Title 10

PART 830 APPENDIX A

Appendix A to Subpart B to Part 830 - General Statement of Safety Basis Policy

10:4.0.2.5.27.2.74.9.20 : Appendix A

Appendix A to Subpart B to Part 830 - General Statement of Safety Basis Policy A. Introduction

This appendix describes DOE's expectations for the safety basis requirements of 10 CFR part 830, acceptable methods for implementing these requirements, and criteria DOE will use to evaluate compliance with these requirements. This appendix does not create any new requirements and should be used consistently with DOE's policy that work be conducted safely and efficiently and in a manner that ensures protection of workers, the public, and the environment.

B. Purpose

1. The safety basis requirements of Part 830 require the contractor responsible for a DOE nuclear facility to analyze the facility, the work to be performed, and the associated hazards and to identify the conditions, safe boundaries, and hazard controls necessary to protect workers, the public and the environment from adverse consequences. These analyses and hazard controls constitute the safety basis upon which the contractor and DOE rely to conclude that the facility can be operated safely. Performing work consistent with the safety basis provides reasonable assurance of adequate protection of workers, the public, and the environment.

2. The safety basis requirements are intended to further the objective of making safety an integral part of how work is performed throughout the DOE complex. Developing a thorough understanding of a nuclear facility, the work to be performed, the associated hazards and the needed hazard controls is essential to integrating safety into management and work at all levels. Performing work in accordance with the safety basis for a nuclear facility is the realization of that objective.

C. Scope

1. A contractor must establish and maintain a safety basis for a Hazard Category 1, 2, or 3 DOE nuclear facility because these facilities have the potential for significant radiological consequences. DOE-STD-1027 sets forth the methodology for categorizing a DOE nuclear facility based on the inventory of radioactive materials.

2. Unlike the quality assurance requirements of Part 830 that apply to all DOE nuclear facilities, the safety basis requirements only apply to Hazard Category 1, 2, and 3 DOE nuclear facilities and do not apply to nuclear facilities below Hazard Category 3.

D. Integrated Safety Management

1. The safety basis requirements are consistent with integrated safety management. DOE expects that, if a contractor complies with the Department of Energy Acquisition Regulation (DEAR) clause on integration of environment, safety, and health into work planning and execution (48 CFR 970.5223-1, Integration of Environment, Safety and Health into Work Planning and Execution) and the DEAR clause on laws, regulations, and DOE directives (48 CFR 970.5204-2, Laws, Regulations and DOE Directives), the contractor will have established the foundation to meet the safety basis requirements.

2. The processes embedded in a safety management system should lead to a contractor establishing adequate safety bases and safety management programs that will meet the safety basis requirements of this Subpart. Consequently, the DOE expects if a contractor has adequately implemented integrated safety management, few additional requirements will stem from this Subpart and, in such cases, the existing safety basis prepared in accordance with integrated safety management provisions, including existing DOE safety requirements in contracts, should meet the requirements of this Subpart.

3. DOE does not expect there to be any conflict between contractual requirements and regulatory requirements. In fact, DOE expects that contract provisions will be used to provide more detail on implementation of safety basis requirements such as preparing a documented safety analysis, developing technical safety requirements, and implementing a USQ process.

E. Enforcement of Safety Basis Requirements

1. Enforcement of the safety basis requirements will be performance oriented. That is, DOE will focus its enforcement efforts on whether a contractor operates a nuclear facility consistent with the safety basis for the facility and, in particular, whether work is performed in accordance with the safety basis.

2. As part of the approval process, DOE will review the content and quality of the safety basis documentation. DOE intends to use the approval process to assess the adequacy of a safety basis developed by a contractor to ensure that workers, the public, and the environment are provided reasonable assurance of adequate protection from identified hazards. Once approved by DOE, the safety basis documentation will not be subject to regulatory enforcement actions unless DOE determines that the information which supports the documentation is not complete and accurate in all material respects, as required by 10 CFR 820.11. This is consistent with the DOE enforcement provisions and policy in 10 CFR part 820.

3. DOE does not intend the adoption of the safety basis requirements to affect the existing quality assurance requirements or the existing obligation of contractors to comply with the quality assurance requirements. In particular, in conjunction with the adoption of the safety basis requirements, DOE revised the language in 10 CFR 830.122(e)(1) to make clear that hazard controls are part of the work processes to which a contractor and other persons must adhere when performing work. This obligation to perform work consistent with hazard controls adopted to meet regulatory or contract requirements existed prior to the adoption of the safety basis requirements and is both consistent with and independent of the safety basis requirements.

4. A documented safety analysis must address all hazards (that is, both radiological and nonradiological hazards) and the controls necessary to provide adequate protection to the public, workers, and the environment from these hazards. Section 234A of the Atomic Energy Act only authorizes DOE to issue civil penalties for violations of requirements related to nuclear safety. Therefore, DOE will impose civil penalties for violations of the safety basis requirements (including hazard controls) only if they are related to nuclear safety.

F. Documented Safety Analysis

1. A documented safety analysis must demonstrate the extent to which a nuclear facility can be operated safely with respect to workers, the public, and the environment.

2. DOE expects a contractor to use a graded approach to develop a documented safety analysis and describe how the graded approach was applied. The level of detail, analysis, and documentation will reflect the complexity and hazards associated with a particular facility. Thus, the documented safety analysis for a simple, low hazard facility may be relatively short and qualitative in nature, while the documented safety analysis for a complex, high hazard facility may be quite elaborate and more quantitative. DOE will work with its contractors to ensure a documented safety analysis is appropriate for the facility for which it is being developed.

3. Because DOE has ultimate responsibility for the safety of its facilities, DOE will review each documented safety analysis:

(i) As part of the initial submittal;

(ii) When revisions are submitted as part of a positive USQ determination or major modification;

(iii) If DOE has reason to believe a portion of the safety basis to be inadequate, or;

(iv) If DOE has reason to believe a portion of the safety basis has substantially changed. DOE will review the documented safety analysis to determine whether the rigor and detail of the documented safety analysis are appropriate for the complexity and hazards expected at the nuclear facility. In particular, DOE will evaluate the documented safety analysis by considering the extent to which the documented safety analysis:

(A) Satisfies the provisions of the methodology used to prepare the documented safety analysis and

(B) Adequately addresses the criteria set forth in 10 CFR 830.204(b). DOE will prepare a Safety Evaluation Report to document the results of its review of the documented safety analysis. A documented safety analysis must contain any conditions or changes required by DOE in the Safety Evaluation Report. Generally, DOE's review of the annual submittal may be limited to ensuring that the results of USQs have been adequately incorporated into the documented safety analysis. If additional changes are proposed by the contractor and included in the annual update that have not been previously approved by DOE or have not been evaluated as a part of the USQ process, DOE must review and approve these changes. DOE has the authority to review the safety basis at any time.

4. In most cases, the contract will provide the framework for specifying the methodology and schedule for developing a documented safety analysis. Table 1 sets forth acceptable methodologies for preparing a documented safety analysis.

Table 1

The contractor responsible for:	May prepare its document safety analysis by:
(1) A DOE reactor	Using the method in U.S. Nuclear Regulatory Commission Regulatory Guide 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants, or successor document.
(2) A DOE nonreactor nuclear facility	Using the method in DOE-STD-3009, Change Notice No. 1, January 2000, Preparation Guide for U.S. Department of Energy Nonreactor Nuclear Facility Safety Analysis Reports, July 1994, or successor document.
(3) A DOE nuclear facility with a limited operational life	Using the method in either: (i) DOE-STD-3009-, Change Notice No. 1, January 2000, or successor document, or (ii) DOE-STD-3011-94, Guidance for Preparation of DOE 5480.22 (TSR) and DOE 5480.23 (SAR) Implementation Plans, November 1994, or successor document.
(4) The deactivation or the transition surveillance and maintenance of a DOE nuclear facility	Using the method in either: (i) DOE-STD-3009, Change Notice No. 1, January 2000, or successor document, or (ii) DOE-STD-3011-94 or successor document.
(5) The decommissioning of a DOE nuclear facility	(i) Using the method in DOE-STD-1120-98, Integration of Environment, Safety, and Health into Facility Disposition Activities, May 1998, or successor document; (ii) Using the provisions in 29 CFR 1910.120 (or 29 CFR 1926.65 for construction activities) for developing Safety and Health Programs, Work Plans, Health and Safety Plans, and Emergency Response Plans to address public safety, as well as worker safety; and (iii) Deriving hazard controls based on the Safety and Health Programs, the Work Plans, the Health and Safety Plans, and the Emergency Response Plans.
(6) A DOE environmental restoration activity that involves either work not done within a permanent structure or the decommissioning of a facility with only low-level residual fixed radioactivity	(i) Using the method in DOE-STD-1120-98 or successor document, and (ii) Using the provisions in 29 CFR 1910.120 (or 29 CFR 1926.65 for construction activities) for developing a Safety and Health Program and a site-specific Health and Safety Plan (including elements for Emergency Response Plans, conduct of operations, training and qualifications, and maintenance management).
(7) A DOE nuclear explosive facility and the nuclear explosive operations conducted therein	Developing its documented safety analysis in two pieces: (i) A Safety Analysis Report for the nuclear facility that considers the generic nuclear explosive operations and is prepared in accordance with DOE-STD-3009, Change Notice No. 1, January 2000, or successor document, and (ii) A Hazard Analysis Report for the specific nuclear explosive operations prepared in accordance with DOE-STD-3016-99, Hazards Analysis Reports for Nuclear Explosive Operations, February 1999, or successor document.
(8) A DOE Hazard Category 3 nonreactor nuclear facility	Using the methods in Chapters 2, 3, 4, and 5 of DOE-STD-3009, Change Notice No. 1, January 2000, or successor document to address in a simplified fashion: (i) The basic description of the facility/activity and its operations, including safety structures, systems, and components; (ii) A qualitative hazards analysis; and (iii) The hazard controls (consisting primarily of inventory limits and safety management programs) and their bases.
(9) Transportation activities	(i) Preparing a Safety Analysis Report for Packaging in accordance with DOE-O-460.1A, Packaging and Transportation Safety, October 2, 1996, or successor document and (ii) Preparing a Transportation Safety Document in accordance with DOE-G-460.1-1, Implementation Guide for Use with DOE O 460.1A, Packaging and Transportation Safety, June 5, 1997, or successor document.
(10) Transportation and onsite transfer of nuclear explosives, nuclear components, Naval nuclear fuel elements, Category I and Category II special nuclear materials, special assemblies, and other materials of national security	(i) Preparing a Safety Analysis Report for Packaging in accordance with DOE-O-461.1, Packaging and Transportation of Materials of National Security Interest, September 29, 2000, or successor document and (ii) Preparing a Transportation Safety Document in accordance with DOE-M-461.1-1, Packaging and Transfer of Materials of National Security Interest Manual, September 29, 2000, or successor document.

5. Table 1 refers to specific types of nuclear facilities. These references are not intended to constitute an exhaustive list of the specific types of nuclear facilities. Part 830 defines nuclear facility broadly to include a reactor or a nonreactor nuclear facility where an activity is conducted for or on behalf of DOE and includes any related area, structure, facility, or activity to the extent necessary to ensure proper implementation of the requirements established by this part. The only exceptions are those facilities specifically excluded such as accelerators. Table 2 defines the terms referenced in Table 1 that are not defined in 10 CFR 830.3.

6. The contractor responsible for the design and construction of a new Hazard Category 1, 2, or 3 DOE nuclear facility or a major modification to an existing Hazard Category 1, 2, or 3 DOE nuclear facility must prepare a preliminary documented safety analysis. A preliminary documented safety analysis can ensure that substantial costs and time are not wasted in constructing a nuclear facility that will not be acceptable to DOE. If a contractor is required to prepare a preliminary documented safety analysis, the contractor must obtain DOE approval of the preliminary documented safety analysis prior to procuring materials or components or beginning construction. DOE, however, may authorize the contractor to perform limited procurement and construction activities without approval of a preliminary documented safety analysis if DOE determines that the activities are not detrimental to public health and safety and are in the best interests of DOE. DOE Order 420.1, or successor document, sets forth acceptable nuclear safety design criteria for use in preparing a preliminary documented safety analysis. As a general matter, DOE does not expect preliminary documented safety analyses to be needed for activities that do not involve significant construction such as environmental restoration activities, decontamination and decommissioning activities, specific nuclear explosive operations, or transition surveillance and maintenance activities.

1. Hazard controls are measures to eliminate, limit, or mitigate hazards to workers, the public, or the environment. They include:

2. The types and specific characteristics of the safety management programs necessary for a DOE nuclear facility will be dependent on the complexity and hazards associated with the nuclear facility and the work being performed. In most cases, however, a contractor should consider safety management programs covering topics such as quality assurance, procedures, maintenance, personnel training, conduct of operations, criticality safety, emergency preparedness, fire protection, waste management, and radiation protection. In general, DOE Orders set forth DOE's expectations concerning specific topics. For example, DOE Order 420.1, or successor document provides DOE's expectations with respect to fire protection and criticality safety.

3. Safety structures, systems, and components require formal definition of minimum acceptable performance in the documented safety analysis. This is accomplished by first defining a safety function, then describing the structure, systems, and components, placing functional requirements on those portions of the structures, systems, and components required for the safety function, and identifying performance criteria that will ensure functional requirements are met. Technical safety requirements are developed to ensure the operability of the safety structures, systems, and components and define actions to be taken if a safety structure, system, or component is not operable.

4. Technical safety requirements establish limits, controls, and related actions necessary for the safe operation of a nuclear facility. The exact form and contents of technical safety requirements will depend on the circumstances of a particular nuclear facility as defined in the documented safety analysis for the nuclear facility. As appropriate, technical safety requirements may have sections on:

It may also have an appendix on the bases for the limits and requirements. DOE Guide 423.1-1B, Implementation Guide for Use in Developing Technical Safety Requirements, or successor document, provides a complete description of what technical safety requirements should contain and how they should be developed and maintained.

5. DOE will examine and approve the technical safety requirements as part of preparing the safety evaluation report and reviewing updates to the safety basis. As with all hazard controls, technical safety requirements must be kept current and reflect changes in the facility, the work and the hazards as they are analyzed in the documented safety analysis. In addition, DOE expects a contractor to maintain technical safety requirements, and other hazard controls as appropriate, as controlled documents with an authorized users list.

6. Table 3 sets forth DOE's expectations concerning acceptable technical safety requirements.

1. The USQ process is an important tool to evaluate whether changes affect the safety basis. A contractor must use the USQ process to ensure that the safety basis for a DOE nuclear facility is not undermined by changes in the facility, the work performed, the associated hazards, or other factors that support the adequacy of the safety basis.

2. The USQ process permits a contractor to make physical and procedural changes to a nuclear facility and to conduct tests and experiments without prior approval, provided these changes do not cause a USQ. The USQ process provides a contractor with the flexibility needed to conduct day-to-day operations by requiring only those changes and tests with a potential to impact the safety basis (and therefore the safety of the nuclear facility) be approved by DOE. This allows DOE to focus its review on those changes significant to safety. The USQ process helps keep the safety basis current by ensuring appropriate review of and response to situations that might adversely affect the safety basis.

3. DOE Guide 424.1-1B Chg 2, Implementation Guide for Use in Addressing Unreviewed Safety Question Requirements, or successor document provides DOE's expectations for a USQ process. The contractor must obtain DOE approval of its procedure used to implement the USQ process. The contractor is allowed to make editorial and format changes to its USQ procedure while maintaining DOE approval.

1. The DOE Management Official for a DOE nuclear facility (that is, the Assistant Secretary, the Assistant Administrator, or the Office Director who is primarily responsible for the management of the facility) has primary responsibility within DOE for ensuring that the safety basis for the facility is adequate and complies with the safety basis requirements of Part 830. The DOE Management Official is responsible for ensuring the timely and proper -

(ii) Preparation of a safety evaluation report concerning the safety basis for a facility.

2. DOE will maintain a public list on the internet that provides the status of the safety basis for each Hazard Category 1, 2, or 3 DOE nuclear facility and, to the extent practicable, provides information on how to obtain a copy of the safety basis and related documents for a facility.

For purposes of Table 1:	Means:
(1) Deactivation	The process of placing a facility in a stable and known condition, including the removal of hazardous and radioactive materials.
(2) Decontamination	The removal or reduction of residual radioactive and hazardous materials by mechanical, chemical, or other techniques to achieve a stated objective or end condition.
(3) Decommissioning	Those actions taking place after deactivation of a nuclear facility to retire it from service and includes surveillance and maintenance, decontamination, and/or dismantlement.
(4) Environmental restoration activities	The process by which contaminated sites and facilities are identified and characterized and by which existing contamination is contained, or removed and disposed.
(5) Generic nuclear explosive operation	A characterization that considers the collective attributes (such as special facility system requirements, physical weapon characteristics, or quantities and chemical/physical forms of hazardous materials) for all projected nuclear explosive operations to be conducted at a facility.
(6) Nuclear explosive facility	A nuclear facility at which nuclear operations and activities involving a nuclear explosive may be conducted.
(7) Nuclear explosive operation	Any activity involving a nuclear explosive, including activities in which main-charge, high-explosive parts and pits are collocated.
(8) Nuclear facility with a limited operational life	A nuclear facility for which there is a short remaining operational period before ending the facility's mission and initiating deactivation and decommissioning and for which there are no intended additional missions other than cleanup.
(9) Specific nuclear explosive operation	A specific nuclear explosive subjected to the stipulated steps of an individual operation, such as assembly or disassembly.
(10) Transition surveillance and maintenance activities	Activities conducted when a facility is not operating or during deactivation, decontamination, and decommissioning operations when surveillance and maintenance are the predominant activities being conducted at the facility. These activities are necessary for satisfactory containment of hazardous materials and protection of workers, the public, and the environment. These activities include providing periodic inspections, maintenance of structures, systems, and components, and actions to prevent the alteration of hazardous materials to an unsafe state.

As appropriate for a particular DOE nuclear facility, the section of the technical safety requirements on:	Will provide information on:
(1) Safety limits	The limits on process variables associated with those safety class physical barriers, generally passive, that are necessary for the intended facility function and that are required to guard against the uncontrolled release of radioactive materials. The safety limit section describes, as precisely as possible, the parameters being limited, states the limit in measurable units (pressure, temperature, flow, etc.), and indicates the applicability of the limit. The safety limit section also describes the actions to be taken in the event that the safety limit is exceeded. These actions should first place the facility in the safe, stable condition attainable, including total shutdown (except where such action might reduce the margin of safety) or should verify that the facility already is safe and stable and will remain so. The technical safety requirement should state that the contractor must obtain DOE authorization to restart the nuclear facility following a violation of a safety limit. The safety limit section also establishes the steps and time limits to correct the out-of-specification condition.
(2) Operating limits	Those limits which are required to ensure the safe operation of a nuclear facility. The operating limits section may include subsections on limiting control settings and limiting conditions for operation.
(3) Limiting control settings	The settings on safety systems that control process variables to prevent exceeding a safety limit. The limited control settings section normally contains the settings for automatic alarms and for the automatic or non-automatic initiation of protective actions related to those variables associated with the function of safety class structures, systems, or components if the safety analysis shows that they are relied upon to mitigate or prevent an accident. The limited control settings section also identifies the protective actions to be taken at the specific settings chosen in order to correct a situation automatically or manually such that the related safety limit is not exceeded. Protective actions may include maintaining the variables within the requirements and repairing the automatic device promptly or shutting down the affected part of the process and, if required, the entire facility.
(4) Limiting conditions for operations	The limits that represent the lowest functional capability or performance level of safety structures, systems, and components required to perform an activity safely. The limiting conditions for operation section describes, as precisely as possible, the lowest functional capability or performance level of equipment required for continued safe operation of the facility. The limiting conditions for operation section also states the action to be taken to address a condition not meeting the limiting conditions for operation section. Normally this simply provides for the adverse condition being corrected in a certain time frame and for further action if this is impossible.
(5) Surveillance requirements	Requirements relating to test, calibration, or inspection to assure that the necessary operability and quality of safety structures, systems, and components is maintained; that facility operation is within safety limits; and that limiting control settings and limiting conditions for operation are met. If a required surveillance is not successfully completed, the contractor is expected to assume the systems or components involved are inoperable and take the actions defined by the technical safety requirement until the systems or components can be shown to be operable. If, however, a required surveillance is not performed within its required frequency, the contractor is allowed to perform the surveillance within 24 hours or the original frequency, whichever is smaller, and confirm operability.
(6) Administrative controls	Organization and management, procedures, recordkeeping, assessment, and reporting necessary to ensure safe operation of a facility consistent with the technical safety requirement. In general, the administrative controls section addresses (i) the requirements associated with administrative controls (including those for reporting violations of the technical safety requirement); (ii) the staffing requirements for facility positions important to safe conduct of the facility; and (iii) the commitments to the safety management programs identified in the documented safety analysis as necessary components of the safety basis for the facility.
(7) Use and application provisions	The basic instructions for applying the safety restrictions contained in a technical safety requirement. The use and application section includes definitions of terms, operating modes, logical connectors, completion times, and frequency notations.
(8) Design features	Design features of the facility that, if altered or modified, would have a significant effect on safe operation.
(9) Bases appendix	The reasons for the safety limits, operating limits, and associated surveillance requirements in the technical safety requirements. The statements for each limit or requirement shows how the numeric value, the condition, or the surveillance fulfills the purpose derived from the safety documentation. The primary purpose for describing the basis of each limit or requirement is to ensure that any future changes to the limit or requirement is done with full knowledge of the original intent or purpose of the limit or requirement.