Most of the arrangements for managing safety are in a very tangible form, which are easy to recognise and communicate. These consist of the site licence, policies, processes, procedures and organisational attributes, for example. To enact the work, staff will require knowledge and skills that can be objectively defined and instilled in the workforce.

Of even greater importance, however, is the need for personnel to go about their work with attitudes and behaviours which recognise the risks associated with the technology entrusted to them, that they act conserva­tively when making decisions that relate to safety, and that they strive to do their work to the best of their abilities at all times. Together these organi­sational attributes and the attitudes and behaviours are described as the safety culture of an organisation.

The term ‘safety culture’ was first introduced by the IAEA International Nuclear Safety Advisory Group (INSAG) in their Summary Report on the Post-Chernobyl Accident Review and subsequently published by them as IAEA Safety Series no. 75-INSAG-1. The term was later expanded and is now embodied in IAEA INSAG-4 published in 1991. The IAEA INSAG definition is:

‘Safety culture is that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear plant safety issues receive the attention warranted by their significance.’

The World Association of Nuclear Operators (WANO) in their Peer Review programme and the IAEA in their OSART programme conduct reviews that seek to assess the status of safety culture in the plants that they visit. The IAEA also conducts specific missions to assess safety culture in NPPs known as SCART missions (Safety Culture Assessment Review Teams).

Following the Davis Besse vessel head incident, the US Institute of Nuclear Power Operators (INPO) developed a set of principles which should exist in organisations with a strong safety culture (INPO, 2004). These were published as a guidance document for the industry. The World Association of Nuclear Operators adopted the same principles in 2006.

There are difficulties in distinguishing between national culture and safety culture in international programmes but the WANO and OSART performance objectives and criteria overcome these difficulties.

In the INPO/WANO Principles for a Strong Nuclear Safety Culture, safety culture is defined as:

‘An organization’s values and behaviors — modeled by its leaders and internal­ized by its members — that serve to make nuclear safety the overriding priority’

This definition, together with the defining principles, are not incompatible with the definition produced by the IAEA but emphasise the role of leaders in defining the corporate culture of an organisation. The principles are:

1. Everyone is personally responsible for nuclear safety.

2. Leaders demonstrate commitment to safety.

3. Trust permeates the organisation.

4. Decision making reflects safety first.

5. Nuclear technology is recognised as special and unique.

6. A questioning attitude is cultivated.

7. Organisational learning is embraced.

8. Nuclear safety undergoes constant examination.

These principles are further characterised in detail in the documents. US utilities have established a safety culture assessment programme based on evaluation against the principles.

Safety goals are usually included in the regulations in compliance with the regulatory approach. In general, they are derived from the safety pillars of the IAEA Safety Standards, in particular the Fundamental Safety Principles. Safety goals may establish quantitative or qualitative criteria. The safety goals for existing reactors may also be applied for new reactors. However, it is important to consider further safety improvements that could be made at the design stage of new reactors so that safety is continuously enhanced.

There is no international consensus regarding quantitative safety goals but the current trend is to have a better balance between the deterministic and probabilistic approaches. However, some regional common approaches are useful in order to reach a global consensus at least in the qualitative way. Improved probabilistic calculations or use of operating experience to define risk magnitudes, on the one hand, and improvement in the evaluation of the consequences in terms of core damage frequency, individual doses or large release magnitudes on the other, provide the necessary relationship to establish quantitative goals.

Qualitative goals using a technology-neutral approach (meaning safety concepts and criteria independent of the type of reactor technology) can be found in the IAEA Safety Standards.

In general there are two approaches to the preparation of regulations: a prescriptive approach or a performance-based approach. The degree of application of either approach in the national regulations depends on the regulatory approach selected when establishing a regulatory framework. However, the development of regulations needs a balance between flexibil­ity (to permit easy adaptation of the regulation to changes in circumstances and/or technology) and the need to include detailed requirements (to facili­tate determination of whether the requirements have been met).

Performance-based regulations primarily specify the safety goals to be achieved rather than prescribe detailed or specific requirements. This means that the way in which the licensee is to meet the regulations is not specified by the regulator. The use of safety goals promotes the continuous safety improvement concept and provides enough flexibility to the licensee for them to determine and apply better approaches to enhance safety. This kind of regulation will not need to be changed as frequently to reflect advances in science and technology. The correct interpretation by the licensee of this type of regulation is essential; therefore it is necessary to elaborate regula­tory guides in some cases to provide additional support. The verification of compliance with this type of regulation requires a high level of expertise.

With prescriptive regulations, the regulator states how safety is to be achieved with clearly defined provisions for each safety-related aspect. These provisions include the means and methods to be used in order to comply with regulatory requirements for achieving an adequate level of safety. In some cases it is easier to verify compliance with this type of regu­lation, but high levels of expertise are necessary for their development.

In summary, a modern regulatory system needs to include both types of regulations, to achieve the appropriate balance between performance-based and prescriptive regulations that takes into account the workload and the skills of the regulatory body’s staff.

Having determined the suitable sites, having in place the necessary infra­structure and legal instruments, the next step is to decide which vendors and plant types and power are needed for the energy plan of the country. The plan should include the forecast of energy demand over at least six decades. A small investment is necessary during this phase: the preparation of the required and available competence, the national energy requirements and the availability of the necessary funds including loans as necessary. The evaluation of the industrial capabilities of the country is to be determined at this stage since it influences the choices and decisions for the bidding process, for example a turnkey contract, or the inclusion of supplementary training for staff.

For the bid evaluation, a team should be constituted that will work with a given set of criteria depending on the specifications of the bid. Consultation with the established regulatory body is also necessary to make sure that the projects submitted meet all the safety requirements and would be licensable. It is recommended to verify that the reactor proposed in the bids is licensable in the country of the vendor and that a prototype has already been built. Depending on the bid specification, it should also be examined whether the proposal includes the necessary transfer of information supporting the construction and operation of the nuclear power plant during its lifetime. Decommissioning provisions should also be part of the project to facilitate the end of life of the instal­lation. See Chapter 24 of the present book for detailed information on decommissioning.

The technology to choose depends on the energy plan and financial pos­sibilities. The most advanced technologies at the present time are light water reactors, pressurized or boiling. The fuel supply guarantees need to be con­sidered together with the spent fuel storage and final disposal.

The regulatory inspections are performed to verify compliance with the regulatory requirements and with the conditions specified in the licence during all stages of the licensing process: siting, design, construction, com­missioning, operation and decommissioning until release from regulatory control. These independent inspections will not relieve the licensee of its responsibility for safety.

The main purposes of regulatory inspection are to ensure that: (a) the operator is managing safety to meet, as a minimum, the safety goals, criteria and regulations established by the regulatory body; (b) the structures, systems and components in the plant meet all necessary requirements; (c) safety-related documents and instructions are valid and applied; (d) the key licensee staff have the proper competence on safety; and (e) any corrective actions resulting from operational experience are properly applied.

In order to perform the above-mentioned activities, the regulatory body will prepare a systematic inspection programme. In terms of scope and resources, this programme is planned in line with the type of regulations (prescriptive, performance-oriented or both) consistent with the regulatory approach and the way in which the regulatory body needs to verify compli­ance with ensuring safety at all times. In addition, the inspection efforts — scope, frequency and number of inspectors involved — have to be graded in accordance with the criticality of the different safety aspects of the plant.

It is crucial that the regulator and the licensee have a clear understanding of the inspection programme prepared for all stages of the licensing process including areas to be subject to inspection, inspection methods, selection of inspection samples and the technical information needed. Hold points need to be discussed with the licensee from the beginning to provide them with a clear understanding of the regulatory considerations that need to be taken into account.

Routine inspections may be carried out by resident inspectors or by dedicated inspectors from the regulatory headquarters, depending on the size of the nuclear programme and the geographical distribution of nuclear power plants within the State. Other inspection types, such as unannounced inspections and specific inspections (covering thematic areas or particular safety aspects), need to be part of the inspection programme.

The regulatory inspectors at the plant should have free access to the plant at any time; this is a precondition to performing the inspections properly, and these inspections are the major regulatory function to verify safety compliance.

A comprehensive inspection programme includes the regulatory inspec­tion of the vendors, key contractors and other service providers to verify safety compliance, in particular with their quality management system — including safety culture — and their liaison with the licensee. In addition, it may include participation in regular management meetings (for construc­tion or operation) at the plant site and also verifying the roles and respon­sibilities of the licensee.

For new plants, it is also relevant that in establishing or modifying the content and schedule of an inspection programme, the regulatory body considers the results of previous inspections and the inspection experience of similar plant in another States.

In view of the significance of the safety issue, the communication of information, findings, recommendations and conclusions from regulatory inspections is planned at several levels; i. e. information needs to be com­municated to the regulatory body and to other governmental bodies or interested parties.

Regulatory activities are always interconnected and are also shared with different authorities or governmental organizations due to the complexity and the thematic areas involved in the regulatory process. The licensing activities of a nuclear power plant represent a clear example of the neces­sity to arrange several different activities to authorize every stage during the lifetime of a nuclear power plant. The clear identification of interfaces and the coordination of different authorities with responsibilities for safety within the regulatory framework need to be carried out from the very start of the licensing process. Once identified, and in order to avoid any omissions, undue duplication or conflicting requirements, it is necessary to make provisions for effective coordination. The extent of the coordina­tion required among the numerous authorities and governmental organi­zations depends on the scope assigned to the nuclear regulator by the government. There are several mechanisms by which this coordination can be achieved, for example national agreements and memoranda of understandings. Clear responsibilities need to be established from the beginning and unavoidable overlaps have to be considered carefully and on a case-by-case basis.

One important aspect is that all collaboration mechanisms need to take into consideration the most appropriate form of communication among the authorities and governmental organizations involved and regular meetings should be held. Communication becomes crucial during the licensing process, in particular for a new nuclear power plant. Transparent and clear procedures need to be presented to the applicant or licensee to avoid any misunderstanding or confusion. The scope of this coordination process may vary significantly according to national arrangements. Key areas that need to be considered include: [1]

In the design phase of any plant, measures are taken and design features are incorporated to ensure that the plant can satisfy stringent safety, reli­ability and economic criteria. The designs are subjected to rigorous analysis and, where feasible, testing to verify performance claims. Subsequently they will be further analysed by the prospective owner operators and by regula­tory authorities. The process of evaluating the designs is very demanding and time consuming and necessarily so.

It follows therefore that it is equally important that all the components are manufactured and assembled in accordance with the design intent. Throughout the manufacturing and construction phase of any plant, meas­ures must be taken to ensure that the plant and equipment complies fully with the licensed design requirements. The owner or operating organisation must be in a position to ensure that is the case before acceptance of the plant. This will require the operating organisation to establish programmes for evaluation of quality of components throughout the manufacturing and construction phases of the plant.

Throughout the operating lifetime of the plant, the operators have an obligation to ensure that the plant remains compliant with the licensed design. Maintenance inspection and testing programmes will be developed for this purpose.

Over time, the cumulative evolution of changes in plant performance and the condition of the plant due to in-service aging will need to be assessed. Periodic safety reviews are a common feature of regulation in many coun­tries where comprehensive reappraisal of the plant status against the design and licensing criteria are undertaken. The periodicity will vary from regula­tor to regulator and the terms of reference and scope will vary.

Modifications or changes to operating procedures to address identified issues must be subjected to an approval process. The scope and criteria for approval of changes are usually related to the nuclear safety significance of the change in question.

These responsibilities will be placed on the operating organisation for the full lifecycle of the plant, which will be for several decades. It is vital, therefore, that every operating organisation establishes the knowledge base and capability to fulfil these functions at an early stage in the plant’s lifecycle.

Typically, the body of personnel assembled to fulfil such a function is known as the ‘Design authority’ for the operating organisation. The IAEA has published two documents in the INSAG series that address the concept of a design authority:

• INSAG-14 (1999), Safe management of the operating lifetimes of nuclear power plants

• INSAG-19 (2003), Maintaining the design integrity of nuclear installa­tions throughout their operating life

As the lifecycle of the plant will probably span the working lives of more than one generation of personnel, programmes must be established to retain the knowledge and capability to fulfil that function over several decades.

Depending on the regulatory system, a guide may or may not be mandatory; it may simply demonstrate how a certain requirement can be achieved. In some regulatory systems, the licensees can take advantage of the regulatory guidance but they may use alternative ways to demonstrate the achieve­ments of the goals established in the requirements. These guides also provide information on data and methods to be used in assessing the ade­quacy of the design and on analyses and documentation to be submitted to the regulatory body by the licensee. Technological advances, research and development work, relevant operational lessons learned, and institutional knowledge can be valuable and useful when revising the guides. The man­agement system also reflects clearly the approach to be used to review and revise guides.

4.1.5 Industrial standards and guidelines

The regulatory body also bases its regulations and guides on national leg­islation and utilizes existing national regulations or industrial standards (e. g. ASME Code) in areas relating to or adaptable to nuclear power plants as its initial sources of information.

This phase is extremely important since it constitutes the opportunity for the national organizations such as the regulatory body and the operator to start having ‘hands on’ the installation. A site permit has to be issued by the regulator for starting the construction work.

The design is finalized taking into account the site characteristics. Components are ordered by the constructor. Quality assurance is the main objective to be pursued; it includes visits to the companies delivering the large components. Chapter 21 of this book gives the necessary develop­ments for quality assurance.

The detailed instrumentation and control systems are then defined and will influence the procedures to be implemented in operation for normal functioning, incident and accident management. The reference IAEA (2009a), Safety Standards Series, Safety Requirements for the Design of a Nuclear Power Plant, NS-R-1, covers all aspects of designing instrumenta­tion and control systems.

During the construction phase, the role of the national organizations is essentially to ensure the quality of all the materials and components used. To this aim, the national regulator has to perform a number of inspections. Participation and observation of the various tests during the construction require the presence of both the regulator and the operator. This will result in delivering the first authorization which is to start the commissioning phase.

The commissioning phase includes numerous functional tests. The success in this leads to the delivery of fresh fuel and fuel loading. Then starts the start-up test with different phases to obtain first criticality and later power increases up to normal power. This phase usually lasts one or two years depending on the test results. Before full power can be reached, the regula­tor has to issue the official permit to fuel loading and start-up. At this stage procedures for normal operation and incidents have to be available with operators trained on them with the use of functional simulators if possible. During the time of slow power increases, it is necessary to develop, test on simulator and train operators on accident procedures and accident management. Chapter 22 of this books deals with this aspect of plant commissioning.

The emergency plan should also be ready to complete the operational procedures. As referred to in the present chapter under Section 2.4.1 Preliminary phase, principle 9 of the safety fundamentals emphasizes the importance of preparing emergency planning. The necessary infrastructure may include participation of other governmental institutions, various min­istries and neighbouring countries in addition to the national accident man­agement and preparedness. The IAEA or other countries may provide assistance for implementing the emergency plans.

The regulatory body establishes and implements an enforcement policy within the legal framework for responding to a licensee’s non-compliance with regulatory requirements or with conditions specified in the licence. In the event that risks are identified, including risks unforeseen in the autho­rization process, the regulatory body requires corrective actions to be taken by the licensee.

The implementation of the enforcement actions considers the appropri­ate levels within the organizational structure; the inspector also has the authority to carry out enforcement actions during inspections if there is an imminent likelihood of safety-significant events or when there is evidence of deterioration in the level of safety.

The range of enforcement actions starts with issuing of verbal or written notification (warnings or directives or orders); the next level is the modifica­tion, suspension, or revocation of a licence until the imposition of fines commensurate with the seriousness of the non-compliance. The range of actions that might be applied needs to be clearly understood by the regula­tor and the operator. However, for minor safety concerns, issues of non­compliance may be solved with a discussion between the regulator and the operator, establishing a period of time to solve the concerns and indicating the regulatory criteria involved. Clear administrative procedures and guide­lines governing the use and implementation of enforcement actions are necessary.

4.1.1 Establishing the regulatory body

The regulatory body is created and maintained by the State which provides it with the effective independence, legal authority, competence and resources necessary to fulfil its obligations with regard to the regulatory control of nuclear power plants. The State guarantees that the regulator will work solely on safety; i. e. no other responsibility is assigned to the regulator that might create a conflict of interest, or otherwise jeopardize its ability to perform the regulatory control function.

Before deciding to embark on a nuclear power programme, the State may already have a regulatory body regulating radioactive sources (industrial and medical sources) and/or smaller nuclear installations such as research facilities or reactors. In establishing the regulatory body for nuclear power plants, an informed decision should be made either to expand the existing regulatory body or to create a new regulatory body.

The regulatory body needs the legal authority to undertake the following:

• To develop safety principles and criteria, and to establish regulations and issue guidance that take into account the state of the art concerning safety and, in particular, international safety standards.

• To require the licensee to conduct a safety assessment, systematically or periodically during the nuclear power plant lifetime and provide all necessary safety-related information, including information from the licencee’s suppliers, even if this information is proprietary.

• To issue, suspend or revoke licences and establish licensing conditions and enforcing requirements based on compliance with the regulatory body’s function of verifying safety during the lifetime of the nuclear power plant.

• To arrange access, solely or together with the licensee party or appli­cant, to carry out inspections on the premises of any designer, supplier, manufacturer, constructor, contractor or operating organization associ­ated with the licensee; this will enable the development of a regulatory transparent and open approach which facilitates communication with governmental authorities, the public, national and international organi­zations and regulators and also enables regulatory decisions and infor­mation on incidents and abnormal occurrences to be disseminated clearly.

The responsibility of the regulatory body is to protect people, society, the environment and future generations from the harmful effects of radiation.

Its role is to oversee the nuclear power programme to ensure that nuclear energy is safe to use. The prime responsibility for safety will be assigned to the operator. The operator is responsible for ensuring safety in the siting, design, construction, commissioning, operation, decommissioning, close-out or closure of its facilities, including, as appropriate, rehabilitation of con­taminated areas; the operator is also responsible for the safety of activities in which radioactive materials are used, transported or handled.

Compliance with the requirements imposed by the regulatory body does not relieve the operator of its prime responsibility for safety. The operator needs to demonstrate to the satisfaction of the regulatory body that this responsibility has been and will continue to be discharged as established in the IAEA general safety requirements (IAEA, 2010a).