified and capable people closest to the operational upset are empowered to
make important decisions, and are held accountable justly.
· Operations personnel are held to high standards of both technical understanding
and detailed task-oriented performance. Operations personnel provide reliable
and consistent responses to expected occurrences. Flexible responses to
unexpected occurrences are based on continuous preparation and training.
Formality and discipline in operations is valued.
· Organizational systems and processes are designed to provide layers of defenses,
recognizing that people are fallible. Prevention and mitigation measures are used
to preclude errors from occurring or propagating. Error-likely situations are
sought out and corrected, and recurrent errors are carefully examined as indicators
of latent organizational weaknesses. Managers aggressively correct latent
organizational weaknesses and measure the effectiveness of actions taken to close
the gaps.
OVERSIGHT FOR PERFORMANCE ASSURANCE
Competent, robust, periodic and independent oversight is an essential source of feedback
that verifies expectations are being met and identifies opportunities for improvement.
Performance assurance activities verify whether standards and requirements are being
met. Performance assurance through conscious, directed, independent reviews at all
levels brings fresh insights and observations to be considered for safety and performance
improvement.
Attributes:
· Performance assurance consists of robust, frequent, and independent oversight,
conducted at all levels of the organization. Performance assurance includes
independent evaluation of performance indicators and trend analysis.
· Performance assurance programs are guided by plans that ensure a base level of
relevant areas are reviewed. Assessments are performed against established
requirements (such as those defined in Criteria and Review Approach
Documents).
· Efficient redundancy in monitoring is valued; higher levels of redundancy are
recognized as necessary for higher risk activities.
· Performance Assurance includes a diversity of independent “fresh looks” to
ensure completeness and to avoid complacency. A mix of internal and external
oversight reviews reflects an integrated and balanced approach. This balance is
periodically reviewed and adjusted as needed.
· The insights and fresh perspectives provided by performance assurance personnel
are valued. Organizational feedback is actively sought to make performance
assurance activities more value-added.
· Complete, accurate, and forthright information is provided to performance
assurance organizations.
· Results from performance assurance activities are effectively integrated into the
performance improvement processes, such that they receive adequate and timely
attention. Linkages with other performance monitoring inputs are examined,
high-quality causal analyses are conducted, as needed, and corrective actions are
tracked to closure with effectiveness verified to prevent future occurrences.
· Line managers throughout the organization set an example for safety through their
direct involvement in oversight activities and associated performance
improvement.
· Senior line managers are periodically briefed on results of oversight group
activities to gain insight into organizational performance and to direct needed
corrective actions.
· Periodic ISM reviews, assessments, and verifications are conducted and used as a
basis for ISM program adjustments and implementation improvements.
ORGANIZATIONAL LEARNING FOR PERFORMANCE IMPROVEMENT
The organization demonstrates excellence in performance monitoring, problem analysis,
solution planning, and solution implementation. The organization encourages openness
and trust, and cultivates a continuous learning environment.
Attributes:
· The organization actively and systematically monitors performance through
multiple means, including leader walk-arounds, issue reporting, performance
indicators, trend analysis, benchmarking, industry experience reviews, self-
assessments, and performance assessments. Feedback from various sources is
integrated to create a full understanding.
· Processes are established to identify and resolve latent organizational weaknesses
that can aggravate relatively minor events if not corrected. Linkages among
problems and organizational issues are examined and communicated.
· Open communications and teamwork are the norm. People are comfortable
raising and discussing questions or concerns. Good news and bad news are both
valued and shared.
· A high level of trust is established in the organization. Reporting of individual
errors is encouraged and valued. A variety of methods are available for personnel
to raise safety issues, without fear of retribution.
· Organization members convene to swiftly uncover lessons and learn from
mistakes. Frequent incident reviews are conducted promptly after an incident to
ensure data quality to identify improvement opportunities.
· Operating experience is highly valued, and the capacity to learn from experience
is well developed. The organization regularly examines and learns from operating
experiences, both internal and in related industries.
· Expertise in causal analysis is applied effectively to examine events and improve
safe work performance. High-quality causal analysis is the norm. Causal analysis
is performed on a graded approach for major and minor incidents, and near-
misses, to identify causes and follow-up actions. Even small failures are viewed
as windows into the system that can spur learning.
· Performance improvement processes encourage workers to offer innovative ideas
to improve performance and to solve problems.
· Line managers are actively involved in all phases of performance monitoring,
problem analysis, solution planning, and solution implementation to resolve
safety issues.
· Vigorous corrective and improvement action programs are in place and effective.
Rapid response to problems and closeout of issues ensures that small issues do not
become large ones. Managers are actively involved to balance priorities to
achieve timely resolutions.
4. RELATIONSHIP BETWEEN ISM PRINCIPLES, FUNCTIONS,
OPERATIONAL WORK, AND PERFORMANCE RESULTS.
The figure below depicts various levels within the organizational culture. The
outer level represents the environment within which the work must take place.
The outer level is most influenced by the ISM Principles (and the supplemental
safety culture elements). The next level is the process level, where management
systems are defined to direct behaviors. This level is most influenced by the ISM
Functions. The inner-most level is the activity-level work itself, where
operational work is performed. This work is the direct interaction between people
and physical facility, and is mostly performed by DOE contractors (except at
GoGos). This is the level at which organizations can measure ultimate
performance results and determine whether the ISM program objectives have
been realized. Performance measures at other levels can show how effectively the
process and culture support the desired safety objectives. Showing work at the
inner-most level does not mean that work is not required at the other levels;
indeed, work activities are required at the other levels to develop work processes
and highly reliable, error tolerant work environments.
Organizations are systems and it is important that the organization be measured at all
three levels, with their alignment routinely assessed. Understanding the performance and
perceptions at each level is essential to the development of integrated organizational,
process, and work activity improvements that are likely to be effective and sustaining.
5. RELATIVE FOCUS OF ATTENTION BY LEVEL.
Different levels of the organization (enterprise, site, facility, and activity) will
provide different levels of attention to implementing the ISM principles and ISM
functions. As the ISM principles relate more to establishing the desired
environment and the desired culture, more attention to implementing the ISM
principles is expected at higher levels of the organization (such as the enterprise
and site level). At the lower levels, attention to the ISM principles will not need
to be as focused, since many of the principles should be effectively built into
work procedures and practices. Regarding ISM functions, this is the primary
focus of the lower levels of the organization and will require the clear majority of
its relative attention. For the higher levels of the organization, their involvement
and attention will also be needed to facilitate accomplishment of the ISM
functions, although in a lower percentage when compared to attention to ISM
principles. The figure below illustrates this concept.
6. IMPLEMENTATION.
a. Initially, DOE offices will be required by this Manual to prepare ISM
system descriptions that address how the existing ISM principles will be
implemented to create the desired behaviors for effective ISM
implementation. DOE offices may also choose to use the supplemental
safety culture elements and/or associated attributes to help them in
developing their ISM system descriptions. Attempts to incorporate these
elements in the DOE office ISM systems descriptions should not delay or
detract from establishing the basic ISM framework described in DOE P
450.4, Safety Management System Policy. DOE contractors are not
required to make any changes to their ISM Systems to address the
supplemental safety culture elements.
b. In 2007, the DOE and contractor community will engage in a dialogue
about the ultimate role of the concepts in this Attachment. Based on the
outcomes of that dialogue, the DOE ISM directives will be revised to
capture the experience, lessons learned, successful implementation
methods, and good practices related to implementation. At that time, it is
expected that the seven ISM guiding principles and the four supplemental
safety culture elements will be reviewed for possible integration into a
single set. This process may include combining some of these items
where appropriate. This process may also determine that some or all of
the attributes of the four supplemental safety culture elements described in
this Attachment can be adequately assigned to existing ISM principles and
functions. Only after the associated DOE directives and ISM DEAR
clause are revised will the contractors be required to address any potential
changes or additions to the ISM program related to this Attachment.
7. ASSESSMENTS.
The material in this Attachment is provided to clarify expectations for
implementation of the ISM guiding principles and to describe supplemental safety
culture elements. The attributes are not intended for use as assessment criteria.
The attributes are intended for use as a management tool to help clarify
expectations of organizations and employees. The attributes may be used as
performance indicators regarding how well an organization is implementing the
ISM principles or supplementary safety culture elements. When used as
performance indicators, reviews against the attributes should be used for
diagnosis and improvement. In general, an organization’s safety management
system, as documented in its ISM system description, is the authoritative
document against which implementation should be assessed.
8. CONCLUSION
Thorough and consistent implementation of the principles in this document will
provide the necessary environment for DOE organizations to succeed and thrive.
This Attachment provides the vision for DOE to achieve the essential attributes of
a high-performing organization, and further improve the Department’s safety
record and productivity record. This vision captures the elements needed for
DOE to move beyond a compliance-based approach to a performance-based
approach, consistent with more mature high-reliability organizations.
For example, the International Atomic Energy Agency (IAEA) developed a
capability maturity model that illustrates the stages that an organization goes
though in achieving a mature safety culture. These stages are:
Stage I. The organization sees safety as an external requirement and not as an
aspect of conduct that will help the organization to succeed. The external
requirements are those of national governments, regional authorities, or regulatory
bodies. There is little awareness of behavioral and attitudinal aspects of safety
performance, and no willingness to consider such issues. Safety is seen very
much as a technical issue. Mere compliance with rules and regulations is
considered adequate.
Stage II. An organization at Stage II has a management which perceives safety
performance as important even in the absence of regulatory pressure. Although
there is growing awareness of behavioral issues, this aspect is largely missing
from safety management methods which comprise technical and procedural
solutions. Safety performance is dealt with, along with other aspects of the
business, in terms of targets or goals. The organization begins to look at the
reasons why safety performance reaches a plateau and is willing to seek the
advice of other organizations.
Stage III. An organization at Stage III has adopted the idea of continuous
improvement and applied the concept to safety performance. There is a strong
emphasis on communications, training, management style, and improving
efficiency and effectiveness. Everyone in the organization can contribute. Some
behaviors are seen within the organization which enables improvements to take
place and, on the other hand, there are behaviors which act as a barrier to further
improvement. Consequently, people also understand the impact of behavioral
issues on safety. The level of awareness of behavioral and attitudinal issues is
high, and measures are being taken to improve behavior. Progress is made one
step at a time and never stops. The organization asks how it might help other
companies.
The environment described herein can take the Department to IAEA Stage III
performance, a fully developed safety culture. On the path to achieving a fully
developed safety culture, the culture in various parts of an organization is likely to
be at different stages of development. As such, until the fully mature culture is
achieved, organizations will likely be able to recognize the characteristics of more
than one stage at any given time.
GUIDELINES FOR DEVELOPING DOE ISM SYSTEM DESCRIPTIONS
1. INTRODUCTION AND GENERAL APPROACH TO CHANGE.
The Department views the ISM system description as the primary, all-
encompassing road-map for accomplishing work in a safe and environmentally
sound manner within the organization. The system description defines the
integral role of safety in the Department’s business approach, processes, and
financial management control system. [Note: In ISM, the term “safety” is used
synonymously with environment, safety, and health (ES&H) to encompass
protection of the public, the workers, and the environment.]
The objective of developing and maintaining ISM system descriptions is much
more than a simple paper or documentation exercise, where DOE organizations
identify activities and processes being accomplished to fulfill ISM principles and
functions. Rather, it is expected to spur real and ongoing dialogue and
exploration of areas needing attention for ISM implementation and improvement.
Senior leadership commitment to ISM must be visible and clear at all levels (that
is, the DOE enterprise level, the DOE Secretarial office level, the DOE field
office level, and the contractor level). This commitment is borne out of an
understanding of intended safety management values and processes, and personal
engagement in developing and sustaining the ISM system. The ISM system is
documented for stability and continuity, for communicating to existing
organization members and others the office’s approach to safety management, and
for new members to be inculcated. Organizations that question the value of
developing and maintaining their ISM system descriptions are likely not
approaching the activity with the proper attitude and desired commitment to real
continuous improvement.
Development of ISM systems and implementation of identified improvements and
commitments is expected to have a significant impact on DOE attitudes and
behaviors related to safety. As such, these desired changes should be managed
consciously and vigorously. The following change management steps (see John
P. Kotter, 1996, Leading Change, Boston: Harvard Business School Press) are
valid and relevant to this effort, both in development and in implementation of
ISM systems:
· Develop a Sense of Urgency
· Establish the Guiding Coalition
· Develop the Vision and Strategy
· Communicate the Change Vision
· Empower Employees for Broad-Based Action
· Generate Short-Term Wins
· Consolidate Gains and Produce More Change
· Anchor New Approaches in the Culture (Institutionalize the New
Approaches)
2. DEVELOPING THE ISM SYSTEM DESCRIPTION. The format of the ISM
system description is left up to the developing organizations, but the documents
must address the elements defined in Section II, Requirements, of this Manual.
The following approach is recommended:
a. Develop a full understanding of the ISM system:
· Review ISM objective, principles, functions and associated DOE
directives and guidance.
· Develop DOE office leadership goals, emphasis areas and top-
level commitments, if desired.
· Determine outcomes and results to be achieved through ISM.
· Establish key roles and responsibilities for implementation.
b. Define the DOE management processes and systems that will be used to
achieve the ISM Principles and Functions. For example, the office may
use its Functions, Responsibilities and Authorities Manual as the
implementing mechanism for Guiding Principle #2, Clear Roles and
Responsibilities. Describe the management systems needed to execute
each ISM Principle (including the four supplemental safety culture
elements, if desired) and each ISM Function:
· Describe the federal work activities relevant to each ISM principle
and function to ensure that it is effectively executed.
· Define the management systems and processes needed for each
Principle and Function. Management systems are the primary
implementing mechanisms for ensuring implementation of ISM.
· Align the management systems to each ISM Principle and
Function, and with each other.
· Integrate ISM with other management systems, such as Quality
Assurance Programs, Environment Management Systems, and
Integrated Safeguards and Security management systems.
Describe linkages, interfaces, and coordinating mechanisms.
· Examine the condition of the management systems (gap analysis)
to determine if they effectively execute ISM Principles. Identify
gaps. Identify strengths and weaknesses.
· Identify the management systems that need to be established or
strengthened. Identify specific actions (with end-state
deliverables, responsible managers, and completion schedules) to
establish and improve needed management processes and systems.
· Describe the communications and training plan that ensures that all
members of your organization will be familiar with the
organization’s ISM system and will be familiar with their safety
roles and responsibilities.
· Identify those outside your organization that contribute work
activities to fulfilling your organization’s ISM responsibilities.
Establish mechanisms to ensure those identified are familiar with
your ISM system and perform their work activities consistent with
your ISM system. Identify and control the interfaces between
organizations.
c. Identify other DOE actions/initiatives taken to improve safety
(supplemental to the management systems) and promote a positive safety
culture. These can most likely be associated with implementation of
specific ISM functions and principles. Examples of other DOE initiatives:
· Monthly all-hands meetings with a safety focus.
· Developing a safety brochure explaining the Manager’s safety
values.
· Establishing DOE teams to develop improvement initiatives.
· Safety objectives and measures developed in support of DOE P
450.7 Environment, Safety and Health (ES&H) Goals, dated 8-2-
04.
d. Define the expected attributes and results of the ISM system. Describe
how ISM system effectiveness will be demonstrated. Describe how
continuous improvement will be demonstrated. Determine how your
organization will measure progress (performance measures):
· Quantify specific DOE safety objectives for tracking.
· Consider measures for each individual ISM Principle and
Function.
· Relate the measures directly to DOE work activities
e. Determine how you will maintain and improve your ISM system:
· ISM System Description changes
· ISM System Effectiveness reviews
· ISM Annual Declarations
· ISM Safety Performance Objectives, Measures, and Commitments
Updates
· ISM Summary Evaluations
f. Confirm that implementation mechanisms (processes, policies, protocols,
procedures, training, etc.) are adequate to implement and integrate the
ISM objective, principles, and functions. Prepare cross-walk to
communicate implementation mechanisms and demonstrate coverage of
ISM objective, principles, and functions.
g. Describe how the Principles, Management Systems, other Implementing
Mechanisms, and Performance Measures integrate to achieve ISM
attributes and objectives.
h. Prepare summary of actions to implement the ISM system description
and/or its update, and to address known weaknesses and opportunities for
improvement. For example, identify schedule and responsibility for
revision to the office Functions, Responsibilities and Authorities Manual,
if necessary. This summary of actions should address necessary resources
and staffing.
3. SAMPLE TABLE OF CONTENTS FOR ISM SYSTEM DESCRIPTION. The
following is a sample Table of Contents.
Executive Summary
Definitions and Acronyms
1.0 Purpose and Objectives
2.0 Overview of the ISM System
3.0 Management Expectations
4.0 Roles and Responsibilities
4.1 Federal Responsibilities
4.2 Contractor Expectations
5.0 Implementation of ISM
5.1 Implementation of ISM Guiding Principles (including four
supplemental safety culture elements)
5.2 Implementation of the Five Core Functions
5.3 Integration with QA, EMS, and ISSM
5.4 Communications and Training Plan
6.0 Other Safety-Related Initiatives
7.0 Annual ISM Maintenance and Continuous Improvement Processes
7.1 ISM System Description Maintenance and Continuous
Improvement
7.2 ISM Annual Oversight, Self-Assessments, Annual Effectiveness
Reviews, and Annual Declarations
7.3 ISM Annual Safety Performance Objectives, Measures and
Commitments Process
7.4 ISM Annual Effectiveness Review and Declaration Process
8.0 Conclusions
Attachment 1: Cross-Walk to Implementing Mechanisms
Attachment 2: Annual Update to Safety Performance Objectives, Measures, and
Commitments
Attachment 3: Summary of Implementation Actions
4. INTEGRATION OF MANAGEMENT SYSTEMS. The Department has
established requirements for multiple management systems, including:
· Integrated Safety Management System
· Environmental Management System
· Quality Assurance, including Oversight Programs and Assurance Systems
(as required by DOE O 226.1, Implementation of Department of Energy
Oversight Policy)
· Worker Safety and Health Program (as required by 10 CFR 851, Worker
Safety and Health Program)
· Emergency Management System
· Project Management System
· Financial Management System
· Integrated Safeguards and Security Management System
The Environmental Management System is expected to be part of the ISM
system. The Quality Assurance program is to be integrated with the ISM system.
It is desirable that these three programs in particular be well integrated, under an
ISM umbrella. Secretarial offices should provide further direction and guidance
to field offices on how to integrate management systems effectively.
Line oversight programs should also be integrated into ISM system descriptions.
DOE O 226.1 calls for development of line oversight program description
documents in a number of topic areas, including safety, quality assurance, and
security. Clearly, the safety oversight program must be integrated with the ISM
program. In many cases, the ongoing line management oversight reviews will
meet requirements for ISM self-assessments and ISM oversight reviews. A well-
crafted line oversight review program will feed naturally into the annual ISM
effectiveness review, so that the ISM effectiveness review merely rolls up the
results of a number of other reviews that were conducted during the year. Line
programs will need to consider which option is most effective for its use: (1)
packaging all line oversight programs into one document, (2) packaging the safety
oversight program with the ISM system description, (3) having multiple stand-
alone documents that are appropriately integrated and cross-referenced, or (4)
some combination of the above.
Contractors are required to establish Worker Health and Safety Programs pursuant
to 10 CFR 851, Worker Safety and Health Program. Contractors may use their
ISM system descriptions as the required description of their worker safety and
health program; provided that they provide a basis that identifies specific portions
of the ISM system description that satisfy the 10 CFR 851 requirements and
obtain approval of the DOE field element (see Federal Register, Vol. 71, No. 27,
page 6880, February 9, 2006). DOE offices should encourage integration of
contractor worker health and safety programs into ISM system descriptions.
These multiple systems should be coordinated, linked, and integrated to the
maximum extent possible. If one integrated system description can be achieved,
which effectively communicates to its multiple intended audiences, this is
desirable. If one integrated system description can not be achieved, then, at the
least, the interfaces of the various systems need to be identified, acknowledged
and articulated. The feasibility of successfully integrating these various systems
into one Manual has not been fully determined. It is important that the main
purpose and functions of each system are not lost or subsumed.
The Department expects that experience over the next few years in integrating
management systems will provide best practices that can then be shared with
others and further reflected in Department guidance and direction.
5. SAMPLE DOE WORK ACTIVITIES.
The Department’s role is different from the contractor role, but it is important for
assuring safety, and it needs to be clearly articulated in the ISM system
description. DOE has work activities related to every ISM principle and function.
DOE federal organizations (except for GO-GO facilities) do not perform
“operational work activities” involving physical, hands-on work, such as turning
knobs in a production line or a control room, processing or transferring
environmental waste, performing maintenance on a pump or valve, or
disassembling weapons or re-packaging pits. “Operational work activities” are
the focus of ISM in that physical work activities are the main source of active
human errors that can lead to facility occurrences and organizational accidents.
Some occurrences are initiated by equipment failures, such as tank failures; in
these cases, an “operational work activity” usually exists to monitor performance
of equipment that controls hazards. “Operational work activities” are
concentrated within the ISM core function #4, “perform work safely within
controls.” They are also concentrated at the activity-level, rather than the
organizational- or enterprise-level.
DOE and contractors perform myriad non-operational work activities that are
essential for assuring safety during the conduct of “operational work activities.”
These non-operational work activities include defining work scopes, allocating
resources, designing safety controls, developing safety analyses, conducting
assessments, developing corrective action plans, and integrating feedback sources
to identify opportunities for improvement. Non-operational work occurs away
from the human-facility interface. Non-operational work activities encompass the
vast majority of DOE and contractor work related to effectively implementing the
ISM principles to create the requisite environment and culture that supports
effective ISM implementation. Non-operational work activities encompass most
of DOE and contractor work related to effectively implementing four of the five
core ISM functions, all but the fourth one, which is the point at which people
directly and physically interact with the facility. Non-operational work activities
encompass the vast majority of DOE and contractor work at the organizational-
and enterprise-level. Non-operational work activities are the source of latent
conditions that enable active errors during operational work activities that can
lead to undesirable consequences. When planning, performing, and reviewing the
effectiveness of non-operational work activities, the ultimate result is the impact
of these work activities on safety performance of associated operational work
activities. The associated operational work activities should remain the focus of
non-operational work activities, not the physical work involved in the non-
operational work activities, such as turning on the computer, performing a
calculation, participating in a meeting, or printing a document.
Examples of inherently Federal non-operational work activities that are required
for the overall Department-wide ISM system to be effective, and to integrate
safety effectively into operational work being accomplishment in the
Department’s facilities, include:
· Providing clear and visible DOE leadership vision on ISM system;
· Establishing a positive DOE environment for effective ISM system
implementation;
· Establishing missions;
· Translating the missions into meaningful scopes of work;
· Establishing annual budgets, including making decisions on mission-
safety trade-offs;
· Prioritizing major projects and work-scopes, and allocating resources to
ensure that work and safety are integrated and sufficient resources are
available to conduct work safely;
· Evaluating resource short-falls and identifying safety problems to ensure
adequate resources are applied to resolve safety problems and secure
safety improvements;
· Developing DOE safety rules, directives and standards;
· Establishing DOE contracts, including delineation of safety requirements;
· Approving exemptions to safety requirements;
· Assigning DOE safety management roles and responsibilities;
· Recruiting highly qualified, technical Federal personnel;
· Reviewing and approving contractor safety documentation, such as
documented safety analyses, technical safety requirements, ISM Systems,
Quality Assurance Programs, worker safety and health programs, and
contractor assurance systems;
· Determining when authorization agreements are needed and approving
authorization agreements;
· Maintaining Federal awareness of contractor work activities, including
implementation of hazard controls;
· Performing operational readiness reviews;
· Maintaining operational awareness;
· Establishing and implementing feedback and improvements programs and
processes to facilitate a culture that promotes ongoing examination and
learning;
· Monitoring various sources of feedback information;
· Developing, and implementing corrective actions and improvement
actions;
· Monitoring performance of corrective action and improvement action sub-
systems;
· Managing the DOE operational experience program;
· Planning and performing self-assessments of assigned federal work
activities;
· Planning and performing oversight of contractor work activities;
· Providing clear expectations for the conduct of DOE line management
oversight reviews and self-assessment activities, including direction on
criteria and review approach documents (CRADs) to use;
· Planning and performing DOE line management oversight of DOE
activities, as appropriate;
· Performing independent oversight of DOE and contractor activities;
· Identifying and acting on ISM weaknesses and opportunities for
improvement;
· Reviewing annual ISM declarations by contractors;
· Performing annual ISM effectiveness reviews;
· Providing direction, establishing schedules, and approving annual
performance objectives, performance measures, and commitments for
contractors;
· Integrating management systems and process for safety, quality,
environmental protection, and security; and
· Determining when full ISM verification reviews are necessary.
Safety improvement comes when each of these functions is performed in an
integrated, effective manner. Therefore, the ISM system descriptions serve to
facilitate and focus thinking and planning of an appropriate approach to safety
management, and organizing and implementing the necessary follow-through
activities. These descriptions are also expected to capture and institutionalize
future changes and improvements to the approach during annual updates thus
providing new organization members with a road-map to see the full-integrated
vision.
ISM is applicable to all facility life-cycle phases including design, construction,
operation, and decontamination and decommissioning. DOE is in the unique
position of being involved with projects in all phases, whereas contractors often
change, both from phase-to-phase, and within a given phase, over time. Thus,
DOE work activities need to provide the continuity throughout the life-cycles,
making sure that requirements are met and necessary information is available for
future phases.
6. RELATIONSHIP OF MAJOR IMPROVEMENT INITIATIVES TO ISM.
The Department adopts and encourages DOE Secretarial offices, field offices, and
contractors to implement the principles and functions of a variety of processes and
initiatives aimed at improving organizational and individual performance. Many
tools and mechanisms are available and most have been or are being used in one
form or another in DOE and contractor organizations. A non-inclusive list of
performance improvement programs or processes follow:
· Human Performance Improvement (HPI)
· Voluntary Protection Program (VPP)
· Behavior Based Safety (BBS)
· Enhanced Work Planning (EWP)
· Safety Conscious Work Environment (SCWE)
· Chemical Process Safety Management Systems
· Conduct of Operations (COO)
· Conservative decision making
· NRC Risk-informed inspection and decision making
· ASME Standard NQA-1, QA Requirements for Nuclear Facility
Applications
· ISO Standard 9001, Quality Management System
· Total Quality Management
· Six Sigma Quality Programs
· ISO Standard 14001, Environmental Management System
All of these tools, processes or approaches can be adapted to complement ISM.
They share many common principles that affect organizational and individual
worker, supervisor and management behavior and performance.
In using these tools, processes, and approaches, it is important to implement them
within an ISM framework, not as stand-alone programs outside of the ISM
framework. These tools cannot compete with ISM, but must support ISM. To the
extent that these tools help to clarify and improve implementation of the ISM
system, the use of these tools is strongly encouraged. The relationship between
these tools and the ISM principles and functions needs to be clearly understood
and articulated in ISM system descriptions if these tools impact on ISM
implementation. It is also critical that the vocabulary and terminology used to
apply these tools be aligned with that of ISM. Learning organizations borrow best
practices whenever possible, but they must be translated into terms that are
consistent and in alignment with existing frameworks.
7. SAFETY PERFORMANCE OBJECTIVES, MEASURES, AND
COMMITMENTS.
The purpose of safety performance objectives, measures, and commitments is to
drive improvement in safety performance and ISM system effectiveness.
Performance objectives can be long-term management system goals or specific
management objectives or deficiencies that need to be addressed. They may be
driven by strategic planning processes or safety goals processes (via DOE P
450.7). Performance objectives are expected to remain relatively unchanged over
multiple years, with a bias toward continuously rising standards of performance.
Improving performance is expected over the long term.
Performance commitments are specific actions that will be taken during a specific
year to further achievement of long-term performance objectives. Commitments
are steps that will be funded to move toward accomplishment of the performance
objectives. Performance commitments would be expected to address significant
identified weaknesses or areas of improvement. These may include either major
corrective actions or major improvement actions.
Performance measures are used to track progress and monitor achievement of
performance objectives and commitments. The most useful performance
measures provide information that directly reflects how safely the operational
work is being performed. A combination of leading (process or behavioral) and
lagging (outcome or results) indicators is desirable. The measures are changed as
necessary to address the performance objectives, and significant identified
weaknesses and areas for improvement. Annual performance expectations should
be established for most of these measures.
Performance objectives, measures, and commitments are developed based upon
numerous considerations including the budget process. This approach to
continuous improvement recognizes the need for investment in improvement.
The ISM guiding principle, “Balanced Priorities,” must be considered in
developing appropriate performance objectives, measures, and commitments.
Secretarial office ISM system descriptions should describe how ISM performance
is measured and may provide a standard set of ISM performance indicators. This
should be included in the section on ISM system performance objectives,
measures, and commitments, and should be updated annually.
The following are sample topic areas for consideration as DOE performance
objectives, measures, and commitments if problems exist or if emphasis needs to
be placed; this list should not be considered all-inclusive or mandatory:
· ISM System Effectiveness
· Management Systems
· Regulatory Performance
· Quality Assurance
· Safety Culture
· Authorization Bases
· Stakeholder Relations
· Operational Performance
· Environmental Protection
· Waste Management
· Emergency Preparedness
· Safeguards and Security
· Fire Protection
· Transportation Management
· Near-Misses
· Work Planning and Control
· Feedback and Improvement
· Effectiveness Reviews of Completed Corrective Actions
· Safety Issue Reporting
· Management Walk-Through Program
· Assessment and Oversight Program
· Self-Assessment
· Vital Safety System Assessments
· Clear Roles and Responsibilities
· Human Resource Management
· Employee Training and Development
· Minority/Differing Professional Opinion
· Subcontractor Safety Performance
· Electrical Safety
· Criticality Safety
· Nuclear Safety Basis Document Updates
· Project Controls and Baseline Management
· Project Management
· Workforce Management
· Occupational Safety and Health (Industrial Safety and Health)
· Radiological Safety
· Infrastructure and Facility Management
· Systems and Equipment Essential to Safety
· Construction Management
· Decontamination and Decommissioning
· Maintenance
· Configuration Management
· Environmental Restoration
· Risk Reduction
· Pollution Prevention/ Sustainable Environmental Stewardship
· National ambient air quality standards attainment
· Watershed approach for surface water protection
· Site-wide approach for ground water protection
· Protection of natural resources
· Protection of cultural resources.
The following are sample performance objectives:
· Achieve zero organizational accidents.
· Perform work so that personnel hazards are anticipated, identified,
evaluated, and controlled.
· Perform work in a manner that does not present a threat of harm to
the public or the environment and will identify, control, and
respond to environmental hazards.
· Be recognized for operational excellence.
· Be recognized for excellent personnel.
· Be recognized for excellent safety culture.
· Be recognized for sound environmental management practices.
· Senior leadership commitment to safety is clear and visible.
· Establish and sustain a robust safety culture, consistent with ISM
principles.
· Fully integrate human performance improvement initiatives into
ISM systems
· Demonstrate sound stewardship of the site through safe and
effective hazardous and radioactive waste minimization and
management through restoration of the site where degradation has
occurred.
The following are sample performance measures:
· Exposures of personnel to chemical, physical, and biological
hazards are adequately controlled.
· Accident and injury rates, lost workday case rates, and the DOE
injury cost index are adequately controlled. Perform better than
comparable industry statistics and exhibit a downward trend.
· Exposures of personnel to ionizing radiation are adequately
controlled. ORPS-reportable occurrences, intakes of radioactivity,
and skin contaminations are managed and minimized.
· Radioactive material is adequately controlled.
· The Fire Department response time and the rate of completion of
required fire protection is adequately controlled and accomplished.
· Environmental violations and releases are adequately controlled.
· Reduce the amount of waste generated and the amount of
pollutants emitted.
· Manage hazardous and radioactive wastes in a manner that meets
regulatory requirements and is cost effective.
· Identify and control (n) number of error likely situations.
· Behavioral and process measures – such as the number of near-
misses, the number of error reports, the number of behavioral
observations, the number of safe acts, etc.
· Events - First Aid Cases, Occurrences, Near Misses.
· Safety Inspections - Number and Score.
· Employee Input – Safety Concerns and Survey Responses.
· Management Assessment Results.
· Housekeeping Inspection Results.
· Safety Related Work Package Cycle Time.
· Procedure Compliance rates.
· Corrective actions are timely.
· Corrective actions are effective at resolving originally-identified
causes.
· The number of repeat occurrences is minimized through effective
corrective actions.
· Employee concerns are tracked and resolved in a timely manner.
· Employee concerns are effectively addressed to resolve the
identified concerns.
· Self-assessments effectively identify issues raised by independent
organizations when systemic issues are identified.
· The quality of safety basis documents, as measured by defects
identified by assessments or occurrences, is excellent.
· Issue Assessment and Oversight Schedule by September 30th.
· Complete 95% or greater of annually planned assessments.
· Complete 90% or greater of identified employee qualifications on
time.
· Implement line manager walk-around program such that line
managers spend at least 100 hours individually in the field each
year.
· Define work scope priorities and communicate them to contractors
by July 31st of each year to guide annual work planning.
· Review corrective actions monthly with the contractor for any cost
schedule variance that is greater than a negative 10%.
· Conduct monthly all-employees meeting with an emphasis on
safety.
· Implement Differing Professional Opinion procedure and train
employees.
· Environmental compliance performance improvement and
pollution prevention performance improvement.
The following are sample performance commitments:
· Develop Performance Evaluation standards to ensure greater line
management responsibility and accountability for safety.
· Develop and implement processes for work planning and control
that fulfill the attributes of best practice processes.
· Develop a robust and comprehensive line organization self-
assessment program to assess overall safety performance and ISM
effectiveness.
· Achieve pollution prevention and sustainable environmental
stewardship goals set forth in DOE O 450.1.
· Implement DOE ISM supplemental safety culture elements.
· Initiate two HPI projects.
· Achieve pollution prevention and sustainable environmental
stewardship goals set forth in DOE O 450.1.
· Train employees on ISM system revisions.
· Conduct 2 safety system assessments.
· Maintain Voluntary Protection Program STAR Status.
· Improve total recordable case rate by implementing DuPont STOP
program.
· Achieve pollution prevention and sustainable environmental
stewardship goals set forth in DOE O 450.1.
8. ON CHANGING VALUES AND BEHAVIORS.
In many cases, implementing organizations will find that the desired ISM system
will require changes to existing employee values and behaviors. Desired ISM
values and behaviors are driven by the ISM principles and functions. Changes in
values can not be dictated and, if possible, can only be brought about by concerted
effort directed toward changing behaviors. In some cases, changes in personnel
or leaders may be required to achieve the desired changes. To the extent possible,
leaders should involve worker in both formulation and implementation of the
desired changes. To change behaviors, and ultimately values, it is necessary to do
the following:
· Clearly define the desired behaviors in terms that the target audience can
fully understand and appreciate.
· Establish consensus among the senior leadership regarding the desired
behaviors and obtain their commitment to support the desired changes.
· Identify any actions or changes on the part of senior leadership to achieve
the desired behaviors and obtain their buy-in to these actions.
· Identify existing organizational processes and behaviors that may be
counter to the desired behaviors and develop actions to align existing
processes and behaviors with new desired behaviors; take actions to
eliminate or minimize the influence of forces that may be restraining
achievement of the desired behaviors.
· Clearly communicate the desired behaviors to the target audience, and
provide training as needed for the audience to master the desired
behaviors.
· Encourage employees to ask questions to clarify intentions, and provide
feedback and suggestions on achieving the desired behaviors. Be open to
potential adjustments in expectations as a result of employee involvement
and feedback.
· Working with members of the target audience, develop the necessary tools
and supporting structures and processes, so that the desired behaviors can
be consistently performed.
· Provide consistent, visible senior leadership attention and focus on new
desired behaviors.
· Align rewards and incentives programs with desired behaviors.
· Provide positive reinforcement to employees performing desired
behaviors, and not to employees who are not performing the desired
behaviors.
· Monitor performance and continue to provide direct, timely and specific
feedback to employees regarding their behaviors.
· Periodically evaluate progress toward institutionalizing the desired
behaviors and take actions necessary to continue progress.
· Communicate and train all new members, especially new leaders, on the
desired behaviors, their objectives and bases.
· Reiterate and repeat the steps above, as needed, for at least five to seven
years until the newly desired behaviors are well ingrained and
institutionalized.
GUIDELINES FOR IMPROVING DOE ISM SYSTEM IMPLEMENTATION
1. INTRODUCTION. The core function of “Feedback and Improvement” and the
ISM supplemental safety culture element of “Organizational Learning for
Performance Improvement” are expected to drive ISM system improvements.
When these elements of the ISM hierarchy are fully realized, organizations will
have a natural and regular flow of improvement opportunities. Many sources of
feedback information are available to organizations, including:
· Operational Awareness. Management walkthroughs, facility
representative reviews, safety system oversight reviews, work
observations, document reviews, meeting observations, ongoing
interaction.
· Worker Feedback. Pre-Job briefings, job hazard walk-downs, post-job
reviews, employee concerns, employee hot-line items, employee
suggestions, employee participation, safety meetings, labor organization
input.
· Internal Operating Experience. Occurrence reports, accident
investigations, OSHA reporting (CAIRS), lessons learned identification,
incident reporting below the threshold for ORPS reporting.
· External Operating Experience. Safety bulletins, DOE lessons learned,
special operations reports, Just-In-Time operating experience reports,
Operating Experience weekly reports, Best practices from workshops,
Benchmarking studies.
· Assurance Systems. Issues management, QA discrepancy identification,
suspect/counterfeit parts, safety system vertical assessments, self-
assessments.
· Oversight Reviews. Line oversight reviews (per DOE O 226.1),
independent oversight reviews, external assessments such as Defense
Nuclear Facilities Safety Board reviews, start-up and restart assessments,
annual ISM effectiveness reviews, ISM integrative reviews (across
multiple contracts or multiple sites), ISM full verifications, QA
management assessments, For-cause reviews, performance evaluations.
· Enforcement and Rewards. Price Anderson Amendments Act (PAAA)
enforcement actions, PAAA non-conformance reports, contract
enforcement actions, award fee determinations, conditional payment of fee
clause penalties.
· Performance Trending and Analysis. Performance measures (both leading
and lagging indicators), identification of performance trends and
performance concerns, safety system performance trending, ES&H
reporting.
· Integrated Analysis. Performance review against last year’s safety
performance objectives, measures and commitments; Identification of
performance strengths and weaknesses; integration across feedback
processes to identify major areas for attention; development of next year’s
safety performance objectives, measures and commitments.
Feedback processes work at every level of the ISM system. Not all feedback
information at the work activity level will be relevant at the facility or enterprise
level. However, some of the feedback at the work activity level will have
relevance at higher levels because the feedback surfaces latent weaknesses in the
organizations processes or culture. Efforts should be made to provide means to
elevate attention on relevant feedback information.
Ultimately, the ISM system should roll up feedback information relevant to the
system itself or the system performance, and capture this information in the
following key documents:
· Annual Summary Evaluation Report (on the results of the Annual ISM
Effectiveness Review, culminating in the Annual ISM Declaration)
· Annual Safety Performance Objectives, Measures, and Commitments.
These documents should identify top-level strengths, weaknesses, and areas for
improvement. They should report on the effectiveness of the ISM system, how it
is measured, and how it is trending relative to prior years.
2. Annual ISM Effectiveness Review Process.
The Annual ISM effectiveness review process is an essential element of ISM
implementation that allows for taking evaluating implementation and making
necessary adjustments. The annual ISM effectiveness review is a qualitative
review that encompasses multiple elements, including review of: self-
assessments, oversight reviews results, integrated reviews across multiple
reporting elements; performance against established performance objectives,
measures, and commitments; and other feedback and performance information.
Elements of this review should be ongoing throughout the year, and should
culminate in a review report that supports an annual summary evaluation. The
purpose of the annual ISM effectiveness review is to:
· Determine the effectiveness of the ISM system in integrating safety into
work performance, in supporting the safe performance of work, and in
improving safety performance. [Note: In ISM, the term “safety” is used
synonymously with environment, safety, and health (ES&H) to encompass
protection of the public, the workers, and the environment.]
· Identify strengths of ISM system implementation for sharing with other
DOE elements to aid improvements at other locations.
· Identify weaknesses of ISM system implementation to focus attention on
corrective and improvement actions.
· Identify opportunities for improvement in efficiency or effectiveness of
the ISM system, and identify actions for continuous improvement.
For field offices, the following steps are recommended to constitute the annual
ISM effectiveness review:
Review Contractor Performance and ISM System Effectiveness
· Review the annual ISM review(s) and summary evaluation(s) performed
by the contractor(s).
· Review the safety performance of the contractor(s) against the previous
year’s Safety Performance Objectives, Measures, and Commitments.
· Review the overall safety performance of the contractor(s), including
results from various streams of feedback and improvement information.
· Review results of line oversight of the contractor(s); these line oversight
reviews can and should be conducted throughout the year, as required by
DOE O 226.1, Implementation of Department of Energy Oversight Policy.
· Review the completeness and accuracy of the ISM System Description of
the contractor(s).
· Determine whether a full ISM verification of the contractor(s) is needed.
· If a full ISM verification is needed, perform it using guidance below.
· If a full ISM verification is not needed, document review and conclusions
regarding effectiveness of the ISM program implementation by the
contractor(s), basis for conclusions, strengths and weaknesses and areas
for improvement.
· If more than one contractor, look at ISM program performance across all
the contractors to identify and document any generic or broad-based
strengths or weaknesses or areas for improvement.
Review DOE Field Office Performance and ISM System Effectiveness
· On DOE side, review self-assessment results regarding DOE ISM
performance; these self-assessment reviews can and should be conducted
throughout the year.
· Review DOE field office performance against the previous year’s Safety
Performance Objectives, Measures, and Commitments.
· Review the completeness and accuracy of the ISM System Description of
the DOE field office, and make necessary changes. Determine whether an
update is necessary. If an update is made, prepare a summary of changes.
· Review integrated DOE/contractor safety performance, including results
from various sources of feedback and improvement information, including
external and independent oversight findings.
Determine Annual ISM Effectiveness and Prepare Summary Report
· Based on all the prior reviews, reach an overall conclusion regarding the
state of ISM effectiveness: (1) “Effective Performance – ISM is being
effectively implemented,” (2) “Needs Improvement - ISM is being
effectively implemented, but noteworthy weaknesses need to be
addressed,” or (3) “Significant Weakness - ISM is not being effectively
implemented.” Provide the basis for this summary evaluation. Provide
any immediate corrective or compensatory actions that must be taken.
· Prepare the annual summary evaluation report that documents the overall
review process and conclusions regarding effectiveness of ISM system by
the DOE office, basis for conclusions, strengths and weaknesses and areas
for improvement, and corrective and improvement actions, with schedules
for completion.
In judging effectiveness, both process measures and outcome measures should be
considered. Examples of process measures include:
(1) implementation of each ISM function and each ISM principle,
(2) integration of ISM with other management systems,
(3) completion of ISM commitments,
(4) identification of weaknesses and improvement activities,
(5) satisfactory performance on process-based performance measures,
(6) positive feedback from oversight reviews.
Examples of outcome measures include satisfactory performance on outcome-
based performance measures, including those related to safe identification of
work activities.
In approaching annual ISM reviews, DOE offices need to guard against
complacency and “by rote” compliance. For the annual ISM effectiveness
reviews to add value, DOE offices should periodically take a fresh approach or
use fresh personnel to perform the annual review. DOE offices may want to
periodically take a more intensive focus on a specific area within ISM in their
annual review and declaration. Organizations that question the value of annually
reviewing the effectiveness of their ISM system are likely not approaching the
activity with the proper attitude and desired commitment to reliable performance
and real continuous improvement.
DOE field offices are recommended to determine and provide the criteria they
will use to judge effectiveness to their contractors as early as possible, and
preferably one year in advance, so that contractors can effectively focus their
resources and efforts to meet expectations. Similarly, DOE field offices would
benefit from early identification of effectiveness criteria in planning self-
assessments and line oversight reviews. The criteria for determining effectiveness
should be included in the ISM system description and updated annually, if
changes are made.
For Secretarial offices, similar steps should be taken, first reviewing the DOE site
office ISM reviews and declarations, etc. The Secretarial office should establish
an overall schedule for field offices to report on annual ISM effectiveness reviews
and provide annual ISM declarations, so that annual contractor reviews,
declarations, and updates are all reported at the same time, and annual field office
reviews, declarations, and updates are all reported at the same time. This is
necessary to allow for annual roll-up reviews across contractors and across field
offices. Annual safety performance objectives, measures, and commitments
would also be completed on the same schedule, so that results from the previous
year are reported along with the annual ISM effectiveness review.
DOE G 414.1-1A, Management Assessment and Independent Assessment Guide,
and DOE DOE-HDBK-3027-99, Integrated Safety Management Systems
Verification Team Leader's Handbook, provide additional information relevant to
DOE ISM verifications.
3. ANNUAL SAFETY PERFORMANCE OBJECTIVES, MEASURES, AND
COMMITMENTS.
Each year, DOE field and Secretarial offices should develop ISM Safety
Performance Objectives, Measures, and Commitments. The purpose of these is to
set specific goals for key improvement initiatives and key safety performance
metrics.
DOE P 450.7, Environment, Safety and Health Goals, establishes policy
expectations that Secretarial office ES&H performance goals will be established
annually, and site-specific ES&H performance measures will be established
annually to drive performance improvement or maintain excellent performance.
The DOE’s ultimate ES&H goal is zero accidents, work-related injuries and
illnesses, regulatory enforcement actions, and reportable environmental releases.
This goal is to be pursued through a systematic and concerted process of
continuous performance improvements using performance measurement. The
ES&H goals are expected to drive performance excellence, thereby reducing or
precluding other work-related injuries and illnesses, and adverse impacts to the
public and environment.
The annual ES&H safety goals and metrics, established in accordance with P
450.7 must be fully integrated with the ISM Safety Performance Objectives,
Measures, and Commitments. The following process is recommended:
· Secretarial offices will establish and communicate Secretarial safety
performance goals, based on the established DOE safety performance
goals.
· Secretarial offices may also provide direction to its field offices regarding
expectations for their site-specific ISM Safety Performance Objectives,
Measures, and Commitments.
· Field offices may also provide this information and direction to its
contractors for input into the field office’s site-specific safety performance
measures.
· Field offices will develop their site-specific safety performance measures
in response to Secretarial office safety performance goals and direction.
· Field offices may provide direction to its contractors on their contract-
specific ISM Safety Performance Objectives, Measures, and
Commitments.
· Contractors provide their contract-specific ISM Safety Performance
Objectives, Measures, and Commitments for DOE field office approval.
· DOE field offices develop their site-specific ISM Safety Performance
Objectives, Measures, and Commitments and provide them to the
applicable DOE Secretarial office.
· DOE Secretarial offices develop their Secretarial office ISM Safety
Performance Objectives, Measures, and Commitments and provide them
to their applicable senior DOE official responsible for the DOE Secretarial
office.
The timing of this annual process should be coordinated with the budget cycle, so
that safety inputs to the budget process are made at an appropriate time to have an
impact on future resources. The Secretarial office should establish and
communicate an appropriate schedule to coordinate with the budget cycle. Once
established, this schedule should be maintained, to the extent practicable, so that
the annual process is predictable and manageable.
4. Full ISM Verifications.
DOE-HDBK-3027-99, Integrated Safety Management Systems Verification Team
Leader's Handbook (June 1999) provides extensive direction and guidance on
how to conduct full ISM verifications. DOE offices should use this direction and
guidance in the conduct of full ISM verifications.
Full ISM verifications should be conducted at each site as needed. Some sites
may decide to conduct full ISM verifications periodically, such as once every five
years. More frequent full verifications may be appropriate where significant
system or performance weaknesses are identified (see next section).
Some sites and field offices may decide and have decided to conduct full
verifications every year. For these sites, the periodic full verifications will not
differ significantly from the annual ISM effectiveness reviews. In general, full
verifications differ from annual reviews as follows:
· Full verifications are led by a team leader who is not from the organization
being reviewed.
· Full verifications have several team members who are not from the
organization being reviewed.
· Teams for full verifications are typically at least 6-8 members, whereas
annual reviews can be done with smaller teams.
· Full verifications are more intensive and more comprehensive, covering
ISM system implementation in more depth than annual reviews.
The scope of these full ISM verifications is both the DOE site office and the
associated site contractors. A representative appointed by the DOE Secretarial
office should be part of the team, looking at the DOE site office ISM program.
The field office manager may appoint a qualified team leader for regularly-
scheduled full ISM verifications. The Secretarial office would appoint the team
leader, if the Secretarial office determined that a “for-cause” ISM verification was
necessary.
It is a good practice to include team members from other Secretarial offices to
foster shared learning.
5. CONDITIONS THAT COULD CAUSE DOE TO REQUIRE A FULL ISM
VERIFICATION.
Under certain conditions, DOE may determine that one or more of its contractors
need a full or partial ISM verification, in scope well beyond the typical annual
ISM review. Similarly, under certain circumstances, DOE Secretarial offices may
determine that one or more of its field offices need a full or partial ISM
verification, in scope well beyond the typical annual ISM review, and direct the
field office to conduct a verification. Alternately, the Secretarial Office might
also decide to lead the ISM verification itself.
Conditions and considerations that could lead to some portion of or a complete
ISM re-verification include:
· Significant changes in leadership personnel, such as a new site contractor,
and several changes in the DOE management team,
· Significant changes in safety management approach, or significant
revisions in the ISM system description,
· Loss of confidence in the existing ISM system description or its
implementation,
· Significant safety problem or deterioration in safety performance,
· Significant findings from independent oversight (such as those conducted
by the Office of Health, Safety and Security) or external reviews (such as
those conducted by the Defense Nuclear Facilities Safety Board), calling
into question the adequacy of the existing ISM system and
implementation, or
· Significant changes in mission, such as a change from design/construction
to operations or a change from operations to
decontamination/decommissioning.
Annual ISM declarations should provide useful feedback into determining
whether significant ISM performance problems exist. DOE field offices are
encouraged to conduct full ISM verifications on a fixed periodicity, such as once
every five years, to promote organizational learning and continuous improvement.
Field offices should consider the scope and periodicity of assessment activities by
outside groups in determining whether a full verification is needed. Tailoring the
scope of the verification to focus on areas that have not received recent attention
is a good practice.
Once the need is identified, ISM re-verifications should be conducted within a
year.
6. CONTINUING CORE EXPECTATIONS.
The following continuing core expectation (CCE) statements are a compendium
of relevant topics that can be used to aid in maintaining ISM systems and in
developing an evaluation of the effectiveness of the ISM system. These can be
used to guide annual effectiveness reviews or ISM verification reviews. This
listing may be used by both contractors and DOE.
· CCE-1. The contractor updates the safety performance objectives,
performance measures, and commitments, in response to DOE direction
and guidance, so that they reflect and promote continual improvement and
address major mission changes, as required. The ISM system description
is updated and submitted for approval as scheduled by the contracting
officer.
· CCE-2. System effectiveness, evaluated as described in the contractor’s
ISM system description, is satisfactory. Safety performance objectives,
measures, and commitments are met or exceeded, and they are revised as
appropriate for the next year.
· CCE-3. Work activities reflect effective implementation of the functions
of ISM system. Work is defined. Hazards are identified. Actions to
prevent or eliminate the hazards are taken. Controls are developed and
implemented. Work is properly authorized. Work is accomplished within
controls. Appropriate worker involvement is a priority.
· CCE-4. Contractor and DOE implementing mechanisms are established
and implemented to provide an effective environment for ISM
implementation, as embodied in the ISM guiding principles and
supplemental safety culture elements. Roles and responsibilities are clear.
Line management is responsible for safety. Required competence is
commensurate with responsibilities and the technical and safety system
knowledge of managers and staff continues to improve.
· CCE-5. Contractor and DOE budget processes ensure that priorities are
balanced. Budget development and change control processes ensure that
safety is balanced with production. Facility procedures ensure that
production is balanced with safety.
· CCE-6. An effective feedback and improvement process, using
progressively more demanding criteria, is functioning at each level of the
organization from the worker and individual activities through the
facilities and the site, including the ISM feedback and improvement
process used by and within DOE. The requirements of DOE O 226.1 are
implemented. Issues management is effective so that issues are identified,
evaluated and closed. Issues identified in annual ISM effectiveness
reviews and ISM system verifications are effectively addressed.
· CCE-7. List A/List B is reviewed and updated, as necessary, at least
annually and concurrent with the budget cycle. The process for effecting
changes to the standards and requirements identified in the Contract per
DEAR List A and List B is being utilized and is effective. Authorization
Agreements and Authorization Basis documents are maintained current.
Changes in agreed upon standards and requirements are included to reflect
mission changes. An effective, dynamic process to keep standards and
requirements current is apparent.
· CCE-8. Relevant performance records reflect an improving ISM system.
Records include routine DOE and contractor self-assessment reports,
independent and focused assessment reports, incident investigations,
occurrence reports, DOE PAAA enforcement action reports, enforcement
activity conducted by external state and Federal safety agencies, and other
relevant documentation that provide evidence as to the status of
implementation, integration, and effectiveness of the ISM system.
Feedback, improvement and change control of the contractor ISM system
description is in place and effective.
· CCE-9. DOE ISM system procedures and mechanisms are in place to
ensure that work is formally and appropriately authorized and performed
safely in a manner that protects the public, workers, and environment from
harm. DOE line managers are involved in the review of safety issues and
concerns and have an active role in authorizing operations.
· CCE-10. DOE ISM system procedures and mechanisms are in place to
ensure that hazards are analyzed, actions to prevent or eliminate the
hazards are taken, controls are developed, and that feedback and
improvement programs are in place and effective. DOE line managers are
using these processes effectively, consistent with the DOE Field Office
FRA and DOE FRAM requirements. DOE ISM system procedures and
mechanisms integrate ISM with QA, EMS, and other management
systems.
CHARTER FOR THE ISM CHAMPIONS COUNCIL
1. PURPOSE.
The purpose of the ISM Champions Council (Council) is to support line
management in developing and sustaining vital, mature ISM systems throughout
the Department so that work is reliably accomplished in a safe manner. The
Council will promote continuous learning and improvement of ISM effectiveness
throughout the DOE complex.
2. BACKGROUND.
The Department established the Integrated Safety Management program in 1996
to integrate safety into all aspects of work activities to improve safety and work
performance. The Department implemented the ISM program and declared initial
implementation to be complete for most DOE activities in 2000. Through
successive changes in Department leadership from 1996 to present, the
Department has consistently indicated that ISM is its enduring safety management
framework. DOE field office and contractor leadership have consistently
supported the ISM framework, in part because it provides necessary flexibility to
allow management systems to be tailored to local facilities and organizations.
ISM provides a useful framework for understanding how work can be
accomplished safely and for focusing efforts toward continuous improvement in
safe and reliable work performance.
In recent years, it has become evident that sustained DOE leadership attention and
emphasis on ISM implementation is necessary to sustain mature ISM systems,
capable of consistent self-generated improvements. In some areas, worthwhile
improvement efforts have moved forward, yet improvement is needed in
consistency of approach and priority throughout all DOE sites. Clear leadership
focus and attention is needed to keep ISM vital and strong, and to achieve the
objectives of ISM including continuous improvement. This Council is intended to
support line management in keeping ISM as an active and ongoing leadership
value and commitment. The Council will also help facilitate a more integrated
approach by the headquarters offices.
3. DURATION.
With the issuance of this Manual, the Department has a formal and rigorous
mechanism for implementing ISM throughout the Department and identifying and
sustaining continuous improvements. When the Council determines that its
continued operations are no longer necessary or beneficial to building and
sustaining the Department’s safety culture, the Council will recommend its
discontinuance to the Deputy Secretary along with its basis for concluding that
other existing mechanisms are adequate to sustain effective ISM implementation
and improvement.
4. MEMBERSHIP.
The DOE ISM Champion, who is designated to a one-year appointment (with an
optional one year extension) by the Deputy Secretary, chairs this Council. To
ensure the necessary leadership and commitment for reinvigorating and sustaining
ISM implementation at all levels throughout the DOE organization, each DOE
Secretarial office (NNSA, EM, NE, SC, HS) and field office will designate an
ISM Champion to support them in ISM implementation activities and in
promoting continuous learning and improvement of ISM effectiveness. In
selecting ISM champions, organizations should bear in mind the ISM principle
that line management is responsible for safety. ISM champions for program
offices should be at least at the level of Deputy Assistant Secretary or equivalent.
ISM champions for site offices (including operations offices, field offices, and
service centers) should be at least at the level of Assistant Manager or equivalent.
The ISM Champions Council will also include the Chief of Defense Nuclear
Safety for NNSA and the Chief of Nuclear Safety for the Under Secretary of
Energy.
5. PRIMARY FUNCTIONS.
· Facilitate communications between DOE organizations regarding ISM
implementation. Facilitate the identification of and sharing of lessons
learned as the Department starts to implement the new requirements in the
ISM manual.
· Promote and facilitate continued learning about safety management from
both inside and outside the DOE community. Identify safety management
programs and practices that are exemplary and worthy of benchmarking
by other organizations.
· Sponsor and coordinate periodic ISM conferences as forums for DOE and
contractors to share DOE expectations and guidance, disseminate best
practices and lessons learned, develop consensus work products, and
promote a robust safety culture for effective implementation of ISM
systems. The Champions Council, in consultation with the Office of
Health, Safety and Security, will determine the necessary periodicity and
focus of these conferences; in general, the target is to hold DOE-wide ISM
best practices workshop every 12-24 months.
6. SUPPORTING FUNCTIONS.
· As directed by responsible line managers, support responsible DOE
managers in fulfilling their ISM responsibilities and requirements, and
promoting effective ISM implementation and continuous improvement.
· Provide input and feedback on ISM expectations, methods, and best
practices. As requested, provide input and recommendations on effective
integration of ISM with other management systems. As requested,
provide input on the development and revision of DOE directives and
standards regarding ISM implementation and effective integration of ISM
with other safety and management programs.
7. REPORTING. The ISM Champion will report to the Deputy Secretary through
the Chief Health, Safety and Security Officer, and provide such briefings and
reports as requested by the Deputy Secretary to maintain awareness of ISM
implementation and improvement activities.
8. SUPPORT. The DOE headquarters and field organizations will support the
Council in fulfilling its purpose and performing its functions.