Meeting of the Joint Subcommittee on Reliability and Probabilistic Risk Assessment and Regulatory Policies and Practices - September 23, 1999
UNITED STATES OF AMERICA
NUCLEAR REGULATORY COMMISSION
ADVISORY COMMITTEE ON REACTOR SAFEGUARDS
***
MEETING: RELIABILITY AND PROBABILISTIC RISK
ASSESSMENT AND REGULATORY POLICIES AND PRACTICES
***
Room T-2B3
11545 Rockville Pike
Rockville, Maryland
Thursday, September 23, 1999
The subcommittees met, pursuant to notice, at 1:00 p.m.
MEMBERS PRESENT:
GEORGE APOSTOLAKIS, Chairman, Subcommittee on Reliability and
Probabilistic Risk Assessment
THOMAS S. KRESS, Chairman, Subcommittee on
Regulatory Policies and Practices
WILLIAM J. SHACK, ACRS Member
MARIO V. BONACA, ACRS ember
JOHN J. BARTON, ACRS Member
ROBERT E. UHRIG, ACRS Member
JOHN D. SIEBER, ACRS Member. P R O C E E D I N G S
[1:01 p.m.]
DR. APOSTOLAKIS: The meeting will now come to order. This is the
first day of the joint meeting of the ACRS Subcommittees on Reliability
and Probabilistic Risk Assessment and on Regulatory Policies and
Practices.
I am George Apostolakis, Chairman of the Subcommittee on
Reliability and PRA. Dr. Kress is the Chairman of the Subcommittee on
Regulatory Policies and Practices.
ACRS members in attendance are John Barton, Mario Bonaca, William
Shack, Jack Sieber, and Robert Uhrig.
The purpose of this meeting is to review proposed revisions to the
NRC PRA plan. Tomorrow, September 24, the subcommittees will review the
proposal-making plan and study for development of risk-informed
revisions to 10 CFR Part 50, domestic licensing of production and
utilization facilities.
The subcommittees will gather information, analyze relevant issues
and facts, and formulate proposed positions and actions, as appropriate,
for deliberation by the full committee.
Michael T. Markley is the cognizant ACRS staff engineer for this
meeting.
The rules for participation in today's meeting have been announced
as the notice of this meeting previously published in the Federal
Register on September 3, 1999.
A transcript of the meeting is being kept and will be made
available as stated in the Federal Register notice. It is requested
that speakers first identify themselves and speak with sufficient
clarity and volume so that they can be readily heard.
We have received no written comments or requests for time to make
oral statements from members of the public.
The key document for today's meeting is SECY-99-211, status report
on the PRA implementation plan, issued August 18, 1999. The staff has
made substantial revisions to this update, in part, to address comments
in the General Accounting Office report, dated March 19, 1999.
The staff also briefed the Commission on the SECY-99-211 on
September 7, 1999.
We will now proceed with the meeting and I call upon Mr. Barrett,
Mr. King, and Ms. Drouin to begin.
MR. KING: For the record, I'm Tom King, from the Office of
Research. With me is Mary Drouin, also from the Office of Research, and
Rich Barrett, from NRR.
The agenda today had two topics, basically; a status report on the
quarterly update of the PRA implementation plan and then what are we
doing in response to the GAO recommendation to develop a strategy.
What I thought we'd do in the presentation is we've picked a few
key items from the PRA implementation plan and we wanted to update you
on the status on those items. I think those are some of the more
visible items that maybe you haven't heard about in a while. Then the
second half of the presentation to talk about what are we doing in
response to GAO recommendation.
So you will see on slide two is the list of things that we've
picked out to talk specifically about. There are seven of them. There
are some other things that we could have discussed, but we know there
are separate briefings coming up at the subcommittee, like the ATHENA
project, so we're not going to talk about that today.
The first one on the list is the PRA standard. That's the ASME
effort, the ANS effort, and the NFPA effort, and with that, I'm going to
let Mary and Rich talk a little bit about where we stand on those
projects.
DR. APOSTOLAKIS: Wouldn't it be better to start with the safety
goal revision or the standard is sort of a stand-alone issue?
MR. KING: I think the standard is a stand-alone issue.
DR. APOSTOLAKIS: Let's go with it.
MS. DROUIN: Mary Drouin, with Office of Research. As you're
aware, ASME is developing the PRA standard for level one full power
internal events, excluding fire, and a partial level, and what I mean by
a partial level two, they're only looking at large early release
frequency, just that part of the level two.
They issued a draft standard in February of this year. They went
out for a 90-day public comment and review period. They received, I
believe, comments from around 40 organizations.
So currently they are working on the next revision. That was
revision -- what they call revision ten. That went out in February and
so they are now working on revision 11 and it is my understanding that
they plan to, in the January timeframe, and it's a tentative date, to go
out for public review and comment again.
We do have some concerns here that going from Rev. 10 to Rev. 11,
that they have so dramatically restructured the standard, that it's
going to probably, in my opinion, add probably another nine months to a
year to the schedule, and it may not include the detail that we would
like to see in the standard.
DR. APOSTOLAKIS: Is it time well spent, you think? Are they
revising it for the better?
MS. DROUIN: I think that in terms of the technical stuff that's
in there, some of it is being watered down. They're making the
requirements more high level, which adds more room for interpretation.
In my opinion, I don't think Rev. 10 was prescriptive at all. It tended
to say what should be in a PRA. It did not go into detail how you
should do it.
But even the little bit of detail, which I don't remember very
much in, I think some of that is being removed.
DR. APOSTOLAKIS: So revision 11 will be substantially different
from what we saw which was ten.
MS. DROUIN: It's going to be very different.
DR. APOSTOLAKIS: Is the ACRS going to review it again?
MS. DROUIN: That's between you and ASME.
MR. BARTON: It sounds like we should.
MR. MARKLEY: It's currently on the December schedule, but I'm
waiting for a call back from ASME.
DR. APOSTOLAKIS: But we should, I think.
MR. BARTON: Yes. It sounds like it's the new document.
DR. APOSTOLAKIS: It's a new document, yes.
MR. MARKLEY: You recall, the industry -- maybe not the industry,
but some selected participants wanted to -- instead of have a standard
that focused in on one level of scope and detail of quality of PRA, they
wanted to break it up to say, well, if you're having a PRA that's just
going to be used for risk categorization or risk ranking, here is the
standard, if you want one, for risk-informed submittals, here is the
standard if you want one for risk-based submittals, here is the
standard.
So they sort of have a three-column format now on the standard and
I think there has been some -- it's not coming out as straightforward as
we had hoped.
In concept, it sounded like a good idea, but in practice, it may
not be. So that's another issue.
DR. APOSTOLAKIS: See, that's my concern, because I hear, also,
through the grapevine, that there are drastic changes and some people
are unhappy. So I think we should have an opportunity to review it. In
fact, starting with the subcommittee meeting, if it's a really new
document, where we can go into more detail and then, of course, give our
opinion to the full committee.
So now, Mike, you say that in December, we may -- in other words,
we may review it before they issue it for public comment or at the same
time?
MR. MARKLEY: Well, the last time I discussed it with them, we
were talking about it being a pre-consensus voting process. Now, the
public comment issuance is a new issue, to my knowledge, and I haven't
had a chance to discuss that. I was not aware of it from talking to
Jerry Eisenberg, but he did, in his phone message he left me, say there
is a possibility of the schedule sliding. So that's confirmed basically
by what Mary is saying here.
MS. DROUIN: As I said, ASME is just looking at the level one and
the level two for full power internal. Also, ANS is involved in this in
that they are developing the PRA standard for low power shutdown and for
seismic. Rich sits on that. You might want to --
MR. BARRETT: Yes. We had the first meeting of what's referred to
by ANS as the risk-informed standards committee. This is a consensus
committee that's been formed by the American Nuclear Society for the
purpose of developing these two consensus standards, one for external
events or external hazards and the other one for low power and shutdown.
But the concept is that this standards committee might be involved
in future efforts, as well, and there is some preliminary thinking about
that.
The standards committee is a large group, approximately 30 people,
representing a wide variety of organizations, government, industry,
vendors, academic community, and, in addition, they have put together
panels; one for the -- I guess you would call it the working group or
the writing group for external hazards, and one for low power and
shutdown.
Both groups have started preliminary work.
DR. KRESS: Do you know whether or not the focus on low power
shutdown is the type of PRA that's used for configuration control during
shutdown events or is it one that's addressing a broader need than that?
MS. DROUIN: Let me, because I sit on the writing group for the
low power shutdown, and we had our meeting. Right now, there are three
approaches that we're -- I shouldn't say three. There's really
basically two approaches; one that actually looks at, for the PRA, how
you're going to quantify the risk.
Another one --
DR. KRESS: Over the full lifetime of a plant.
MS. DROUIN: Yes.
DR. KRESS: Not just instantaneous.
MS. DROUIN: Yes. Full lifetime of the plant. But they're also
looking at configuration control in writing that, because that's more
from a utility desire, where it's looking for something. So we are
considering writing something in that area, too.
DR. KRESS: Thank you. That answers it.
MR. BARRETT: The only thing I'd like to add is that there is a
sense that developing a standard for external hazards is going to be a
simpler task than for low power and shutdown and that's primarily
because, for one thing, the external hazards does not include fire.
Fire is being handled separately by the NFPA. So it's primarily a
seismic issue and seismic PRAs, the sense is that we have a lot of
experience with them.
It's a relatively well developed methodology, with a lot of
consensus built around it, and that a standard would be simpler to deal
with than the lower power and shutdown, which has so many facets to it.
MR. KING: Nilesh Chokshi is the staff person on the seismic
writing group.
DR. KRESS: Who?
MR. KING: Nilesh Chokshi.
MR. BARRETT: Mark Cunningham and I are both on the standards
committee.
MR. KING: And as Mary said, she's on the low power shutdown
writing group.
DR. APOSTOLAKIS: Okay.
MR. KING: All right. Safety goals. Back in July, there was a
paper that went to the Commission -- in fact, we discussed it with the
committee before it went -- that talked about two things. One was the
status report on the 11 safety goal issues that had been identified last
year and the second was a recommendation to the Commission to let us go
forward and do a feasibility study on what we called high level safety
principles.
We haven't received an SRM yet from the Commission on the high
level safety principles piece. The safety goal piece was just a status
report, so we're not waiting for any Commission input at this point.
So we have not actually done anything on the feasibility study of
the high level safety principles, but I thought it might be worthwhile
just bringing you up-to-date on our current thinking on some of the more
key safety goal issues, because we have continued to think about that,
had some discussions. We haven't reached consensus on the real key
ones, the real tough ones yet.
Some of the things that we recommended were pretty
straightforward, cleanup items, and those are -- we're not going to talk
about those today, but I did want to talk about the things that are more
controversial and are going to be tougher to deal with.
So let me go to the next slide.
We start off with elevation of CDF as a fundamental goal, which
the committee recommended a couple of years ago. We've had a lot of
discussions on this and our current thinking is that we ought to add
some qualitative high level words in about accident prevention, just
like there are qualitative words in right now that deal with individual
and societal protection. We think accident prevention deserves similar
stature in the qualitative sense.
The safety goal --
DR. APOSTOLAKIS: Let me understand the meaning of the words
accident prevention. If you have a CDF subsidiary goal and a LERF goal,
aren't you preventing accidents?
MR. KING: Yes.
DR. APOSTOLAKIS: Why do you need an additional statement?
MR. KING: You recall what we have now is that we have qualitative
statements on protecting individuals and protecting society, and below
that we have QHOs, which define what do we mean by protection.
DR. APOSTOLAKIS: I see. So you're referring to the qualitative
part.
MR. KING: Right.
DR. APOSTOLAKIS: So there will still be a qualitative statement.
MR. KING: Yes. Because I think it's important not just to say
protect the public and let people decide how much of that they want to
do by mitigation versus prevention. I think we ought to emphasize
prevention. I think that's an important statement for the Commission to
make.
What we're thinking about now is then going in and adding the
subsidiary CDF and LERF objectives into the policy statement as
subsidiary objectives, but will provide some guidelines as to what do we
mean by this balance between prevention and mitigation.
DR. APOSTOLAKIS: So would then a statement on how important
accident prevention is result in a reduction in funding severe accident
research?
MR. KING: No, I don't think so. I think we still have the
mitigation piece, which is severe accidents.
DR. APOSTOLAKIS: But it seems to me that one can make a
reasonable argument that if the emphasis of the Commission is on
prevention, let's see how much money you're spending on level two
phenomena versus what you're spending on level one.
And if the difference is the other way, I think it's a legitimate
question, why are you doing it this way.
MR. KING: I think if there were a big difference, it might be a
legitimate question, but that's not the case today.
DR. APOSTOLAKIS: I understand that, but, I mean, the reason why
I'm asking is because the industry, as you know, for years now, has been
very cool to any research that goes beyond core damage and they are
claiming that what really matters is level one, because that's where we
see the return, we understand what's going on, it's something we can put
our hands on.
So I think this would give them further ammunition along these
lines.
Is that an -- I don't know, what's the word.
DR. KRESS: George, if this is the right thing to do, I don't
think we ought to worry about that. This is the right thing from a
regulatory objective to do.
DR. APOSTOLAKIS: But before we put forth revisions of such
important documents, I think we should understand all the possible
consequences. I'm not arguing against it, because I think it's okay.
DR. KRESS: I'm sorry. I thought you were arguing against it.
DR. APOSTOLAKIS: It would be a very dull afternoon if we just
didn't say anything, so I have to say something.
DR. KRESS: I see. I understand. It's worthwhile understanding
the ramifications, and I agree with you, that is a likely ramification.
DR. APOSTOLAKIS: Clearly we are emphasizing prevention even now,
if you look at the numbers we're using.
DR. KRESS: Sure.
DR. APOSTOLAKIS: Okay.
DR. SHACK: On that, the safety goal already has qualitative
statements that preventing core damage is important.
MR. KING: I think the words prevention of core damage show up in
there, but they don't show up as prominently as the other qualitative
statements. They're just sort of thrown in the discussion somewhere.
DR. KRESS: Would the subsidiary goals on CDF and LERF, would they
have equal status to what we have out for the quantitative health
objectives now or would they be --
MR. KING: My view is they would not. They'd be the next level
down.
DR. KRESS: Next level down.
MR. KING: The QHOs really try to put some number on what do we
mean by protecting the public and then the next level down, the CDF and
LERF would be some actual practical guidelines that you can use in
running and designing your plant to try and implement that.
The next item is definition of adequate protection. There was, at
one time, a recommendation from the committee to try and use the safety
goal policy to come up with some quantitative definition of adequate
protection. There's also been a lot of discussion from external
stakeholders about what do we mean by external or adequate protection.
The Commission nor the staff neither one has, at this point,
decided, yes, we want to go define adequate protection. We're wrestling
with that question in the context of the safety goal policy, but really
it's a broader question, because the concept of adequate protection
applies not just to reactors, it applies to every licensed activity that
we regulate.
So one of the things we had thought about with these high level
safety principles was going in and trying to qualitatively lay out what
does the agency mean when it says adequate protection and then maybe you
could, for reactors, come up with something a little more specific to
reactors to implement that.
Whether that's going to happen or not I don't know. But I think
we've clearly decided you can't quantitatively define adequate
protection. It's not a number. It's not a group of numbers.
Some people think it's a process, that you go through the process
of good engineering and QA and corrective actions and inspection and all
of that stuff, you end up with something called adequate protection.
Other people think it's more -- it could be defined in more engineering
terms or lines of defense terms without maybe putting a number on it,
but it's not a process. It's a physical attribute or some defined
attributes that you've got to have.
DR. APOSTOLAKIS: Would it be easier to talk about adequate
protection without necessarily defining it quantitatively? If the new
safety goal statement clearly identified the objectives of regulation by
this agency, the ACRS has written at least two letters, that I can think
of, where we keep coming back to it and saying -- well, the last one, I
read it yesterday, was in the package you sent me on Part 50, revising
Part 50, where we came back to it and said if you had developed this, a
set of objectives, stated explicitly, then the revision of Part 50 would
be easier.
Is this a time to think about that perhaps? That in addition to
the health objectives and so on -- now I remember. In that letter, we
also said that in the draft document we saw, I think Mary was here and
made the presentation some time ago on revisions to Part 50 a long time
ago, the letter was from last December.
MS. DROUIN: 50.59.
DR. APOSTOLAKIS: Okay, 50.59. Anyway, we said there are terms
like defense-in-depth and adequate protection, safety-related or
something, safety-significant, that were not defined anywhere and yet
they were used in sort of a routine way and on page 26, at the bottom,
you might say, well, but this is not a good option because of such and
such, and this such and such had never been defined up front as being
one of the objectives of the agency.
I think what we saw there is the result or a reflection of the
culture that has evolved within the agency as to what's important and
what's not important. So two people from NRR, when they speak to each
other, they more or less agree, yes, this is important, this is.
And I guess what the committee is saying is that it might make all
these efforts easier if somebody took the time to put these things up
front and discuss them with us and other stakeholders and say this what
we really want to do.
MR. KING: That's, in effect, what we had in mind when we proposed
these high level safety principles, to try and lay that out; what is it
we're trying to achieve with all these regulatory programs, what level
of protection.
DR. APOSTOLAKIS: And that has not started yet because you don't
have an SRM.
MR. KING: Right. And I agree, I mean I personally agree with you
that if we had such a statement of objectives, it would make defining
adequate protection easier, it would probably make some of these other
decisions easier, what do we mean by safety-related and that kind of
stuff.
DR. APOSTOLAKIS: Now, when you say consider a zone, what exactly
do you mean? A zone where, on the risk lane?
MR. KING: Well, this was a concept that our legal folks gave us
to think about and as I understand it, instead of defining adequate
protection in some fashion, what you would do is you'd say, okay, I'm
not sure exactly where adequate protection is, but I know if I'm in this
range up here, that I've got adequate protection and they call this a
zone.
DR. APOSTOLAKIS: But up here where? Are you talking about
numbers?
MR. KING: I think they would be more comfortable if you put
numbers on defining such a zone. Like, for example, Reg Guide 1174, we
have numbers in there. Everybody says if you meet those, if you come in
with a change that meets those numbers, there is not an adequate
protection concern. So that's a zone that we're comfortable in and we
don't have an adequate protection concern as long as we're in that zone.
What we had talked about was recognizing that that zone is pretty
-- only deals with small changes, it's obvious you're not going to worry
about adequate protection, when you're dealing with small and very small
changes, isn't there really some region below that you can also not
worry about adequate protection and could we define that presumptive
zone so that if people come in and they're beyond the 1174 guidelines,
we can at least know whether there is an adequate protection concern or
not.
So that when you have to make decisions on backfit, for example,
you know you're allowed to backfit on an adequate protection
determination and if you're above adequate protection, then you have to
use cost-benefit.
Well, this presumptive zone would help you figure out where you
are in backfit space.
So they're not comfortable with defining adequate protection in
some precise fashion, but they are comfortable with saying, well, if
you're up here in this zone, then you've got adequate protection.
DR. APOSTOLAKIS: Is it easier to define where you don't have it?
MR. KING: I'm not sure.
MR. BARRETT: That's an interesting question, because if you
define it as a point, then you have to be right there at the point. If
you define it very sharply and the licensee is to the correct side of
that point, then they have adequate protection and that's -- and if
they're to the wrong side of that point, they don't have adequate
protection.
If they're to the wrong side and they don't have adequate
protection, they can't operate. If they're to the right, to the correct
side of that point, then they have adequate protection and the
regulatory really has no business dealing with that issue anymore.
I don't think we want to be in either one of those places. One of
the proposals --
DR. SHACK: If you have George's three-zone model, where you have
a place where you're clearly in trouble, a place where you're clearly
safe, and then --
MR. BARTON: A fuzzy place.
DR. SHACK: -- a fuzzy place.
MR. BARRETT: One of the proposals is to have a combination of
criteria and processes, to think of it that way. For instance --
DR. KRESS: Or more than just two dimensions.
MR. BARRETT: In dimensions. For instance, you've got a bunch of
parameters that are controlled by the license amendment process. These
are your safety limits, DNBR 1.2, and PSH, all of these detailed
engineering criteria, plant design basis criteria, and they are
controlled by 50.59 and 50.90 and 50.92, the licensing process.
We've got some risk parameters that we've developed over some past
several years and you could say that in some sense, they're controlled
also by the same process, but through Reg Guide 1.174, and some of the
other guidance that we've developed, along with some of the guidance we
talked to you last month about.
So if you have a combination of some criteria or guidelines like
that, in dimensions, and each one has associated with it a process to
control it, not necessarily to control it at exactly that point, but to
at least make reasoned judgments about whether it's in the right range.
And then if you combine that with a process to take remedial
actions, if it's in an unacceptable area, then all of that combined will
give you adequate protection. And another example would be if you
suddenly found out that there was some new piece of operational
experience that took you outside where you thought you should be.
You have 51.09, which is a process to control that and to bring it
back into balance. So that's a view of adequate protection in the
compliance process with numerical values.
MR. KING: Another way to look at it, too, is, in effect, the new
plant oversight process has defined this zone, used this zone concept
where they have the green all the way down to the red zone. Down in the
red zone, they don't say the red zone is adequate protection, but what
they do is say is, hey, we're getting close enough to whatever adequate
protection is that we don't want the plant to operate anymore.
That's another way to look at it, another example of applying that
zone concept.
DR. APOSTOLAKIS: So you are now working on these issues?
MR. KING: We are now, from time to time, discussing these issues,
trying to settle in on what is it we want to recommend to the
Commission. One of the things we are going to do very shortly is issue
a Federal Register notice and have a workshop on November 9 to get
stakeholder input on these issues, all the ones we're talking about
here.
DR. KRESS: If you went with a green to a red type system, would
that be defining adequate protection in terms of performance indicators,
or you just use the concept and use something besides those that are in
the oversight?
MR. KING: Remember, the plant oversight process is a combination
of indicators and inspection findings. So it's not just numerical
values.
DR. APOSTOLAKIS: I think, though, that the factor, again, and we
do have an idea of where we are, if the core damage frequency, as
estimated today, the average long-term core damage frequency, if the
approach is ten-to-the-minus-three per year, it seems to me that the
staff is concerned about adequate protection, and something happens.
Now, that something may include a number of things. The licensee
may decide to try to put down, the staff may look at it and say, as Rich
said, that there are other measures, other protective measures that
compensate for this high value and so on, but I don't think that even a
licensee who finds an accident sequence with frequency more than
ten-to-the-minus-three, that that licensee would do nothing.
MR. BARRETT: We've had examples where licensees have calculated
total core damage frequencies in excess of ten-to-the-minus-three and
have implemented corrective action programs to gradually bring it into
more reasonable ranges. Yes.
DR. APOSTOLAKIS: So I think we have an idea of where the zone is,
but I guess that doesn't help very much when you actually have to put on
paper where the zone begins, right? The numerical definition is a
problem.
MR. KING: People can get uncomfortable at ten-to-the-minus-three
CDF, but if your containment wasn't operable, you'd probably be
uncomfortable, too, even if your CDF was ten-to-the-minus-four or
ten-to-the-minus five.
If you were finding programmatic breakdowns in your plant, even
though an accident hadn't occurred yet, you'd probably get
uncomfortable, too. People are not qualified, they were on drugs,
whatever, you wouldn't be too comfortable.
So there's a lot of things you've got to consider.
DR. APOSTOLAKIS: Is people taking drugs part of the safety
culture of the plant?
MR. KING: Well, I would think so.
MR. BARRETT: Hopefully, it's an aberration.
DR. APOSTOLAKIS: Okay.
MR. KING: The second item on that page is defense-in-depth. It's
mentioned in the safety goal policy that exists today, but it's not
defined, it's not described how we use it. What it means, we took a
stab at that in Reg Guide 1.174. We thought since it is such an
important concept, the safety goal policy ought to say more about it.
We also recognize these high level safety principles. It's a
concept that applies across the agency, as well. Should we step back
and, from an agency perspective, talk about defense-in-depth?
To me, this is a fairly key item. To me, this is more key than
the adequate protection. I think we can risk-inform Part 50 without
having a good definition of adequate protection. I don't think we can
do it without thinking hard about defense-in-depth and what do we mean
by it.
So if you had to prioritize the two, I'd put my effort on
defense-in-depth in the near term to try and settle out what we mean by
that.
Again, you know, we read the paper that was provided attached to a
committee letter about the structuralist and the rationalist approach.
We had a workshop last week on risk-informing Part 50, the option three
piece, and there was a guy from the UK there that talked about their
definition of defense-in-depth. It was an interesting concept.
So we're gathering some information.
DR. KRESS: Is there a paper on that or anything we could look at?
MR. KING: They have those documents, tolerability of risk, and
there is another one that came out recently, but I don't know if that
talks defense-in-depth. He did not hand out a paper.
DR. APOSTOLAKIS: So what did he say?
MR. KING: He basically said what they do is define lines of
defense and what they want -- for accident prevention, core damage, they
want two what they call strong lines of defense and the strong line of
defense is a capability to terminate the accident that also can
withstand a single failure. So they want two of those.
Then they want a weak line of defense for mitigation, assuming the
accident has occurred, the core damage has occurred, and they want a
weak line of defense. And then they combine that with probabilistic
goals on core damage and LERF, essentially, and that makes up there
ensemble of high level requirements for what they want to achieve in
terms of safety.
I thought it was interesting. But what he said was even if this
plant calculates a good CDF, they still want those lines of defense,
regardless of what your CDF says.
DR. SHACK: Sounds good to me, George.
DR. APOSTOLAKIS: Yeah, right. So now we start agonizing over
what is a strong line and what is a weak line and all that stuff.
That's why PRA was invented, to give you numbers for these things.
So I'm unimpressed.
MR. KING: You don't think there should be some floor on features
that you want in the plant, regardless of what your numbers say.
DR. APOSTOLAKIS: That's a very different question.
MR. KING: It's the same question, to me.
DR. APOSTOLAKIS: I'm unimpressed by what you've described. I
thought the other way. I don't think -- I think defense-in-depth --
defense-in-depth is insurance. Isn't it insurance?
MR. KING: Assurance or insurance?
DR. APOSTOLAKIS: Insurance.
DR. KRESS: Insurance.
MR. KING: I'd rather call it assurance.
DR. APOSTOLAKIS: I think it's really very similar to the idea of
insurance. When all is said and done, I'd really feel better if you put
that thing there.
DR. KRESS: We really do think it's intimately related to the
uncertainties.
DR. APOSTOLAKIS: Sure.
DR. KRESS: In your CDF and LERF, for example. And in that sense,
it's insurance. Somehow the definition, in my mind, has to draw in that
relationship to the uncertainties some way.
MR. KING: But if you had this floor of things, you say I'm going
to have these, and then beyond that, where you've got uncertainties,
maybe you want to add more for defense-in-depth purposes. That sounds
like a reasonable approach, to me.
DR. APOSTOLAKIS: Which is what we proposed in the combination.
The floor there is the high level structuralist approach. But no matter
what, you must have a containment, you must -- it's not a floor. It's a
ceiling. And then you go -- and by the way, there's a lot of people who
are unhappy with that and I'm -- they're developing this pebble bed
reactor. Now they're talking about there is no need -- about not
needing a containment.
MR. KING: They proposed that ten years ago.
DR. APOSTOLAKIS: I thank God this is an MIT project, so I have a
conflict of interest.
MR. KING: What they say is the little fuel particles are --
DR. APOSTOLAKIS: I'll let you guys resolve it.
DR. KRESS: There has been one member of the committee who has
said that it is rational to think about a system, a design that doesn't
need a containment.
DR. APOSTOLAKIS: Rational?
DR. KRESS: Right.
MR. BARRETT: In Reg Guide 1.174, we talk about defense-in-depth
and margin separately. It could very well be that for the pebble bed,
the two might be related in terms of the thermal inertia and --
DR. APOSTOLAKIS: But it's a separate issue.
MR. KING: The pebble bed said they had a trillion containment, so
these little fuel particles in there. Triple-coated, can withstand high
temperatures.
DR. APOSTOLAKIS: That's where my idea of insurance comes in,
because I think we're probably going to have a very hard time agreeing
that you don't need a containment, but that's my first reaction.
DR. KRESS: And it depends on the uncertainties and how well those
things function.
DR. APOSTOLAKIS: That's right.
DR. KRESS: Then the insurance inertia definitely is a good term
for that.
DR. APOSTOLAKIS: Anyway, we agree that the British approach is
not impressive.
DR. KRESS: At least on first glance.
DR. APOSTOLAKIS: Yes. As conveyed to us by Mr. King. Insurance,
insurance of a different kind.
MR. KING: I'll get a call from my colleagues in the UK.
DR. KRESS: Who was the British guy on this?
MR. KING: Nigel -- what was his last name?
DR. KRESS: Buttery?
MR. BARRETT: Holloway.
DR. APOSTOLAKIS: Holloway, Nigel Holloway.
MR. KING: The other --
DR. APOSTOLAKIS: I thought he was in weapons right now.
MR. KING: Yes. He's working on weapons now, but he's sort of
like a --
DR. BONACA: Trying to design a weapon to see if he can defeat
defense-in-depth.
MR. KING: It sounded sort of like an ombudsman for that program
over there, that when people disagree on do we provide adequate
protection or not, he comes in and listens to the arguments and tries to
sort out what the right answer is.
DR. APOSTOLAKIS: Anyway.
MR. KING: Societal risk and land contamination, those were the
other two big issues, open issues in the safety goal policy list.
DR. APOSTOLAKIS: Yes. And we've -- sorry, go ahead.
MR. KING: We've talked about the societal risk when it had to do
with the way we calculate the current QHOs. They're both calculated,
whether it's early or latent fatalities, they're calculated on an
individual risk basis. We have reg analysis guidelines that calculate a
person rem to society and makes decisions based upon that.
They also have different distances out to which you make those
calculations. So the amount of society that's affected is different in
those cases.
And then we don't have anything that protects the environment, so
we talked about should there be some lane contamination, but we haven't
settled anything on either one of these issues. I think we are
exploring two things now.
One, we're looking at maybe it would be -- make more sense to deal
with both of these issues by looking at should we have a goal on the
amount of material released from a reactor.
DR. KRESS: FC curves. Frequency.
MR. KING: Not the large early release that was in the original
safety goal policy at ten-to-the-minus-six, but some --
DR. KRESS: Some say release of any given --
MR. KING: Right, right.
DR. APOSTOLAKIS: Which are being produced by 1150 and other
studies.
MR. KING: Yes. But that would cover --
DR. APOSTOLAKIS: Which the Swiss are using, by the way.
MR. KING: Yes. But that would cover both of these issues. It
would protect society, it would protect land, and be irregardless of how
many people are around the site that --
DR. KRESS: It also implicitly incorporates LERF and explicitly
incorporates CDF.
MR. KING: Yes. So we're looking at that now. I don't know what
the answer is going to be.
DR. APOSTOLAKIS: The penalty is that you will probably need more
than one set of curves to satisfy Dr. Powers.
MR. KING: The other thing we're doing is looking at make the
distance -- the evaluation distance the same. Safety goals is ten
miles, reg analysis guidelines is 50 miles; shouldn't the population at
risk be the same, how did we decide ten miles, how did we decide 50
miles, why shouldn't they be the same.
I don't know, again, I'm not sure what the answer is going to be,
but those are the two things we're focusing in on now in dealing with
these issues.
I suspect the ten miles is because that was where the evacuation
distance is today that's specified in the regulations, which is based
upon risk analysis that was done a long time ago that shows that beyond
ten miles, you don't really get exposures to people that cause acute
health effects.
DR. KRESS: But one of your goals ought to include something other
than acute health effects.
MR. KING: Excuse me. Say that again.
DR. KRESS: It seems to me like one of your regulatory objectives
are to prevent releases even though they're not big enough to cause
acute health effects.
So you probably -- that calls for looking at the full range of
transport out to 50, 100 miles or whatever, it seems to me, because
although you don't have acute effects, you have other types of effects
that you -- I think rightly so, you have a regulatory objective to
prevent those.
I think you could deal with those all in FC curve space, frequency
consequence of release of given amounts. So that --
DR. APOSTOLAKIS: Is anybody looking into FC curves seriously?
DR. KRESS: That's why we sort of advocated those a little bit in
the first place, because they seemed to encompass, to some extent, all
of your objectives in one set.
MR. KING: Joe Murphy has got the lead for this. He's looking at
them. He's pulled some out and we've gone through them.
DR. APOSTOLAKIS: So full circle, back to what Ridge Farmer said
in '67, that's interesting, if we do.
MR. KING: If we do this.
DR. APOSTOLAKIS: Now, this workshop on the ninth, what day is the
ninth, does anybody know?
MR. KING: I think it's a Tuesday. The workshop is going to be at
--
MR. BARTON: November 9 is a Tuesday.
MR. KING: It's going to be up the street here at the Double Tree.
DR. KRESS: Is that the week we're here?
MR. MARKLEY: No, the week before.
MR. KING: But what we want to do in this Federal Register notice
--
DR. APOSTOLAKIS: Oh, I know what I'm doing, yes. Okay. I'm up
in the air, so I can't come.
MR. KING: We want to lay out the options, the pros and cons, some
questions, so that people have something to chew on before they come to
the workshop.
DR. APOSTOLAKIS: So this is only on the safety goal revision.
MR. KING: Only on the safety goal revision and it's going to
focus on these issues we just talked about.
DR. KRESS: Do we have to have a special invitation to come?
DR. APOSTOLAKIS: No. It's NRC.
DR. KRESS: It's here?
MR. KING: It's up the street at the Double Tree Hotel.
DR. APOSTOLAKIS: So these overarching principals, the objectives
that we keep asking in our letters, you are not working on that right
now, because for that you want to have a separate SRM.
MR. KING: We asked Commission permission to do the feasibility
study. We have not gotten permission yet. We're not doing anything on
those.
DR. APOSTOLAKIS: So Murphy working on this is not actually
thinking about the overarching principals, also, because you are waiting
for --
MR. KING: He may be thinking about them, but he's not writing
anything down.
DR. APOSTOLAKIS: But that's an important point, though, because I
think having those objectives is really -- in fact, if I can read one
sentence from the letter dated December 14 to Dr. Travers, articulation
of the regulatory objectives should be a restatement of the NRC's
mission related to what it may consider to be the complete definition of
safety, as contrasted to risk.
So clearly this committee feels this is extremely important and
that seems to be left out of the writing. I don't know what else we can
do. The Commission is obviously thinking about it.
Wasn't it a question by Commissioner McGaffigan at the last
meeting regarding cost of doing all this stuff?
MR. BARTON: Yes.
DR. KRESS: He didn't think it was --
MR. BARTON: He didn't think it was worth it and it would be too
long and too costly or something, is the comment he made. It's in the
writing there someplace.
DR. APOSTOLAKIS: So who would be addressing this concern, the
staff?
MR. BARTON: I guess so.
DR. APOSTOLAKIS: Or should we do something, if we feel --
DR. KRESS: That might be part of our meeting with the Commission.
DR. APOSTOLAKIS: That's a good idea. Maybe we should do that.
MR. BARTON: This item is on the Commission briefing.
DR. APOSTOLAKIS: It is?
MR. BARTON: I think so, risk-informed Part 50.
DR. APOSTOLAKIS: Okay. So we can raise it ourselves.
MR. BARTON: You can raise it at that time.
DR. APOSTOLAKIS: That's not the same thing, though.
DR. KRESS: I don't think the policy, the safety goal policy.
DR. APOSTOLAKIS: No, it was not.
MR. MARKLEY: I think that discussion is more focused on the Part
50 rather than necessarily the goals.
DR. APOSTOLAKIS: Unless we bring it up.
MR. MARKLEY: Yes.
DR. KRESS: We could include it.
DR. APOSTOLAKIS: This is really an important issue.
DR. KRESS: Yes.
MR. KING: Let's move on.
DR. APOSTOLAKIS: One question. This is a report from the PRA
implementation plan.
MR. KING: Right.
DR. APOSTOLAKIS: And as you know, there has been criticism of the
plan, I believe, also, criticism of the agency by the CSIS, is that the
acronym? That we don't appear to have a strategy.
MR. KING: GAO made that.
DR. APOSTOLAKIS: GAO said that.
MR. KING: We're going to talk about that.
DR. APOSTOLAKIS: I thought the CSIS said the same thing.
MR. KING: The CSIS said we don't have a good definition of what
our safety --
DR. APOSTOLAKIS: That's definitely one of the things they said.
Anyway, independent --
MR. KING: Slide 19 and beyond is where we're going to talk about
the GAO recommendations.
DR. APOSTOLAKIS: But I wonder whether what you are presenting
here, Tom, is really a plan. Is it really a plan?
MR. KING: That's part of the problem. What we have in today's
PRA implementation plan is a catalog. It's not a plan and it's arranged
by office and here is what each office is doing in the PRA area.
DR. APOSTOLAKIS: So you will address that when you come to the
GAO report.
MR. KING: Yes. Next item, Rich is going to talk a little bit
about the risk-informed licensing actions that have been taking place.
MR. BARRETT: When we briefed the Commission in early September,
we had a section on risk-informed licensing actions. So we include it
here, but, in fact, I don't think we should spend much time on it today.
We had a very extensive briefing for the ACRS back in April. Mark Rubin
went through it in quite a bit of detail for this subcommittee, as well
as for the full committee.
And in large measure, nothing has changed in terms of where we're
going and what we're trying to accomplish. I would like to say that
this is an ongoing program. It's a healthy program. We continue to get
submittals from the industry, we continue to turn them around at a
healthy rate.
Right now, what we're trying to do, more than anything else, is to
focus on making this type of licensing action as much -- as close --
resemble as much as possible every other licensing action we do.
Specifically, quantitatively, in terms of the timelines with which we
can turn these things around and the resource burden associated with
reviewing these licensing actions.
We're trying to get to the point where we can essentially do these
in the same -- with the same amount of effort and with the same
timeliness as with other licensing actions.
We think we're doing pretty well on that, but one of the things
we're trying to do is to develop the capability to monitor both those
parameters, so that we can have a quantitative measure of how well we're
doing.
So I really would propose not to dwell very much on this
particular aspect of the PRA implementation plan. I think it's
something we've discussed a great deal in front of the committee in the
recent past.
MR. KING: The risk-informed reg guides. When the Commission
approved issuing those as final guides, they also said do an annual
review of those guides to see what needs to be updated to keep them
current.
That annual review came due over the summer. We issued two memos
to the Commission, one in June and one in August, that said based upon
the experience to date, here are some areas that we think need to be
updated and we proposed a schedule to go update the guides.
What I've listed here is just a quick summary of the areas that we
feel right now are candidates for revision in the regulatory guides.
These revisions would start sometime early next calendar year.
Reg Guide 1.174, if we get a PRA standard, we certainly want to
endorse it. We had said, when we issued the guide originally, that we
needed to think about additional guidelines for the shutdown condition,
because right now it's just CDF, based upon the low power and shutdown
work that Mary is going to talk about later, that comes out of that, we
may propose some additional more specific guidelines for the shutdown
condition.
And then it was pointed out that we have risk guidelines in 1.174,
particularly a lot of plants, like half the plants doing the IPEEE
didn't use seismic PRA, they used seismic margin; should we put
something in that deals with that methodology and allows -- provides
some guidelines.
So those are the three main areas in 1.174.
DR. KRESS: Do you recall Rick Sherry's paper on that subject?
MR. KING: On seismic margins?
DR. KRESS: Yes, and how to convert them into risk numbers.
MR. KING: No, I don't remember that.
DR. KRESS: There is such a paper. You'd probably want to look at
it.
MR. KING: I'd like to see that.
DR. KRESS: I don't know -- I don't want to endorse it, but it's
something you might want to look at.
MR. KING: Mike can get us that?
DR. APOSTOLAKIS: Regarding 1.174, a I remember, it's been a while
since I looked at it, but as I remember, there isn't really very much in
1.174 on importance measures and it turns out that very important
risk-informed decisions are based on the use of importance measures.
In fact, risk-informed ISI, risk-informed GQA, the regulatory
guides deal exclusively with importance measures. It seems to me there
is a disconnect between the general guidance and the applications. It
would be nice, when you revise 1.174, to give it -- to pay attention to
the importance measures, the attention they deserve, and offer astute
comments as to how, by using that, does one really -- it's not clear how
one complies with -- whether one complies with 1.174 delta CDF and delta
LERF guidelines, because we don't have the models to calculate delta CDF
and delta LERF.
And we take it on faith that if you categorize the components
according to RAW and Fussel-Vesley, it makes sense then to relax some of
the requirements.
Tomorrow we'll have more on that, but I think it's an important
omission because if you -- if a new reader reads only 1.174, that person
will have no idea that these very important activities are taking place
in the name of 1.174 without really having a direct connection to 1.174.
So I think a good discussion there, right after you have figure 3
and 4, delta CDF and delta LERF, would be really very appropriate,
because that will give you the opportunity also to think again about the
connection between the two.
DR. KRESS: I suspect if you ever get around to including these
other objectives in the policy statement, those might have to show up in
future version 1.174.
MR. KING: Yes, that's true.
DR. KRESS: But that's sometime in the future.
DR. APOSTOLAKIS: Now, regarding the importance measures, I was
doing some simple calculations on the plane and I must say I got very
perplexed. And tomorrow, again, we'll see that basically what the
revision to Part 50 is, at this point, is really a reclassification of
components and systems and structures to some new category that will be
safety-significant, not safety-related.
And the basis for those things are really the importance measures.
So I'm wondering whether we have really thought about importance
measures and what they mean and I'm toying with the idea, Mike tells me
I can do it, so I may do it. Tomorrow morning I will use a slide or two
to show you why I am perplexed.
But I can give you the flavor of it right now, if you want.
MR. KING: Sure.
DR. APOSTOLAKIS: Take a simple system, where you only have one
accident sequence, just one, and it has three elements, one, two and
three. One can be the initiating event and the other two the
unavailability of systems.
So the product or the three frequencies are unavailabilities is
the ultimate bad thing, the core damage.
DR. KRESS: The contribution.
DR. APOSTOLAKIS: Yes, but there is only one sequence in this
fault experiment. So I ask myself what is wrong for each of the
elements. And if I take them as having the same unavailability, if you
do the calculation, it's one-over-Q. So if the unavailability is
ten-to-the-minus-two, RAW is 100, because RAW says take the
unavailability, the baseline availability, set Q equal to one for that
component, and divide by the total.
Now, the total is the product of the three. In the top, you have
the product of the remaining two. So it's one-over-Q1. And
Fussel-Vesley is one, because there is only one minimal cut set. So the
numerator and the denominator are the same. Right?
So now it appears -- well, okay. So now, what do I have? I have
a RAW of one-over-Q and a Fussel-Vesley of one. Now, I'm saying, well,
gee, I really want to improve my system. I'll go out of my way to
improve my system.
So I had only two components to save me and now I'm adding 100.
Defense-in-depth at the extreme, right? One after the other, all of
them must fail. So now I have a huge accident sequence that must --
that has 100 plus 303 elements.
Calculate RAW again. Still 100. Calculate Fussel-Vesley. Still
one. Nothing happened.
DR. KRESS: So you've got 100 things and I'll have a RAW of 100.
DR. APOSTOLAKIS: That's one observation. The other observation
is that I went through this extraordinary expense and I have not
affected RAW, I have not affected Fussel-Vesley for the original
component, and I don't know. I mean, it was just two hours ago. I
don't know what the consequences of that are.
I think what's missing here, Tom, is the absolute value of the
core damage frequency. We are working only with relative stuff. So in
a relative RAW sense, it's still 100. The fact that you spent five
million to improve the system is completely irrelevant, and that bothers
me.
Then I go to another case. Suppose now there are two accident
sequences, the original one plus another one. The system must be worse,
right? Because now there are two ways it can fail, two minimal cut
sets.
And I recalculate the RAWs and now they are smaller. Do the
calculations. It's not one-over-Q anymore. It's smaller. So because I
have a new way of failing the system, the importance of the original
component went down.
DR. KRESS: Because of parallel paths.
DR. APOSTOLAKIS: Yes. But isn't that crazy? That's crazy. But
by making the system worse, the individual risk must go down, and
Fussel-Vesley. It goes down. It's not one anymore.
So I'm able to put those in a viewgraph for tomorrow morning,
because I don't have the answers myself. But I think what happened is
that people developed these things in the past and now just use them,
it's simple to use, and say, well, gee, that's great. But I'm not sure
that anybody really has sat down to think about what exactly these
things mean.
I don't understand why, by having an additional accident sequence,
it diminishes the importance of the original components.
MR. BARTON: It sounds like you're perplexed, George.
DR. APOSTOLAKIS: I am completely perplexed. So tomorrow morning
you may get it in writing, but that's essentially the essence of it.
MR. KING: Okay. All right. Let me just quickly go through the
rest of these reg guides. The one on tech specs, we had this tier one,
two and three concept in there. Tier two was really a configuration
risk management program. With the maintenance rule now requiring that,
we don't need the tech spec reg guide to put the same thing on. So
that's a change we propose.
DR. APOSTOLAKIS: Let me understand what this is. Reviews of the
tech spec AEOD request indicates the tier two. What is tier two?
MR. KING: Remember, that was the configuration risk management
that they had to analyze.
MR. BARTON: That they put in their tech specs. They went for an
extended period of time.
MR. KING: With an extended allowable outage time.
DR. APOSTOLAKIS: I'll go back and -- that's fine.
MR. BARRETT: I think it's actually tier three.
DR. APOSTOLAKIS: Now, regarding the allowed outage time, you will
still have that five-ten-to-the-minus seven probability.
MR. KING: That is, yes, probability, that is still in there.
DR. APOSTOLAKIS: Still in there. It's interesting. I was
reading a paper written by three guys from Southern California, Don Hook
being one, on their risk monitor and they say something interesting
there. They say that when they have -- when they are in these temporary
conditions, they have also a limit on the -- an upper bound on the
condition of core damage probability, like everybody else does, but then
they go on and say but we are really believers in conservative risk
management, so we also have a bound on the condition of core damage
frequency, which is such and such.
So they don't only look at the integral over time, but they also
want the CCDF never to exceed that bound, which is interesting. It's
more conservative than this regulatory guide and, again, the question is
whether the staff has thought about these things.
MR. KING: That's one of the safety goal issues. I didn't put it
on the slide, because I didn't think it was at the magnitude of the
others, but should we have some guidelines on temporary risk conditions.
DR. APOSTOLAKIS: Okay.
MR. KING: So that's one of them.
DR. APOSTOLAKIS: Fine. But I thought it was interesting that the
licensee was doing something more conservative.
MR. KING: The other thing that's being thought about now is those
same conditional probabilities that are in the tech spec reg guide are
being considered for implementing the new maintenance rule A-4
requirement. So it would be the same numbers.
The Reg Guide 1.175, the IST guide, there has been some feedback
about even though things are categorized as low safety significance, we
still require too much testing. So the staff is thinking about ways to
relax that in the revision and, also, if the ASME code cases on
risk-informed IST ever get approved, we'd go ahead and reference those,
as well.
GQA is sort of on hold at this point. We don't have any specific
recommendations. So there was a rule that was issued in April of this
year that allows plants to make changes to their QA programs on a 50.59
type process. If another plant had been approved to make those changes,
similar plants are allowed to come in and put them in without any prior
staff review and approval. So that may take care of a lot of the
problem. I don't know if Rich wants to talk anymore about that.
Then Reg Guide 178, the ISI one, remember, we issued for trial use
or scheduled to incorporate experience and issue it as a final in June.
DR. APOSTOLAKIS: Tom, it appears to me that you are halfway
through your presentation. You have 24 viewgraphs. Shall we take a
break here?
MR. KING: Whatever you want to do.
DR. APOSTOLAKIS: Okay. Recess for 15 minutes. Be back at 2:25.
[Recess.]
DR. APOSTOLAKIS: We're back in session. So we're on viewgraph
12.
MR. KING: Number 12. Number 12 is something that was discussed
in a SECY paper, 99-182, but I'm not sure how much the committee saw it
or discussed it. I thought it was an important piece of work and that
we had been asked by the Commission to look at the risk impact of
exemptions to Appendix R.
We approached that by taking nine plants whose IPEEEs said that
the fire risk from those was at the high end of the list. We excluded
Quad Cities because that had been looked at separately and they were off
doing things as a result of that. But we looked at nine others and came
out with results.
There were 169 exemptions that were looked at. Most of them
turned out to be non-risk-significant, but there were several that were
risk-significant, and I've asked Alan Rubin, if you wanted more detail
on what was done and what they came up with, he's here to -- he did the
study and he's here to talk to you about it.
But there is going to be some follow-up action by NRR on the ones
that they found that were risk significant.
DR. APOSTOLAKIS: So can you give us one example, Alan?
MR. RUBIN: Let me just make a general observation now. We based
our analysis on IPEEE results and we felt that the overall big picture
was very robust, the conclusions that the large majority of the
exemptions were not risk-significant, were either small or
indeterminate.
For the plant-specific results, we need to follow up to verify the
analysis. So an example is at one plant, in an area where there was a
high core damage frequency or high contributor to core damage frequency
for that plant, the cable vault area, the lack of automatic fire
suppression covering the entire area and also lack of a one-hour fire
barrier.
So we're following up to see whether or not indeed the data that
we've got in the IPEEE submittal, in our analysis, bears out when we go
back and talk to the utility.
DR. APOSTOLAKIS: So the utility had requested an exemption.
MR. RUBIN: This was going back historically, in the past, had
requested an exemption. Yes.
DR. APOSTOLAKIS: They didn't have an automatic suppression
system?
MR. RUBIN: Not complete coverage in this case, yes.
DR. APOSTOLAKIS: Now, it turns out, what, that not having that
makes the CDF high?
MR. RUBIN: By definition, we looked at high risk significance as
a potentially -- we call them potentially risk significant, it's greater
than ten-to-the-minus-fifth contributor to CDF. It was consistent with
Reg Guide 1.174 definitions.
DR. APOSTOLAKIS: So the exemption there -- I mean, if I were to
submit an application, a request, following 1.174, I would say I don't
want to put in an automatic suppression system in this particular room,
and here is the reason, and then it wouldn't pass. That's what you're
saying.
MR. RUBIN: What I'm saying, one of the -- Tom mentioned the
follow-up activity that we're doing is on the specific plants that we
found potential risk significant exemptions. I think it's particularly
significant.
Another follow-up action is that in the future, we're going to
encourage licensees to make exemption requests risk significant, provide
information in the Appendix R area that, as a basis, looking at their
IPEEE results to see whether the exemption effects scenario, that high
risk contributor, for example, provide that information in their
exemption request.
DR. APOSTOLAKIS: When they requested the exemption, what
arguments did they give you?
MR. RUBIN: Pretty much, it's deterministic.
DR. APOSTOLAKIS: Yes. But I'm curious to know, because it's
interesting that on a deterministic basis, their request was approved
and now we find that in a probabilistic basis, it might not have been
approved.
Is there anything we can read to understand better what --
MR. RUBIN: We'd have to go back. That's one of the follow-up
actions we're doing, to look at those specific exemptions. And it's a
relatively small number. Only -- there are really only five exemptions
out of 169 that were in this category of potentially risk significant.
DR. APOSTOLAKIS: Could you send us anything to read?
MR. RUBIN: Yes. There's a SECY paper that's available.
DR. APOSTOLAKIS: On this particular issue?
MR. RUBIN: On this, yes.
MR. KING: And the numbers are on the viewgraph there.
MR. RUBIN: SECY-99-182.
DR. APOSTOLAKIS: I'd like to look at that.
MR. KING: But I think the answer to your question is yes. If
this had been a risk-informed exemption request, it would have been
denied.
DR. APOSTOLAKIS: And I want to understand better why. That's an
interesting situation.
MR. BARRETT: What's interesting, from our perspective in NRR, is
that the SECY paper gives some guidance as to the characteristics of the
types of exemptions that might be risk-significant versus the types, the
vast majority of the exemptions which are not risk-significant.
So what we're planning -- what we're doing right now is developing
guidance for how to screen these Appendix R exemptions so that we can
decide which ones to kick up for risk look, and then if, upon
examination, it looks like it might be risk significant, we would open a
dialogue with the licensee on that.
DR. APOSTOLAKIS: Last time we had a presentation here, I believe
you were here, Rich, discussing the authority of the staff to invoke
risk arguments when the licensee does not use them.
MR. BARRETT: Right.
DR. APOSTOLAKIS: This would be a good case, right? The licensee
comes, thinks they have a good case and a deterministic basis not to do
something, then you come back and say, no, on a risk basis, you can't,
there goes the two-tier system.
MR. BARRETT: This is a little different from a regulatory
perspective because this is a case where a licensee proposes not to meet
the rule, whereas the paper we discussed last month was what to do if
they meet the rule and yet you think there is a risk issue.
But technically, it is still the same problem.
DR. APOSTOLAKIS: Conceptually.
MR. BARRETT: Yes, right. So what we're planning on doing is
implementing this guidance informally and then after we've identified
the first case, then I think we'll be developing general guidance on how
to deal with these things and put out some guidance to the industry.
And as Alan said, we would like to encourage certain types of
Appendix R exemptions to be risk-informed.
DR. SHACK: Just out of curiosity, what are your tools for doing
this risk impact assessment of the Appendix R exemptions?
MR. BARRETT: Well, if we identify one that looks like it's
risk-significant, the first thing we would ask is for the licensee to
use their risk model to address it, which, in this case, would be their
IPEEE.
If the licensee chooses not to do that, then we would have to go
and look at -- I really don't know where we would go at that point. We
might have to actually look at their IPEEE.
MR. RUBIN: Let me give you an example of what we did as our
study, and, again, with limited resources, we had a lot of exemptions to
look at. We would take a case where there was an exemption and look at
the IPEEE and if that was in an area that was a dominant risk
contributor, generally that was listed as what contribution that was to
core damage frequency for the plant in the fire area.
We would then go and say, okay, if the exemption were not granted
and there were a different -- automatic fire suppression was included at
the plant, how would that affect the overall results for that particular
area and the overall contribution to CDF, and we find a delta of
ten-to-the-minus-fifth or greater, we considered that potentially
risk-significant.
Less than ten-to-the-minus-sixth, we said small or very small,
basically a non-contributor to risk. So we're relying on the best
information we have. There are limitations that are discussed in the
Commission paper and using IPEEEs, but it really is probably the best
and most solid information that we have available to do this kind of
assessment.
MR. BARRETT: The ground rules for this kind of a licensing action
are different than for, say, a license amendment. 10 CFR 50.12 gives
the criteria under which the staff may consider granting an exemption
and those criteria are different than the finding you would make for
approving a license amendment.
It's a somewhat higher hurdle to cross.
MR. KING: Okay. Fire risk methods, just quickly. We'll talk
about three risk methods. First, fires. We had issued, back in June, a
program plan on fire risk research, and I know we've got a -- I believe
there is a meeting scheduled with the subcommittee in November, so you
will hear more about it then. But that started about nine months ago,
the work on fire risk.
It still has a long way to go, but it has, to date, helped out on
developing, for example, in the IPEEE, developing the questions to ask
licensees, providing some information on how to evaluate their heat loss
factors, for example.
So it's feeding into IPEEE at this point. It's developing
information for model validation, but there's still quite a few areas
that need to be done. And I don't intend to go into this in detail,
since you'll get a separate briefing on it.
DR. APOSTOLAKIS: We will be briefed in a month, is that what you
said?
MR. KING: November, I understand. I don't know the day.
DR. APOSTOLAKIS: The full committee or the subcommittee?
MR. BARTON: It's a subcommittee meeting, I think, in November.
DR. APOSTOLAKIS: Subcommittee. But then there will be a full
committee meeting.
MR. KING: We would like to get your letter on the plan we sent
you back in June.
Methods to address aging, the risk of aging. We had done a
feasibility study, the draft report has been issued, that looked at one
aging mechanism, flow accelerated corrosion. It looked at the
application of that Surry plant to determine the practicality of
implementing such a model.
DR. APOSTOLAKIS: These two bullets there, who did that work?
MR. KING: A contractor did this work. I think it originally
started at INEL and they had a subcontractor.
DR. APOSTOLAKIS: Yes. I have a conflict of interest with this,
too.
MR. KING: I'm not sure it's a subcontract with you or the
university, but you're involved in this.
DR. SHACK: You have to ask, George?
MR. BARTON: Guilty by association, George.
DR. APOSTOLAKIS: The third bullet there was a little bit of a red
flag to me. I gave a paper on that up here. So Dr. Kress is chairing
now.
MR. KING: We're still looking at the feasibility, whether we
ought to continue this program, extend it to other aging mechanisms, how
practical is it to implement, and how do you treat uncertainties given
that, in some cases, if your model works really well, you're not talking
about random failures, you're talking about being able to predict when
something will fail due to aging mechanisms, whether it's flow
accelerated corrosion or thermal fatigue or whatever.
If you do a good job, it's not a random effect anymore. It's a
failure prediction. So in the next few months --
DR. SHACK: Does this try to include the effect of, say, your
inspection program to prevent the failure?
MR. KING: I'm not sure I can answer that level of detail.
DR. APOSTOLAKIS: So far, no.
MR. KING: We'd certainly -- if the committee wanted to be briefed
on this, I don't think we have any separate briefing schedule for the
subcommittee on this program, but it could be arranged if you felt you
wanted to hear more about it.
DR. KRESS: Speaking as the Chairman, I think it's definitely an
area we'd want to hear about later, whenever it's ready.
MR. KING: Okay.
DR. APOSTOLAKIS: Do you want him to bring the contractor?
DR. KRESS: Yes, and you can bring your contractor along.
MR. KING: All right. Low power and shutdown work is underway.
Mary can talk briefly about it. There is a separate briefing schedule,
again, in November to the subcommittee, so we won't spend much time on
it. But I know there have been a number of plant visits and visits to
EPRI and so forth after our workshop that we had back in April.
DR. APOSTOLAKIS: So what is the consensus? It says here -- am I
back on? Yes, I'm back on the subcommittee.
The last bullet says that there is consensus that it maybe
significant. In fact, I think from the studies we have seen, there
should have been consensus view that LPSD risk is significant.
It may be significant for an individual plant, but it's agreed it
is significant, is it not? Several PRAs have showed that.
MS. DROUIN: All that bullet was trying to say, George, is that
prior to the workshop, in terms of the NRC, we had looked at strictly
Surry and Grand Gulf and can you extrapolate that to the industry.
So we had the workshop. Industry is coming in and they're just
saying yes, when you look at lower power shutdown, you need to be
concerned about the risk, it is comparable to full power. So there is
not a debate there, is all I'm trying to say.
DR. APOSTOLAKIS: That's, in fact, why I'm raising the question.
The question, as I recall, when we met, was should -- and I think the
Commission is very much interested in this -- should the agency start
from scratch, so to speak, or from the two studies that the two national
labs did and take it from there and then the concern is that that may be
too expensive, or has the industry or other parts of the world made
significant strides in this area, so we don't have to reinvent the wheel
everywhere.
So what is it that you learned from these site visits and meetings
with the developers? Did you find out that they went beyond what
Brookhaven and Sandia did or they are simply copying those methods?
MS. DROUIN: What you have seen is a complete range going from one
extreme to the other, where some utilities have done nothing to some
utilities who have developed very detailed low power shutdown PRAs.
DR. APOSTOLAKIS: But have they gone beyond what BNL and SNL have
done?
MS. DROUIN: No.
DR. APOSTOLAKIS: No.
MS. DROUIN: No.
DR. APOSTOLAKIS: So the state-of-the-art is still those NUREG
reports.
MS. DROUIN: Right. And if you go to the next slide -- and we're
going to come in, like I said, in November and give you a detailed
briefing of what we've learned from those site visits and from other
areas.
But everyone agrees -- and when I say everyone, both at the NRC
and as we went to the site visits, also, people who were at the workshop
who weren't necessarily licensees that we visited, are issues that need
further work and the issues are all over the place, also.
So everyone agrees that additional work needs to be done in this
area and supports the idea of that, because everyone is agreeing that,
yes, you need to be concerned with the risk from low power shutdown.
DR. APOSTOLAKIS: So that confirms suspicion. Now, I think this
is a very sensitive issue. I don't think that some Commissioners and
perhaps other senior managers of this agency really want to do another
1150 on this.
I don't think that by just saying that low power shutdown risk may
be a significant contributor that is a reason that people will feel is
compelling enough to start the research project here.
I think an additional argument, which is very strong, in my
opinion, is that the industry is doing certain things to manage low
power shutdown risk. They use ORAM, SENTINEL and so on, which is a
mixture of risk insights and deterministic, say, defense-in-depth kind
of things; do you have means to cool the core, that kind of thing.
And the argument that has been made on our side is that the staff
right now really doesn't have the analytical tools to be able to
evaluate the validity of what the industry is doing. Would you agree to
investigate that? You may be able to investigate part of it based on
what BNL and SNL have done, but overall, I think that's a true
statement.
And the need then to look at low power shutdown risk really should
be anchored on that rather than the fact that it's important, because
they may tell you it is important, but we are controlling it this way.
But if you say, okay, that may be great, but I really can't tell, that's
the whole idea of doing the research in these matters, to be able to
convince yourself that, yes, what ORAM and SENTINEL does makes sense to
us.
DR. KRESS: George, I agree, but I wouldn't want to put all my
eggs in that basket either, because as I mentioned before, there are two
distinct types of low power shutdown risks. One of them is to manage
outages and it's an instantaneous risk meter, and that's what you're
talking about. I personally think that's in fairly good shape.
DR. APOSTOLAKIS: Yes.
DR. KRESS: But you do need a way to monitor it, like George says.
The other part of that is what contribution does this make to the
average overall risk over the lifetime of a given plant for putting into
your risk-informed regulatory procedures has nothing to do with
instantaneous risk. Well, it does, but not much. And that's an
entirely different application --
MS. DROUIN: I agree.
DR. KRESS: -- that takes a different PRA and --
DR. APOSTOLAKIS: You're right.
DR. KRESS: -- for use in that, I think that's another strong
motivator.
DR. APOSTOLAKIS: I agree.
MS. DROUIN: And that's the one, because what you see when you do
look at ORAM and all of these, they are exactly that. They are
configuration control management tools. They don't go in and calculate
the risk of the plant. And in doing that --
DR. KRESS: It's an instantaneous risk.
DR. APOSTOLAKIS: Let's call it conditional. No, I fully agree.
I fully agree that for risk-informed applications, we have to have a
good number from there. So that's a third argument.
MS. DROUIN: And a good model.
DR. APOSTOLAKIS: But it seems to me, based on my impression now,
and talking to various groups, the only argument that really flies at
this point is the ability of the -- the lack of the tools, the ability
of the staff to really look at what the industry is doing and say, yes,
we like it, or maybe you should change this.
I notice the Commissioners are much more willing to listen if you
tell them that than if you say no, it's important, we have to
understand.
MR. KING: Isn't it really more than that, though? Right now we
have 1.174 that doesn't say much about how do you deal with a shutdown,
what's important, what should you look for. We don't need a full
benchmark PRA every time somebody wants to go in and do something that
affects the shutdown condition.
If we can get some insights out of work that's been done by
industry, by overseas, wherever, that says these are the plant
conditions that are important, some are relative or ballpark idea of how
important they are, and then just use that as some sort of checklist or
evaluation tool for looking at licensee submittals, so if they're not in
this condition, we don't worry about it; if they are, we do worry about
it.
DR. APOSTOLAKIS: Submittals for what?
DR. KRESS: License amendments.
MR. KING: License amendments.
DR. APOSTOLAKIS: License amendments.
MR. KING: We've also had operating experience that says things,
risky things happen in plant configurations that were not analyzed in
the Brookhaven and Sandia studies. They focused in on a couple of
specific plant operating states, but they're not the ones that always
pop up as the risky ones.
DR. APOSTOLAKIS: And I think this, again, brings up the issue of
objectives. I keep coming back. Because some people make the argument
that the risks simply cannot be comparable because the hazard is lower.
On the other hand, perhaps if you look at it from the public risk
perspective, maybe there's some point there. But can you really afford
an incident, you know, start spilling radioactive water into containment
and so on and there is panic and emergency and so on, even though
nothing happens outside? No, I don't think we can afford that.
And I think, again, that comes back -- that's the first
cornerstone of the staff oversight process. We don't want initiating
events. But we are not really stating that as an overarching principle
anywhere.
So, again, I think people are talking in different wave lengths
there. One person says, well, gee, from the public health and safety
perspective, I really don't think this is that important. But then
others worry about it, and I think that there is this intermediate
objective that people are concerned.
So really we need those principles somewhere.
MR. KING: I agree.
DR. APOSTOLAKIS: You don't always have to kill people outside the
containment.
MR. KING: No.
DR. APOSTOLAKIS: In order to worry about it.
MR. KING: No. We just have to get them excited and that's
enough.
DR. UHRIG: We've already had one incident with -- I think it was
Vermont Yankee, went critical with the lid off, about 20 years ago, 15
years ago. They had a criticality.
DR. APOSTOLAKIS: For how long?
DR. UHRIG: It was up in the -- I don't remember. Was it kilowatt
power up in the -- then they got to megawatt. It went critical with the
lid off. Somebody moved something and, of course, it brings you back to
the SL-1 accident.
DR. KRESS: That went critical, didn't it?
DR. APOSTOLAKIS: Prompt.
DR. UHRIG: I don't think it was prompt critical, but it went
critical.
MR. BARTON: SL-1 was.
DR. UHRIG: SL-1 was prompt critical.
MR. KING: But anyway, I think the standards effort will go a long
way toward trying to give us a tool by which to evaluate submittals.
DR. APOSTOLAKIS: But how can the standard be written when the
basic work has not been done or is the staff happy with the two studies
that the laboratories did? My understanding is that they only looked at
limited number of data.
MR. KING: The standard could be written saying this is what ought
to be done. Maybe there aren't PRAs that have done all of that yet, but
there's probably been enough work done that you could say, gee, if I had
to do it again, this is how I'd like to do it.
Now, speaking for myself here, I'll let Mary correct me.
MS. DROUIN: We have in our writing group for the standard
identified areas that are going to be needing work. You just can't
write the standard there yet because the work, the technology is not
there. So we have recognized that, but I don't think because there are
areas that need some further work, that doesn't mean you can't write a
standard. You just don't write a standard for that particular area.
DR. APOSTOLAKIS: Well, if the standard simply says additional
work is needed, sure, you can write it.
DR. KRESS: This is going to take a different kind of PRA. This is
going to have to be some technology developed.
DR. APOSTOLAKIS: Yes, that's what I'm saying, that you have to do
this basic stuff first.
DR. KRESS: You can't do it. You don't have the technology. We
can't wait till then to write the standard.
DR. APOSTOLAKIS: What's what I'm saying. I agree with you.
Maybe I didn't say it in so many words, but.
DR. KRESS: Yes.
MR. KING: Anyway, this culminates in a report to the Commission
in December that is going to lay out where do we go from here, and
that's what we want to talk to you about in November, and get your
insights.
DR. APOSTOLAKIS: Incidentally, I was looking at some of the risk
monitoring, a paper that described what was in the risk monitor the
other day, and this is -- they claim that they also put or they will put
shortly the low power shutdown model.
I think there is a problem there and I think it applies also to
the maintenance configurations. If you take out a particular component,
they go to the baseline PRA and they say component A is out, let's put
its unavailability code to one, simple enough. Try and count the
numbers again and now we have the new numbers and do whatever we want to
do.
Well, it turns out it's not as simple as that. It really is not
as simple as that. If you really look at the PRA -- let me give you an
example.
Let's say I have two trains in parallel. In the PRA, I'm going to
put various terms about the unavailability of the system. One term is
the random, so-called random failure contribution, which is the product,
right? Then there will be a common cause failure contribution. That
will be the unavailability of one times beta.
And there may be others, human errors, that's the maintenance, he
forgets to do it here and then does it again there.
Now I'm going to a situation, a maintenance situation where train
A is down and I go to my PRA and I say, well, Q for that train is one.
What happens is that that affects only the random failure of the two
trains. Instead of Q-square, they will put Q. Are you still going to
keep Q beta, the common cause failure probability? What common cause is
this?
That should be eliminated, it shouldn't be there anymore. Are you
still going to use the same human error probabilities for forgetting to
re-close valves? No. Because that has a probability that they forget
to do it in one and a conditional probability they will repeat the
error.
Well, there isn't any possibility like that anymore, so that
should be modified.
And in the case of recovery actions, now they know that train A is
down. So it's not like it's hitting them -- an initiator is hitting
them Christmas Eve and they're trying to recover and so on and that's
what the PRA analyzes.
Now they know this is out. Maybe there is more vigilance. I
don't know. Maybe people are more aware of what's going on. So the
probabilities that were used there are not valid anymore.
The net result of all of this is by taking systems out or trains
out, and it's not a simple matter to modify the PRA, it's not a simple
matter of saying Q is one, and I'm not sure that many people realize
that.
DR. KRESS: But, George, when you do that, you get an effect on,
say, the CDF that is conservative.
DR. APOSTOLAKIS: For some of them.
DR. KRESS: I would have thought all of them.
DR. APOSTOLAKIS: Maybe, maybe. Because I said that you should
eliminate some terms.
MS. DROUIN: I agree with you, absolutely. I certainly haven't
looked at all the -- there aren't that many, but all the ones who have
created low power shutdown models. The ones that I have looked at are
aware that even though they might start with their full power model, all
they're doing is taking the essence of the fault trees.
They do know to go in and change the data appropriately, because
you have to go in and you have to look at your test and maintenance,
because that all changes, your common cause does change.
DR. APOSTOLAKIS: Right.
MS. DROUIN: But you made a statement of risk monitor --
DR. APOSTOLAKIS: But they don't do that.
MS. DROUIN: No. The ones I've seen have done it. I think that's
just a lack --
DR. APOSTOLAKIS: The risk monitor does it?
MS. DROUIN: Risk monitor -- that's not a feature of the software.
That's a feature of the analyst. I wouldn't put that on risk monitor.
DR. APOSTOLAKIS: Right. No, but --
MS. DROUIN: The risk monitor is just taking the physical model.
It's the analyst who has decided what data to put in there.
DR. APOSTOLAKIS: Right. But what I'm saying is the analysts have
not made those provisions. I'm sure they are aware of it, but when the
utility uses the monitor and we say now we're going to take this out
because we're not going to do on-line maintenance on train A of the
emergency core cooling system, and then they put that down and now you
see the core damage frequency going up.
I think that's the result of a calculation where only their
hardware and availability of that train was one.
DR. KRESS: I think they made a judgment that that because it's
conservative, that's all that's worth doing to it.
DR. APOSTOLAKIS: That's speculation.
DR. BONACA: I think -- no. I know that more than that is done.
All the considerations that you're making are being taken into
consideration. That's why you have a guy applied full-time to doing
those kind of evaluations. He just goes through the model and you have
really guidelines, in fact, very specific about going back and checking
that, for example, if there are certain cut sets where you had some
measure that you made, you take back the sequences and you look at them,
because those considerations are being taken.
MS. DROUIN: I am sure --
DR. BONACA: Yes, because there is a big impact -- you're sure.
MS. DROUIN: I am sure that you have utilities who have not done
it properly. I am aware of some that have done it properly. But I
would say that this is a very good argument for a standard, because it
would get into those kinds of things.
DR. APOSTOLAKIS: Nobody is arguing against it, but I have not
seen evidence, written evidence that this is being done. Now, if you
tell me that some people are doing it, sure.
DR. BONACA: And when you go to two components out of service, it
makes an additional complication. In fact, you cannot take the same
model. You have to really go back in and do -- so it's very
time-consuming and when we talked about the issue of evaluating two or
more components out of service, recognize that this is --
DR. APOSTOLAKIS: My point, Mario, is that if they do this and
they have an analyst doing it, maybe they do it for some cases, but it's
hard for me to see how a computerized system, like a risk monitor, does
it exactly.
DR. BONACA: I agree.
MR. BARTON: I don't think the risk monitor does. I think an
analyst looks at it. You've got certain standard configurations that
analyst has looked at and considered what the risk is and if you deviate
from that and you go back and re-look at it, the deviation from that
previously analyzed configuration, that's what they do.
DR. BONACA: I don't know who uses blindly a risk monitor, because
you're absolutely right, it doesn't work that way. You're right.
MS. DROUIN: That's a decision made by the analyst, not by the
software.
DR. APOSTOLAKIS: I understand that.
DR. SHACK: The question is what is the software doing.
DR. APOSTOLAKIS: What is the software, that's what I'm asking. I
have no doubt that people will sit down and do this if asked. But what
I have difficulty accepting is that the risk monitors, as they are now,
have all these separate analyses.
DR. KRESS: It's not just the input that matters.
DR. APOSTOLAKIS: It's not just the input. It's a structural --
they may do it, they may do it. I'm not making a blanket statement.
DR. BONACA: I'm sure, in several cases, the issue of bounding is
one that is taken into consideration, because ultimately you're not --
but the -- and there are a lot of approximations that you make. For
example, if you have -- I mean, if you have -- if they're asking you to
perform a sensitivity on risk by having two components out of service at
the same time or separate times and do it separately.
I remember we used to make just one evaluation. And having both
of them simultaneously, that gives you a bound. Now, you know that if
you take them separately, then it's less risk. But the other thing is
that you communicate the bound of having both simultaneously out and
typically you do it because you know that if they do it one after the
other, there is a chance that they will, in fact, be simultaneously out
of service.
So there are a lot of things that are being done to simplify the
task and it's being done by the analyst, you're right.
DR. APOSTOLAKIS: That's my concern.
DR. BONACA: I know.
DR. APOSTOLAKIS: That I know that the analyst can do it. Analyst
intervention is required.
MS. DROUIN: Yes.
DR. APOSTOLAKIS: So I would -- now, if you give me a risk
monitor, I have serious doubts that they have all these ultimate
analysis there, but I may be wrong.
MS. DROUIN: To my knowledge, they don't.
DR. APOSTOLAKIS: That's my point.
MS. DROUIN: I think you have a valid concern, George. I think
you have a valid concern. I was just trying to differentiate that it
was the analyst problem, not the software problem.
DR. APOSTOLAKIS: Sure. In fact, that's why I have the concern.
Precisely because it's an analyst issue, not just a user issue.
MS. DROUIN: Yes.
DR. APOSTOLAKIS: Okay. Where we are?
MR. KING: Let's move on.
DR. APOSTOLAKIS: We are developing insights, no?
MR. KING: We are bringing you up to speed on important things.
DR. APOSTOLAKIS: SPAR looks like a Roman acronym. Wasn't there a
Roman thing, SB --
DR. BONACA: QR.
DR. APOSTOLAKIS: QR. That's why I said looks like. I didn't say
it is. What does it mean, SPQR? It means accident sequence precursor.
MR. KING: This is the last item we thought might be of interest
to you, before we get into the GAO stuff. The accident sequence
precursor program, usually you start out with looking at events, it then
occurs, and you go in and you calculate what was the conditional core
damage probability of that event.
But we're also using those same models for other things and one
that's kind of prominent right now is looking at D.C. Cook, where a
number of design and configuration issues were identified, almost a
couple of years ago, and the plant has been shut down for a long time,
and they're facing a restart decision in January.
DR. APOSTOLAKIS: Let me ask again here. When did the Cook plant
do an IPE?
MR. KING: Cook did an IPE.
DR. APOSTOLAKIS: And how did they find those design problems?
MR. KING: Through inspection, as I understand it. Maybe Rich
could answer that.
MR. BARRETT: There was -- I guess almost two years ago now, there
was an architectural engineering inspection at Cook. It was one of the
design basis inspections and that inspection uncovered some problems
with the way in which the design of the ice condenser containment was
being controlled.
That led the licensee to shut the plant down and begin an
internally initiated set of inspections, which identified, I believe, in
excess of 100 design basis problems.
DR. APOSTOLAKIS: When was the IPE done, before this happened?
MR. KING: Yes.
DR. APOSTOLAKIS: And the IPE does not reflect any of this.
MS. DROUIN: The IPE on D.C. Cook was not one of the better ones.
In fact, this was one that we did a site visit and we wrote -- when we
wrote the staff evaluation report on it, we only blessed it with a lot
of caveats.
The caveats being that D.C. Cook was going to come in and make all
these changes to their PRA.
DR. APOSTOLAKIS: The reason why I'm raising the point is I'm
wondering to what extent this particular experience supports the Union
of Concerned Scientists' argument that we can't have risk-informed
regulation because your PRAs don't have design errors.
MR. KING: Well, I think --
MS. DROUIN: I would be real --
MR. KING: On the surface, you can make that argument, but I think
what the results of this study is going to show is that when you look at
those 114 issues, there's only one that's risk-significant and that's
from looking at them individually. There's also going to be -- try and
group them and look at more of a cumulative effect, which hasn't been
done yet, but will be done between now and December.
But to me, what this study says is in terms of corrective actions
at the plant, what should be focused on. Well, it should be focused on
the one that really pops out as risk-significant and maybe not worry
about the others so much.
DR. APOSTOLAKIS: When we claim that our PRAs are for the plant as
it is, not as designed, are there any lessons from this that one can use
in future PRAs to make sure that indeed that what the PRA analyst puts
down really reflects the real thing?
MR. KING: I think that's the flip-side of this. In theory, the
IPE should have recognized these things and included them in their
model, and they didn't, and how many other plants out there have similar
situations.
MS. DROUIN: I don't think this is a good --
MR. BARRETT: The issues that have been raised at D.C. Cook and in
other places where there have been design basis problems, by and large,
are issues that fall below the radar screen of the PRA. In other words,
these are issues regarding whether the design basis of a particular
piece of equipment is being met, and that may or may not affect the
reliability and availability of that piece of equipment.
But the kind of issues we're talking about here would not be
modeled in a PRA, by and large. Some of them might, but --
DR. APOSTOLAKIS: Because they are risk-significant.
MR. BARRETT: Because PRAs don't necessarily know how to deal with
them. For instance, the issue that was found to be significant was one
that had to do with environmental qualification and it's difficult to
systematically evaluate the effect of environmental qualification on
reliability and availability. I don't believe it's generally done in
PRAs.
MS. DROUIN: Well, what is done in a PRA is that you look at the
accident scenario and see if an adverse environment has been created and
then if it's been created, typically what has happened, then you assume
failure.
What happens with many people is that they neglect to look at
that. They don't look to see if there's adverse environments. It's not
that the PRA can't do it. It's mainly the analyst didn't do it.
MR. BARRETT: I think that's what happened here.
DR. BONACA: Let me say that we have some experience to evaluate,
at Millstone, for example. At Millstone-3, a very specific equipment
example was the RSS NPSH issue. Now, since we found a condition of very
low pressure, assuming a full failure of containment, where NPSH could
be challenged, that you could have cavitation, the assumption is, from
the design standpoint, that the pump, that the RSS doesn't work. You
would not be able to do that because you have an NPSH problem.
In reality, what we're addressing is a very narrow spread
condition. Again, full open containment with atmospheric conditions and
certain others, they will challenge your NPSH.
Under other conditions, your NPSH will be available and you will
be available to recalculate. The issue I'm trying to say is that when
we looked at it and quantified it, from a PRA standpoint, contribution
to risk was minimal, because it was a hypothetical failure of delivering
that function and even then an assessment was done to show that those
pumps may cavitate, but not fail.
From a design standpoint, that's categorized as a failure, because
you don't deliver, under all conditions, what you're supposed to
deliver.
So the PRA is such a more complete model because it allows -- it
is much more robust in the sense that it takes into consideration all
the other scenarios under which a system will function, will be
successful.
Furthermore, conditions where you don't deliver your design
objective, but you're still operable or functional, functional, are
considered a PRA success, not considered in design failure.
I mean, we did the evaluation and wrote, in fact, to Lochbaum,
because he asked questions regarding that, and it's interesting how the
PRA was still fundamentally valid for those plants.
DR. APOSTOLAKIS: But the argument that UCS is using is that this
is a fatal flaw of risk-informed regulation. Design problems that your
PRA does not reflect, and there is a need for a rational argument for or
against this position.
DR. BONACA: But, in fact, it is a strength of the risk-informed
approach that is able to truly put into perspective what the failure of
a system means. It means under certain conditions, in a very narrow
scenario, and what is the contribution to risk resulting from that
specific deficiency that you may have, which may even not affect your
functionality. It may affect your operability from a licensing
standpoint, but it may not affect functionality.
DR. APOSTOLAKIS: Sure, you can do that if you know that there is
something that's called a design error. You can evaluate its
significance.
But the argument they make is not that. The argument they make is
I have a PRA, I have the core damage frequency distribution and so on,
and I really don't believe it, because I don't think those guys looked
for these errors, possible errors.
DR. SHACK: But the deterministic is no better. If the wall is
half the thickness that you think it is --
DR. APOSTOLAKIS: That's the argument I would use, too, but the
fact that I'm repeating the concern does not mean I agree.
DR. BONACA: But I think we have documented very important basis
upon which the risk evaluation is much more robust and credible, because
it gives you a full measure of it. If you're saying that a piping
system is not designed to withstand 200 degrees Fahrenheit, what does it
mean? It may mean the support systems may be banned in the one time in
which you use that system for recirculating, for example, inside
containment.
Piping would be unaffected, any evaluation will tell you that.
From a licensing standpoint, you will say that the system has failed
because it doesn't deliver it's licensing intent, which is the one of
being fully compliant with the temperature requirements which were
imposed in the design.
So you see, deterministic is very myopic. It doesn't tell you if
it works or not. The PRA will say that's another issue, because when
called upon to operate, it will function, there will be no leakage, and
so they will be functional.
DR. APOSTOLAKIS: Anyway, this is the argument and --
DR. BONACA: I understand that. I'm only saying that --
DR. APOSTOLAKIS: And 1.174, by the way, is not -- has not been
promulgated as an alternative. Let's go on.
MR. KING: I view this as good news. You've got a bunch of design
errors and not much comes out of them in terms of risk.
DR. APOSTOLAKIS: Except for one.
MR. KING: Except for one.
DR. APOSTOLAKIS: And even that is not one.
MR. KING: I just thought that -- I don't think you're aware that
we're using the models in this fashion.
DR. APOSTOLAKIS: I remember many years ago, Diablo Canyon had
similar problems and PRAs had not been developed at that time. I got a
bit involved in that and one of the Bechtel guys took me on the side and
gave me a lecture about what it means to design a nuclear power plant,
that you expect to have these deviations, just because the regulations
and the standards say you do this and that. It's such a complex
facility, that there will be all sorts of deviations here and there and
that's why you have such a conservative design, to make sure that these
will not be significant.
So you're confirming this. I mean, the naive approach of an
academic might be, gee, you really violated the regulations, you know,
when you built the thing, and the guy says, well, let me give you the
real story here, yeah, we do that all the time; not all the time, but if
you look carefully, you'll find a lot of them.
MR. BARTON: You'll find a lot of these, yes.
DR. APOSTOLAKIS: You will find a lot of them. But the system is
still robust because of the extreme conservatism that's everywhere.
MR. KING: Should we have defense-in-depth to account for design
and construction --
DR. APOSTOLAKIS: That's what defense-in-depth did, yes.
MR. KING: Okay. GAO.
DR. APOSTOLAKIS: I can see structurally written all over you,
Tom. Is not Tom asking? Now I know.
DR. KRESS: Tom L. King.
DR. APOSTOLAKIS: Oh, it's L.
MR. KING: It's L. GAO, as George mentioned in his opening
remarks, put a report out in March that basically had one recommendation
in it and that was the agency ought to develop a strategy for where we
want to go in risk-informing our activities and how do we get there,
because they came in and interviewed a number of people, found out what
we were doing, but it wasn't clear to them, beyond what we were doing
today, what were our goals in terms of how much of this -- what the
agency does, do they want to risk-inform, how practical it is to do it,
when are we going to do it, what are the resource implications and so
forth.
And at least we in Research felt that they had a point in that the
PRA implementation plan only really told you what you were doing today
and what you had accomplished in the past.
So we had prepared a response and the Chairman signed it out back
to GAO that said we will go ahead and pursue this recommendation and
since that letter has gone out, I've gotten a number of calls from GAO
folks saying, you know, how far have you made it, can we have something
to look at.
DR. APOSTOLAKIS: Why are they interested so much? Who is the
force behind this?
MR. KING: I'm not sure. I mean, GAO doesn't really do anything
unless some Congressman or Senator asks them to do something, and I'm
not sure who originally kicked off their audit where they came in and
looked at risk-informed regulation.
But they had told -- they had said that the -- there were supposed
to be Congressional hearings, in fact, today. They've been postponed,
but the focus of GAO's testimony at those hearings, they told us, was
going to be what have we done about their recommendation to develop this
strategy.
So it's fairly important that we make some progress and we decide
what we're going to do and make them aware of it. Otherwise, it's going
to come back and we'll be criticized again.
Anyway, what we've done is we've been working on an outline as to
what this document would look like and it's raised a lot of questions
regarding how it fits into the overall structure of other agency
documents that exist, what's really its purpose, how much detail is it
going to have and so forth.
So what we're talking about is work in progress. We're still
debating a number of these questions. But the next few viewgraphs sort
of lay out at least a concept that's on the table now for discussion and
we're hoping to have this sorted out and have a first cut at this
document by February 2000.
What we basically envision is that we will take today's PRA
implementation plan and turn it into what we call a risk-informed
regulation implementation plan. It will have this front end to it that
talks about what are the agency's goals and objectives for risk-informed
regulation.
DR. APOSTOLAKIS: That's not what you have here, right? When you
say objectives to describe what, how and when the NRC decides to
risk-inform an activity, that's really a much lower level objective.
MR. KING: The agency's strategic plan has these high level
objectives that we will pursue risk-informed initiatives.
DR. APOSTOLAKIS: So you believe that is responsive to the GAO
criticism?
MR. KING: No, I don't think that is. I think what's needed is a
document that says, okay, your high level goal is to risk-inform your
activities, what are you going to do, how do you decide and how do you
make those decisions as to what you're going do, and I view this
document as --
DR. APOSTOLAKIS: So the question of why you want to risk-inform
is not raised. I thought -- if I look at --
MR. KING: I think it is. It is.
DR. APOSTOLAKIS: It says scope, objectives, goals. Somewhere
there maybe there is a word vision, but they are not interested in that.
In other words, if the agency were completely risk-informed, what would
the agency be doing, how do you see that. I thought that was part of
the question. And then having established that, the question is now
what strategies do you have to get there. Maybe I misunderstood.
MR. BARRETT: I think part of the problem that GAO had was that we
were -- we had a strategic statement, we have a policy statement that we
think this is a good thing to do, and then we -- you kind of -- when you
look at all the documents that we have, you jump right to the PRA
implementation plan and what you see is a catalog of things we're doing
and it looks -- from an outsider's perspective, it looks like we just
found some targets of opportunity and we went and started doing it and
that we really didn't have a strategy, that we didn't know -- we didn't
have a statement of where we wanted to arrive and how much we were
willing to spend to get there and how we were going to set our
priorities.
So this document is meant to be that middle document that takes
those high minded goals and the strategic goal and says here is how
we're going to make decisions as to prioritize our activities and
allocate our resources and measure our progress, and make a statement of
where we want to go, how far, how fast.
DR. APOSTOLAKIS: So the GAO then did not question the wisdom of
going to a risk-informed system.
MR. BARRETT: No, I don't believe so.
DR. APOSTOLAKIS: They took that as a granted and they just
complained that they don't see a plan to get there.
MR. KING: In fact, I think it's probably the opposite. I think
they support risk-informed and they'd like to see us go as far as we can
go in that area, but they don't see us laying out a plan to do that.
DR. APOSTOLAKIS: And, in fact, you agree with them, from what
you're saying.
MR. KING: We agree with that. It's not evident as to where we
want to go and when we want to go there. All the strategic plan says
today, for example, in the reactor area is we will develop and implement
risk-informed and, where appropriate, performance-based regulatory
approaches. That's all it says. So it doesn't help you very much.
DR. APOSTOLAKIS: Now, the first sub-bullet there, I think, is a
bit misleading to describe what, how and when you decide to risk-inform
an activity. I get the impression, and I'm sure it's not correct, but I
get the impression that, again, you're looking at individual things and
saying I'm going to risk-inform this and that.
I would expect to see something more global, more noble, you know.
Attack the whole thing and look at it and --
MR. BARTON: They're not going to attack the whole thing.
DR. APOSTOLAKIS: Attack is the wrong word.
MR. BARTON: What is an activity is really your question.
MR. KING: That's right.
DR. APOSTOLAKIS: But risk-informing Part 50, you would call that
an activity?
MR. KING: Yes. Risk-informing the inspection program.
DR. APOSTOLAKIS: Come on. Really?
MR. KING: Risk-inform the inspection program, risk-inform the
enforcement program, risk-inform the NMSS activities, risk-inform the
regulations for fuel cycle facilities.
DR. APOSTOLAKIS: That smells of a bottom-up approach and a
bottom-up approach is never really -- I mean, they can be -- that can be
your implementation, but your strategic thinking should be top-down.
That's my objection to that.
MR. BARRETT: Let's take the example of the oversight process, the
inspection, enforcement, and plant assessment process.
DR. APOSTOLAKIS: Yes.
MR. BARRETT: The agency made the decision to risk-inform that and
we are risk-informing it at a couple of different levels. But suppose
you came back two or three years from now and you took a look at it.
How would you evaluate whether or not you had sufficiently risk-informed
it, whether you had really gotten as far as you wanted to get?
For instance, we know that we're using -- we're trying to use
risk-informed indicators, we're trying to use a risk-informed inspection
process. Two or three years from now, when we look at the results of
this thing, will we be able to say whether or not it accomplished what
we set out to accomplish?
I'm not sure that we've written down enough today to make that
determination. I think that we'll be able to evaluate the program in a
year or two when we look back on it and make adjustments as we go along.
I don't think we're wandering in the desert here. But this kind of a
document would force you to start out by saying what your goal is and
how you're going to judge yourself.
MR. KING: You're saying let's start at the top. Let's look at
reactors and then everything under regulating reactors. Then let's look
at power reactors, non-power reactors, fuel cycle facilities, enrichment
facilities, radiographers, the whole --
DR. APOSTOLAKIS: And then within the power reactors --
MR. KING: Then there's regulations, there's reg guides.
DR. APOSTOLAKIS: -- I have oversight, I have enforcement, I have
other things, and I'm making a judgment now which one to attack first or
maybe a combination.
MR. KING: Or not to attack any of them.
DR. APOSTOLAKIS: Or not to attack any of them, yes. And maybe
that's what you meant, but it didn't come across.
MR. KING: That's what I meant. That's what I meant.
DR. APOSTOLAKIS: Activity, to me, is down here. If you call the
oversight program an activity, then --
MR. BARRETT: In risk-informing Part 50, we chose to go forward
with the scoping regulations and hold back with the option three and
study it more. We could have done just the opposite. We had reasons
for making that decision.
DR. APOSTOLAKIS: sure.
MR. BARRETT: And we laid those reasons out in 98-300.
DR. APOSTOLAKIS: Anyway, I think it's a matter of communication.
I'm pretty sure you've done this kind of thing. So these words I would
change, if I were you.
MR. KING: The idea is to start at that top, work your way down to
some level.
DR. APOSTOLAKIS: Make sure that people understand that, that's
all I'm saying.
MR. KING: But not get down to the level that these are these are
the words we're going to change in Part 50. You get down and say, hey,
we want to risk-inform Part 50 and that's where this document would
stop, and then the details of actually figuring out what pieces of Part
50 you want to change would be done through our normal operating plans
and other documents.
DR. APOSTOLAKIS: Yes. So we will see a first draft next
February, that's what you're saying here.
MR. KING: We hope to have an outline developed soon, in the next
couple of weeks. We're going to send it to the Commission. We owe the
Commission an outline.
DR. APOSTOLAKIS: So when are we going to see you again on this
subject?
MR. KING: We haven't really talked about that. The next February
date is when the next update of the PRA implementation plan is due and
our view was let's turn that PRA implementation plan into this higher
level strategy document, call it a risk-informed regulation
implementation plan, and take a first cut at that in February.
I think a lot of the reactor stuff you can fill in and you might
have placeholders in there for a lot of the NMSS stuff, but at least
with a placeholder, you'll know that, hey, I've got to look at that and
figure out what we want to do there. And don't organize it by office,
like it's currently organized. Organize it by reactors, non-power
reactors, however, whatever makes sense.
DR. APOSTOLAKIS: Why is the GAO interested only in risk-informed
and not risk-informed performance-based?
MR. KING: I can't answer that. I think performance-based is
clearly, to me, an implementation alternative. If you decide you want
to risk-inform a regulation, when you end up with this new thing looks
like, can you specify it some performance-based fashion. That's what
we're thinking about in the Part 50 work that we will hear about
tomorrow.
Anyway, certain elements we viewed as being part of this document.
One is how do you decide what you want to risk-inform, there needs to be
some criteria or set of guidance that you'd go through systematically
and the agency could decide these are the things that I want to
risk-inform.
It could deal with items like stakeholders that indicate a need
for change. You can clearly see removing an unnecessary burden if you
do this. It might improve the NRC's effectiveness and efficiency if you
do this. Would it improve public confidence?
We were trying to develop sort of the set of criteria that you
could then go through and test all the things we do against and make
some decision that, yes, that's a candidate to be risk-informed and then
if it's a candidate to be risk-informed, is it feasible to risk-inform
it. Are there methods, are there data available that you can actually
apply to risk-inform this stuff? Are the licensees in a condition to
actually be able to implement risk-informed regulation, some
radiographers, for example, if it would take some sophisticated
knowledge of PRAs to implement it, then it's not going to be practical
for them.
Costs, maybe it's feasible to implement it, but the costs are just
out of line. So those kinds of considerations. And that would be costs
to licensees, as well as costs to NRC.
So we're working on what are these factors and then at some point
we'd have to go and actually start applying those to what the agency
does and I view this sort of as an iterative process. We take a crack
at this document, first crack in February 2000, we'll have a lot of
holes in it, then we'll continue to look at other areas and start to
fill in the holes as time goes on.
Then once you decide --
DR. APOSTOLAKIS: How about if we change the words principles
there to maybe objectives or something like that? These things are not
really principles. Like the principle of conservation of momentum. I
think they are just objectives.
DR. KRESS: You could call them regulatory objectives.
DR. APOSTOLAKIS: Yes. Because that's what bothers me about
defense-in-depth, when it's called principle. It gives it a prestige
that it does not deserve.
MR. KING: Maybe it does deserve that prestige. All right.
DR. APOSTOLAKIS: There are only three or four great conservation
principles. Defense-in-depth is not one.
MR. KING: The conservation of defense-in-depth?
DR. KRESS: The principle of conservation of uncertainty.
DR. APOSTOLAKIS: It's energy mass, momentum, and difficulty,
that's all. The last one probably is unfamiliar to you, but it's a true
one.
MR. KING: All right. Once you would go through and select an
area that would make sense to risk-inform, then you've got to bring in
the concept of risk, and we've done that in reactors through the safety
goal policy, but there's a lot of places where we haven't brought that
in.
So the thought here was to lay out what are these high level -- I
call them principles, call them whatever you want -- but what are the
guidelines that need to be followed if you're going to actually
implement a risk-informed approach.
These are the kinds of things we talked about that high level
safety principles address.
DR. APOSTOLAKIS: In fact, you know we had a workshop recently
where we asked experts on these things. The first results are coming
out. Overwhelmingly, worker and public protection are up there, you
better make sure you protect the worker and public health and safety.
Then environment sometimes comes close, sometimes it doesn't.
Everything else is at the bottom, like political considerations,
economic and all that. But I found that surprising, because the
stakeholders that were present, a couple of them really were not nuclear
people and I thought those guys would elevate the political concerns or
other issues.
No, that's way at the bottom. So your first three -- well, two,
the way you have them, worker and public protection, environmental
protection, those are the ones that evidently the experts really care
about.
DR. SHACK: Well, those are really incommensurate sorts of things.
DR. APOSTOLAKIS: They're incommensurate and in the language of
decision analysis, the first two are fundamental objectives,
defense-in-depth is really a means objective. It's a means for
achieving a fundamental objective. So we are mixing objectives here.
But for the present purposes, it's fine. I'm just telling you
there were some interesting insights from that.
But I think the distinction between fundamental objectives and
means objectives is an important one, and we'll just put it in different
words, that they are not commensurate, because defense-in-depth
certainly is a way of making sure that you're protecting worker and
public health and safety.
Okay. We don't disagree with this.
MR. KING: Okay. And then the actual implementation phase, what
are you going to do to risk-inform that activity, would be going in and
identifying the regulation, the reg guide, the SRP, the inspection
program, what are the things that you're going to work on, and then what
do you need to develop to actually work on those things, is there
methods that have to be developed, data standards, guidance, training.
Not to get into the details of, like I said, what the new words
would be in the regulation, but just to identify those things and then
you can have a schedule and have a priority associated with it, and then
this could feed into your normal operating plans and budget process that
take place to make sure this work gets done.
So as Rich said, that in between document, between the strategic
plan and the actual operating plans that put people and dollars on
projects and help you to make those decisions as to what you're going to
do.
So that's how -- at least that's how I view it. That's what we're
talking about. I'd be glad to come back and discuss it with the
subcommittee at some future point, if you want.
DR. APOSTOLAKIS: I'm sure that is something that the members
would be very much interested in, because this is really a critical
activity.
MR. KING: And I think the reactor folks are way out ahead of
everybody else.
DR. APOSTOLAKIS: Sure.
MR. KING: The NMSS folks, when they heard about this idea, were
very interested in it, because they're sort of sitting there with a
whole slate of things in front of them that the Commission said go
risk-inform and they're struggling with what do we do. They're very
interested in getting this put in place so they can use it.
DR. APOSTOLAKIS: Well, when the joint subcommittee, the joint
ACNW/ACRS met with them, that was about the only recommendation, that
they should develop these objectives.
MR. KING: Maybe that's the joint committee we ought to come back,
not just with the reactor orientation, but get the --
DR. KRESS: The joint committee was only looking at NMSS
activities.
DR. APOSTOLAKIS: This is bigger.
MR. KING: Yes, this is bigger.
DR. APOSTOLAKIS: It should come to the ACRS.
MR. KING: All right.
DR. APOSTOLAKIS: Because the joint subcommittee letters have to
be approved by each committee separately. You're better off coming
here.
DR. KRESS: You'll never get a letter out.
MR. KING: Okay.
DR. APOSTOLAKIS: So this is it. So first of all, we are
interested and, as you know, we are willing to listen to half-baked or
quarter-baked ideas and offer suggestions. So whenever you feel you
have done enough and there is any question as to how to proceed, it
would be easy to schedule a subcommittee meeting, half a day, a day,
whatever it takes.
MR. KING: But clearly we ought to do it before February.
DR. APOSTOLAKIS: Yes, that's what I'm saying. I would rather do
that than receive a document and read it and then us --
MR. MARKLEY: I just wanted to ask a few questions. When we were
talking about fire, you had mentioned a subcommittee, and then when we
got into shutdown, you mentioned a subcommittee again. I guess the
October subcommittee, what did you have in mind?
MR. KING: I thought these were November subcommittees.
MR. MARKLEY: November?
MR. KING: Yes.
MR. BARTON: November.
MR. MARKLEY: Are you working through one of the other engineers
on that particular one? Because I'm not aware of it.
MR. KING: The lower power shutdown?
MS. DROUIN: I'm sorry. What was the question?
MR. KING: You scheduled the low power shutdown subcommittee
meeting for November?
MS. DROUIN: My understanding, it is scheduled.
MR. MARKLEY: For when?
MS. DROUIN: November.
MR. MARKLEY: When? I don't have a date. I have a general time
slot that we talked about many, many months ago, but we haven't worked
toward --
MS. DROUIN: Because I was contacted yesterday or two days ago by
Glen Tracy and he said it was on the agenda.
MR. MARKLEY: Okay. I'll follow up.
MR. BARTON: It's probably under future activities. But there is
a spot on here for -- and it's an open date. It's just open, it's date
to be determined.
MR. MARKLEY: We have a November for briefing the full committee
for the low power and shutdown risk insights report, but I don't know --
I'd have to look. That's another engineer, clearly. I'll check outside
the context of the meeting.
MS. DROUIN: Okay. Well, I'm confused. You're saying you do have
it on the agenda, November.
MR. KING: Full committee only, you mean.
MR. MARKLEY: Yes.
MR. KING: No subcommittee.
MR. MARKLEY: I'd have to check. I don't have a subcommittee list
with us.
DR. APOSTOLAKIS: Okay. Now, the plan here is that the two
gentlemen and the lady will not come back next week?
MR. MARKLEY: Right. All we have scheduled right now is the
subcommittee chairman's report for you to talk about what was discussed.
DR. APOSTOLAKIS: How long is that?
MR. MARKLEY: However long you want to make it, five, ten minutes.
DR. APOSTOLAKIS: How much time do we have in there?
MR. MARKLEY: Well, it's grouped with several others from 11:30 to
12:15 on the last day of the meeting.
DR. APOSTOLAKIS: So I would just summarize what was presented
today.
MR. MARKLEY: Yes.
DR. APOSTOLAKIS: Without using viewgraphs. All right.
MR. MARKLEY: So that the other half of the answer is that we're
not expecting a briefing at the full committee and we're not expecting
to prepare a report.
DR. APOSTOLAKIS: Do I also have to prepare a written document or
oral is good enough?
DR. KRESS: Oral is good enough.
DR. APOSTOLAKIS: I think it would be a good idea to give
everybody this at the meeting.
MR. MARKLEY: That could be the context of whatever it is.
DR. APOSTOLAKIS: And I can walk them --
MR. BARTON: You can hand that out and walk people through it.
DR. APOSTOLAKIS: I will walk them through it.
MR. BARTON: And that will take care of it.
DR. APOSTOLAKIS: That will take care of it. Sure. Do any of you
plan to be here in case of any questions?
MR. BARTON: Or in case George says something wrong.
MR. KING: We'd better be here.
MR. BARTON: When is it?
DR. BONACA: It's a Saturday.
MR. BARTON: It's a Saturday?
DR. APOSTOLAKIS: No, no.
DR. BONACA: No.
MR. MARKLEY: The actual subcommittee report is scheduled for
Saturday, so I'm not sure you want to be here, 11:30 to 12:15.
DR. APOSTOLAKIS: I have free reign then.
MR. BARTON: Read the transcript.
DR. APOSTOLAKIS: There will be no transcript.
MR. MARKLEY: No transcript on Saturday.
DR. APOSTOLAKIS: On Saturdays, there are no transcripts.
MS. DROUIN: Which Saturday?
MR. MARKLEY: October 2nd.
DR. APOSTOLAKIS: Next week.
DR. KRESS: Next Saturday.
MR. MARKLEY: Right.
DR. APOSTOLAKIS: What time?
MR. MARKLEY: 11:30 to 12:15. If, for some reason, it does get
moved up, because that's one of the items that can be moved around a
little bit, I'll give you a call and let you know. That's the best we
can do.
DR. APOSTOLAKIS: At 12:00 Saturday a meeting.
DR. UHRIG: Have you cleared that with Dana?
DR. APOSTOLAKIS: The Vice Chairman is elected separately. I have
the power of the people with me.
Anything else? No? Well, thank you very much. This was very
informative, as usual. See you next time.
MR. KING: We'll see you tomorrow. Thank you.
[Whereupon, at 3:43 p.m., the meeting was recessed, to reconvene
at 8:30 a.m., Friday, September 24, 1999.]
Page Last Reviewed/Updated Tuesday, July 12, 2016