This Guide is in force as of 1 February 1995, until further notice. PDF version.
Authorisation
By virtue of section 55, second paragraph, point 3 of the Nuclear Energy Act (990/87) and section 29 of the Council of State Decision (395/91) on General Regulations for the Safety of Nuclear Power Plants, the Finnish Radiation and Nuclear Safety Authority (STUK) issues detailed regulations concerning the safety of nuclear power plants.
YVL Guides are rules an individual licensee or any other organisation concerned shall comply with, unless STUK has been presented with some other acceptable procedure or solution by which the safety level set forth in the YVL Guides is achieved. This Guide does not alter STUK's decisions which were made before the entry into force of this Guide, unless otherwise stated by STUK.
1 General
According to section 27 of the Council of State Decision (395/91), operational experience from nuclear power plants as well as the results of safety research shall be systematically followed and assessed. To further enhance safety, actions shall be implemented which can be justified on grounds of operational experience, safety research and advances in science and technology.
One essential prerequisite for the safe and reliable operation of nuclear power plants is that lessons are learned from operating experience at own and other plants. Operational experience feedback is utilised by identifying and removing any causes of failures, deficiencies and deviations and by emphasising the importance of proven procedures.
Sophisticated quality systems, for which requirements are set in Guide YVL 1.9, include operational experience feedback.
Effective feedback on operational experience is also part of an advanced safety culture.
This Guide sets forth the criteria and requirements for nuclear power plant operational experience feedback. Requirements concerning the repair of failures, or other operations and maintenance activities, are not addressed in this Guide, though.
An operational event means a nuclear-safety significant failure, deficiency or deviation in safety functions, systems, components, structures or the organisation's activities. Operational events also include emergencies and transients as well as events which have endangered radiation safety.
It is recommended that the criteria and procedures described in this Guide are applied in the assessment and reporting of even such events endangering health and safety at work as are not directly associated with nuclear power plant technical safety or radiation safety.
2 General criteria and requirements
2.1 Organising operational experience feedback
The nuclear power plant licence-holder is responsible for operational experience feedback and the necessary administrative arrangements. The plant's responsible manager has the obligation to ensure that it is explicitly specified how duties relating to operational experience feedback are assigned to various organisational units.
The licence-holder shall always have available a sufficient number of individuals assigned to perform operational experience feedback, collection, analysis and result processing. These persons may be in the plant's various organisational units, such as operations, maintenance or technical support. An operational experience feedback team specifically assigned for the purpose can also focus on the collection and processing of operational experience feedback.
Anyone participating in operational experience feedback shall have sufficient authority to resolve event details and propose corrective actions. These individuals shall have versatile experience in the various fields of plant operation and they shall have an insight into the methods of operational experience analysis.
2.2 Actions relating to operational experience feedback
There shall be written instructions for operational experience feedback.
The follow-up of operational events shall be regular. Event data shall be brought to the knowledge of the responsible organisational unit.
The significance of operational events shall be assessed with a view to nuclear power plant safety in particular. Events shall be chosen for a more detailed analysis on the basis of the assessment.
The primary objective of analysis is to determine how the occurrence or recurrence of an event can be prevented. Analysis also serves to specify actions to mitigate the consequences of an event and to develop the procedures used.
It is also part of operational experience feedback that good practices at own and other nuclear facilities are identified and their significance is emphasised and that the practices are applied.
The progress of decided corrective actions shall be followed.
Actions relating to operational experience feedback shall be appropriately recorded utilising modern information technology.
2.3 Assessment of operational experience feedback
Procedures pertaining to operational experience feedback and the efficiency of actions shall be periodically assessed. It shall also be assessed whether the corrective actions taken are sufficient to prevent recurrence of similar events. If the actions have been insufficient, the necessary changes shall be made to the arrangements and practical procedures.
3 Nuclear power plant operational events
3.1 Monitoring of operational events
Operational events on site shall be systematically followed and identified in all sectors of plant operation.
Monitoring includes observation and control of work independently of own work performance. The operating personnel for example monitors operational events by means of alerts, displays, tests as well as observations made in the control room and at the plant. On the other hand, the maintenance personnel's most important methods of monitoring are inservice inspections, servicing, repairs, modifications and inspections conducted in connection with them.
It is important for the effective prevention and observation of operational events as well as for the mitigation of their consequences that the personnel are encouraged to pay attention to unusual phenomena and to openly report all safety-significant observations, even errors made in own work.
Essential case-specific data about operational events and the conditions during their occurrence shall be recorded in such a way that, on the basis of the recorded data, summaries can be made to identify weaknesses and trends.
3.2 Assessment and screening of operational events
To assess their safety significance and identify the necessary actions, operational events shall be brought to the knowledge of the organisational unit responsible for providing feedback on them. Examples of such events are:
- deficiencies observed in plant safety functions, allocation of resources and procedures
- emergencies and transients
- erroneous modes of action
- component and system failures
- events which have had an impact on radiation safety.
Apart from the significance of a single event, attention shall also be paid to the event's rate and likeliness of recurrence. This analysis is supported by a failure and event register drawn up on the basis of previous events.
On the basis of the assessment, the necessary actions shall be proposed. The general principle is that all safety-significant operational events are analysed and their causes removed. The system of analysis can be based for example on the event's safety-significance, rate of occurrence and assessed causes.
3.3 Root cause analyses
Operational events which have, or may have, specific safety-significance and whose root causes are not obvious, shall be analysed by an appropriate root cause analysis method. Such events may include for example:
- special situations referred to in Guide YVL 1.5
- clearly identifiable deficiencies in modes of action which might lead to a safety-significant event
- common-cause failures and recurrent deviations which may have more extensive safety-significance.
Root cause analysis is performed to determine appropriate corrective actions for the removal of resolved root causes and other observed deficiencies and for the development of procedures. Judgmental attitudes towards individuals who have caused an operational event are not part of the analysis, however. This principle must infiltrate all levels of the organisation to facilitate the making and development of a functional operational experience feedback programme.
Root cause, as referred to in this Guide, means such a common or systematic (not random) failure, deficiency or drawback as has significantly contributed to the occurrence of the analysed event. It is also characteristic of a root cause that the licence-holder can influence it by appropriate measures. A root cause thus cannot be a law of nature or actions, or modes of action, of an individual who is not a member of the component manufacturer's or licence-holder's staff. Also, a root cause is not a single human error or the failure or breaking of a component.
An advanced root cause analysis method typically looks into i.a. the following matters:
- sequence of events
- the event's significance to plant safety
- availability of redundant systems
- the event's rate of recurrence and corrective actions applied to corresponding events
- how reliability data numerical values take into account failures, errors and deficiencies relating to the event
- exceptional conditions and actions contributing to event initiation
- use of and compliance with procedures and oral instructions
- actions by the personnel in connection with the event
- barrier analysis (procedures and arrangements to prevent and observe the event, and their functioning)
- root causes and other factors contributing to the event
- choice of corrective actions and prior evaluation of their feasibility and efficiency.
For root cause analysis, plant documentation, corresponding events excerpted from the event and failure register as well as records of the event in question shall be scrutinised. This can be done by interviewing those involved in the event and other knowledgeable individuals, and by monitoring corresponding work performances at the plant or at a simulator, if possible.
The results of root cause analysis shall be collected in a root cause analysis report. The report shall include an event description, deviations from normal conditions, root causes and other factors which contributed to the event as well as recommended corrective actions. The report shall also present all essential data, documentation and references pertaining to the analysis.
3.4 Other analyses
Operational events can also be analysed in ways other than root cause analysis, particularly if the root cause is obvious and corrective actions to prevent recurrence can be reliably determined without root cause analysis. Depending on the nature of the event, such descriptions could include various technical and administrative analyses such as special, scram and operational transient reports as referred to in Guide YVL 1.5, and also summaries of events which have occurred during annual maintenance outages. Such descriptions also include plant safety parameters, indicators of plant safety.
3.5 Utilisation of failure statistics
Failures and errors observed at the plant shall be statistically analysed. For this purpose, failures and errors, their significance and causes as well as corrective actions shall be recorded in a computer-based failure register.
With the help of the failure register, systematic component-, system- and failure-specific anal-y-ses shall be made to identify potential weaknesses and changes. The results of these analyses shall be compared against component-specific maintenance and inspection programmes, operational environment and age recommendations, procedures and the efficiency of corrective actions taken due to failures.
On the basis of the analyses, changes in the operation and maintenance of systems, components and structures shall be designed to ensure reliability. The failure register shall also be utilised in the updating of the probabilistic safety assessment (PSA).
Analyses and proposed actions based on failure statistics shall be processed according to written procedures.
Requirements for the handling of failure data are also presented in Guides YVL 1.8 and YVL 2.8.
3.6 Processing and implementation of recommendations
The root cause analysis report and other reports and analyses mentioned in this Guide shall be distributed and the recommendations contained in them processed and implemented according to written instructions for procedures.
3.7 Documentation of actions relating to operational experience feedback
A file shall be kept of operating events under scrutiny and already scrutinised. The file shall be kept up-to-date. In the same way, data shall be recorded on the recommendations given, the decisions made and the progress and implementation of corrective actions.
4 Events at other nuclear facilities
4.1 Monitoring of event reports
Operational event reports from other nuclear facilities received from various sources shall be systematically monitored and assessed. Such reports include i.a. IRS reports by the IAEA and NEA.
4.2 Screening of event reports
As the number of reports is large and their applicability variable, the reports can be processed in several phases and subjected to an appropriate preliminary screening.
During preliminary processing of the reports, operational events having significance for the nuclear facility in question shall be subjected to closer scrutiny. Reports containing information significant for the plant or its use shall even be delivered to those who may benefit from the information although the report would not be more closely assessed.
4.3 Analysis of selected events
Events considered significant shall be more closely assessed according to written procedures. In connection with the assessment, equivalent events at own plant and the actions taken on their basis shall be scrutinised.
A summary shall be made of each assessment in which corresponding events or the possibility of a corresponding event at own plant are evaluated and actions are recommended to prevent recurrence.
4.4 Implementation of recommendations
The processing and implementation of recommendations shall take place according to written procedures.
4.5 Document processing control
An updated list shall be kept of the status of events under processing and the recommendations given. In the same way, data on the decisions made and the progress and implementation of corrective actions shall be recorded.
5 Reporting
One significant part of operational experience feedback is transferring the lessons learnt to the plant's own personnel.
The plant personnel shall be given sufficient information about operating events, their causes and the actions necessary to avoid recurrence. The results of analyses are to be utilised in personnel training.
Significant operational events shall be actively and openly reported to the operators of other nuclear power plants in Finland and abroad.
Operational events shall be reported to STUK according to Guide YVL 1.5.
6 Control of operational experience feedback
STUK controls the licence-holder's operational experience feedback arrangements as part of its own inspection activities. This control includes a review of instructions and reports submitted to STUK. STUK also controls on site that the instructions are complied with.
STUK assigns its own investigating team to look into operational events deemed to be of special importance. Such an investigation is carried out especially when STUK considers an independent investigation is necessary due to the nature of an event, and also when it is assessed that amendments to requirements or control procedures established by STUK may help prevent the recurrence of an event.
7 References
- Decision of the Council of State on the General Regulations for the Safety of Nuclear Power Plants (395/91), 14 February 1991.
- Safety Series No. 75-INSAG-4: "Safety Culture", IAEA, 1991.
- IAEA-TECDOC-596: "Reviewing operational experience feedback", IAEA, 1991.