REGDOC-2.3.4, Operations Programs for Reactor Facilities

This regulatory document clarifies the requirements for, and provides guidance on, developing and implementing operations programs for reactor facilities. 

Read the full document and provide your comments. 

Read the full document

Preface

This regulatory document is part of the CNSC’s operating performance series of regulatory documents, which also covers construction and commissioning programs, accident management, and periodic safety reviews. The full list of regulatory document series is included at the end of this document and can also be found on the CNSC’s website.

Regulatory document REGDOC-2.3.4, Operations Programs for Reactor Facilities clarifies the requirements for, and provides guidance on, developing and implementing operations programs for reactor facilities (nuclear power plants, advanced reactor designs and small modular reactors). This regulatory document is based on operational experience (OPEX) and best practices developed from water-cooled nuclear power plants. This information will be updated as additional information is gathered from advanced reactor designs and small modular reactors. Proponents, applicants and licensees of advanced reactor designs and small modular reactors should apply the information and concepts from this regulatory document to the extent practicable and as best applicable to that design.

This document is the first version.

Given the wide range of proposed reactor facilities – especially of advanced reactor designs and small modular reactors – and given that reactor facilities have risk profiles that vary significantly depending on the particular characteristics of the activity or facility, the proponent, applicant or licensee may propose addressing requirements and guidance in a risk-informed manner commensurate with the level of risk of the regulated activity, or may propose alternative approaches to meet regulatory requirements, as described in REGDOC 1.1.5, Supplemental Information for Small Modular Reactor Proponents, and REGDOC 3.5.3, Regulatory Fundamentals. The information in this regulatory document can also be applied to other activities and licensing stages (for example, fuel-out commissioning under a licence to construct, or decommissioning).

For information on the implementation of regulatory documents and on the graded approach, see REGDOC-3.5.3, Regulatory Fundamentals.

1. Introduction

1.1 Purpose

This regulatory document clarifies the requirements for, and provides guidance on, developing and implementing an operations program for a reactor facility (nuclear power plant, advanced reactor design or small modular reactor).

This document will be used by licensees to prepare, implement and maintain an operations program for a reactor facility.

1.2 Scope

This regulatory document is based on operational experience (OPEX) and best practices developed from water-cooled nuclear power plants. This information will be updated as additional information is gathered from advanced reactor designs and small modular reactors. Proponents, applicants and licensees should apply the information and concepts from this regulatory document to the extent practicable and as best applicable to other designs, including advanced reactor designs and small modular reactors.

Given the wide range of proposed reactor facilities – especially of advanced reactor designs and small modular reactors – and given that reactor facilities have risk profiles that vary significantly depending on the particular characteristics of the activity or facility, the licensee may propose addressing requirements and guidance in a graded risk-informed manner commensurate with the level of risk of the regulated activity, or may propose alternative approaches to meet regulatory requirements, as described in REGDOC1.1.5, Supplemental Information for Small Modular Reactor Proponents [1] and REGDOC3.5.3, Regulatory Fundamentals [2]. The information in this regulatory document can also be applied to other activities and licensing stages (for example, fuel-out commissioning under a licence to construct, or decommissioning).

Proponents, applicants and licensees may propose alternative ways to meet a requirement. Any proposed alternative (including the use of other codes and standards) should appropriately address the complexities and hazards of the proposed activities, and the applicant must demonstrate, by providing supporting information, that the proposed alternative meets an equivalent level of safety.

This regulatory document is organized according to the CNSC’s safety and control area (SCA) framework. The licensee is not required to follow that structure, and may choose to organize the information in any structure. Note: Whenever the following text refers to “licensees”, proponents and applicants may use the information provided to develop their operations program for their proposed reactor facility.

1.3 Relevant legislation

The following provisions of the Nuclear Safety and Control Act (NSCA) and the regulations made under it are relevant to this document:

• NSCA, paragraphs 24(4)(a) and (b), and 44(1)(e) and (o)
• General Nuclear Safety and Control Regulations (GNSCR), paragraphs 12(1)(e) and 17(b), and sections 12 and 15
• Class I Nuclear Facilities Regulations, paragraphs 6(d) and (h), and 14(2)(a) and (c)

1.4 National and international standards

Key principles and elements used in developing this document are consistent with national and international standards.

In particular, this regulatory document is consistent with:

• the principles set forth by the International Atomic Energy Agency (IAEA) in SSR2/2 (Rev 1), Safety of Nuclear Power Plants: Commissioning and Operation [3] and the IAEA guides that support it; note that the scope of this regulatory document goes beyond SSR2/2 (Rev 1) to reflect best Canadian practices
• CSA N286, Management system requirements for nuclear facilities [4]

Other documents that contain information that may be of interest to persons involved in operations programs for reactor facilities are listed in the Additional Information section of this regulatory document.

 2. Operations Program

An operations program consists of policies, processes and procedures that provide direction and information for establishing safe operating practices within the nuclear facility, under all operating conditions (routine and non-routine), and provides the licensee with information to ensure the facility is operated in accordance with the licensing basis.

Note: If a specific requirement within this regulatory document is addressed through another program (for example, the licensee’s human performance program, maintenance program, configuration management program, work management program, emergency management program, or other program), the licensee may provide a cross-reference to that program as part of the operations program governance.

2.1 General overview

Requirements

The licensee shall develop, implement and maintain an operations program in accordance with their management system as defined in their licensing basis. The licensee shall ensure that the operations program covers all licensed or authorized activities relating to the operation of the reactor facility.

The licensee shall document how the operations program’s activities are integrated to form a comprehensive framework for operations.

The licensee shall make and document operational decisions in accordance with the management system principles, commensurate with risk.

In accordance with their licensing obligations under section 12 of the General Nuclear Safety and Control Regulations, the licensee shall establish provisions for adherence to safety requirements and procedures for safe control of the reactor facility under all conditions.

Guidance

Key principles and elements of the operations program should be consistent with:

• REGDOC2.1.2, Safety Culture [5]
• CSA N286, Management system requirements for nuclear facilities [4]

Training for operators should cover relevant areas of technology to the levels necessary for the tasks to be performed consistent with the requirements set out in REGDOC2.2.2, Personnel Training [6] and REGDOC2.2.3, Personnel Certification, Volume III: Certification of Reactor Facility Workers [7].

For more information on operations programs, see IAEA NSG2.14, Conduct of Operations at Nuclear Power Plants [8].

2.2 Interfacing programs

Requirements

The licensee shall ensure that the operations program identifies all interfacing programs and stand-alone processes and practices.

Guidance

When activities in interfacing programs overlap with the operations program, the licensee should:

• define all of the applicable roles, responsibilities and accountabilities for the overlapping programs
• summarize any differences in accountabilities between the programs

Some examples of interfacing programs are the licensee’s commissioning, human performance, maintenance, configuration management, work management, accident management, security, emergency management, and decommissioning programs.

For more information on requirements and guidance for overlapping programs, see:

• REGDOC2.1.2, Safety Culture [5]
• EGDOC2.3.1, Conduct of Licensed Activities: Construction and Commissioning Programs [9]
• REGDOC2.11.2, Decommissioning [10]
• CSA N286, Management system requirements for nuclear facilities [4]
• regulatory documents and industry standards for other specific programs

2.3 Operations organization

Requirements

The licensee shall establish an operations organization to implement and maintain the operations program.

The operations organization shall ensure that the operations program:

• stipulates the authorities, responsibilities and accountabilities of all levels of management in the safe conduct of licensed activities
• clearly defines the organizational structure of facility operations
• formally documents the administrative controls for implementing the organizational structure

The operations organization shall ensure that key aspects of the operations program are communicated to support organizations (for example, contractors, external maintenance organizations, vendors, research institutes and technical support organizations) so that the licensee’s requirements and expectations for safety are met.

Guidance

The operations organization should also ensure that the operations program contributes to a strong security culture within the organization.

The operations organization should put provisions in place to cover the interfaces between the operations organization and other departments and support organizations (both internal and external; for example, suppliers and contractors). For additional information on interfacing programs, see section 2.2, Interfacing programs.

Some examples of how the operations program may contribute to a strong safety culture are:

• adherence to, and appropriate use of, approved standards and procedures, with ongoing improvement to the procedures based on operational experience (OPEX)
• assuring resources are available to match the work demands
• monitoring and assessing performance, and striving for ongoing improvement in performance based on OPEX

2.3.1 Expectations for operations duty managers

An operations duty manager of an assigned shift is responsible for protection and safety (of the reactor facility, the workers and the public); oversees the performance and supervision of the shift personnel; and directs the control of facility operations and maintenance in accordance with the operating limits and conditions (OLCs) and approved procedures.

Requirements

The licensee shall have managed processes for selecting appropriate candidates to ensure that workers (including persons occupying senior leadership positions in operations with responsibility for safety and licensing decisions) possess the qualifications and training required for the position.

The licensee shall consider operations duty managers to be representatives of the licensee and, as described in section 15 of the General Nuclear Safety and Control Regulations, inform the CNSC of the names and contact information of all personnel designated as operations duty managers.

The licensee shall establish expectations, qualifications, roles and responsibilities, and the chain of communications for duty managers. Operations duty managers shall understand the regulatory requirements applicable to the reactor facility and shall demonstrate commitment to the safe operation of the facility.

When on duty, operations duty manager responsibilities shall include:

• coordination of facility activities, in accordance with the facility governance
• being continuously available (by either being onsite or on call) to support the safe operation of the facility; when not onsite, being capable to arrive at the site within a predetermined time
• being aware of the current facility and unit status; specifically, of any operational and safety challenges
• being capable of responding to an event and directing personnel to execute approved procedures
• making justified decisions and taking safe, conservative actions (if necessary, in consultation with another duty manager or senior facility manager)
• other duties as required

Guidance

The licensee should ensure that all reasonable operations duty manager responsibilities are documented and adhered to.

The operations duty manager should have the following minimum qualifications:

• substantial experience in the operation of the type of reactor at this facility
• technical knowledge of the facility and its systems, structures and components (SSCs)
• in-depth knowledge of the NSCA and the regulations made under it
• if making a change to the design, safety analysis, or safe operating envelope (SOE), the duty manager is aware of which changes require notification to, or approval by, the regulatory body (that is, if the change affects the licensing basis)

2.3.2 Operations decision making

Requirements

The licensee shall establish a clear, systematic, timely and conservative method to making decisions that affect nuclear safety, personnel safety, the environment, and facility operations (including reliability, asset management, and operational efficiency).

The licensee shall ensure that processes are in place to provide information to the appropriate operations personnel for developing recommendations and making decisions.

The licensee shall establish responsibilities and accountabilities for the operations personnel who are involved in the operational decision making.

As part of their management system, the licensee shall ensure that risk-informed operational decisions that may affect the reactor or supporting systems are recorded.

Guidance

As part of their management system, the licensee should ensure that other risk-informed operational decisions are recorded appropriately.

When applying risk-informed operational decision-making relevant to nuclear safety, the licensee should:

• determine if the change affects their licensing basis
• ensure that defence in depth is maintained (for more information, see REGDOC2.5.2, Design of Reactor Facilities [11])
• ensure that safety margins are maintained (for more information, see REGDOC2.5.2 [11])
• determine if risk is reduced or maintained, or if the change in risk is small (for more information, see IAEA INSAG25, A Framework for an Integrated Risk Informed Decision Making Process [12])
• ensure that engineering and organizational good practices are taken into account (for more information, see IAEA INSAG25 [12])
• consider state-of-the-art methodologies and operational experience (OPEX) (for more information, see IAEA INSAG25 [12])
• consider safety and security (for more information, see IAEA INSAG25 [12])

The licensee should endorse and emphasize conservative decision making for instances where conditions outside the normal operating conditions are encountered. Conservative decision making in operational safety management means making decisions that always maintain all levels of defence in depth.

For more information:

• on risk-informed decision making, see:
  • REGDOC3.5.3, Regulatory Fundamentals [2]
  • CSA N290.19, Risk-informed decision making for nuclear power plants [13]
  • IAEA INSAG25, A Framework for an Integrated Risk Informed Decision Making Process [12]
  • on communication, see CSA N286, Management system requirements for nuclear facilities [4]

 3. Conduct of Facility Operations

3.1 Control of facility operations

Requirements

The licensee shall establish and maintain provisions for facility status control, such as:

• monitoring the status of the facility’s systems
• field verification of the settings for position-assured components (for example, whether such components could be secured or locked to prevent inadvertent loss of configurational control)
• timely turnover of information about equipment status
• in-process testing
• current status of the active clearances and equipment limitations during all facility states and operational configurations (such as shutdown, power production, refuelling, start-up, transitional states, maintenance or outage, and testing) to ensure adherence to:
• operational limits and conditions (OLCs)
• design requirements
• physical configuration
• facility documentation (for example, operating procedures or drawings)

The licensee shall ensure that provisions are in place to ensure that only authorized personnel can manipulate key operational controls and position-assured components that implement changes to the facility status.

Guidance

The licensee should ensure that the provisions allow operators sufficient time to make decisions and take actions. Human performance tools for verification of operator actions should be used to the extent practicable.

Before performing a modification to an SSC, the licensee should use results from the deterministic safety analysis (complemented by the probabilistic safety assessment (PSA)) to determine the safety significance of the change and whether compensatory measures are needed. The licensee may use PSA results and risk monitors to estimate the change in risk. During the implementation of the configuration change, the licensee should monitor and manage the risk associated with the configuration.

For more information on facility operations aspects of configuration management, see:

• IAEA SSG71, Modifications to Nuclear Power Plants [14]
• IAEA SSG74, Maintenance, Testing, Surveillance and Inspection in Nuclear Power Plants [15]

3.1.1 Facility configuration management

Requirements

The licensee shall establish and maintain provisions for facility configuration management to ensure consistency between OLCs, design requirements, physical configuration and facility documentation.

The licensee shall ensure that:

• the facility configuration control measures ensure all changes to the facility’s SSCs are properly assessed, designed, approved, implemented, accepted, documented and labelled for clear identification in the field
• changes and modifications are assessed for their aggregate risk impact on the unit, station or entire facility, including performing the appropriate safety analysis before the modification commences

The licensee shall:

• establish a system for timely communication of temporary changes and of their consequences and impact on risk to relevant personnel
• ensure that a list of temporary modifications is available to all operations personnel; the list shall specify a time limit for the duration of each temporary modification, after which the temporary modification shall be reviewed for its applicability, safety and necessity in the current conditions of the facility
• establish a process for approving the temporary modification if that modification is to remain in effect (that is, become a permanent modification)

Guidance

Before performing a modification, the licensee should consider which parts of a system may be affected by the modification. After performing the modification, the licensee should perform a confirmation to ensure appropriate alignment of the SSCs before operating.

For more information on management system aspects of configuration management, see:

• CSA N286, Management system requirements for nuclear facilities [4]
• CSA N286.10, Configuration management for high energy reactor facilities [16]

3.1.2 Heat sink management

Requirements

The licensee shall establish and implement a strategy for managing heat sinks in all modes of operation, including but not limited to:

• primary and backup heat sinks for all planned reactor sites and facility configurations; for example, outages and low-power operating conditions, start up, shut down and layover for long durations
• emergency heat sinks to mitigate consequences of a loss of the primary and backup heat sinks, for all events included in the design basis and considered in design extension conditions
• if the design includes a wet storage bay (that is, irradiated fuel bay, spent fuel bay, used fuel pool), heat sinks in the wet storage bay for normal and accident conditions For each heat sink, the licensee shall identify:
• the required heat removal capacity
• the capability of the heat sink under normal operations
• the reliability of process equipment and backup equipment to maintain capability and capacity
• monitoring requirements
• operator actions in case of primary heat sink failure The licensee shall ensure that the information for each heat sink takes into account the complete chain of heat dissipation from the source (such as fuel or process equipment) to the ultimate heat sink (the environment).

Guidance

For more information on heat sink requirements during outages, see CSA N290.11, Requirements for reactor heat removal capability during outage of nuclear power plants [17].

3.1.3 Control of operator challenges

Requirements

The licensee shall establish and implement provisions to alleviate the impact of deviations from an intended state of equipment or working conditions. The licensee shall establish a managed process by which such deviations are recognized, classified, monitored and resolved.

Guidance

Some examples of such deviations include:

• environmental conditions; for example, overly hot temperatures in work locations
• increased radiation fields requiring personal protective equipment (PPE)
• manual operation of equipment instead of automatic
• reduced annunciation coverage
• unsafe conditions because of stress, wear, impact, vibration, heat, corrosion, chemical reaction and misuse

3.1.4 Shift operations

Requirements

The licensee shall ensure that on-shift operators can control and maintain the facility and its supporting systems, both:

• within the boundaries of equipment alignments that have been analyzed
• within approved procedures

When a facility maneuver is carried out remotely by an operator in the control room, the operator shall verify, by checking relevant indicators, that the maneuver has been carried out correctly and the expected results are achieved. Operator actions shall be independently verified, as appropriate.

Guidance

On-shift operators should restrict operations that could lead to a condition outside the boundaries of equipment alignments that have been analyzed.

Operators should closely monitor important facility parameters periodically (for example, hourly panel checks in the control room), regardless of whether these parameters are also recorded electronically. If the parameters demonstrate drifting, the operators should analyze the trend and respond according to the approved procedures.

3.1.5 Operation control rooms and control equipment

Requirements

The licensee shall ensure that the control rooms provide adequate working conditions for the facility operators to discharge their duties during all operational states. The licensee shall take appropriate measures to ensure that control room habitability is maintained in accident conditions, including providing protection from identifiable hazards, and provisions for life support.

The licensee shall ensure that up-to-date operating documentation is readily available to the control room operators.

Guidance

Up-to-date operating documentation includes all information that is needed for responding to operational transients and to situations and events.

For more information on working conditions, see REGDOC2.8.1, Conventional Health and Safety [18].

3.1.6 Secondary control locations

Requirements

The licensee shall ensure that the secondary control room and all other secondary (or backup) operational panels for systems important to safety in secondary locations outside the control room are kept:

• in a state ready to operate
• free from obstructions
• free from non-essential material that would prevent their immediate operation

The licensee shall confirm that the secondary control room and all other safety related operational panels are in the proper state of operational readiness, including up-to-date documentation, operable communication and alarm systems, and habitability. The licensee shall define the frequency for these confirmations.

The licensee shall develop communications lines between the primary and alternate control rooms for ensuring an adequate transfer of information between operators during all operating conditions.

Guidance

Some examples of communications lines are:

• appropriate information is posted in the control room and in the maintenance work control centre
• the “plan of the day” includes discussion of pertinent items
• when communicating by handheld radio, the field operators and main control room operators ensure the transmissions are clear and concise

3.1.7 Monitoring and alarm response

Requirements

The licensee shall establish and implement measures for monitoring of the facility conditions by the control room operators, including:

• panel monitoring
• responses to alarms
• initial and continuing operator actions that are required to respond to an alarm

The licensee shall establish procedures for operators to manage the response to alarms. The procedures shall specify a panel monitoring frequency that detects fault conditions in a timely manner.

The licensee shall ensure that:

• the alarms in the main control room are managed appropriately
• the facility information system is designed in a manner such that off-normal conditions are easily recognizable by the operators
• control room alarms are clearly prioritized for operator action
• procedures exist for:
  • removing and returning alarms from service when it is appropriate to minimize the number of alarms, including alarm messages from the process computer, for any analyzed operational state, outage or accident condition of the facility
  • addressing spurious or frequently occurring alarms

Guidance

Some examples of alarms that are appropriate to be minimized include maintenance, operability testing, and similar alarms. For more information, see REGDOC 2.5.2, Design of Reactor Facilities [11].

Alarms that are spurious or that occur frequently, including nuisance alarms, should be investigated and, if necessary, addressed through corrective action.

The licensee should ensure that the control room contains a safety parameter display system (SPDS) that presents sufficient information on safety-critical parameters for the diagnosis and mitigation of design-basis accidents (DBAs). The licensee should ensure that operators actively monitor the state of the process and of the facility equipment.

3.1.8 Material conditions and housekeeping

Requirements

The licensee shall establish provisions to ensure that:

• operational premises and equipment are maintained, well-lit and accessible
• storage is controlled and limited
• problems or deficiencies are identified, and are corrected according to the licensee’s safety and control measures
• the intrusion of foreign materials is prevented or minimized

The licensee shall implement and maintain provisions for locking, tagging or otherwise securing isolation points for systems or components.

The licensee shall ensure that the identification and labelling of safety equipment, systems important to safety, rooms, piping and instruments are accurate, legible and well-maintained, and that the labels do not degrade the item being identified.

The licensee shall ensure that procedures are in place for the management of combustible materials, including packaging. For more information, see REGDOC2.10.2, Fire Protection [19].

Guidance

Some examples of SSCs with isolation points are:

• isolations
• positions of motor-operated and manually operated valves
• trains of protection systems
• electrical supplies to different systems

The licensee should evaluate the effects of the intrusion of foreign objects and the required mitigating actions. For foreign material exclusion (FME), the licensee should ensure that:

• a process is in place for handling FME; for more information, see REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20]
• preventive measures and information control measures are in place; for more information, see CSA N286, Management system requirements for nuclear facilities [4]

3.1.9 Chemistry control

Requirements

The licensee shall establish and implement a chemistry control program to ensure the long-term integrity of SSCs and the minimization of radiation hazards.

Guidance

For more information about chemistry control and chemistry surveillance, see REGDOC 2.6.4, Chemistry Control [21].

3.2 Human performance for operations

3.2.1 Communications

Requirements

The licensee shall ensure that reliable communication equipment is available to support activities in the control room and throughout the facility for all modes of operation.

Guidance

The licensee should establish a process to ensure effective communications, including 3way oral communications, for operational activities.

3.2.2 Control room logs

Requirements

The licensee shall establish a process for maintaining control room logs (also referred to as operating logs or operator records). The licensee shall ensure that such logs provide an official record of the chronology of events, facility activities, and changes in the status of systems or components.

Guidance

The licensee should establish clear and understandable rules about the quality and content of the operators’ records and logs. The licensee should ensure that these rules are communicated clearly.

Some examples of the content of the operators’ records and logs are:

• the processes and general status of the facility at shift turnover
• mode changes of the reactor and of major facility systems and equipment
• abnormal facility configurations
• equipment and systems that are out of service
• surveillance and post-maintenance testing that has been carried out
• deviations that were identified and actions that were taken for their resolution

3.2.3 Shift turnover and briefings

Requirements

The licensee shall establish processes for conducting a safe and controlled transfer of responsibilities between the operator shifts. The processes shall include, at a minimum:

• panel walkdowns
• review of control room logs (operating logs; operator records)
• checklists
• briefing of any operator challenges and deviations from normal operating conditions
• verification that the minimum shift complement is met (see REGDOC2.2.5, Minimum Staff Complement [22])

Guidance

The licensee should ensure that the shift turnover process identifies:

• the persons involved
• their responsibilities
• the locations and conduct of shift turnover
• method of reporting facility status, including provisions for special circumstances such as abnormal facility status and staff unavailability

The licensee should ensure that shift briefings are conducted in such a way that the expectations and objectives of the shift supervisor are effectively communicated to, and understood by, all of the staff under supervision. The level and number of shift briefings may vary depending on the composition of the shift crews.

The licensee should ensure that the human performance tools are used for shift turnover and briefs; for example, 3way communications, use of phonetic alphabet, and verbalization. See also section 3.2.5, Human performance tools for operation.

3.2.4 Control room access

Requirements

The licensee shall ensure that access to the control room(s), control equipment room, secondary control areas (where available), and areas containing sensitive instrumentation is limited and controlled. The licensee shall establish standards for behaviours while in these areas.

Guidance

The licensee should ensure that access of non-shift personnel to the main control room is restricted or minimized during shift turnover or infrequently performed tests or evolutions (IPTEs).

3.2.5 Human performance tools for operation

Requirements

The licensee shall have a program for human performance tools that considers the roles and responsibilities of each user of the tool, at all levels of the organization.

Guidance

The licensee should ensure that human performance tools are effectively integrated into all ongoing operational processes.

Human performance tools are also referred to as event-free tools. Some examples are:

• pre-job briefing and post-job debriefing
• conservative decision making
• questioning attitude
• procedure use and adherence

3.2.6 Performance of activities that may affect operations

Requirements

The licensee shall assess all routine and non-routine activities, including maintenance, for potential impacts on the facility’s operation. The assessments shall characterize impacts on operational margins predicted by the deterministic safety analysis, on the probabilistic safety goals, and on the hazards that may affect worker safety. The licensee shall use the safety significance of the task to determine the appropriate level of assessment and the subsequent control and verification of such activities.

The licensee shall ensure that appropriate approvals are in place prior to execution of activities that may affect operations.

Guidance

The licensee should consider the cumulative impact, such as on operational margins, from all work anticipated to be done during the same time period.

3.3 Testing and surveillance

Surveillance includes the broad range of activities undertaken on a routine basis to verify operation within the safe operating limits, such as panel checks, operator routines, reliability program tests, chemistry sampling, and calibrations. The surveillance program is in place to detect, in a timely manner, degradation and aging of SSCs that could lead to unsafe conditions.

Note that other programs, such as maintenance and in-service inspections, are not included under testing and surveillance.

Guidance

The licensee should review surveillance test results for long-term trends that may indicate any deterioration. For more information, see:

• REGDOC2.6.3, Aging Management [23]
• REGDOC-2.6.1, Reliability Programs for Nuclear Power Plants [24]
• REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20]
• on the SOE surveillance program, see:
• CSA N290.15, Requirements for the safe operating envelope of nuclear power plants [25]
• section 8.2 of this regulatory document, Surveillance and testing program

3.3.1 Verification rounds

Requirements

The licensee shall ensure that:

• operator rounds and routines are designed and used to evaluate equipment status and identify abnormal conditions and hazards
• operator rounds and routines occur on a regular basis such that abnormal conditions and hazards are identified according to the licensee’s safety and control measures
• corrective action is initiated when abnormal conditions or hazards are identified

Guidance

Verification rounds include operator rounds (which are part of the surveillance program) and routines, and inspections. The licensee should ensure that:

• operator rounds and routines take precedence over non-operational or non-safety related duties
• operator rounds and routines include recording of any changes that were made by field operators during the shift
• results are assessed, and followed up if required, through problem identification and resolution processes that are part of the management system
• specific training is provided to the shift personnel to ensure best practice in identifying and reporting deviations

The licensee should consider implementing remote monitoring equipment, where practicable, to ensure that particular attention is given to remote areas of the facilities and to items of equipment that are difficult to access. Some examples of factors that should be noted by shift staff during verification rounds are:

• deterioration in material conditions of any kind, corrosion, leakage from components, accumulation of chemicals (for example, boric acid), excessive vibration, unfamiliar noise, inadequate labelling, foreign bodies, and deficiencies necessitating maintenance or other action
• the operability and calibration status of measurement and recording devices and alarms on local panels throughout the facility, and their readiness for actuating or recording
• the proper authorization for, and the condition and labelling of, temporary modifications in the field (for example, the presence of blind flanges, the addition of hoses or jumpers, and lifted leads in the back panels)
• indications of deviations from good housekeeping; for example:
• the condition of components, sumps, thermal insulation and painting
• obstructions
• posting of signs and directions in rooms
• posting and status of steam barriers (such as steam doors, large bay doors, or doors restricting access to potentially hazardous areas)
• deviations from the rules for:
• working in safety-related areas such as those for welding
• wearing of individual means of protection
• radiation work permits
• other matters of radiation safety or industrial safety
• deviations in fire protection, such as:
• deterioration in fire protection systems and the status of fire doors
• accumulations of materials that create fire hazards, such as wood, paper, refuse, and oil leakages
• industrial safety problems such as leakages of fire resistant hydraulic fluid, hazardous equipment, and trip hazards
• deviations in other installed safety protection devices, such as flooding protection measures, seismic constraints, and unsecured components that might be inadvertently moved

For more information, see REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20].

3.3.2 Operability testing program for systems important to safety

Requirements

• The licensee shall develop and maintain provisions for operability testing for systems important to safety. The provisions shall identify:
• requirements for operability tests
• a process for determining whether equipment is considered operable, using clear pass/fail criteria
• acceptable levels of impairments, and strategies for dealing with impairments (including actions and action times)
• directions for conditions when testing cannot be executed
• operations personnel responsible for the conduct of tests
• certified personnel to sign off on the completed tests

The licensee shall ensure that, where appropriate, the test program results are provided to the reliability program and other applicable programs.

Guidance

• Some examples of operability testing provisions are:
• arrangements are in place to ensure that only properly tested, calibrated, authorized tools are used
• the operations personnel review plans for post-maintenance testing during a planning stage, and the review is repeated by control room personnel before the testing starts
• non-routine tests are performed in accordance with a formal process that includes step-by-step procedures in the same manner as required for routine tests

3.3.3 Safety-critical and infrequently performed tests or evolutions

Requirements

The licensee shall establish and implement a process to manage infrequently performed tests or evolutions (IPTEs) and specially developed tests or evolutions that may significantly degrade nuclear, radiological, public or personnel safety if performed incorrectly.

• The licensee shall ensure that the process and its implementing documentation identify:
• required assessments
• specific authorities, responsibilities, and accountabilities of the workers involved
• procedures for executing the activities
• risks, precautions, and actions that should be taken if a problem arises during the test
• training, rehearsal, hold point, and back-out criteria for halting tests or facility evolutions when unexpected situations arise
• preparations including review, approval, and pre-evolution briefings
• tests, inspections, and debriefs after the completion of activities

The licensee shall ensure that no equipment is operated outside of approved specifications without adequate justification, preparation, and authorization. If a non-routine operation needs to be conducted that is not covered by existing operating procedures, the licensee shall ensure that a specific safety review is performed and a special procedure is developed (subject to applicable notifications and approvals).

Guidance

The operations manager should maintain oversight and awareness of the facility status during special tests or IPTEs. The licensee should ensure the process includes informing the CNSC of planned IPTEs and special tests before the tests are conducted.

4. Core Reactivity and Fuel Management

4.1 Core reactivity management

Requirements

The licensee shall ensure that all facility evolutions affecting reactivity are controlled, safe, and conservative such that:

• the facility remains within the licensing basis
• optimization of fuel utilization and flexibility in core operation do not compromise safety

The licensee shall establish measures for reactivity management to ensure that:

• core parameters are monitored, analyzed for trends, and evaluated to detect abnormal behaviour
• actual core performance is consistent with core design requirements

The licensee shall ensure that the values of key operating parameters are recorded and retained.

Guidance

The core reactivity measures should include (but not be limited to) procedures and engineering practices that ensure:

• safe shutdown margin
• operation within the assumptions in the safety analysis
• compliance with operating policies, principles and procedures, and with the licensing basis
• reduced challenges to the reactor shutdown system
• acceptable core power distributions
• operation within acceptable fuel design limits (to ensure fuel integrity)

4.2 Fuel management

Requirements

The licensee shall have fuel specifications and procedures for the following fuel management tasks:

• procurement, verification, receipt, accounting and control
• storage in a sub-critical configuration
• loading, utilization, and relocation
• controlling deviations from procedures

Guidance

For information about fuel qualification, see REGDOC2.4.5, Nuclear Fuel Safety and Qualification [26].

4.3 Handling of fuel and core components

Requirements

The licensee shall establish procedures for fuel handing to ensure:

• the controlled movement of unirradiated and irradiated fuel and core components
• proper storage on the site
• preparation for transport from the site

Guidance

The licensee should ensure that:

• when fuel is moved from storage, it is identified and checked against the approved refueling program
• arrangements are in place to ensure that the fuel has been loaded into the specified position in the core and correctly positioned
• the equipment used for the movement of irradiated fuel has been qualified and tested before use
• a system is in place to account for the nuclide inventory and the decay heat of the irradiated fuel

4.4 Fuel integrity

Requirements

The licensee shall establish provisions to monitor fuel integrity.

Guidance

Some examples of monitoring fuel integrity are:

• review and analysis of radiochemistry for gas or liquid coolant
• post-irradiation inspection of discharged fuel

For more information, see:

• REGDOC2.4.5, Nuclear Fuel Safety and Qualification [26]
• REGDOC2.6.4, Chemistry Control [21]

4.5 Management of out-of-core criticality for enriched fuels

Requirements

The licensee shall ensure that all handling of enriched fuel is done in accordance with nuclear criticality safety provisions.

Guidance

For information on the management of nuclear criticality safety for operations with fissionable materials outside nuclear reactors, see REGDOC2.4.3, Nuclear Criticality Safety [27].

 5. Operating Procedures

Requirements The licensee shall establish a policy for the use of operating procedures. The licensee shall ensure that the policy is communicated to all personnel who may be involved (for example, operators and operational staff, and engineers and safety analysis representatives). The licensee shall ensure that operating procedures are written in a standardized manner, and that the procedures identify:

• the relevant safety limits, internal administrative limits, and the applicable operating states
• requirements for alignment with other systems, and for startup and shutdown
• potential hazards in carrying out the procedures Guidance Operating procedures should also include:
• alarms
• common failures and resolutions
• temporary procedures
• level of approval for deviation from the procedure

The licensee should categorize operating procedures according to how they are applied.

The licensee should ensure that the procedures are compatible with the environment in which they are to be used. The procedures should be validated in the form in which they will be used in the field (paper-based, electronic checklists, and so on). Values prescribed in the procedures should be in the same units as those used on the associated instrumentation in the control room and on local control panels or equipment in the facility.

The licensee should ensure that procedures, drawings, and any other documentation used by the operations staff – in the control room or anywhere else in the facility – are approved and authorized in accordance with the procedures in the management system. Such documentation should be controlled, regularly reviewed, updated promptly as necessary, and maintained in good condition. Updates should also include results from OPEX.

Emergency operating procedures should be clearly distinguished from other operating procedures.

For more information on the use of and adherence to procedures, and on documentation controls, see CSA N286, Management system requirements for nuclear facilities [4].

5.1 Operator aids

Requirements

The licensee shall have a clear operating policy to minimize the use of, and reliance on, operator aids. The licensee shall ensure that if operator aids are used, the aids supplement but do not replace approved procedures or procedural changes.

Guidance

Operator aids include sketches, handwritten notes, curves and graph, instructions, copies of procedures, prints, drawings, information tags and other information sources that are used by operators to assist them in performing their assigned duties.

If operator aids become permanent features at the facility, the aids should be incorporated into the official procedures.

5.2 Authorization for work

Requirements

The licensee shall ensure that work performed within a reactor facility that has potential to affect reactor systems or supporting systems is authorized in accordance with the potential impact on safety of the workers, the environment, and the operation or safety of the facility.

The licensee shall establish a process for obtaining authorization to do work in general and for preparing, approving, issuing, accepting, and surrendering a work authorization.

Guidance

The licensee should ensure that a controlled process is in place to transfer work information to operators and operational staff.

6. Operating Experience Reporting and Review

Requirements

The licensee shall establish an audit and review system to ensure that the operations program is being implemented effectively and that “lessons learned” are being documented and communicated such that the safety performance of the facility improves over time.

Guidance

The “lessons learned” should be recorded in a manner that facilitates their review when future work is planned for similar activities.

6.1 Monitoring and reporting of operating performance

Requirements

The licensee shall include self-assessment as an integral part of the monitoring and review system. The licensee shall perform systematic self-assessments to identify achievements and address any degradation in safety performance.

Guidance

Feedback from non-event-related operational feedback (for example, observation of good practices, lessons learned from post-job briefings) should be collected, analyzed, and disseminated.

For more information on reporting, see REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28].

6.2 Performance indicators for operations

Requirements

The licensee shall develop and use suitable measurable performance indicators that:

• reflect actual performance (that is, lagging indicators)
• provide an early warning of declining performance (that is, leading indicators)

Guidance

The measurable performance indicators should enable the operators and the licensee to gain a general sense of the overall performance of the reactor facility and its trend over time.

Low-level events and near misses should be reported and reviewed thoroughly as potential precursors to degraded safety performance. Abnormal events important to safety should be investigated in depth to establish their direct and root causes.

For each performance indicator, the licensee should identify:

• targets for desired performance
• thresholds for acceptable performance
• frequency of tracking
• credible challenges
• expectations for recovery in case of degraded performance
• roles and responsibilities of operations staff For examples of safety performance indicators, see REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28].

6.3 Reporting of operating experience

Requirements

The licensee shall establish and implement a program to systematically collect, screen, analyze, trend, document, communicate and report operating experience (OPEX) at the facility.

The licensee shall promote a culture that encourages and supports the reporting of all events that are relevant to safety, including:

• low-level events and near misses
• potential problems relating to equipment failures
• shortcomings in human performance
• procedural deficiencies
• inconsistencies in documentation

6.4 Review of operating experience

Guidance

It is important that relevant lessons from other industries be taken into consideration, as appropriate. The licensee should obtain and evaluate available information on relevant operating experience at other reactor facilities (including low-level events and near misses) to draw and incorporate lessons learned.

The licensee should engage in the exchange of experience within national and international frameworks for the feedback of operating experience (OPEX). The licensee should also take into consideration feedback of OPEX from maintenance activities, as described in REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20].

Where appropriate, the licensee should maintain liaison with the organizations involved in the design and construction of the reactor facility (such as manufacturers, research organizations, and designers). The objective is to exchange operating experience feedback and to secure advice in case of equipment failures and abnormal events.

7. Outage Management

For the purposes of this regulatory document, outage management refers to the processes for planning, scheduling and carrying out of the testing, inspections, maintenance, and corrective actions during reactor outages, including online outage leadin tasks and extensive refurbishment outages.

Requirements

The licensee shall establish provisions to ensure the effective performance, planning and control of work activities during outages. These provisions shall identify, as a minimum:

• outage roles and responsibilities, and accountabilities for outage management
• outage scoping and planning
• reactor restart process, including verifications before restart
• outage close-out process

The licensee shall ensure that:

• defence in depth and safety margins are maintained during outages
• the following items are incorporated as essential elements of outage programs and planning: optimization of radiation protection; conventional health and safety; waste reduction; and control of chemical hazards
• the objectives listed in the first two items of this list are clearly communicated to all relevant facility workers

As part of the outage management planning provisions, the licensee shall ensure that provisions are in place for:

• redundant power sources; heat sinks; the capability to ensure the integrity of the containment; cooling of the wet storage bay (that is, irradiated fuel bay, spent fuel bay, used fuel pool) if one exists in the design; fuel handling activities; and the interdependence of systems important to safety and auxiliary systems
• maintaining control over the systems and redundant systems that are necessary to maintain the facility in a safe shutdown state

The licensee shall ensure that:

• reactivity of the reactor is controlled and monitored at all times throughout the outage
• the reactor shutdown guarantees (RSGs) are maintained in an approved configuration to ensure guaranteed shutdown state (GSS)

Guidance

A considerable part of all maintenance activity is performed while the facility is shut down; however, maintenance may be planned and executed under power operation provided that adequate defence in depth is maintained.

The licensee should consider performance indicators as part of their provisions for outage planning.

The licensee should ensure there is adequate defence in depth when planning and executing testing, maintenance and surveillance activities during an outage. The licensee may use the probabilistic safety assessment (PSA), including risk monitors, to assess and manage the effects of SSCs being unavailable and to demonstrate that the risk has not increased significantly.

For more information, see:

• REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20]
• IAEA, SSR 2/2 (Rev 1), Safety of Nuclear Power Plants: Commissioning and Operation [3]
• CSA N290.19, Risk-informed decision making for nuclear power plants [13]

7.1 Roles and accountabilities

Guidance

To ensure that risk from an outage is managed properly, the licensee should:

• establish an interface between the operations and other supporting organizations, such as the maintenance department
• ensure that operations personnel are involved in the coordination of outage activities so that the proper configuration of the facility is maintained and the facility status is known and communicated to each shift

7.2 Outage scoping and planning

Requirements

The licensee shall ensure that the outage scope identifies:

• regulatory undertakings (that is, work that is required by a code or a standard referenced in the licence)
• work that was committed to the CNSC to be executed as part of the outage
• all other activities requiring regulatory concurrence (such concurrence shall be received prior to the reactor restart)
• reporting requirements

The licensee shall ensure that:

• the outage scope is documented and approved by the reactor facility’s senior management
• operator resources are available to support planning and execution of the outage
• processes are established to ensure that a competent and qualified workforce, equipment and materials will be available for the planned outage

Guidance

During outage planning, the licensee should consider past, next scheduled, concurrent and future outages. Some examples of items to consider are fitness-for-service limits for components, or for multi-unit reactor facilities, ensuring that staff and equipment are available for all shifts.

For more information on:

• planning, scheduling and execution of maintenance activities, see REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20]
• reporting requirements, see REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28]
• management of resources, see CSA N286, Management system requirements for nuclear facilities [4]

7.3 Outage performance indicators

Requirements

The licensee shall establish outage safety performance indicators for managing safety during outages and for ensuring appropriate monitoring of outage activities.

Guidance

For more information on an operational safety monitoring program, including a combination of leading and lagging performance indicators, see section 6, Operating Experience Reporting and Review.

For examples of safety performance indicators, see REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28].

7.4 Verification prior to restart

Requirements

The licensee shall assess any work included in the outage scope but not completed for its impact on the safety and readiness for service of the reactor and its systems.

The licensee shall ensure that a process is in place to review restart conditions and criteria, and authorities for making decisions, before restart of the reactor. The process shall include measures to verify that:

• the position of each component critical to reactor safety and unit operation is verified to be in the required state
• adequate heat removal capacity is available for the given reactor power level
• appropriate levels of review and approval are obtained prior to removal of any reactor shutdown guarantees and approach to criticality; for example, return to service from refurbishment may require additional regulatory approvals
• adequate support resources are available to facilitate the reactor restart; for example, fuel and physics, chemistry personnel, and operators
• the planned restart includes any hold points

Guidance

If testing prior to restart is required, operations personnel should consider broadly the operability and intended function of the entire system, and should not focus only on the operability of individual components.

For requirements for post-maintenance verification and testing (which must be completed prior to return to service for SSCs on which maintenance was conducted during an outage), see REGDOC2.6.2, Maintenance Programs for Nuclear Power Plants [20].

7.5 Outage close-out activities

Requirements

On the completion of the outage, the licensee shall maintain records on:

• the outage summary report, documenting the activities completed, deferred, or excluded from the scope
• documentation of the results of the readiness-for-service verification

The licensee shall provide these records to the CNSC as required; for more information, see REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28].

Guidance

The licensee should also document outage lessons learned and opportunities for improvement.

8. Safe Operating Envelope

The safe operating envelope (SOE) is the set of limits and conditions within which a reactor facility must be operated to ensure compliance with the safety analysis upon which the reactor operation is licensed and that can be monitored by or on behalf of the operator and can be controlled by the operator. [29]

Requirements

The licensee shall, at all times, maintain and operate the reactor facility within the limits of the SOE.

Guidance

For information on general requirements related to the SOE, see CSA N290.15, Requirements for the safe operating envelope of nuclear power plants [25].

8.1 Operational limits and conditions

Requirements

The licensee shall develop operational limits and conditions (OLCs) for ensuring that the facility is being operated in accordance with the design assumptions and intent, and in accordance with the licensing basis.

The licensee shall establish OLCs that:

• maintain adequate defence in depth
• preserve safety margins
• prevent conditions that could lead to anticipated operational occurrences (AOOs) or accident conditions

The licensee shall ensure the OLCs reflect the final design and are derived from the licensing basis.

The licensee shall ensure that the OLCs:

• include requirements for normal operation, including shutdown and outage stages
• cover actions to be taken and limitations to be observed by the operating personnel address:
  • safety limits
  • limiting settings for safety systems
  • limits and conditions for normal operation
  • surveillance and testing requirements
  • action statements and level of approvals required for deviations from normal operation
  • AOOs, including shutdown states
  • specified operating configurations, including operational restrictions in the event of the unavailability of SSCs important to safety

The licensee shall review and revise the OLCs as necessary in consideration of experience, developments in technology and updates to the safety analysis, and changes in the facility.

The licensee shall submit the OLCs to the applicable regulatory body (CNSC or provincial authority) for assessment and approval before commencing operation.

Guidance

The licensee should develop OLCs based on safety analysis of the facility, using deterministic safety analysis and complemented by probabilistic safety assessment (PSA) where appropriate. If a risk-informed approach is used, the licensee should follow the process described in section 2.3.2 of this regulatory document, Operations decision making.

The licensee should not solely use PSA results and insights, including the use of risk monitors, to justify temporary deviations from OLCs.

The licensee may use PSA results and insights, including the use of risk monitors, to assess the impact of facility configurations that result in unavailabilities of SSCs. The licensee should assess and manage the risk, with appropriate compensatory measures.

For more information on:

• deterministic safety analysis and how OLCs are derived from it, see REGDOC2.4.1, Deterministic Safety Analysis [30]
• the development of OLCs for new reactor facilities, see REGDOC2.5.2, Design of Reactor Facilities [11]
• the development and application of OLCs, see IAEA SSG70, Operational Limits and Conditions and Operating Procedures for Nuclear Power Plants [31]

8.2 Surveillance and testing program

Requirements

The licensee shall establish and implement a surveillance and testing program to ensure compliance with the OLCs. The licensee shall ensure that the results are evaluated, recorded, and retained.

Guidance

For guidance on the content of a surveillance program, see:

• section 3.3, Testing and surveillance
• CSA N290.15, Requirements for the safe operating envelope of nuclear power plants [25]

8.3 Operation within the safe operating envelope

Requirements

The licensee shall not intentionally exceed the OLCs.

If the OLCs are exceeded, the licensee shall take immediate action to return the facility within the boundaries of safety analyses in a safe manner.

The licensee shall have procedures for returning to the SOE upon discovery of operation outside the operating boundaries (as defined in the SOE) along with the commensurate actions and response time. The licensee shall ensure that the procedures incorporate the safety significance and the scope of the impact of the non-compliance.

Guidance

For any instances of non-compliance with the SOE, the licensee should review REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28], to determine if such a non-compliance is reportable to the CNSC.

8.4 Changes to the safe operating envelope

Requirements

The licensee shall establish a process for notification, including acceptance by the regulatory body as appropriate, of changes to the OLCs, prior to operation under the changed OLCs.

For neutral and conservative changes, the licensee shall submit written notification to the CNSC at the time of implementation of the revised OLCs.

For non-conservative changes or changes that are not clearly in the safe direction, the licensee shall submit written notification to the CNSC before starting to operate under the changed OLCs.

For all changes to the licensing basis that are not clearly in the safe direction, the licensee shall provide the CNSC with further assessments of the effects, to determine if Commission approval is required before starting to operate under the changed OLCs.

The licensee shall ensure that the SOE is subject to processes to keep it up to date with changes to the reactor facility’s design, operating procedures, deterministic safety analysis, and applicable regulatory requirements.

Guidance

The licensee should also consider feedback on operational events when making changes to the SOE.

The licensee should ensure that changes to the SOE are implemented in a timely manner. For information on the general requirements and guidance on changing the SOE, see CSA N290.15, Requirements for the safe operating envelope of nuclear power plants [25].

9. Response to off-normal conditions

Off-normal conditions are anticipated operational occurrences (AOOs), design-basis accidents (DBAs), design extension conditions (DECs), and other disturbances that may affect facility operations.

Response to off-normal conditions refers to the measures taken to:

• prevent or limit damage
• prevent or mitigate the consequences
• achieve a safe, stable state of the facility
• the preparatory activities necessary for implementation of such measures
• the measures to verify whether the facility can be returned to operation following off-normal conditions
• the measures to determine if the event was a serious process failure, and the steps to seek approval to restart after a serious process failure

Requirements

The licensee shall document and implement the necessary provisions to ensure that appropriate actions are taken to ensure safe operation in response to situations that do, or may, cause deviations from normal operational OLCs.

If an event is determined to be a serious process failure, the licensee shall seek approval from CNSC staff before restarting the reactor facility. For more information, see section 9.3, Return to safe operational state.

Guidance

Some examples of situations that do, or may, cause deviations from normal operational OLCs are:

• accidents of varying severity
• severe weather or environmental conditions
• social disturbances
• pandemics
• grid disturbances

9.1 Response to accidents and anticipated operational occurrences

Requirements

The licensee shall develop procedures and guidelines for accidents and AOOs, including accidents more severe than design-basis accidents. The procedures and guidelines shall identify:

• roles and responsibilities of the individuals and teams
• actions and verifications executed from the control room at the beginning of an event
• major safety challenges
• responses to events, including:
  • preparatory measures
  • the personnel and equipment (including numbers and types) that are necessary for response
  • measures for mitigating the consequences

Guidance

For more information on general requirements related to accident management and to emergency preparedness and response, see:

• REGDOC2.3.2, Accident Management [32]
• REGDOC2.10.1, Nuclear Emergency Preparedness and Response [33]

9.2 Business continuity related to operations programs

Business continuity is the level of readiness of a business to maintain critical functions during and after an emergency or disruption. Some examples of business continuity are security breaches. natural disasters, pandemics and social disturbances (that is, any event that limits operating personnel’s access to the site).

Requirements

The licensee shall establish and implement provisions for business continuity related to operations programs. The provisions shall include measures to ensure:

• safety of workers
• access to the facility location
• reliability of the supply chain
• continued safe operation

Guidance

Provisions for business continuity related to operations programs may be accomplished through the licensee’s business continuity planning documentation in their management system.

For access to the facility location, the licensee should ensure that arrangements are in place to respond to a situation that may cause difficulties for the outgoing shift staff in leaving the site, or for the incoming shift staff in arriving at the site in a timely manner; for example, severe weather conditions. Such arrangements should include preparedness for the use of all practicable means of transporting staff to and from the site, in particular the means for transporting the incoming shift staff to the site.

In the event of a severe weather incident, the licensee should ensure that provisions exist to call extra staff before the severe weather starts (so that staff can take turns to rest).

For more information on maintaining minimum shift complement, see REGDOC2.2.5, Minimum Staff Complement [22].

9.3 Return to safe operational state

Requirements

When an event occurs in which parameters deviate from the OLCs for normal operation, the licensee shall ensure that appropriate actions will be taken and appropriate operational decisions will be made, as per the applicable procedures, to return the facility to a safe operational state.

Following the event, the licensee shall:

• undertake a review and evaluation of the event (for example, by means of root cause analysis wherever necessary) to:
  • assess impact on the facility’s equipment, workers, and the environment
  • determine if the event was a serious process failure
  • take appropriate corrective actions
  • document any lessons learned
• notify the applicable regulatory body (CNSC or provincial authority) in accordance with the established event reporting system and applicable reporting requirements in REGDOC3.1.1, Reporting Requirements for Nuclear Power Plants [28]

The licensee shall establish restart conditions and criteria. Before restarting the reactor, the licensee shall revalidate the fitness for service and the safety functions that might be challenged by the event.

When an event is determined to be a serious process failure or where the determination as to the cause or to the extent of condition is inconclusive (that is, a serious process failure cannot be ruled out), the licensee shall submit a written request for approval to restart the reactor.

If more than 1 serious process failure occurs within a 3 year period, the licensee shall submit a report to the Commission and the Commission will make a decision on the ongoing status of the reactor facility.

Guidance

Some examples of actions for returning to a safe state are inspection, testing, and repair or replacement of damaged SSCs.

The written request for approval to restart the reactor should demonstrate that the facility remains within its licensing basis and is safe to operate. The report should include:

• a description of the event
• the causes of the event
• consequences and safety significance of the event
• a recovery plan including implementation of corrective actions and a fitness-for-service assessment on the SSCs affected by the failure
• sufficient technical details and measurements to verify the facility’s readiness to resume safe operation, including any conditions that the licensee proposes to impose upon reactor restart and on subsequent reactor operation to ensure safe operation of the reactor facility
• a description of the extent of completion of the conditions mentioned in the statement about the facility’s readiness to resume safe operation
• if more than 1 serious process failures have occurred at the reactor facility, analysis of the independence or commonalities of the multiple events

For definitions of serious process failure and significant fuel damage, see the Glossary section of this draft regulatory document; for the definition of significant release (used in the definition of serious process failure), see REGDOC3.6, Glossary of CNSC Terminology [29].

Glossary

For definitions of terms used in this document, see REGDOC-3.6, Glossary of CNSC Terminology, which includes terms and definitions used in the Nuclear Safety and Control Act and the regulations made under it, and in CNSC regulatory documents and other publications. REGDOC-3.6 is provided for reference and information.

The following terms are either new terms being defined, or include revisions to the current definition for that term. Following public consultation, the final terms and definitions will be submitted for inclusion in the next version of REGDOC-3.6, Glossary of CNSC Terminology.

infrequently performed test or evolution (IPTE) [essais et développements peu fréquents (EDPF)] The measures applied before undertaking planned activities that are not conducted routinely. Some examples are complex evolutions such as facility heat-up, startup and shutdown, physical tests, cooldown and refuelling.

IPTE [EDPF] See infrequently performed test or evolution.

PAC [CPG] See position assured component.

position assured component (PAC) [composant à position garantie (CPG)] A component that requires assurance of its setting (position) because an incorrect setting (position) may not be readily detected during facility operation by process monitoring or operating procedures and the component’s inadvertent operation could result in undesirable consequences. Some examples are valves, breakers, or hand switches in the control room.

reactor shutdown guarantee (RSG) [garantie d’arrêt du réacteur (GAR)] Administrative measures that are in place to prevent net removal of negative reactivity in the event of any process failure during a guaranteed shutdown state. See also guaranteed shutdown state.

RSG [GAR] See reactor shutdown guarantee.

serious process failure (défaillance grave de système fonctionnel) [new definition replaces the old one] With respect to CANDU reactor facilities, a failure that leads or that could lead, in the absence of action by any special safety system, to significant fuel damage or a significant release from the CANDU reactor facility. With respect to reporting requirements for CANDU nuclear power plants (NPPs), a failure of a process structure, system or component that leads to a systematic fuel failure or a significant release from the NPP or that could lead, in the absence of action by any special safety system, to a systematic fuel failure or a significant release from the NPP.

significant fuel damage (dommage important au combustible) Fuel damage caused by an event or situation, where more than 1 percent (> 1%) of the fuel has been brought outside its fitness-for-service levels.

systematic fuel failure (défaillance systématique du combustible) [to be deleted from REGDOC-3.6] Fuel that had no known defect prior to an event, but that fails or exceeds the fuel integrity criteria defined in the version-controlled document or in the licensee documents requiring notification of change as a result of the event

Download the full document as a PDF