DOE-STD-1189-2008, - PowerPoint Presentation

Slide1

DOE-STD-1189-2008, Integration of Safety into the Design Process

Dr. Richard Englehart, Epsilon Systems Solutions

Pranab Guha, HS-21

John Rice, Epsilon

Systems SolutionsSlide2

Expectations I expect safety to be fully integrated into design early in the project. Specifically, by the start of the preliminary design, I expect a hazard analysis of alternatives to be complete and the safety requirements for the design to be established. I expect both project management and safety directives to lead projects on the right path so that safety issues are identified and addressed adequately early in the project design.

– Deputy Secretary of Energy, December 5, 2005

2Slide3

PurposeDOE Standard 1189 has been developed to show how project management, engineering design, and safety analyses can interact to successfully implement the Deputy Secretary’s expectations

This course provides the central ideas and themes of 1189 and conveys lessons learned from project implementation of the Standard

3Slide4

Overview of CourseSafety-in-Design ConceptsApplicability

Project Integration and Planning

Design Process

Hazard and Accident Analyses and Inputs to the Design Process

Appendices A – C

Facility Modifications

Lessons Learned

Q & A

Case Study

4Slide5

Instructional GoalUpon successful completion of this lesson, students will be able to demonstrate a familiarity level knowledge of the background, philosophy, and contents of DOE-STD-1189,

Integration of Safety into the Design Process

5Slide6

Lesson Objectives(Slide 1 of 5)Lesson ObjectivesExplain why DOE-STD-1189 was developed.

Identify the “drivers” that require the use of DOE-STD-1189 for integrating safety into design.

Identify and explain the key concepts introduced by DOE-STD-1189.

Identify and explain the guiding principles for integrating safety into design.

6Slide7

Lesson Objectives (Slide 2 of 5)Explain the purpose of the DOE Integrated Project Team.Explain the purpose of the Contractor Integrated Project Team.

Explain the purpose of the Safety Design Integration Team.

Explain how the Safety Design Strategy is developed. Describe its scope, preparation, format, and approval process.

7Slide8

Lesson Objectives (Slide 3 of 5)Describe how the requirements and deliverables identified in DOE-STD-1189 relate to the Project Lifecycle as described in DOE Order 413.3A.

Explain how the Critical Decision Process can be tailored based on project type, risk, size, duration, complexity and selected acquisition strategy.

8Slide9

Lesson Objectives (Slide 4 of 5)Identify and explain the key safety-related activities in each of the phases of a project:

Discuss the purpose and content of the following documents:

Conceptual Safety Design Report.

Conceptual Safety Validation Report.

Preliminary Safety Design Report

Preliminary Documented Safety Analysis

DOE Safety Evaluation Report

9Slide10

Lesson Objectives (Slide 5 of 5)Identify common lessons learned from implementing

DOE-STD-1189.

State the purpose of the following appendices in DOE-STD-1189 and explain how each is used in the design process:

Appendix A, Safety System Design Criteria

Appendix B, Chemical Hazard Evaluation

Appendix C, Facility Worker Hazard Evaluation

Describe the facility modification process using DOE-STD-1189

10Slide11

STD-1189 Roadmap (Slide 1 of 6)For all audiences:

Preface, with the key concepts and guiding principles upon which the Standard was developed,

Chapter 1,

Introduction

(background, applicability, must and should)

;

Chapter 2,

Project Integration and Planning

; and

Chapter 3,

Safety Considerations for the Design Process

, which provides an overall perspective of the Safety-in-Design process through the Critical Decision stages.

11Slide12

STD-1189 Roadmap(Slide 2 of 6)Project safety personnel and DOE safety reviewers

Chapter 4,

Hazard and Accident Analyses

Chapter 5,

Nuclear Safety Design Criteria

Chapter 6,

Safety Reports

Appendices A through D,

Appendix F,

Safety-in Design Relationship with the Risk Management Plan

Appendix G,

Hazards Analysis Table Development

guides this basic safety-in-design input

12Slide13

STD-1189 Roadmap(Slide 3 of 6)Project management, both federal and contractor

Chapter 7,

Safety Program and Other Important Project Interfaces

Appendix E,

Safety Design Strategy

Appendix F,

Safety-in-Design Relationship with the Risk Management Plan

13Slide14

STD-1189 Roadmap (Slide 4 of 6)Project design personnel

Chapter 5,

Nuclear Safety Design Criteria

Chapter 7,

Safety Program and Other Important Project Interfaces

Appendices A through D, which address safety design classifications for Safety Structures, Systems, and Components (Safety SSCs)

14Slide15

STD-1189 Roadmap (Slide 5 of 6)Safety Document Preparers and Reviewers

Appendices H and I provide format and content guidance for the preparation of the Conceptual Safety Design Report (CDSA), Preliminary Safety Design Report (PDSA), and Preliminary Documented Safety Analysis (PDSA)

15Slide16

STD-1189 Roadmap (Slide 6 of 6)Project teams for potential major modifications of existing facilities:

Chapter 8,

Additional Safety Integration Considerations for Projects

Appendix J,

Major Modification Determination Examples

16Slide17

Safety-in-Design Basic PreceptsAppropriate and reasonably conservative safety structures, systems, and components are selected early in project designs

Project cost estimates include these structures, systems, and components

Project risks associated with safety structures, systems, and component selections are specified for informed risk decision-making by the Project Approval Authorities

17Slide18

Development of STD-1189 (Slide 1 of 2)Designed to be guided by and consistent with the principles of ISM and the requirements and guidance of DOE O 413.3A

Correlates with the DOE O 413.3A Critical Decision stages and safety design requirements of DOE O 420.1B and associated guidance documents

18Slide19

Development of STD-1189 (Slide 2 of 2)Specifically references 413.3A guidance onMission Need Statements

Integrated Project Teams

Project Execution Plans

Risk Management Plans

19Slide20

Correlation to ISM Core FunctionsDefine the work: Mission Need; Alternatives Definition

Analyze the hazards

: Conceptual Design and follow on stages, hazards analysis, and design basis accidents

Identify safety controls

: Follows from HA and safety classification

Perform the work

: Integrate safety in the design process

Feedback and Improvement

: Iterative process between design and safety

20Slide21

Summary of Key Safety-in-Design Concepts(Slide 1 of 4)

Establishment and early involvement of Integrated Project Teams (IPT) and their coordination

Federal and Contractor IPTs; Contractor Safety Design Integration Team (SDIT)

Defining the overall strategy for the project, including how safety integration is to be accomplished, and obtaining DOE approval of the strategy

Safety Design Strategy, derived from DOE safety expectations defined in the pre-conceptual phase, is formalized and approved during conceptual design phase

21Slide22

Summary of Key Safety-in-Design Concepts (Slide 2 of 4)Identifying CD-1 as the key point in a project when major safety systems and design parameters should be defined

Focus on high potential cost safety implications: Hazard Category; building and major components seismic design categories; building confinement strategy; fire protection and power supply system classification

Establishing objective criteria for the designation and design of safety structures, systems, and components

STD-1189 Appendices A, B, and C (seismic design basis; collocated worker SSC safety classifications; in-facility worker safety classifications)

22Slide23

Summary of Key Safety-in-Design Concepts (Slide 3 of 4)A conservative front-end approach to safety-in-design that is reflected by a “risk and opportunities” assessment

Conservative approach early-on based on assumptions and incomplete information: input to project risk management plan (Risk and Opportunities Assessment) and information for cost estimates

Identifying key project interfaces (physical and programmatic) that affect design decisions

Project Interfaces: e.g., site infrastructure, security, waste management, emergency preparedness, DNFSB

23Slide24

Summary of Key Safety-in-Design Concepts (Slide 4 of 4)Ongoing involvement of DOE in safety-in-design decisions

Safety Design Strategy (SDS)

Conceptual and Preliminary Safety Design Reports (CSDR, PSDR)

Preliminary Documented Safety Design Analysis (PDSA)

Related DOE reviews and approvals

24Slide25

Guiding Principles (Slide 1 of 3)Derived from DOE O 420.1B, DOE O 413.3A, and their associated Guides

Use of O 420.1B and clearly articulated strategies to satisfy requirements

Control selection strategy order of preference

Following the design codes and standards in O 420’s associated Guides

Use of risk and opportunities assessments

25Slide26

Guiding Principles (Slide 2 of 3)Conservative early project safety decisions input to cost/scheduleCD packages describe safety decisions

Project team includes appropriate expertise

Safety personnel involved from onset of project planning

26Slide27

Guiding Principles (Slide 3 of 3)Important safety functions addressed during conceptual design

SDIT invokes the safety-in-design process

All stakeholder issues identified early and addressed

Bases for safety related decisions are documented

27Slide28

ApplicabilityThe Standard applies to the design and construction of:

New DOE hazard category (HC) 1, 2, and 3

nuclear facilities

Major modifications to DOE HC 1, 2, and 3 nuclear facilities (as defined by 10 CFR 830)

Other modifications to DOE HC 1, 2, and 3 nuclear facilities managed under the requirements of DOE O 413.3A

28Slide29

Safety and Design Integration

Project Integration and Planning

29Slide30

Key Components of Project Integration and Planning Federal Integrated Project Team

Contractor Integrated Project Team

Safety Design Integration Team

Safety Design Strategy

Risk and Opportunities Assessments

DOE and Contractor

Roles and Responsibilities

Safety

Design

Project Management

Interfaces

Safety-in-Design

30Slide31

31 Relationships of

Major Project Entities

Acquisition Executive

DOE SBAA/SBRT

Contractor IPT

Engineering

Design

Safety Analysis

SDIT

Contractor Project

Manager

DOE Program

Manager

Federal IPT

Federal Project

Director

31Slide32

Federal Integrated Project Team(Slide 1 of 3)FPD leads an IPT with representation necessary for project success

FPD and IPTs must aggressively lead the project (not passively monitor and review)

IPT formally established at CD-1 (really needs to be established at the beginning of Conceptual design)

Roles, responsibilities, and functions of the Federal IPT are provided in DOE G 413.3-18,

Integrated Project Teams Guide for Use with DOE O 413.3A

32Slide33

Federal Integrated Project Team (Slide 2 of 3)From DOE G 413.3-18:

The IPT is the primary tool for breaking down the walls that can exist between different organizations, different professions, and different levels within the different organizations’ command structures. A successful IPT brings these diverse elements together to form a unit that willingly shares information, balances conflicting priorities and ideologies, and jointly plans and executes the project mission. (¶ 2.2)

33Slide34

Federal Integrated Project Team (Slide 3 of 3)From DOE G 413.3-18 (Continued):The initial requirement imposed upon the IPT by DOE O 413.3A is to support the FPD by providing individual expertise to fill the voids in his or her knowledge base in the areas of planning and implementing the project… (¶ 2.4.1)

34Slide35

What is the Contractor Integrated Project Team?Standard 1189 encourages the formation of the Contractor IPT; similar makeup to Federal IPT

Comprised of personnel who ensure integration of mission need, safety analysis, and design

Diversity of expertise is essential

Project process understanding very helpful

Strong upper management support to IPT members

Need consistency and longevity of team members

Team formed after approval of CD-0

35Slide36

Typical Contractor IPT RepresentationFacility Owner/Operator

Funding Organization

Project Management

Health, Safety, and Radiation Protection

Nuclear Safety

Engineering

Waste Management

Procurement

Safeguards and Security (as needed)

Quality Assurance

Computing, Communications and Networking

DOE Representative

36Slide37

Contractor IPT Key Points (Slide 1 of 2)Parallel management functions as the Federal IPT, but from the contractor’s perspective

Safety Design Integration Team (SDIT) directly supports the CIPT, and through it, the Federal IPT

37Slide38

Contractor IPT Key Points (Slide 2 of 2) Lesson Learned:

Biggest challenge for the CIPT/SDIT is to assure active and effective communications between engineering design activities and safety analysis activities

Especially true when they are not collocated

Failure to support the iterative interactions between safety analysis and design is equivalent to failure to implement the processes of STD-1189

38Slide39

What is the Safety Design Integration Team (SDIT)?Provides working-level integration of safety into design for the project

Usually composed of subset of Contractor IPT plus other specialties as needed

Core team

Safety

Design

Operations (including maintenance)

Additional composition depends on the hazards, safety, and security issues

39Slide40

SDIT ObjectivesEnsure integration of safety in design by adherence to the key concepts and guiding principles of DOE-STD-1189Document the bases for all safety in design decisions

Maintain consistency of and configuration management between safety and design work

Resolve initial uncertainties and assumptions for safety in design

Achieve consensus and approvals for direction of safety in design progress

40Slide41

SDIT Functions (Slide 1 of 2) Timely communications with and support to CIPT and IPTConduct Risk and Opportunities Assessment (input to RMP)

Draft safety documents (CSDR, PSDR, PDSA)

41Slide42

SDIT Functions (Slide 2 of 2)Ensure the iterative safety/engineering design process is effective and that the identified safety functions:

Lead to selection of controls that are adequate to serve the safety functions and are consistent with operational needs

Are classified appropriately

Are accommodated in project cost and schedule estimates

42Slide43

SDIT Best PracticesSDIT should have a charterDefine membership (core team and SMEs)

Designate lead

Define roles and responsibilities

Specify required training for members

SDIT should use formal processes

43Slide44

Safety Design Strategy (SDS) (Slide 1 of 3)

“…must be developed for all projects subject to this Standard.” (¶ 2.3)

Developed from CD-0 definition of DOE expectations for execution of safety during design

Prepared by SDIT; reviewed by DOE Safety Basis Review Team (SBRT); approved by Federal Project Director and Safety Basis Approval Authority (SBAA)

44Slide45

Safety Design Strategy (SDS) (Slide 2 of 3)Is a living document, updated throughout the project stages as needed

Provides the mechanism by which all elements of the project and approval authorities can agree on basic safety in design approaches

Single source for project safety policies, philosophies, major safety requirements, and safety goals to maintain alignment of safety with the design basis during project evolution

45Slide46

Safety Design Strategy (Slide 3 of 3) Addresses:

Guiding philosophies or assumptions to be used to develop the design

Safety-in-design and safety goal considerations for the project

Approach to developing the overall safety design basis for the project

Significant discipline interfaces affecting safety

46Slide47

SDS UpdatesFocus is on those major safety decisions that influence project cost (e.g., seismic design criteria, confinement ventilation, safety functional classification, and strategy)Provide a means by which all parties are kept informed of and agree with important changes due to safety in design evolution between Critical Decision points

47Slide48

SDS Format(see Appendix E)

Purpose

Description of the Project

Safety Strategy

3.1 Safety guidance and requirements

3.2 Hazard identification

3.3 Key safety decisions

Risks to Project Decisions

Safety analysis approach and plans

SDIT – Interfaces and integration

48Slide49

Risk AssessmentDOE O 413.3A CD-1 requirement: “Prepare a preliminary Project Execution Plan, including a Risk Management Plan (RMP) and Risk Assessment… “ (Table 2)Risk management strategies must address

All technical uncertainties (including schedule and cost implications)

Establishment of design margins

Increased technical oversight requirements

49Slide50

Risk and Opportunities Assessment (R & OA) (Slide 1 of 2)DOE-STD-1189 Risk and Opportunities Assessment is:

Required by the Order and the Standard and

Provides the safety-related input to the Project Risk Management Plan

Purpose is to recognize and manage risks of proceeding at early stages of design on the basis of incomplete knowledge or assumptions regarding safety issues

50Slide51

Risk and Opportunities Assessment (R & OA) (Slide 2 of 2)SDIT prepares R & OA and updates it throughout the project phasesReviewed by IPT and DOE Safety Basis Review Team and approved by the Federal Project Director

Discussed in DOE STD-1189 Appendix F

51Slide52

Example Risk Areas (Slide 1 of 2) Technical

Uncertain seismic requirements (seismic geotechnical investigation)

SSC classifications (safety and seismic)

Interfaces with site infrastructure and boundaries of safety SSCs with them

Undefined, incomplete, unclear safety functions and requirements

New or undecided technology

52Slide53

Example Risk Areas (Slide 2 of 2) Programmatic Level:Interfaces with other facilities (inputs and outputs)

Coordination between design and safety organizations (if different)

Implications of less than optimum dedicated IPT support for FPD

Including ability to actively manage risks, including programmatic

53Slide54

Roles and Responsibilities (Slide 1 of 2)

Product/

Document

Responsibility

Interface with Other Documents/

Products

Prepare

Review

Approve

SDS

SDIT

IPT and SBRT

FPD and SBAA

DOE expectations in Mission Need Statement

R&OA

SDIT

IPT and SBRT

FPD

Input to RMP

CSDR

SDIT

IPT and SBRT

Via CSVR

CDR

CSVR

SBRT

IPT

SBAA with FPD Concurrence

CSDR and CDR

PSDR

SDIT

IPT and SBRT

Via PSVR

Preliminary Design

54Slide55

Roles and Responsibilities (Slide 2 of 2)

Product/

Document

Responsibility

Interface with Other Documents/Products

Prepare

Review

Approve

PSVR

SBRT

IPT

SBAA with FPD Concurrence

PSDR

PDSA

SDIT

IPT and SBRT

Via SER

Final Design

SER

SBRT

IPT

SBAA with FPD Concurrence

PDSA

DSA and TSR

SDIT and Operations Team

IPT and SBRT

Via SER

PDSA

TSR is based on the DSA.

SER

SBRT

SBAA

DSA and TSR

55Slide56

What Parts of the Standard are Mandatory? (Slide 1 of 2) Originating with STD-1189

Safety Design Strategy

Risk and Opportunities Assessment

CSDR and PSDR (and DOE reviews)

Appendix A seismic design basis and collocated worker safety significant SSC criteria

Major Modification Determination (documented in SDS)

Key Concepts and Guiding Principles

(for full implementation of STD-1189)

56Slide57

What Parts of the Standard are Mandatory? (Slide 2 of 2) Derivative

10 CFR 830.206: PDSA; design criteria of O 420.1B

DOE O 413.3A Chg. 1: requires implementation of STD-1189

DOE O 420.1B: nuclear safety, fire safety, criticality, NPH

57Slide58

Safety and Design Integration DOE-STD-1189-2008

Design Process by Project Phase

58Slide59

Project LifecyclePre-Project Planning

Pre-Conceptual

Conceptual

Preliminary Design

Final Design

Construction

Turnover/Acceptance

Operations

CD-0

CD-1

CD-2

CD-3

CD-4

59Slide60

Pre-Conceptual PhaseObjective is to identify and assess a program gap and then to propose a project to close the mission related performance gap

Analysis focus:

Special Safety Requirements

New facility or modification

Available technology

Process material inputs and outputs

Upper level facility functions

Results in the development of Mission Need which becomes a baseline document in the project if CD-0 is granted

60Slide61

Safety-Related Activities in Pre-conceptual Phase (Slide 1 of 2)

Assign project safety lead (establishes continuity)

Initial assessment of project safety issues

Identify top level hazards (including process inputs and outputs)

Determine preliminary hazard categorization

Identify unique constraints affecting project safety approach

Develop DOE expectations for safety activities

61Slide62

Develop DOE Expectations for Execution of Safety Activities (Slide 1 of 2) Examples:

Anticipated safety issues/hazards and goal (if any) for hazard category

(Can affect process capacity through MAR limits; can affect issues regarding criticality hazards; could affect

siting

)

Potential need for improvements in site infrastructure to support facility safety systems (an interface issue that might expand scope of the project)

62Slide63

Develop DOE Expectations for Execution of Safety Activities (Slide 2 of 2) Potential need for geotechnical studies

Expectations regarding confinement strategy

Project tailoring (e.g., PDSA only for a major mod)

Anticipated need for exceptions to O 420.1B and associated guides

63Slide64

64Pre-Conceptual PhaseSlide65

Identify Important Project InterfacesCriticality

Quality Assurance

Fire Protection

Emergency Management

Human Factors

Site Infrastructure

Worker Safety and Health (10 CFR 851)

Radiological Protection

Hazardous Waste Management

Safeguards and Security

Transportation

Environmental Protection

Coordination with the DOE SBRT

65Slide66

Conceptual Design PhaseGoal for safety-in-design in this phase is to evaluate alternative design concepts, prepare the SDS, and provide a conservative design basis for the preferred concept

Perform sufficient analysis to make informed safety decisions for this phase

Document risks and opportunities for selections including cost and schedule range impacts

Begin considerations of quality requirements, Quality Assurance Program (QAP) established

(This phase is the best opportunity for safety analysis to cost-effectively influence design)

66Slide67

67Conceptual Design PhaseSlide68

Key Safety-Related Activities(Slide 1 of 3)Form Integrated Project Teams (both DOE and Contractor) and SDIT

Develop Preliminary Security Vulnerability Assessment

Develop Preliminary Fire Hazards Analysis

Develop Safety Design Strategy

Establish Configuration Management

68Slide69

Key Safety-Related Activities (Slide 2 of 3)Evaluate alternatives and provide recommendationsAssess risks and opportunities as input to the Risk Management Plan

Develop preliminary hazard analysis (PHA) for recommended alternative

Define safety functions

Identify high-cost safety systems

Initiate hazard analysis data capture (Appendix G)

69Slide70

Key Safety-Related Activities (Slide 3 of 3)Identify facility-level design basis accidents (DBAs)

Bounding consequences

Safety and seismic classification

Commit to nuclear safety design requirements (DOE O 420.1B) and place under design control

Develop Conceptual Safety Design Report (CSDR)

Maintain project interfaces focus (see Ch 7 of STD-1189)

70Slide71

Conceptual Safety Design Report (CSDR) (Slide 1 of 2) Document and establish a preliminary inventory of hazardous materials

Establish a preliminary hazard categorization

Identify and analyze facility-level DBAs

Assess the need for facility-level hazard controls (safety SSCs)

71Slide72

Conceptual Safety Design Report (Slide 2 of 2) Preliminary assessment of appropriate seismic design bases (facility structure and SSCs)

Evaluate security hazards that can impact the safety design basis

Commitment to nuclear safety design criteria

Format and content of CSDR in Appendix H

72Slide73

Conceptual Safety Validation Report (CSVR)CSVR prepared to confirm an appropriately conservative basis to proceed to preliminary design, based on:

preliminary hazard categorization of the facility

preliminary identification of facility DBAs

assessment of the need for SC and SS facility-level hazard controls

preliminary assessment of the appropriate seismic design bases

position(s) taken with respect to compliance with the safety design criteria of DOE O 420.1B

73Slide74

74Preliminary Design PhaseSlide75

Preliminary Design PhaseAdvance conceptual design toward final designEvolve the Hazard Analysis (HA) to include process level HA

Develop design-specific solutions based on safety design requirements

Prepare for final design

Complete NEPA documentation by end of design phase

75Slide76

Safety Activities in Preliminary Design (Slide 1 of 2) Update Security Vulnerability Assessment

Update hazard analysis (HA) to address process level hazards based on the selected design

Evaluate and apply DOE O 420.1B and associated guides

Evolve system-level DBAs with appropriate added specificity based on selected design

76Slide77

Safety Activities in Preliminary Design (Slide 2 of 2) Update Risk and Opportunity Assessment

Update SDS reflecting design and safety evolution

Develop the Preliminary Safety Design Report (PSDR)

77Slide78

Preliminary Safety Design Report(PSDR)Developed to demonstrate safety adequacy of the preliminary design effort

Limited to the extent that design information is also limited

Format and content guide in DOE STD 1189 Appendix I

DOE prepares Preliminary Safety Validation Report (PSVR) to approve PSDR, similar to (CSVR) in purpose and scope

78Slide79

Safety Activities in Final DesignUpdate and finalize preliminary safety in design analyses, information and documentationUpdate Risk and Opportunity Assessment (as needed)

Update SDS reflecting design and safety evolution (as needed)

Develop Preliminary Documented Safety Analysis

DOE prepares a Safety Evaluation Report

79Slide80

80Final Design Phase

Pre

-

CD

-

3

,

Final Design

S

a

f

e

t

y

D

e

s

i

g

n

B

a

s

i

s

P

r

o

j

e

c

t

E

n

g

i

n

e

e

r

i

n

g

P

r

o

g

r

a

m

a

n

d

P

r

o

j

e

c

t

M

a

n

a

g

e

m

e

n

t

CD

-

2

Approval

Initiate Final

Design

Update Security

Vulnerability

Analysis

Update Risk

Management Plan

Baseline

Management

CD

-

3

Final Design

Package

Validate Design

vs

.

Desired

Control Functions

&

Criteria

3

.

4

Develop Design

Output Documents

Design Reviews

(

Fed and

/

or

Contractor

,

as

appropriate

)

Update Hazards

Analysis

4

.

4

Mitigated Accident

Analysis

4

.

4

Update Safety

SSC Functions

and Classification

4

.

4

PDSA

4

.

4

Safety Evaluation

Report

DOE Authorizes

Procurement

,

Construction

, &

Final

Implementation

Update Safety in

Design Risk

&

Opportunities

Assessment

3

.

4

Execution

Readiness

Independent

Review

Updated SDS

,

as

needed

2

.

3

Update Project

Risk

Considerations

CD

-

3

Approval

Construction

,

Transition

, &

Closeout

7

.

0Slide81

Final Design PhaseFinalizes HA and DBAs (mitigated analysis)Evolves the preliminary design to the point where

Specifications are developed

Security Vulnerability Assessment is finalized

Procurement and construction can be accomplished

Test, inspection, and commissioning requirements are developed and detailed

System Design Descriptions (SDD) and Facility Design Description (FDD) are completed

81Slide82

Preliminary Documented Safety Analysis (PDSA)Evolves from the PSDRCompletes the analysis of the design

Format and content covered in Appendix I

Based on DOE-STD-3009 format

Minimizes need to rewrite for DSA

Provides the basis for design adequacy with respect to safety

Change control of PDSA is established

82Slide83

Construction ,Transition, and Closeout Phase Design Related IssuesField ChangesGovernment Furnished Equipment (GFE) and other equipment not part of primary design

Revisions to PDSA

Changes to comply with readiness review issues

Input to Documented Safety Analysis (DSA) and Technical Safety Requirements (TSR)

83Slide84

Criteria for Determining PDSA Revision(Slide 1 of 2)The change:

alters a safety function for a safety SSC identified in the current PDSA

results in a change in the functional classification, reliability, or rigor of the design standard for an SSC previously specified in the PDSA configuration baseline

84Slide85

Criteria for Determining PDSA Revision (Slide 2 of 2)requires implementation of new or changed safety SSC or proposed TSR controls

significantly alters the process design or its bases, such as increased material at risk, changes to seismic spectra, major changes to process control software logic, new tanks, new piping, new pumps, or different process chemistry

85Slide86

Safety and Design Interactions

Hazard and Accident Analyses and Inputs to the Design Process

86Slide87

Hazard and Accident Analysis:Initial Information Needed (Slide 1 of 2)

Facility site/location

General arrangement drawings

MAR estimates or assumptions and material flow balances

Sizing of major process system containers, tanks, piping

87Slide88

Hazard and Accident Analysis:Initial Information Needed (Slide 2 of 2)

Process block flow diagrams for:

Ventilation

Electrical power

Special mechanical handling equipment (e.g., gloveboxes)

Instrumentation and control (I&C) system architecture

Summary process design description and sequence

Confinement strategy

88Slide89

Hazard and Accident Analysis (Slide 1 of 2) At conceptual design stage (facility level analyses)

Building structure

Building and process confinement

Power systems, including Safety Class single failure criteria

Fire protection provisions

Special mechanical equipment (e.g.,

gloveboxes

)

Initial focus on high-cost safety functions and design requirements

89Slide90

Hazard and Accident Analysis (Slide 2 of 2) At preliminary and final design stages

Update and refine conceptual design analyses

Extend to process and activity level and safety functions and SSCs

90Slide91

Hazard and Accident Analysis: Accident Types to ConsiderFires

Explosions

Loss of confinement/containment

Process upsets (starting in preliminary design)

Natural Phenomena Hazards

Design basis accidents (for the accident types)

Beyond design basis accidents (starting in preliminary design)

91Slide92

Hazard and Accident Analysis:Outputs to Engineering Design For Structures, Systems, and Components (SSCs), based on DOE O 420.1B safety design requirements

Performance Categories (wind, flood, etc.)

Seismic Design Basis

Safety Class functions

Safety Significant functions

Defense in depth /Important to Safety (ITS) safety functions

Design codes and standards from Guides associated with DOE O 420.1B

92Slide93

Hazard Analysis and Design Basis Accidents (DBAs) at Conceptual DesignSimple DBAs are postulated based on facility level upsets involving limiting quantities of MAR and facility layout

Unmitigated consequences are assessed to help establish both needed safety function and safety classification of that function

These accidents are analyzed for both collocated workers and public impact; they are to help define safety functional and design requirements

DBAs are refined and expanded upon in later stages of project

93Slide94

Hazard Analysis (HA) at the Process LevelHA and design iteration

HA activities support identification of safety functions and selection of DBAs

Includes consideration of in-facility workers

DBAs and safety functions support design selection and associated design criteria

Design selection / criteria support development of a refined HA for the PSDR

Several iterations may be necessary as preliminary design progresses

Hazard Analysis table updated as necessary

94Slide95

Design Basis Accidents in Preliminary DesignThe Design Basis Accidents (DBAs):Refined from Conceptual Design based on system design

Provide input for new or revised design criteria

Establish system-level safety classification

DBAs are selected based on safety function and magnitude of hazard

Consider public and collocated worker consequences

95Slide96

Safety Interface with Design (Slide 1 of 2)Assist designers in understanding and addressing

Safety requirements from hazards and accident analyses

Safety implications associated with design alternatives and trade studies

Safety interpretation of DOE O 420.1B and DOE G 420.1-1 requirements and recommendations

96Slide97

Safety Interface with Design(Slide 2 of 2)Safety input into System Design Descriptions (SDD)

System boundaries

Safety functions and requirements

Supporting analyses (safety SSCs can provide safety function when called upon)

Project design reviews

Include safety design basis information and information included in design products (e.g., SDDs)

97Slide98

When to CommunicateBetweenDesign and Safety

Factor

Engineering Design

Safety

Potential Accident Scenarios

Changes in facility or process layout

Barriers to accident propagation established, changed, or removed (e.g., fire barriers, separation of hazardous materials)

Introduction of new sources of energy or hazard (e.g., chemical, mechanical, kinetic, potential, flammable, explosive)

Effect of any design factor where change:

Introduces a new accident scenario

alters a safety function for an SSC

results in a change in safety functional classification, reliability, or design standards

requires a new safety SSC or implies a new TSR control

significantly alters process design or its basis

Material at Risk (MAR)

Tank Size

Process details (e.g., inventory in

gloveboxes

)

Total facility inventory, including all hazardous materials

Damage Ratio (DR)

Facility and/or process layout, including fire barriers

Airborne Release Fraction

MAR material type and form (gaseous, powder, solid)

Leakpath Factor (LPF)

Physical barriers to release of hazardous materials

Building seismic design basis (SDB: Seismic Design Category/Limit State (SDC/LS))

Chi over Q (X/Q)

Location change

Definition of site boundary

98Slide99

Quality Assurance ProgramActivities for Design ProcessEstablish formal work processes (document control, verification processes, configuration management)

Training on standards, requirements, work processes

Periodic assessments of documentation

Independent design verifications, validations, assessments

Controlling documents and drawings and changes to them to approved processes

Identifying and controlling design interfaces

99Slide100

Safety and Design Integration DOE-STD-1189-2008

Appendix A – Safety System Design Criteria

100Slide101

Purpose of Appendix A Provides objective criteria requirements for specification of the seismic design basis and for safety classifications of safety SSCs

Seismic design basis includes specification of seismic design category (SDC) and limit state (LS) for a safety SSC based on radiological hazards

Adds collocated worker Safety Significant radiological classification criterion along with Safety Class criterion for the public

101Slide102

Seismic Design BasisApplies recently published national standards for seismic design of non-reactor nuclear facilities

ANSI/ANS 2.26-2004,

Categorization of Nuclear Facility Structures, Systems and Components for Seismic Design

; and

ASCE/SEI 43-05,

Seismic Design Criteria for Structures, Systems, and Components in Nuclear Facilities

.

102Slide103

Seismic Design StandardsANSI/ANS 2.26 provides seismic design bases (SDC and LS) for safety SSCs based on unmitigated radiological dose (as modified by DOE) to collocated workers and to the public and on the safety function of the safety SSC.

ASCE/SEI 43-05 provides the design criteria to use with the seismic design basis (SDB)

103Slide104

Seismic Design Criteria* Using the safety classification methodology for public and collocated workers** If the public dose for SDC-3 is exceeded significantly for any project (between one and two orders of magnitude), then the possibility that SDC-4 should be invoked must be considered on a case-by-case basis.

Unmitigated Consequence of SSC Failure from a Seismic Event

Category

Collocated Worker*

Public*

SDC-1

Dose < 5 rem

Not applicable

–

Defaults to SDC-1

SDC-2

5 rem < dose < 100 rem

5 rem < Dose < 25 rem

SDC-3

100 rem < dose

25

rem

< dose**

104Slide105

Limit States (examples From ANS 2.26)

SSC Type

Limit State A

Limit State B

Limit State C

Limit State D

Building structural components

Substantial loss of SSC stiffness; some margin against collapse

Some loss of SSC stiffness; substantial margin against collapse

SSC retains nearly full stiffness and strength; passive components will perform normal and safety functions

SSC damage is negligible

Structures or vessels for containing hazardous material

Low hazardous material; vessel not likely to be repairable

Moderate hazardous liquids; cleanup and repair expeditious

Low pressure vessels with worker hazard if contents released; damage minor

Leak tightness must be assured; moderate to high hazard gases/liquids

Other SSCs covered include: confinement barriers (glove boxes, ducts), equipment support structures, filter assemblies and housings, etc.

105Slide106

Comparison of SDB to Performance Category

106Slide107

Supplemental Guidance for ANS 2.26 When Selecting SDCs and Limit States (SDB)

Safety analyst, seismic design engineer and the equipment design engineer evaluate the functional requirements for the safety SSC and its subcomponents to determine the appropriate Seismic Design Basis (SDB).

If the safety functions of a safety SSC include confinement and leak tightness, a Limit State C or D must be selected.

Guidance is provided for an SDC-1 or SDC-2 SSC having safety functions requiring Limit States A, B, C or D.

107Slide108

Safety Classification Methodology:Public ProtectionThe guidance of DOE G 421.1-2 and DOE-STD-3009, Appendix A, should be used in classifying SSCs as Safety Class (SC) for radiological protection

The words “challenging” or “in the rem range” in those documents should be interpreted as radiological doses equal to or greater than 5 rem, but less than 25 rem

In this range (5 to 25 rem), SC designation should be considered, and the rationale for the decision to classify an SSC as SC or not should be explained and justified

108Slide109

Safety Classification Methodology:Collocated Worker ProtectionUse unmitigated accident analysis source term guidance in DOE-STD-3009, Appendix A, Section A.3.2 and DOE G 420.1-1

Use dose of 100 REM TEDE at 100 m

Use ICRP 68 dose conversion factors

Apply

X/Q

value at 100 m of 3.5E-3 sec/m

3

for the dispersion calculation

109Slide110

Backfit for Major ModificationsFor major modifications of existing facilities, Appendix A criteria are applicable

Backfit analyses should examine:

The need to upgrade interfacing structures, systems, and components in accordance with these criteria, and

Whether there should be relief for the modification from the design requirements that application of these criteria in design would imply

110Slide111

Additional NotesANS 2.27, Criteria for Investigations of Nuclear Facility Sites for Seismic Hazard Assessments, and ANS 2.29,

Probabilistic Seismic Hazards Analysis,

have been completed and approved

DOE plans to adopt them and to update DOE G 420.1-2 (Natural Phenomena Hazard guide)

111Slide112

SAFETY AND DESIGN INTEGRATION DOE-STD-1189-2008

Appendix B,

Chemical Hazard Evaluation

112Slide113

Purpose of Appendix BDOE is not invoking mandatory classification of safety SSCs or specifying nuclear design requirements based on chemical hazards alone, but the Standard does provide advisory chemical safety criteria.

The guidance provides a sense of scale as to what is meant by a “significant exposure” in the criterion for classifying SSCs as safety significant.

Note: DNFSB has advised DOE to consider the need to effectively implement controls for chemical hazards, including guidance on the design of hazard controls (ref. letter dated 2/22/08, Dr.

Eggenberger

to Mr. Sell).

113Slide114

Content of Appendix BGuidance for consideration of Safety Significant designation of SSCs for significant chemical exposures is based on a process of:

Screening chemicals (hazardous materials) to determine those that may have the potential to immediately threaten or endanger collocated workers or the public and

Evaluating the severity of potential exposures against advisory classification criteria for collocated workers and the public

Note: Chemical exposure for facility workers is addressed in Appendix C.

114Slide115

Appendix B MethodologyMethods for estimating chemical exposures are detailed in Appendix BUnmitigated chemical consequence analysis should use reasonably conservative values for the parameters related to material release, dispersal in the environment and health consequences

It is desirable to reduce any tendency toward over-conservatism to achieve the risk-informed balance in the design of the SSCs

115Slide116

Advisory Criteria for Safety Significant ClassificationPublic Exposure > AEGL-2/ERPG-2/TEEL-2

(Potential for irreversible or serious long-lasting health effects)

Collocated Worker

Exposure > AEGL-3/ERPG-3/TEEL-3

(Potential for life threatening health effects or death)

Hierarchy

AEGL, ERPG, TEEL

116Slide117

Additional NotesDNFSB issue on design guidance for Safety Significant SSCs is being addressed:

in a new draft DOE standard implementing

ANSI/ISA-84.00.01(ISA-84),

Functional Safety: Safety Instrumented Systems for the Process Industry Sector

,

by a revision to DOE G 420.1-1.

NNSA and EM each have issued guidance for Natural Phenomena Hazard (NPH) classification based on chemical hazard levels to the public and to workers

117Slide118

EM Chemical Hazard NPH GuidanceReference: 4/15/09 memo from Owendoff on Implementation of DOE-STD-1189, Integration of Safety into the Design Process

for Environmental Management Activities

Note: also addresses non-seismic NPH

For chemical hazards, use Appendix A

X

/Q unless heavy gases or high wind/tornados are involved

Criteria of Appendix B will be applied for safety significant designation and PC-3 designation, subject to cost/benefit analysis and consultation with EM HQ

Consult the referenced document for details

118Slide119

NNSA CHEMICAL HAZARD NPH GUIDANCE (Slide 1 of 2)

Reference: 7/9/2009 memo from D’Agostino to the Deputy Administrator for Defense Programs (and others), Guidance and Expectations for DOE-STD-1189-2008,

Integration of Safety into the Design Process

, Natural Phenomena Hazard Design Basis Criteria for Chemical Hazard Safety Structures and Components

Note: also addresses non seismic NPH

Guidance mandatory for projects not yet in preliminary design (July, 2009)

119Slide120

NNSA CHEMICAL HAZARD NPH GUIDANCE (Slide 2 of 2) Appendix B criteria suggested for use for safety significant classification and initial categorization of SDC-3 or PC-3 (rad and non-rad)

SDC-2 or PC-2 may be justified based on technical or cost/benefit considerations with approval of Acquisition Executive

Similar guidance for in-facility worker protection (SDC-3 or PC-3) when it is necessary for them to remain in the facility after an accident for safety related purposes

Appendix C criteria suggested to be used for safety significant classification for in-facility workers

Consult the referenced document for details

120Slide121

Safety and Design Integration DOE-STD-1189-2008

Appendix C – Facility Worker Hazard Evaluation

121Slide122

Hazard AnalysisA qualitative evaluation of unmitigated consequence to the facility worker (FW) considering:

energetic releases of radiological or toxic chemical materials where the FW would be unable to take self-protective actions;

deflagrations or explosions where serious injury or death to a FW

may result;

chemical or thermal burns to a FW that could reasonably cover a significant portion of the FW’s body; and

leaks from process systems where asphyxiation of a FW normally present may result.

122Slide123

Significant ExposureFor radiological consequences, the suggested evaluation criterion is 100 rem TEDE.

For chemical exposure, the evaluation criterion is AEGL-3 or equivalent (e.g., ERPG-3, TEEL-3).

123Slide124

Qualitative ResultsBy comparing the qualitatively derived FW radiological or chemical consequence to these evaluation criteria, an assessment can then be made about the need for SS preventive or mitigative controls.

Where the qualitative consequence assessment yields a result that is not clearly above or below the evaluation criteria, then the need for SS FW controls shall be more closely considered by the project.

124Slide125

Safety and Design Integration DOE-STD-1189-2008

Facility Modifications

125Slide126

Facility Modifications The process for integration of safety into the design of facility modifications is similar to that for new facilities, but it is tailored to the scope, magnitude, and complexity of the modification.

126Slide127

127 Facility Modification Process Slide128

MAJOR MODIFICATION DEFINITION AND IMPLICATIONS As defined by 10 CFR 830.3, major modifications are those that “substantially change the existing safety basis for the facility.”

A major modification requires the development of a Preliminary Documented Safety Analysis (PDSA) (830.206) and approval of the PDSA by DOE (830.207) prior to procurement or construction of the modification

128Slide129

Evaluating Modifications(Slide 1 of 2) Simple modifications - existing hazard analysis is adequate for the modification; hazard controls adequately address the modification and associated activities; implementing the existing change control processes is adequate to support the proposed change.

129Slide130

Evaluating Modifications (Slide 2 of 2) Note that a simple modification or a less-than-major modification might invoke DOE O 413.3A, and therefore STD-1189, under cost criteria. In those cases, a Safety Design Strategy (SDS) is required, wherein the bases for the modification classification must be described. The SDS also provides the mechanism for tailoring the application of STD-1189.

130Slide131

Determining a Major ModificationIt is important to determine the need for a Preliminary Documented Safety Analysis (PDSA) as early as feasible in planning for a modification.

In many situations, the need for a PDSA may be readily discernable with little or no detailed evaluation required.

The Standard establishes criteria for evaluating the need for a PDSA. If a PDSA is warranted, the facility modification is a Major Modification.

131Slide132

Major Modification Criteria(Slide 1of 2)Add a new building or facility with a material inventory > HC 3 limits or increase the HC of an existing facility?

Change the footprint of an existing HC 1, 2 or 3 facility with the potential to adversely impact any SC or SS safety function or associated SSC?

Change an existing process or add a new process resulting in the need for a safety basis change requiring DOE approval?

132Slide133

Major Modification Criteria(Slide 1of 2)Utilize new technology or Government Furnished Equipment (GFE) not currently in use or not previously formally reviewed and approved by DOE for the affected facility?

Create the need for new or revised Safety SSCs?

Involve a hazard not previously evaluated in the DSA?

133Slide134

Safety Design Strategy for Major ModificationWhere a major modification is found to exist, an SDS should be developed that addresses:

The need for a CSDR or PSDR (as well as the required PDSA) to support project phases

The graded content of the PDSA necessary to support the design and modification

The application of nuclear safety design criteria

The interface with the existing facility, its operations, and construction activities

134Slide135

Summary of Major Modification Determination ProcessDetermine whether the modification is a major modification

Determination involves qualitative evaluations of six criteria

No one criterion is determining

Process relies on judgment based on consideration of all the criteria evaluations, on balance

Process and criteria are described in Ch 8 of the Standard

Specific examples are in Appendix J of the Standard

135Slide136

Safety and Design Integration DOE-STD-1189-2008

Lessons Learned

136Slide137

Sources of Lessons LearnedDOE Project ReviewsDNFSB Project Reviews

Project Implementation Experience

Implementation Questions from Field

Questions During 1189 Training Sessions

137Slide138

Lessons Learned (Slide 1 of 5) Need for detailed training on STD-1189 for FPDs, safety leads, engineering leads

Surface level review of the Standard; focus on products (SDS, CSDR, PSDR, etc. instead of understanding the integrating process approach)

Project management, safety, and engineering design personnel should have a level of familiarity with the requirements and guidance relevant to the other disciplines

138Slide139

Lessons Learned (Slide 2 of 5) Issues missed in application: Level of HA as function of design stage;

Nuclear criticality safety not included in HA/control identification;

Risk and Opportunity Assessments not carried into Project Risk Management Plan;

Security not included in SDIT

139Slide140

Lessons Learned (Slide 3 of 5) Need for formality in establishment and activities of Safety Design Integration Team (SDIT)

Project management commitment; designation of an SDIT lead (forcing function for effective communication between safety, design, and engineering)

140Slide141

Lessons Learned (Slide 4 of 5) Importance of a requirements management system

(e.g., Dynamic Object Oriented Requirements System)

Need flowdown of functional requirements to design documentation [System Design Descriptions (SDDs)]

Need management of change

Don’t let development of SDDs get out of sync with safety input and documentation in CSDR, PSDR, PDSA

Need to assess/validate ability of safety SSCs to provide the safety function indicated by hazards analysis

141Slide142

Lessons Learned (Slide 5 of 5) Role of the Safety Design Strategy (SDS) document

Tailoring of CD phases and safety documentation

Revising conservative safety assumptions with better information as design proceeds

Real time mechanism to achieve consensus on safety in design approaches (living document)

142Slide143

FAQsDoes commitment to O 420.1B criteria mean commitment to the associated guides as well? Means for choosing/justifying alternative safety design criteria.

Level of detail of DOE review of safety design documents (CSDR/PSDR/PDSA) in meeting O 420.1B safety design requirements.

How to modify early conservative safety design assumptions/approaches. Considerations.

What is Code of Record?

143Slide144

Commitment To DOE O 420.1B GuidesDoes commitment to O 420.1B criteria mean commitment to the associated guides as well?Guides are not requirements (unless committed to by contract)

DOE expectation is that guides will be followed

Considerations?

Cost

Schedule implications

Equivalent or better outcomes/demonstration thereof

144Slide145

Level of DOE Review of Safety Design DocumentsWhat is the level of detail of DOE review of safety design documents (CSDR/PSDR and PDSA) in meeting O 420.1B safety design requirements?

A function of the stage of design

Sufficient to identify issues that need to be addressed in the next stage

Sufficient to determine acceptability of safety-in-design approaches

145Slide146

How to Modify Early Conservative Safety Design Assumptions/ApproachesPotentials for this should be identified in the Safety Design Strategy (SDS, Risk & OA, and the Project RMP)Modify the SDS and get approval of the update

Considerations

Refined design inputs (process design, MAR, new information…)

Cost and schedule impacts of redesign

(e.g., redesign of building structure for lower Seismic Design Category/Limit State (SDS/LC)

146Slide147

What is the Code of Record?Set of design codes, standards, and other requirements that are the bases for design and operationOriginates at CD-2 (preliminary design approval) and is important to cost basis

Documented through design documents and PSDR/PDSA

Can be added to or modified throughout the life of a facility

147Slide148

Summary (Take Aways)The importance of the SDS as a consensus document for planning the path forward.

The importance of the SDIT and timely communications in the iterative nature of feedback and improvement between safety input and design outputs

The importance of the CDSR and PSDR and their approvals as timely communication documents to provide the safety-in-design basis for proceeding to the next design stage

148Slide149

Summary (Take Aways)(Continued)Management support and utilization of the 1189 process; utilization of the R &OA; conformance of the project to the Key Concepts and Guiding Principles of 1189

The importance of a proactive approach in identifying and addressing safety in design issues in a timely fashion

149