REGDOC-2.3.4, Operations Programs for Reactor Facilities

Summary

This regulatory document is part of the CNSC’s operating performance series of regulatory documents, which also covers construction and commissioning programs, accident management, and periodic safety reviews. The full list of regulatory document series is included at the end of this document and can also be found on the CNSC’s website.

Regulatory document REGDOC-2.3.4, Operations Programs for Reactor Facilities, clarifies the requirements for, and provides guidance on, developing and implementing operations programs for reactor facilities (nuclear power plants, advanced reactor designs and small modular reactors). This regulatory document is based on operational experience (OPEX) and best practices developed from water-cooled nuclear power plants. This information will be updated as additional information is gathered from advanced reactor designs and small modular reactors. Proponents, applicants and licensees of advanced reactor designs and small modular reactors should apply the information and concepts from this regulatory document to the extent practicable and as best applicable to that design.

This document is the first version.

Given the wide range of proposed reactor facilities – especially of advanced reactor designs and small modular reactors – and given that reactor facilities have risk profiles that vary significantly depending on the particular characteristics of the activity or facility, the proponent, applicant or licensee may propose addressing requirements and guidance in a risk-informed manner commensurate with the level of risk of the regulated activity, or may propose alternative approaches to meet regulatory requirements, as described in REGDOC-1.1.5, Supplemental Information for Small Modular Reactor Proponents, and REGDOC-3.5.3, Regulatory Fundamentals. The information in this regulatory document can also be applied to other activities and licensing stages (for example, fuel-out commissioning under a licence to construct, or decommissioning).

For information on the implementation of regulatory documents and on the graded approach, see REGDOC-3.5.3, Regulatory Fundamentals.

1. Introduction

1.1 Purpose

This regulatory document clarifies the requirements for, and provides guidance on, developing and implementing an operations program for a reactor facility (nuclear power plant, advanced reactor design or small modular reactor).

This document will be used by licensees to prepare, implement and maintain an operations program for a reactor facility.

Note: Whenever the following text refers to “licensees”, proponents and applicants may use the information provided to develop their operations program for their proposed reactor facility.

1.2 Scope

This regulatory document is based on operational experience (OPEX) and best practices developed from water-cooled nuclear power plants. This information will be updated as additional information is gathered from advanced reactor designs and small modular reactors. Proponents, applicants and licensees should apply the information and concepts from this regulatory document to the extent practicable and as best applicable to other designs, including advanced reactor designs and small modular reactors.

Given the wide range of proposed reactor facilities – especially of advanced reactor designs and small modular reactors – and given that reactor facilities have risk profiles that vary significantly depending on the particular characteristics of the activity or facility, the licensee may propose addressing requirements and guidance in a graded risk-informed manner commensurate with the level of risk of the regulated activity, or may propose alternative approaches to meet regulatory requirements, as described in REGDOC-1.1.5, Supplemental Information for Small Modular Reactor Proponents ^{Footnote 1}, and REGDOC-3.5.3, Regulatory Fundamentals ^{Footnote 2}. The information in this regulatory document can also be applied to other activities and licensing stages (for example, fuel-out commissioning under a licence to construct, or decommissioning).

Proponents, applicants and licensees may propose alternative ways to meet a requirement. Any proposed alternative (including the use of other codes and standards) should appropriately address the complexities and hazards of the proposed activities, and the applicant must demonstrate, by providing supporting information, that the proposed alternative meets an equivalent level of safety.

This regulatory document is organized according to the CNSC’s safety and control area (SCA) framework. The licensee is not required to follow that structure and may choose to organize the information in any structure.

1.3 Relevant legislation

The following provisions of the Nuclear Safety and Control Act (NSCA) and the regulations made under it are relevant to this document:

• NSCA, paragraphs 24(4)(a) and (b), and 44(1)(e) and (o) General Nuclear Safety and Control Regulations, sections 12 and 15 and paragraph 17(b)
• Class I Nuclear Facilities Regulations, paragraphs 6(d) and (h), and 14(2)(a) and (c)

1.4 National and international standards

Key principles and elements used in developing this document are consistent with national and international standards.

In particular, this regulatory document is consistent with:

• the principles set forth by the International Atomic Energy Agency (IAEA) in SSR2/2 (Rev 1), Safety of Nuclear Power Plants: Commissioning and Operation ^{Footnote 3} and the IAEA guides that support it; note that the scope of this regulatory document goes beyond SSR2/2 (Rev 1) to reflect best Canadian practices
• CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}

Other documents that contain information that may be of interest to persons involved in operations programs for reactor facilities are listed in the Additional Information section of this regulatory document.

2. Operations Program

An operations program consists of policies, processes and procedures that provide direction and information for establishing safe operating practices within the reactor facility, under all operating conditions (routine and non-routine), and provides the licensee with information to ensure the facility is operated in accordance with the licensing basis.

Note: If a specific requirement within this regulatory document is addressed through another program (for example, the licensee’s human performance program, maintenance program, configuration management program, work management program, emergency management program, or other program), the licensee may provide a cross-reference to that program as part of the operations program governance.

2.1 General overview

Requirements

The licensee shall develop, implement and maintain an operations program in accordance with its management system as defined in its licensing basis. The licensee shall ensure that the operations program covers all licensed or authorized activities relating to the operation of the reactor facility. The licensee shall establish safety and control measures to ensure that appropriate actions are taken for prevention and mitigation of risks associated with the reactor facility under all conditions.

The licensee shall document how the operations program is consistent with industry experience and best practices for safe and effective performance, and how it integrates into a comprehensive framework that promotes a strong safety culture.

The licensee shall make and document operational decisions in accordance with the management system principles, commensurate with risk.

Guidance

Key principles and elements of the operations program should be consistent with:

• REGDOC-2.1.2, Safety Culture ^{Footnote 5}
• CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}

Safety and control measures could include an effective combination of personnel training and use of procedures to conduct routine activities and safely cope with abnormal conditions.

For operations personnel, training should cover relevant areas of technology to the levels necessary for the tasks to be performed consistent with the requirements set out in REGDOC‑2.2.2, Personnel Training ^{Footnote 6}, and REGDOC-2.2.3, Personnel Certification, Volume III: Certification of Reactor Facility Workers ^{Footnote 7}.

For more information on operations programs, see IAEA SSG-76, Conduct of Operations at Nuclear Power Plants ^{Footnote 8}.

2.2 Interfacing programs

Requirements

The licensee shall ensure that the operations program identifies all interfacing programs and stand-alone processes and practices.

When activities in interfacing programs overlap with the operations program, the licensee shall:

• define all of the applicable roles, responsibilities and accountabilities for the overlapping programs
• define how and by whom decisions are made
• summarize any differences in accountabilities between the programs

Guidance

Some examples of interfacing programs are the licensee’s commissioning, human performance, maintenance, configuration management, work management, accident management, security, emergency management, and decommissioning programs.

For more information on requirements and guidance for interfacing and overlapping programs, see:

• REGDOC-2.1.2, Safety Culture ^{Footnote 5}
• REGDOC-2.3.2, Accident Management ^{Footnote 9}
• REGDOC-2.3.1, Conduct of Licensed Activities: Construction and Commissioning Programs ^{Footnote 10}
• REGDOC-2.11.2, Decommissioning ^{Footnote 11}
• CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}
• regulatory documents and industry standards for other specific programs

2.3 Operations organization

Requirements

The licensee shall establish an operations organization to implement and maintain the operations program.

The operations organization shall ensure that the operations program:

• stipulates the authorities, responsibilities and accountabilities of all levels of management in the safe conduct of licensed activities
• clearly defines the organizational structure of facility operations
• formally documents the administrative controls for implementing the organizational structure

The operations organization shall ensure that key aspects of the operations program are communicated to support organizations (for example, contractors, external maintenance organizations, vendors, research institutes and technical support organizations) so that the licensee’s requirements and expectations for safety are met.

Guidance

The operations organization should also ensure that the operations program contributes to a strong safety culture within the organization.

The operations organization should put provisions in place to cover the interfaces between the operations organization and other departments and support organizations (both internal and external; for example, suppliers, contractors and emergency organizations). For additional information on interfacing programs, see section 2.2, Interfacing programs.

Some examples of how the operations program may contribute to a strong safety culture are:

• adherence to, and appropriate use of, approved standards and procedures, with ongoing improvement to the procedures based on operational experience (OPEX)
• assuring resources are available to match the work demands
• monitoring and assessing performance, and striving for ongoing improvement in performance based on OPEX

2.3.1 Expectations for persons who are responsible for the management and control of the reactor facility

Certain roles in management are assigned both duties and authority to direct day-to-day operations and maintenance in the facility. Some examples in Canada are the Director of Operations and Maintenance, and facility senior management responsible for the operating organization who are required to be on call for specific supplementary operational decision making as required by the management system. These managers are responsible for protection and safety (of the reactor facility, the workers and the public), oversee the performance and supervision of the shift personnel, and direct the control of facility operations and maintenance in accordance with the operating limits and conditions (OLCs) and approved procedures.

Requirements

The licensee shall have managed processes for selecting appropriate candidates to ensure that workers (including persons occupying senior leadership positions in operations with responsibility for safety and licensing decisions) possess the qualifications and training required for the position.

As described in section 15 of the General Nuclear Safety and Control Regulations, the licensee shall inform the CNSC of the names and contact information of all personnel who are responsible for the management and control of the nuclear facility. For more information, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}.

The licensee shall establish expectations, qualifications, roles and responsibilities, and the chain of communications for each person who is responsible for the operating organization and for the management and safe operation of the reactor facility. Each of these persons shall understand the regulatory requirements applicable to the reactor facility and shall demonstrate commitment to the safe operation of the facility.

When any of these persons are on duty or on call, their responsibilities for management and control of this reactor facility shall include, at a minimum:

• coordination of facility activities, in accordance with the facility governance
• being continuously available (by either being onsite or on call) to support the safe operation of the facility; when not onsite, being capable of arriving at the site within a predetermined time as defined by the licensee’s management system
• being aware of the current facility and unit status; specifically, of any operational and safety challenges
• being capable of responding to an event and directing personnel to execute approved procedures (for example, to be capable of working with the shift manager and the emergency response organizations in case of an emergency)
• making justified decisions and taking safe, conservative actions (if necessary, in consultation with another person responsible for management and control of the reactor facility)

Guidance

The licensee should ensure that the responsibilities of persons who are responsible for the management and safe operation of the reactor facility are documented and adhered to.

Each person who is responsible for the management and safe operation of the reactor facility should have the following minimum qualifications:

• substantial exposure to the safe operation of the type of reactor or similar reactors
• technical knowledge of the facility and its systems, structures and components (SSCs)
• in-depth knowledge of the NSCA and the regulations made under it
• if making a change to the design, safety analysis, or safe operating envelope (SOE), the person is aware of which changes require notification to, or approval by, the regulatory body (that is, if the change affects the licensing basis)

2.3.2 Operations decision making

Requirements

The licensee shall establish a clear, systematic, timely and conservative method of making decisions that affect nuclear safety, personnel safety, the environment, and facility operations (including reliability, asset management and operational efficiency).

The licensee shall ensure that processes are in place to provide information to the appropriate operations personnel for developing recommendations and making decisions.

The licensee shall establish responsibilities and accountabilities for the operations personnel who are involved in the operational decision making.

As part of its management system, the licensee shall ensure that risk-informed operational decisions that may affect the reactor or supporting systems are recorded.

Guidance

As part of its management system, the licensee should ensure that other risk-informed operational decisions are recorded appropriately.

When applying risk-informed operational decision making relevant to nuclear safety, the licensee should:

• determine if, and to what degree, the change affects its licensing basis
• ensure that defence in depth is maintained (for more information, see REGDOC-2.5.2, Design of Reactor Facilities ^{Footnote 13})
• ensure that sufficient safety margins are maintained (for more information, see REGDOC‑2.5.2 ^{Footnote 13})
• determine if risk is reduced or maintained, or if the change in risk is small (for more information, see IAEA INSAG-25, A Framework for an Integrated Risk Informed Decision Making Process ^{Footnote 14})
• ensure that engineering and organizational good practices are taken into account (for more information, see IAEA INSAG-25 ^{Footnote 14})
• consider state-of-the-art methodologies and OPEX (for more information, see IAEA INSAG 25 ^{Footnote 14})
• consider safety and security (for more information, see IAEA INSAG-25 ^{Footnote 14})

The licensee should endorse and emphasize conservative decision making for instances where conditions outside the normal operating conditions are encountered. Conservative decision making in operational safety management means making decisions that always maintain all levels of defence in depth.

For more information:

• on risk-informed decision making, see:
  • REGDOC-3.5.3, Regulatory Fundamentals ^{Footnote 2}
  • CSA N290.19, Risk-Informed Decision Making for Nuclear Power Plants ^{Footnote 15}
  • IAEA INSAG 25, A Framework for an Integrated Risk Informed Decision Making Process ^{Footnote 14}
• on communication, see CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}

3. Conduct of Facility Operations

3.1 Control of facility operations

Requirements

The licensee shall establish and maintain provisions for facility status control, such as:

• monitoring the status of the facility’s systems
• field verification of the settings for position-assured components (for example, whether such components could be secured or locked to prevent inadvertent loss of configurational control)
• timely turnover of information about equipment status
• in-process testing (such as sampling, and verifying functionality and reliability)
• current status of the active clearances and equipment limitations during all facility states and operational configurations (such as shutdown, power production, refueling, start-up, transitional states, maintenance or outage, and testing) to ensure adherence to:
  • operational limits and conditions (OLCs)
  • design requirements
  • physical configuration
  • facility documentation (for example, operating procedures or drawings)

The licensee shall ensure that provisions are in place so that only authorized personnel can manipulate key operational controls and position-assured components that implement changes to the facility status.

The licensee shall implement and maintain provisions for locking, tagging or otherwise securing isolation points, and for de-energizing systems or components undergoing maintenance. These provisions shall be in accordance with applicable federal, provincial or territorial, and municipal regulations and with industry standards.

Guidance

The licensee should ensure that the provisions allow operators sufficient time to make decisions and take actions. Human performance tools for verification of operator actions should be used to the extent practicable.

Before performing a modification to an SSC important to safety, the licensee should use results from the deterministic safety analysis (complemented by the probabilistic safety assessment (PSA)) to determine the safety significance of the change and whether compensatory actions are needed. In conjunction with other tools, the licensee may use PSA results and risk monitors to estimate the change in risk. During the implementation of the configuration change, the licensee should monitor and manage the risk associated with the configuration.

For more information on facility operations aspects of configuration management, see:

• IAEA SSG-71, Modifications to Nuclear Power Plants ^{Footnote 16}
• IAEA SSG-74, Maintenance, Testing, Surveillance and Inspection in Nuclear Power Plants ^{Footnote 17}

3.1.1 Facility configuration management

Requirements

The licensee shall establish and maintain provisions for facility configuration management to ensure consistency between OLCs, design requirements, physical configuration and facility documentation.

The licensee shall ensure that:

• the facility configuration management program ensures that all changes to the facility’s SSCs important to safety are properly assessed, designed, approved, implemented, accepted, documented and labelled for clear identification in the field
• changes and modifications are assessed for their aggregate risk impact on the unit, station or entire facility, including performing the appropriate safety analysis before the modification commences

The licensee shall:

• establish a system for timely communication of temporary changes and of their consequences and impact on risk to relevant personnel
• ensure that a list of temporary modifications is available to all operations personnel; the list shall specify a time limit for the duration of each temporary modification, after which the temporary modification shall be reviewed for its applicability, safety and necessity in the current conditions of the facility
• establish a process for approving the temporary modification if that modification is to remain in effect (that is, become a permanent modification)

Guidance

Before performing a modification, the licensee should consider which parts of a system may be affected by the modification. After performing the modification, the licensee should perform a confirmation to ensure appropriate alignment of the SSCs important to safety before operating.

For more information on management system aspects of configuration management, see:

• CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}
• CSA N286.10, Configuration Management for High Energy Reactor Facilities ^{Footnote 18}

3.1.2 Performance of activities that may affect operations

Requirements

The licensee shall assess all routine and non-routine activities, including maintenance, for potential impacts on the facility’s operation. The assessments shall characterize impacts on operational margins predicted by the deterministic safety analysis, on the probabilistic safety goals, and on the hazards that may affect worker safety.

The licensee shall use the safety significance of the task to determine the appropriate level of assessment and the subsequent control and verification of such activities.

The licensee shall ensure that appropriate approvals are in place prior to execution of activities that may affect operations.

Guidance

The licensee should consider the cumulative impact, such as on operational margins, from all work anticipated to be done during the same time period.

3.1.3 Heat sink management

Requirements

The licensee shall establish and implement a strategy for managing heat sinks in all modes of operation, including but not limited to:

• primary and backup heat sinks for all planned reactor sites and facility configurations; for example, outages and low-power operating conditions, start up, shut down and layover for long durations
• emergency heat sinks to mitigate consequences of a loss of the primary and backup heat sinks, for all events included in the design basis and considered in design extension conditions
• if the design includes a wet storage bay (that is, irradiated fuel bay, spent fuel bay, used fuel pool), heat sinks in the wet storage bay for normal and accident conditions

For each heat sink, the licensee shall maintain adequate cooling by establishing and maintaining:

• the required heat removal capacity
• the capability of the heat sink under normal operations
• the reliability of process equipment and backup equipment to maintain cooling capability and capacity
• monitoring requirements
• back-out actions for planned operating evolutions
• operator actions in case of primary heat sink failure

The licensee shall ensure that the information for each heat sink takes into account the complete chain of heat dissipation from the source (such as fuel or process equipment) to the ultimate heat sink (the environment).

Guidance

For more information on heat sink requirements during outages, see CSA N290.11, Requirements for Reactor Heat Removal Capability During Outage of Nuclear Power Plants ^{Footnote 19}.

3.1.4 Control of challenges to operations

Requirements

The licensee shall establish and implement provisions to alleviate the impact of deviations from an intended state of equipment or working conditions. The licensee shall establish a managed process by which such deviations are recognized, classified, monitored and resolved.

Guidance

Some examples of such deviations include:

• environmental conditions; for example, overly hot temperatures in work locations
• hazardous environments requiring personal protective equipment (PPE) or engineering solutions (such as robotics)
• manual operation of equipment instead of automatic
• reduced annunciation coverage
• unsafe conditions because of stress, wear, impact, vibration, heat, corrosion, chemical reaction and misuse

3.1.5 Shift operations

Requirements

The licensee shall ensure that on-shift operators can control and maintain the facility and its supporting systems, both:

• within the boundaries of equipment alignments that have been analyzed
• within approved procedures

When any operational action is initiated from a control panel by authorized personnel (in a control location or a field location), the operator shall verify that the expected result of the intended action has been carried out correctly and the expected results are achieved.

Operational actions shall be independently verified, as appropriate and commensurate with risk.

Guidance

On-shift operators should restrict operations that could lead to a condition outside the boundaries of equipment alignments that have been analyzed.

Operators should closely monitor important facility parameters in accordance with the licensee’s management system, regardless of whether these parameters are also recorded electronically. If the parameters demonstrate drifting, operators should analyze the trend and respond according to the approved procedures.

For more information, see CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}.

3.1.6 Control locations and equipment

Requirements

The licensee shall ensure that control locations and equipment provide adequate working conditions for the operators to discharge their duties during all operational states. The licensee shall take appropriate actions to ensure that human access (that is, habitability) of control locations is maintained, commensurate with the expected mission and importance to safety of the facilities and equipment, in accident conditions.

The licensee shall ensure that provisions are in place for protection of personnel from identifiable hazards, for life support and for safe escape if the location is no longer habitable.

The licensee shall ensure that up-to-date operating documentation is readily available to the operators.

Guidance

Control locations include, as applicable, the primary control room, the secondary control room and alternate control locations.

Up-to-date operating documentation (such as procedures, operational flowsheets, design drawings, and any other documentation used by the operations staff) includes all information that is needed for responding to operational transients and to situations and events.

For more information on working conditions, see REGDOC-2.8.1, Conventional Health and Safety ^{Footnote 20}.

3.1.7 Secondary or alternate control locations

Requirements

The licensee shall ensure that the secondary control room and all other secondary (or backup) operational panels in locations outside the primary control room are:

• accessible to authorized personnel within the timeframe required in the operations procedures
• kept
  • in a state ready to operate
  • free from obstructions
  • free from non-essential material that would prevent their immediate operation

The licensee shall confirm that the secondary control room or alternate control locations and all other safety-related operational panels are in the proper state of operational readiness, including up-to-date documentation, operable communication and alarm systems, and habitability. The licensee shall define the frequency for these confirmations of readiness.

The licensee shall develop lines of communication between the primary control room and alternate control locations to ensure an adequate transfer of information between operators during all operating conditions.

Guidance

Some examples of communications lines are:

• communication between the primary and alternate control locations
• communication between operators in the field and the primary and alternate control locations
• emergency communications between the primary and alternate control locations and emergency response organizations, other control locations, operators in the field, and so on

3.1.8 Monitoring and alarm response

Requirements

The licensee shall establish and implement policies and procedures for monitoring of the facility conditions by the operators in the control locations, including:

• monitoring of panels and other informational displays (such as screens)
• responses to alarms
• initial and continuing operator actions that are required to respond to an alarm

The licensee shall establish procedures for operators to manage the response to alarms. The procedures shall specify a panel monitoring frequency that detects fault conditions in a timely manner.

The licensee shall ensure that:

• the alarms in the main control location are managed appropriately
• the facility information system operates in a manner such that off-normal conditions are easily recognizable by the operators
• operators are trained in using the facility information system to recognize off-normal conditions
• control location alarms are clearly prioritized for operator action
• procedures exist for:
  • removing and returning alarms from service when it is appropriate to minimize the number of alarms, including alarm messages from the process computer, for any analyzed operational state, outage or accident condition of the facility
  • addressing spurious or frequently occurring alarms

Guidance

Some examples of alarms that are appropriate to be minimized include maintenance, operability testing, and similar alarms. For more information, see REGDOC-2.5.2, Design of Reactor Facilities ^{Footnote 13}.

Alarms that are spurious or that occur frequently, including nuisance alarms, should be investigated and, if necessary, addressed through corrective action.

The licensee should ensure that operators actively monitor the safety parameter display system (SPDS) to:

• assess the facility’s status
• review the safety-critical parameters for the diagnosis and mitigation of design-basis accidents (DBAs)

3.1.9 Material conditions and housekeeping

Requirements

The licensee shall establish provisions to ensure that:

• operational premises and equipment are maintained, well-lit and accessible
• storage is controlled and limited
• equipment that is degraded (for example, from leaks, corrosion, loose parts or damaged thermal insulation) is identified, monitored and corrected
• problems or deficiencies are identified, and are corrected according to the licensee’s safety and control measures
• the intrusion of foreign materials is prevented or minimized

The licensee shall ensure that the identification and labelling of safety equipment, SSCs important to safety, rooms, piping and instruments are accurate, legible and well-maintained, and that the labels do not degrade the item being identified.

The licensee shall ensure that procedures are in place for the management of combustible materials, including packaging. For more information, see CSA N293, Fire Protection for Nuclear Power Plants ^{Footnote 21}.

Guidance

The licensee should evaluate the effects of the intrusion of foreign objects and the required mitigating actions. For foreign material exclusion (FME), the licensee should ensure that:

• a process is in place for handling FME; for more information, see REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}
• preventive measures and information control measures are in place; for more information, see CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}

For more information, see REGDOC-2.8.1, Conventional Health and Safety ^{Footnote 20}.

3.1.10 Chemistry control

Requirements

The licensee shall establish and implement a chemistry control program to ensure the long‑term integrity of SSCs important to safety and the minimization of radiation hazards.

Guidance

For more information about chemistry control and chemistry surveillance, see REGDOC-2.6.4, Chemistry Control for Reactor Facilities ^{Footnote 23}.

3.2 Human performance for operations

3.2.1 Communications

Requirements

The licensee shall ensure that reliable communication equipment is established to support activities in the control locations and throughout the facility for all modes of operation.

Guidance

The licensee should establish a process to ensure effective communications, using human performance tools and including 3-way oral communications, for operational activities.

For more information on using human performance tools for effective communications, see section 3.2.5.

3.2.2 Operating logs

Requirements

The licensee shall establish a process for maintaining operating logs (also referred to as control room logs or operations records). The licensee shall ensure that such logs provide an official record of the chronology of events, facility activities, and changes in the status of systems or components.

Guidance

The licensee should establish clear and understandable rules about the quality and content of operating records and logs. The licensee should ensure that these rules are communicated clearly.

Some examples of the content of the operating records and logs are:

• the processes and general status of the facility at shift turnover
• mode changes of the reactor and of major facility systems and equipment
• abnormal facility configurations
• equipment and systems that are out of service
• surveillance and post-maintenance testing that has been carried out
• deviations that were identified and actions that were taken for their resolution

3.2.3 Shift turnover and briefings

Requirements

The licensee shall establish processes for conducting a safe and controlled transfer of responsibilities between shifts. The processes shall include, at a minimum:

• panel walkdowns (as applicable) and review of displays (such as screens and annunciators)
• review of operating logs
• review of systems or equipment undergoing maintenance or testing evolutions that are carrying over to the next shift
• checklists
• briefing of any challenges to operations and deviations from normal operating conditions
• verification that the minimum shift complement is met (see REGDOC-2.2.5, Minimum Staff Complement ^{Footnote 24})

Guidance

The licensee should ensure that the shift turnover process identifies:

• the persons involved
• their responsibilities
• the locations and conduct of shift turnover
• method of reporting facility status, including provisions for special circumstances such as abnormal facility status and staff unavailability

The licensee should ensure that shift briefings are conducted in such a way that the expectations and objectives of the supervisors responsible for overseeing the conduct of operations within the control location are effectively communicated to, and understood by, all of the staff under supervision. The level and number of shift briefings may vary depending on the composition of the shift crews.

The licensee should ensure that the human performance tools are used for shift turnover and briefs; for example, use of 3-way communications, phonetic alphabet and verbalization. See also section 3.2.5, Human performance tools for operation.

3.2.4 Access to control locations

Requirements

The licensee shall ensure that access to control locations and to areas containing sensitive instrumentation is limited and controlled. The licensee shall establish professional standards for safe and secure behaviours while in these areas.

Guidance

The licensee should ensure that access of non-shift personnel to the main control location is restricted or minimized during shift turnover, transients, and infrequently performed tests or evolutions (IPTEs).

3.2.5 Human performance tools for operation

Requirements

The licensee shall have a program for human performance tools that considers the roles and responsibilities of each user of each tool, at all levels of the organization.

Guidance

The licensee should ensure that human performance tools are effectively integrated into all ongoing operational processes.

Human performance tools are also referred to as error reduction tools. Some examples are:

• 3-way oral communication
• phonetic alphabet
• pre-job briefing and post-job debriefing
• self-check with verbalization
• questioning attitude
• procedure use and adherence

3.3 Testing and surveillance

Surveillance includes the broad range of activities undertaken on a routine basis to verify operation within the safe operating limits, such as panel checks, routine surveillance rounds, reliability program tests, chemistry sampling, and calibrations.

The surveillance program is in place to detect, in a timely manner, degradation and aging of SSCs important to safety that could lead to unsafe conditions.

Note that other programs, such as maintenance and in-service inspections, are not included under testing and surveillance.

Guidance

The licensee should review surveillance test results for long-term trends that may indicate any deterioration.

For more information, see:

• REGDOC-2.6.3, Aging Management ^{Footnote 25}
• REGDOC-2.6.1, Reliability Programs for Nuclear Power Plants ^{Footnote 26}
• REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}
• for the SOE surveillance program:
  • CSA N290.15, Requirements for the Safe Operating Envelope of Nuclear Power Plants ^{Footnote 27}
  • section 8.2 of this regulatory document, Surveillance and testing program

3.3.1 Verification rounds

Requirements

The licensee shall ensure that:

• operator rounds and routines are designed and used to evaluate equipment status and identify abnormal conditions and hazards
• operator rounds and routines occur on a regular basis such that abnormal conditions and hazards are identified according to the licensee’s safety and control measures
• corrective action is initiated when abnormal conditions or hazards are identified

Guidance

Verification rounds include operator rounds (which are part of the surveillance program) and routines, and inspections. The licensee should ensure that:

• operator rounds and routines take precedence over non-operational or non-safety-related duties
• operator rounds and routines include recording of any changes that were made by field operators during the shift
• results are assessed, and followed up if required, through problem identification and resolution processes that are part of the licensee’s management system
• specific training is provided to the shift personnel to ensure best practice in identifying and reporting deviations

The licensee should consider implementing remote monitoring equipment, where practicable, to ensure that particular attention is given to remote areas of the facilities and to items of equipment that are difficult to access. Some examples of factors that should be noted by shift staff during verification rounds are:

• deterioration in material conditions of any kind, corrosion, leakage from components, accumulation of chemical deposits (for example, from leaking systems), excessive vibration, unfamiliar noise, inadequate labelling, foreign bodies, and deficiencies necessitating maintenance or other action
• the operability and calibration status of measurement and recording devices and alarms on local panels throughout the facility, and their readiness for actuating or recording
• the proper authorization for, and the condition and labelling of, temporary modifications in the field (for example, the presence of blind flanges, the addition of hoses or jumpers, and lifted leads in the back panels)
• indications of deviations from good housekeeping; for example:
  • the condition of components, sumps, thermal insulation and painting
  • obstructions
  • posting of signs and directions in rooms
  • posting and status of large bay doors, doors restricting access to potentially hazardous areas, or steam barriers (such as steam doors)
• deviations from the rules for:
  • working in safety-related areas such as those for welding
  • wearing of individual means of protection
  • radiation work permits
  • other matters of radiation safety or industrial safety
• deviations in fire protection, such as:
  • deterioration in fire protection systems and the status of fire doors
  • accumulations or improper storage of materials that may create fire hazards ( such as wood, paper and refuse) and oil leakages
  • industrial safety problems such as leaks that may create fire hazards, challenges to fire responses, and slip and trip hazards
• deviations in other installed safety protection devices, such as flooding protection measures, seismic constraints, and unsecured components that might be inadvertently moved

For more information, see REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}.

3.3.2 Operability testing program for systems important to safety

Requirements

The licensee shall develop and maintain provisions for operability testing for systems important to safety. The provisions shall identify:

• requirements for operability tests
• a process for determining whether equipment is considered operable, using clear pass/fail criteria
• acceptable levels of impairments, and strategies for dealing with impairments (including actions and action times)
• directives for conditions when testing cannot be executed
• operations personnel responsible for the conduct of tests
• certified personnel to sign off on the completed tests

The licensee shall ensure that, where appropriate, the test program results are provided to the reliability program and other applicable programs.

Guidance

Some examples of operability testing provisions are:

• arrangements are in place to ensure that only properly tested, calibrated and authorized tools are used
• the operations personnel review the plans for post-maintenance testing during a planning stage, and the review is repeated by personnel in the main control location before the testing starts
• non-routine tests are performed in accordance with a formal process that includes step-by-step procedures in the same manner as required for routine tests

For more information, see REGDOC-2.6.1, Reliability Programs for Nuclear Power Plants ^{Footnote 26}.

3.3.3 Safety-critical and infrequently performed tests or evolutions

Requirements

The licensee shall establish and implement a process to manage infrequently performed tests or evolutions (IPTEs) and specially developed tests or evolutions that may significantly degrade nuclear, radiological, public or personnel safety if performed incorrectly.

The licensee shall ensure that the process and its implementing documentation identify:

• required assessments
• specific authorities, responsibilities, and accountabilities of the workers involved
• procedures for executing the activities
• risks, precautions, and actions that should be taken if a problem arises during the test
• training, rehearsal, hold point, and back-out criteria for halting tests or facility evolutions when unexpected situations arise
• preparations including review, approval, and pre-evolution briefings
• tests, inspections, and debriefs after the completion of activities

The licensee shall ensure that no equipment is operated outside of approved specifications without adequate justification, preparation, and authorization. If a non-routine operation needs to be conducted that is not covered by existing operating procedures, the licensee shall ensure that a specific safety review is performed and a special procedure is developed (subject to applicable notifications and approvals).

Guidance

The personnel responsible for the operating organization should maintain oversight and awareness of the facility status during special tests or IPTEs.

The licensee should inform the CNSC of safety-significant IPTEs (both planned and unplanned) and special tests before they are conducted.

4. Core Reactivity and Fuel Management

4.1 Core reactivity management

Requirements

The licensee shall ensure that all facility evolutions affecting reactivity are safe, controlled and conservative such that:

• the facility remains within the licensing basis
• optimization of fuel utilization and flexibility in core operation do not compromise safety

The licensee shall establish measures for reactivity management to ensure that:

• core parameters are monitored, analyzed for trends, and evaluated to detect abnormal behaviour
• actual core performance is consistent with core design requirements

The licensee shall ensure that the values of key operating parameters are recorded and retained.

Guidance

The core reactivity measures should include (but not be limited to) procedures and engineering practices that ensure:

• safe shutdown margin
• operation within the assumptions in the safety analysis
• compliance with operating policies, principles and procedures, and with the licensing basis
• reduced challenges to the reactor shutdown system
• acceptable core power distributions
• operation within acceptable fuel design limits (to ensure fuel integrity)

4.2 Fuel management

Requirements

The licensee shall establish measures for fuel management and associated tasks.

Guidance

Some examples of associated tasks for fuel management include:

• procurement, verification, receipt and accounting
• storage in a sub-critical configuration
• control of in-core fuel loading, utilization and relocation
• controlling deviations from procedures

For information about fuel qualification, see REGDOC-2.4.5, Nuclear Fuel Safety and Qualification ^{Footnote 28}.

4.3 Handling of fuel and core components

Requirements

The licensee shall establish procedures for fuel handing to ensure:

• the controlled movement of unirradiated and irradiated fuel and core components
• proper storage on the site
• preparation for transport from the site

The licensee shall ensure that all handling of enriched fuel is done in accordance with nuclear criticality safety provisions.

Guidance

The licensee should ensure that:

• when fuel is moved from storage, it is identified and checked against the approved refueling program
• arrangements are in place to ensure that the fuel has been loaded into the specified position in the core and correctly positioned
• the equipment used for the movement of irradiated fuel has been qualified and tested before use
• a system is in place to account for the nuclide inventory and the decay heat of the irradiated fuel

For information on the management of nuclear criticality safety for operations with fissionable materials outside nuclear reactors, see REGDOC-2.4.3, Nuclear Criticality Safety ^{Footnote 29}.

4.4 Fuel integrity

Requirements

The licensee shall establish provisions to monitor fuel integrity.

Guidance

Some examples of monitoring fuel integrity are:

• review and analysis of radiochemistry for gas or liquid coolant
• post-irradiation inspection of discharged fuel

For more information, see:

• REGDOC-2.4.5, Nuclear Fuel Safety and Qualification ^{Footnote 28}
• REGDOC-2.6.4, Chemistry Control for Reactor Facilities ^{Footnote 23}

5. Operating Procedures

Requirements

The licensee shall establish a policy for the use of operating procedures. The licensee shall ensure that the policy is communicated to all personnel who may be involved (for example, operators and operations personnel, engineers and safety analysis representatives).

The licensee shall ensure that operating procedures are written in a standardized manner, and that the procedures identify:

• the relevant safety limits, internal administrative limits, and the applicable operating states
• requirements for alignment with other systems, and for startup and shutdown
• potential hazards in carrying out the procedures

Guidance

Operating procedures should also include:

• alarms
• common failures and resolutions
• temporary procedures

The level of approval for deviation from operating procedures should be defined in the management system.

The licensee should categorize operating procedures according to how they are applied.

The licensee should ensure that the procedures are compatible with the environment in which they are to be used. The procedures should be validated in the form in which they will be used in the field (paper-based, electronic checklists, and so on). Values prescribed in the procedures should be in the same units as those used on the associated instrumentation in the main control location and on local control panels or equipment in the facility.

The licensee should ensure that procedures, drawings and any other documentation used by the operations staff – in the main control location or anywhere else in the facility – are approved and authorized in accordance with the procedures in the management system. Such documentation should be controlled, regularly reviewed, updated promptly as necessary, and maintained in good condition. Updates should also include results from OPEX.

Emergency operating procedures should be clearly distinguished from other operating procedures.

For more information on the use of and adherence to procedures, and on documentation controls, see CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}.

5.1 Operator aids

Requirements

The licensee shall establish measures to control the use of, and reliance on, operator aids. The licensee shall ensure that use of informal and temporary aids is minimized and effective aids are incorporated into the facility configuration and procedures as appropriate.

The licensee shall ensure that if operator aids are used, the aids supplement but do not replace approved procedures or procedural changes.

Guidance

Operator aids include sketches, handwritten notes, curves and graphs, instructions, copies of procedures, prints, drawings, information tags and other information sources that are used by operators to assist them in performing their assigned duties.

If operator aids become permanent features at the facility, the aids should be incorporated into the official procedures.

5.2 Authorization for work

Requirements

The licensee shall ensure that work performed within a reactor facility that has the potential to affect reactor systems or supporting systems is authorized in accordance with the potential impact on safety of the workers, the environment, and the operation or safety of the facility.

The licensee shall establish a process for obtaining authorization to do work in general and for preparing, approving, issuing, accepting, and surrendering a work authorization.

Guidance

The licensee should ensure that a controlled process is in place to transfer work information to operators and operational staff.

6. Operating Experience Reporting and Review

Requirements

The licensee shall establish an audit and review system to ensure that the operations program is being implemented effectively and that “lessons learned” are being documented and communicated such that the safety performance of the facility improves over time.

Guidance

The “lessons learned” should be recorded in a manner that facilitates their review when future work is planned for similar activities.

6.1 Monitoring and reporting of operating performance

Requirements

The licensee shall include self-assessment as an integral part of the monitoring and review system. The licensee shall perform systematic self-assessments to identify achievements and address any degradation in safety performance.

Guidance

Feedback from non-event-related operational feedback (for example, observation of good practices, lessons learned from post-job briefings) should be collected, analyzed, and disseminated.

For more information on reporting, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}.

6.2 Performance indicators for operations

Requirements

The licensee shall develop and use suitable measurable performance indicators that:

• reflect actual performance (that is, lagging indicators)
• provide an early warning of declining performance (that is, leading indicators)

Guidance

The measurable performance indicators should enable the operators and the licensee to gain a general sense of the overall performance of the reactor facility and its trend over time.

Low-level events and near misses should be reported and reviewed thoroughly as potential precursors to degraded safety performance. Abnormal events important to safety should be investigated in depth to establish their direct and root causes.

For each performance indicator, the licensee should identify:

• targets for desired performance
• thresholds for acceptable performance
• frequency of tracking
• credible challenges
• expectations for recovery in case of degraded performance
• roles and responsibilities of operations staff

For examples of safety performance indicators, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}.

6.3 Identification of operating experience

Requirements

The licensee shall establish and implement a program to systematically collect, screen, analyze, trend, document, and communicate operating experience (OPEX) for the facility.

The licensee shall promote a culture that encourages and supports the exchange of information on events that are relevant to safety, including:

• low-level events and near misses
• potential problems relating to equipment failures
• shortcomings in human performance
• procedural deficiencies
• inconsistencies in documentation

6.4 Review of external operating experience

Guidance

It is important that relevant lessons from other industries be taken into consideration, as appropriate. The licensee should obtain and evaluate available information on relevant operating experience at other reactor facilities (including low-level events and near misses) to draw and incorporate lessons learned.

The licensee should engage in the exchange of experience within national and international frameworks for the feedback of operating experience . The licensee should also take into consideration feedback of operating experience from maintenance activities, as described in REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}.

Where appropriate, the licensee should maintain liaison with the organizations involved in the design and construction of the reactor facility (such as manufacturers, research organizations and designers). The objective is to exchange operating experience feedback and to secure advice in case of equipment failures and abnormal events.

7. Outage Management

For the purposes of this regulatory document, outage management refers to the processes for planning, scheduling and carrying out testing, inspections, maintenance, and corrective actions during reactor outages, including online outage lead in tasks and extensive refurbishment outages.

Requirements

The licensee shall establish provisions to ensure the effective performance, planning and control of work activities during outages. These provisions shall identify, as a minimum:

• outage roles and responsibilities, and accountabilities for outage management
• outage scoping and planning
• reactor restart process, including verifications and approvals before restart
• outage close-out process

The licensee shall ensure that:

• defence in depth and safety margins are maintained during outages
• the following items are incorporated as essential elements of outage programs and planning: optimization of radiation protection; conventional health and safety; waste reduction; and control of chemical hazards
• the objectives listed in the first 2 items of this list are clearly communicated to all relevant facility workers

As part of the outage management planning provisions, the licensee shall ensure that provisions are in place for:

• redundant power sources; heat sinks; the capability to ensure the integrity of the containment; cooling of the wet storage bay (that is, irradiated fuel bay, spent fuel bay, used fuel pool) if one exists in the design; fuel handling activities; and the interdependence of SSCs important to safety
• maintaining control over the systems and redundant systems that are necessary to maintain the facility in a safe shutdown state

The licensee shall ensure that:

• reactivity of the reactor is controlled and monitored at all times throughout the outage
• the reactor is maintained in the approved shutdown configuration

Guidance

A considerable part of all maintenance activity is performed while the facility is shut down; however, maintenance may be planned and executed under power operation provided that adequate defence in depth is maintained.

The licensee should consider performance indicators as part of its provisions for outage planning.

The licensee should ensure there is adequate defence in depth when planning and executing testing, maintenance and surveillance activities during an outage. The licensee may use the probabilistic safety assessment (PSA), including risk monitors, to assess and manage the effects of SSCs being unavailable and to demonstrate that the risk has not increased significantly.

For more information, see:

• REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}
• IAEA, SSR 2/2 (Rev 1), Safety of Nuclear Power Plants: Commissioning and Operation ^{Footnote 3}
• CSA N290.19, Risk-Informed Decision Making for Nuclear Power Plants ^{Footnote 15}

7.1 Roles and accountabilities

Guidance

To ensure that risk from an outage is managed properly, the licensee should:

• establish an interface between the operations and other supporting organizations, such as the maintenance department
• ensure that operations personnel are involved in the coordination of outage activities so that the proper configuration of the facility is maintained and the facility status is known and communicated to each shift

7.2 Outage scoping and planning

Requirements

The licensee shall ensure that the outage scope identifies:

• regulatory undertakings (that is, work that is required by a code or a standard referenced in the licence)
• work that was committed to the CNSC to be executed as part of the outage
• all other activities requiring regulatory concurrence (such concurrence shall be received prior to the reactor restart)
• reporting requirements

The licensee shall ensure that:

• the outage scope is documented and approved by the reactor facility’s senior management
• operator resources are available to support planning and execution of the outage
• processes are established to ensure that a competent and qualified workforce, equipment and materials will be available for the planned outage

Guidance

During outage planning, the licensee should consider past, next scheduled, concurrent and future outages. Some examples of items to consider are fitness-for-service limits for components, or for multi-unit reactor facilities, ensuring that staff and equipment are available for all shifts.

For more information on:

• planning, scheduling and execution of maintenance activities, see REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}
• reporting requirements, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}
• management of resources, see CSA N286, Management System Requirements for Nuclear Facilities ^{Footnote 4}

7.3 Outage performance indicators

Requirements

The licensee shall establish outage safety performance indicators for managing safety during outages and for ensuring appropriate monitoring of outage activities.

Guidance

For more information on an operational safety monitoring program, including a combination of leading and lagging performance indicators, see section 6, Operating Experience Reporting and Review.

For some examples of safety performance indicators, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}.

7.4 Verification prior to restart

Requirements

The licensee shall assess any work included in the outage scope but not completed for its impact on the safety and readiness for service of the reactor and its systems.

The licensee shall ensure that a process is in place to review restart conditions and criteria, and authorities for making decisions, before restart of the reactor. The process shall include actions to verify that:

• the position of each component critical to reactor safety and unit operation is verified to be in the required state
• adequate heat removal capacity is available for the given reactor power level
• appropriate levels of review and approval are obtained prior to removal of any reactor shutdown guarantees and approach to criticality; for example, return to service from refurbishment may require additional regulatory approvals
• adequate support resources are available to facilitate the reactor restart; for example, fuel and physics, chemistry personnel, and operators
• the planned restart includes any hold points

Guidance

If testing prior to restart is required, operations personnel should consider broadly the operability and intended function of the entire system, and should not focus only on the operability of individual components.

For requirements for post-maintenance verification and testing (which must be completed prior to return to service for SSCs on which maintenance was conducted during an outage), see REGDOC-2.6.2, Maintenance Programs for Nuclear Power Plants ^{Footnote 22}.

7.5 Outage close-out activities

Requirements

On the completion of the outage, the licensee shall maintain records on:

• the outage summary report, documenting the activities completed, deferred, or excluded from the scope
• documentation of the results of the readiness-for-service verification

The licensee shall provide these records to the CNSC as required; for more information, see REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}.

Guidance

The licensee should also document outage lessons learned and opportunities for improvement.

8. Safe Operating Envelope

Requirements

The licensee shall, at all times, maintain and operate the reactor facility within the limits of the safe operating envelope (SOE).

Guidance

For the definition of the SOE, see REGDOC-3.6, Glossary of CNSC Terminology ^{Footnote 30}.

For information on general requirements related to the SOE, see CSA N290.15, Requirements for the Safe Operating Envelope of Nuclear Power Plants ^{Footnote 27}.

8.1 Operational limits and conditions

Requirements

The licensee shall develop operational limits and conditions (OLCs) for ensuring that the facility is being operated in accordance with the design assumptions and intent, and in accordance with the licensing basis.

The licensee shall establish OLCs that:

• maintain adequate defence in depth
• preserve safety margins
• prevent conditions that could lead to anticipated operational occurrences (AOOs) or accident conditions

The licensee shall ensure the OLCs reflect the final design and are derived from the licensing basis.

The licensee shall ensure that the OLCs:

• include requirements for normal operation, including shutdown and outage stages
• cover actions to be taken and limitations to be observed by the operations personnel
• address:
  • safety limits
  • limiting settings for safety systems
  • limits and conditions for normal operation
  • surveillance and testing requirements
  • action statements and level of approvals required for deviations from normal operation
  • AOOs, including shutdown states
  • specified operating configurations, including operational restrictions in the event of the unavailability of SSCs important to safety

The licensee shall review and revise the OLCs as necessary in consideration of experience, developments in technology and updates to the safety analysis, and changes in the facility.

The licensee shall submit the OLCs to the applicable regulatory body (CNSC or provincial authority) for assessment and approval before commencing operation.

Guidance

The licensee should develop OLCs based on safety analysis of the facility, using deterministic safety analysis and complemented by probabilistic safety assessment (PSA) where appropriate. If a risk-informed approach is used, the licensee should follow the process described in section 2.3.2 of this regulatory document, Operations decision making.

The licensee should not solely use PSA results and insights, including the use of risk monitors, to justify temporary deviations from OLCs.

The licensee may use PSA results and insights, including the use of risk monitors, to assess the impact of facility configurations that result in unavailabilities of SSCs. The licensee should assess and manage the risk, with appropriate compensatory measures.

For more information on:

• deterministic safety analysis and how OLCs are derived from it, see REGDOC-2.4.1, Deterministic Safety Analysis ^{Footnote 31}
• the development of OLCs for new reactor facilities, see REGDOC-2.5.2, Design of Reactor Facilities ^{Footnote 13}
• the development and application of OLCs, see IAEA SSG-70, Operational Limits and Conditions and Operating Procedures for Nuclear Power Plants ^{Footnote 32}

8.2 Surveillance and testing program

Requirements

The licensee shall establish and implement a surveillance and testing program to ensure compliance with the OLCs. The licensee shall ensure that the results are evaluated, recorded and retained.

Guidance

For guidance on the content of a surveillance program, see:

• section 3.3, Testing and surveillance
• CSA N290.15, Requirements for the Safe Operating Envelope of Nuclear Power Plants ^{Footnote 27}

8.3 Operation within the safe operating envelope

Requirements

The licensee shall not intentionally exceed the OLCs.

If the OLCs are exceeded, the licensee shall take immediate action to return the facility within the boundaries of safety analyses in a safe manner.

The licensee shall have procedures for returning to the SOE upon discovery of operation outside the operating boundaries (as defined in the SOE) along with the commensurate actions and response time. The licensee shall ensure that the procedures incorporate the safety significance and the scope of the impact of the non-compliance.

Guidance

For any instances of non-compliance with the SOE, the licensee should review REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}, to determine if such a non-compliance is reportable to the CNSC.

8.4 Changes to the safe operating envelope

Requirements

The licensee shall establish a process for notification, including acceptance by the regulatory body as appropriate, of changes to the OLCs, prior to operation under the changed OLCs.

For neutral and conservative changes, the licensee shall submit written notification to the CNSC at the time of implementation of the revised OLCs.

For non-conservative changes or changes that are not clearly in the safe direction, the licensee shall submit written notification to the CNSC before starting to operate under the changed OLCs.

For all changes to the licensing basis that are not clearly in the safe direction, the licensee shall provide the CNSC with further assessments of the effects, to determine if Commission approval is required before starting to operate under the changed OLCs.

The licensee shall ensure that the SOE is subject to processes to keep it up to date with changes to the reactor facility’s design, operating procedures, deterministic safety analysis and applicable regulatory requirements.

Guidance

The licensee should also consider feedback on operational events when making changes to the SOE.

The licensee should ensure that changes to the SOE are implemented in a timely manner. For information on the general requirements and guidance on changing the SOE, see CSA N290.15, Requirements for the Safe Operating Envelope of Nuclear Power Plants ^{Footnote 27}.

9. Response to off-normal conditions

Off-normal conditions are anticipated operational occurrences (AOOs), design-basis accidents (DBAs), design extension conditions (DECs), and other disturbances that may affect facility operations.

Response to off-normal conditions refers to the actions taken to:

• prevent or limit damage
• prevent or mitigate the consequences
• achieve a safe, stable state of the facility
• carry out the preparatory activities necessary for implementation of such actions
• verify whether the facility can be returned to operation following off-normal conditions
• determine if the event was a serious process failure, and the steps to seek approval to restart after a serious process failure

Requirements

The licensee shall document and implement the necessary provisions to ensure that appropriate actions are taken to ensure safe operation in response to situations that do, or may, cause deviations from normal operational OLCs.

If an event is determined to be a serious process failure, the licensee shall seek approval from CNSC staff before restarting the reactor facility. For more information, see section 9.3, Return to safe operational state.

Guidance

Some examples of situations that do, or may, cause deviations from normal operational OLCs are:

• accidents of varying severity
• severe weather or environmental conditions
• social disturbances
• pandemics
• grid disturbances

9.1 Response to accidents and anticipated operational occurrences

Guidance

For information on requirements related to accidents and AOOs and to emergency preparedness and response, see:

• REGDOC-2.3.2, Accident Management ^{Footnote 9}
• REGDOC-2.10.1, Nuclear Emergency Preparedness and Response ^{Footnote 33}

9.2 Business continuity related to operations programs

Business continuity is the level of readiness of a business to maintain critical functions during and after an emergency or disruption. Some examples of business continuity are security breaches, natural disasters, pandemics and social disturbances (that is, any event that limits operations personnel’s access to the site).

Requirements

The licensee shall establish and implement provisions for business continuity related to operations programs.

Guidance

Provisions for business continuity related to operations programs may be accomplished through the licensee’s business continuity planning documentation in its management system.

For more information, see REGDOC-2.2.5, Minimum Staff Complement ^{Footnote 24}.

9.3 Return to safe operational state

Requirements

When an event occurs in which parameters deviate from the OLCs for normal operation, the licensee shall ensure that appropriate actions will be taken and appropriate operational decisions will be made, as per the applicable procedures, to return the facility to a safe operational state.

Following the event, the licensee shall:

• undertake a review and evaluation of the event (for example, by means of root cause analysis wherever necessary) to:
  • assess impact on the facility’s equipment, workers, and the environment
  • determine if the event was a serious process failure
  • take appropriate corrective actions
  • document any lessons learned
• notify the applicable regulatory body (CNSC or provincial authority) in accordance with the established event reporting system and applicable reporting requirements in REGDOC‑3.1.1, Reporting Requirements for Nuclear Power Plants ^{Footnote 12}

The licensee shall establish restart conditions and criteria. Before restarting the reactor, the licensee shall revalidate the fitness for service and the safety functions that might have been challenged by the event.

When an event is determined to be a serious process failure or where the determination as to the cause or the extent of condition is inconclusive (that is, a serious process failure cannot be ruled out), the licensee shall submit a written request for approval to restart the reactor as specified in the licence conditions for the facility.

If more than 1 serious process failure occurs within a 3-year rolling period (per unit), the licensee shall submit a written request for approval to continue operating to the Commission. The Commission will make a decision on the ongoing status of the reactor facility.

Guidance

Some examples of actions for returning to a safe state are inspection, testing, and repair or replacement of damaged SSCs.

The written request for approval to restart the reactor should demonstrate that the facility remains within its licensing basis and is safe to operate. The request for approval should include:

• a description of the event
• the causes of the event
• the consequences and safety significance of the event
• a recovery plan, including implementation of corrective actions and a fitness-for-service assessment on the SSCs important to safety affected by the failure
• sufficient technical details and measurements to verify the facility’s readiness to resume safe operation, including any conditions that the licensee proposes to impose upon reactor restart and on subsequent reactor operation to ensure safe operation of the reactor facility
• a description of the extent of completion of the conditions mentioned in the statement about the facility’s readiness to resume safe operation
• if more than 1 serious process failures has occurred at the reactor facility, an analysis of the independence or commonalities of the multiple events

For definitions of serious process failure, significant fuel damage, and significant release (used in the definition of serious process failure), see REGDOC-3.6, Glossary of CNSC Terminology ^{Footnote 30}.

For details on the basis of the 3-year rolling frequency, see AECB 1018, Containment and Siting Requirements in Canada ^{Footnote 34}, where a failure rate higher than 1 in 3 years is outside the licensing basis and could indicate facility material condition deterioration in an unsafe direction requiring corrective actions to decrease the failure frequency and ensure protection of the public.

Glossary

For definitions of terms used in this document, see REGDOC-3.6, Glossary of CNSC Terminology, which includes terms and definitions used in the Nuclear Safety and Control Act and the regulations made under it, and in CNSC regulatory documents and other publications. REGDOC‑3.6 is provided for reference and information.

References

The CNSC may include references to information on best practices and standards such as those published by CSA Group. With permission of the publisher, CSA Group, all nuclear-related CSA standards may be viewed at no cost through the CNSC web page “How to gain free access to all nuclear-related CSA standards”.

CNSC Regulatory Document Series

CNSC regulatory documents are classified under the following categories and series:

1.0 Regulated facilities and activities

2.0 Safety and control areas

3.0 Other regulatory areas

Note: The regulatory document series may be adjusted periodically by the CNSC. Each regulatory document series listed above may contain multiple regulatory documents. Visit www.cnsc-ccsn.gc.ca for the latest list of regulatory documents.