Application of The Management System For NF - Draft Safety Guide DS349, IAEA, Vienna (2008)

DS349 Draft 6
Date: 22 Jan. 2007
IAEA SAFETY STANDARDS

for protecting people and the environment
Status: For submission to member States

Comments due 31 May 2007
Application of the Management System for

Nuclear Facilities
DRAFT SAFETY GUIDE

DS349
Revision of Safety Series 50-SG-Q8 to Q14 (1996)
IAEA
International Atomic Energy Agency
FOREWORD
by Mohamed ElBaradei
Director General
The IAEAs Statute authorizes the Agency to establish safety standards to protect health and
minimize danger to life and property standards which the IAEA must use in its own
operations, and which a State can apply to its nuclear and radiation related facilities and
activities. A comprehensive body of safety standards under regular review, together with the
IAEAs assistance in their application, has become a key element in a global safety regime.
In the mid-1990s, a major overhaul of the IAEAs safety standards programme was initiated,
with a revised oversight committee structure and a systematic approach to updating the entire
corpus of standards. The new standards that have resulted are of a high calibre and reflect best
practices in Member States. With the assistance of the Commission on Safety Standards, the
Agency is working to promote the global acceptance and use of its safety standards.
Safety standards are only effective, however, if they are properly applied in practice. The
IAEAs safety services which range in scope from engineering safety, operational safety,
and radiation, transport and waste safety to regulatory matters and safety culture in
organizations assist Member States in applying the standards and appraise their
effectiveness. These safety services enable valuable insights to be shared and I continue to
urge all Member States to make use of them.
Regulating safety in nuclear and radiation related activities is a national responsibility, and
many Member States have decided to adopt the IAEAs safety standards for use in their
national regulations. For the Contracting Parties to the various international safety
conventions, IAEA standards provide a consistent, reliable means of ensuring the effective
fulfillment of obligations under the conventions. The standards are also used around the world
by organizations that design, manufacture and apply nuclear and radiation related
technologies in power generation, medicine, industry, agriculture, research and education.
The IAEA takes seriously the enduring challenge for operators and regulators everywhere
of ensuring a high level of safety in the use of nuclear and radioactive materials around the
world. Their continuing utilization for the benefit of humankind must be managed in a safe
manner, and the IAEA safety standards are designed to facilitate the achievement of that goal.
ii
CONTENTS
1. INTRODUCTION
BACKGROUND
OBJECTIVE
SCOPE
STRUCTURE
2. MANAGEMENT SYSTEM
GENERAL REQUIREMENTS
SAFETY CULTURE
GRADING THE APPLICATION OF MANAGEMENT SYSTEM
REQUIREMENTS
DOCUMENTATION OF THE MANAGEMENT SYSTEM
3. MANAGEMENT RESPONSIBILITY
MANAGEMENT COMMITMENT
SATISFACTION OF INTERESTED PARTIES
ORGANIZATIONAL POLICIES
Developing the policies
Implementing policies
Safety, Health and Environment Policies
Quality policy
Change management policy
Security policy
PLANNING
RESPONSIBILITIES AND AUTHORITY FOR THE MANAGEMENT SYSTEM
4.
RESOURCE MANAGEMENT
PROVISION OF RESOURCES
Resources provided by suppliers and partners
Managing information and knowledge
HUMAN RESOURCES
INFRASTRUCTURE AND THE WORKING ENVIRONMENT
Managing material assets
Replacing old technologies
5. PROCESS IMPLEMENTATION
DEVELOPING PROCESSES
Process model
PROCESS MANAGEMENT
GENERIC MANAGEMENT SYSTEM PROCESSES
Control of documents
Control of products
Measuring and testing equipment
Control of records
Purchasing
Communication
Managing organizational change
PROCESSES COMMON TO ALL STAGES
Project management
Work planning and control
Workplace risk assessment
Personnel safety
Control and supervision of contractors
Design
1
1
1
1
2
3
3
5
iii
25
26
29
29
29
31
31
32
34
35
36
36
36
37
39
39
39
40
41
42
42
43
44
44
45
47
48
48
49
52
54
54
56
56
56
57
61
62
64
65
66
Configuration management
Plant modification
Maintenance
Housekeeping and cleanliness
Handling and storage
Inventory management
Identification and labelling of systems, structures and components
Waste management
Environmental management
Regulatory interface
Information technology
Fire protection
Security
6. MEASUREMENT, ASSESSMENT AND IMPROVEMENT
MONITORING AND MEASUREMENT
Management oversight
SELF-ASSESSMENT
Self assessment by senior management
Self assessment by managers and individuals
INDEPENDENT ASSESSMENT
Types of independent assessment
MANAGEMENT SYSTEM REVIEW
NON-CONFORMANCES, CORRECTIVE AND PREVENTIVE ACTIONS
Non-conformance control
Corrective actions
Preventive actions
Event Reporting
IMPROVEMENT
APPENDIX I METHODOLOGY FOR GRADING THE APPLICATION OF
MANAGEMENT SYSTEM REQUIREMENTS
APPENDIX II: MANAGEMENT SYSTEM FOR THE RESEARCH AND DEVELOPMENT
STAGE OF A NUCLEAR FACILITY
APPENDIX III: MANAGEMENT SYSTEM FOR THE SITING STAGE OF A NUCLEAR
FACILITY
APPENDIX IV: MANAGEMENT SYSTEM FOR THE DESIGN STAGE OF A NUCLEAR
FACILITY
APPENDIX V: MANAGEMENT SYSTEM FOR THE CONSTRUCTION STAGE OF A
NUCLEAR FACILITY
APPENDIX VI: MANAGEMENT SYSTEM FOR THE COMMISSIONING STAGE OF A
NUCLEAR FACILITY
APPENDIX VII: MANAGEMENT SYSTEM FOR THE OPERATION STAGE OF A
NUCLEAR FACILITY
APPENDIX VIII: MANAGEMENT SYSTEM FOR THE DECOMMISSIONING STAGE OF
A NUCLEAR FACILITY
REFERENCES
ANNEX I EXAMPLE OF THE CONTENTS OF A BUSINESS PLAN
GLOSSARY
CONTRIBUTORS TO DRAFTING AND REVIEW
iv
80
82
82
82
83
85
86
86
87
88
88
90
90
91
91
91
93
93
94
98
99
101
102
103
103
105
105
106
109
110
118
119
120
130
131
132
133
135
139
141
1. INTRODUCTION
BACKGROUND
1.1.
This Safety Guide supports the Safety Requirements publication on The Management
System for Facilities and Activities [1]. It provides supplementary guidance to the generic
guidance provided in Ref. [2] to enable nuclear facilities1 to comply with the requirements
established in Ref. [1].
1.2
This Safety Guide is part of a series of publications produced by the IAEA dealing
with management systems. Application of the requirements and guidance on the management
system throughout the lifetime of a nuclear facility will contribute to the achievement and
enhancement of high levels of safety standards.
1.3.
Methods and solutions other than those set out in this Safety Guide for fulfilling the
requirements established in Ref. [1] might be acceptable provided they result in at least the
same level of safety.
OBJECTIVE
1.4.
The objective of this publication is to provide supplementary guidance to that provided
in Ref. [2] for establishing, implementing, assessing and continually improving a management
system which integrates elements of safety, health, environment, security 2 , quality and
economics3. All the topics have a corresponding requirement within Ref. [1].
SCOPE
1.5.
This Safety Guide is applicable the lifetime of a nuclear facility. This includes any
subsequent period of control until there is no significant residual radiation hazard. For a
facility,
this
includes
siting,
design,
construction,
commissioning,
operation
and
Nuclear facilities include nuclear power plants, other reactors (such as research reactors and critical
assemblies), and fuel cycle facilities.
2
This Safety Guide covers the security of nuclear facilities, nuclear material and sources of radiation only to the
extent that security measures for physical protection are essential to safety and the failure of such measures has
consequences for safety.
3
Economic objectives are included in the list of elements that have to be integrated, as it is recognized that
economic decisions and actions may introduce or may mitigate potential risks.
decommissioning (or close-out or closure). The lifetime stages of a nuclear facility might
overlap each other.
1.6.
The guidance in this publication should be used in conjunction with the generic
guidance provided in Ref. [2]. An indication is provided in each section if this guide provides
supplementary guidance to Ref. [2] or if there is no supplementary guidance to Ref. [2].
1.7.
This Safety Guide can be used by facilities in the following ways:
To support the development, implementation, assessment and improvement of the
management systems of those facilities directly responsible for research4, siting,

designing, constructing, commissioning, operating and decommissioning nuclear
facilities;
As an aid to the assessment of the adequacy of the management system of
To specify to a supplier, via contractual documentation, any specific element that
organisations by regulatory bodies;
should be included within the suppliers management system for the supply and
delivery of products5.
STRUCTURE
1.8.
This Safety Guide follows the structure of Ref. [1].
Section 2 provides guidance for implementing the management system, including
guidance relating to safety culture, grading, and documentation;
Section 3 provides guidance on the responsibilities of senior management6 for the
development and implementation of an effective management system;
Section 4 provides guidance on resource management, including guidance on

human resources, infrastructure and the working environment;
This term covers research on items, services and processes impacting safety during the siting, design,
construction, commissioning, operation and decommissioning of a nuclear facility, and the carrying out of the
research activities for which a nuclear facility (e.g. research reactor) is built.
5
A product is an output from a process. Examples include a maintained piece of equipment, or electricity.
6
Senior management means the person who, or group of people which, directs, controls and assesses an
organization at the highest level. In nuclear facilities many different terms are used, including, for example: chief
executive officer (CEO), director general, executive team, plant manager, top manager, site vice-president,
managing director.
4
Section 5 provides guidance on how the processes of the facility can be identified
and developed, including guidance on some generic processes of the management

system;
Section 6 provides guidance for measuring, assessing and improving the
The appendices provide guidance on the specific processes that should be
management system;
developed for the lifetime of a nuclear facility: research, siting, design,

construction, commissioning, operation and decommissioning;
The Annex provides an example of a business plan for a nuclear facility.

2. MANAGEMENT SYSTEM
GENERAL REQUIREMENTS
GS-R-3 [1] states in paras 2.1 to 2.4 that:
A management system shall be established, implemented, assessed and continually improved.

It shall be aligned with the goals of the facility and shall contribute to their achievement. The
main aim of the management system shall be to achieve and enhance safety by:
Bringing together in a coherent manner all the requirements for managing the
Describing the planned and systematic actions necessary to provide adequate
Ensuring that health, environmental, security, quality and economic related
facility;
confidence that all these requirements are satisfied;
requirements are not considered separately from safety requirements, to help

preclude their possible negative impact on safety.
Safety shall be paramount within the management system, overriding all other demands.
The management system shall identify and integrate with the requirements contained within
this publication:
The statutory and regulatory requirements of the Member State;
Any requirements formally agreed with interested parties (also known as
All other relevant IAEA Safety Requirements publications, such as those on
stakeholders7);
emergency preparedness and response [16] and safety assessment;
Requirements from other relevant codes and standards adopted for use by the
organization.
The organization shall be able to demonstrate the effective fulfilment of its management
system requirements.
The following guidance has been developed to provide a means of implementing this
requirement for nuclear facilities. It is supplementary to, and should be read in conjunction
with, the generic guidance contained in Ref. [2].
2.1.
Senior management should be the sole source of operational direction of the facility.
The management system should define the responsibilities of the process owners and of the
line organization, so that there are clear lines of authority and accountability. The process
owners should support the operational direction with the responsibility to develop effective
processes and to ensure they remain effective. The line organization implements the processes
within their areas of responsibility. More information regarding the operating organization can
be found in Ref. [10].
2.2.
It should be clear within the management system what the reporting mechanisms are
and who has specific reporting responsibilities regarding what, when and how to report and to
whom.
2.3.
Guidance on the processes to be addressed in the management system for the different
stages in the lifetime of the nuclear facility is given in appendices II to VIII of this Safety
Guide. The utility may establish separate organizations for these stages or may combine them
Stakeholder: interested party; concerned party. Stakeholder means an interested party whether a person or a
company, etc. with an interest or concern in ensuring the success of an organization, business, system, etc. To
have a stake in something figuratively means to have something to gain or lose by, or to have an interest in, the
turn of events. The term stakeholder is used in a broad sense to mean a person or group having an interest in the
performance of an organization. Those who can influence events may effectively become interested parties
whether their interest is regarded as genuine or not in the sense that their views need to be considered.
Interested parties have typically included the following: customers, owners, operators, employees, suppliers,
partners, trade unions, the regulated industry or professionals; scientific bodies; governmental agencies or
regulators (local, regional and national) whose responsibilities may cover nuclear energy; the media; the public
(individuals, community groups and interest groups); and other States, especially neighboring States that have
entered into agreements providing for an exchange of information concerning possible transboundary impacts, or
States involved in the export or import of certain technologies or materials.
7
under one organization. Whichever organizational arrangement is utilized, the responsibilities

and interfaces should be clearly defined and understood. The management systems should
cover all the activities that are carried out during the relevant stage in the lifetime of the
facility. It should be recognized that many activities and outputs from one stage may be
necessary to aid work during later stages and may affect the way that this work is carried out.
The management system, when applied in practice, should give the assurance that the nuclear
facility will conform to specified requirements.
SAFETY CULTURE
GS-R-3 [1] states in para 2.5 that:
The management system shall be used to promote and support a strong safety culture by:
Ensuring a common understanding of the key aspects of safety culture within the
facility;
Providing the means by which the facility supports individuals and teams to carry
out their tasks safely and successfully, taking into account the interaction between
individuals, technology and the organization;
Reinforcing a learning and questioning attitude at all levels of the facility;
Providing the means by which the facility continually seeks to develop and
improve its safety culture.
2.4.
Any effort to focus attention to develop or improve the safety culture of an
organization should rely on a common understanding of the concept itself. Every organisation
has a culture, however only an organization with safety as a primary goal (for example, safety
always taking priority over production) can be said to have developed a safety culture.
2.5.
Safety culture should be based on fundamental safety beliefs (assumptions) and on a
code of conduct that reflects safety values that are commonly shared by all individuals.
Ultimately the safety culture is revealed in the visible individual and collective behaviours of
the organization.
2.6.
Senior management should establish and promote a set of safety principles to serve as
guidance to taking decisions and promoting behaviour. Examples of such principles used in
some organizations are as follows:
2.7.
Everyone has an impact on nuclear safety;
Leaders demonstrate commitment to safety;
Trust and open communication permeates throughout the organization;
Decision-making reflects safety first;
Nuclear is recognized as unique;
A questioning attitude is cultivated;
Organizational learning is embraced;
Nuclear safety undergoes constant review.
A common understanding by all individuals of the characteristics and attributes of a
good safety culture should be a prerequisite, so that everyone can seek and identify strengths
and weaknesses and thereby enhance the safety culture. The following framework consists of a
set of five key safety culture characteristics, which in turn contain a number of attributes that
are related to safety outcomes. The key characteristics are illustrated below. Furthermore, the
attributes are described together with some guidance on what to look for in relation to these
attributes.
2.8.
This framework can be used in two ways:
To reach a common understanding of what factors are important to consider in
To evaluate the strengths and weaknesses in an organization both through self-
relation to safety culture;
assessments and by external review.
Safety Culture Characteristics and Attributes
Safety is a clearly
recognized value
Safety is integrated
into all activities
Safety is
learning driven
SAFETY
CULTURE
CHARACTERISTICS
Leadership for
safety is clear
Accountability for
safety is clear
FIG. 1 Safety culture characteristics and attributes

The following text provides some illustrative examples of each of the five safety culture
characteristics and their attributes as identified in Ref. [2].
Safety is a clearly recognized value
2.9.
The ways that an organization makes and communicates decisions are considered very
important parts of the safety culture because decisions represent values in action. The stated
goals, strategies and plans for the organization establish its objectives and priorities in the
short and longer terms. Reference [1] states that Safety shall be paramount within the
management system, overriding all other demands. Management should consider safety when
establishing goals, strategies and plans, and should use the declared priorities and objectives
when allocating resources.
Attributes:
The high priority given to safety is shown in documentation, communications and

decision making:
Refs [12] and [31] require the establishment of a safety policy which states the
commitment of the organization to safety and which establishes the highest
level expectations for decision-making and conduct for the organization;
The safety policy should be posted in facilities and should be known to
The safety policy should be appropriately transferred into documentation;
individuals;
The rationale for significant decisions related to safety should be
communicated regularly to individuals;
Decisions which impact safety should be made in a timely manner;
Multiple methods should be used to communicate the value of safety
Key safety decisions should be periodically revisited and assumptions and
throughout the organization;
conclusions should be challenged in the light of new information, operating

experience or changes in context.
Safety is a primary consideration in the allocation of resources:
goals, strategies, plans and objectives.
The strategic business importance of safety is reflected in the business plan:
Resource allocations should be in line with the stated priorities and safety
Safety performance goals, strategies, plans and objectives should be clearly

identified and integrated into the overall business plan.
Individuals are convinced that safety and production go hand in hand:
Leaders should be especially sensitive to decisions that could appear to place
production or other factors ahead of safety and should take care to explain them
to individuals.
A proactive and long term approach to safety issues is shown in decision-making:
Strategic and longer range planning processes should take account of known
and potential safety issues;
Senior management incentives and priorities should not be solely focused on

short term goals, strategies, plans and objectives.
Safety conscious behaviour is socially accepted and supported (both formally and
informally):
The performance appraisal process should recognize and reward safety
conscious behaviour;
Peers should encourage each other to engage in safety conscious behaviour.
Leadership for safety is clear

2.10.
Senior managers should be the leading advocates of safety and should demonstrate
their commitment in both words and actions. The safety message should be communicated
frequently and consistently. Leaders should create cultures by their actions (and inactions) and
by the values and assumptions they communicate. A leader is someone who has an influence
on the thoughts, attitudes and behaviour of others. Leaders cannot completely control the
safety culture, but they influence it. Leaders throughout the organization should set an
example for safety, for example through their direct involvement in training and field
oversight of important activities. Individuals in the organization generally deliver the levels of
performance that leaders personally demonstrate. Standards should therefore be set for aspects
that are important for safety.
Attributes:
Senior management is clearly committed to safety:
Senior managers should treat supervisors as a crucial part of the management

team as they translate safety culture into practice, and should provide them with
their full support;
Senior corporate leaders should periodically visit operating facilities to assess

management effectiveness first hand.
Commitment to safety is evident at all management levels:
Leaders should establish clear expectations for performance in areas that affect
Leaders should adhere strictly to policies and procedures in their individual
safety and these should be documented where appropriate;
conduct, and should not expect or accept special treatment;
Leaders should not accept below standard safety performance for any reason;
Leaders should exhibit a strong sense of urgency to correct significant
weaknesses or vulnerabilities.
There is visible leadership showing the involvement of management in safety

related activities:
Leaders should be able to recognize degraded safety conditions (physical or
Leaders should individually inspect performance and conditions in the field by
organizational);
walking, observing and listening to individuals, and should intervene

vigorously to fix safety problems (walk, look, listen and fix);
Managers should ensure situations adverse to safety are corrected;
Supervisors should spend time observing and coaching individuals at their
work locations and should provide constructive feedback to reinforce expected

behaviour;
Supervisors should frequently discuss safety issues with their teams/work
Leaders should visit individuals at their work locations
Leadership skills are systematically developed:
Selection and evaluation of managers and supervisors should take account of
Change management skills should be taught to individuals in leadership roles;
groups;
their demonstrated ability to foster a healthy safety culture;
A succession plan should be put in place to develop future managers that would
include safety culture aspects.
Management ensures that there are sufficient and competent individuals:
The organization should maintain a knowledgeable workforce to support a

broad spectrum of operational and technical decisions. Outside expertise should
be employed when necessary;
Individuals should only perform work for which they are trained and qualified;
There should be a systematic approach to training and qualification;
Attendance of individuals at training should be given a very high priority;
Staffing levels should be consistent with the demands related to safety and
reliability.
10
Management seeks the active involvement of individuals in improving safety:
Leaders should actively seek dissenting views and diverse perspectives and
should encourage robust discussion to support individual thinking;
Leaders should welcome concerns raised by individuals, and should take
Where practical, leaders should involve individuals in decisions and activities
Individuals should be able to say that their opinion matters and should be able
action, or explain why no action was taken;

that affect them;
to point to instances where their input has led to positive change.
Safety implications are considered in the change management processes:
Change management and control processes should be in place so that changes

to procedures, equipment and other changes consider and incorporate safety
impacts;
Impending changes should be communicated to individuals in ways that

maintain trust in the organization.
Management shows a continual effort to strive for openness and good

communication throughout the organization:
Supervisors should be skilled in responding to individuals questions in an open
Leaders should make sure that open communication is valued and potential
and honest manner and should maintain healthy relationships with individuals;
blockages are addressed;
Leaders should visit individuals at their work locations and where possible
should conduct open forum meetings to explain the context for issues and
decisions. Leaders should encourage individuals to ask questions.
Management has the ability to resolve conflicts as necessary:
When needed, fair and objective methods should be used to resolve conflict and
to settle disputes.
Relationships between management and individuals are built on trust:
Managers should deliver what they promise in their communications;
Individuals should adhere to the management system;
Managers should be trusted by individuals to act professionally when
individuals raise safety concerns or identify near miss events;
11
Managers should ensure that a safety conscious working environment prevails
throughout the organization;
Managers should ensure that communication is not stifled within the
organization and should take prompt action to eliminate this effect if it is

discovered.
Accountability for safety is clear

2.11.
Management should establish the authority and decision making powers for all
positions in the organization. These powers should be exercised and there should be clear lines
of authority for safety matters. Accountability means that each individual should know their
specific assigned tasks (i.e. what they have to accomplish and by when, and how to recognize
good results); individuals should either execute these tasks as expected or should report to
their supervisor if they are not able to execute them. The behaviour of management towards
regulators should be such that strong signals are sent to the organization about respect for rules
and the importance of safety. An independent and constructive relationship should therefore
exist between the organization and the regulator.
Attributes:
An appropriate relationship with the regulatory body exists that ensures that the
accountability for safety remains with the licensee:
Complete and accurate information should be provided to the regulatory body;
The regulatory body should be consulted to obtain clarification and regulatory
The regulatory body should perceive the licensee to be open and timely in their
guidance;
reporting and interactions;
Roles and responsibilities are clearly defined and understood:
The organization is required to clearly define and document roles and
Individuals should understand their roles and responsibilities for safety, and
Individuals should know where to go for help with safety issues and should
responsibilities for all aspects of safety under its control (Refs [12] and [31]);
how their work impacts on safety;
seek clarification when necessary;
12
When contractors are involved with work, their roles and responsibilities for
safety should normally be defined in contractual documents. Affected
individuals within the organization and within the contractor organization

should be suitably aware of these arrangements;
There is a high level of compliance with regulations and procedures:
Individuals should adhere to regulations and procedures so that instances of
Managements expectations about procedure use (i.e. when procedures are to
non-compliance are avoided;
be in the hands of the user and consulted) and adherence (i.e. the degree of
compliance expected) should be clear and well known to individuals;
Supervisors and managers should frequently inspect worksites to ensure that
procedures are being used and followed in accordance with expectations.
Management delegates responsibility with appropriate authority to enable clear

accountabilities to be established:
Accountable behaviour should be positively reinforced by managers and peers;

People should help each other achieve their accountabilities;
Accountability should be perceived as a good thing and should not be viewed
All
The way authority is exercised should not discourage individuals from
negatively as a way to apportion blame;

operational
should
accountability before execution;

maintaining
observations.
decisions
open
communication
preferably
or
have
reporting
clear
concerns
single-point
or
unusual
Ownership for safety is evident at all organizational levels and for all
individuals:
Individuals should have their own targets regarding safety and continually seek
Individuals should take care of the safety of their own working environment;
improvement.
Supervisors should promote good safety practices.
Safety is integrated into all activities

13
2.12.
The culture of an organization should embrace everything it does and so, in a healthy
safety culture, it should be clearly apparent that safety is integrated into all activities in the
organization.
Attributes:
Trust permeates the organization.
Consideration for all types of safety, including industrial and environmental safety
The quality of documentation and procedures is good:
and security, is evident;
Procedures should be controlled, clear, understandable and up to date and
Documentation should be comprehensive and easy to understand and should be
Responsibilities for preparing documentation and for reviews should be clearly
should be easy to find, use and revise;

easily accessible;
defined and understood.
The quality of processes, from planning to implementation and review, is good;
Work should be pre-planned (including plans for contingencies) to ensure that
Individuals should follow the approved plans and should seek proper approvals
Work should be planned in sufficient detail to allow people to work effectively
all safety functions are maintained effective at all times;

before deviating from the approved plans;
and efficiently (e.g. resources should be matched to demands, spares and tools
should be available when needed).
Individuals have the necessary knowledge and understanding of the work

processes:
Individuals should have a good understanding not only of their own work
processes, but also how these processes interact with other processes.
Factors affecting work motivation and job satisfaction are considered:
People and their professional capabilities, values and experience should be
The reward systems should be aligned with safety policies and should reinforce
regarded as the organizations most valuable strategic asset for safety;

the desired behaviour and outcomes;
14
Recognition should be given to individuals and teams for exemplary
performance;
People should have a sense of pride in their work and should feel that their
tasks and performance are important contributors to the success of the

company;
Managers should be trained and should have the appropriate knowledge of

factors influencing human performance.
Good working conditions exist with regard to time pressures, workload and stress:
The scheduling of safety critical tasks during night work should be avoided;
Shift schedules should be based on up to date knowledge of best solutions with
regard to human performance capabilities;
Records of overtime should be kept, trended and acted upon;

Planned overtime should be kept within regulated standards;
The physical working environment should be conducive to high standards of

safety and performance (e.g. standards of housekeeping, provision of
equipment and tools including response equipment, guarding and posting of
hazards);
Individuals should be consulted about the ergonomics and effectiveness of their
Human factors specialists should be available to the organization.
There is cross-functional and interdisciplinary cooperation and teamwork:
working environment;
Multi-disciplinary teams (different work groups and different levels) should be
used to develop solutions to problems when appropriate;
Individuals should interact with openness and trust and should routinely offer
support to each other.
Housekeeping and material conditions reflect commitment to excellence:
Management should not accept long-standing problems with pieces of
equipment, systems or processes as the way things are. Management should

pay vigorous attention to resolve such problems even when the fixes are
challenging and expensive;
There should be a process for identifying long-standing equipment or process

issues. For example, each issue could have an action plan for its solution.
15
Safety is learning-driven
2.13.
An organization should be constantly trying to improve performance so that it does not
become complacent. Complacency is often a pre-cursor to serious decline. Consequently,

management should establish processes and should show by individual example and direction
that it expects people to look for ways to learn and improve. Operating experience should be
highly valued, and the capacity to learn from experience should be well developed. Training,
benchmarking and self-assessments are often used to stimulate learning and improve
performance.
Attributes:
A questioning attitude prevails at all organizational levels:
Individuals should notice and should be able to question unusual signs and
Individuals at all levels should be encouraged to ask questions in meetings;
occurrences, and should seek guidance when in doubt;
Management should be questioning of its own attitudes and insights and should
actively seek independent views.
Open reporting of deviations and errors is encouraged:
The organization should have a variety of established processes to allow and

encourage individuals to report abnormal conditions, concerns, actual or near
miss events etc.;
Individuals should be comfortable raising safety concerns without fear of

retribution.
Internal and external assessments, including self-assessments, are used:
A variety of oversight forums and processes, including self-assessment, should
be used to review, evaluate and improve the safety performance of the

organization;
The balance of oversight mechanisms should be periodically reviewed and
Oversight should be viewed positively and constructive use should be made of
Periodic safety culture assessments should be conducted and used as the basis
adjusted;
external or independent opinions;

for improvement Ref. [28];
16
Senior management should be periodically briefed and should initiate actions

based on the results of oversight activities.
Organizational and operating experience (both internal and external to the facility)
are used:
Processes should be in place to obtain, review and apply available internal and
external information that relates to safety, including experience from other

industries;
Operating experience reports should be reviewed and actions should be taken to
There should be no indications of an attitude of it cant happen here;
ensure that the organization learns and applies the relevant lessons;
Processes should be in place that identify and resolve latent organizational

weaknesses that could aggravate relatively minor problems if not corrected.
Learning is facilitated through the ability to recognize and diagnose deviations, to

formulate and implement solutions and to monitor the effects of corrective actions:
Individuals should have confidence in the corrective action processes and they
should be able to point to examples of problems they have reported which have
been fixed;
Checks should be made to see that the actions taken fix the problems;
There should be a low rate of repeat events or errors.
Safety performance indicators are tracked, trended and evaluated and acted upon:
The causes of safety events and adverse trends should be identified and acted
The organization should use measures and targets in order to understand,
Performance results should be compared to targets and the results should be
Action should be taken when safety performance does not match the goals,
The pitfalls of over-focusing on a narrow set of performance indicators should
The organization should be alert to detect and respond to indicators that may
upon within the established timeframe;
achieve and improve performance at all levels;

regularly communicated to individuals
strategies, plans and objectives;
be recognized;
signal declining performance.
There is systematic development of individual competences:
17
2.14.
Individual development programmes, including succession planning, should be
in place;
Selection and evaluation of managers and supervisors should take account of
Individual development appraisals should be carried out to determine training
their demonstrated ability to foster a healthy safety culture;

and development needs of individuals.
A common understanding of safety culture needs should be established. Training is one
of the means by which individuals could achieve this understanding. Such training should not
be considered a one off event, but should be a regularly occurring event given to all
individuals, including the senior management team. As the concept of safety culture develops
in the organization, these training events and opportunities should also serve as a means of
developing the organizations basic framework for safety culture.
2.15.
Some organizations make use of facilitators knowledgeable in the area of safety
culture, particularly in the initial efforts to raise the awareness of safety culture issues in the
organization. As the safety culture develops within the organization, these facilitation skills
should be developed for all individuals who will serve in leadership positions.
2.16.
A common understanding should be further enhanced by providing regular
communication via media such as newsletters and the intranet.

Improving the safety culture
2.17.
In developing a process to continually improve the safety culture of an organization the
following steps should be considered:
Obtain senior management commitment;
Build a common understanding of safety culture;
Describe the desired culture;
Assess the existing culture;
Communicate the assessment results;
Identify gaps, root causes and key initiative to improve;
Communicate the direction and engage supervisors and individuals;

18
2.18.
Implement change;
Ensure the guiding principles become the accepted way of working;
Sustain the change;
Perform follow-up assessments.
When considering how to improve the safety culture it should be recognized that the
organization already has a safety culture in some form that will have been influenced by the
organizational culture, the organizations history and experience, and other cultural forces (e.g.
national culture). The challenge is to transform the safety culture to a state that is more
appropriate to that needed for the organizations future success. Changing the safety culture
should not be a stand-alone goal; it should be a way to contribute to the achievement of the
organizational goals. It should be recognized that it often takes several years to achieve a
major change in the safety culture.
2.19.
The best way to start changing the culture is to concentrate on what the new way of
working should be and to clarify and communicate any new behaviour and thinking. The list
of characteristics of a positive safety culture described above could help to identify the desired
future state of the organizations safety culture. Once the desired future state is well
understood, the present state of the safety culture should be assessed to determine the gap
between the desired future state and the present state. The assessment should provide
information on how the existing safety culture can help in achieving the desired new way of
working and thinking. It should also identify safety culture issues that may hinder the
achievement of goals, strategies, plans and objectives. A specific programme of safety culture
change should then be designed to deal with these issues. The entire safety culture need not be
changed; only elements of it that hinder the achievement of goals should be changed. As the
gaps between the present state and the desired future state are identified, consideration should
be given to what kind of actual change process is needed. For this stage, there are no standard
solutions, and an organization should design its own approach. The approach may involve
training, creation of task groups, system changes, team building and coaching of senior
managers and other employees.
2.20.
Major change initiatives that affect the safety culture should not be launched
prematurely. A careful approach should be used initially to make sure that everyone
understands what the new way of thinking and working is, and to consider how the existing
19
culture can help or hinder. The desired changes should build on the existing culture. It should
be considered how the people who are the targets for change can be sufficiently motivated to
want to change, but they should not become so anxious about learning new things as to resist
change. Consideration should be given to how the existing culture can help the learning
process and make people feel secure.
2.21.
One of the greatest challenges in changing a culture is to develop a learning
organization that will be able to make its own continual diagnosis, and self-manage whatever
transformations are needed as the environment changes. An organization of this type is likely
to be far more resilient and successful in todays dynamic, fast-moving environmental

conditions. Ideally, all employees should be involved in proactively contributing ideas for
improvement. More sustainable approaches would involve encouraging individuals to work as
teams and continually seeking improvements by identifying prioritized actions to enhance

safety in their own work areas To facilitate this, individuals should be given the opportunity to
compare how they do things with others, so that they are aware of what constitutes excellence
in their field of work. See Ref. [28].
Early warning signs of a decline in safety culture

2.22.
In order to prevent a significant degradation of safety, a proactive approach to the
management of safety and safety culture should be established so that problems are detected
and acted upon at an early stage. There is often a delay between the development of
weaknesses in safety culture and the occurrence of an event involving a significant safety
consequence. By being alert to the early warning signs, corrective action can be taken in
sufficient time to avoid adverse safety consequences.
2.23.
The management system should have in place the mechanisms by which the managers
are kept up to date with the early warning signs that have been shown to precede
organizational failures. The following text shows what characterizes the stages of decline and
the early warning signs that have been extracted from root cause analysis of failures in
management of safety and safety culture.
2.24.
The following list provides typical symptoms of a decline in safety culture:
Lack of systematic approach to safety unclear accountabilities, poor decision
making processes, poor risk assessment processes, lack of change management

process;
20
Procedures not properly serviced not regularly reviewed and updated;
Incidents not analysed in depth and lessons not learned repetition of a problem
indicating that the fundamental cause (or causes) has not been properly identified;
Resource mismatch e. g. excessive project slippage, excessive overtime, lack of

qualified and experienced persons, increased use of contractors in key
organizational roles for long periods of time;
Violations increasing in number an increase in conscious deviations from rules,
Increasing back-log of corrective actions an increase in the number of corrective
e.g. short cuts;
actions that have exceeded their target date for implementation and the magnitude
of the delay;
Lack of proper verification of readiness for operation plant systems not properly
verified before start-up of equipment, systems or plant after shutdown for

maintenance;
Employee safety concerns not dealt with promptly safety concerns are ignored or
have to be repeatedly raised before action is taken. For example, lack of a process
to allow or encourage employees to raise safety concerns and which results in

actions being taken;
Disproportionate focus on technical issues insufficient attention to human

performance issues, problems only perceived as technical challenges with
solutions designed to engineer out any human performance problems;
Lack of self-assessment processes the organization is not actively recognizing

deficiencies in safety attitudes and behaviour and is unable to adopt a philosophy
of continual improvement;
Poor housekeeping poor standards indicating disinterest in management and
Failure of corporate memory lack of adequate historical data and of a knowledge
poorly motivated workforce with little pride in their environment;
management programme to manage staff turnover. Disproportionate number of
experienced people leaving the organization e.g. when reorganizing and/or

downsizing;
21
Low status of functions conducting assessments lack of respect for findings

identified by the assessment function, findings being ignored or not addressed in a
timely manner;
Failure to deal with the findings of independent external safety reviews

reluctance to accept proposals for changes that were not developed internally or
lack of a process to monitor progress in implementing the findings of external

reviews:
Lack of corporate oversight lack of awareness of safety issues at the corporate
Lack of ownership of safety lack of recognition that everyone has a
Isolationism safety practices and standards become unrelated to best industry
level, with safety issues being ignored when making business decisions;
responsibility for safety;
practices and standards and the organization increasingly operates in a selfreferencing mode;
Lack of learning unwillingness to share knowledge and experience with others,
as well as using the experience of others to improve its own safety. Organizations
become complacent and focus on the successes of the past, and are reluctant to
invest in building new knowledge and skills for the future;
Lack of regulatory attention to safety culture issues lack of ability to identify
safety culture issues or lack of criteria for when regulatory action should be taken
to curtail degradations in safety culture.
Information regarding the stages of decline can be found in Ref. [27]

GS-R-3 [1] states in para 2.5 that
The management system shall be used to promote and support a strong safety culture by:
Providing the means by which the organization supports individuals and teams to
carry out their tasks safely and successfully, taking into account the interaction
between individuals, technology and the organization.
Human factors and the interplay between man-technology-organization

22
2.25.
All safety barriers are designed, constructed, strengthened, broken or eroded by the
action or inaction of individuals. The human side of the business is absolutely critical for safe
operation and should not be separated from the technical side. Ultimately safety is the product
of people in their interaction with the technology and the organization.

2.26.
The concept of safety culture has embraced this integration of the people and the
technical sides of the business. But whereas the culture of an organization influences human
behaviour through the basic values, beliefs and assumptions held by the members of the
organization, there are also other factors that have an influence on how humans may act in a
given situation.
2.27.
In a strong safety culture the knowledge and understanding should exist of human
behaviour mechanisms and established human factors principles should be applied in order to
assure the safety outcomes of the man-technology-organization interaction. This should be

achieved by including experts on human factors in all relevant activities and teams.
2.28.
One way of looking at the interaction between the human, the technology and the
organization is the following. Given a certain type of technology (e.g. PWR, BWR) and a
certain operating state (normal operation, transients, outage or emergency), human
performance will be influenced by factors residing within the individual and by those in the
individuals environment.
2.29.
This interaction could be described as follows: in a given situation, the individual has
various types of resources at their disposal to be able to carry out a task successfully. These
resources can reside within the individual in the form of competence, motivation, cognitive
abilities, etc. They can also reside within the environment (via instrumentation, procedures,
computer aids, etc.), through teamwork, communication and leadership, in the management
system and in the culture. When the content, design and organization of the work task
correspond to the individuals needs and capabilities, the conditions exist for the individual to
perform in a way that promotes safe behaviour. This could also be described as safety barriers
to human errors.
2.30.
When analysing events, consideration should be given to the possible influence of all
these factors on human behaviour. They should also be considered when the purpose is to
identify potential weaknesses in the interaction between individuals-technology-organization
23
and how to strengthen or introduce new barriers to prevent human errors. Ideally, these types
of predictive and preventive analysis should be done in interdisciplinary teams. These teams
should include human behaviour expertise, so as to capture the man-technology-organization
interactions from different perspectives and thereby also identifying proper barrier functions.
2.31.
Employees should also be trained in how to recognize error-likely situations so that
they can avoid making mistakes. In addition, there are various activities that could be carried
out on an individual basis in order to prevent errors. Among these are:
Pre-job briefings, asking the questions: What are the critical steps? What is the
worst thing that can happen? What are the error-likely situations within the work
assignment? What defences are in place to prevent events?;
Self-checks applying the STAR concept, i.e. Stop-Think-Act-Review;
Peer checks: having a second individual check prior to action;
Three-way communication: a message is communicated from one individual to

another; the individual receiving the message repeats the message to confirm a
clear understanding; and the originator acknowledges that the message has been
correctly understood and so closes the loop;
Conservative decision making should be applied when there are no procedures or

plans made for the activity, see Ref. [28].
24
GRADING THE APPLICATION OF MANAGEMENT SYSTEM REQUIREMENTS

The application of management system requirements shall be graded so as to deploy

appropriate resources, on the basis of the consideration of:
The significance and complexity of each product or activity;
The hazards and the magnitude of the potential impact (risks) associated with the
safety, health, environmental, security, quality and economic elements of each
product or activity;
The possible consequences if a product fails or an activity is carried out

incorrectly.
Grading of the application of management system requirements shall be applied to the
products and activities of each process.
2.32.
To establish the grade for activities, the individual should be guided through a series of
questions to enable the determination of the consequences of inadequate performance or

inadequate control of an item, service or process (see Appendix I). As a result of this
evaluation, a grade is assigned to the item, service or process. The grade assigned can be either
alpha or numeric, the example in appendix I use a numeric identifier. It can be seen that it is
possible to assign a low grade to an item, service or process that is in a Class 1 system, or to
assign a higher grade to an item, service or process with a classification that is lower than class
1. Plant classification is normally defined in the original design documents for the facility.
2.33.
Grade 1 should be selected for activities and items of major safety significance, whilst
at the other end of the scale Grade 4 can be selected when only minor safety or environmental
impact risk exist and when insignificant cost penalties are incurred as a result of failure. The
safety significance of the item, service or process should always be the most important factor in
the assignation of grade and complexity issues should be secondary.
25
2.34.
The next stage is to identify the specific management system requirements
corresponding to each of the four grades. The criteria used in identifying the related
requirements for activities should be developed to achieve varying degrees of control,

verification, measurement and records and still maintain confidence that items or services
satisfy given requirements. Examples of such controls are written instructions and checklists,
quality plans and independent hold point inspections.
2.35.
In general, the highest grade should require the most stringent application of the
management system requirements; the lowest grade the least stringent. The following are
examples of areas where grading should be applied:
Type and content of training;
Amount of detail and degree of review and approval of instructions;
Need for and detail of inspection plans;
Degree of in-process reviews and controls;
Requirements for material traceability;
Type and level of detail in procurement documents;
Type of assessment;
Records to be generated and retained.
DOCUMENTATION OF THE MANAGEMENT SYSTEM

The documentation of the management system shall include the following:
The policy statements of the facility;
A description of the management system;
A description of the structure of the organization;
A description of the functional responsibilities, accountabilities, levels of authority
and interactions of those managing, performing and assessing work;
26
A description of the processes and supporting information (for example,

procedures and instructions) that explain how work is to be prepared, reviewed,
carried out, recorded, assessed and improved.
The documentation of the management system shall be developed to be understandable to
those who use it. Documents shall be readable, readily identifiable and available at the point of
use.
The documentation for the management system shall reflect:
The characteristics of the facility and its activities;
The complexities of processes and their interactions.
2.36.
Detailed working documents include work instructions, technical instructions and
drawings and typically cover the tasks within a process that are carried out within a
department or by an individual.
2.37.
Detailed working documents are used to describe specific work activities and convey
administrative and technical information to individuals performing work. The type and format
of these documents can vary considerably depending on the application involved.
2.38.
The sections typically contained within detailed working documents include:
(1)
Purpose - Give a clear, concise statement explaining the specific aim(s) of the
(2)
Scope - Define the type and scope of work and the places where the document applies,
document and answer the question why does the document exist?
and delineate the boundaries of the functions, systems and areas treated in the document.
Note: The above two headings (Purpose and Scope) need not be used if the title adequately
covers the content.
(3)
Responsibilities - Define the duties of the individuals implementing the document.
(4)
Definitions - Define those words and terms used in the document that might cause
Identify the individuals and their responsibilities and specify when a required action is needed.
confusion and thus require clarification.
27
(5)
References - Give a bibliography of specifications, standards and other documents
referenced in the document. If documents are referenced in part, state the page and paragraph
numbers. (This can include reference to other work instructions.) Reference documents could
include applicable design or other source documents such as vendors literature, engineering
drawings or plant specifications.
(6)
Prerequisites - State any independent actions that should be performed and by whom,
prior to the use of the procedure or instruction. State any spare parts, special tools or
instrumentation that are necessary (scaffolding, services, etc.) and the required state of the
plant if relevant, plus any special conditions to be used to simulate normal or abnormal
operating conditions.
(7)
Precautions - What precautions are necessary to protect equipment, individuals and the
public or to avoid an abnormal or emergency situation? Identify these in the relevant steps of
the procedure or instruction or highlight them in a separate section.
(8)
Limitations - Are there any limitations on the parameters being controlled? Identify
(9)
Actions - Include a description of the function or task to be performed within a
corrective measures to restore them to the normal control limits.
process. Give sufficient detail so that a competent individual can perform the function or task
without direct supervision. In some cases it may be appropriate to provide step-by-step
instruction.
(10)
Verification - Identify any work activity that requires verification or independent
(11)
Acceptance criteria - Include criteria so that satisfactory completion of the task or
verification. Highlight these points at the relevant step in the procedure.
function can be determined. If tolerances in prescribed limits are allowable, they should be
identified together with any requisite actions (e.g. reporting). Identify the method of
verification to be used. This can be included within the procedure or on check sheets.
Reference documents could be used as a source of acceptance criteria details.
(12)
Records/check sheets - Which documents/forms are used and retained? Check sheets
are recommended when complex procedures or instructions are used. List by title the reports
and documents required to certify or provide that the tasks required in the document have been
accomplished and verified and attach examples of the documents/forms. Identify records as
permanent or non-permanent in accordance with the defined criteria, together with the
retention time for non-permanent records. Mark sample attached forms specimen, record the
date and the identification of those performing the work and, where appropriate, the as found
condition, the corrective action performed and the as left condition.
28
3. MANAGEMENT RESPONSIBILITY
MANAGEMENT COMMITMENT
GS-R-3 [1] states in para 3.1 to3.5 that:
Management at all levels shall demonstrate its commitment to the establishment,

implementation, assessment and continual improvement of the management system and shall
allocate adequate resources to carry out these activities.
Senior management shall develop individual values, institutional values and behavioural
expectations for the organization to support the implementation of the management system
and shall act as role models in the visible promulgation of these values and expectations.
Management at all levels shall communicate to individuals the need to adopt to these
individual values, institutional values and behavioural expectations as well as to comply with
the requirements of the management system.
Management at all levels shall foster the involvement of all individuals in the implementation
and continual improvement of the management system.
Senior management shall ensure that it is clear when, how and by whom decisions are to be
made within the management system.
The generic guidance that has been developed to provide a means of implementing this
requirement is contained in Ref. [2]; there is no supplementary guidance.
SATISFACTION OF INTERESTED PARTIES
The expectations of interested parties shall be considered by senior management in the
activities and interactions in the processes of the management system, with the aim of
enhancing the satisfaction of interested parties while at the same time ensuring that safety is
not compromised.
29
3.1.
In order to understand and meet the needs and expectations of interested parties, an
organization:
3.2.
Should identify its interested parties and maintain a balanced response to their
Should identify and agree interested parties needs and expectations for satisfaction
Should translate identified needs and expectations into requirements;
Should communicate the requirements throughout the organization;
Should focus on process improvement to ensure value for the identified interested
needs and expectations;
and ensure that they are communicated;
parties.
Interested party needs and expectations, as related to a nuclear facility, should be
addressed by the organization complying with identified and agreed requirements, for
example:
3.3.
Safety;
Availability;
Reliability;
Cost;
Liability;
Environmental impact.
Management should practice and communicate:
Ethical, effective and efficient compliance with current and prospective
The benefits to be gained for interested parties and the organization by striving for
requirements;
excellence;
30

3.4.
The role of the facility regarding its impact on society.
The measurement of interested party satisfaction is a process that should involve
several steps:
3.5.
Determination of factors for interested party satisfaction;
Selection of measurement approach and methodology;
Measurement of interested party satisfaction;
Analysis of data.
The results of the measurement of interested party satisfaction should provide an input
to the continual improvement process.

ORGANIZATIONAL POLICIES
Senior management shall develop the policies of the organization. The policies shall be
appropriate to the activities and facilities of the organization.
Developing the policies
3.6.
The policies of the facility should be as brief as possible to ensure they are effectively
communicated, understood and consistently implemented. In addition the following key

information should be communicated effectively for each policy:
The meaning and purpose of the policy;
The values, behavioural expectations and beliefs that relate to the policy;
The commitment of senior management to its implementation;
The plans, standards, procedures and systems relating to implementation and

measurement of performance;
31
3.7.
3.8.
Factual information to help obtain the involvement and commitment of employees;
Performance reports;
Comments and ideas for improvement;
How lessons learned will be applied.
Written statements of policy should set the direction for the facility
By making senior management commitment visible;
By setting each policy in context with other business objectives;
By making a commitment to continual improvement in performance.
The key tasks of senior management, with regard to policies, include:
Identifying and devising the policies of the facility;
Establishing strategies to implement each policy and integrating these into general
Specifying a structure for planning, measuring and assessing each policy;
Specifying a structure for implementing policy and supporting plans;
Agreeing plans for improvement and reviewing progress to develop both the
Pursuing the policy objectives.
business activity;
management system and the policy;
Implementing policies
3.9.
The structure and processes for delivering each policy should be clear. Individuals
should know which parts of the processes are relevant to them, to understand the major risks in
the facilitys activities and how they are controlled.
3.10.
have:
In order to understand and implement the policies of the facility, management should
Leadership skills;
Communication skills;
32
3.11.
Training, instruction, coaching, knowledge management and problem-solving
An understanding of the risks within each managers area of responsibility;
Knowledge of relevant legislation and appropriate methods of compliance;
Knowledge of the facilitys planning, measuring and assessment processes.
skills;
Some managers in key positions may provide specific input to the facilities policies.
This would apply to those who devise and develop the management system, investigate
accidents or incidents, take part in review and audit activities or have to implement emergency
procedures.
3.12.
3.13.
In order to understand and implement the policies of the facility, individuals need:
An overview of the principles underlying each policy;
Detailed knowledge of the arrangements relevant to an individuals job;
Communication and problem-solving skills to encourage effective participation.
Lack of understanding by individuals and of implementation of the policies of the
facility should be identified through performance appraisal. This may also arise because an
individual has not absorbed formal on-the-job training or information provided as part of their
induction. Training needs vary over time, and should cover:
3.14.
Induction of new staff, including part-time and temporary workers;
Maintaining or updating the performance of individuals;
Job changes, promotion or when someone has to deputize;
Introduction of new equipment or technology;
Follow-up action after an incident investigation.
A single integrated policy or an integrated set of policies should be developed to
include topics such as:
Safety (including nuclear safety and the health and safety of individuals);
Environment;
33
Quality;
Change management;
Security.
Safety, Health and Environment Policies

3.15.
Due to the similarity in content and the nature of these policies, some organizations
choose to combine the policies into one policy. The safety, health and environment policy:
Should state the importance of protecting the safety, health and environment of the
Should confirm that excellence in performance in the areas of safety, health and
workforce, contractors and the public;
environmental protection is an integral part of the business and is essential to
commercial success;
Should have a primary goal that no harm should result from activities and that the
organization will be respected and trusted by the workforce, the public and
interested parties;
Should have clear objectives of the policy that include how it is proposed to:
Eliminate injuries and ill-health at work and minimize radiation doses;
Prevent incidents, but nevertheless maintain effective emergency arrangements;
Prevent pollution and minimize waste and the use of natural resources as part of
Ensure the safe disposal or storage of radioactive and other waste;
the contribution to sustainability and environmental improvement;

Achieve and sustain an excellent safety culture;
Learn the lessons from events, implement corrective actions and seek out and
Ensure that the facilitys activities, products are in compliance with applicable
use good practices;
legislation and meet the requirements of good practice and applicable standards
of performance.
Should identify how the policy will be developed and improved for example by:
Consulting employees on matters of mutual interest;
Listening to and responding to interested parties;

34
Openly reporting safety, environmental and health performance at least once a
Working with interested parties, the rest of the nuclear industry and contractors
Informing, instructing, training and developing the people who work for the
year;
to raise safety, environment and health standards;
facility and ensuring that competent safety, environment and health advice is
available;
Auditing the management system that supports the policy, and setting and
Maintaining high standards in the performance of activities, in particular by
reviewing safety, environment and health objectives and targets.
ensuring that they are adequately resourced and carried out by suitably
qualified and experienced people and with regard to safety at all times;
Should state which specific legal requirement the policy has been developed to
Should identify the process for identifying new safety, environment and health
address;
legislation and for ensuring that the facility can comply with it.
Quality policy
3.16.
The quality policy:
Should specify the facilitys quality expectations;
Should set managements expectations for organizational and individual employee
Should express managements support of each employee in carrying out his/her
Should promote an attitude of continual improvement;
Should create an environment that promotes quality and the improvement of
Should ensure employees have the necessary responsibility and authority to carry
Should state a commitment that products and processes should be of the required
performance;
assigned work.
quality throughout the entire facility;

out their work;
quality;
35
Should establish managements responsibility for ensuring that employees
understand and accept their respective roles and obligations in carrying out the
quality policy;
Should define the key documents that govern the levels of performance, such as:
Other policy statements,
Statutes and regulations,
Management system description,
National and international codes and standards.
Change management policy

3.17.
Each facility should issue a policy for promoting and managing change that
encompasses the vision and values of the facility. This policy on change management should:
Give priority to safety;
Address all types of changes;
Introduce the change management process;
Promote effective communication.
Security policy
3.18.
Details of security polices have not been included because of the nature of their
content. The content of these policies is governed by the security requirements of each
Member State.
PLANNING
Senior management shall establish goals, strategies, plans and objectives8 that are consistent
with the policies of the facility.
Senior management shall develop the goals, strategies, plans and objectives of the facility in
an integrated manner so that their collective impact on safety is understood and managed.
8
These goals, strategies, plans and objectives are sometimes collectively referred to as a business plan.
36
Senior management shall ensure that measurable objectives for implementing the goals,
strategies and plans are established through appropriate processes at various levels in the
facility.
Senior management shall ensure that the implementation of the plans is regularly reviewed
against these objectives and that actions are taken to address deviations from the plans where
necessary.
requirement is contained in Ref. [2]; there is no supplementary guidance. An example of the
typical content of a business plan for a nuclear facility is provided in Annex I.
RESPONSIBILITIES AND AUTHORITY FOR THE MANAGEMENT SYSTEM

Senior management in the organization shall be ultimately responsible for the management
system and shall ensure that it is established, implemented, assessed and continually improved.
An individual reporting directly to senior management shall have specific responsibility and
authority for:
Coordinating the development and implementation of the management system,

and its assessment and continual improvement;
Reporting on the performance of the management system, including its

influence on safety and safety culture, and any need for improvement;
Resolving any potential conflicts between requirements and within the

processes of the management system.
The organization shall retain overall responsibility for the management system when an
external organization is involved in the work of developing all or part of the management
system.
3.19.
The individual with specific responsibility for the development and implementation of
the management system should ensure that those responsible for each process (sometimes
37
referred to as the process owners) provide a periodic report on the status of their process to
enable reports on the performance of the management system to be prepared.
3.20.
Techniques such as benchmarking (internal and external), staying abreast with and
being involved in developments in national and international standards and being aware of
practices in other organizations should be utilized to identify potential improvements to the

management system.
38
4.
RESOURCE MANAGEMENT
PROVISION OF RESOURCES
Senior management shall determine the amount of resources necessary and provide the
resources9 to carry out the activities of the organization and to establish, implement, assess and
continually improve the management system.
Resources provided by suppliers and partners

4.1.
Work may be contracted out to external organizations for reasons of economy or where
another organization is more competent to perform it. This should not be done on a piecemeal
basis but should be based on a firmly established supplier management strategy. This strategy
should clearly identify where goods or services are simply obtained from suppliers or where
the relationship between organization and supplier is a partnership.
4.2.
In either case, sufficient intelligent customer10 capability should be retained by the
organization in order to exercise control over the work, so that ultimate responsibility for its
safe and effective execution is maintained internally.
4.3.
It may be beneficial to maintain an approved list of suppliers whose performance has
been verified by selection criteria and/or experience. However, inclusion on an approved list
should not reduce the facilities responsibility to verify the delivery of goods or services on
each occasion.
Resources includes people, infrastructure, the working environment, information and knowledge, as well as
material and financial resources.
10
Intelligent customer capability is the ability of the organization to have a clear understanding and knowledge of
the product or service being supplied.
9
39
4.4.
In the case of a partnership between facility and supplier, consideration should be
given as to how mutual learning to the advantage of both organizations could best be achieved
to maximize the future benefits of continuing the relationship. This may include partners in
project initiation phases such as, development and review. Partnerships should be managed
taking into account any regulations regarding competition.
4.5.
When contracts are let for work to be carried out at the facility by people from other
organizations, the facility should ensure that there is no conflict between the work practices
and standards of the supplier and those of the facility.
Managing information and knowledge
The information and knowledge of the organization shall be managed as a resource.

4.6.
Knowledge management is an integrated, systematic approach to identifying,
acquiring, transforming, developing, disseminating, using, sharing, and preserving knowledge,
relevant to achieving specified objectives. Knowledge management consists of three
fundamental components: people, processes and technology. Knowledge management focuses
on people and organizational culture to stimulate and nurture the sharing and use of
knowledge; on processes or methods to find, create, capture and share knowledge; and on
technology to store and make knowledge accessible and to allow people to work together
without being together. People are the most important component, because managing
knowledge depends upon peoples willingness to share and reuse knowledge.
4.7.
The instructions for each task should consider the full information needs of those
carrying it out and how needed information is to be provided to the user. The day-to-day
responsibility for ensuring that such information is effectively used lies with the immediate
supervisors of individuals performing such tasks. An example of a good practice is pre-job and
post-job briefings that include review of instructions, review of potential risks, tool checks,
experience from doing this or similar tasks and any impact from other work taking place in the
40
vicinity. Information should be maintained and shared regarding any unexpected or unusual
experiences whilst carrying out the work.
4.8.
Information relating to safety should not be regarded as intellectual property but rather
should be shared freely within the nuclear community. Sharing may be achieved through
contribution to databases, sharing of reports, participation in conferences and seminars, and
benchmarking visits.
4.9.
In order that an facility is able to provide critical information, it should manage
pertinent knowledge so that it is easily accessible to those who need it for carrying out their
tasks. A facility should have an integrated, systematic approach to identifying, capturing,
managing and sharing its knowledge and, in so doing, enabling groups of people to create new
knowledge collectively to help achieve the objectives of the facility. Such a knowledge
management system helps a facility to gain insight and understanding from its own
experience.
4.10.
Knowledge management should capture knowledge (both tacit and explicit) from
workers before they leave the facility so that the knowledge can be retained and transferred to
others who need the knowledge for job/task performance. The facility should assess and take
mitigating action for any risk it has from the loss of critical knowledge. The facility should
have the knowledge base necessary to facilitate the assimilation of new workers into the
facility and to enhance the skills and knowledge of current workers.
HUMAN RESOURCES
GS-R-3 [1] states in para 4.3 and 4.4 that
Senior management shall determine the competence requirements for individuals at all levels
and shall provide training or take other actions to achieve the required level of competence.
An evaluation of the effectiveness of the actions taken shall be conducted. Suitable proficiency
shall be achieved and maintained.
Senior management shall ensure that individuals are competent to perform their assigned work
and that they understand the consequences for safety of their activities. Individuals shall have
received appropriate education and training, and shall have acquired suitable skills, knowledge
and experience to ensure their competence. Training shall ensure that individuals are aware of
41
the relevance and importance of their activities and of how their activities contribute to safety
in the achievement of the facilitys objectives.
4.11.
The facility should maintain a human resources plan that deals with both numbers of
staff and competence levels. The human resources plan should include a manpower model that
covers for example, the demography of individuals, the projected use of contractors and off-
site work. The facility should consider the effect of aging on its workforce and should
establish a plan to ensure that sufficient competent staff remains available. The plan should
take into account the lead time necessary to recruit and train key staff such as reactor
operators.
INFRASTRUCTURE AND THE WORKING ENVIRONMENT

Senior management shall determine, provide, maintain and re-evaluate the infrastructure and
the working environment necessary for work to be carried out in a safe manner and for
requirements to be met.
Managing material assets
4.12.
Registers should be maintained of all significant material assets. For each material
asset or type of asset there should be a strategy or plan that defines how that asset will be
preserved, maintained, enhanced or replaced, taking the whole life cycle of the asset into
consideration to preserve the contribution of that asset to safety. Appropriate treatment of all
material assets at the end of their useful life should be a major factor in asset management.
4.13.
Material inventories such as consumables and spares should be maintained at
appropriate levels, recognising that safety takes precedence over economic considerations.
42
4.14.
The process for defining the provision of infrastructure assets should include
consideration of the possibility of them being deliberately damaged or stolen. Appropriate
security arrangements should be put in place to ensure that the contribution of each asset to
safety is not compromised.
4.15.
Some material assets, such as chemicals or gases, may present a risk to the safety of
individuals or the environment through their use or presence on site. Arrangements should be
in place to identify, manage and mitigate such risks. The long term effects of using items
should be assessed to account for the possibility of repetitive stress injury from the use of
tools, or of eyestrain or consequences of bad posture from the use of display screen equipment.
Replacing old technologies
4.16.
The facility should proactively seek opportunities to replace components of its systems
that are prone to human or mechanical error leading to poor performance with better and more
modern technologies. When replacing old technologies the facility should be able to
demonstrate that the new technology will not compromise safety.
4.17.
In particular, care should be taken to identify and manage situations where original
suppliers of material assets no longer provide or support installed systems or components.
Where replacements for original systems and components are necessary due to the absence of
original suppliers, an equivalent component replacement process should be established.
43
5. PROCESS IMPLEMENTATION
DEVELOPING PROCESSES
The processes of the management system that are needed to achieve the goals, provide the
means to meet all requirements and deliver the products of the facility shall be identified and
their development shall be planned, implemented, assessed and continually improved.
The sequence and interactions of the processes shall be determined.
The methods necessary to ensure the effectiveness of both the implementation and the control
of the processes shall be determined and implemented.
The development of each process shall ensure that the following are achieved:
Process requirements, such as applicable regulatory, statutory, legal, safety, health,
environmental, security, quality and economic requirements, are specified and

addressed;
Hazards and risks are identified, together with any necessary mitigatory actions;
Interactions with interfacing processes are identified;

Process inputs are identified;
The process flow is described;
Process outputs (products) are identified;
Process measurement criteria are established.
The activities of and interfaces between different individuals or groups involved in a single
process shall be planned, controlled and managed in a manner that ensures effective
communication and the clear assignment of responsibilities.
5.1.
Each organization involved in research and development, siting, design, construction,
operation and decommissioning of nuclear facilities, should identify, develop, implement,
44
maintain and improve all the processes that are necessary for it to achieve its goals, strategies,
plans and objectives for each of these stages. This section contains guidance on processes that
are generic to all stages of a nuclear facility; in addition there is one Appendix for each of the
stages of the lifetime of the nuclear facility, which provides guidance on the processes specific
to each stage.
Process model
5.2.
Many utilities have a structured approach to developing their processes in order to
achieve integrated management of the facility and to ensure they address safety issues whilst
making commercial decisions.
5.3.
A major component of the management system is the process map that describes the
way work should be performed. In some Member States the individual at the most senior
position in the facility may appoint a full time management system manager with
responsibility for controlling the process model of the facility and for providing a standardized
approach to describing and controlling processes. This should ensure that there is consistency
and continuity between the various processes.
5.4.
The following process model is provided as an example of the levels of processes
within a facility. There are many alternate models and terms that could be used to describe the
levels of processes in an organization. Within this example there are three types of process:
management processes; core processes (sometimes referred to as key processes); and

supporting processes.
(i) Management processes:

Senior management primarily utilizes these processes to describe how they set and
communicate expectations and how they exercise control:
To direct and manage the facility business;
To provide required financial and human resources;

To manage external relationships and interfaces;
To assess and improve performance of work;
To assess and improve the effectiveness of work processes.
45
Management processes should be such as to ensure that the management of the
organization makes adjustments to their plans and objectives when required. Management
processes also cover the management of important relationships beyond the nuclear
facility.
(ii) Core processes:

These processes produce the output that is critical to the success of the facility or activity. In
the following example there are three main core process areas. These are operation,
maintenance and engineering support processes.
The operation processes describe how the facility
Operates equipment and systems to:
Meet planned operational needs
Respond to off-normal conditions
Prepare equipment for maintenance;
Monitors (including sampling and testing) to confirm that equipment and systems
Develops the monitoring programmes, analyses the results, and makes adjustments
(including system fluids) operate as expected;
as required.
The maintenance processes describe how the facility:
Repairs, overhauls and adjusts equipment so that it will work correctly throughout
Carries out inspection and diagnostic testing to determine if and when maintenance
its service life;
is required;
Implements the maintenance programmes, analyses the results, and makes
Provides work planning and scheduling to enable maintenance to take place.
adjustments as required;
The engineering support processes describe how the facility:
Develops the monitoring programmes, analyses the results, and makes adjustments
Develops the maintenance programmes, analyses the results, and makes
as required;
adjustments as required to optimize plant performance and economics;
46
Develops plant life management programmes, including monitoring of age-related
degradation mechanisms, and planning necessary overhauls, refurbishments or

replacements to restore equipment conditions;
Monitors and assesses new developments in technology and replaces

equipment/parts, as necessary, to minimize potential risk from technological
obsolescence;
Develops and implements design changes to structures, systems and components
Maintains the design basis and safety analysis (case) basis.
(including software);
(iii) Supporting processes:
These processes provide the infrastructure services necessary to perform all the
management and core processes effectively. Typically there are many supporting processes
covering such activities as:
Providing human resources;
Providing financial resources;

Providing training;
Providing personnel safety;
Providing emergency preparedness;

Providing security;
Providing environmental monitoring;
Providing information technology support;
Providing materials and procurement support;

Providing documentation and records;
Obtaining and maintaining regulatory licenses and permits.
PROCESS MANAGEMENT
For each process a designated individual shall be given the authority and responsibility for:
Developing and documenting the process and maintaining the necessary
Ensuring that there is effective interaction between interfacing processes;
supporting documentation;
47
Ensuring that process documentation is consistent with any existing documents;
Ensuring that the records required to demonstrate that the process results have
Monitoring and reporting on the performance of the process;
been achieved are specified in the process documentation;
Promoting improvement in the process;
Ensuring that the process, including any subsequent changes to it, is aligned with
the goals, strategies, plans and objectives of the facility.
For each process, any activities for inspection, testing, verification and validation, their
acceptance criteria and the responsibilities for carrying out these activities shall be specified.
For each process, it shall be specified if and when these activities are to be performed by
designated individuals or groups other than those who originally performed the work.
Each process shall be evaluated to ensure that it remains effective.
The work performed in each process shall be carried out under controlled conditions, by using
approved current procedures, instructions, drawings or other appropriate means that are
periodically reviewed to ensure their adequacy and effectiveness. Results shall be compared
with expected values.
The control of processes contracted to external organizations shall be identified within the
management system. The organization shall retain overall responsibility when contracting any
processes.
requirement is contained in Ref. [2]; there is no supplementary guidance
GENERIC MANAGEMENT SYSTEM PROCESSES
The following generic processes shall be developed in the management system.

Control of documents
GS-R-3 [1] states in paras 5.12 and 5.13 that:
48
Documents11 shall be controlled. All individuals involved in preparing, revising, reviewing or
approving documents shall be specifically assigned this work, shall be competent to carry it
out and shall be given access to appropriate information on which to base their input or
decisions. It shall be ensured that document users are aware of and use appropriate and correct
documents.
Changes to documents shall be reviewed and recorded and shall be subject to the same level of
approval as the documents themselves.
Control of products
Specifications and requirements for products, including any subsequent changes, shall be in
accordance with established standards and shall incorporate applicable requirements. Products
that interface or interact with each other shall be identified and controlled.
Activities for inspection, testing, verification and validation shall be completed before the
acceptance, implementation or operational use of products. The tools and equipment used for
these activities shall be of the proper range, type, accuracy and precision.
The organization shall confirm that products meet the specified requirements and shall ensure
that products perform satisfactorily in service.
Products shall be provided in such a form that it can be verified that they satisfy the
requirements.
Controls shall be used to ensure that products do not bypass the required verification activities.
Products shall be identified to ensure their proper use. Where traceability is a requirement, the
organization shall control and record the unique identification of the product.
Products shall be handled, transported, stored, maintained and operated as specified, to prevent
their damage, loss, deterioration or inadvertent use.
Documents may include: policies; procedures; instructions; specifications and drawings (or representations in
other media); training materials; and any other documents describing processes, specifying requirements or
establishing product specifications.
11
49
with, the generic guidance contained in Ref. [2]. It describes the processes used by nuclear
facilities to control products.
Inspection and testing
5.5.
The inspection process may require inspections to be performed by the organizational
unit responsible for the work, by another department or by an outside agency independent of
the facility. Individuals should ensure their own work has been performed correctly; however,
individuals performing the work should not inspect their own work for acceptance.
5.6.
Management should ensure that inspections are properly planned. Planning should
address such attributes as product characteristics, inspection techniques, hold and witness
points, acceptance criteria, and the organization or individuals responsible for conducting the
inspections.
5.7.
Appropriate tests should be conducted to demonstrate that products perform as
intended Ref. [12]. All testing should be conducted using established and proven test
requirements and acceptance criteria. Further information on test equipment and testing can be
found in Ref. [9].
5.8.
Arrangements should be established to hold products or stop further work until the
required inspections and tests have been completed and the corresponding reports have been
received and verified by designated individuals. These arrangements should include what to do
if there are negative results of inspections and tests.
5.9.
Inspection and testing plans should identify the sequential inspection and testing
elements necessary to demonstrate conformance with requirements, the means by which they
are to be verified and the relevant acceptance criteria.
5.10.
plan:
The following types of information should be included in an inspection and testing
50
General information such as the facility name, product or system reference,
procurement document reference, document reference number and status,

associated procedures and drawings;
A sequential listing of all inspection and testing activities; all products to be
The procedure, work instruction, specification or standard (or specific section, if
inspected and tested should be identified and referenced in the plan;
appropriate) which should be followed in respect of each operation, inspection or

test;
Reference to relevant acceptance criteria;
The identification of who is to perform each inspection and test, and provision for
recording that each has been performed satisfactorily;
The identification of hold points beyond which work should not proceed without
The identification of witness point where an assigned individual or organization
recorded approval of designated individuals or organizations;
can check activities but the work should not be stopped if the inspector is not
present. The inspection can be performed later by reviewing the associated records
of the work;
5.11.
Requirements for independent inspection and testing or independent witnessing at
hold points;
The type of records to be prepared for each inspection or test;
The number of products to be inspected or tested when multiple products or repeat
The individuals or organizations having authority for final acceptance of the
operations are involved;

product.
Test requirements, including frequency and acceptance criteria, should be provided.
Unless otherwise designated, they should be approved by the organization responsible for the
specification of the product or system to be tested. Required tests should be controlled. Tests
may include:
Prototype qualification tests;
Production tests;
Proof tests prior to installation in the facility;
Construction tests;
51
5.12.
Pre-operational or commissioning tests;
Operational tests.
Testing requirements and acceptance criteria should be based on the applicable design
or other pertinent documents. Testing should demonstrate that the safety function of a product
has been maintained. Appropriate testing of computer software should be completed before
operational reliance is placed upon it.
5.13.
Testing instructions should define the test objectives and make provisions for ensuring
that prerequisites for the given test have been met, that adequate equipment is available and
being used, that necessary monitoring is performed and that suitable environmental conditions
are maintained.
5.14.
Test results should be documented and evaluated to ensure that testing requirements
have been satisfied.
Measuring and testing equipment

Activities for inspection, testing, verification and validation shall be completed before the
acceptance, implementation or operational use of products. The tools and equipment used for
these activities shall be of the proper range, type, accuracy and precision.
5.15.
A process for the control, and where necessary, calibration of tools, gauges,
instruments and other measuring, inspecting and testing equipment used for activities
important to the safety of the facility should be established.
5.16.
A process for the control of equipment that is out of calibration, including segregation
to prevent further use and identification and evaluation of the impact of the use on previous
measurements since the last calibration date, should be established.
52
5.17.
Tools, gauges, instruments and other measuring, inspecting and testing equipment
(including test software and devices) used in determining product status and verifying the
acceptability of products should be of the proper range, type, accuracy and measuring
precision.
5.18.
The selection, identification, use, calibration requirements and calibration frequency of
all measuring, inspecting and testing equipment used for the determination of product quality
or operational status should be specified. The responsibility for measuring and testing
equipment controls should be defined. Arrangements should include:
Identification of the measurements to be made, the accuracy required and the
selection of the appropriate measuring and testing equipment;
Identification, calibration and adjustment of all measuring and testing equipment
and devices that can affect product quality at prescribed intervals, or prior to use,
against certified equipment having a known and valid relationship to nationally or
internationally recognized standards. If such standards do not exist, the basis used
for calibration should be documented;
Establishment, documentation and maintenance of calibration procedures which

include details of equipment type, unique identification number, location,
frequency of checks, check method, acceptance criteria and the action to be taken
when results are unsatisfactory;
Confirmation that the measuring and test equipment is capable of the accuracy and
Identification of measuring and testing equipment with a suitable indicator or
Maintenance of calibration records for measuring and testing equipment;
The review and documenting of the validity of previous measurements, when
precision necessary;
approved identification record to show its calibration status;
measuring and testing equipment is found to be out of calibration.

Operation/maintenance records can be used as a source of information to identify
what testing equipment was used;
Controls to ensure that environmental conditions are suitable for the calibrations,
measurements and tests being carried out;
53
Controls to ensure that the handling, preservation, storage and use of calibrated
equipment is such that its accuracy and fitness for use is maintained;
Protecting measuring and testing equipment from adjustments which may
Methods for adding and removing measuring and testing equipment to and from
invalidate its accuracy;
the calibration programme, including the means to ensure that new or repaired
products are calibrated prior to their use;
5.19.
A process to control the issue of measuring and testing equipment to qualified and
authorized individuals.
Testing hardware, such as jigs, fixtures, templates or patterns, and testing software
used for inspection should be checked prior to use in production and facility and rechecked at
prescribed intervals. The extent and frequency of such checks should be established and
records maintained as evidence of control. Such approved testing hardware should be properly
identified.
Control of records
Records shall be specified in the process documentation and shall be controlled. All records
shall be readable, complete, identifiable and easily retrievable.
Retention times of records and associated test materials and specimens shall be established to
be consistent with the statutory requirements and knowledge management obligations of the
facility. The media used for records shall be such as to ensure that the records are readable for
the duration of the retention times specified for each record.
Purchasing
54
Suppliers of products shall be selected on the basis of specified criteria and their performance
shall be evaluated.
Purchasing requirements shall be developed and specified in procurement documents.

Evidence that products meet these requirements shall be available to the organization before
the product is used.
Requirements for the reporting and resolution of non-conformances shall be specified in

procurement documents.
Commercial grade products
5.20.
Certain products with a proven record may be available from commercial stock.
Procurement documents should provide sufficient information from catalogues and suppliers
specifications to enable the correct product to be supplied.
5.21.
All relevant technical data and trial information should be requested. These products
may require confirmatory analysis or testing to demonstrate the adequacy of the product to
perform its intended function.
5.22.
When a commercial grade product is proposed for any safety function, a process
should be used to determine the products suitability; it is sometimes referred to as a

dedication process. This process should identify where the following activities are required:
A thorough technical evaluation of critical characteristics and compliance with
Determination of specific tests/inspections and verification activities to assure item
Performance of tests and acceptance of results against criteria. The critical
safety significant requirements of the product;
adequacy to meet requirements for any critical characteristics;
characteristics required for any safety function should be included as acceptance

criteria in the procurement documents;
The need to conduct source verification of products;

55
The need to evaluate the capability and controls applied by commercial grade item
suppliers;
Records and documents that substantiate conformity and history.
Communication
Information relevant to safety, health, environmental, security, quality and economic goals
shall be communicated to individuals in the organization and, where necessary, to other

interested parties.
Internal communication concerning the implementation and effectiveness of the management

system shall take place between the various levels and functions of the organization.
Managing organizational change
Organizational changes shall be evaluated and classified according to their importance to

safety and each change shall be justified.
The implementation of such changes shall be planned, controlled, communicated, monitored,

tracked and recorded to ensure that safety is not compromised.
requirement is contained in Ref. [2]; there is no supplementary guidance. Ref. [32] provides
further information.
PROCESSES COMMON TO ALL STAGES

5.23.
The following processes are common to all stages of a nuclear facility. The
applicability of the guidance should be utilized by the facility taking into account the stage of
the nuclear facility, the organization size and structure and the nature of the activities to be
carried out.
56
Project management
5.24.
Project management is the conduct of delivering a project in accordance with its agreed
scope, schedule, cost and quality requirements, dealing with all the challenges and risks
encountered from its pre-planning phase to completion. This is achieved by performing a

variety of tasks in a planned sequence and deploying resources effectively and efficiently.
5.25.
The success of the project depends on its project manager leading a team of dedicated
staff to achieve its objectives. The characteristics of an effective project manager include:
5.26.
Understands the project requirements and its deliverables;
Understands project technologies and resources required;
Can plan, organize, lead and control the project;
Is a good and effective communicator to ensure that the project team is well
Can deal with uncertainties and risks and can take the right decisions in a timely
informed of what is expected and what is going on;

manner;
Can deal effectively with staff;
Possesses the energy, enthusiasm, toughness and quickness to deal with emerging
issues.
In order to perform effectively, the project manager and his team should have authority
over all elements of the project, including:
Making all necessary organizational, commercial and technical decisions;
Defining organizational structure, roles, responsibilities and accountabilities of the
Selecting and managing all contractors, within any pre-defined facility
Controlling funding, schedule and quality of the project;
Meeting and possibly exceeding customer requirements.
team to achieve project goals in accordance with the specified requirements;
authorisation limits;
57
5.27.
The organization of a project should be carefully selected depending on its scope and
complexity. For smaller projects or groups of smaller projects a functional and/or matrix
approach should be considered.
5.28.
A project-dedicated organization can carry out long term and complex projects,
providing in-depth and sustained focus to control the project internally and externally,
especially when interfacing with the customers. Other advantages include:
5.29.
Complete line authority over the project;
Improved communication and rapid reaction time;
Better budget and schedule control.
In a multi-project organization however, necessary attention should be paid to
minimize duplication of effort, facilities and personnel and to promote technical exchange of
expertise between different projects.
5.30.
Ensuring project quality and doing it right first time reduces rework and costs and
saves time. The following factors strongly influence this outcome:
A clear and well documented management system to meet the standards specified
in the contract;
A clear set of documents covering all the performance functions, including
Effective planning coupled with regular monitoring, reporting and troubleshooting
Effective management of interfaces;
Having a documented process for the monitoring and resolution of non-
Regular and frequent assessment, audits and effective methods to manage
A learning culture;
Initial and on-going training and feedback.
management control, core processes and supporting processes;

of impending or emerging issues;
conformances;
corrective actions;
58
5.31.
Conducting comprehensive and frequent internal assessments and audits encourages a
team approach. They serve as an important mechanism to review work processes in a

constructive way to identify problems and promote early solutions. In addition, they serve to
enhance the morale of the project organization to be ever ready for external audits.
5.32.
Project management starts during the negotiation phase and continues to the end of the
5.33.
Key activities performed during the pre-project phase include: project implementation
project and commercial close out.
plan, project description, definition of scope and roles of participants and work structure,
supporting contract negotiations, definition of client/contractor performance, definition of
scheduling requirements, selection of contractors and suppliers, definition of work breakdown

structure consistent with project scope and setting up the baseline budget.
5.34.
Key activities performed during the project implementation phase include: preparing
organizational structure and mobilization plan, documenting applicable processes, establishing
various project functions including supply and materials management, construction,

engineering, change control, administration, training, quality surveillance and assurances,
project planning, scheduling and control, budget and cost control, and information
management and communications.
5.35.
Key activities performed during the project close-out phase include: negotiations with
the client to close all open commercial and technical issues and address outstanding overall
plant performance warranties as well as equipment, material and workmanship warranties as

specified in the contract.
5.36.
Appropriate methods and checkpoints should be utilized to ensure that project plans
succeed. This includes: measuring and evaluating progress and taking timely corrective
actions to achieve or exceed predefined completion targets for each milestone, cost and
quality. Performing the work on schedule, meeting quality standards and minimizing rework
effectively ensure good control over cost.
5.37.
All projects are inherently risk ventures. Examples of risk contributors include:
Poorly defined scope and objectives;
Lack of qualified resources;
59
5.38.
Poor estimating;
Lack of management support;
Inadequate work breakdown/planning;
Unrealistic schedule;
Poor methodology for change control;
Poor methodology for corrective action control;
Unproven equipment and facilities;
Poor information and/or configuration management.
A risk management plan should be prepared to define the methodology and tools to
identify and evaluate risk. Budgets should be prepared with contingency provisions taking into
account the accuracy of the estimates, potential for cost escalation and or foreign exchange
fluctuations, and historical experience on similar projects. The project manager should have
the necessary authority to use contingency allowance to deal with unexpected situations
contributing to risk.
5.39.
Controlling the project will depend on the size and complexity of the project itself.
Many organizations establish a project steering committee to control projects. The project
steering committee may consist of:
5.40.
The manager with overall responsibility for the project;
A representative of the interests of the users of the deliverables;
Main or key supplier(s) who represents the interests of those responsible for
Project manager who runs the project on a day-to-day basis on behalf of the
product development;
project board.
The project steering committee will initiate the project and set the different stages,
agree the different stage gates of the project, monitor progress through each stage gate and
resolve major issues that have the potential to impact on cost, schedule and quality. The over-
riding consideration should be to agree and implement the required corrective action(s) while
addressing the associated commercial issues in parallel.
60
5.41.
Finally when a project is completed it should be reviewed for its overall success
against the original intent. For example:
Did the project achieve the objectives?
Did it realize the benefits outlined in the business case?
Did it operate within the scope?
Did the deliverables meet their criteria?
Was it delivered within the schedule outlined in the project plan?
Was it delivered within budget?
Has the project been adequately documented, the necessary records been
generated, maintained and handed over if necessary?
Work planning and control

5.42.
The work planning and control process is utilized during design, construction,
commissioning, operation and decommissioning and therefore it should ensure that work at the
nuclear facility is properly planned and completed in a safe and efficient manner. The work
planning and control process should list and be able to sort all work requests on the basis of
work description, priority assigned, date initiated and configuration requirements to perform
the work. The system should be able to track the status of all work requests, in particular those
on hold for planning, spare parts, materials or other constraints. The system should be capable
of tracking completion of testing prior to return to service.
5.43.
Work planning:
Should identify the relative importance of the work processes with regard to
Should identify and schedule the work necessary to operate and maintain the
Should describe the required performance objectives of work by referencing clear,
safety;
facility;
concise and unambiguous work instructions, which include any inspection and
testing requirements;
61
Should identify any requirements that are part of the work process, such as
Should specify isolation and tagging requirements;
Should identify any workplace risk hazards and how they are to be mitigated;
Should identify the required records, such as work completion, spare parts used
Should identify the status of work;
Should estimate individuals requirements and any special training needs;
Should specify any reviews required upon completion;
Should ensure the work is authorized to be carried out;
Should take into account lessons learned from previous experience;
Should provide any safety documents, such as permits to/for work and system/item
radiation protection and fire protection;
and equipment used;
isolation permits.
Workplace risk assessment

5.44.
In addition to the risk assessments carried out during the planning and control process,
workplace risk assessments (sometimes referred to as point of work risk assessments) should
be required for all activities carried out by the facilitys individuals and by contractors
individuals that may pose a particular risk of injury, harm or damage.
5.45.
In order to carry out an adequate workplace risk assessment the associated workplace
should be visited and account taken of; the route to and from the job; other work (including
routine operations) being undertaken in the area; any changes to emergency arrangements as
well as procedures, training and supervision.
5.46.
In recognition of differing types of risk, there are different types of workplace risk
assessments that could be used and which should be documented and used as an input to work
planning and control. For example:
Area assessment - this assessment addresses the risks relating to the equipment,
services or conditions in the workplace rather than the actual task being carried out
e.g. lighting, floors, traffic routes, fire precautions;
62
Task assessment - during the planning of jobs some risks will be associated
directly with the activity to be undertaken or through work or activities in adjacent
work areas. These risks need to be assessed as an integral part of the work
planning process in the same way as other aspects of the work. Risks should be
considered at an early enough stage so as to influence the work method to be

adopted.
5.47.
These assessments may also require an additional risk assessment where there is a
special, more demanding hazard for example working in confined spaces and opening acid
lines. Each Member State will have differing regulations that require such an assessment to be
carried out.
5.48.
The results of workplace assessments should be communicated to the work teams and
others who may be affected. This includes new starters, contractors and visitors who may be
affected by the work being carried out.
5.49.
5.50.
Workplace risk assessments can be communicated by:
Pre-job briefing before the work is undertaken for one off or infrequent operations;
Training for employees on plant, process or maintenance operations;
Including the findings in operating instructions or safe systems of working (work
Warning notices;
Team and site briefs;
Induction training or on the job training;
Notices, individuals handbooks etc;
Information contained in point of work assessment documentation;
Work planning and control information.
permits);
The main requirement is that anyone involved in a job or coming into contact with it is
made aware of the hazards and risks to their health and safety and knows and understands the
procedures that are in place to remove or reduce those hazards and risks.
63
5.51.
Planned regular review should be carried out to confirm validity of workplace risk
assessments. Post-job briefings can be used to capture human performance, performance and
risk related issues as lessons. When there has been a significant change, such as introduction
of new equipment, substance, procedures or working conditions, a reassessment may be
required. A record of completed workplace risk assessment should be retained at least until the
next review (in either paper or electronic format). Workplace risk assessments that support
working instructions should be archived together with the instructions.
Personnel safety
Industrial safety
5.52.
A process reflecting Member State industrial safety regulations should be established
for all individuals, suppliers and visitors, and should refer to the industrial safety rules and
practices that are to be adopted. The process should include arrangements for the effective
planning, organization, monitoring and review of the preventive and protective measures.
5.53.
The operating organization should provide support, guidance and assistance for facility
5.54.
Nuclear facility individuals should understand how the industrial safety programme
5.55.
Industrial safety data should be monitored. Examples of items to be monitored include
individuals in the area of industrial safety.
affects their individual work practices.
working time lost due to industrial accidents (sometimes referred to as lost-time accidents),
other accidents requiring medical attention, industrial safety non-conformances identified in
the facility, near misses and modifications resulting from industrial safety concerns.
5.56.
The underlying causes of industrial accidents and industrial safety problems should be
identified and corrected. Results of cause analyses should be used to identify opportunities to
improve industrial safety. Lessons learned from investigations and from other industry
operating experience should be used to improve performance.
5.57.
Applicable industrial safety information should be obtained and screened. Relevant
material and any required actions should be incorporated into the facilitys industrial safety
64
process and disseminated within the industry.

Radiological safety
5.58.
A process should be established and implemented for radiological safety for each
working group, area and activity to ensure that radiation exposure is as low as is reasonably
achievable. For further guidance see Ref. [3]
Control and supervision of contractors
5.59.
A process should be developed to control and supervise contractors carrying out work
at a nuclear facility. Contractors should perform work under the same controls as, and to the
same working standards as, nuclear facility individuals.
5.60.
When using contractors the facility should control and supervise their actions to ensure
there is no compromise to safety and to ensure there are no potential risks or hazards either
immediate or latent. The hazards may result in an immediate danger to the contractor's
workers or workers around them - or the hazard may be left behind as latent or inherent
defects that could be revealed later.
5.61.
The facility should ensure that contractors are competent for the work assigned to
them. Contractors who perform work at the facility should receive appropriate training in the
facilities procedures and practices to enable them to carry out work safely. Adequate time
should be provided for this training. The facility may have to take responsibility for this
training in relation to radiological safety, conventional safety practices at the facility,
emergency arrangements and permit for work systems. The practices for training for
contractors should be at least as good as those for the facilitys employees, for the same or
equivalent tasks.
5.62.
The control and supervision of contractors should ensure that contracted work is
carried out to an adequate standard. For work that impacts on nuclear safety the facility should
maintain an oversight, e.g. contractors carrying out Safety Analysis Report (SAR) preparation
and review, design, construction, commissioning, modification or maintenance etc. to ensure
that the end product meets suitable standards of nuclear safety. In such situations the facility
should:
65
Set standards for the contracted work;
Evaluate and accept completed work (including a technical evaluation or review,
Make arrangements to cover the interfaces between facility and contractor,
5.63.
where appropriate);
contractor and contractor, contractor and subcontractor, etc.
In order to be able to control and supervise its contractors the facility should have the
necessary expertise and capability, sometimes referred to as the intelligent customer

capability. As an intelligent customer, in the context of nuclear safety, the management of the
facility should know what is required, should fully understand the need for a contractor's
services, should specify requirements, should supervise the work and should technically
review the output before, during and after implementation. The concept of intelligent customer
relates to the attributes of an organization rather than the capabilities of individual post
holders.
Design
5.64.
The design process requires the use of sound engineering/scientific principles and
appropriate design standards. The design process should also address the requirements of Ref.
[19] and take into account the guidance provided in the series of IAEA safety guides on design
of nuclear power plants Ref. [20].
5.65.
The following guidance should be taken into account when developing the design
process or processes:
All structures, systems and components, including software for instrumentation
and control, that are important to safety should be first identified and then
classified on the basis of their function and significance with regard to safety,
according to the series of IAEA safety guides Ref. [20];
Design
requirements,
inputs,
processes,
Design inputs should be correctly translated to design outputs. Design inputs
organizational interfaces should be controlled;
outputs,
changes,
records
and
include all requirements for the design, such as the technical bases for the design
(design basis), performance requirements, reliability requirements, and safety and

security requirements;
66
The design outputs include specifications, drawings, procedures and instructions;
Design changes should be justified and subject to design control measures

commensurate with the original design. Design changes include field changes,
modifications and non-conforming items designated for use as-is or repair.
Changes should be subject to configuration and design control measures and be

approved by the original design organization or a technically qualified alternate;
Interfaces among all organizations involved in the design should be identified,
coordinated and controlled. Control of interfaces includes assignment of

responsibilities and establishment of procedures among participating internal and
external organizations;
Design inputs, processes, outputs and changes should be verified. Individuals or

groups performing design verification should be qualified to perform the original
design. Those carrying out verification should not have participated in the
development of the original design (but they may be from the same organization).
The extent of verification should be based on the complexity, associated hazards
and uniqueness of the design. Some typical design verification methods include
design review, alternate calculation and qualification testing. Previously proven
designs should not require verification unless they are intended for different
applications or the performance criteria are different;
Computer programs used in design should be validated through testing or
Tests used to verify or validate design features should be conducted under
Design verification is usually completed before design output is used by other
simulation prior to use if not proven through previous use;
conditions simulating the most adverse operating conditions;
organizations, or to support other work such as procurement, manufacturing,
construction or research and development. In specially controlled circumstances,

installation of unverified portions of design may proceed to a point where
extensive demolition or rework would not be required to replace or modify the
design. Design records that include the final design, calculations, analyses and
computer programs, and sources of design input that support design output
normally support evidence that the design was properly accomplished.
5.66.
The design process should include the following activities, which are described in the
guidance that follows;
67
Design initiation and scope and planning;
Identifying design requirements;
Identifying the principal designer;
Work control and planning of design activities;
Identifying and controlling design inputs;
Review of design concepts and selection;
Selection of design tools and computer software;
Conducting conceptual design and safety analysis;
Conducting detailed design and producing design documentation;
Conducting detailed safety analyses;
Defining the safe operating envelope;
Carrying out design verification and validation;
Management of the design baseline and design change control.
Design initiation, scope and planning

5.67.
The design process can be initiated in support of building a new nuclear facility project
or other nuclear structures, systems and components as needed. The overall scoping and
initiation of the design activity should be carried out after a review of the contracts, work
orders and other such high level documents that require an organization to perform design
activities. The organization responsible for the nuclear facility, its safety and licensing should
select a qualified design organization, which can undertake the design function and all related
activities.
Identifying design requirements

5.68.
This design organization should establish all the key requirements for the design after
conducting a review of applicable contracts, work orders, customer requirements,

environment, codes and standards, regulatory requirements, laws and regulations, etc.
68
5.69.
For the specific structures, systems and components, the applicable design parameters
could also be covered in the related design documents such as design requirements, design
specifications and safety design guides.
Selecting the principal designer
5.70.
The facility should select an individual (often referred to as the principal designer) who
has responsibility for specifying the design requirements and for approving the design output
on its behalf.
5.71.
The responsibilities of the principal designer should include:
Defining the base requirement/specification;
Involvement in design reviews;
Involvement in design verification;
Approval of detail design;
Review and approval of design changes during all stages;
Control of interfaces;
Review of relevant non-conformance applications.
Work control and planning of design activities

5.72.
The design activities should be carried out in a logical planned sequence to ensure that
the designed facility can be safely sited, constructed, commissioned, operated and
decommissioned.
5.73.
The overall design of the nuclear facility, structures, systems and components should
be organized in discrete packages and work assignments that clearly identify the scope,
activities for performing the design activities and activities for preparing design documents.
5.74.
Design planning should take place at the earliest opportunity before the beginning of
design activities. Plans should define the activities to be performed in manageable units
(typically a work breakdown and structure).
5.75.
Plans used in design should include the following, where appropriate:
69
5.76.
Scope of work, including work carried out by other organizations;
All key interfaces with jurisdictional authorities, customers and other parties
Design methods;
Software requirements (software to be developed or software codes to be validated
for use);
Test requirements, including qualification tests, prototype, seismic, etc.;
Design review, verification and validation requirements;
Resource requirements;
Special training requirements;
Schedule of activities including the critical path items;
Points at which checks of the design process will take place and the frequency of
such checks.
In addition to general planning requirements, design planning should also consider the
following aspects as applicable:
Procurement of components and materials;
Availability of components/materials;
Qualification of suppliers;
Acceptance/use of previously proven designs and components.
Identifying and controlling design inputs

5.77.
All relevant inputs that can impact on the design directly or indirectly should be
considered. The design input documentation12 should define the requirements to be satisfied
by the design. These design input documents are normally prepared, reviewed and approved
by the facility.
Design input documents may also be called design requirements, design specifications, design guides, analysis
basis documents, technical specifications and flow sheets.
12
70
5.78.
Establishing and determining the design inputs will vary with each different design. As
well as inputs derived from general contractual requirements, customer input and commercial
considerations (including cost and marketability), design inputs should be derived from:
5.79.
Basic inputs that are available in the early stages as covered by contracts and high
level design requirements documents;
Derived inputs that become available after conceptual and detailed design
progresses to a certain level.
The design inputs could include the following parameters based on their applicability
to each particular facility and design activity:
Basic inputs (independent of conceptual design):

Function of the facility, structure, system or component;
Location and interfacing requirements;
Performance requirements, such as capacity, rating, and output;
Operational requirements under relevant conditions, such as start-up,
normal operation, upset operation, emergency operation, shutdown, faulted

operation, standby, and consideration of the frequency of such events;
Environmental conditions, including wind, and snow loading, effects of rain

and flooding, seismic events, and physical conditions such as temperature,
humidity, presence of airborne and other chemicals, radiation, corrosion, and

erosion;
Safety considerations, including risks to individuals safety, potential to cause

physical damage, fire hazards, and radiation hazards;
Failure considerations, including safety consequences, limiting the consequences
of failure, effect on plant functioning and adjacent structures, systems and

components; role of standby equipment and effects of adjacent failures;
Standards, including mandatory and contractual codes and standards,

and jurisdictional requirements;
Security considerations;
Safeguards considerations;
Human factors considerations
Feedback from research and development;
71
Consideration of previous designs, and experience from purchasing,

fabrication,
construction,
decommissioning.
installation,
commissioning,
operation
and
Derived inputs (dependent on conceptual design):

Design requirements for specific disciplines, including
Structural: loading, pressures, stress, supports, and bracing;
Mechanical: vibration, speed, lubrication;
Electrical: voltage, power, regulation, and insulation;
Hydraulic and pneumatic: flow, pressure, fluids, velocities, and suction and
discharge heads;
Chemical: fluid chemistry, corrosion and erosion;
Control and instrumentation: controls, alarms, ranges, stability, and readability;
Metallurgical and material: protective coatings, welding, galling, wear, erosion,

and creep;
Fabricating requirements, including constructability, size and weight, fabricating

processes, quantity, inter-changeability, and spares;
Installation requirements, including shipping, storage, installation, proof tests, and

run-in;
Commissioning requirements, including accessibility, tests, and test equipment;
In-service
requirements,
including
reliability,
serviceability, maintenance and inspection;
redundancy,
accessibility,
Engineering input data, including validity of reference data, test reports, analyses,
and in-service reports;
Decommissioning requirements, including dismantling and decontamination.

5.80.
Sufficient detail should be provided in the design input documents to serve as reference
basis for making decisions, performing verification and validation for the conceptual and
detailed design, evaluating design changes and setting up commissioning tests and criteria.
Review of design concepts and selection
5.81.
The responsible design organization may examine one or more concepts to evaluate
various options in terms of their suitability and adequacy to select the preferred approach. All
such resulting design concepts should be evaluated, documented and approved.
72
5.82.
Such evaluation may consider the feedback from previous design, procurement,
manufacturing, construction, installation, commissioning, licensing and operations. The
preferred design concept should be identified, documented and justified with supporting
information.
Selection of Design Tools and Computer Software

5.83.
The design tools and computer software used in design, safety analysis, plant control,
calculations and data management should be selected based on their appropriateness and
adequacy for the application and use. All such tools should be suitably qualified based on
applicable codes and standards. Such tools and software should be compatible between the
various design organizations to the maximum extent possible.
5.84.
Where analytical and process control computer software is used, appropriate measures
should be provided for its verification and validation. Ref. [15]

Conducting conceptual design and safety analysis
5.85.
The need for conceptual design, safety, environmental and security analyses should be
examined and when required be prepared based on optimum or preferred design concept.
These documents may require submission and approvals based on applicable laws and
regulations.
5.86.
The need for a conceptual safety analysis should be evaluated and when required
should be prepared based on selected design concept(s). This is generally done for new,
complex, first of a kind designs that are critical to nuclear safety.
Conducting detailed design and producing design documentation

5.87.
Calculations, analyses and studies should be documented in sufficient detail and should
be controlled in a manner that subsequent users of the design, during the various lifetime
stages of the facility, can understand the design and make informed decisions. This requires
documenting, for example, inputs, assumptions, modelling, test and development work and
73
results, safe operating parameters and envelope, key acceptance criteria and parameters for
commissioning tests.
5.88.
Design activities should ensure that specified requirements are correctly translated into
design outputs, such as:
5.89.
Design computer codes/basic facility design;
Design specifications;
Functional specifications.
A suite of design documentation should be developed by establishing an overall
baseline listing of all key design documents based on the contractor, customer and
jurisdictional requirements. This should cover the design documents needed for the various
activities of the facility in all stages, such as for procurement and manufacturing, construction
and installation, commissioning, operation, maintenance and decommissioning. The baseline
listing should include the following:
Design requirements and specifications;
Jurisdictional codes, standards, classifications and other criteria;
Traceability requirements;
Requirements to be applied in the purchasing, installation and maintenance;
Critical characteristics of the design that need confirmation during commissioning;
System or equipment operating limits and reliability and maintainability

requirements.
Conducting detailed safety analyses

5.90.
Safety analysis is an important part of the design process that is carried out to examine
the various postulated conditions, accidents and events that may impact on the performance
and operation of nuclear facility equipment, components, structures and systems. The need for
the type and extent of safety analyses should be evaluated in view of the governing codes and
standards and regulatory requirements and when required should be prepared based on the
selected design concepts.
74
5.91.
In some Member States the safety analyses are documented in reports such as
Preliminary Safety Analysis Reports (PSAR) and Final Safety Analysis Reports (FSAR) and
in Probabilistic Safety Analyses (PSA). These reports are updated as required. All analyses
should include the purpose, methods, assumptions, input and sources, computer modelling
information, test and development work, results and key references. The selected tools for the
safety analyses such as computer programs should be verified and validated to confirm their
suitability and adequacy for the type of analyses being performed.
Defining the safe operating envelope
5.92.
Design and safety analyses should establish an envelope of plant, equipment,
component, structures and systems configurations and operating limits that is acceptable for
safe operation.
Carrying out design verification and validation

5.93.
Individuals who did not perform the design activity or make the design decisions for
5.94.
The designers direct supervisor, or a qualified delegate, should be responsible for
the design being verified should normally perform design verification activities.
confirming that the design work is correct, that the design meets the requirements, and that the
verification activities have been properly completed. Those carrying out verification and
validation should have access to sufficient background and supporting information in order to
gain an understanding of the design intent.
5.95.
Design verification is the process by which a design is evaluated to ensure compliance
with prescribed requirements. Design verification processes should be used throughout the
various design phases including the conceptual design, detailed design and safety analyses
phase to ensure that each phase has reached a satisfactory level of completion before going on
to the next design step.
5.96.
At the start of a design activity, the design organization should identify design
verification activities of each design or revisions to the design. Formal design documents
(including design verification documents) are normally subject to verification.
75
5.97.
5.98.
The nature and extent of design verification should be based on the following criteria:
Importance to safety of the structures, systems, and components;
Exposure to economic risk;
Complexity of the design;
Degree of standardization;
The current state of the art;
Similarity to previously proven designs.
When previously finished and verified designs are to be used for a new application,
the design verification programme may be limited to confirming that:
5.99.
as
The application of the design is correct;
The analyses and design calculations are still valid.
Acceptable design verification methods should include various review methods such
Alternative analysis;
Verification by test;
A review of the design by a group of peers;
Design review.
5.100. The resulting verification output documents should themselves be reviewed to

confirm their adequacy, validity, and relevance to the design being verified.
5.101. Design reviews are generally conducted by a group of subject matter experts led by
the senior designer with considerable experience and broad knowledge of the subject.
Typically it would involve a number of disciplines and interfacing organizations. A single

individual could also conduct design reviews.
76
5.102. At appropriate stages of the design, formal verification reviews of the design process
should be planned, completed and documented. Participants in these reviews should include
representatives of organizational units from the design organization concerned with the design
stage being reviewed, and other individuals as required. Reviews may range from reviews by
single individuals to reviews by many organizations.
5.103. The objective of the review is to provide assurance that the output documents will be
correct and fully address the requirements (for example functional, safety and regulatory
requirements, and industry codes and standards) of the design specification.
5.104. The principal designer should determine the scope and extent of the review. As part of
the review it should be established that procedures have been followed, that designated
individuals have participated, and that the results are adequately documented and checked
prior to the release of design documents.
5.105. The design review should anticipate and identify potential problem areas and
inadequacies and initiate corrective actions to ensure that the final design meets the design
intent.
5.106. In the design review certain basic questions should be addressed. These questions
should include, but not be restricted to:
Were design inputs correctly selected and incorporated?
Have original design requirements been met?
Is the design output information complete?
Were any assumptions made, are they adequately described and what is their
Was an appropriate design methodology used and were designated design
Were design procedures followed?
Is the design output reasonable when it is compared to the design input?
basis?
standards followed?
5.107. Verification or certification, where required, of design specifications, design or stress

reports, seismic qualification or environmental qualification reports, including those prepared
77
by suppliers, should be carried out in accordance with the applicable codes/standards.

5.108. Design calculations should be verified to check their validity. Alternative analyses
may be performed using simplified calculations and assumptions to obtain approximate

results. The results of such analyses should be reviewed and the acceptability of the original
calculations justified. Alternative analyses, assumptions, and results should be documented.
5.109. Qualification testing verifies the design of a system or component or a specific design
feature of a prototype or a production unit by operating the item under controlled conditions
and measuring and evaluating its performance. The organizations performing qualification
testing should have a qualification-testing programme that meets the requirements of
applicable standards.
5.110. Test requirements should be identified in a test specification document. Test results
should be included in a test report. Test reports should be reviewed for validity and relevancy
to the test requirements against the acceptance criteria specified in the test specification
document.
5.111. Where computer programs and associated documentation are part of the design output,
such as computer programs controlling the operation of safety systems or monitoring or
displaying reactor operation, they should be subject to a set of verification and validation
tests. Software development plans, design verification plans or quality plans should identify
verification and validation requirements, as appropriate. Applicable national standards and
international standards should be identified and followed. Software verification and validation
test documentation should provide information, or reference the documents containing
information on:
Test methods to be used;

Equipment used for computer program verification;
Inputs to be processed;
Output acceptance criteria.
78
5.112. The manager of the design organization responsible for the design should ensure that
the design is adequately verified by confirming that all planned verification activities have
been completed before approval of any design documents. This is normally carried out by
reviewing evidence of completed verification activities.
5.113. The adequacy of design and design verification methods applied to all major designs
as defined in the applicable design verification plan should be confirmed. The validation of
the design of components, structures, equipment and systems should be done during the
commissioning phase. The designer should document all the key requirements such as
performance, functional and control parameters, safety assumptions and objectives that need
to be confirmed during commissioning. The design documents should provide the relevant
information for commissioning tests and the acceptance criteria to be followed by the
commissioning organization.
Management of the design baseline and design change control

5.114. Once the design is complete for a component, structure or system, or for the facility,
configuration and change control processes should be applied to the design. This should
ensure that designed equipment is in place, properly installed and documented, confirmed to
be operational, and its operational status known at any particular time.
5.115. The design organization should also provide records of design changes it has
introduced during the design activities. Changes should be reviewed and approved by
individuals who have information and knowledge of the requirements and intent of the original
design, processes and practices.
5.116. Design changes, whether initiated by the designers within the facility, or at the facility,
or by outside groups such as contractors, consultants, jurisdictional authorities or other

interested parties, should be identified (with reasons), documented, reviewed, evaluated and
verified. Documents affected by the change should be identified. If the change is approved, the
affected documents should be revised, approved and released. Activities impacted by the
change should be verified.
5.117. Permanent and temporary changes during construction, commissioning and operation
stages should be documented, verified, and approved before they are implemented.
5.118. Concessions provided to fabricators, installers, construction forces, and commissioning
or operational groups that permit deviations from design should be processed in accordance
79
with approved procedures. These procedures should define methods for identification, nature
and resolution, approval, issuing and filing of concessions.
5.119. Design baseline should be identified, documented and maintained. Changes to the
baseline design should be identified, reviewed, approved and documented through the change
control process.
Configuration management
5.120. Configuration management is a process of identifying and documenting the
characteristics of a facilitys structures, systems and components (including computer systems

and software), and of ensuring that consistency is maintained between the design
requirements, physical configuration and facility configuration documentation. The
configuration management process should ensure this consistency and is fundamental to safe
operation. For example, after maintenance is carried out, the plant, systems and components
should be returned strictly to their design configuration.
5.121. The principal concern relating to inadequate configuration management is the loss of
the ability to perform safety actions when needed. Not having the right information available
at the right time and in the right format for engineering and operations staff can lead to human
errors with potential safety and economic consequences. In many cases, the effort required to
respond to and correct these errors is greater than the effort required to maintain plant
configuration.
5.122. It is assumed that every facility has already knowingly or unknowingly employed the
concept of configuration management. The extent of the application of configuration

management and its status may be different at different facilities depending on their exposure
to configuration management and relevant awareness of the plant management with respect to
configuration management.
5.123. Configuration management should ensure that the construction, commissioning,

operation, maintenance, and testing of the physical facility are in accordance with the design
requirements as expressed in the design documentation, and to maintain this consistency
where appropriate, throughout all lifetime stages, particularly as changes are being made.
80
5.124. Configuration management recognizes that there are three elements, which should be in
equilibrium: design requirements, facility configuration documentation, and physical

configuration as illustrated in the following figure.
FIG. 2 - Configuration management equilibrium model
Design requirements are technical requirements; they are derived from standards,
regulatory requirements and the design process, which impose limits on the final
design including the consideration of margins and which are reflected in the design
documentation;
Facility configuration documentation is the set of all the documents that contains
configuration information that defines how the plant is designed, how it is operated
and how it is maintained. These documents can be categorized as either:
Design information;
Operational configuration information; or
Other configuration information necessary for procurement, operation,

maintenance and training activities.
Physical configuration applies to the installed and subsequently commissioned

structures, systems and components and to the operational configuration of those.
5.125. The configuration management process should include:
Programme planning;
Physical configuration scope criteria;
Facility configuration information scope criteria;
81
Concepts and terminology;
Configuration control information system;
Configuration audits and assessments;
Configuration management training;
5.126. Changes to either the facility physical configuration or facility configuration
information should be supported by, and be consistent with, the design requirements.
5.127. The process of configuration management should ensure that responsibilities are
defined, including those for design bases, safety analysis bases, design processes, operation,
maintenance and change processes. This description of responsibilities should define precisely
who is responsible for what, including the interfaces, transfer of responsibility and for
documents and other related information. The process should also define the responsibilities
for the following organizations:
The original or principal designer (if involved);
The suppliers (if involved);
The design organization in charge of modifications to the design (if not the same
The construction, commissioning, operating and decommissioning organizations
Any corporate or company level organizations or departments (if involved).
as the original designer);
(including maintenance, training and operations);
Plant modification
5.128. A process should be established and implemented to control modifications to the
systems, structures and components. See Refs [11] and [12].
Maintenance
5.129. A process should be established and implemented for the maintenance of the systems,
structures and components of the facility. See Refs [9] and [12].
Housekeeping and cleanliness
82
5.130. Maintaining housekeeping and cleanliness should be considered an essential process to
provide a clean workplace and to encourage a high standard of workmanship. The process
should establish, maintain and enforce standards for housekeeping and cleanliness that:
Prevent contamination of items and individuals;
Minimize the risk of injuries;
Reduce the risk of conventional accidents such as fires;
Protect open systems and equipment from foreign material during maintenance
Require the removal of contaminants and the prevention of contamination;
Control the movement of materials, equipment, tools and individuals in and out of
Ensure that cleanliness inspections are performed immediately prior to
Encourage individuals to leave an area cleaner than it was before they carried out
and modification;
work areas;
system/component closure;
an activity within it.
Handling and storage

5.131. The process of handling and storage should ensure that only correct items are used in
the nuclear facility. For this purpose, items should be identified. Physical identification should
be used to the extent possible and the identification should be transferred to each part of an
item before it is subdivided.
5.132. Provisions should be made to prevent the damage, deterioration or loss of items. For
this purpose, items should be stored in a manner that provides for ready retrieval and
protection. Storage should be controlled to prevent deterioration of degradable material, such
as elastomer seals, O-rings and instrument diaphragms.
5.133. Maintenance should be performed on items held in storage such as large pumps and
motors, including periodically checking energized heaters, periodically changing desiccants,
rotating shafts on pumps and motors, changing oil on rotating equipment, and other
maintenance requirements specified by the vendor.
83
5.134. Items removed from or placed into stores, including surplus material returned to store,
should be promptly documented so that the stores inventory is accurate. The stores record
system should also indicate the location of materials and parts in all designated storage areas.
Access to storage areas should be controlled.
5.135. Handling and storage should include arrangements for shelf-life management. For
example, an item whose shelf life has expired should be discarded unless an engineering
evaluation is conducted and engineering approval obtained prior to use of the item.
5.136. For critical, sensitive, perishable or high value items, special arrangements such as
protective enclosures, provision of inert gas atmosphere, moisture and temperature control,
should be specified and provided. These measures could also be applied to installed items
subject to extended out-of-service conditions.
5.137. The process should also cover field storage of consumables such as lubricants and
solvents to ensure they are properly stored and identified.
5.138. Storage practices should ensure that:
Corrosive chemicals are well segregated from equipment and metal stock;
Flammables are properly stored;
Radioactive material is properly controlled;
Stainless steel components are protected from halogens and from direct contact
Relief valves, motors and other equipment are stored on their bases;
Containers (boxes, barrels, crates) are stacked to reasonable heights and in
Parts, materials and equipment are repackaged, or protective caps reinstalled to
with other metals, particularly carbon steel;
accordance with vendor and storage instructions;
seal items on which previous packaging or protective caps have deteriorated, or

been damaged or lost while in storage;
Elastomers and polypropylene parts are stored in areas not exposed to light;
Machined surfaces are protected;
Equipment internals are protected from the ingress of foreign materials;

84
Material, equipment and storage facilities are properly protected from rodents;
There is suitable segregation of safety related and non-safety-related components.
5.139. Items removed from storage should be protected. Handling of items should consider
factors such as weight, size, certification and regular inspection of hoisting/lifting equipment,
chemical reactivity, radioactivity, susceptibility to physical shock, damage or electrostatic
sensitivity, sling location, balance points and method of attachment. Special handling tools and
equipment should be provided, controlled and inspected periodically as necessary to ensure
safe and adequate handling.
Inventory management
5.140. The process for inventory management should be designed so that spares and other
consumable items are available when required to ensure that safety is not compromised. The
facility should first establish an inventory register and ensure that the procurement process is
aligned to maintain stocks at an acceptable level. This can be achieved by:
Demand forecasting;
Understanding lead times for the manufacture and procurement of spares and
consumable items;
Monitoring spares and consumables issue and usage;
Establishing minimum stock levels and minimum stock re-order levels;
Historical information.
5.141. The facility management may choose to arrange to obtain spares at the time of
procurement of the original products. The spares should meet the same requirements as the
originals, with additional requirements to assure protection during long term storage. The
factors to be considered in determining the quantities of spares in the inventory include the
following:
Numbers and safety significance of products liable to failure;
Special nature of the manufacturing process which may prevent subsequent
Uncertainties in supply of current spares;
Anticipated delivery periods and shelf-lives;
manufacture;
85
Delays caused by importing spare parts from other countries;
Isolation from qualified manufacturers;
Obsolescence.
Identification and labelling of systems, structures and components

5.142. A process should be established and implemented to ensure systems, structures and
components are uniquely and permanently labelled to provide individuals with sufficient
information to positively identify them.
5.143. Component identification and labelling is developed during design stage, implemented
and confirmed during construction and commissioning stages and maintained during operation
and decommissioning stages. System, structure and component identification and labelling
should not be compromised by activities during the facility lifetime. Necessary user-friendly
improvements should be considered based on experience feedback and design configuration

updated as part of the design modification process. Detailed guidance can be found in Ref.
[26].
Waste management
5.144. The generation of radioactive waste during commissioning, operation and
decommissioning should be minimized and provisions made for the safe handling, storage,
transport and disposal of radioactive waste liquids, solids and gases. See Ref. [4].
5.145. The control of radioactive wastes should ensure they are within authorized limits and
conditions and should include for example:
Identifying the source;
Defining the waste streams;
Segregating the waste;
Characterizing the waste,
Carrying out treatment and conditioning;
Using appropriate packaging and transportation methods;
Establishing correct storage and disposal;

86
Maintaining inventories;
Preventing unauthorized access;
Generating and keeping records such as Waste Package Specifications and Waste
Package Data Sheets.
5.146. For further guidance on radioactive waste management see Refs [3,5,6,7].
5.147. The facility should ensure that the transportation of radioactive waste to a licensed
repository satisfies regulatory requirements, and that the final waste packages meet waste
acceptance criteria for disposal.
5.149. Reference [8] establishes requirements for the safe transport of radioactive material.
Environmental management
5.150. The facility should develop a process for the management of the environmental aspects
of its activities, products or services that should be controlled in order to avoid a significant
negative impact on the environment.
5.151. The facility should determine its environmental objectives and targets relevant to the
nature, scale and impact of its activities, products or services, from the perspective of past,
existing and planned activities.
5.152. The process should cover:
Emissions to air and water;
The impact of the waste management process;
Contamination of land;
Contamination of water sources;
Use of raw materials and natural resources;
Other local environmental and community issues.
87
5.153. The process should address the environmental impact of all of the facilitys activities in
all lifetime stages. Note: environmental aspects should also be addressed in all other processes
if applicable.
5.154. For information regarding discharge pathways for radioactive releases and how toxic
releases to the environment should be identified and monitored see Refs [3] and [10].
Regulatory interface
5.155. The facilitys management system should establish a process by which regulatory and
statutory requirements are clearly described and met. See Ref. [12]. The facility should also
ensure that interface arrangements are established with all relevant regulatory bodies. For
example, this would include meetings (types, frequency, terms of reference), reporting and
communication routes etc. The interface arrangements should also identify the information
needs of the regulatory bodies see Ref. [33].
Information technology
5.156. Management system controls should be considered throughout all phases of the
information technology lifetime: the acquisition and supply of a new system, development,
operation and maintenance.
5.157. A change control process should ensure that:
Only properly authorized changes are permitted;
Appropriate individuals are consulted throughout the change;
All possible risks have been considered and addressed;
The needs of future stages in the facility lifetime are taken into account.
5.158. Configuration management systems provide a mechanism for identifying, controlling

and tracking the versions of software items and associated documentation. Configuration
systems may be paper based or implemented using software tools, or a combination of both
techniques.
88
5.159. Plant control software that could affect safe and reliable operation, such as computer
codes and data used in computerised protection and control systems, should be verified and
validated. Installed plant control software should be subject to periodic checking to ensure
continued computer program integrity. See Ref. [15].
89
Fire protection
5.160. The facility should establish and implement a fire prevention and protection process to
protect individuals and items that is appropriate to the stage in the lifetime of the facility. See
Refs [12,13,14].
Security
5.161. The facility should establish and implement a security process to prevent individuals
from deliberately carrying out unauthorized actions that could jeopardize safety. The process
should be appropriate to the stage in the lifetime of the facility. See Ref. [12].
90
6. MEASUREMENT, ASSESSMENT AND IMPROVEMENT

MONITORING AND MEASUREMENT
The effectiveness of the management system shall be monitored and measured to confirm the
ability of the processes to achieve the intended results and to identify opportunities for
improvement.
Management oversight
6.1.
Managers normally perform oversight reviews and assess performance activities
through their day-to-day line management activities. Other more structured mechanisms
include:
Line management monitoring: in order to become pro-active and maintain control
of emerging problems, line managers and supervisors should be aware of what is

going on in their area of responsibility and assess actual performance against
expected results. Line management monitoring requires that they are individually
involved in assessing the performance of work by asking informed and probing

questions and by reviewing the results of work completed.
To achieve these objectives line management and supervisors:
Should observe work being carried out to ensure standards are being
Should be visible, available and listen to suggestions and complaints from their
maintained;
individuals;
Should examine trends of performance indicators;
Should review the results and lessons learned from self-assessments,
Should carry out pre-job and post-job briefings where necessary;
independent assessments, observation and surveillance programmes;
Should coach and mentor to improve performance.
91
Reviewing the achievement of goals, strategies, plans and objectives: a series of

planned and systematic reviews (sometimes referred to as accountability reviews)
should be carried out to assess individual or functional unit progress in the
achievement of goals, strategies, plans and objectives relevant to them. An

appropriate level of management should review the performance effectiveness of
each individual or functional unit. The reviews should be carried out on a predetermined frequency and timing to enable a composite view of performance to be
established and communicated to individuals.
Such reviews should consider historical performance and future plans related to
the goals, strategies, plans and objectives that are described within each
departments plan.
Such reviews will commonly address the following activities:
Direction and planning, including the setting of objectives and associated
targets;
Endorsement of strategies;
Accomplishment of strategies, plans or project proposals;
Measurement of business performance against set plans and targets using
established performance indicators;
Breaches of control (e.g., significant incidents);

Proposed improvement ideas and initiatives;
Human resources issues such as staffing levels, individual performance, and

accomplishment of training plans.
Recommendations and/or decisions reached as a result of these reviews should be
tracked through to completion.
Oversight meetings; the oversight meetings that enable management to obtain

oversight and take any immediate corrective action should be identified. Typically
these meetings include:
Operational meetings Normally a daily meeting of key functions in the

facility to review current operational status and ensure that resources are
allocated to support day-to-day operational needs.
92
Management team meetings - The purpose of this meeting is to make decisions

and set direction for the facility based on feedback from internal and external
sources. The meeting focuses on making optimal decisions with respect to
achieving the facility goals, strategies, plans and objectives identified in the
Plan. This is a primary means to achieve alignment and commitment by all

participants.
Nuclear safety oversight meetings - The purpose of this meeting is to ensure
that management continually maintains an awareness of and responds

appropriately to nuclear safety issues. The meeting evaluates past, present and
future nuclear safety issues facing the facility, and makes decisions regarding
actions to be taken to improve or maintain high standards of nuclear safety.
Corporate oversight Corporate oversight should be provided to ensure the
management system of the facility or facilities, meets the needs of the

corporation. It may also determine whether there is a need to develop specific
management programmes for new initiatives or lifetime stages, e.g. major
refurbishment or decommissioning and may initiate independent external

assessments of facility programmes.
SELF-ASSESSMENT
Senior management and management at all other levels in the organization shall carry out
self-assessment to evaluate the performance of work and the improvement of the safety
culture.
Self assessment by senior management
6.2.
Input to management self-assessment should include information on:
Safety results/trends and performance indicators;
Overall performance including safety, health, environment, security, quality and

economic considerations;
93
6.3.
Current performance analysis, such as peer evaluation feedback, surveillance and
Adequacy of the management system of the facility;
Effectiveness of management procedures/work instructions;
Organizational issues, such as levels of authority and responsibility, interfaces,
technical review results;
communications, recruitment, training and promotion policies;
Results from staff surveys and safety culture assessments;
Effect of regulatory and statutory requirements and any changes to them;
Strategic planning, mission of the facility and safety objective;
Feedback from experience.
Management self-assessment should result in an improvement in safety and should be
part of the facilitys quality improvement process.

Self assessment by managers and individuals
6.4.
Examples of self-assessment techniques for managers and individuals include the
following:
Workplace inspections or observations, and routine communications with workers,
including informal interviews to determine if expectations are understood;
Coaching or observation programmes in which performance weaknesses are

documented for further action (such as management observation of operating crew
performance on simulators and training activities);
Review, analysis, and trending of important operating parameters or other data;
Management reviews of new corrective action reports;
Reviews of important process performance data (such as work backlogs and
Event investigations and maintenance activity critiques (post-work reviews
maintenance rework rate);
performed to identify areas for improvement in order to improve these activities in

the future);
System or equipment inspections and document reviews;

94
Industrial safety inspections;
Questionnaires, staff surveys and other feedback mechanisms;
Evaluation of facility, organizational and industry operating experience;
Benchmarking visits to other facilities or organizations;
Researching information to identify opportunities for performance improvement;
Periodic management reviews of performance, such as management review
meetings in which managers provide a summary of key performance weaknesses

or strengths in areas for which they are responsible.
6.5.
The self-assessment process should evaluate programmes, processes or performance
areas against specific criteria by using the most appropriate technique identified above. Some
self-assessments are carried out periodically (for example, every two years).
6.6.
Self-assessments may be planned (pro-active) or may be initiated in response to
situations that need a closer review of performance (reactive) such as:
6.7.
Trends in performance data, or problems tracked in the corrective action
Events;
Indications of process inefficiencies;
Input from ongoing self-assessment activities or information provided by
Visits to or review of information from other nuclear facilities that show potential
New regulatory requirements;
Significant changes for which an early progress check is needed;
Implementation of new programmes, or revisions to existing programmes or
New or recent industry issues or problems.
programme;
independent or external assessment groups;
performance issues that need a more focused review;
processes;
Self-assessments should typically be performed by teams of people, but occasionally
may be performed by an individual. Self-assessments should be properly organized (for
example, some form of guidance is used to ensure completeness and consistency) Self95
assessments generally require planning, scheduling, preparation, resourcing and reporting.

Self-assessment is different from self-checking, which is an ongoing personal responsibility in
the conduct of work.
6.8.
Self assessments schedules should include:
Adequate long-range planning that identifies all self-assessments to avoid

overloading departments (this avoids scheduling too many activities such that
there are not enough people or resources to accomplish the self-assessment and
other work);
6.9.
The use of other planned activities, including other forms of evaluation;
Flexibility to allow changes needed to include new self-assessment needs;
Communication of the plans to the appropriate employees in time to allow

sufficient planning.
Among the skills to be considered for selecting people to participate on self-
assessments should be:
Technical expertise in the area being assessed;
Capability in applying the techniques of interviewing, observing, and analysing;
Being open minded and having the ability to accept different approaches.
6.10.
Self-assessment assignments should also allow some learning by less experienced
6.11.
In preparing for and conducting self-assessments the following should be considered:
employees to increase their participation in the process.
Information from professional organizations;
Information obtained from national or international standards;
Historical information, such as corrective action programme open products
(actions not yet completed) and completed products, performance trends, lessons
learned critiques, operating experience, and regulatory or other commitments;
Current performance information, such as observation programme results or

measures of performance;
96
Information that may indicate that more significant problems could result if not
corrected, such as problems identified from observation programme results;
Reports from previous self-assessments or inspections;
Feedback from external groups, such as regulatory authorities, the IAEA and
industry organizations.
6.12.
Each function within the facility should routinely conduct its own self-assessments of
6.13.
Independent assessment should periodically evaluate the self-assessment process and
6.14.
Teams or individuals conducting self-assessments should communicate closely with
6.15.
Ongoing discussion of potential issues should help make the issues more
programmes, processes and performance.
its performance.
those being assessed to help ensure understanding and ownership of the results.
understandable and help provide better acceptance by those who must ultimately correct the
weaknesses identified.
6.16.
Management should verify that problems identified by the self-assessment process are
promptly entered into the corrective action programme or other tracking systems for resolution
to ensure that resolution of issues is timely and prioritized based on their impact on safety and
reliability.
6.17.
When management determines that an issue identified by a self-assessment does not
need further action, the reason for this decision should be documented and communicated to
the identifier. This should be done with care and sensitivity so as not to discourage future
problem identification.
6.18.
Self-assessment results should be communicated to affected groups and individuals.
Management should periodically review the results of ongoing self-assessment activities with
employees to improve performance. The following are some typical communication methods:
Group meetings;
Special newsletter articles;

97
6.19.
6.20.
Performance indicators posted in the workplace;
Company intranet or computer databases.
Self-assessments results should be reviewed by (or shared with):
The manager being evaluated;
The groups being evaluated;
Other groups which can use the information to improve their performance.
Performance indicators of the effectiveness of the self-assessment process include:
Recurring (repeat) issues from previous self-assessments;
Performance indicator results in areas where corrective actions have previously
Team member critiques of self-assessment effectiveness;
Comparison of self-assessment results to check their effectiveness;
Feedback on the usefulness of the results from managers whose areas were
Comparison of self-assessment results with independent assessment group
Benchmarking of performance with other departments or external organizations to
been implemented;
evaluated;
assessment results or external feedback, as available;
determine if self-assessment activities reflect best industry practices and standards

and as a means to identify additional areas for improvement.
INDEPENDENT ASSESSMENT
Independent assessments shall be conducted regularly on behalf of senior management:
To evaluate the effectiveness of processes in meeting and fulfilling goals,
To determine the adequacy of work performance and leadership;
To evaluate the organizations safety culture;
To monitor product quality;
strategies, plans and objectives;
98
To identify opportunities for improvement.
An organizational unit shall be established with the responsibility for conducting independent
assessments.13 This unit shall have sufficient authority to discharge its responsibilities.
Individuals conducting independent assessments shall not assess their own work.
Senior management shall evaluate the results of the independent assessments, shall take any
necessary actions, and shall record and communicate their decisions and the reasons for them.
Types of independent assessment
6.21.
The following types of assessment are unique to nuclear facilities.
Peer evaluation
6.22.
Peer evaluation is a critical examination of specific safety related subjects by
individuals from one or more other organization to seek improvements and to promote good
practices. The evaluation team should consist of experts in all areas of evaluation in order to
promote the sharing of experience and to develop relationships between the peers and the
people at the facility.
6.23.
Senior management should consider developing, on the basis of best international
practices, a set of performance indicators, objective standards and criteria against which
performance could be evaluated. For a facility, objective standards and criteria that define
performance requirements in areas such as operation, maintenance, chemistry, engineering,

radiation protection, fire protection and emergency planning should be considered and
developed. In some Member States these are sometimes referred to as performance objectives
and criteria.
6.24.
This type of assessment is both objective, in that it compares actual performance
The size of the assessment unit differs from organization to organization. In some organizations, the assessment
function may even be a responsibility assigned to a single individual or to an external organization.
13
99
against the objectives and criteria, and subjective, in that it uses the collective knowledge of
the peers to identify areas for improvement and good practices.
6.25.
During the evaluation, observation of the work should be done and a judgment should
be made on the basis of the methods used and results achieved. A written report of problems
and good practices observed should be presented to management. Management should develop
an action plan to implement any improvement and ensure that information on good practices is
made known to others within the facility.
Technical review
6.26.
Senior management may arrange for a review of the technical content of activities and
6.27.
Different techniques can be used, such as inspection and testing as well as emergency
6.28.
Senior management should define in clear terms the scope of each technical review,
6.29.
Those who are asked to perform a technical review should be demonstrably qualified
processes, with a view to improving the effectiveness of these activities or processes.
drills and exercises. Ref. [16].
what is expected, when it will be implemented and who will implement it.
and competent in the area of work being assessed.

Safety culture assessment
6.30.
An assessment of safety culture should cover the whole nuclear facility organization. It
is difficult to capture all the layers of a culture, where some aspects are not visible or may not
even be at a conscious level. It is therefore advisable to use several assessment tools to be able
to determine the current maturity of the safety culture of the facility. The assessment tools that
could be used include interviews, focus groups, questionnaires, observations and document
reviews.
6.31. The safety culture characteristics and attributes (see paragraphs 2.9-2.13) should form
the basis for the assessment. Thus, when developing interview questions, items for a
100
questionnaire or issues to discuss in focus groups, these characteristics and attributes should be
covered.
6.32. The assessment should be carried out by a designated team representing the different
levels and functions of the nuclear facility. Included in this team should also be a specialist in
human factors, in order to ensure that appropriate assessment tools are developed and applied,
as well as to carry out the analysis of results (including statistical analysis of questionnaire
results) and their interpretation. The assessment team should receive training in how to
develop the assessment tools and the steps to consider in the assessment process.
6.33.
Focus groups alone may be used to obtain a sample of the facilitys safety culture. The
focus group should discuss the comparison between the safety culture characteristics and
attributes with current practices to identify strengths and areas for improvement. The focus
groups should consist of cross-functional representatives and/or representatives within an
organizational unit. There should, however, be enough focus groups to obtain a realistic
assessment of the whole facility.
6.34.
The assessment team should summarize results and identify areas for improvement
and may suggest actions to be taken. These results should be reported to an appropriate
management level that is responsible for the implementation of improvement actions. A
follow-up assessment should be performed taking into account the time needed for
improvement actions to have had a more profound effect on the safety culture.
MANAGEMENT SYSTEM REVIEW
A management system review shall be conducted at planned intervals to ensure the

continuing suitability and effectiveness of the management system and its ability to enable the
objectives set for the organization to be accomplished.
The review shall cover but shall not be limited to:
Outputs from all forms of assessment;
Results delivered and objectives achieved by the organization and its processes;
Non-conformances and corrective and preventive actions;

101
Lessons learned from other organizations;
Opportunities for improvement.
Weaknesses and obstacles shall be identified, evaluated and remedied in a timely manner.
The review shall identify whether there is a need to make changes to or improvements in
policies, goals, strategies, plans, objectives and processes.
NON-CONFORMANCES, CORRECTIVE AND PREVENTIVE ACTIONS

GS-R-3 [1] states in paras 6.11 to and 6.16 that:
The causes of non-conformances shall be determined and remedial actions shall be taken to
prevent their recurrence.
Products and processes that do not conform to the specified requirements shall be identified,
segregated, controlled, recorded and reported to an appropriate level of management within

the organization. The impact of non-conformances shall be evaluated and non-conforming
products or processes shall be either:
Accepted;
Reworked or corrected within a specified time period; or
Rejected and discarded or destroyed to prevent their inadvertent use.
Concessions granted to allow acceptance of a non-conforming product or process shall be
subject to authorization. When non-conforming products or processes are reworked or
corrected, they shall be subject to inspection to demonstrate their conformity with

requirements or expected results.
Corrective actions for eliminating non-conformances shall be determined and implemented.

Preventive actions to eliminate the causes of potential non-conformances shall be determined
and taken.
The status and effectiveness of all corrective and preventive actions shall be monitored and
reported to management at an appropriate level in the organization.
102
Potential non-conformances that could detract from the organizations performance shall be
identified. This shall be done: by using feedback from other organizations, both internal and
external; through the use of technical advances and research; through the sharing of
knowledge and experience; and through the use of techniques that identify best practices.
Non-conformance control
The generic guidance that has been developed to provide a means of implementing the
requirement for non-conformance control is contained in Ref. [2]; there is no supplementary
guidance.
Corrective actions
The following guidance has been developed to provide a means of implementing the
requirement for corrective action in nuclear facilities. It is supplementary to, and should be
read in conjunction with, the generic guidance contained in Ref. [2].
6.35.
The corrective action process is an important way of improving safety, reliability, and
6.36.
All forms of assessment such as independent assessments, external assessments,
performance, as well as helping to prevent events.
regulatory body assessments and self-assessments, together with operating experience

feedback, are all methods for problem identification and provide an input to the corrective
action system. The system can also be used to track problems identified by any other means.
6.37.
Some nuclear facilities use a single, formal facility-wide corrective action system to
track, select, evaluate, trend, and resolve all issues; other organizations report and track issues
using a variety of tracking systems. These other types of tracking systems are typically
managed at the departmental level and are separate from the facility corrective action process.
Such tracking systems are periodically reviewed to make sure important problems that should
be in the facility corrective action system are not being reported at an inappropriate level.
Ongoing management monitoring helps ensure these tracking systems are used as intended
and do not reduce the effectiveness of the corrective action process.
6.38.
Problems reported in the corrective action programme should be reviewed promptly for
their effect on safety, reliability, operability, and to determine if they have met the threshold
103
for reporting to any regulatory authorities. It is often beneficial to have a defined, consistent
review process that is monitored to ensure consistent results. The possible existence of generic
problems should be considered during the problem review.
6.39.
Problems should be evaluated, based on their significance, to determine the cause(s).
The corrective action system should formally define what is a significant problem and, if
recurrence is unacceptable, where root cause evaluation techniques should be applied.
6.40.
Evaluations of problems of lower significance should focus on correcting the
immediate (or apparent) cause and may not address the root cause. For very simple problems,
the cause may be obvious and more detailed analysis to determine corrective actions is not
necessary. For problems of lower significance, corrective actions may correct the immediate
problem but may not prevent recurrence. If similar problems occur, trending can identify
common problems and trend analysis can identify the root (or common) causes.
6.41.
Individuals or teams of employees should be trained in root cause analysis techniques
to review significant problems using a well defined method to identify root causes,
contributing causes, and corrective actions to prevent recurrence. Any root cause evaluation
should include a review that is broad enough to help ensure that corrective actions prevent
recurrence not only where the problem occurred, but also in other places where it could occur.
6.42.
Contributing causes may not only be errors made by individual employees, but may
6.43.
Employees who identify problems should receive prompt feedback about corrective
include leadership and organizational factors or behaviours.
actions. Informing employees of corrective actions taken or planned helps motivate workers to
continue using the corrective action process. Feedback may be direct or through easy access to
an information management system. Feedback should also be provided if a reported problem

is determined to be invalid or not worthy of additional corrective action.
6.44.
Trending should identify problem categories such as procedural, human performance
and equipment. Trend coding can be used to assist trend analysis provided it is applied
consistently and with the caution that the number of trend codes is limited.
104
6.45.
Consistently trending problems of a given type (such as procedure errors) within the
6.46.
The corrective action process should be periodically reviewed to determine the
entire facility may help identify weaknesses that exist in more than one part of the facility.
effectiveness of process performance compared to management expectations. This review
should include the consideration of any outstanding or unresolved issues, and agreed
corrective actions. This should ensure that priorities are appropriate and underlying issues with
common causes are being addressed.
This page intentionally left blank.
Preventive actions
The following guidance has been developed to provide a means of implementing the
requirement for preventive action in nuclear facilities. It is supplementary to, and should be
read in conjunction with, the generic guidance contained in Ref. [2].
6.47.
Management should periodically analyse available information such as non-
conformance reports, audit reports, maintenance reports, operating logs, significant event
registers and plant safety reviews. This analysis should seek out trends in order to identify
problem areas requiring root cause analysis, to confirm that appropriate actions have been
taken to prevent repetition of the non-conformances and to enhance safety and performance.
6.48.
Information on incidents, events or quality related problems available from other
organizations in the nuclear industries and organizations (operational experience feedback)
should be assessed in order that suitable preventive measures can be developed and
implemented.
6.49.
Implementation of preventive actions may proceed in stages. In such cases each stage
should be clearly defined and should specify the means of verification that assures that the
actions have been effective. Prior to implementation, all proposed actions should have been
agreed, documented and authorized.
Event Reporting
105
6.50.
The criteria for selection of significant events and equipment problems to be reported
to the utility, regulatory bodies and other national and international bodies should be
established.
6.51.
Significant events and equipment problems meeting these criteria or of generic interest
should be reported to offsite organizations in a timely manner

IMPROVEMENT
Opportunities for the improvement of the management system shall be identified and actions
to improve the processes shall be selected, planned and recorded.
Improvement plans shall include plans for the provision of adequate resources. Actions for
improvement shall be monitored through to their completion and the effectiveness of the
improvement shall be checked.
6.52.
Continual improvement of the processes of a facility can lead to enhanced safety
6.53.
To introduce continual process improvement effectively the following basic principles
performance and efficiency benefits such as cost reductions and improved cycle times.
should be established:
Long term commitment and engagement from senior management throughout the
All individuals of the facility using the processes are actively encouraged and
The facility should have implemented a process management approach such as that
The facility should identify the systems and processes that are working well in
Management should use process information as an input to managing the facility;
entire facility;
expected to contribute to continual process improvement;

advocated by this Safety Guide;
order to maintain and extend the good practices and to reinforce correct behaviour;
106
6.54.
The processes should be aligned with the objectives of the facility through the
The information on process performance is used to identify and prioritize the
organizations business plan;
processes that require improvement.
A structured approach for continual improvement should be used that focuses on the
way a facility can improve its processes. It is recognized that there are many different
approaches and methods available in the market place to improve processes.
6.55.
The implementation of process improvement could impact nuclear or conventional
safety. All changes to the plant, the facility and its processes are properly evaluated for impact
on safety, and that implementation is controlled effectively with additional safety measures if
necessary during the period of change.
6.56.
Figure 3 depicts the continual improvement cycle of the management system showing
how it relates to the aspects of measurement, assessment and improvement as well as other
aspects of the management system.
107
Regularly check the

implementation of goals,
strategies, plans and
objectives
REVIEW & REVISE

GOALS,
STRATEGIES,
PLANS &
OBJECTIVES
MANAGEMENT
DECIDE WHICH
OPTIONS TO
IMPLEMENT
In order to make their
decision management
must have a clear
understanding of
priorities, cost/benefits,
resources, and their
impact on goals,
strategies, plans and
objectives
ESTABLISH
GOALS,
STRATEGIES
PLANS &
OBJECTIVES
IMPLEMENT
IMPROVEMENT
CONDUCT:
INDEPENDENT
ASSESSMENT
SELF
ASSESSMENT
NONCONFORMANCE,
CORRECTIVE/
PREVENTIVE
ACTION
MONITORING &
MEASUREMENT
OF THE
PROCESSES
MANAGEMENT
SYSTEM REVIEW
IMPROVEMENT
OPTIONS
No
SUGGESTED
IMPROVEMENTS
FROM OTHER
SOURCES
Does option impact

goals, strategies, plans
& objectives?
Yes
FIG. 3: Continual improvement cycle
The shaded boxes depict requirements of the management system. The start box is the
establish goals, strategies plans and objectives box.
108
APPENDIX I METHODOLOGY FOR GRADING THE APPLICATION OF

MANAGEMENT SYSTEM REQUIREMENTS
Step 2 Determine significance

Could an ill-conceived or
inadequately executed activity or
failure of the item lead
DIRECTLY to:
Step 1
Plant
Class
The initiation of an event beyond design basis accident?
An uncontrolled radioactivity release to the

environment?
No
Consider raising the grade if:
A major risk of radiological/consequential hazard?
A higher risk of serious injury for the worker/ people?
Yes
The functionality of the component/system affected?

A major loss of power generation?
If the item or activity has a

poor quality history.
No
A failure of a system performing control functions for radiation

protection?
A low risk of serious injury for the worker /people

A minor risk of radiological hazards?
Plant integrity being affected?
Minor loss of generation?
No
There is a need for special

controls, inspection, processes,
methods or equipment.
The item or activity is complex,
unique or novel
Does the system/component have seismic relevance?
Step 4
Assign
Grade
Alpha or
numeric
Step 3 Consider
Other Factors
Yes
If the item is not accessible

during normal operations.
It is difficult to prove
functionality/reliability or
perform inspection & test after
installation
Noncompliance with the

environmental control
requirements could occur
Yes
No
Yes
No
Yes
No
NOTE: The organization should quantify and define the terms (major, minor, low etc.) used
in step 2 of their grading methodology based on the risks and hazards and the magnitude of
the potential impact (risks) associated with the safety, health, environmental, security,
quality and economic elements of each product or activity
109
APPENDIX II: MANAGEMENT SYSTEM FOR THE RESEARCH AND

DEVELOPMENT STAGE OF A NUCLEAR FACILITY14
II.1.
The purpose of this appendix is to provide supplementary guidance to the main body of
this publication that is specific to this stage in the lifetime of the nuclear facility. For the
research and development stage the facility should develop and implement a management
system that:
II.2.
Follows the requirements of Ref. [1];
Takes into account the generic guidance contained in Ref. [2];
Takes into account the guidance contained within the main body of this
Takes into account the following stage related guidance.
publication;
Research and development (R&D) activities should be performed in a manner that
provides assurance that safety requirements are adequately addressed. This should be
accomplished by conducting the R&D activities under effective management system

requirements.
II.3.
The starting point of an R&D project might be a hypothesis to be tested, a problem to
be solved, or the performance of an item to be improved, and there may be many possible
solutions and technologies that could be used.
II.4.
R&D organizations should consider applying the guidance given in Appendices III to
VIII to their facilities (for example for research reactors).

MANAGEMENT SYSTEM
II.5.
For success in the R&D activities, the involved managers at all levels:
Should cultivate and sustain an environment that encourages and encourages

creativity, intellectual stimulation, innovation and collaboration;
The guidance provided in this appendix for the R&D stage could also be used for any R&D activities carried
out during any of the later nuclear facility lifecycle stages.
14
110
II.6.
Should demand good work practices as the only acceptable way of performing and
Should avoid overloading researchers with administrative tasks by providing
Should ensure that intellectual property rights are preserved and protected.
supporting R&D;
adequate administrative support;
Management of the R&D activities should ensure that roles, responsibilities,
authorities and interfaces are clearly defined and understood, particularly between the
functions of: (1) managing the resources necessary to support research work; (2) performing
the research; and (3) carrying out assessments over the course of the R&D project. These
relationships can be complex because some researchers may also have individual functions
that are carried out at different times. In every case, however, the functions of performing the
research and carrying out assessment should be organized so that they are clearly independent.
II.7.
The management system requirements can be implemented for R&D activities
II.8.
Some researchers may be working at universities or at other institutions that are
important to safety by developing a plan for each R&D project (R&D plan).
sharing an interest in the R&D project. In these cases, agreed methods of collaboration should
be adopted.
II.9.
Management should assign a principal investigator/researcher to be responsible for
developing an R&D plan and for performing and/or supervising the work defined in the plan.
The principal investigator/researcher may subsequently assign some or all of the work to other
researchers, engineers or technicians. When work is assigned, a description of the roles,

responsibilities and authorities for the work should be described in the R&D plan.
II.10. The management of the organization responsible for the R&D activities should ensure
that the roles, responsibilities and authorities for reviewing and approving R&D plans are
defined. Reviewers should consider, for example, the technical direction of the work, user
requirements, assumptions, resources and schedule implications.
II.11. Senior management of the organization responsible for the R&D activities should
review the possible alternatives and document its decisions, justifying its choice of a specific
111
direction and the rationale for eliminating alternatives.

II.12. Prior to the application of the results of any R&D activities, the facility/licensee should
ensure that the work results have been properly validated, the safety implications assessed, and
approval obtained, if appropriate, from the regulatory body
II.13. Interfaces should be described in the R&D plan and arrangements between the
organizations performing work should be agreed to. For example, the following interfaces
should be addressed:
Organizational interfaces at the start of the R&D activities;
Interfaces between internal and external organizations during the R&D activities;
Interfaces with similar R&D activities;
Interfaces at the end of the R&D activities, such as those related to the use and
application of the results.
GRADING
II.14. When developing the structured approach to the grading of the management system
requirements, the following could be considered:
The intended end use of the knowledge, data, technological process or

technological product that will result from the R&D activities, particularly in terms
of its impact on nuclear safety;
The amount and nature of the materials to be used and the degree to which the
The ability to demonstrate, test or repeat the results;
The scale and technical complexity of the activity and the facilities to be used;
Whether a new concept, a proven concept, or an extension to a new application is
The managerial complexity of the activity, i.e. the involvement of multiple
work poses risks or hazards to individuals, the public and the environment;
involved;
customers and multiple external or internal organizations with different objectives

and responsibilities;
112
The impact that missed milestones or delayed milestones will have on the
schedule, the ease or difficulty of schedule recovery, the loss of key individuals
and delays in recruiting new individuals and in receiving critical equipment or
making it functional;
The extent to which other work depends on the results of the R&D activities;
The expectations or desired performance of the results.
RECORDS
II.15. Management of the R&D activities should establish requirements for ensuring that all
appropriate aspects of R&D activities are adequately documented and recorded. This includes
work from the initial conception and design of the R&D plan through to the conduct and
analysis of the research results.
II.16. Laboratory and work notebooks and other recording methods should be used.
II.17. Entries in laboratory notebooks should be traceable to the work performed and
developed to an adequate level of detail, and should be legible, complete and correct.
II.18. All appropriate laboratory notebooks, other records and the data from the R&D
activities should be retrievable and protected from loss or damage

TRAINING AND QUALIFICATION
II.19. Training should be provided commensurate with the hazards associated with the work
being performed and with its nuclear safety importance. The principal investigator/researcher
performing or assessing R&D activities for a nuclear facility should have a basic knowledge of
nuclear safety.
PROCESS IMPLEMENTATION
II.20. Processes to be implemented during research will be dependent on the type and nature
of the research activity. The following guidance should be used as a appropriate
113
PLANNING AND PREPARATION FOR RESEARCH AND DEVELOPMENT

II.21. The principal investigator/researcher should prepare an R&D plan that includes a
written description of the proposed R&D activities. The plan should describe the content and
extent of the R&D activities to be performed and possible results, hypotheses and calculated
predictions. The detail contained in the plan should be only as complex as the R&D project
demands and should ensure that a qualified peer can replicate the work.
II.22. The R&D plan should incorporate user requirements and expectations, and should
reference applicable technical standards. It should also describe or refer to the environment,
safety, health and regulatory requirements that apply, how they will be handled, and how
funding and other resources will be made available for clean-up at the end of the project. The
plan should include the expected or intended influence of the results on nuclear safety.
II.23. The R&D plan should describe the purpose of the work. It should also identify criteria
that can be used to assess success or failure of the work and to indicate when it is completed.
Hold points at which management (and/or peers) can review and consider these criteria should
be included.
II.24. The R&D plan should provide a brief historical overview of the work. This should
include references to publications that describe previous experiments, theories, feedback from
the users of the products of previous R&D activities or technological developments that have
led to the work described in the R&D plan.
II.25. The R&D plan should contain a description of the basic conditions and of the relevant
components of the experimental equipment/apparatus and their configuration. A description of

any unusual or potentially problematic techniques, special tools and experimental methods that
will be employed in the performance of the work and the way in which these will be handled
should also be included.
II.26. The R&D plan should describe how support and technical individuals having the
necessary education, experience and skills would be assigned to perform the work.
II.27. The principal investigator/researcher should ensure that the R&D plan is reviewed and
approved. The R&D plan should describe dependencies or relationships with other projects or
114
areas of R&D. If similar work is to be performed elsewhere, this should be stated together
with a brief explanation of how the work could be coordinated.
II.28. The R&D plan should identify the proposed duration (term) of the work and how
resources will be planned and allocated. Considerations are, for example, individuals, graduate
students, post-doctoral fellows, budgets and equipment.
II.29. The R&D plan should describe milestones and deliverables for the work, including, for
example, the construction of items, scheduled evaluations and assessments, the development
of technological processes or products, and the presentation of interim and final research
results.
II.30. The R&D plan should describe the facility and equipment requirements for carrying
out the work and should include:
An explanation of how the facilities will be used, the required location and gross
A statement of whether or not major modifications to existing facilities will be
A statement of whether outdoor work is required and, if so, its location and
A description of the means of collecting and processing samples; if published
Identification of equipment and materials already in place to perform the work,
Preparation of commissioning procedures for new equipment.
floor area, and a brief description of the probable impact on the facilitys services;
needed in order to perform the work;
environmental impact;
techniques are to be used, they should be referenced;
and details of new equipment and materials that will have to be procured;
II.31. Sound engineering and scientific practices should be applied to the design and
construction of the equipment/apparatus described in the R&D plan. The design and
configuration of the equipment/apparatus should be documented. For further guidance on
design see Ref. [2] and Ref. [19].
II.32. Sound engineering and scientific practices should be applied to the design and
application of supporting computer software. The design assumptions, range of applicability
115
and users instructions should be documented. Performance criteria for software validation
should be defined to ensure that the R&D goals are achieved.
CONDUCTING RESEARCH AND DEVELOPMENT
II.33. All work performed as a part of the R&D plan should follow sound engineering and
scientific principles in order to ensure that goals are achieved.
II.34. The principal investigator/researcher should ensure that relevant documentation is

available in a language appropriate to the users.
II.35. The items associated with the R&D plan should be properly stored and shelf-life
limitations should be observed.
II.36. During the commissioning of equipment, apparatus or prototypes, the calibration and
performance requirements of testing, measurement and diagnostic equipment and apparatus
should be defined to a level of detail that ensures that the R&D goals are achieved. Calibration
and performance requirements for testing, measurement and diagnostic equipment and
apparatus should be maintained throughout the data gathering activities.
II.37. In the operation stage and data gathering stage, the principal investigators/researchers
should ensure that the systems and subsystems of the experimental equipment and apparatus
are functioning as intended. This includes, for example:
Visually or computationally monitoring the apparatus to ensure systems are
operating properly, for example checking power supplies and devices that use
gases and fluids, and are correctly calibrated;
Ensuring that the proper materials and chemicals are being used;
Monitoring performance against safety requirements;
Monitoring data rates to ensure they are appropriate;
Ensuring that the data that will enable the researcher to achieve the research
objectives are being recorded.
116
II.38. Individuals performing the R&D and support work should evaluate their own
performance and should look for ways to improve the quality of their work.
DATA ANALYSIS AND REPORTING
II.39. When analysing data for acceptability, researchers should define:
The assumptions and the methods used;
The results obtained and how the results have been used, so that competent experts
can evaluate how the data were interpreted;
The methods used to identify and minimize measurement uncertainty;
The analytical models used;
Whether the R&D results have been documented adequately and can be validated.
II.40. The final reports should describe, for example:
The results obtained, and their range of application and validation;
The relationship of the results to previous publications, experiments, theories or
A description of the apparatus and the operations and data gathering activities;
A description of significant problems that occurred during the operations/data
A description of data analysis issues;
A summary of the work performed, including conclusions, recommendations and a
technological developments;
gathering activities;
description of any possible impacts on safety objectives.
II.41. Management of the R&D activities should review and approve the final research
report.
II.42. Deviations from expectations prescribed in the R&D plan should be recorded and
analysed to determine if they are true non-conformances, or if they are improvements, which
actually benefit the R&D project. For further guidance on non-conformance control and
corrective actions see Ref. [2].
117
APPENDIX III: MANAGEMENT SYSTEM FOR THE SITING STAGE OF A

NUCLEAR FACILITY
III.1.
this document that is specific to this stage in the lifetime of the nuclear facility. For the siting
stage, the facility should develop and implement a management system that:
Addresses the requirements of Ref. [17],
Takes into account the relevant activities described in the series of IAEA safety
publication;
guides when developing the processes and organizational structure Ref. [18].
These safety guides extensively describe the activities that need to be described in
the management system processes during the siting stage.
III.2.
When developing the structured approach to the grading of the management system
The intended end use of the knowledge and data that result from siting activities,
The ability to demonstrate, test or repeat results;
The scale and technical complexity of the siting activity, whether it is a new or
particularly in terms of their effect on nuclear safety;
proven concept or model that is being applied, or an extension of a new

application;
The managerial complexity of the activity, the involvement and co-ordination of
multiple disciplines, work units or internal and external organizations, with

divided or contingent objectives and responsibilities;
The extent to which other siting work, or later work, depends on the results of the
siting activities;
The expectations or desired use or application of the results.
118
APPENDIX IV: MANAGEMENT SYSTEM FOR THE DESIGN STAGE OF A

NUCLEAR FACILITY
IV.1. The purpose of this appendix is to provide supplementary guidance to the main body of
this document that is specific to this stage in the lifetime of the nuclear facility. For the design
stage the facility should develop and implement a management system that:
publication;
guides Ref. [20] when developing the processes and organizational structure.
the management system processes during the design stage.
IV.2. When developing the structured approach to the grading of the management system
The level and detail of analysis of design;
The need for and level of design review and approval;
The degree of verification of design;
The controls applied to design change;
The detail of design records and their retention times;
The need for alternative calculations to be carried out;
The need to qualify or test the design output;
The need for qualification tests for design.
119
APPENDIX V: MANAGEMENT SYSTEM FOR THE CONSTRUCTION STAGE OF A

NUCLEAR FACILITY
V.1.
this document that is specific to this stage in the lifetime of the nuclear facility. For the
construction stage the facility should develop and implement a management system that:
V.2.
Takes into account the following stage related guidance.
publication;
The facility should develop and implement a management system that describes the
overall arrangements for the management, performance and assessment of the nuclear facility
during construction.
V.3.
The facility should formally appoint an individual to be responsible for construction
V.4.
The appointed individual should have the necessary resources within the construction
activities.15
organization to discharge the following responsibilities:
Ensuring that construction and facility work is carried out in accordance with
design specifications, drawings, procedures and instructions, including the

implementation of specified requirements;
Ensuring that construction and facility work undertaken, including work by

contractors, is coordinated, conducted and completed in accordance with planned
programmes of work;
V.5.
15
Controlling access to the construction site.
Interface arrangements should be agreed between the construction organization,
This may be the head of the construction organization.
120
suppliers and other organizational units performing the work. They should be defined in
writing and should be included in procurement documents. Interfaces that should be addressed
are, for example:
Construction organization with suppliers;
Construction organization with operation individuals, or organization;
Suppliers with sub-suppliers;
Construction organization with the principal designer;
Construction organization with siting organization;
Construction organization with the owner (if the construction organization is not
Construction organization with commissioning organization (usually interfaces are
part of the responsible organization/owner);
organized at the level of the organization rather than the individual, even though
individuals perform the activities at the interface);
Construction organization with operation organization. This type of interface
occurs where construction activities may interfere with operations of facilities on
the same site. In particular it is relevant for interconnection to common systems

such as emergency water supply;
Construction organization with the regulatory body.
GRADING
V.6.
When developing the structured approach to the grading of the management system
Qualification of special construction processes such as non-destructive testing and
Detail and need for inspection and test plans;
Level of traceability;
Level of in-process controls and need for hold or witness points;
Purchasing.
qualification of the individuals to carry them out;
121
PROCESS IMPLEMENTATION
V.7.
The processes for the construction stage should be identified by examination of the
specifications for structure, system and component design, procurement documents and
drawings, and construction work plans and schedules.
V.8.
This examination should ensure that all activities necessary for site fabrication,
installation, and inspection and testing have been identified, and that they can be accomplished
as specified.
V.9.
The construction organization should confirm the adequacy of construction methods
with reference to the principal designer where necessary.
V.10. The principal activities of the individuals in the construction organization should
include as a minimum:
Controlling and supervising of suppliers;
Ensuring that suppliers are established on the site in a controlled manner in
allocated areas and are provided, where appropriate, with the necessary site
services, information and instructions regarding the applicable industrial safety
requirements;
Preparing safe working procedures, including industrial safety procedures, for
issue to both the individuals of the construction organization and the supplier, and
establishing that the suppliers site industrial safety arrangements recognize the
applicable documents;
Monitoring the industrial safety policies and activities of all individuals on the
construction site in order to ensure compliance with statutory and regulatory
requirements;
Planning and monitoring the progression of work in order to achieve the
construction programme, including, where appropriate, coordinating the activities

of multidisciplinary suppliers responsible for discrete technical areas;
Ensuring that supplier work is carried out in accordance with procedures,
specifications and drawings, that quality requirements are defined and
122
implemented and that facility checks are appropriate and in accordance with
inspection and test plans and associated surveillance schedules;
Carrying out maintenance for equipment that could deteriorate during
construction, such as dehumidification of electrical equipment and preservation of

critical surfaces that could rust;
Carrying out inaugural inspection for the system or components which will be later
Carrying out adequate housekeeping activities to protect open equipment from
Arranging the controlled handover of completed work from one supplier to another
Obtaining baseline data for in-service inspection;
Ensuring that relevant regulatory requirements are incorporated in work related
subject of In-Service Inspection (ISI);

foreign materials or contaminants.
or to the construction organization;
documents.
HANDOVER AND TRANSFER OF RESPONSIBILITIES

V.11. Provisions should be made by the construction organization to control and coordinate
the handover of completed works from one supplier to another and to those responsible for
commissioning of the nuclear facility in order to maintain the integrity of the completed
works. These provisions should include the following steps:
(1)
An orderly transfer of the responsibilities from the construction organization to the
commissioning organization for components, systems, structures and their related records
should be planned and implemented.
(2)
Documentation related to the transferred items should be reviewed by the construction
organization for completeness and accuracy. Any non-conformance or incomplete items

should be identified and resolved, and it should be ensured that the status of such items is clear
and does not have the potential to impact on safety during commissioning activities.
(3)
When the construction and commissioning organizations are satisfied that the transfer
can be accomplished, a joint check should be carried out of the transferred items and the
associated documents. Both parties should sign formally to indicate transfer of responsibilities.
123
PLANNING CONSTRUCTION ACTIVITIES

V.12. Construction activities should be planned. Computer aided planning is desirable. The
plan should define:
The activities to be performed in manageable units;
The planned sequential order and duration of these activities;
The resource allocation for each activity.
V.13. Whereas the construction organization should retain responsibility for coordinating and
planning the overall construction of the nuclear facility, suppliers should be responsible for
producing detailed plans of the work that they will be carrying out and for obtaining the
construction organizations approval of these plans where necessary.
V.14. Planning should take into account requirements for site fabrication, installation,
inspection and testing of structures, systems and components important to safety, such as:
The need for the identification, preparation and control of procedures and work
instructions;
The need for special equipment or materials;
The need for competent individuals;
Inspection or regulatory body hold points;
The need for environmental considerations;
The need for records to be validated at the end of construction that will be
transferred to the commissioning or operation organization to be maintained for
the lifetime of the facility.
START UP MEETING
V.15. Following the award of a construction or facility contract, a start up meeting should be
convened between the supplier and the construction organization to establish that the supplier
is fully aware of the construction organizations requirements on, for example:
Interface arrangements;
Methods of communication;
124
Documents and information to be submitted;
Housekeeping;
Site security;
Site training;
Industrial safety (especially in the use of non-destructive testing and construction
activities)
The management system;
Control of sub-suppliers.
The meeting should also finalize the arrangements for satisfying these requirements.
CONTROL OF DESIGN INFORMATION
V.16. Lines of communication and arrangements for the issue of design information among
involved organizations should be established. Prior to issue, the construction organization

should ensure that the information being issued reflects the current site conditions. Particular
attention should be paid to design information required at an off-site fabrication facility.
V.17. A process should be established to address queries from the supplier with respect to the
design information issued. Where the query may have an impact on nuclear safety during
operation, it should be addressed to the principal designer for a response.
V.18. Field changes that may arise during the construction activities and have impact on the
design information (for example drawings, specifications, instructions) should be reviewed,
actioned, approved and validated by the owners representatives and/or designer. Original
design documentation should be updated for design corrections or clarifications. A completed
set of as constructed drawings, which includes accepted deviations from the baseline design,
should be provided at the end of the construction phase. This set of drawings should be part of
the handover package.
CLEANLINESS DURING CONSTRUCTION

V.19. A process should be developed and implemented to ensure that structures, systems and
components are built clean in accordance with the specified cleanliness requirements. This
125
includes controls necessary to protect sensitive mechanical, electrical and control equipment
against internal and external contamination from dirt, dust and foreign material. Particular
attention should be paid to exclude foreign material from piping systems by control of
openings during installation.
V.20. Flushing of piping systems should be conducted to confirm that system cleanliness
meets the cleanliness requirement before a system is placed in service.
V.21. When procuring items for the facility, cleanliness requirements should form part of the
procurement documentation so that these items arrive on the site at an acceptable standard.
V.22. To preserve the requisite quality of the items being constructed or installed, measures
for performing housekeeping, cleaning and preservation should be established. These should
include:
Methods and techniques for control of the site area, individual structures and
systems, the facilities, and the material and equipment being incorporated into the
nuclear facility;
Methods for control of environmental conditions and individuals access. Where

clean zones are used to achieve this control, they should be clearly marked, and
procedures or instructions should be issued to regulate their usage and

maintenance.
CONTROL OF ITEMS
V.23. Items should be controlled from receipt through storage, handling and use, to prevent
their abuse, misuse, damage, deterioration or loss of identification. Where possible, items
arriving at the construction site should be visually inspected before unloading to verify that
there is no damage.
V.24. After receiving items, inspection should be carried out to ensure that the applicable
specifications are fulfilled, such as that:
The item is configured correctly;
Identification and marking is adequate;

126
Manufacturing documentation is available as required;
Protective covers and seals are intact;
Coatings and preservatives have not been damaged;
No physical damage has occurred;
Cleanliness is of the correct standard;
Inert gas blankets and the condition of desiccants, where relevant, have not been
Necessary tests of hardware characteristics have been performed.
compromised;
STORAGE
V.25. Storage should be provided as specified to segregate and protect items prior to their
facility and use. The methods and conditions of storage to prevent corrosion, contamination,
deterioration and physical damage should be specified.
V.26. Storage areas should be established and controlled, taking account of aspects such as:
Access;
Cleanliness and housekeeping practices;
Fire protection requirements;
Identification and marking of items;
Protective requirements relating to coatings, preservatives, covers and sleeves;
Prevention of physical damage;
Removal from and return to storage;
Environmental control (such as temperature and humidity);
Preventive maintenance;
Security;
Items which have a limited shelf or service life;
Physical and chemical characteristics of items;
Safety grades.
127
V.27. Inspections should be performed as necessary to ensure that the specified conditions
are maintained and any non-conformances are handled. These inspections may need to
continue during the commissioning and operation stages. Handover arrangements should be
established.
HANDLING
V.28. All items should be properly handled, with account taken of aspects such as:
Weight;
Size;
Susceptibility to shock damage;
Surface finish;
Prescribed handling points;
Orientation;
Handling equipment and any tests required for it;
Vulnerability to degradation by static discharge;
Preservation of coatings;
Maintenance of environmental conditions.
V.29. The use of items such as special cartons, containers, protective devices, hoists,
manipulators and transport vehicles should be considered where handling operations are of a
nature likely to cause damage. Operators and handlers of all such items should be competent.
Equipment for handling items should be used and maintained in accordance with State
regulations and standards.
V.30. Items that the construction organization have procured for issue to the contractor
should be stored and maintained in such a way as to ensure that there is no deterioration of the
item and that it can fulfil its design function. Where appropriate, records for the item should be
transferred from the contractor in the handover package.
VERIFICATION OF CONSTRUCTION WORK
128
V.31. The construction organization should establish verification methods and schedules that
identify the level of inspection and verification required.
V.32. Before offering an item or service for acceptance, the supplier should verify that all
defined procurement requirements have been satisfied. Acceptance by the purchaser should
not absolve the supplier from responsibility to provide products fit for purpose nor should it
preclude subsequent rejection.
V.33. Construction activities carried out by contractors and suppliers should be performed
based on inspection and test plans, which should be submitted for approval by the facility. As
appropriate, depending upon work complexity and safety importance of the system, hold
points and witness points should be established within the inspection and test plan by the
facility in order to assess and accept the addressed activities. A plan should be prepared by the
facility in order to ensure that all design and regulatory requirements are achieved during
construction activities.
V.34. The process should include arrangements to confirm that construction and installation
activities are complete. This should be formally documented by the use of a check sheet or
similar that records the checks to be carried out to confirm that structures, systems and
components have been constructed and installed to the specified requirements.
V.35. A typical check sheet includes:
Identification of the structure, system or component;
Description of the checks to be carried out or how results will be verified;
The date and time of the check;
Any special tools or calibrated equipment used;
A list of deficiencies and outstanding items or work;
Confirmation that specified documentation and records is available and complete;
Confirmation by all parties that the check has been carried out.
129
APPENDIX VI: MANAGEMENT SYSTEM FOR THE COMMISSIONING STAGE OF

A NUCLEAR FACILITY
VI.1. The purpose of this appendix is to provide supplementary guidance to the main body of
this document that is specific to this stage of the lifetime of the nuclear facility. For the
commissioning stage the facility should develop and implement a management system that:
Takes into account the relevant activities described in the IAEA safety guide Ref
publication;
[21] when developing the processes and organizational structure for the
commissioning stage.
V1.2. When developing the structured approach to the grading of the management system
Detail and need for inspection and test plans;
Level of traceability;
Level of in-process controls and need for hold points or witness points;
Qualification of the commissioning processes and procedures and individuals to
Details of all commissioning phases, with related tests and milestones well
The compilation of the as-found test procedures with all related documentation to
The handover requirements of the commissioned systems to the operations
The involvement of the operations personnel during the commissioning phases of
The final acceptance test of the facility.
carry them out;

defined;
form the turnover package to the operations department;

personnel;
the commissioning;
130
APPENDIX VII: MANAGEMENT SYSTEM FOR THE OPERATION STAGE OF A

NUCLEAR FACILITY
VII.1. The purpose of this appendix is to provide supplementary guidance to the main body of
operation stage the facility should develop and implement a management system that:
publication;
guides Ref. [22] when developing the processes and organizational structure.
the management system processes during the operation stage. In particular the
guidance described in Ref. [26] should be considered.
VII.2. When developing the structured approach to the grading of the management system
Level and detail of operating instructions;
Types of installed equipment requiring calibration;
Reporting level and authorities of non-conformances and corrective actions;
Need for formal shift operating logs;
Testing, surveillance and inspection activities;
Equipment to be included in plant status control;
Controls applied to the storage and records of spare parts;
Need to analyse plant history for items;
Need to carry out condition monitoring;
Need to carry out comprehensive and periodic self-assessments;
Need to carry out operating experience feedback, both internal and external.
131
APPENDIX VIII: MANAGEMENT SYSTEM FOR THE DECOMMISSIONING

STAGE OF A NUCLEAR FACILITY
VIII.1. The purpose of this appendix is to provide supplementary guidance to the main body of
decommissioning stage the facility should develop and implement a management system that:
Addresses the requirements of Ref. [4];
publication;
guides Ref. [23,24,25] and the requirements publication Ref. [29] when
developing the processes and organizational structure during the decommissioning
stage. These publications extensively describe the activities that need to be

described in the management system processes during the decommissioning stage.
V111.2.
When developing the structured approach to the grading of the management
system requirements, the following should be considered:
The need for and detail of decommissioning documents;
Management of decommissioning waste;
The review and approval of decommissioning documents;
The type and detail of training of individuals carrying out decommissioning
The controls applied to dismantling the plant, removing equipment and demolition.
activities;
132
REFERENCES
[1]
The Management System for Facilities and Activities, GS-R-3.
[3]
NS-G-2.7 Radiation protection and radioactive waste management in the operation of
[2]
Application of Management system for facilities and activities, GS-G-3.1

nuclear power plants
[4]
WS-R-2 Predisposal management of radioactive waste, including decommissioning
[6]
WS-G-2.6 Predisposal management of high-level radioactive waste
[5]
[7]
WS-G-2.5 Predisposal management of low and intermediate level radioactive waste

WS-G-2.7 Management of Waste from the Use of Radioactive Materials in Medicine,
Industry, Research, Agriculture and Education Safety Guide
[8]
TS-R-1 Regulations for the Safe Transport of Radioactive Material, 2005 Edition
[9]
NS-G-2.6 Maintenance, surveillance and in-service inspection in nuclear power
[10]
NS-G-2.4 The operating organization for nuclear power plants
Safety Requirements
plants
[11]
NS-G-2.3 Modifications to nuclear power plants
[13]
NS-G-1.7 Protection against internal fires and explosions in the design of nuclear
[12]
NS-R-2 Safety of Nuclear Power Plants; Operation

power plants
[14]
NS-G-2.1 Fire safety in operation of nuclear power plants
[16]
DS105 Arrangements for Preparedness for a Nuclear or Radiological Emergency
[15]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
NS-G-1.1 Software for computer based systems important to safety

NS-R-3 Site evaluation for nuclear installations
NS-G-3.1 to NS-G-3.6 (inclusive) Safety Guides in Site Evaluation

NS-R-1 Safety of Nuclear Power Plants: Design
NS-G-1 to NS-G-1.13 (inclusive) Safety Guides in Design

NS-G-2.9. Commissioning for nuclear power plants
NS-G-2.1 to NS-G-2.10 (inclusive) Safety Guides in Operation
WS-G-2.1 Decommissioning of nuclear power plants and research reactors

WS-G-2.4 Decommissioning of nuclear fuel cycle facilities
WS-G-2.2 Decommissioning of medical, industrial and research facilities

DS347 (NS-G-2.12?) Conduct of Operations at Nuclear Power Plants
INSAG 13 Management of Operational Safety in Nuclear Power Plants

133
[28]
INSAG15 Key practical issues in strengthening safety culture
[30]
NS-G-1.1, Software for Computer Based Systems Important to Safety in Nuclear
[29]
DS333 Decommissioning of nuclear facilities (currently in draft)

Power Plants', Safety Guide, IAEA, 2002
[31]
NS-R-4 Safety of Research Reactors
[33]
GS-G-1.4, Documentation for Use in Regulating Nuclear Facilities
[32]
INSAG-18, Managing change in the nuclear industry: the effects on safety
134
ANNEX I EXAMPLE OF THE CONTENTS OF A BUSINESS PLAN

This annex presents a sample of the typical content found in business plans. It should be noted
that there are many ways of presenting and structuring this information; the annex does not
suggest any preferred method.
The business plan sometimes carries a pictorial representation of the objectives of the facility
such as
Figure 4 Sample logo for a business plan

Executive message
A-1.
This section of the plan is normally written by the most senior manager in the facility
and conveys their personal support and endorsement of the business plan. It also spells out the
role of all individuals to assist in the delivery of the plan. For example:
This Business Plan lays out the measurable and achievable goals for the facility that will
move us forward toward our vision of top decile performance and continue our commitment to
provide safe, reliable energy for our customers. It will help keep us focused on our goals.
We will continue to operate using our balanced focus on Safety, Operations, Cost and People
and take the best practices of our fleet peers to develop successful strategies towards
excellence.
I encourage every employee to become familiar with the strategies embodied in this business
plan and to consider your role in making our facility a top decile performer.
Key Dates
A-2.
This section identifies any key milestones or dates for the facility such as planned
outages, IAEA OSART missions and key business planning review dates.
Table of contents
135
A-3.
and
This is a standard table of contents that indexes the goals of Safety, Operations, Cost
People
and
departments/sections.
their
associated
objectives
and
targets
and
the
responsible
Business planning process
This section contains a description of the business planning process.

A-4.
The business planning process provides a forum to manage priorities for the facility,
including the inclusion of new work and exclusion of lower priority activities, on an on-going
basis. As actions are completed an opportunity is afforded to include new high priority
actions.
A-5.
The business plan will be actively managed on an on-going basis taking corrective
action when required:
Vision/mission/values
A-6.
This section outlines the vision/mission and values that have been developed by the
senior management of the facility.

Objectives and targets
A-7.
In this example of a business plan the four balanced scorecard goals of Safety,
Operations, Cost and People are used. Facilities should determine their own set of balanced
scorecard goals.
A-8.
This section outlines the sub-headings for each goal of the business plan and their
related objectives and targets. Each sub-heading has a series of specific implementing actions,
the responsible persons and due dates for the detailed actions necessary to deliver the business
plan. There could be as many as 20 actions assigned to different parts of the organization
under each sub-heading. The following list is provided as an example only. It uses the four
goals of the balanced scorecard example as the main headings:
Safety:
Industrial Safety
Radiological Safety
Nuclear Safety
Public Safety and Confidence
136
Operations
Backlog Reduction
Material Condition
Engineering Excellence
Operational Focus
Maintenance
Configuration Management
Corrective Action/Self-Assessment
Capital Improvement Plan
Unit 1 Stabilization
Cost
Standards
Improved Cost Efficiency
Asset Management
People
Accountability
Morale
Worker Productivity
Human Performance
Entergy Continuous Improvement
Site Master Plan
Employee Development
Training
Corporate risk assessment

A-9.
This section defines those risks that, if left uncontrolled, would have the highest
likelihood of and impact on preventing the facility from meeting its goals. Each risk is aligned
to a goal.
Financial / budget summary
A-10. This section outlines the costs for the forthcoming year and their projection for future
years. It includes manpower numbers and operations and maintenance budgets. The large
137
capital expenditure projects that have been approved are also included. This section is often
distributed on a restricted basis or published separately.
Performance measures
A-11. This section defines the performance measures that have been identified based on the
goals and objectives for the organization. For each fiscal year the performance measures will
be implemented as part of on-going business plan management. Corrective actions based on
the trending of performance measure results will be identified.
138
GLOSSARY
independent assessment. Assessments such as audits or surveillances carried out to determine
the extent to which the requirements for the management system are fulfilled, to evaluate
the effectiveness of the management system and to identify opportunities for

improvement. They can be conducted by or on behalf of the organization itself for
internal purposes, by interested parties such as customers and regulators (or by other
persons on their behalf), or by external independent organizations.
management system. A set of interrelated or interacting elements (system) that establishes

policies and objectives and which enables those objectives to be achieved in a safe,
efficient and effective way.
The management system integrates all components of an organization into one coherent
system to enable the achievement of all of the organizations objectives. These elements
include the structure, resources and processes. Personnel, equipment and organizational
culture as well as the documented policies and processes are parts of the management
system. The organizations processes have to address the totality of the requirements on
the organization as established in, for example, IAEA safety standards and other
international codes and standards.
management system review. A regular and systematic evaluation by senior management of
an organization of the suitability, adequacy, effectiveness and efficiency of its

management system in executing the policies and achieving the goals and objectives of
the organization.
operator. Any organization or person applying for authorization or authorized and/or

responsible for nuclear, radiation, radioactive waste or transport safety when undertaking
activities or in relation to any facilities or sources of ionizing radiation. This includes,

inter alia, private individuals, governmental bodies, consignors or carriers, licensees,
hospitals, self-employed persons, etc.
regulatory body. An authority or a system of authorities designated by the government of a

State as having legal authority for conducting the regulatory process, including issuing
139
authorizations and thereby regulating nuclear, radiation, radioactive waste and transport
safety. The national competent authority for the regulation of radioactive material
transport safety is included in this description, as is the Regulatory Authority for

radiation processes and safety.
(nuclear) safety. The achievement of proper operating conditions, prevention of accidents or

mitigation of accident consequences, resulting in protection of workers, the public and
the environment from undue radiation hazards.
safety culture. The assembly of characteristics and attitudes in organizations and individuals,
which establishes that, as an overriding priority, protection and safety issues receive the
attention warranted by their significance.
self-assessment. A routine and continuing process conducted by senior management and

management at all other levels to evaluate the effectiveness of performance in all areas of
their responsibility.
140
CONTRIBUTORS TO DRAFTING AND REVIEW

ALIKHAN, S.
Alikhan Consulting Inc., Canada
DAHLGREN-PERSSON, K.
DIAZ-FRANCISCO, J.M.
Eletronuclear, Brazil
DUA, S.S.
Atomic Energy of Canada Ltd, Canada
DURHAM, L.
FLORESCU, N.
CNE-PROD Cernavoda, Romania
FRANKLAND, J.
British Energy, United Kingdom
HERTL, B.
Agency for Radwaste Management, Slovenia
HILLE, M.
Framatome-ANP, Germany
KAWAKUBO, Y
KERHOAS, A
KOSKINEN, K.
Radiation and Nuclear Safety Authority, Finland
LAVENDER, C.
Health and Safety Executive, United Kingdom
MAQUA, M.
Gesellschaft
MEYERS, S.
British Nuclear Group, United Kingdom
NICHOLS, R.
PEYROUTY, P.
Institut de radioprotection et suret nucleaire, France
PIERONI, N.
REDMAN, N.
Amethyst Management Ltd, United Kingdom
TOTH, A
Hungarian Atomic Energy Authority
VINCENT, D.
Canadian Nuclear Safety Commission, Canada
VINCZE, P.
Germany
fr
Anlagen-und
Reaktorsicherheit
mbH,
141

Application of The Management System For NF - Draft Safety Guide DS349, IAEA, Vienna (2008)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Application of The Management System For NF - Draft Safety Guide DS349, IAEA, Vienna (2008)

Uploaded by

Copyright:

Available Formats

DS349 Draft 6

Date: 22 Jan. 2007

IAEA SAFETY STANDARDS

Status: For submission to member States

Application of the Management System for

DRAFT SAFETY GUIDE

Revision of Safety Series 50-SG-Q8 to Q14 (1996)

International Atomic Energy Agency

The objective of this publication is to provide supplementary guidance to that provided

This Safety Guide can be used by facilities in the following ways:

To support the development, implementation, assessment and improvement of the

management systems of those facilities directly responsible for research4, siting,

As an aid to the assessment of the adequacy of the management system of

To specify to a supplier, via contractual documentation, any specific element that

organisations by regulatory bodies;

This Safety Guide follows the structure of Ref. [1].

Section 2 provides guidance for implementing the management system, including

guidance relating to safety culture, grading, and documentation;

Section 3 provides guidance on the responsibilities of senior management6 for the

development and implementation of an effective management system;

Section 4 provides guidance on resource management, including guidance on

and developed, including guidance on some generic processes of the management

Section 6 provides guidance for measuring, assessing and improving the

The appendices provide guidance on the specific processes that should be

developed for the lifetime of a nuclear facility: research, siting, design,

The Annex provides an example of a business plan for a nuclear facility.

A management system shall be established, implemented, assessed and continually improved.

Describing the planned and systematic actions necessary to provide adequate

Ensuring that health, environmental, security, quality and economic related

confidence that all these requirements are satisfied;

requirements are not considered separately from safety requirements, to help

The statutory and regulatory requirements of the Member State;

Any requirements formally agreed with interested parties (also known as

All other relevant IAEA Safety Requirements publications, such as those on

emergency preparedness and response [16] and safety assessment;

under one organization. Whichever organizational arrangement is utilized, the responsibilities

individuals, technology and the organization;

Reinforcing a learning and questioning attitude at all levels of the facility;

Any effort to focus attention to develop or improve the safety culture of an

Safety culture should be based on fundamental safety beliefs (assumptions) and on a

Everyone has an impact on nuclear safety;

Leaders demonstrate commitment to safety;

Trust and open communication permeates throughout the organization;

Decision-making reflects safety first;

Nuclear is recognized as unique;

A questioning attitude is cultivated;

Organizational learning is embraced;

Nuclear safety undergoes constant review.

A common understanding by all individuals of the characteristics and attributes of a

This framework can be used in two ways:

To reach a common understanding of what factors are important to consider in

To evaluate the strengths and weaknesses in an organization both through self-

relation to safety culture;

assessments and by external review.

Safety Culture Characteristics and Attributes

FIG. 1 Safety culture characteristics and attributes

The high priority given to safety is shown in documentation, communications and

commitment of the organization to safety and which establishes the highest

level expectations for decision-making and conduct for the organization;

The safety policy should be posted in facilities and should be known to

The safety policy should be appropriately transferred into documentation;

The rationale for significant decisions related to safety should be

communicated regularly to individuals;