Plant Operations and Reliability and Probabilistic Risk Assessment - April 28, 2000
UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS *** PLANT OPERATIONS AND RELIABILITY AND PROBABILISTIC RISK ASSESSMENT U.S. NRC TWFN 2B3 11545 Rockville Pike Rockville, MD Friday, April 28, 2000 The committee met, pursuant to notice, at 8:30 a.m. MEMBERS PRESENT: JACK SIEBER, Chairman, ACRS GEORGE APOSTOLAKIS, Chairman, ACRS JOHN BARTON, Member, ACRS MARIO BONACA, Member, ACRS THOMAS KRESS, Member, ACRS ROBERT SEALE, Member, ACRS WILLIAM SHACK, Member, ACRS ROBERT UHRIG, Member, ACRS. C O N T E N T S NUMBER PAGE 1 AGENDA 3 2 INTRODUCTORY STATEMENT BY THE CHAIRMAN OF THE SUBCOMMITTEES ON PLANT OPERATIONS AND ON RELIABILITY AND PRA 3 3 RISK-INFORMED TECHNICAL SPECIFICATIONS 8 4 BWR OWNERS' GROUP 63 5 RISK INFORMED TECHNICAL SPECIFICATIONS INITIATIVES 2 AND 3 63 6 RISK INFORMED TECHNICAL SPECIFICATIONS INITIATIVES 63 7 INDUSTRY INITIATIVES ON TECHNICAL SPECIFICATIONS 63 8 INITIATIVE 2 - MISSED SURVEILLANCES 66 9 INITIATIVE 3 - MODE CHANGE RESTRAINTS PRA PERSPECTIVE 100 10 ENGINEERING EVALUATION SONGS 126 . P R O C E E D I N G S [8:30 a.m.] CHAIRMAN SIEBER: The meeting will now come to order. This is a meeting of the ACRS Subcommittees on Plant Operation and on Reliability and Probabilistic Rick Assessment. I'm Jack Sieber, Vice-Chairman of the Subcommittee on Plant Operations. To my left is George Apostolakis, who is Chairman of the Subcommittee on Reliability and PRA. ACRS members in attendance are John Barton, Mario Bonaca, Thomas Kress, Robert Seale, William Shack, Robert Uhrig, and hopefully Graham Wallis. The purpose of this meeting is to discuss NRC staff and industry initiatives related to risk-informed technical specifications. The subcommittees will gather information, analyze relevant issues and facts, and formulate proposed positions and actions, as appropriate, for deliberation by the full committee. Michael T. Markley is the cognizant ACRS staff engineer for this meeting. The rules for participation in today's meeting have been announced as part of the notice of the meeting previously published in the Federal Register on April 5, 2000. A transcript of the meeting is being kept and will be made available as stated in the Federal Register notice. It is requested that speakers first identify themselves and speak with sufficient clarity and volume so that they may be readily heard. Also, we request that all speakers use the microphones, so that the court report can hear and understand them. We have receive no written comments or requests for time to make oral statements from members of the public. Reliability and Probabilistic Risk Assessment Subcommittee met on December 16, 1999, to discuss initiatives proposed by the Risk-Informed Technical Specification Task Force. Today, the subcommittees will discuss Initiative 2 on technical specifications of surveillance requirements, Initiative 3 on mode restraint flexibility, and plans for submittal and review of other Risk-Informed Technical Specification Task Force initiatives. Before we begin, I would like to ask Dr. Apostolakis to summarize the issues identified in the December 16th meeting. DR. APOSTOLAKIS: Thank you, Jack. As Jack mentioned, we met on December 16th, and we were presented with a very ambitious program for risk-informing technical specifications, consisting of seven initiatives, some that, in fact, have A's and B's, more than seven. There were many comments made by members in the meeting, as usual. A couple of the comments that seemed to be of relative importance are that the public participation in the process, public involvement and participation should be increased, especially after we had a statement read by me, statement from Public Citizen that they feel that they don't have adequate information to comment on these things in a timely manner. The subcommittee also requested or suggested that perhaps a vision statement for risk-informed technical specifications should be developed and a clear statement of the objectives of these initiatives should also be given. Then the perennial issue of how much to rely on quantitative analysis and how much on qualitative insights came up. We've faced this problem in the past in other situations, in other contexts, but I think we're going to see it again here. To what extent can one rely on expert panel deliberations and not try to quantify the impact of the proposed changes on CDF or maybe the cornerstones themselves? So, this will be an interesting issue to pursue, I think. And that pretty much covers it, I believe. There were other comments, but I'm sure we will see what the staff and the industry present today and maybe come back to those, and of course, the quality of the PRA is a perennial issue, you know, do we need a Cadillac or a Volkswagen? So, Jack, back to you. CHAIRMAN SIEBER: I'd like now to proceed with the NRC presentation and introduce Scott Newberry to introduce the speakers from the staff. MR. NEWBERRY: Thanks, Mr. Chairman. I'm Scott Newberry. I'm Deputy Director of the Division of Regulatory Improvement in NRR. There is am ambitious agenda as well as an ambitious program here, Mr. Chairman, so I'm not going to talk very long but just introduce staff at the table. A couple of comments, though. I was looking at our budget last night on regulatory improvements, and there's a long list of activities, where we are modifying the process, working to improve the process. We've been over here talking on FSAR, design basis, 50.59 reporting requirements, more and more on risk-informing Part 50 -- I expect that to increase -- license renewal process, license transfers, and on. Considerable resources in the Office of NRR are being devoted to improving the process. We are increasing the focus on this program that you're going to hear about today -- I wanted to make that point -- more resources and more leadership on the activity to risk-inform tech specs, because we believe it's important. A second point I wanted to make was, in the past month or so, I have heard a comment or been asked a question about our view on tech specs and, because something may be not as important as another, does -- you know, what is our expectation on tech specs? We expect requirements to be met. We expect surveillances to be performed as they're listed in the tech specs. We're going to be talking about tools today to inform the tech spec process so they could be changed, but our expectation from the NRC point of view is that requirements be met, and sometimes that gets a bit muddled, and I wanted to make that second point. And the last point is I hope we're responsive to the comments from the last meeting. You reminded me, Dr. Apostolakis, about the public participation point. After that meeting, we initiated a communication activity with that individual and it was very informative and made sure he had additional information, and we had a good chat with him on the phone. So, I hope we improved on that point. At the table from the staff are Bob Dennig and Jack Foster from the tech spec branch of the NRR division. They're the tech spec experts, and Bob will talk to you a little bit about technical specification philosophy, and Mark Reinhart, from the PRA branch, will talk about the tools used to inform the integrated decision-making process. So, without further ado, gentlemen. MR. DENNIG: I'm Bob Dennig, Section Chief in the tech spec branch. I wanted to give Biff Bradley, from NEI, an opportunity at this time to make an opening remark or introduce the support folks that we have here from the industry, if you'd like to do that, put him on the spot here. He just came in the door. MR. BRADLEY: This is a surprise move here. Sure, I'll be happy to. I'm Biff Bradley from NEI. I'm in the regulatory reform group at NEI. With us today, we have a representative from one of our lead plants, San Onofre, Dr. Parviz Moeni, and Rick Hill from the GE owners group is here, and also we have, sitting on the NRC side of the room, Don Hoffman, who is a consultant that's been very involved in all the industry tech spec activities. Thanks. MR. DENNIG: Now, on the staff side, we also have Millard Wohl here, who is one of the key reviewers involved in looking at these initiatives. Nick Saltos is also here. He's another key reviewer. We're pleased to be here to continue the dialogue that we began back in December with the Reliability and Probabilistic Risk Assessment Subcommittee, and as has been mentioned, at that time, we introduced the general scope of what the package that we're calling risk-informed tech specs consists of, how it dated back to some activities that began in July of 1998, the seven initiatives, and some overview about how they fit together. We received some very valuable feedback, as has been mentioned at that meeting, as to how we could better present our program and how we could better make our points, and we hope that this presentation is reflective of that feedback, and I guess we'll see when we get through it how well we've done. As part of acting on that feedback, my job this morning is to go a little bit into the background of technical specifications, their history, content, how they work, and where we are, and how they've evolved. So, we can look at the title slide for a moment and confirm that that's what we're talking about today, and then let me begin. Tech specs are explicitly required by the Atomic Energy Act and are a part of the license. They are derived from the safety analysis. They, thus, constitute that portion of the safety analysis that is a part of the license and can only be changed by amendment and, thus, through staff review. They have been characterized as, quote, "a central feature of the continuing relationship between the licensee and the Commission." Tech specs are a work in progress. The initial rule was in 1962. There were revisions in 1968 and 1995. Over that time period, we have worked with custom technical specifications, basically paragraphs and words that were derived in performing the safety analysis as you go through chapter by chapter and organize by those chapters. We then progressed, in the early '70s, to improved standard -- to standard technical specifications, following the structure laid down in the 1968 rule, rule change, and then in the '90s to improved standard technical specifications. Conversions to improved standard technical specifications have been ongoing since 1993 and are continuing. Forty conversions have been reviewed and approved or in process, 17 are planned, covering a total of 89 plants. Just as technical specifications are a work in progress, risk-informing technical specifications is a work in progress. It's not a new subject. For example, in 1975, ECCS completion times, as we now call them, often known as allowed outage times, were extended based on WASH-1400 insights. In 1983, the staff reviewed an extensive WCAP dealing with surveillance frequencies and out-of-service times that use reliability analysis techniques. In 1983, also, there was a task group that was put together to look at improvements that could be made to technical specifications. It issued a report entitled "Technical Specifications: Enhancing the Safety Impact." That report pointed at -- in a lot of the directions that are being followed through on the seven initiatives that we're talking about now, in particular using risk and risk insights to improve technical specifications. Most recently we have Reg. Guide 1.177, in 1998, and that provides a basic approach for risk-informing allowed outage times and surveillance test intervals. Thus, risk-informing tech specs is not a new subject, it is a work in progress, and we're here to discuss how we're continuing that progress. If I could have the next slide, please. By way of basic structure and to explain how tech specs work, I thought it would be easier to use a visual. The outer ring indicates the safety analysis, and the arrow indicates that we derive the specs from that safety analysis. Over time, a lot of the effort -- a lot of effort has gone into determining exactly how large that green ring should be, what is the scope of technical specifications. We're not particularly focused on talking about that scope issue today. Going inward, we see two categories of what tech specs should cover, specific characteristics, in quotes, and conditions for operation. In the current structure, we have some standard tech specs and continuing to improve standard tech specs. Per the 1968 rule, we have, under specific characteristics -- I parsed this out this way; I thought this was the best fit -- we have safety limits, limiting safety system settings, and design features. We also have what are called conditions for operation, and I have parsed into that area limiting conditions for operation, with their conditions, their completion times, and their action statements, surveillances, with their surveillance test intervals, and administrative issues. The purpose functionally for the conditions of operation is to make sure that the plant maintains those specific characteristics, those safety limits, those limiting safety system settings and design features. Interestingly, if you go back to the safety analysis, you'll find a lot of documentation and bases for things like safety limits and limiting safety system settings and so on. You'll not find much by way of analytical basis for things like surveillance test intervals, action statements, completion times, and so on and so forth. If I could have the next slide, please. For purposes of summary and to lead into the next phase of the discussion, I thought these three points captured the basic features of what tech specs are expected to do. They establish values of important parameters to preserve barriers, barriers to radiation release. They also establish a design basis equipment configuration or plant configuration that we expect to have in place. They also contain and require predetermined actions to restore that design basis when there is a degradation or to change the plant state so that the equipment that has been affected is no longer considered important or needed. I would emphasize the predetermined and prescripted aspect of that, and I would also emphasize that the way the tech specs have evolved from the safety analysis, arranged pretty much by chapter by chapter in the safety analysis, that they don't integrate across the plant and in managing the plant's state. If I could have the next slide, please. So, what we find today is that the tech specs, because of their evolution, where they come from, largely, do not manage risk of the overall plant configuration. They look system by system, LCO by LCO. Instrumentation has its own place. Support systems, plant system have their plant, electrical systems, ECCS, their own silos or bins. They don't manage risk in restoring the design basis configuration or changing the plant's state. By that, we mean that the way that specs were constructed was area by area, what's a reasonable time, given a random single failure, to either fix that single failure or begin shutting down the plant? Now, I don't know to what extent we've been able to carefully weigh the benefits of maneuvering the plant with that inoperable equipment or staying up a little bit longer and not maneuvering the plant. And finally, they don't take advantage of advances in risk and reliability analysis techniques to determine surveillance frequencies and completion times. If I could go to the next slide, please. I hope this is a crisp vision statement, and certainly continue to help us with this, but this was our -- again, our response to your feedback. We thought that this got where we were trying to go and said it succinctly enough, basically maintain or improve safety by risk-informing technical specifications requirements that govern operation, including incorporation of integrated decision-making to restore the design basis configuration when we have a degradation. The next slide, please. In summary, before I hand off to Mark Reinhart, what we're working on and what we're not -- we're leaving alone, in general, things like safety limits, limiting safety system settings, design features, and administrative controls. We're not risk-informing tech specs in the current scheme of things, not operating on those aspects of tech specs. Where we are operating is on the LCOs and the surveillance requirements, particularly in how best to restore the design basis using risk insights when there is a degradation from the expected configuration and providing flexibility as to what is done by way of surveillance test intervals and where those intervals and the specifics of surveillance might be located, whether inside tech specs or outside tech specs. Let me then turn -- DR. SEALE: Could I ask a question? MR. DENNIG: Sure. DR. SEALE: Back on one of your earlier slides, the one on standard technical specification issues, there is a bullet that indicates that you do not take advantage of advances in risk and reliability analysis techniques to determine surveillance frequencies and completion times. Do you mean -- are you implying that, in fact, there is a technology available that would allow you to do that, and I guess if the answer to that is yes, what specific input would you need in order to make that assessment, and to what extent does that input exist? Do you follow my question? MR. DENNIG: I think so. MR. REINHART: I think the answer is that's the whole point of what we're doing. We're working with the industry to do that, and the next part is really going to focus on the tool we're looking for and how we're looking for a licensee to use that tool to handle, really, the plant configuration, the flexibility of the configuration. DR. SEALE: Okay. CHAIRMAN SIEBER: Just to follow on to Dr. Seale's question, should you not have the tools available first to perform the analysis, rather than take steps to change technical specifications, for example, to lengthen the allowed time for missed surveillance or mode changes or how fast one has to go to hot shutdown or cold shutdown or what have you? Shouldn't those analytical tools be available and used? MR. REINHART: Yes, they should, and to the extent that a given licensee has those tools, that's the limit or the extent that will allow the flexibility, or if there's some generic insights that we can get from a spectrum of tools, we've tried to use those, also, but certainly we've had to have tools to precede decisions. CHAIRMAN SIEBER: Okay. That includes some kind of shutdown and transient PRA technology, shutdown risk assessment. MR. REINHART: Bob kept talking about a work in progress. There are some plants that have those, others do not, and again, depending on what insights we can get from the general spectrum, we can use those, but on a given plant by plant, if they have a very specific situation, we would look for them to have the tool to accommodate it. CHAIRMAN SIEBER: And the staff does not have those tools that they could apply independently of the licensing? MR. REINHART: We have some tools, like we're developing what's called a SPAR3 model. That's not plant-specific. We're trying to make it as plant-specific as we can, but to some extent we can use that. But in this application, I think we really need to have the licensee having a quality tool to really apply there. CHAIRMAN SIEBER: So, that will be prerequisite to granting any risk-informed tech spec that's different from the standard tech specs that is -- that everybody has right now. MR. REINHART: Yes, it is. MR. DENNIG: The general approach is that, if you want to do this, you have to have this. CHAIRMAN SIEBER: Okay. Thank you very much. DR. APOSTOLAKIS: Shall we go to 5, the next one? I'd like to understand it a little better. Would you elaborate on that a little bit, what that means? MR. DENNIG: That harkens back to the issue of placing in tech specs a -- in the place of prescripted or predetermined actions that one is to take based on some notion of the set of plant states that we'll encounter, one puts in place an approach where you look at the plant state, the actual plant state that you have, and you make a decision as to where you go next based on that state and based on your level of risk information that tells you what's my best move given where I am, instead of following a script. So, I think that's basically what we're trying to say. CHAIRMAN SIEBER: I guess one final question. Back in the days when I worked in power plants, in licensing, and we needed or wanted a tech spec change, we would hunt for some other plant that was granted a tech spec change like the one we wanted, and we would submit ours and say this is okay because plant XYZ has it. Now, with regard to the tools that you said were a prerequisite to risk-informing tech specs, once one licensee develops the tools and you grant them a tech spec and 50 other licensees get on the bandwagon and say I want one just like that, you already have a precedent. MR. REINHART: We're going to need to look at how that particular licensee qualifies with what was set in the precedent. If he has the appropriate tools, if the analysis performed fits his design, if all those things line up, we have a way to go, but we still have to review it on a plant-specific basis for his application. CHAIRMAN SIEBER: So, your expectation is that each licensee should possess the tools to demonstrate that the risk information used to develop that licensee's tech specs is valid for that plant. MR. REINHART: Sure. DR. BARTON: I think you almost need that, Jack. CHAIRMAN SIEBER: Yeah, I know you do, but you know and I know that -- how the tech spec business has worked in the past, right? DR. BARTON: Is it prerequisite to play in this risk-informed tech spec arena that you have a standard tech spec? MR. DENNIG: No, it's not, but it certainly makes it a lot easier. Along with adopting the precedent notion, you certainly get a lot more mileage out of something that's been formulated in terms of the standard -- improved standard tech spec than if you're trying to do something with a custom spec. DR. BARTON: Okay. MR. DENNIG: And then, with a custom spec, you know, you have to make sure that there aren't other things out there that were coordinated in improved standard tech specs that aren't coordinated in the custom spec that were assumed to be there. DR. BARTON: Right. MR. DENNIG: And so, it gets more complicated and it gets more expensive, but you know, you don't have to. DR. BARTON: Increases the burden. MR. DENNIG: Yes, sir. MR. REINHART: I think I'll stand up, if it's okay with you all. CHAIRMAN SIEBER: You have the little mike. MR. REINHART: I have it. Can you hear me? CHAIRMAN SIEBER: Yes. DR. SEALE: He can keep moving. It's much harder to hit him. MR. REINHART: Right. There you go. In, really, answer to some of the questions you've asked and in follow-on to Bob's comment of the tools to support the vision, to support the flexibility in the configuration control of the plant, we are looking for a quality tool, and really, the thought is, to the extent that a given licensee has the necessary quality in his PSA, it's to that extent that we'll grant the additional flexibility. Now, if you want to say, the entire vision will be supported by a PSA that was a Level 1/Level 2, internal/external events like fire, flood, seismic, we would be looking for an operations, a shutdown, and a transient model. Some licensees have that; not all do. DR. APOSTOLAKIS: Do any licensees have a PRA for transition mode? MR. REINHART: It's my understanding that -- I believe San Onofre does. MR. MOENI: This is Parviz Moeni. To answer the question, George, yes. I think a couple of years ago, CEOG developed transition risk models. It's in a technical report by CEOG, and we have adopted that model. DR. APOSTOLAKIS: Can I have a copy of that? MR. MOENI: I don't know if you have a copy, but I can definitely find a copy for you, but I know, if you do have a copy, this is by CEOG. DR. APOSTOLAKIS: Yeah, would you please send a copy to Mr. Markley? MR. MOENI: Sure. Absolutely. DR. APOSTOLAKIS: Thank you. MR. REINHART: And it's also my understanding that the CEOG is taking their transition model and their shut-down model and providing a template for other plants that could adopt that. MR. MOENI: Yes. MR. REINHART: Okay. So, we see some plants have this, with the provision to share that information so that others can use it. Longer-term, if you will, and maybe beyond the tech spec piece we're talking about, is a Level 3 PSA, and my branch is looking at that as an additional long-term goal. But one of the things we want to say about this PSA -- we're looking for a standard. It will be some standard that the staff and the industry agreed on. We're looking for a PSA that's living, that's maintained, consistent with the contemporary plant, and again, the higher the quality, the increased the flexibility that a licensee would be granted. Could I go to the next one, please? CHAIRMAN SIEBER: Before you remove that -- MR. REINHART: Sure. CHAIRMAN SIEBER: Items that are on this slide are very important to me, and I would consider this set of attributes for a licensee as almost a minimum set for risk-informing tech specs. DR. UHRIG: But right now, there aren't many plants that would meet those requirements, are there? MR. REINHART: There are not many that meet them all. There are more that meet a good number of them. Probably almost everybody meets some of them. So, there's certain pieces that we could grant based on the quality PSA that particular plant has, but it kind of gets back to the quality that was asked earlier. If one plant says, oh, well, this plant got it, why can't I have it, what does that plant have in its PSA and what does this plant have in its PSA? What's the quality, what is the pedigree of the review, how do we have the confidence? DR. BONACA: But you're going to require this -- let me call them characteristics, because you need them to support the evaluation, not just because you make it a requirement, a pre-condition, right? The reason why I'm asking the question is that, if I go back to your initial slide, where you translate your safety analysis into the tech specs, you're not changing anything about the safety analysis, you're not changing anything about your setting, you're not changing anything about anything except you're allowing surveillances and LCOs to be changed, and I would expect that, for many of them, you don't need a Level 3. MR. REINHART: Yes, absolutely. DR. BONACA: So, I'm saying that you're not prescribing -- go ahead. MR. REINHART: We're really dealing in this yellow sphere now. DR. BONACA: And it makes sense. MR. REINHART: Yes. DR. APOSTOLAKIS: So, under what circumstances would you need a Level 3 PSA? MR. REINHART: I threw that up there to say that's a goal my branch has. There are some areas, particularly doses, off-site doses, control room doses, that we're looking at in that area, may not impact what we're doing in tech specs. CHAIRMAN SIEBER: You can continue now. MR. REINHART: Okay. The next slide, please? A licensee would take the tool they have, that we have approved, that is compatible with whatever relaxation they have, but Reg. Guide 1.174 really gives five key things that they have to do, that we're looking for, and I'll point out what Scott Newberry said at the beginning. We expect licensees to meet their technical specifications. So, we're looking at them to comply with regulations, to maintain a defense in depth, to maintain safety margins. The flexibility Reg. Guide 1.174, along with 1.177, gives is we're looking for changes that would be risk-decreased, risk-neutral, or a small increase. When we talk about a small increase, we get into some charts and graphs that the reg. guides have. Ideally, a licensee could make a case that, given this configuration, to go here, the safest path is X, Y, or Z, and he could maintain himself risk-neutral or a decrease in risk from where he is to where he's trying to go. So, that's the type of thinking we're looking for, and while that might be on an immediate timeframe, we're also looking for a long-term type of feature that would monitor subsequent performance for that licensee and something we could tell about the industry in general. So, if we go to the next slide, please, we're looking for an integrated, risk-informed technical specifications that we can make progress, a lot of progress within the rule we have today, 10 CFR 50.36. Likely we'll identify some improvements as we go along, but we feel we can make a lot of progress with the rule we have, and again, what we're looking for, given the situation the licensee is in to where he wants to go, restore the design basis, restore the LCO, we're looking for a path that has an integrated acceptably low-risk locus. He would compare, depending upon what he has in his PSA and what flexibility he's granted, the at-power risk, the transition risk, the mode-specific risk, depending upon where the tech specs could possibly be driving him, balance those three pieces, incorporate compensatory actions, and here's where we're taking insights, and when we're talking about insights, we're saying what do we see by looking into the PSA, what did the cut-set analysis tell us, what are the boundary conditions, what are the assumptions, what have we said we have to do to get to this result, use those insights to develop a success path of least risk or most risk-reducing path, and at the same time maybe identify some potholes along the way, if you will, areas of high risk to avoid, and a licensee that can be doing that, we feel, will -- while he'll have flexibility, we have a confidence of really reduced risk. If we go to the next slide, what we're expecting a licensee to do, they have the tool, now they have a program to use that tool, a formal process that would evaluate the configuration and make some risk-informed decisions, some criteria level, maybe a criteria level that would say this is an appropriate level of risk for this configuration we're intending to go into or that we are into, maybe somewhat higher level they would start to dig a little deeper to get some of those insights, maybe at some point they bring in an expert panel, maybe at some other point they bring in higher-level management for decision. So, they have some sort of hierarchy that tells them what they have to do given the configuration, helps them derive those compensatory measures that we've talked about before. CHAIRMAN SIEBER: How extensive do you believe that expert panels will be used in lieu of analysis? MR. REINHART: I don't think that they would be used in lieu of, like in ignorance of analysis. I would think those expert panels would have the knowledge of that analysis, along with their other expert thoughts, to merge those or integrate together to come up with a proper decision. CHAIRMAN SIEBER: See, I asked that question because I think that the tech specs, to be risk-informed, ought to be based on analysis rather than the opinion of expert panels, and so, to me, the preponderance of the quantitative information that goes into formulating a risk-informed tech spec ought to come from analysis, as opposed to the qualitative kinds of things that expert panels would give you. MR. REINHART: But would the panel take that qualitative part and maybe have to think a little bit about really what that means to them, given the situation they're in? CHAIRMAN SIEBER: I think that the value of an expert panel is to look at the quantitative analytical results and say does this really make sense for this plant, and that's how I feel they should be used, as opposed to being part and parcel of coming up with did the risk increase or did it go down? DR. BONACA: Are you saying that the tech specs may include some provisions for having decisions made ad hoc based on an expert panel analysis? MR. REINHART: No. I'm saying a licensee has a program, and again, the work in progress -- we're looking at what some licensees have done, and some have some criteria set up, and depending on what the change in risk is for the configuration, they get more and more individuals involved. They have some predetermined configurations they can go to, they have some levels that are normal, but as things get more complicated, they want to get more minds on the problem to start to put the pieces together, and at some level, they'll have a panel set up that they bring to bear. At other levels, they say we're not going to do this work unless we have some compelling reason, but that compelling reason has to go to a higher level of management to say, yeah, this is really compelling. That's what I'm trying to get at, a flexible responsible licensee program that puts this all together. CHAIRMAN SIEBER: Yeah, but that program will have to be carefully crafted, because you know, you're dealing with not just one licensee but all of the licensees, and there are some that are vastly superior to the minimum standard for safety, and there are some that are sort of marginal, perhaps, at least hypothetically that way, and so, whatever you do and whatever you craft has to be sufficiently strong so that everybody fully understands what the expectations are. MR. REINHART: Excellent comment. I appreciate that. DR. BONACA: Let me go back to the comment I made. I was thinking of one of the examples that were provided to us. It was 358, I believe, the 358 example of missed surveillance. There is a philosophy being proposed there, it seems to me, although it's not as presently proposed, that says, if I miss a surveillance, I can go all the way to the next interval, but I can make a decision in between, and that may be a long time, what is the optimal time to do the surveillance again. That implies a decision-making process that includes some elements of that. MR. REINHART: Yes. DR. BONACA: There is already a seed being planted there of that kind of process, and that's the reason why I ask that, because you know, to some degree, you would be confronted with some proposals that will take you in that direction. MR. REINHART: Here is how I am hearing that, as industry proposes it. They have a surveillance. We expect them to perform the surveillances when scheduled, and we expect them to have a program to do that, but in the unusual -- and we expect it to be unusual circumstance that they've missed one and they've started up but it would, say, require a mode change to go back and perform that surveillance, the licensee now has to tell us. Okay. Let's say the licensee has performed this surveillance over the past X years and it's always been successful. So, their data shows a high reliability of that system. They can go in and either do part of the surveillance or, through other means, come close to giving themselves confidence that they have met the surveillance but either there's a piece they can't complete or they can't complete it to the full. With that level of confidence, given that usually this surveillance just verifies that, yeah, it's okay, the general thinking is the risk incurred by taking the plant through a transient to perform the surveillance and back up again outweighs the risk of continuing with that particular issue. CHAIRMAN SIEBER: So, for a 19-month surveillance interval, could be another whole cycle before the surveillance is completed. MR. REINHART: It could be. Part of their proposal, I think, is that, however, if they come upon an opportunity to do it in that period of time, they should do it at that first opportunity. DR. BONACA: That's why I'm saying if you go from a prescriptive approach to the tech specs to one in which you have an ongoing management process within that span of 18 months or 24 months, that's a fundamental change in the philosophy. MR. REINHART: Yes, definitely. DR. BONACA: You have to think about how you're going to handle that. MR. REINHART: Definitely. CHAIRMAN SIEBER: Now, how would the NRC know, because the surveillances won't be reportable, right? So, you wouldn't know what that situation is other than the resident inspector paying attention to what's going on at the daily meetings and looking in the corrective action program. Is that correct? MR. REINHART: It's the resident -- the resident is the one that we would be relying on to have that information, primarily. CHAIRMAN SIEBER: So, that's a pretty healthy transfer of trust from the days that I recall when, if you missed a surveillance, it was a Level 4 right then, and that went into an NRC tracking system, and if you missed it and you had to shut down and get it, you shut down to get it. That's quite a departure. MR. DENNIG: Yes, it is a change, and I think we'll get more into these kinds of issues as we talk about Initiative 2 later in the morning. CHAIRMAN SIEBER: You may want to think about -- and I'd sort of like to know about how you would enforce a situation where surveillances were being missed on a more routine basis. If you don't watch the baby, the baby will do lots of things. MR. DENNIG: Again, to jump ahead to the discussion we'll have on Initiative 2, we have spoken with the oversight people, in the oversight program. It's our understanding that there is a track for repetitive occurrences of things like a missed surveillance, so that that will be noticed, identified, and treated in the oversight arena. Those repetitive instances, in and of themselves, regardless of their individual significance, will be treated as a -- hey, this is a pattern of behavior, which goes back to our expectation that requirements will be met and the premise underlying Initiative 2 that these are rare and unusual circumstances. If that changes, then this doesn't work. If that situation changes, then this doesn't work. CHAIRMAN SIEBER: And so, how would you figure out where the threshold was? Are you going to have a performance indicator? What's good enough? Only miss one or two a year or 10 a year? See, I don't know. MR. REINHART: This last item here really gets to the performance indicator. There's two things, the reactor oversight program that Bob addressed, and we're looking for some sort of a -- some of this part is going to be for the immediate situation, we'd have or expect some performance indicator that would show us, over a period of time, that licensee -- maybe its accumulated incremental core damage probability over a year, over a cycle, there's a certain goal or a certain expectation. If that licensee is accumulating more than expected, his program needs to direct him to go back and figure out what's wrong with his program and fix it, so that he's not incurring that accumulated core damage probability. CHAIRMAN SIEBER: Okay. Thank you. Will you have the tool to evaluate how the long-term core damage probability changes with regard to licensee behavior as far as missed surveillances or other operations problems? Are you going to know or you're just going to say, well, I think it is? MR. REINHART: I think we're a bit in the work in progress here on that aspect. We would have to look at what his program does for us. We'd have to look at what the reactor oversight program does for us. CHAIRMAN SIEBER: Well, there's two ways you can go. One is to say -- which is sort of the new oversight process -- well, from a risk standpoint, it's not significant, or the other way is you can say we expect you to obey your tech specs, obey all the rules and your license conditions, and so, go to it or we are going to clamp down. There's two ways. MR. REINHART: I understand. CHAIRMAN SIEBER: Okay. MR. REINHART: If I could go to the next -- DR. KRESS: Before we leave it, could you go back to this concept of accumulated core damage probability and explain it to me a little bit? I'm not sure I know what an accumulated probability is. MR. REINHART: Okay. A licensee has a configuration, say a baseline configuration, or it might be his no-maintenance configuration, would be the base, but something changes in the plant, whether it's a change in configuration or an unknown, like a missed surveillance, there would be some level of calculated core damage frequency change that, integrated over time -- DR. KRESS: You're going to integrate that over time. MR. REINHART: -- would give you the incurred conditional core damage probability for that situation, and so, you take that and you put that in the hopper. DR. KRESS: George, you're a PRA guy. Does that integration have any meaning at all? DR. APOSTOLAKIS: Integrating the frequency of core damage given those circumstances over time, right, for the duration of the situation. MR. REINHART: Right. DR. APOSTOLAKIS: Yeah. DR. KRESS: This is time past, not time in future. DR. APOSTOLAKIS: It's time past? MR. REINHART: Well, over a year, you would add up the core damage probability that was accumulated during the various situations. DR. KRESS: It's time past, George. DR. APOSTOLAKIS: To do what? After you add them up, what do you do with it? You will have a limit? DR. SHACK: It would tell you whether you needed to improve your program or not. MR. REINHART: Right. DR. SHACK: You couldn't put a limit on things that already happened, but it would tell you that your program needed improvement if, in fact, the number was going up. DR. KRESS: It's a performance indicator of sorts. DR. APOSTOLAKIS: Yeah. DR. KRESS: Okay. It could have meaning in that sense. DR. APOSTOLAKIS: Yeah, in that sense it's meaningful, yeah. DR. KRESS: Okay. MR. REINHART: We have a comment from the audience here. Please come to the microphone and tell us again who you are, please. MR. MOENI: Yes. Parviz Moeni. I think George answered the question correctly, but let me explain what we have. We have a number of key performance indicators. One of them is -- we call it safety performance indicators, and this is basically the cumulative core damage probability over one year. So, what that means, the management, with the help of the PRA group, of course, has set up a value for the plant risk, which is CDP, and we monitor this. This is basically monitored daily, and we're making sure, at the end of the year, this goal has not been exceeded, and how do we do this, basically the plant people who operate the plant and maintain the plant, the SDAs and the maintenance people at some level -- they have the safety monitor. So, they always track this thing, the plant risk, to make sure that we don't exceed, basically, that level that the management has set, and this performance indicator also tied up to the bonus for the people, so basically to make sure that this performance goal would be met. DR. APOSTOLAKIS: So, the performance level, then, is on the CDP. MR. MOENI: On the CDP. DR. APOSTOLAKIS: Not the CDF. MR. MOENI: No. It's accumulative over the year. MR. REINHART: The CDF integrated over time. MR. MOENI: Sure. DR. APOSTOLAKIS: You don't have, then, any other requirement regarding the spikes? It's just a total integrated over time? MR. MOENI: Sure, but you don't want to basically -- DR. APOSTOLAKIS: You do or you don't? MR. MOENI: No. The thing is that you cannot have even -- you cannot have spikes either, but the overall goal is still the CDP. So, you may -- again, the thing is not to have spikes, but if you have spikes for a very short period of time -- I will give you an example for shut-down events. Mid-loop is a very risky situation, but the timing interval for mid-loop operation is very low. We are talking about maybe a day or sometimes less than a day. So, the cumulative probability, again, for that specific plant operation makes the CDP low. But forgetting a mid-loop, you don't want to have a spike. DR. BONACA: You do a line maintenance. MR. MOENI: Yes. DR. BONACA: And that will give you spikes. MR. MOENI: Yes, absolutely, but again, you keep track of the timing and the CDF to make sure that the goal, which is CDP, would not be exceeded. DR. BONACA: I understand. MR. REINHART: Is it true that you would look at the spikes for the immediate situation but the accumulated CDP for program evaluation over the year? MR. MOENI: Over the year, yes, annual. CHAIRMAN SIEBER: The issue is the chronic mis-administration of a program that you're concerned about for these issues. MR. REINHART: Yes. DR. APOSTOLAKIS: So, this is a management tool, and basically, you cannot really prescribe what the management should do given a particular profile, but presumably, if they see something very unusual, they would catch it. MR. MOENI: Yes. Every week -- I think now it's monthly, it used to be weekly -- you have a management meeting in the morning. So, somebody from the PRA group goes there and represents the core damage frequency over the month or the week. Now it's monthly. It's monthly. So, it shows the plant CDF for every day, and if there are spikes for some reason, especially if it goes over the baseline CDF, then they have to explain -- the PRA group has to explain what happened there and what was the reason that you had a spike there, this is because the diesel generator was under maintenance or something was taken out, whatever the reason was. So, the management is always aware of things that are done to the plant that makes the CDF go up and down. CHAIRMAN SIEBER: We're running a little late right now. MR. REINHART: I have one -- just one illustration I would like to use in conclusion to try to put the risk we're concerned with into three different time periods. I'd like to use an illustration of just crossing the street. If you think about it, there is before you cross, while you're crossing, and after you've crossed. As you come up to an intersection, obviously there was some design, somebody decided to put a light, a signal there, but you look, you look at the condition, the weather, the traffic, you make a decision. You start to cross the street. As you're crossing, you have to be aware of what's going on now. It might have been great when you started, but what if a car comes through a light? What if you have a child by the hand? You have to be ready to address those situations as they come. When you get to the other side of the street, you're safe now, you might say, hey, that was a close call, I need to think about this a little more. In the same sense, we are applying risk before we go into a configuration; we analyze, we calculate what's going to change, what's the change in our core damage frequency as we go in, how long do we plan to be there, do we have the tools, the people, the procedures lined up. We make that decision. Once we start the actual work or we're in the configuration and something changes, we have to be ready to take compensatory action right now in a fluid dynamic sense to handle that situation, but once we're through it, we're not going to forget it. We either had a good experience, a not-so-good experience, a horrible experience, but we want to take that and accumulate it over some period of time, whether it's a month, a year, a cycle, and go back and evaluate. DR. APOSTOLAKIS: It's like crossing the Rockville Pike, right? MR. REINHART: Right. There you go, exactly. DR. APOSTOLAKIS: The key is you remember. MR. REINHART: That's what we're looking for a licensee to do. I say the as-good-as-new principle. If you think of crossing a street, you're in the crosswalk, and you're 90-percent there, and it dawns upon you, you know what, this was a mistake, this was a dumb idea, are you going to go back? No. Hop up on that curb, the other 10 percent. And so, what we're trying to do is say maybe we've had some on-line maintenance, maybe we've stayed at power. Once we're at that 11th hour and we decide we really didn't quite evaluate that right, don't shut down now, finish it, get back in a stable configuration, do the risk-safe thing to do, the risk-informed safest thing to do, and evaluate it for next time. Thank you. CHAIRMAN SIEBER: Thank you very much. Mr. Bradley? MR. BRADLEY: Good morning. I am Biff Bradley of NEI, and with me at the table is Rick Hill of GE and the BWR owners group. We did have a number of last-minute crises trying to get industry support for this presentation. So, Don Hoffman will be supporting the second part of the presentation on the individual initiatives, and also, I didn't mention earlier, but Ray Schneider from CE and the CE owners group is here, as well, as part of the industry presentation, and he will also be involved in the initiatives presentation. I wanted to spend a few minutes and just talk bout -- I think NRC gave a version of their vision in the last presentation, of where we can ultimately go with tech specs, and I'd like to give industry's version of that vision, which I don't think is that fundamentally different, and also offer that we've already done much of the ground work for accomplishing that in the work we've put into the maintenance rule over the last couple of years. As you know, tech specs has a number of functions, but one of the predominant functions and the one that we really discuss in terms of risk-informing tech specs, making improvements, is plant configuration control, and there has been a long evolution of configuration control requirements over the years, starting with the custom tech specs, standard tech specs, NUMARC 91-06 which is shut-down configuration management guidance which was issued about -- nearly 10 years ago now, and then we have had the ITS approved standard tech specs that are still a work in progress and continually evolving. There are actually hundreds of proposed changes in the pipeline to those, and over the last couple of years, we have had some success with risk-informed line item improvements. Those are AOT extensions and other types of improvements on a plant-specific basis, and then the most significantly, I think, later this year, fall of this year, final rule-making to the maintenance rule will be implemented, 50.65(a)(4), which establishes a regulatory requirement to assess and manage risk resulting from maintenance activities, which essentially incur just about all of the equipment unavailabilities that we deal with in tech spec space. I might also mention that we spent the better part of last year working with the NRC staff to develop regulatory guidance to implement 50.65(a)(4). That will be issued in the form, I believe, as Reg. Guide 1.182, soon to be a final reg. guide that will endorse the industry guidance without exception. There is a significant opportunity before the industry now to begin work to comport tech specs and the new (a)(4) requirement. When I say it presents a conflict with existing tech specs, I'll talk a little more about what I mean by that. The industry's goal, then, is to effect regulatory changes that can make tech specs and (a)(4) complementary. That doesn't necessarily mean that there would be no tech spec or that the -- there may be ways to pragmatically address the scope of the -- and content of the existing tech specs to make it compatible with (a)(4), and I'll talk a little more about what we think are ways we can do that. We have identified this to the Commission. We had a Commission briefing a couple of weeks ago. This is a major industry priority for risk-informed regulation, and we want to proceed on a parallel path with the Option 2 and 3 activities and really make this -- break this out as a separate activity, because we do think there is a fairly near-term benefit to be had. I mentioned the (a)(4) requirement is to assess and manage risk resulting from maintenance activities. Another change to the maintenance rule makes it explicitly applicable to on-line and shut-down configuration management. That's another change that was made to the rule. In reality, the (a)(4) approach, which is a risk-informed approach, is much better at addressing the multiple component outages the tech specs endeavor to address. The scope and process of (a)(4) are risk-informed. You're looking at a larger scope of components in the plant in terms of determining the risk impact and what you're taking out of service in relation to what's already out of service or what will be coming out of service. Scope and process of tech specs are deterministic; that is, you're basically limited to the scope of components that contribute to the design basis accident mitigation, and the process is basically there trying to ensure that you can meet your design basis. It's not really looking at other risk impacts that may result from your configuration control. CHAIRMAN SIEBER: So, are you suggesting you would expand the tech specs and generalize them to include more components as risk significant? MR. BRADLEY: I'll talk about that. As you know, 50.36, which is the tech spec rule, already -- Criteria 4 of that rule already allows that the tech specs can include in their scope the existing tech specs, SSCs that are risk significant, even though they don't contribute to the design basis, but generally, I think most of the tech specs that are out there -- you don't see a lot of that right now. But let me try to get to that question. The (a)(4) guidance -- some of this is pertinent to what we discussed this morning. It does address both the risk spike, the temporary increase in the CDF or the LERF, as well as the aggregate impact, and the overall objective of (a)(4) which we articulate in the guidance is to manage the risk so that, in incurring on-line maintenance and equipment unavailabilities, you're not changing your baseline risk; that is, from year one to year two, there shouldn't be a significant or greater than insignificant delta in the risk of the plant. What we get into is that we're essentially, in terms of configuration control, once (a)(4) becomes effective later this year, essentially there is a dual regulatory regime that will be in place, because you'll have to meet the tech specs as well as (a)(4). The staff included in Reg. Guide 1.182 an explicit allowance that you still must meet tech specs, which is probably a good idea, because there may be some confusion once we have these two things in place, but it's not unlikely that you will get into situations where your tech spec AOT may -- it might be seven days, but when you do an (a)(4) evaluation, looking at the other things you have out of service, that tech specs may not even be covering, you will find that, you know, a three-day AOT is really a more risk-appropriate thing to be doing, and of course, you could have the other way around, too, where you may have a short AOT in tech specs, but if you look at the (a)(4) evaluation, you would be allowed a very -- a longer AOT. So, there will be many situations, once this rule comes into place, where you're going to be limited, basically, to the more conservative of the two. 50.65(a)(4) doesn't address all the component of tech specs, but it does address some of the major issues relative to configuration control; that is, AOTs, mode changes, and end states. The PRA subcommittees already looked at the (a)(4) guidance, and you're familiar with it, but it does require risk management actions as a function of the result of your assessment, and those can -- and it also treats emergent conditions, which can include mode changes, new equipment going out of service. It also can really get at end states, because the risk management actions may include mode changes to take you to a safer configuration, and again, that end state might be different from what tech specs would tell you to go to. So, really, all these things are what constitute the action requirements of tech specs. There are also a number of things in tech specs that aren't addressed -- safety systems, limiting safety system settings, even surveillances are really not addressed by (a)(4) other than the fact that, if you take something out of service for surveillance, that's another way to incur unavailability, and there are other aspects of tech specs, as well. You have the administrative aspects, power flow maps, various other things that probably wouldn't change. CHAIRMAN SIEBER: Are you expecting that, since (a)(4) -- with an (a)(4) evaluation, you can come up with a risk number that is -- it's dependent on the outage time, but it could be longer or shorter than the tech spec allowed outage time. Do you anticipate a risk-informed tech spec to recognize a new configuration and extend the outage time as a number or to have one written in such a way that you can do anything you want, depending on whatever the (a)(4) evaluation comes out to be? MR. BRADLEY: I think that it would be more the former. I think the (a)(4) evaluation is -- and the rule requirement is assessment and management of risk, and it's fairly flexible in the actions you can take. The tech specs are much more specific, prescriptive, and say, you know, you will shut down the plant under certain situations, and when I -- our goal would be to take both those elements and put them together, and I think it would require more specificity in terms of the risk management actions. I'm not suggesting that we could take the existing (a)(4) guidance and replace tech specs. It would be a combination of the two. I'll give you an example of how it might work. This is just one way it -- there are many ways this could work. One way it could work is that you could take your annual unavailability targets for components and make that a back-stop on an annual basis, and then you could take the existing tech spec AOT, make that a front stop, and as long as you're within -- between those two values over the course of a year and you're managing your risk around the baseline through that -- that's just one way you could do it. But basically, it would involve taking elements of the existing tech specs and (a)(4) and bringing them together. You know, the more radical ways you could do it would basically be just to manage, you know, using a safety monitor approach, just manage such that -- to a certain CDF, but I'm not -- I think that's a fairly large step, and we're looking more for a pragmatic kind of evolutionary step here. CHAIRMAN SIEBER: Well, I'm thinking in terms of an operator, having been one. MR. BRADLEY: Yes. CHAIRMAN SIEBER: And operator is happiest when he lives in a box and somebody shows him where the edges are and he says to himself and to his crew this is where we have to be and these are the things we have to do, as opposed to getting into this fuzzy boundary kind of thing that says, well, I'm going to take this analyst who, by the way, might be off-site or at least outside the fence and not there in the middle of the night, and he'll tell me how much fuzz I have to maneuver around in. I'd be uncomfortable with that. MR. BRADLEY: I agree with you. The fundamental purpose of tech specs up to now has been an operator tool, and you know, I think there are ways to address that rule. You're right, and ultimately, the procedures and the instructions the operators use, I think, can still be developed to do what you say, to have, you know, the black line, but you can still make the tech specs, which is part of your license, more flexible to back that up. That is something that would have to be considered. Clearly, you can't just have a tech spec that says, you know, take some risk -- you know, it leaves the operator having to determine what that action is. The operator's burden is big enough already. CHAIRMAN SIEBER: Even outside the operator's hands, in the upper levels of management, I think that moving toward a sort of a sliding scale kind of a license condition or technical specification is -- for me, it takes longer to be able to accept it than it would be to be able to accept analytical analysis that comes up with an answer and says here we are, this is the box you live in. MR. BRADLEY: Yeah, but just, you know, recall that once (a)(4) becomes a rule, the operators and everyone else making configuration decisions are going to have to look -- you know, they're going to have to meet (a)(4), not just tech specs, going forward. That's the predicament. CHAIRMAN SIEBER: That's correct. MR. BRADLEY: And that's why we need to do what I am discussing here today, as it could lead to -- you know, the operator is not only going to have to worry about tech specs, he's going to have to worry about the (a)(4) piece of configuration control. CHAIRMAN SIEBER: I think an operator can live in two boxes, one smaller than the other one. MR. BRADLEY: As you're aware -- I think we've presented these before, but there are seven initiatives now underway to basically risk-inform elements of tech specs, the existing ITS, and some of these are going to get discussed today. The point is that the seven initiatives basically represent an incremental step toward what I'm discussing in making (a)(4) and tech specs compatible, and the -- in my view, as we move forward with these initiatives, we've got to make the (a)(4) process integral to the way these tech spec initiatives would work. I want to give you an example, Initiative 2, missed surveillance. Okay. You're managing the configuration of the plant, you're taking things in and out of service, and then you discover that you've missed a surveillance. Okay. Now, the right way to treat that is to roll that into your ongoing configuration management program, like any other emergent condition. It's like a piece of equipment going out of service. It's something you now have to take into account, okay, do I want to take the other train out of service knowing that I've missed this? Those are the kinds of things you have to address, and the (a)(4) guidance directly gets at that. It talks about, before you take a train out of service, you've got to look at the other -- you know, not only at the CDP and ICDP and the integrated, you know, aggregate risk and everything else, but you've got to look at the other -- you know, is there something about the other train that would tell me I shouldn't be taking this train out of service, and this is just one example of a thing you'd like at, is, well, gee, I missed the surveillance on this, so I have some higher level of uncertainty about its performance. But this is just an example of how the types of initiatives we're working on fit right into the (a)(4) framework, and you can make the same kind of argument for mode changes, outage times, and some of the others, 303. CHAIRMAN SIEBER: Okay. And today we're going to look at numbers 2 and 3. MR. BRADLEY: Right. I think Scott mentioned earlier that NRC was looking at their structure internally and how to support tech specs and these initiatives. Industry has been doing the same thing. We recognize there are many ongoing activities on tech specs. We have -- actually, there are about seven NEI task forces right now that have some relationship to tech specs, and you get into some interesting issues when we start looking at risk-informing tech specs, especially if we start looking at sort of the visionary place we can go to comport tech specs with (a)(4). It requires that these activities be integrated as an industry, so that we're not -- tech specs represent -- license change requests represent a significant chunk of NRC's resource burden, as well as the industry's, and we may be able to obviate some of the incremental types of changes we've been making by adapting -- adopting these more risk-informed-type changes, driving toward an (a)(4)-type approach. So, there is going to be a new executive-level working group at NEI, tech spec working group. Our intent here is not to just encumber the bureaucracy by adding another layer, you know, to all the layers we've got already, but it's a coordination function, and it's a function to look at how do we coordinate the big picture change of moving toward (a)(4) with all the existing activities we have going on. Initiative 4, which is AOTs -- as you know, there's a 4(a) and 4(b). 4(a) is individual AOTs. 4(b) is sort of a global way to replace AOTs with an (a)(4)-type process. That's basically the first initiative, I think, that the working group that we're forming will want to really get their hands around and look at how do we go about that. The thing I mentioned earlier about the front stop and back stop -- that's just one of many ways you could actually effect that type of change, and the -- so, we will be looking at that, and the working group's mission will be to try to bring tech specs and (a)(4) into some -- at least so they're not inconsistent in the future. I will say, I guess, with regard to some of the slides that NRC just presented, the issue of PRA quality is clearly an issue for being able to do this, and I do want to mention again that we're not suggesting that the existing (a)(4) guidance as it stands would be adequate once we went forward to replace or move into a single configuration control approach with tech specs. Whether you would need full quantification of things such as shut-down and transition risk, I think, is a function of how you set up back stops. If you go to a fully risk-informed approach where there really are no back stops, then you might have a pretty strong argument to do that, but there may be more pragmatic ways to do that, to use PRAs along with qualitative insights and establish back stops to address that. That's basically the way (a)(4) works now. You do have to have an internal events and a simplified Level 2, but in terms of having to quantify everything, that may not really be necessary, depending on how you do this. So, those are just some thoughts, and this is something NEI and the industry are going to put a major effort into, starting now and going forward. We've done a lot of work on Option 2 and 3 of regulatory reform, and the more we look at it, we think this piece has more potential benefit and is more do-able in terms of -- there's a success path there that we think we and the staff can work to -- really, than some of the other elements of regulatory reform. So, we want to break this off in a parallel path and move forward with it. DR. APOSTOLAKIS: Let me understand here. I don't remember the staff referring to (a)(4) earlier. Am I missing something here? Do you disagree? MR. DENNIG: Not at all. In our last presentation to your group, I believe we talked about part of what we understood we were heading for was bringing (a)(4) machinery and approach into -- what was your word, Biff? -- to comport with technical specifications. We recognize the dual regulatory scheme, the potential for collisions, and from an operator's standpoint, it would be a lot easier to have one approach, one set of books, one way of doing things, and so, we did -- I think if we look back at the transcript -- brought up (a)(4) at that time, and we have briefed that idea to our own senior management and gotten -- you know, that sounds reasonable thing to do approach. So, we're in basic agreement, but we did realize that the industry presentation today was going to spend time on (a)(4), and rather than us talk about (a)(4) and have them talk about (a)(4) and you hear (a)(4), (a)(4), (a)(4), we just kind of broke it up this way. DR. APOSTOLAKIS: So, what you call next step, technical specification configuration control elements globally replaced by (a)(4)-type evaluation -- maybe you said that and I missed it, but this would give much more flexibility to the licensee, would it not, to manage the configuration? MR. BRADLEY: Yes. It would give flexibility, although as I said earlier, we recognize there would have to be some rigor in the approach that probably goes beyond what's in (a)(4) now. DR. APOSTOLAKIS: Okay. MR. BRADLEY: For instance, right now, plant shutdown is just one of about 20 risk-management actions we have in (a)(4). There are all kinds of other things you can do, and I think, right now, (a)(4) sort of gives the licensee flexibility to pick and choose those, as long as he can show he's managing risk, temporary and aggregate risk, but to go to a tech spec -- replace tech specs, you would probably have to have more explicit conditions for, you know, when you have to invoke those certain actions. CHAIRMAN SIEBER: Well, but then you get yourself to the situation you have to invoke (a)(4) for every maintenance activity that involves safety-related equipment. MR. BRADLEY: It's not just safety-related; it's the whole scope of your PSA. CHAIRMAN SIEBER: Or important to safety or whatever the term is. On the other hand, my impression of what I know about (a)(4) and how it will be implemented is that -- and I think I recall this from one of our meetings -- is that the tools don't exist for some sub-components to adequately evaluate risk, and if that's the case, this is where the reliance on expert panels come in, okay, and it seems to me that, if you replace the tech spec requirements with an (a)(4)-type evaluation, there is the opportunity to move away from the analytical approach which I would think is what's necessary to support the rule, the tech spec rule, and move into this sort of judgmental expert panel. You know, this is what I call the fuzz, okay? And I don't -- if I have the wrong impression, please tell me what the right way is. MR. BRADLEY: (a)(4) doesn't -- there is nothing in (a)(4) about the use of an expert panel. There's an expert panel you use in the maintenance rule to do your initial categorization of components, but (a)(4) itself doesn't defer to, you know, some expert panel to make the judgement on what's the risk management action you take. It establishes the ground rules for how you can quantitatively -- and you also have to have a qualitative element, because it's addressing shutdown -- it's addressing areas that most plants don't have models for, but it basically has how you do that, how you do the quantitative or qualitative approach, so it really is analytical. CHAIRMAN SIEBER: Yeah. On the other hand -- and it was just part of your answer -- a lot of plants don't have the analytical tools in their transients or in shutdown. So, in the sum of it, it has to go to some kind of expert or manager decision. MR. BRADLEY: This really goes back to what I said earlier on the question of how complete a PRA you need to do this, and I think it's an open question, but my belief is that shutdown management -- it's possible to do that qualitatively in a very risk-informed way, by preserving the key safety shutdown functions with an adequate degree of defense-in-depth, and you don't necessarily have to quantify your entire, you know, outage, which is a relatively difficult thing in itself, to do that. We're managing shutdown risk today under 91-06 very effectively through quantitative approaches. So, clearly -- I mean, you know, I'm not trying to say we're going to do this with some half-baked PSA, but whether you need to have quantitative -- and even when we start talking about these seven initiatives, I think you'll see that there are many things you can do without quantitative information. You know, missed surveillance is a great example. You know, you don't have to do a lot of quantification to know that shutting the plant down because you missed a surveillance is generally not going to be a risk-smart thing to do. Of course, it may get tougher once we get into the whole ball of wax, but you know, it's just a matter of determining what's the appropriate level, and you know, we have to do that work. MR. NEWBERRY: Maybe I could add a thought. When we talk about, you know, the fuzziness of going to the component level, really, if you look at the tech spec, they're really at the train level. So, you might have a component and you have to get into sometime seeing what supports what, etcetera, before you can get to that train-level approach. CHAIRMAN SIEBER: On the other hand, a tech spec requirement that's placed on a train says that all the components necessary for that train to operate have to be operable. MR. NEWBERRY: That's right. And, say, if a fault tree is modeled to the component level but the top event is the train, then you're comporting, if you will. CHAIRMAN SIEBER: Yes, sir. MR. BRADLEY: Rick Hill -- unless there are anymore questions for me, I was going to turn it over to Rick. CHAIRMAN SIEBER: Yeah, I think that would be great. MR. BRADLEY: He's just going to give the PWR owners group perspective on the activity. CHAIRMAN SIEBER: Okay. MR. HILL: Good morning. I'm Rick Hill with GE, and I'm the Project Manager for our risk-informed tech spec activity. I noticed from the agenda that you have Initiatives 2 and 3 split out, but with your permission, I'd like to address the BWR owners group perspective at one time -- CHAIRMAN SIEBER: On both of them? MR. HILL: -- on both of them, yes. CHAIRMAN SIEBER: Okay. That will be fine. MR. HILL: There was some history provided earlier about tech specs. The BWR owners group is a relative late-comer for the owners groups into the risk-informed tech spec arena. We had gone through in the middle '80s a very extensive reliability-based tech spec program where revisions were approved and made by the utilities, and as a result, there was some reluctance to want to get involved in further looking at the tech specs due to the resources that would be required, but we have joined in with the rest of the industry, at least at this point in time, and as we've seen the NRC's vision and NEI's vision or industry's vision -- everybody needs a vision -- our vision is stated in this slide, basically, and what we consider the purpose of the committee that we have involved here, and that's to enhance the tech specs so that they reflect the safety significance of the condition or the requirement and thereby gain operational flexibility. I note that it's a generic committee. That means all of the BWR owners are participating in this particular activity, as opposed to just a subgroup. We are actively pursuing these three initiatives out of the seven, and I should actually say that we're actively pursuing one, Initiative 1. That's where all of our resources have been put into for the early part of this year. Initiatives 2 and 3 -- we are supporting the industry by trying to provide information that is needed for approval by the NRC, but we're not doing any specific work. That's one of the reasons why I want to bring in both Initiatives 2 and 3 and mention Initiative 1. Initiative 1 is basically our perspective formulated to test the risk-informed process on an analytical-type basis. As a result, we have committed and we are in the process and nearly finished with building a BWR/4 transition risk model. It's our hope that, when we finish that transition risk model, it will be generic for all BWR/4's, we'll be able to use sensitivity analysis for BWR/2's and 3's, as well as 5's and 6's, to cover their needs. That model that we're developing is fairly sophisticated for the needs of Initiative 1, but we believe that further initiatives that the industry will have and that we will have ourselves will need that sophistication, and so, we're building it in at this particular time. Initiatives 2 and 3 -- as I said, we're in the process of supporting that. We do support the draft of the TSTF that will be talked about later, I'm sure, by Mr. Hoffman, where the risk evaluations will be done on all surveillances that are missed and delayed greater than 24 hours. Initiative 3 -- we're supporting that in the sense that we do not have a generic approach to it. You'll probably hear later that there is a -- Combustion Engineering plants have a generic approach to it that will fit all of their plants. Since we do not have our model complete, we are not able to analyze the -- quantitatively the effect on the plants, and so, each plant will use that on a case-by-case basis, if needed. What's in it for us? What are the opportunities? Why are we doing this? And I think we've heard a lot of this already, but certainly improved decisions in favor of safety, and I've listed a few reasons here, in avoiding the transition risk of plant shutdowns when you have configuration changes for non-safety significant problems, as well as missed surveillances force urgent plant shutdowns. In some cases, when it's appropriate, longer AOTs for repairs, focus on safety significant systems, structures, and components, and on the next view-graph here, mentioned improved decisions on safety when multiple components or LCOs are impacted. We believe that all of these things work in favor of safety. It also will help reduce the burden both on the NRC and the utilities as far as less paperwork, NOEDs, start-up delays. Those kinds of things will be certainly to our benefit, but as with anything, there's a cost. What are the challenges? What are the things that we're nervous about in proceeding down this path? Since Initiative 1 for BWRs is not as beneficial as it is PWRs -- and I start that sentence with "since," as if you already knew it, but it's fairly obvious that staying in a hot shutdown condition for a BWR is not as easy as staying in a hot shutdown condition for a PWR. If you're in that condition too long, we might as well just go to cold shutdown. So, there is not a large benefit in that for us. There would be some, we hope, but we would prefer to have this as a stepping stone to look at staying in a hot standby-type condition if it is justified, remaining in a Mode 2-type condition versus Mode 3. That's a challenge. That's not on the drawing boards at this time. Will the BWR/4 model plus sensitivity analysis be sufficient, or will we have to develop generic models for each of the plant types? Will each utility have to develop their own model? This is a significant impact on utility resources since most of their PRA people are very busy right now with a significance determination process, they are busy with (a)(4), and many plants will not want to develop their own model. Some may. Will sufficient progress be made in the near term so that, when our executives meet in May, we'll be authorized to continue working, and that's not an inconsequential concept, since I started off the discussion by mentioning that we were reluctant to get in in the first place, and we may be not very reluctant to get out if we don't see that the expenditure of resources on the models and where we're headed -- if it's fraught with more difficulties than it is opportunities. But in summary, we try to look on the optimistic side and say that we see a window of opportunity here where we can increase overall plant safety, we can reduce regulatory burden, and hopefully reduce the cost of doing the correct thing for non-risk-significant issues. That concludes what I have to say for the BWR owners group. DR. APOSTOLAKIS: How would you measure the sufficient progress? I don't understand that bullet. It sounds like a threat to me. MR. HILL: Well, I would measure the sufficient progress by whether or not we are funded to continue, and that's a decision that our owners group executives will make in May. DR. APOSTOLAKIS: You have to demonstrate sufficient progress in order to get -- MR. HILL: I think, in a very practical sense, if we had an approval to proceed with Initiative 2 by the NRC, that would certainly signal that there is light at the end of the tunnel. MR. BRADLEY: This is the classic low-hanging fruit issue where, you know, you always prioritize these things with something that looks easy, at least going in. MR. HILL: I wasn't intending to make a threat. I was stating the reality of our situation. DR. APOSTOLAKIS: And the NRC staff has its own reality. CHAIRMAN SIEBER: Your slides six and seven, which are the reasons why you would want to pursue this -- I don't disagree with them, but I find them intriguing, because missed surveillances are usually the fault of people not doing their job right, in my opinion, and it seems strange to punish the inanimate object, which is the plant. People are the ones that made the mistake, but there was an element that caused a lot of anguish and hardship because you had to maneuver the plant, go back and do things, you got delayed, you lost money, which kept management's attention on not missing surveillances, okay, and that was, in my day, a big sin, to miss surveillances, and because you got punished just by your own tech specs. On the other hand, as we move into a regime where, gee, it's really not all that bad, you don't have to maneuver the plant, you can delay it, just look at the risk, and if the risk is okay, the compulsion to not miss surveillances dims, and it also worries me, then, that if you aren't reporting them, it just goes into your corrective action program, you know, all of the sudden, the motivation to run absolutely a top-notch plant seems to be dimming, in my view. I think, to me, that's a concern. MR. BRADLEY: The revised oversight process, which I'm sure all of you are familiar with -- CHAIRMAN SIEBER: Right. MR. BRADLEY: -- I think will serve as a significant incentive not to miss surveillances, because if you miss a surveillance and then you ultimately, when you do perform it, find out that the equipment has been unavailable for a lengthy period of time, you will be hammered. You're going to be in so many white boxes over the past year, when you go back and take -- on top of all the configurations you've been in, take this thing out of service that you didn't -- you know, didn't think was out of service, that believe me, I don't -- you know, I think that's -- will be effective. CHAIRMAN SIEBER: Is that an incentive, then, if you miss a surveillance, to say, well, I actually have all this leeway, but I don't want all those white boxes, so I'm going to do it as soon as I possibly could and maybe maneuver the plant to do it, to make sure that it's really operable. MR. HILL: I would like to try to frame the concept of the missed surveillance here, and I may be the least likely in the room to do it, and I think Mr. Hoffman probably has the data on the missed surveillances, but these are not things that happen on a routine basis, they happen on a once-every-few-years basis, and typically they happen because you made a design change and you've modified the procedure for doing the surveillance, and when you end up targeting the surveillance, there's a piece of it that you probably haven't done in a proper fashion, and it's something new. So it's not something that happens on a real routine basis. I don't have the numbers at my fingertips, but we did do a industry survey, looking in the LER database as to how many missed surveillances there have actually been, and it's astounding how small they are. CHAIRMAN SIEBER: Thank you. Are we ready to move on? MR. BRADLEY: I believe the next thing on the agenda is a break. CHAIRMAN SIEBER: Is that it? Okay. Why don't we take a break? Actually, we're on time. Why don't we come back at 10:30? [Recess.] CHAIRMAN SIEBER: The meeting is now back in session, and I'd like to ask Biff Bradley to introduce the remainder of the industry speakers. MR. BRADLEY: We're going to start -- at the table with me now, I have Don Hoffman from Etcel Services and Ray Schneider from ABB/CE, and the way we'd like to work this is Don is going to talk a little bit about the situations with the current tech specs that led to the need for these initiatives and some of the background as to -- that led to their development. Actually, these types of things have been in the works even before they took on the risk-informed name-plate, and then I'm going to talk just a little bit about the basis for the Initiative 2 on missed surveillances, and then Ray Schneider is going to do likewise and talk about the risk analysis and how you do that work for Initiative 3 on mode restraints. So, I'll go ahead and turn it over to Don at this point. MR. HOFFMAN: This first slide -- I will just indicate which package I'm going to be speaking from, which is set up, as you can see, for us to discuss both Initiatives 2 and 3, which as Biff indicated, I'll discuss portions of 2 and then come back to 3, and we'll do them separately, as indicated. The reason I have the opportunity to speak to you today is I'm the Technical Coordinator for the Technical Specification Task Force, which is the group of all the four owners groups which has currently developed the ITS, the improved technical specification NUREGs, and all the changes thereto, working with the NRC and all of its branches with developing Revision 1 and, now very soon, Revision 2. So, we've been working very diligently in a lot of the deterministic aspects and, to some extent, actually broaching into some risk-informed aspects of the technical specifications, acknowledging that it's very hard to keep them separate as much as sometimes we want to, and in doing that, we've been addressing AOTs and other activities, as Biff indicated. That is what led to -- when we first began discovering or deciding which initiatives would be appropriate initiatives for us to begin with in the risk-informed arena, we selected the initial seven that you see before you, or that you had discussed, at least, earlier this morning. The Initiatives 2 and 3 that we're going to be discussing during the course of the morning and the early part of the afternoon were the two initiatives that we felt would -- were ones that were -- should be simpler to do. They were more policy issues, if you will, than hard-and-fast risk-informed issues. We believe they would require the last amount of risk insight to justify their approval, and with that in mind, we considered all these initiatives in the aggregate, in considering what we were doing in the deterministic space and what we were doing in the overall risk space. One of the comments I heard this morning -- I want to make clear it is not our intent to change the definition of operability but only to change some of the tools utilized around it to determine the best course of action when we have levels of degradation. But we are in total agreement with you. It's our intent to structure these such that the tech spec requirements are expected in all cases to be met. One of the comments that were made at the end of this morning's session that I would like to address is the issue of the number of times that we have actually missed surveillances before I go into it. As was stated this morning, we did a review of the LER database from 1995 to 1998, and we discovered there were 11,393 LERs that were associated with these kinds of activities -- sorry -- only a total of 11,393 LERs. Of that, 170 were related to missed surveillances. Of that 170, we discovered that there were only 12 cases where, once the surveillance that had been missed was subsequently performed, that the surveillance failed, and in all of those 12 cases, the subsequent failure was due to the fact that -- one of three things -- either the surveillance had never been performed before or, two, there was a design change that was not aware of when the surveillance was subsequently performed or, three, there was an inappropriate procedure that was utilized. DR. BARTON: It sounds like I shouldn't do any surveillances, because the more I do, the more I fail, but I don't do them, I don't fail them. That's what that sounds like, to me. I've failed more surveillances doing them than this history shows you have failed by not doing them, whatever that means. MR. HOFFMAN: What that means, sir, is that -- what we believe that means is that the NRC and the industry determined in the middle '80s that the greatest likelihood of performing a surveillance is that a surveillance is going to do nothing more than confirm operability or actually be passed when performed. That has been the greatest likelihood when we've gone back and done the evaluation. Nonetheless, there are, obviously, surveillances that are failed when initially performed within their specified frequency, for a number of different reasons, and I'm sure you're very familiar with those, sir. CHAIRMAN SIEBER: It also seems as though, in those instances that you cite, that there's a breakdown in some other program. For example, if you do a design change and fail to adjust the surveillance procedures to reflect that design change, then there's something wrong with your design change, or if you have an inappropriate procedure, how can you do a surveillance year after year after year with an inadequate procedure? I think most tech specs require procedure reviews by somebody every three years or thereabouts. DR. BARTON: Annual reviews. CHAIRMAN SIEBER: You know, there's breakdowns in programs that cause these kinds of things to happen. MR. HOFFMAN: Absolutely, sir, and I do want to clarify that the portion of the surveillances, the 12 again, only 12 of the 170 that failed -- when I say due to programmatic issues, there were the fact -- well, you're certainly aware that the NRC sent out Generic Letter 96-01 which required the industry to go back and evaluate the performance of surveillances with regard to ECCS and other instrumentation systems, because they determined that, in some cases, some of the surveillances were inadequate to address all of the contacts, components, and relays, and in some of these cases -- in three, to be exact -- the reason those surveillances failed were not because what they tested didn't pass but that they did not test all of the things they should have tested, and that constituted a failure on the part of the complete surveillance. So, there are a multitude of issues here that really address what we constituted or packaged as failure, these 12. CHAIRMAN SIEBER: Do you have any data that shows whether the equipment was not functional because of the failed surveillance? MR. HOFFMAN: When we went back to these 12, in every one of these cases except two, the equipment would have still performed its intended safety function. There were only two in which there was a portion of it because of the failure that they would not have had a sufficient pump flow or the valve would not have stroked in the time it was required to, sir. CHAIRMAN SIEBER: Okay. So, basically what you're saying, it was inoperable but functional in 10 out of 12 cases. MR. HOFFMAN: Yes, sir. In fact, you'll notice that we have an Initiative 7 which addresses inoperable but functional. CHAIRMAN SIEBER: We'd rather not deal with that today. MR. HOFFMAN: I understand, sir. CHAIRMAN SIEBER: But I did read it. MR. HOFFMAN: What I wanted to do was just to go back a little bit and start back with how we came to the conclusion that we needed to make some changes to SR 3.0.3, which subsequently became Initiative 2 and is what we call TSTF 358, which is a numbering system we utilize for generic changes made to the improved technical specification NUREGs. As most of you know, the standard technical specifications which were developed in the mid-1970s established 3.0 and 4.0 requirements that were generic requirements that applied throughout and they were more appropriate to be discussed at the front of the technical specifications rather than repeated in each individual LCO. This SR 3.0.3 change was previously called 4.0.3. With the change to the improved technical specifications, there were a number of numbering changes. This is one of them. The 4.0.3, now SR 3.0.3, initially required all LCOs to be met by performance of surveillances prior to entering into the mode of applicability of the LCO, which meant that if you did not perform the surveillances in that specified interval, then the LCO was to be declared not met and the SRs were then to be performed subsequently, but at the time equal zero, upon discovery that you did not perform the surveillance, the LCO was to be declared not met and you would enter into its action statement and to take whatever the appropriate actions were. In 1987, the NRC issued Generic Letter 87-09. Generic Letter 87-09 was issued with working with the industry and the NRC addressing a number of different issues that they felt had become overly conservative over the years. One of these was SR 3.0.3, which was where we determined -- you, the NRC, and the industry -- that it was overly conservative to require a shutdown or some other punitive action from missed surveillance requirements, because the greatest likelihood when you performed a surveillance requirement, is that operability would be demonstrated or confirmed, and that was as a result of a great deal of evaluation and doing data gathering on the part of the industry and the NRC. At that time, the NRC determined that 24 hours seemed an appropriate timeframe, but during that 24 hours, in Generic Letter 87-09, you were required to declare the LCO not met, and you just were not taking its required actions during that period of time. When we came to the improved technical specifications in the late 1980s and early 1990s, we developed Revision 011, and now we're working on Revision 2. We actually did some enhance and improvement to SR 3.0.3, where we allowed the delaying of declaring the LCO not met when we missed a surveillance. Because of the information that had been gathered, because we had determined that the greatest likelihood is that a surveillance would be passed and satisfied operability when performed, we made the determination that we should be able to delay declaring the LCO not met and that, at the end of that 24 hours, we must have performed one of the three following things: Either, one, we performed the surveillance and it passed or, two, we performed the surveillance and it failed, and at the time of its failure, we then declared the LCO not met and took its actions, regardless of when during that 24-hour timeframe that may have occurred, or three, at the end of the 24 hours, if we've done nothing, then we declare the LCO not met. That determination was utilized up through and including all the ITS through Revision 1. When it came time for us to evaluate and look at some of the initiatives I said for the risk-informed technical specifications, this initiative became one because we were realizing that there were several plants who had to ask for regulatory relief because they had missed surveillances, albeit on a very unusual situation, on a very -- when I say a very minor situation, as far as the number of times, it did occur, and in many cases, if not all cases, we continued to discover that the surveillance was passed when performed, and yet, the particular surveillances where, if we missed them, we had to change the mode of the plant or the condition of the operating plant to perform them, that we determined, in many cases, we thought there would be more risk during the transition or more impact to the plant to take it to another condition to perform the surveillance than to take other compensatory measures. So, the Initiative 2 that we have before you in TSTF 358 was to propose to allow the surveillance interval to be 24 hours or up to the next interval, whichever is longer. Now, the first reaction would be, well, gee, if I have a one that's established on a refueling interval, then I could go to the next refueling interval, and it's established from a regulatory standpoint, yes, that's true. However, there are a number of things in this TSTF which would preclude that from occurring unless it was an absolute necessity. First, it would be required to be performed at the next reasonable opportunity and that there would have to be an evaluation by management, and we're going to come to some of the risk insights that would be utilized for that, to evaluate the acceptability of, one, not performing the surveillance within that 24 hours, and that evaluation would have to include the impact on plant risk, the impact of, one, performing the SR and what kind of conditions we may have to establish and, two, the impact of not performing the SR. It would have to evaluate the analysis assumptions with regard to the overall systems, what other things were inoperable, what was the condition of the plant with regard to meeting the assumptions of the safety analysis. It would have to evaluate the current unit conditions, the planning, the availability of personnel, and obviously the time to perform the surveillance requirement. So, those are the types of things, in addition to the risk insights that you're going to hear shortly, that we established would be required by each plant, utilizing this flexibility, to evaluate. The issue this actually addresses is it reduces the need for regulatory relief for those SRs which require, as I said, a change to the actual mode or condition of plant to perform the surveillance. As you also heard earlier, this missed SRs would be put into the corrective action program, and as I heard discussed earlier this morning, we feel that, because of the corrective action program, maintenance rule (a)(4), and the new reactor oversight process, that there is an incentive to perform these in the specified interval, on the specified frequency, and do so appropriately. We expect that these will be an exception, not the rule. We believe that the greatest likelihood, as has been demonstrated, that it will be demonstrated -- the system test, it will be demonstrated operable, and since we are performing a risk evaluation for all those extended beyond the 24 hours -- and you're going to hear that that could be a portion of a qualitative or quantitative -- that we feel that there will be appropriate evaluation to establish the acceptability thereof. This slide just only indicates some of the things that I've already discussed with you. DR. BONACA: I have a question. MR. HOFFMAN: Certainly, sir. DR. BONACA: I completely support the thought process behind this, but the question I have is regarding the delay period to the surveillance frequency interval. What, for example -- one could have proposed to the next surveillance frequency interval or the next shutdown, whichever comes first, okay, which give an intent of doing it as fast as possible. Now, clearly, in many cases, the surveillance frequency may be shorter than the next outage, and that's fine. In some cases, however, you may have an outage, and that would at least put some sense of urgency, you know, management, for doing it. Now, that outage may be the next outage, I agree with that, may be the refueling outage, but still, you know, just going in with a surveillance frequency interval -- it gives a different kind of message. It gives a message almost that surveillance is not important; you can go for two terms, you know, the time element is not important. MR. HOFFMAN: Certainly, sir. We considered that. It was not our intent to give rise to anyone to think that the surveillances were not important, and we actually considered putting in a timeframe "or the next shutdown," but as you stated, recognizing that many of the surveillances have shorter intervals than the next shutdown, we didn't want to give rise to something that was due in the next 92 days that they could take to the next shutdown, which may be 120 days, to perform it. Hence, that's why we established the next frequency. For the very ones I believe you're speaking to, which are the ones that would require you to be in a condition of shutdown to perform that surveillance, we established they would be required to be performed at the reasonable opportunity, such that the next shutdown, when you were in a condition to perform the surveillance, would be deemed in all cases, in our opinion, based on our establishment of the criteria, to be the next reasonable opportunity, so that if I missed a surveillance and discovered, let's say, one month after I started up and the next time I'm supposed to perform it is 18 months and I shut down two months from now and I'm in a condition to perform that surveillance, that may be the first reasonable opportunity, but that's absolutely the longest I would be allowed to not perform that surveillance. DR. BARTON: What do you mean "in a condition"? MR. HOFFMAN: The plant condition. The condition of the plant may be required -- certain of these surveillances, as I'm sure you're well aware, require the plant to be in a condition other than -- that you cannot do in an operating condition -- DR. BARTON: Right. MR. HOFFMAN: -- because of the impact on all the other systems. DR. BARTON: So, in shutdown, in a forced outage that I can come back from in two days and the surveillance that I missed takes two days to do and it requires going in the drywell, but yet, the thing that caused me to go down does not require me to be inert and go in the drywell, now what do we do? MR. HOFFMAN: Absolutely. I knew you'd ask that question, sir. We talked to the plants when we were developing this and stated that, if there was a determination by a plant that they felt that they could not perform the surveillance, that was not the first reasonable opportunity, then they would have to justify through management evaluation of the acceptability to go ahead and delay that surveillance even further. DR. BARTON: But you already gave me the okay to go 24 months. MR. HOFFMAN: I gave you the okay to go to the next frequency, providing you did an evaluation of the acceptability of going to the next frequency and that you performed it at the next reasonable opportunity and that the next reasonable opportunity included one of those things, sir, of the plant conditions available to perform that surveillance, which would mean that in order for me as a plant to explain to myself, to my management, or to you, the NRC, that I had made the appropriate determination, I would have to be able to justify not performing that surveillance, not taking the additional time during that forced outage to enter that drywell to perform that surveillance. There may very well be extenuating circumstances and information I could bring to bear to do that. DR. SHACK: Would it make a difference if you changed the wording to say 24 hours or longer, or at the next opportunity, and then put a statement that said absolutely no longer than the next surveillance frequency interval? That would seem to me to put the emphasis in the right place but wouldn't change anything. MR. HOFFMAN: We evaluated some aspect of that. The reason we were concerned -- and I hear what you're saying -- about establishing in the tech spec itself reasonable opportunity but no later than is that we wanted them to be a little more explicit, at the very latest, because obviously tech specs are prescriptive and supposed to give you an establishment, if you will, of timeframes. So, we wanted the tech spec requirement to be no later than the next surveillance interval but certainly at the very next opportunity. We could restructure the words, possibly, to make it more clear, or at least the bases and the justification to enhance the rationale. We're certainly open to improvements that will enable you to feel comfortable with the process we believe we're following. CHAIRMAN SIEBER: I think it would be better if you folks and the staff worked out the words, rather than have this committee do that. MR. HOFFMAN: Yes, sir. CHAIRMAN SIEBER: That's, to me, more of a process issue than a technical issue. MR. HOFFMAN: I certainly understand your concern, and I believe that we could do some things at least on the bases and the justification to further address that, sir. DR. BONACA: I have another question. MR. HOFFMAN: Yes, sir. DR. BONACA: The 24 hours -- it's meaningful in the current tech specs. MR. HOFFMAN: Yes. DR. BONACA: The two end points compete. Twenty-four hours is not meaningful in the new tech spec, because you know, you say, you know, 24 hours or the next refueling outage, whichever comes after. Why do you need to retain the 24 hours? MR. HOFFMAN: The reason we chose to retain the 24 hours, sir, was for it to be a break point at which point we did the risk evaluation of not performing the surveillance. In the current tech spec requirements, we're allowed the 24 hours without doing any kind of risk evaluation, notwithstanding what (a)(4) will require us. So, if we miss a surveillance and we discover that and we can set up and perform the surveillance within 24 hours and it passes, we're fine. So, we maintain that just saying that, okay, at some point, we have to do a further evaluation of the acceptability of not having performed that surveillance. So, we selected the current 24 hours as the break point, after which we would do a risk evaluation, sir. DR. BONACA: Can you do it in 24 hours? MR. HOFFMAN: Excuse me, sir? DR. BONACA: Can you do that evaluation in 24 hours in all cases? MR. HOFFMAN: We would have to do the evaluation if the surveillance was going to be extended beyond 24 hours. The timeframe for the actual -- DR. BONACA: You're making this change to be more realistic, you know, and the question is can you make a realistic evaluation in 24 hours. I'm only questioning the 24 hours specifically. If you have a certain objective for it, then make sure that it fits the need. MR. HOFFMAN: Certainly, sir. At the T equals zero -- once we discover that we have missed a surveillance, we begin the 24-hour clock. So, at time equals zero, we discover we've missed the surveillance, the 24-hour clock begins. During that 24 hours, we have to make the determination of a number of different things. One, can we perform the surveillance? Two, can we structure everything up, to get everything set up? What is it going to require? Do we have to change the plant condition? Can we bring in whatever needs to be done and, after that, determine, if it's going to go beyond 24 hours, then we would begin to perform the risk evaluation. Now, I can't tell you, in all cases, the risk evaluation would be completed by the end of that 24-hour clock. CHAIRMAN SIEBER: That would just put you in the action statement. MR. HOFFMAN: Well, at the end of the 24-hour clock, yes, sir. DR. BONACA: I think you should revisit the hour itself. I mean the restrictions in the current tech specs are meaningful. In the new tech spec, you are changing it to accommodate certain considerations which make sense. I think you should look at the other one, too, because I think you want to make sure that you have a process by which you can exercise the tools that you need to perform an evaluation to assess it and to determine, you know, that, in fact, you can do it without starting a clock. CHAIRMAN SIEBER: Well, the clock always starts Friday around seven p.m. DR. BONACA: That's right. CHAIRMAN SIEBER: That's just the way the world works. On the other hand, if we're in risk-informed tech specs, we heard this morning that there is a whole infrastructure of analytical tools, processes, procedures to be able to accomplish these things and not in back of some panel in the middle of the night by a couple of guys that happen to be on-shift. So, if that expectation is met, then I think you can perform an adequate risk assessment. The problem is, does the risk assessment get cut short or is it less thorough than it should be because you only have 24 hours to do it, and I can't answer that question. MR. BRADLEY: I think that once the -- clearly, once (a)(4) is effective, you will have the infrastructure in place, because this won't be any different from any other emergent condition, you know, that happens on the back shift or anywhere else, and you're going to have to have both the normal and the off-normal, you know, procedures there to deal with that, and I think that, especially for this one, which is fairly simple, that you could do that in 24 hours. CHAIRMAN SIEBER: I'm counting on what the staff told us this morning as being the way it's going to be and, notwithstanding (a)(4), you know, those tools are going to be in place, and so, I'm relying on that as saying that this is okay, and if you're telling us 24 hours is adequate, then that's okay with me, too. MR. HOFFMAN: Well, what we're telling you is that 24 hours is the break point, at which point, if we knew it was going to go beyond 24, we would have to perform a risk evaluation in addition to the other evaluations that we would normally perform. We have not currently restricted the timeframe to perform the evaluation to 24 hours. As written, TSTF 358 does not place that restriction. We have just stated that we would perform the evaluation prior to going beyond the 24 hours. DR. BARTON: You're saying if you can perform it within the 24 hours, you'd have to perform it? MR. HOFFMAN: Yes, sir, that's what I'm saying. I'm saying that, before you would go beyond the 24 hours, you should know what the impact of doing that is, and as structured, the TSTF and the associated tech specs and their bases and all the corresponding information that I believe the NRC intends to put in their safety evaluation for the acceptability of 258 for SR 3.0.3 would require those types of evaluations. DR. BARTON: If I can perform it, I have to perform it. MR. HOFFMAN: Yes, sir, if you can perform it, you should perform it. DR. BARTON: You have to perform it. Let me give you a hypothetical. This things happens on a Friday night. In order to perform this thing, I've got to call in six I&C technicians and pay them overtime and a meal, etcetera, etcetera, or slip the surveillance to the next forced outage or next refueling outage. You're in a competitive environment. That costs me money to bring all these guys in to do the thing. Do I have to do it within the 24 hours if I can get the I&C techs in there to do it, or because it's an economic burden on me, I'm going to slip it to the next convenient time. MR. HOFFMAN: As we've currently structured TSTF 358, you would not be able to utilize economics as a justification or rationale for extending the surveillance requirement. It does take into place the availability of personnel such that if you can't perform it because you're just not physically able to get all the people available to do so, not because you don't want to pay them overtime or you don't have to bring them in for lunch but because they are just not available for whatever reason. So, you have a very valid point. DR. BARTON: All I have to do is tell my I&C guys, if you get called in, refuse the overtime, so I don't have to do the surveillance. Okay. CHAIRMAN SIEBER: Well, I don't recall reading anyplace where it actually said that in the documents that we got, that the economic incentives are not a factor. Does it say that someplace? MR. HOFFMAN: Well, it doesn't say the economic incentives are not a factor, but the factors that it does address do not include economic incentives as the types of evaluations that you utilize to determine that acceptability. CHAIRMAN SIEBER: Where do I find that? MR. HOFFMAN: That's in the actual TSTF 358 package, in the justification part. DR. KRESS: The risk assessment that you make -- do you assume that piece of equipment that was supposed to be surveiled is inoperable in the risk assessment, or do you put in a -- some sort of a reliability or availability? MR. BRADLEY: There are multiple ways you could do that. As a screening measure, you could just look at the Fussel-Vesely component, which is basically assuming it's unavailable, and you can screen many things out as being risk-insignificant in that regard. You could adjust the failure rate of the component based on the fact that you missed the surveillance. DR. KRESS: Based on the fact that you know it's probably operable. MR. BRADLEY: Right. So, that would be a good screen. DR. KRESS: And you would project that over some time period -- MR. BRADLEY: Right. DR. KRESS: -- and have a criteria to say, well, if that -- DR. APOSTOLAKIS: That's on the basis of at this time. CHAIRMAN SIEBER: Instantaneous. DR. KRESS: Instantaneous. DR. APOSTOLAKIS: You can't project. DR. KRESS: But you're going to decide how long to wait before you make the surveillance. DR. APOSTOLAKIS: This is a very unreal -- well, I guess you can take the -- you can assume the equipment is down, calculate a new CDF, and do what Dr. Moeni says they're doing at Southern California Edison. MR. BRADLEY: That's just a screen. In reality, you're going to have to look at your actual plant -- I think this is a perfect fit with (a)(4), because if you're just looking at the -- I mean that's assuming a static situation, and in reality, you're having dynamic plant configurations, but this really perfectly fits the approach of (a)(4), and I think it's the exact same things you've got to look at. You've got to look at what you're planning, how that could be affected by the fact that this is missed and you've made some assumption about an increased failure rate or that it's unavailable, and you factor all that into your work planning process and you look at your ICDP and your integrated risk impact exactly like you'd do it in the (a)(4) guidance, and as a matter of fact, if I was writing this traveler or the TSTF, I would actually try to explicitly reference, I think, Reg. Guide 1.182, which it doesn't right now, but to me, that's the simplest way to consider it. MR. DENNIG: This is Bob Dennig from the staff. The basic premise here is that the surveillance -- the missed surveillance -- what we've lost out on is confirmation of operability. The presumption is that it is operable. If you have any information that it is not operable, will not perform its function, you have to do a continuous operability determination. Under tech specs, that is your obligation. If you have any information that tells you that there is something wrong with this, you're out of there and you're into the action statement. That's the end of that. DR. KRESS: The assumption it is operable gives you no delta risk unless you change -- CHAIRMAN SIEBER: That's right. MR. DENNIG: So, what goes into the evaluation, as Dr. Apostolakis mentioned, is an importance measure. The importance of this equipment gets factored into -- DR. KRESS: Which is not an assumption of operability, then, in terms of criteria. MR. DENNIG: Right. I'm just saying that to assume that it's broken and then do a risk evaluation of what we're accumulating with the broken equipment is not consistent with the premise of the initiative. DR. KRESS: Yeah, but I don't know how else you're going to do anything. MR. BRADLEY: As a screen, I think, you know, it's a bounding assumption to assume that it's unavailable. DR. KRESS: You don't have a technical basis for any other unless you use something like this LER data to get a different -- I don't know how you get a different availability number out of the reliability -- if you increase the failure rate -- but you have no technical basis for doing that. You can't take that out of the LER -- MR. HOFFMAN: Maybe I didn't make this clear. Part of the evaluation -- and to support what Bob said -- is obviously there's a continuous operability determination in all the systems ongoing, and if for some other reason you knew it was inoperable or degraded in any way, shape, or form, you'd have to take the appropriate action, but the surveillance -- the particular surveillance that you have missed -- one of the evaluation aspects -- and I didn't go into this in greater detail initially -- is that you'd have to evaluate how has that surveillance fared over the course of the last several performances? Has it passed the last five, six, seven, eight, nine, ten times? Have you had difficulty with any aspects of it? Does this particular surveillance perform something that you've seen some concerns with anyplace else? Is there generic -- any generic information from either your type of owners group or from the NRC that would give rise to make you think that, well, even though I have no reason to believe the surveillance wouldn't pass if performed, there are other informations out there that would cause me to consider those, and if those gave rise to concern, then you have to consider this -- you'd have to take a different kind of action. DR. KRESS: You really don't have enough data to do that on a plant-specific basis. You would have to rely on generic data from the whole fleet of plants, and I don't know that the number value you get out of that would be different than its original reliability number anyway. CHAIRMAN SIEBER: It's not clear to me how you evaluate the change in risk if you can't ascertain the condition of the equipment. You can make all kinds of assumptions. DR. KRESS: That's basically my problem with it. You can make the assumption of inoperability and evaluate -- have a screen. CHAIRMAN SIEBER: That's going to come out, in a lot of trains, pretty risky. DR. KRESS: It could very well be. I don't know. MR. NEWBERRY: I think I heard the gentleman from the industry say this. Do you have the capability to go in in your PSA where you have your failure rates, your lambda-T over 2, and adjust that T for twice the surveillance now? Is that part of your approach? MR. SCHNEIDER: That will be part of it. You could either look at increasing the failure rate, you could look at taking the equipment out of service, but the one thing you also want to recognize is that, while there's -- there's actually another incentive for the industry to basically be sure it does it properly for high-risk components, because with the oversight process, if I'm going to start doing (a)(4) maintenance and not have the -- and not have a good assessment of -- a good belief that the equipment is operable and I then start taking equipment out that might amplify the effect of that piece of equipment and then, when I do that surveillance, find out that the equipment wasn't -- you know, didn't pass, under those rare instances you'd have to go back and double-check the prudence of your decision process, and through oversight and performance-based regulation you'd be held accountable for not -- basically taking a potentially high-risk system and not really doing the surveillance in the 24-hour timeframe, and that's probably more of an economic impact than the impact of not doing it most of the time. CHAIRMAN SIEBER: There's too many performance indicators -- there are too many safety-related pieces of equipment that are not in the performance indicators that would trigger a white or any other color. For example, let's say that the surveillance in a PWR that you forgot to do was the flow test on a recirc spray heat exchanger. There's no little window for that that I can recall, okay? And it usually degrades over time, as silt builds up and fish and clams and stuff start to live in there, and it only operates when -- you can't test it because you see it operating like a high-head safety injection pump. It only operates when you either test it or in a big accident mode where you've got to spray down containment, and so, here's a situation where, you know, it's very difficult to tell whether the system is operable or not, because you haven't flushed it out and you haven't tested it and you don't know whether it's degraded or not, and the functionality and operability are different, and you say, well, if I get some flow, it's okay, and I don't have to read the tech specs. The old type of tech specs said I'm not exactly sure where you are with respect to what you put in there for a failure probability to do a risk assessment. DR. BONACA: Unavailability is a function of time. You can -- can you put consideration of that? I mean you have unavailability that is dependent on time and failure rate for that particular component, and now you're going to extend from 24 months -- you've assumed in the example, 24 months, you did not perform the surveillance, you go another 24 months. You're compounding, essentially, unavailability rate, right? MR. SCHNEIDER: Right. You can look at the unavailability increasing as a function of time. DR. BONACA: I mean your PRA is making certain assumptions of unavailability based on the surveillance intervals that you have. MR. SCHNEIDER: Right. DR. BONACA: And so, therefore, if you extend those, you can account for those and get the sense of what the impact is. MR. SCHNEIDER: Right. CHAIRMAN SIEBER: It gets back to the discussion that we had this morning when we talked about are the tools available, and not only do the tools have to be available but the data that you put into the tools to arrive at the answer or the conclusion has to be available and reasonable. MR. SCHNEIDER: I think the real issue is also part of the risk-informed decision process. It's not just a number-generating process. If you really missed -- if you're missing a surveillance on a risk-important component, the incentive is going to be to basically perform that surveillance as soon as possible, and the goal here is not basically to see how much you can get away with and try -- the goal here is to try to use prudence in trying to figure out which of the surveillances that are a lot less significant, that if they are missed won't contribute to the risk of plant operation, even if your decision process was wrong, and so, you could look at by bounding and look at, you know, what happens if the component is pulled out of service, what happens if you increase the failure rates and do some sensitivities, but the idea is to come out with a combined decision process that drives you into performing the right set of decisions, whether it's to control maybe the other train, to make sure the other train's fully operable and make sure the other train's not pulled out of service, to control other kind of maintenance, look at other back-up equipment, to look at other contingency actions, at compensatory measures. It's not just the number that you're looking at, and I think that, by and large, the majority of these, the plant has a pretty good handle on what its importance will be. CHAIRMAN SIEBER: Yeah, well, the plant is not a homogenous thing. MR. SCHNEIDER: I understand. CHAIRMAN SIEBER: The operators in the middle of the night, somewhere in their ultimate training they become amateur lawyers, and so, they read those tech specs like you would not believe, okay, and then they say do I have to do it, and then they read it over and over again, and the way I read it is, no, I don't have to do it. So, they write an engineering memorandum that says do a risk analysis on this and I'm going to go eat lunch. MR. HOFFMAN: I think your point is well taken, but I would like to believe that the kinds of things you discussed -- and certainly, they did exist -- many of them were clarified and resolved in the improved technical specifications, where we took those very kinds of issues and attempted to resolve them so there weren't tech spec interpretations and memorandums to engineering and operations and establish clear-cut, specific, finite requirements in the specs themselves, with detailed explanations of what that meant and the bases, so it was very clear to an operator when, where, how, and why he or she needed to do whatever that was, and based on what Ray also said, we believe that the robustness of this process lends a great deal of credibility to the acceptability of this. One, we don't believe it's going to happen very often, and we think we have data that would support that. Two, we think that, when it does happen, the greatest likelihood of performing that surveillance is it's going to pass. Three, we believe the tech specs are currently structured that if there is any reason for you to believe that that SR would not be met or for any other reason that LCO was not met or that equipment is inoperable, you have to take the appropriate actions under SR 3.0.1. This SR 3.0.3 change would give you no flexibility in that arena. And four, we also believe that, because we have established for part of the robustness of that process specific issues that have to be considered by the plant in regards to its evaluation of the acceptability of this, which takes into account how the surveillance has been performed in the past, what the equipment is, what the other condition of the plant and so on and so forth is, we believe that these kinds of things will be appropriately and adequately addressed. Now, again, if this becomes an issue where the surveillance is being missed, as stated this morning by Mr. Dennig, became chronically missed, then that's an entire other issue. The entire premise, as he stated this morning, that this is a very unlikely situation and that, because of the unlikeliness, it's acceptable. In fact, we went back and discovered that, over the course of the last five or six years, there were 10 NOEDs issued regarding this, and we looked at NOEDs. Every one of them were approved for plants to go beyond the 24 hours, and in almost all cases, it was because the greatest likelihood the surveillance, when performed, will be passed, the use of this flexibility has been small or insignificant, and three, that the timeframe in which they're going to perform it is a reasonable timeframe, so those being the basis. DR. BONACA: However, you're referring to a statistic that is based on a history where, if you miss the surveillance, you have tremendous penalties. I mean you could go for an exception, but you've got big problems, and people went to heroic measures to meet that. So, I'm not saying that we shouldn't do this. I'm only saying that those statistics are going to change, and so, I think that, as a minimum, in the oversight process, I think the staff should look at what does it mean, for example, if you're to take that one up by a factor of five? MR. HOFFMAN: We actually think the number of surveillances missed is going to go down, not up? If you look at the 170 over that course of five years, think about that, many of those were discovered and reported as a result of Generic Letter 96-01, where plants went back and discovered that there were portions of their instrumentation, RPS and ECCS systems, they had not tested, and that constituted a fair portion of that population. I can't tell you exactly how many it was, but I think I could go back and get that information. But I agree with you, the statistics -- those are in the past. They are only something that we utilized to give us some idea of where we thought we would be in the future. So, we tried to use those appropriately and went out to all the plants and talked to them about what do you find when this usually happens, and that was part of our data collection process, to determine the acceptability of such a proposed change, and given the fact that the NRC and the industry had also done this in 1987. CHAIRMAN SIEBER: I think we're dancing around two issues here. One of them is that there appears to be some incentive for the erosion of the safety culture, because now things appear to be more lax than they used to be. MR. HOFFMAN: Right. CHAIRMAN SIEBER: To me, as an ACRS member, what happens to the safety culture is a concern and is indirectly related to safety, but it's a management issue, and I think that that's for the NRC and licensees to determine how they will manage that particular impact. There is another impact, though, that I wonder about a little bit. You know, adequate protection of the public health and safety depends and is based upon the compliance with essentially all the regulations and the license conditions for a plant, okay, and now we are saying that, you know, a license condition, the operability of the various safety systems of the plant are specified, and the way that you basically guarantee that you meet those license conditions is to perform surveillances. If, now, you have a blanket tech spec in Section 3 that says, you know, here is some leeway in the performance of surveillances and we're going to base that on risk, where do we stand in the space of adequate protection of the public health and safety? DR. KRESS: We're going to have that issue every time we talk about this. CHAIRMAN SIEBER: Well, this is one of the problems with risk-informed anything. DR. KRESS: Yeah. CHAIRMAN SIEBER: You have to have a set of standards that say I'm in the right space here, and sooner or later, we're going to have to answer that question. MR. BRADLEY: I think adequate protection would be increased by the approval of this, because what we're doing -- it is absolutely not the intent of this to allow willful missed surveillances or to at all increase the number of missed surveillances, and what we're dealing with here is just a paradigm shift from the previous history, being you shut down the plant -- that was your dis-incentive. Now we're moving to -- you have an oversight process that's looking at unavailability, and there's also very special provisions in that oversight process about willful violations. This is a missed surveillance. It's not, gee, do I, you know, want to do this surveillance, and maybe, you know, it's -- it's a surveillance you discover is missed after the fact. CHAIRMAN SIEBER: It's almost unthinkable to believe that any of them are willful. MR. BRADLEY: The intent of this is to do the thing that's right in risk space, and that is to remove a plant transient as the result of what may be an insignificant missed surveillance. CHAIRMAN SIEBER: Well, getting back to my remarks -- and maybe we won't need to talk about it or comment on it anymore -- the issue of safety culture and whether it's eroded or not is a management issue that the NRC and licensees need to deal with. The issue of adequate protection is troublesome from the technical standpoint, because you need to have some standard. On the other hand, it's partially a legal issue, and the NRC can deal with that, too. I guess the third issue that pops out here, though, is are the tools adequate, what do you do to alter the failure rate if you don't do a surveillance, and I think that is our issue. MR. BRADLEY: On the first half of your question, I think that's a very good question, you know, how do you -- you know, is the tool adequate, and I guess, in my view, prior to (a)(4), I would have maybe had my own question about that. I think that is the tool and, in fall of this year, when that rule is implemented, you will have all the procedures in place to do this. Now, the mechanics of how you deal with the fact that you've missed this, whether you assume the component is unavailable or increase the failure rate or, you know, how you want to deal with that, that's the second issue I think you're raising, but in terms of the infrastructure, the procedures, and the process being in place to accomplish this, that will not be an issue as soon as the (a)(4) programs are in place. CHAIRMAN SIEBER: I guess I'm just not familiar enough with what all the tools are and what infrastructure is in place, and maybe sometime in the future you could tell us. DR. KRESS: I think the issue of adequate protection is a non-issue, because basically you could say it's meeting the rules that are in existence at the time, and if you change the rule, which is what we're doing, you're still providing adequate protection, because you're meeting the new rule. MR. HOFFMAN: Absolutely. DR. KRESS: I don't think it's an issue. MR. BRADLEY: There's a little caveat on that definition, though. There's meeting all the rules plus -- and there's this other little sort of nebulous wording that goes with it that can be invoked. MR. HOFFMAN: And there's some important information that needs to be brought to bear. When you look back, notice that we've been improving the technical specifications over the years. Biff put up a slide this morning that talked about custom tech specs, standard tech specs, the improved technical specifications, NUMARC 96-01, a number of things that have been put in place that have constantly enhanced and improved that product and document, which is the means of ensuring -- part of the means of ensuring public health and safety in that legal framework between the NRC and the licensee as far as a license in the Appendix A as the tech specs to it. But one of the things we did in ITS was we removed a number of the surveillances from the improved technical specifications which were deemed to be unnecessary to demonstrate operability, in addition to which we altered some of the surveillance intervals, because we determined that they weren't appropriate in the frequency which they were currently established, and if you go back to the very premise of surveillance interval establishment, which you all are probably more familiar with than most, in the early years, even back to the 1970s, a lot of that information was utilized by the NRC and the industry, from mean failure rate date information, LERs, manufacturer's recommendation, the time that plant could be in the condition, how long it took to perform the surveillance. So, the surveillance intervals themselves are not a science, if you will, and if you will notice, we have Initiative 5, which has two pieces, 5(a) and 5(b), and 5(a) is to remove the remaining surveillances which we feel don't demonstrate operability, and 5(b) is to relocate all of the surveillance intervals to a licensee control program to be evaluated by us to determine the appropriate interval, and if that occurred, then we wouldn't need SR 3.0.3, because we'd be evaluating that on a continuous basis anyway. So, I guess all I wanted to say, sir, is that we feel that what we're establishing here is not counter to public health and safety and not counter to the safety culture at the plant. CHAIRMAN SIEBER: Well, I agree with Dr. Kress that it's following the rules that exist at the moment, and so, you're right. DR. BARTON: The definition in here -- part of the previous slide -- "Any missed surveillance requiring a change in mode or plant conditions for performance would be performed at the first reasonable opportunity." Somewhere are we going to define a change in plant condition, because I can play games with that, too. Anything I change other than where I am right now is a change in plant condition. Are we going to say something like, you know, less than 20-percent change in power or something like that? MR. HOFFMAN: The way we're defining the plant conditions is a pure physical change, like into a mode or other specified condition such as core alterations, things of that nature, or not so much as to percentage power decrease. Now, for surveillance, as you know, we have some LCOs whose applicability are Mode 1, greater than 50-percent power. DR. BARTON: Right. MR. HOFFMAN: Well, I can go down to Mode 1, less than 50-percent power, and I leave the applicability -- the surveillance isn't even required to be performed, but yes, sir, to answer your question, our intent is to attempt to establish what that means, so it's not misused. DR. BARTON: Thank you. MR. HOFFMAN: You're welcome, sir. MR. BRADLEY: Are there any other questions on Initiative 2? If not, we can move on to Initiative 3. CHAIRMAN SIEBER: That will be fine. MR. BRADLEY: Okay. MR. HOFFMAN: Moving into Initiative 3, when we began to identify initiatives for the risk-informed tech spec task force, Initiative 3, like Initiative 2, at that time, was determined to be one of those ones which we felt was more of a policy issue than it was a risk-informed issue and it would have less risk insights than the majority of the other issues which we have determined already but possibly more, and I think that's the case than, say, Initiative 2 with SR 3.0.3. We currently have LCO 3.0.4. LCO 3.0.4 is the concept which is established in the technical specifications which states that you cannot change modes while relying upon the actions to satisfy the LCO. The initial intent was that it was to preclude you from starting a plant up with inoperable equipment. That was its initial intent in years gone by. Over the course of time and especially in 1987, Generic Letter 87-09, it was recognized that, in many cases, there was no reason to restrict the mode changes to allow the startup of the plant with certain equipment inoperable because of their impact on the overall safety of the plant. So, the NRC established, also again in Generic Letter 87-09, the allowance that you could change modes or relying upon the action statements for those equipments where the timeframe and the action was continuous; in other words, you were allowed continued operation such that, if you had an inoperable piece of equipment, that you were never required to change modes or leave the mode of applicability, you had some other compensatory action. In addition to that, the NRC has continued to establish, as they had before that, and expanded that thought process, there were certain LCOs whose uniqueness was such that LCO 3.0.4 could be not applicable or accepted in those particular cases. We went back and evaluated all of the current improved technical specification NUREGs, looking at all the different ones, and determined that, for the most part, the majority of those systems and components who had 30 days or longer allowed outage times had an individual LCO 3.0.4 not applicable allowance in the tech specs. Many of the seven-day allowed outage times did, and some of the 24 hours and less did, also. But the unique thing that we found was that it was not all that consistent, and we found in some cases similar types of equipments from one owners group or one design to the next had the LCO 3.0.4 exception and the other one may not, and there was no immediate indication of what the rationale or reason may be. Now, as you know, in Generic Letter 87-09, the NRC required that the plant, when they were going to utilize the allowance to change modes, to start up the plant with inoperable equipment, while relying upon the actions -- and that's a very important premise of this -- had to do a plant evaluation. That plant evaluation at the time obviously didn't include risk, but it was a plant evaluation nonetheless, where in many cases a subcommittee of the on-site safety review committee, PORC or whatever the name happened to be, did, in many cases, a pre-evaluation of the acceptability and/or an evaluation at the particular time before that allowance to change modes was granted, and with that information in hand, we went and talked to a number of P and BWR plants to try to bring that to bear and we utilized to determine what would be appropriate for TSTF 359. As we began developing TSTF 359, we talked to a number of plants to find out what kinds or problems had they experienced, and the types of problems they experienced at the systems that did not have the LCO 3.0.4 exception had in many cases caused them significant schedule problems, where startup -- where they were performing a major surveillance process or doing a major maintenance activity and they were almost finished but not quite and it was critical path and that, yet, they knew they were very close to being finished and could be done within the timeframe and wanted, therefore, to utilize that timeframe when they were proceeding up, that they had no reason to believe it wouldn't be operable and so on and so forth, much the way that -- well, I won't get into that right now. So, with that in mind, when we went to look at LCO 3.0.4, we tried to decide, well, where is the appropriate cut-off point? Since we're already identified that the 30 days and longer almost all have an LCO 3.0.4 exception, since all of the allowed outage times that are continuous operation already, by definition, have a LCO 3.0.4 exception, where should the cut-off be? Seven days? Twenty-four hours? So, as we began looking at the systems and going down, it was somewhat arbitrary in our determination as to where we might be. We really realized that it was not so much the allowed outage time that should dictate what we did but the type of process we utilized to determine the acceptability of changing modes or relying upon the action to satisfy the limiting condition for operation. So, we chose in TSTF 359 to -- Initiative 3 -- to allow all LCOs the flexibility of changing mode, providing there is an appropriate management review and approval of the acceptability thereof. Now, I -- we're going to come to a moment -- to what those risk insights would be and how that would be done, and Mr. Schneider and Mr. Bradley are going to address that, but there's several important parts of this I want to bring to your attention. One, this is only acceptable if you rely upon the actions to satisfy the requirements of the LCO, which would mean that if you went into changing modes and to startup with a system that was inoperable, if that system's required action was for you to restore the system in seven days or shut down, that you only had that seven-day allowed time, that if you did not feel you could restore its operable status or finish whatever you were doing to ensure it was operable within that seven-day timeframe, prudence would dictate that you wouldn't want to start the plant up, get into Mode 1, only to discover that you didn't make it operable as you anticipated and then have to comply with your action and shut right down again. So, we have tried to stress that in the TSTF 359, explaining in the process, one, the significance of complying with the actions; two, ensuring that you know the status of what you believe will be able to be determined in that timeframe so that plants don't inappropriately start up with equipment that's inoperable when they are not in a position to be able to restore it in that timeframe. So, with that, I was going to then allow you to discuss some of the risk things, unless you all have some questions about the particular proposed TSTF. MR. SCHNEIDER: I'm Ray Schneider from the ABB/CE owners group. The presentation was prepared by myself and Dennis Henke from San Onofre. As Don discussed, we went through the background of the Initiative 3. I think I'd like to go into purpose from our perspective and just kind of summarize some of the key points. The intent here to modify the LCO 3.0.4 so that you can allow the entry into specific modes, generally going up in power, into the higher-mode action statement when the tech spec components or trains are inoperable, but the expectation is that the entries are expected to generally be individual entries where entry is limited to a low or negligible incremental plant risk. In many cases, the risk will actually be offset -- any of the operational risks will actually be offset by the benefits of going to the desired mode, and this is particularly true of going from Mode 5 to Mode 4, and the expectation is you don't enter this unless the component train that you've entered it for is expected to be reparable in the time allotted. A little bit about the history basis, as was reviewed by Don, so some of this is repetitive. Mode change restraints really provide the -- were intended to provide the design basis -- provide that design basis is met prior to mode entry, and for the CEOG, about half of the existing tech spec equipment is already not subject to mode change requests, mode change restraints. Most of the existing mode change restraints may be removed without significant contributions to plant risk. We've looked at a number of the AOTs that are involved, and they have -- because of the duration and significance of the component, the impact of the mode change restraint removal for the duration will generate very low risk values or low impacts of core damage probability. CHAIRMAN SIEBER: Is that instantaneous or cumulative risk? MR. SCHNEIDER: Over the period of the AOT -- CHAIRMAN SIEBER: Instantaneous. MR. SCHNEIDER: Instantaneous. But it's integrated over a small spike. CHAIRMAN SIEBER: What do you assume for the purpose of the PRA the operability or availability of the equipment is? MR. SCHNEIDER: Unavailable. I mean just inoperable. CHAIRMAN SIEBER: Okay. DR. KRESS: Do you have a criterion for how big that integral can be before you say it's significant? MR. SCHNEIDER: Well, we'll give you the expectation. The tech specs are typically designed -- and it's in Reg. Guide 1.174 -- 1.177 -- it's typically designed such that a typical one component out of service at power should generally have a risk number less than about 5 times 10 to the minus 7th for that full AOT. In here, as we'll talk about, you're generally going up in the modes from cold conditions, the amount of decay heat is a lot lower, the amount of time to respond is a lot greater, the amount of equipment needed is generally a lot less. So, even for the more important equipment, you're probably dealing with something of the order of 10 to the minus 7th, the lower 10 to the minus 7th range, and for the less important equipment, you're probably dealing with stuff that could actually be, if you, you know, go through the calculations, something of the order of 10 to the minus 8th and 10 to the minus 9th for the interval, because remember, you're restricted by time, you're restricted by significance of the component, and you're restricted by the number of things that you're allowed out of service during these things, because you're not -- this is not meant to be a -- the intent to basically schedule all your maintenance during this period. I mean it's just basically for those one or two items that somehow got caught. MR. BRADLEY: At the risk of sounding like a broken record, again, this is a perfect fit with the (a)(4) guidance, because you basically have an equipment out of service, you're coming up in mode, and you're going to have to -- there is in the (a)(4) guidance ICDP numbers, and there are also discussion of aggregate risk, and this is like any other equipment of service condition. You're going to have to manage all your other maintenance activities around it and meet those guidelines that are in the reg. guide, and the number is -- are generally consistent with Reg. Guide 1.177 that Ray was talking about. CHAIRMAN SIEBER: The number that you choose is whatever the company decides to choose, right? MR. BRADLEY: Well, no. There are guidelines -- we don't have hard criteria in the reg. guide on (a)(4), but there are guidelines, and basically if you're using some other number, we don't expect people to be using other numbers, and if you are, you're going to have to justify why that number is appropriate. I do think that, if you look back at the (a)(4) guidance, you'll see all the things you need to consider here that Ray is talking about, including the criteria. MR. SCHNEIDER: For the case of mode restraints, you're generally dealing with one, typically, or possibly a couple of discrete components, so that it's not quite as -- there's not quite -- there's an interaction among a number of the systems, and the guidance that initially generated the tech spec allowed outage time will already ensure a very low risk. DR. KRESS: I guess the answer to my question was no? My question was do you have a number for deciding when that interval is significant or not, and I didn't hear a number come out. MR. SCHNEIDER: I think, order of magnitude, there's probably a fuzzy line when you start crossing 10 to the minus 6 that you have to start doing -- looking at it a little more carefully. DR. KRESS: Ten to the minus 6 might be in that sort of an ad hoc -- MR. BRADLEY: Ten to the minus 6 delta ICDP. Remember, this will be governed by (a)(4). Whatever you do in this isn't just what tech specs, but (a)(4) is also going to govern whatever you do here. DR. KRESS: What that does is changes the delta risk you would have got because of all these other provisions you have to put on it. MR. BRADLEY: Right. MR. SCHNEIDER: But there are other ancillary issues, and as we'll talk about in a minute, there are instances where the target mode actually will be a lower-risk mode than the mode you're in. So, the equipment unavailability is dwarfed by the fact that you may be going to a mode with more heat removal capability. And then one other bullet I probably should talk about is the fact that, in the past, they found that relatively risk-negligible component being out of service have caused several-day delays in plant startup, has cost utilities millions of dollars, with no risk benefit to the public and no risk benefit to anyone, just basically a net cost. The expected -- go to the next slide. It's not part of the presentation, but just to give you a rough idea of mode impacts, for one of the other initiatives, Initiative 1, which looked at end state impacts, we did an analysis of the relative risks of being in various mode end states for various different -- we looked at actually five-and-a-half or six modes, two different kinds of Mode 5's, one with a vented condition, we may have to vent for containment spray backup, and what you can see is that, as you move from different -- as you move into different modes, like Mode 5 vented, Mode 5 un-vented, or Mode 4 in shutdown cooling, you'll see risk reductions, and as you go into Mode 4 on aux feedwater, where you both have shutdown -- DR. APOSTOLAKIS: Let me understand what that means. First of all, can you read the horizontal axis, because I can't read it. What does it say? Mode 1? MR. SCHNEIDER: Okay. Mode 1, yeah, starts -- DR. APOSTOLAKIS: Why don't we give him the portable mike so he can stand up and point? MR. SCHNEIDER: This work was initially done for the Initiative 1 for the mode end states, and the CEOG and Southern Cal looked at some representative modes for a representative plant, and what we've looked at is the relative risk to being in Mode 1 operation, Mode 2, initial low-power operation, Mode 3, initial shutdown, Mode 4, when you have -- on AFW, where you have both AFW available and the ability to get onto shut-down cooling, Mode 4, when you're already on shut-down cooling, and Mode 5, un-vented, which is also basically a shut-down cooling mode, and then Mode 5, where you vent for the capability of doing -- of having your containment sprays as backups, and these are the various kinds of modes. DR. APOSTOLAKIS: But again, the title says transition risk mode. There is nothing that's transitional here. MR. SCHNEIDER: Right. DR. APOSTOLAKIS: This is the risk being there. Now, is it possible that, when I go from 4 to 5, I have a spike in between? That's the whole point of all these human manipulations that are required. So, it seems to me calling it transition is a misnomer. MR. SCHNEIDER: It's a discussion that -- DR. APOSTOLAKIS: Different states. MR. SCHNEIDER: What SONGS did when they did the analysis is -- right -- there is a portion of this that does represent the transition of going from -- going into shut-down cooling itself, but even if you subtracted out that portion, you would have the shut-down cooling mode higher than the aux feedwater mode primarily because you don't have the steam generators from heat removal, the same basic dependencies. The levels change a little bit, and -- but you're right, this was initially developed for going the other way. This was initially developed when we were looking at the issue of which mode do we want to be in when we're moving down from power, and then you look at the effect of the transition and the effect of the mode, and what we found was basically the effect of the transition is not large as you go down to about -- aux feedwater -- it's the order of 10 to the minus 6th. What you're really seeing here are the mode changes and the changes in equipment availability or the loss of equipment as you go down from various modes, with aux feedwater being a relatively reliable feed source at lower power or at shutdown and the fact that you have turbine-driven aux feed possibility, and here you have the ability of steam generator heat removal as well as, if an event occurs, you could always move down to shut-down cooling. So, one way of viewing this is basically that -- is the number of residual core heat removal capabilities and the reliability of the heat removal capability, but generally going from Mode 5 to Mode 4, you're picking up your steam generators to be able to remove heat, you're getting a potentially independent source of heat removal by getting the turbine-driven aux feedwater pumps more available. So, that contributes to the risk. The absolute levels are representative, and again, they were generated going the other way, down, where there is a transition spike in this one, primarily in this region, and there is a different kind of spike due to going into a vented condition here, but the typical kind of transition you're going to end up seeing is a transition from Mode 4 on shut-down cooling or Mode 5, un-vented, to Mode 4 in shut-down cooling, then you get off the LTOPS, and ultimately you'll be going down to aux feedwater, Mode 4 in aux feedwater, and the types of incremental risks that you're picking up by having the equipment out of service are of the order of less than 1 times 10 to the minus 6th. DR. APOSTOLAKIS: Now, we don't know that, because those equipment may affect the transition itself, which we have not quantified. MR. SCHNEIDER: The main components that we're expecting to be used -- we have already -- okay, we'll talk about it in a minute, but what we will do is we will subtract out the high-risk components in the various modes. We'll look at what makes this mode safe, what equipment is needed to make this mode safe, what pieces of equipment are needed to make this mode safer, and those wouldn't be allowed to be out of service as you moved into the new mode, but there's a large amount of equipment that really has no direct impact on the heat removal capability and the potential trip capability, and those won't have any interaction with the modes per se, and those are the order of 10 to the minus 6. So, we will first screen out the important equipment mode to mode. DR. APOSTOLAKIS: So, you're talking basically going from 5 to 4 and from one 4 to the other 4? Is that really what we're talking about here? MR. SCHNEIDER: Most of it. The bulk of the transitions are going to be in this direction. DR. APOSTOLAKIS: From 4 to 4. MR. SCHNEIDER: Actually, it will be 5, un-vented, to 4. DR. APOSTOLAKIS: And then what happens? MR. SCHNEIDER: Then, basically, that takes you -- DR. APOSTOLAKIS: Then you fix it. CHAIRMAN SIEBER: Let me ask a question before it escapes our attention here. This chart looks like it's laid out with regard to going from full power to cold shutdown. MR. SCHNEIDER: Right. CHAIRMAN SIEBER: If you drew the chart from cold shutdown up to full power, which really matches your Initiative 3 -- MR. SCHNEIDER: Right. CHAIRMAN SIEBER: -- would it be the same chart upside down? MR. SCHNEIDER: No. There would be a few differences. There's a transition that occurs here. This would be lower because of the transition going this way to get -- which causes your plant to basically realign itself onto shutdown cooling, and it's less likely you'll run into the problem on the way down. CHAIRMAN SIEBER: Have you done the heatup/startup set of charts? Have you performed those in support of Initiative 3? MR. SCHNEIDER: We've qualitative looked at the issues and the insights gained from doing this analysis. We haven't generated a full set of new numbers, because what will happen is all the numbers will be depressed because you're starting with much lower power levels. CHAIRMAN SIEBER: Right. MR. SCHNEIDER: So, what you'd see is qualitatively the same. We felt that the qualitative insights to identify the key components, you know, are valid, and any additional quantification wasn't deemed necessary for this level of evaluation because of the low relative risks involved in getting into the mode. CHAIRMAN SIEBER: Well, it would help me, I guess, if I actually saw a chart that showed what Initiative 3 is talking about, which is starting up, along with some analytical work that showed the risk increment associated with having a mode restraint removed for a few pieces of equipment who had importance measures that said they were significant to risk. Then I'd be able to tell whether this is a good idea or not. Has that kind of work been done? Can you tell us about it? MR. SCHNEIDER: What we have done -- maybe we'll go to the next slide. What we did do is we looked at components that weren't important -- okay, two things. Let me start off -- the expected use is, again, for infrequent -- generally the low-risk components and for short-duration repair, so that infrequent will basically mean that, if you integrate it out over a long period of time, you're not going to have a large accumulated risk, because this isn't going to happen very often. The low-risk portion is that we're only going to enter this -- if it's a high-risk component, we're not going to enter it without doing a detailed risk evaluation to find out why the system is inoperable. So, we will identify certain systems where we're not going to be using this tech spec unless a full risk assessment is done where we look at the mode we're in and the mode we're going to, and then the short-duration repair controls the amount of accumulated risk you could have in that rectangle. CHAIRMAN SIEBER: And why is accumulated risk important, as opposed to instantaneous risk? For example, I could have a CDF of .9 for 15 seconds, and I wouldn't want to be there. MR. SCHNEIDER: Right. With the short-duration repair, what we're talking about is -- you're still doing the integral, but the integral is only over like three days. So, it's still a small accumulated risk in this case, but it's really the integral risk over the time you could have the equipment out of service. CHAIRMAN SIEBER: Okay. But the instantaneous risk gives me more risk insight than cumulative risk. MR. SCHNEIDER: Well, this is the instantaneous risk times the duration. CHAIRMAN SIEBER: Right. MR. SCHNEIDER: Yeah, I see what you're saying, but we're not going to enter this with high-risk components to begin with, and for example, the types of situations that have occurred or that may be more likely are like one inoperable containment spray has happened in the past, and for most of our plants with diverse and redundant containment heat removal capability, with fan coolers and containment sprays, the impact of one train inoperable is negligible and is in the order of a 10 to the minus 9th kind of value and doesn't have any substantial LERF impact, as well, and that's when you look at the -- even the at-power risks associated with this component, as opposed to the risks that would be when the decay heats are much lower. One SIT unavailable might be a reason for a short time to basically -- DR. APOSTOLAKIS: What's SIT? MR. SCHNEIDER: Safety injection tank accumulator, something like that, or possibly some filter or HVAC systems having some inoperability or some containment penetration, valve closure maybe not being completed or some MOVAT test not being done, but there's a lot of very low-risk issues that can develop. DR. APOSTOLAKIS: So, these will be identified in advance or the analysis will be done -- yeah, we discussed this. MR. SCHNEIDER: Okay. Typical risks are going to be low. Risks will even be lower because they'll be during shutdown. But what we're recommending, kind of -- DR. APOSTOLAKIS: Okay. This is good. MR. SCHNEIDER: Okay. What we're recommending is a risk-informed administrative control where -- not necessarily -- you're not going to look at necessarily all the -- you're not going to identify all the lower-risk stuff and basically catalog it, but you're likely going to identify all the higher-risk stuff at the various modes to recognize the stuff you should be concerned about. So, you identify those that are big contributors to safety, basically, and you hold those to one level of importance, and typically, what we'll find is that, in Mode 4, AFWs and -- aux feedwater pumps and diesel generators are going to be extremely important, and you wouldn't do anything with this equipment without a clear risk assessment. DR. APOSTOLAKIS: Let me understand this. 1.174 deals with permanent changes to the licensing basis. What does it have to do with this? This is a temporary thing, isn't it? MR. SCHNEIDER: Exactly. When we talk about tech specs, there's always a question -- because we're changing the tech spec, is that permanent or is it temporary? DR. APOSTOLAKIS: But you will not know what kinds of equipment may be out. It seems to me that this is wonderful for someone like Southern California Edison that will have this -- that has this monitor that they can do these calculations quickly. What will the other guys do? Do you have lists of components? MR. SCHNEIDER: Well, yes, essentially. We'll expect that what will happen is the plants that basically have risk matrices or other methods of dealing with risk -- you still a priori -- like the COG will identify the higher-risk components for the group in the various modes, and then, once those are identified, the remaining components will be confirmed to be low-risk. DR. APOSTOLAKIS: Now, is this consistent with the new oversight process that tells you to worry about initiating events, the integrity of the primary system, and so on? You're talking in terms of CDF here, but the new oversight process identifies other cornerstones, as well. MR. SCHNEIDER: What we really should be doing is talking about a risk-informed process that looks at is the action you're going to do, the trip initiator, consistent with (a)(4)? Are you doing anything that's going to basically breach a barrier? It's a process. I think that we've got to be careful that it's not just -- you're not running by the numbers. What you're doing is you're getting an understanding of where you are, what's important to what -- why the components that aren't important aren't. DR. APOSTOLAKIS: I'm a firm believer of rewarding somebody who has done some good. Would Southern California Edison have an advantage over the other people? MR. SCHNEIDER: They would be able to do this, because they can do these assessments -- they can deal with the higher-risk components, because they could do a full assessment of the risk at lower modes, while the other ones would basically have to say -- they may not be able to do it, because they may not -- if they don't have a shut-down analysis, they may not be able to say, well, for the real high-risk stuff, they have to take a conservative -- maybe a more conservative approach. So, the better your models, the more robust your models, the more flexibility you have in making a decision. It's a decision process. MR. DENNIG: George, the answer that we've divined from previous conversations on this subject is that someone like Southern California Edison can maneuver in all of their specs, mode changes, they'll have that capability to do an adequate assessment. Other folks are going to rely on pre-analyzed situations. That's it. That's all they got. Anything falls outside of that, sorry, you can't do it, you don't have that flexibility. DR. APOSTOLAKIS: And that should be made very clear, I think. MR. DENNIG: I think that was the feedback that we gave at the last meeting, and I think that's being cranked into the next proposal. DR. APOSTOLAKIS: Okay. MR. SCHNEIDER: And so, in addition, we expect that multiple simultaneous mode entries will also be restricted, because you basically want to control the risks that you're dealing with, particularly for -- the only plants that are more robust, have more flexibility in dealing with some of these specific items, but it will be more defined for those that have less robust methods. Compensatory contingency actions to expedite repair, control risk, commensurate with what seems to be the level of entry, of the level of risk, will also be put in place to make sure that this is all being done prudently. A lot of this stuff is already embedded within (a)(4), we believe, that (a)(4) requires that you really understand the risk picture of your plant at all modes, and you shouldn't be taking action without -- and equipment out of service without really understanding what the impact is, and in addition, there will be a tracking process to identify if this is being repetitively entered or abused. DR. APOSTOLAKIS: When do you decide it is abused? Maybe we're asking for too much quantitative input here, but at which point do you decide that something is abused? MR. SCHNEIDER: The expectation is it's not going to be. I mean the thing is -- MR. BRADLEY: This is a little different from missed surveillances. Missed surveillances is clearly something where -- you don't want to miss surveillances, but in the event you do, you want to do the smart thing, which may not be to shut down the plant, and I think here we are looking for more operational flexibility. I don't view this as something that would necessarily be abused, you know. As long as you're doing this within the constraints of your (a)(4) process and you're managing the risk, you're not abusing it, whereas with missed surveillance, I'd say yeah, you know, if you're routinely doing that, that is wrong, that is not the intent of what we're doing, but here, given -- you've already got 3.0.4 exceptions on over half the LCOs in tech specs. CHAIRMAN SIEBER: There is a limit on the risk duration because of the LCO. DR. SEALE: Could I ask the staff, perhaps -- have you thought about -- would there be appropriate performance indicators that would come out of concerns for the number of these actions or the duration of them that might be added to the surveillance process to help you keep tabs on any abuses? MR. NEWBERRY: We don't have the experts in that program here, but having met with them last week -- Scott Newberry, staff -- and asked similar questions, I'll try to formulate an answer. Most of these issues, including missed surveillances, as indicated before, would end up in the corrective action program. DR. SEALE: Okay. MR. NEWBERRY: That seems to be an answer to many of these issues, it goes into the corrective action program. My understanding is that there are no performance indicators coming out of the corrective action program, but it will become a very important emphasis of the risk-informed baseline inspection, so that every plant will have their corrective action program, which is judged to be very important, inspected regularly as part of that program. Insights from that would, you know, be fed into the significance determination process, as I understand it, such that issues that are significant would be given the proper perspective, which I think is a better situation than where we were. CHAIRMAN SIEBER: The CAP program, though, as I understand it, and the baseline inspection is still a sampling of 20 percent and was done by the resident, right? And so, it's not comprehensive. It can give you some idea of the extent to which the CAP covers many thousands of items that pass through it in a given year, but I don't think that it will capture discrete numbers of these mode changes or missed surveillances, because they represent such a small part of the overall CAP content. Nonetheless, you are relying, in a lot of cases, on CAP as the overall system to make corrective actions within the plant, as opposed to writing violations and keeping your own tracking lists and doing that kind of thing. Are we ready to conclude? MR. SCHNEIDER: Okay. Implementation of this -- of the risk-informed mode restraint action is basically -- we believe is a first small step towards the development of a risk-informed tech spec. It's beginning to provide some degree of flexibility for the plant to make risk-informed decisions and take control a little bit of its operation, a little bit more of its operation, ensures the risk -- it will ensure the risk of the plant operation is appropriately managed, as well, and this is consistent with what (a)(4) would be requiring, as well. It allows limited flexibility with controls for the plant staff to perform and make its risk-informed decisions, as we just said, and we believe it's consistent with performance-based oversight process. So, we believe this is a really good first step of being able to have the plant basically review its own risk status and make risk-informed decisions to basically operate in a risk-informed manner. CHAIRMAN SIEBER: Could I ask the staff if they have any comments? MR. DENNIG: Certainly. To say where we are on these two issues, we have had them in for review, a formal review, and we have provided questions back on both issues and then met to discuss the answers to those questions -- that was just fairly recently -- and in that meeting provided some feedback on both issues. Let me try to characterize what that feedback was. On Initiative 2, the staff emphasized the need for specificity in the decision-making process that would be used to assess the risk of a missed surveillance requirement involving such issues as use of important measures, a screen process that utilizes PRA or (a)(4) processes, alternative qualitative methods for surveillance requirements that are not modeled in PRA, and the fact that a missed surveillance requirement of significance requires a licensee to take the safest course of action. As part of our comfort level with Initiative 2, we are pointing to the oversight process wherein, as we've discussed previously, missed surveillances will be put in the corrective action program, there is a continuous operability determination that's incumbent on licensees under technical specifications, and that failed/missed surveillance requirement is reportable and evaluated using the significance determination process. We think we're making good progress on Initiative 2, and we're looking forward to look at the revision and think that we may be able to move forward on that. Mark. MR. REINHART: I'd just add two points to what Bob said. I agree we're in general agreement. I think, based on the comments today and just what we've talked about before, we need to reiterate our look at the adequacy of the model, just have to reiterate that that's an important point and reiterate that we need to understand fully the capability and the meaning of the development of the risk of the reduced reliability for a missed surveillance and how sensitive that shows up to us. MR. DENNIG: Quickly, on Initiative 3, in comparison to Initiative 2, we think that the PRA capability, requirements, are more than for Initiative 2, and we discussed at some length the need and the ability to assess system importance in all modes. I believe that the owners groups are going to provide a qualitative PRA basis for some generic level of maneuvering that will apply to most plants. Again, in line with my answer to George before, if you want to have more flexibility to make mode changes, you have to have more PRA capability, and individual plants will be able to establish that they have a capability beyond the de minimis to do certain mode changes. And then, as -- from an oversight perspective, (a)(4), when it kicks in, is going to require evaluation of the acceptability of mode changes, and there's a level of oversight on that (a)(4) process that we'll rely on to ensure that this is being done appropriately. And again, I think the industry is in process of providing another iteration, and again, I think we're making progress. MR. REINHART: I would add on issue 3 that, when we talk about a qualitative analysis, we need to understand exactly what do we mean by a qualitative analysis, that we actually manipulate and use a plant-specific model to get and apply the insights that are required. CHAIRMAN SIEBER: Is there any other comments? [No response.] CHAIRMAN SIEBER: What I'd like to do now is to break for lunch. After lunch, we will review Initiatives 1, 4, 5, 6, and 7. So, why don't we return at one o'clock? So, at this time, we'll break for lunch. [Whereupon, at 12:08 p.m., the meeting was recessed, to reconvene at 1:00 p.m., this same day.] A F T E R N O O N S E S S I O N [1:01 p.m.] CHAIRMAN SIEBER: I'd like to reconvene the meeting for this afternoon's session. This afternoon, we're going to briefly discuss Initiatives 1, 4, 5, 6 and 7. I also notice that I have more slides than we had slides shown. So, if there are any pertinent parts of your presentation from this morning that you would like to give us briefly or reiterate anything, this would be a good opportunity, during this afternoon's session, to do so. Following the discussion of the other five initiatives, we will have a general discussion of the committee concerning our comments, because I do plan to at least prepare a draft letter for the May 11th meeting. The full committee will meet on May 11th from 8:30 until 10 for an hour-and-a-half to discuss this same issue for additional discussion with the full committee. Turns out that, between the two subcommittees, we have the full committee minus two members. So, the presentation, unless we think of new things over the next 10 days, should be easier than this one. DR. KRESS: Will the main committee focus on just Initiatives 2 and 3? CHAIRMAN SIEBER: Initiatives 2 and 3. I think all of us are enough up to date on risk-informing technical specifications that we do not need a lot of background information on that. I would rather concentrate on the issues at hand rather than go through everything at that time. On the other hand, the presentations that you gave today were a good refresher for me and, I'm sure, for all of the members here. With that, I'd like to ask Biff Bradley if he would lead this afternoon's discussion. MR. BRADLEY: Sure. First of all, with regard to the excessive presentations that you noticed that we didn't give this morning, we had to do some last-minute planning for this session, and we ended up sort of duplicating some presentations, so we just chose not to give the one I think you're referring to, and I don't believe, speaking for myself, that there is any point in that that was missed or that we need to bring up this afternoon, but it's just informational, and it's basically -- it's very similar to the presentation that was given at the previous ACRS meeting back in December of last year, I believe, and our intent this afternoon was really just to give a pretty high-level overview of the status of the other initiatives. That was our understanding of what we were going to do given the time. CHAIRMAN SIEBER: Right. MR. BRADLEY: So, Don Hoffman is going to lead that discussion and just give us a brief status and schedule and plans on the remaining initiatives. CHAIRMAN SIEBER: I did want to give you the opportunity to fill in anything that you felt was missed, that you might want on the record, and since there are no things, we can continue on with Mr. Hoffman's presentation. MR. BRADLEY: Thank you. CHAIRMAN SIEBER: Thank you. MR. HOFFMAN: Certainly, sir. As you said, we were going to give you an overview and status of Initiatives 1, 4, 5, 6, and 7, and what we're just going to do is describe what the initiative is and maybe say a word or two about it and then tell you where we are and what we're doing in our current schedule and see if you or the -- I believe the staff is very well aware of this -- see if the NRC staff has any comments on that. Initiative 1, as you know, is referred to end states, often called safe end states, but it's the initiative which is making a determination as to what the appropriate end state is to go to when you have a level of degradation that would tell you to leave the mode of applicability of a particular LCO, and you will recall that from our presentation December 16th. We currently have a technical justification for the risk-informed modification to selected action end states document which has been completed by the CE owners group and was distributed on March 17th. The other three owners groups and the TSTF and RITSTF are currently reviewing that to determine the appropriate level for each of the other owners groups to perform in addition to what CEOG has done so that we can provide a consistent approach and come back to the staff telling them what we will provide. Our current schedule for doing that is by the end of May, with the CEOG and TSTF developing a CEOG traveler to go out for review concurrently, also at the end of May, with the intent of providing a TSTF to the NRC sometime by the end of June of this year, 6/30/00. I'm not hearing any comments. I'll move on to Initiative 4. Initiative 4 has two portions, 4(a) and 4(b), 4(a) being individual risk-informed allowed outage times, which is actually an ongoing effort where the tech spec task force and the other owners groups are continuing to develop proposed changes to individual AOTs and groups of AOTs with both deterministic and risk insights. The owners groups are continuing to work together to share information and provide for generic applicability where possibility, but we're continuing that effort in several parallel paths. So, the risk-informed tech spec task force will continue to interface with this process to ensure maximum generic benefit, but we currently don't have a specific date for the Initiative 4-alpha. Initiative 4-bravo is the risk-informed allowed outage times with the configuration risk management programs and maintenance rule (a)(4)-type back stops, is a term that's been used quite often. We're still working as our risk-informed tech spec task force with the TSTF and the other owners groups to determine the best course of action utilizing the risk management process and maintenance rule (a)(4) as a basis, and currently, we're scheduled to determine this course of action and set the process in schedule by July so that we could advise you, the NRC, at that particular time what we will be doing. The CEOG, along with the risk-informed tech spec task force, currently plans to submit a 4-bravo pilot sometime in December of this year, with the other allowed outage time extension sometime after the first of the year. Concurrent with that, EPRI is working with Westinghouse owners group and portions of the risk-informed tech spec task force to issue what they call a risk-informed tech spec report that current is scheduled to come out in September of 2000. So, on the 4-bravo portion, we're still identifying our specific course of action. As I said, we should be letting you know sometime in July the specifics of our course of action and the schedule for that course of action. DR. SEALE: In your slides here, going through the package you had that had 4 listed in it, you talk about a not to exceed time limit as being the basis for essentially the 4(b) decisions. Any rationale for that not to exceed that you guys are coming up with that you want to talk about now? MR. BRADLEY: Well, the obvious one would be your maintenance rule unavailability target for the component, would be the not to exceed. That's the initial thinking on that. MR. SCHNEIDER: You need a not to exceed not so much for risk, also, but also for -- just to make sure that plants should be returned to a design basis in a fixed amount of time. So, there's reasons for having it. DR. SEALE: Okay. MR. HOFFMAN: If there are no further questions, then I'll move on to Initiative 5. Like Initiative 4, Initiative 5 also has two portions. 5(a) -- I think we mentioned this this morning -- 5(a) is to relocate surveillance requirements which are not related to safety. During the development of the improved technical specifications and the conversions from the old standards to the ITS NUREGs, we identified a number of surveillances that were not appropriate to be retained in the technical specifications, and they were eliminated appropriately. However, there were some that we were not successful with at that time, and we didn't go after them all as a particular group. As a result, we have gone back and re-evaluated that, looking through each of the sections to determine if there are surveillance requirements either in individual LCOs as a individual SR or as a group of surveillance requirements which we feel are not -- do not demonstrate operability but, rather, are there for other requirements such as reliability, availability, and something of that nature, and as a result, we are pursuing that under 5(a). As I said, the tech spec task force identified some individual SRs and groups of SRs as candidates, and we're going to be pursuing those. It's our intent to provide a traveler, a TSTF, to the NRC to address 5(a) in November of this year. MR. NEWBERRY: Don, my understanding of what you just said there is, in your view, 5(a) is really not a risk-informed initiative, it's more of a scope initiative. MR. HOFFMAN: Yes, sir, that's true. Like Initiatives 2 and 3, it has less risk insight than the majority of them. We were going to exercise some risk insights as to the acceptability of taking those SRs out of the tech specs. Now, many of them in reliability and availability space, like, let's say, for the diesel generators, would only be relocated and probably retained in either a maintenance rule-type procedure or in maybe a diesel generator reliability program. So, they won't be eliminated in their entirety; they just won't be a part of tech specs requiring us to consider operability when they're not impacted. But yes, sir, your point is well taken. This is not a purely risk initiative by any stretch. The second portion of Initiative 5 is 5(b), which is relocated surveillance test intervals to licensee control. We had -- in 1999, one of the owners groups of the tech spec task force had developed a traveler and a process to try to identify a means by which selected surveillance test intervals could be relocated to licensee control. We have now looked at that on a more global basis and are currently developing a basic program for licensee control of all the STIs and working with the utilities to finalize supporting information for such a process, and then we'll be working with the PRA folks to get risk insights to support this particular activity, and currently, we're scheduled to provide a TSTF to the NRC sometime in early 2001. And if I'm not clear, a TSTF is called a tech spec task force traveler. It's just a colloquial term for a traveler which proposes a change to the ITS generic NUREGs. I wasn't sure if I'd been clear. DR. UHRIG: Let me ask a question here. MR. HOFFMAN: Certainly, Dr. Uhrig. DR. UHRIG: There are a couple of initiatives around to go to continuous monitoring. I believe EPRI has one. There has been some discussion. At least one utility -- we've done some work on fossil plants, where we've just put a system into TVA -- one of their fossil plants has a front-end monitor on their performance system. Is any consideration being given to that, where you basically deal with the correlation between the various quantities that you're measuring here as an alternative to the surveillance? MR. HOFFMAN: When we originally started the initiative, we had not considered that, but subsequently, we have teamed up with the folks at Arkansas and EPRI on this continuous monitoring process and initiative, and we are interfacing with them now to see if there's any insights we can gain from what they're doing that can be brought to bear to support what we're doing. So, there is a continuous share of information. At our last full owners group, where we have a combined -- all four owners groups meeting on technical specifications and licensing issues, we had several presentations on continuous on-line monitoring and brought that to bear to try to identify to the different groups that we were, indeed, interfacing with that group and getting information and support. DR. UHRIG: So, this basically would be an alternative approach to the whole issue of surveillance. MR. HOFFMAN: It is a consideration. Right now, we're not sure how far it's going to go, and as a result of that, we're going to continue in a parallel path to look at the surveillances, acknowledging that that may someday replace that or may be an alternative, as you stated, that if I have the surveillance test intervals and/or a portion of the surveillances under licensee control, this on-line monitor may be a mechanism by which I'd just do on-line monitoring instead of surveillances, yes, sir. DR. UHRIG: Thank you. MR. HOFFMAN: Okay. I'll move on to Initiative 6, then. Initiative 6 has three parts. Initiative 6 started off being a initiative to address the fact that we currently have one hour once we exit an individual limiting condition for operation and get into LCO 3.0.3 to begin the plant shutdown. There was an acknowledgement that there were several situations which were creating that which were inappropriate or maybe not necessary from the beginning, and so, we're trying to address that in its full breadth. So, there's actually three pieces to it. One is to modify the actual LCO 3.0.3 actions and timing, where we would increase the one hour to 24 hours, which was the initial scope of Initiative 6 when it began, and then there are the other two pieces which, if successful, will make the need for doing the 6(a) portion of Initiative 6 lessened, and that is, one, to provide conditions in those LCOs where there are levels of degradation where no condition currently exists. As you know, the way that you get to LCO 3.0.3 is typically through two ways. One, you have a level of degradation where there's no condition, you have no action in an individual LCO, hence you go to LCO 3.0.3, or you exhaust the required action and completion times in the individual LCO and then you go to 3.0.3. Well, the former of that, we felt that there were places where, in individual LCOs, there should be conditions and required actions which would negate the need to go to 3.0.3. The second part is that we have identified through the improved technical specifications NUREGs places where we actually instruct the individual to go to LCO 3.0.3, where we have put a condition for a level of degradation which has been termed to be a loss of safety function and its required action is enter LCO 3.0.3 immediately. We believe, in many cases, that may be also overly conservative and punitive, and we are re-addressing that as part of 6(c). So, we believe that if we are successful with 6(b) and 6(c) under Initiative 6 that the need to modify the LCO 3.0.3 timing under 6(a) from 1 to 24 hours may be lessened significantly. We're currently scheduled to provide -- we're working with the CEOG now to provide a draft for 6(b) and 6(c) in June of this year, and our current plan is to provide a TSTF to the NRC in October of this year. And the last on our list is Initiative 7, which you spoke the morning about, sir, about defining actions to be taken when equipment is not operable but still functional. The tech spec task force and the Westinghouse owners group have taken the lead on this and are currently working to develop a course of action and an attempt to bring the configuration risk management program, maintenance rule (a)(4), safety function determination program, and operable functional available into alignment such that we can identify the differences, understand the significance of them, and provide a definitive -- I will call it definitive tech spec requirement to address that, and our current schedule is to provide a traveler TSTF to the NRC in early 2001. CHAIRMAN SIEBER: Is this an attempt to redefine what operability is? MR. HOFFMAN: No, sir. CHAIRMAN SIEBER: Tell me what the difference between operability and functionality are, so I can understand it. MR. HOFFMAN: I'll certainly make a feeble attempt given the fact that we haven't completed all of our evaluation and work in this arena. As you know, we have a definition of operability which currently requires a number of things, and you're obviously very familiar with that, as you've stated this morning, and all dependent functions, whether it be oil, cooling, instrumentation, whatever it may be, in order to facilitate the capability of performing the intended safety function. There's also an acknowledgement in Generic Letter 91-18 that there are certain aspects to operability that don't really -- quote/unquote, "operability" -- which might be some kind of pedigree or qualification, possibly, like seismic, EQ, and other actions or activities. What we have attempted to do is to acknowledge that, many times, we will have a situation where we don't meet a particular tech spec requirement, through a surveillance or any other case, but yet we have functionality but we may not have operability. One of the examples that has been currently discussed is where a safety analysis assumes 5,000 gallons per minute, let's say, for a HPSE pump on a boiling water reactor and that's assumed to be into the vessel itself. We do a surveillance and we find that we're getting 4,800 gallons per minute into the vessel. We certainly may not have operability, but one would argue that 4,800 gallons is better than zero gallons, so we may have some level of, quote/unquote, "availability" or functionality. So, we're currently trying to decide if the current conditions and required actions are too punitive for that level of degradation and trying to attempt to define a different course of action that would give us some additional time or additional compensatory measures to enable us to have something that doesn't meet operability yet does meet some level of functionality, and bear with me, because that's not completely defined yet. CHAIRMAN SIEBER: I can remember instances where emergency tech spec changes have been given after analysis of situations like that, where you're able, through engineering analysis, to show that 4,800 or 7,000 or whatever it is you're supposed to have, minus 2 percent, was good enough. That was a fairly rare occurrence, as I recall, you know, once every five years for a given plant. I presume that you want to somehow or other write into the tech specs the fact that a licensee on its own initiative and under its own authority could determine that 4,800 gpm or whatever number you've analyzed and justified is good enough to call the equipment operable, and by that, I mean not enter the action statement, okay, and without interchange and approval by the NRC. Is this really what you're talking about? MR. HOFFMAN: Yes, sir, to some extent, except we wouldn't consider it operable, we would only consider it functional. So, we would declare it inoperable, but its required action and completion time would not necessarily be as punitive as inoperable would normally have you do. So, in other words, we would put some contingencies and some compensatory measures and some limitations on how that could be used, yet allow the plant to maneuver within some limited means of being not operable yet still providing some level of functionality. CHAIRMAN SIEBER: To me, that's a redefinition of what operable means, because if it isn't operable, you go to the action statement. MR. HOFFMAN: I couldn't agree more. Actually, sir, as I said, we don't intend to redefine operability. If it didn't meet operability, it would be declared inoperable, but if it could be declared inoperable and yet still declared functional, its level of action would be different than if it was inoperable and declared not functional. CHAIRMAN SIEBER: Does this put in a new layer of action statements that apply when items of equipment or components are functional and not operable? I mean it could double the size of the tech specs. MR. HOFFMAN: This particular initiative's level of effort to date is less than all of the other initiatives. So, I would be presumptuous to state that that's our intent. I will tell you that we're considering a number of different options and welcome comments from anyone who would like to provide some insight. It's an initiative that was brought up because we have seen examples and occurrences of situations where the action required to be taken for inoperable but still functional were perceived to be -- even in risk space -- to be overly conservative and, in some cases, even contrary to risk. So, given that, we felt we needed to take on the initiative to determine what is an appropriate course of action. We obviously haven't gone deep enough into that to explore all the different impacts that there might be from it, sir. DR. BONACA: One thing I think is beneficial about this initiative is that the perception we have always communicated to ourselves and to the public is that, if you do not meet the requirement, it doesn't matter if you're functional, you have a failure, and therefore, we have had so many examples in the press, for example, of, you know, the plant did not have a system, therefore it lived for 20 years without a system, and that wasn't the case, you had functionality all along, maybe. A better example than simply partial functionality is not meeting a code requirement. Okay. A code requirement is a specific pedigree, and I think that have been a lot of examples where you have a system that everybody will agree will function, provide a function, but did not meet a certain pedigree or a certain specific attribute of the pedigree. So, to some degree, that's an important step, that at some point we want to -- I am supportive of. CHAIRMAN SIEBER: Well, I think when we get to Initiative 7, we'll be more than happy to learn what you folks have come up with. MR. HOFFMAN: And I'm sure we will be more than happy to gain your insights to assist us with that, sir. CHAIRMAN SIEBER: Thank you. MR. BRADLEY: That completes the industry's presentation, if there are no more questions. CHAIRMAN SIEBER: Does anyone have any questions they'd like to ask at this time of industry representatives or the NRC staff? [No response.] CHAIRMAN SIEBER: Well, I felt today's presentations were very good and very informative and -- both on the part of the staff and on the part of NEI and the industry representatives, and I appreciate that. We will meet again to have a short discussion, similar to today's, at the full committee meet on May 11th, and this topic is currently schedule for May 30 until 10 o'clock in the morning, which is not a very long presentation, but as I said before, most of the members are here, and so, cutting it down will not represent any kind of a loss of content on our part. So, with that, I thank you all for coming here. You're welcome to stay. Our next step on the agenda is our own discussion, and for that portion of the discussion -- that will help me write a draft letter should we decide to send one to whomever we decide to send it to. It will help me incorporate the comments and the feelings of the members. So, I think, at this time -- DR. APOSTOLAKIS: Is the staff requesting a letter? Are you requesting a letter? MR. NEWBERRY: No, we are not. CHAIRMAN SIEBER: They're not demanding a letter. DR. APOSTOLAKIS: They're not requesting, not demanding. MR. NEWBERRY: No. These are licensing activities that we are in process for and we'll continue to proceed on, but of course it's an important activity, and if the committee has some comments, we'd be glad to have them. CHAIRMAN SIEBER: I would think that, if we wrote a letter, it would be to the EDO saying, you know, we've listened to the presentations and we have these comments, and so, what I'd like to do now is go off the record. [Whereupon, at 1:27 p.m., the meeting was concluded.]
Page Last Reviewed/Updated Tuesday, July 12, 2016
Page Last Reviewed/Updated Tuesday, July 12, 2016