Monday, April 27, 2015

INPO’s View on Fukushima Safety Culture Lessons Learned

In November 2011 the Institute of Nuclear Power Operations (INPO) published a special report* on the March 2011 Fukushima accident.  The report provided an overview and timeline for the accident, focusing on the evolution of the situation during the first several days after the earthquake and tsunami.  Safety culture (SC) was not mentioned in the report.

In August 2012 INPO issued an addendum** to the report covering Fukushima lessons learned in eight areas, including SC.  Each area contains a lengthy discussion of relevant plant activities and experiences, followed by specific lessons learned.  According to INPO, some lessons learned may be new or different from those published elsewhere.  Several caught our attention as we paged through the addendum: Invest resources to assess low-probability, high-consequence events (Black Swans).  Beef up available plant staffing to support regular staff in case a severe, long duration event inconveniently occurs on a weekend.  Evaluate the robustness of off-site event management facilities (TEPCO’s was inaccessible, lost power and did not have filtered ventilation).  Be aware that assigning most decision making authority to the control room crew (as TEPCO did) meant other plant groups could not challenge or check ops’ decisions—efficiency at the cost of thoroughness.  Conduct additional training for a high-dose environment when normal dosage limits are replaced with emergency ones.  Ensure that key personnel have in-depth reactor and power plant knowledge to respond effectively if situations evolve beyond established procedures and flexibility is required.

Focusing on SC, the introduction to this section is clear and unexpectedly strong: “History has shown that accidents and their precursors at commercial nuclear electric generating stations result from a series of decisions and actions that reflect flaws in the shared assumptions, values, and beliefs of the operating organization.” (p. 33)

The SC lessons learned are helpful.  INPO observed that while TEPCO had taken several steps over the years to strengthen its SC, it missed big picture issues including cultivating a questioning attitude, challenging assumptions, practicing safety-first decision making and promoting organizational learning.  In each of these areas, the report covers specific deficiencies or challenges faced at Fukushima followed by questions aimed at readers asking them to consider if similar conditions exist or could exist at their own facilities.

Our Perspective

The addendum has a significant scope limitation: it does not address public policy (e.g., regulatory or governmental) factors that contributed to the Fukushima accident and yielded their own lessons learned.***  However, given the specified scope, a quick read of the entire addendum suggests it’s reasonably thorough, the SC section certainly is.  The questions aimed at report readers are the kind we ask all the time on Safetymatters but we award INPO full marks for addressing these general, qualitative, open-ended subjects.  One question INPO raised that we have not specifically asked is “To what extent are the safety implications considered during enterprise business planning and budgeting?” (italics added)  Another, inferred from the report text, is “How do operators create complex, realistic scenarios (e.g., with insufficient information and/or personnel under stress) during emergency training?”  These are legitimate additions to the repertoire.  

The addendum is not perfect.  For example, INPO trots out the “special and unique” mantra when discussing the essential requirements to maintain core cooling capability and containment integrity (esp. with respect to venting at Fukushima).  This mantra, coupled with INPO’s usual penchant for secrecy, undermines public support for commercial nuclear power.  INPO can be a force for good when its work products, like this report and addendum, are publicly available.  It would be better for the industry if INPO were more transparent and if commercial nuclear power were characterized as a safety-intense industrial process run by ordinary, albeit highly trained, people.

Bottom line, you should read the addendum looking for bits that apply to your own situation.

*  INPO, “Special Report on the Nuclear Accident at the Fukushima Daiichi Nuclear Power Station,” INPO 11-005 Rev. 0 (Nov. 2011).

**  INPO, “Lessons Learned from the Nuclear Accident at the Fukushima Daiichi Nuclear Power Station,” INPO 11-005 Rev. 0 Addendum (Aug. 2012).  Thanks to Madalina Tronea for publicizing this document.  Dr. Tronea is the founder/moderator of the LinkedIn Nuclear Safety discussion group.

***  Regulatory, government and corporate governance lessons learned have been publicized by other Fukushima reviewers and the findings widely distributed, including on Safetymatters.  Click on the Fukushima label to see our related posts. 

Wednesday, April 22, 2015

More Evidence of Weak Safety Culture in DOE

DNFSB Headquarters
We have posted many times about safety culture (SC) issues in the Department of Energy (DOE) empire.  Many of those issues have been raised by the Defense Nuclear Facilities Safety Board (DNFSB), an overseer of DOE activities.  Following is a recent example based on a DNFSB staff report.*

The Radcalc Imbroglio

Radcalc is a computer program used across the DOE complex (and beyond) to determine the transportation package classification for radioactive materials, including radioactive waste, based on the isotopic content.  Radcalc errors could lead to serious consequences, e.g., exposure to radiation or explosions, in the event of a transportation accident.  DOE classified Radcalc as safety software and assigned it the second highest level of rigor in DOE’s software quality assurance (SQA) procedures.

A DNFSB audit found multiple deficiencies with respect to Radcalc, most prominently DOE’s inability to provide any evidence of federal oversight of Radcalc during the software's lifetime (which dates back to the mid-1990s).  In addition, there was no evidence DOE contractors had any Radcalc-related QA plans or programs, or maintained software configuration management.  Neither DOE nor the contractors effectively used their corrective action program to identify and correct software problems.  DNFSB identified other problems but you get the idea.

DNFSB Analysis

As part of its analysis of problems and causes, the DNFSB identified multiple contributing factors including the following related to organization.  “There is an apparent lack of a systematic, structured, and documented approach to determine which organization within DOE is responsible to perform QA audits of contractor organizations.  During the review, different organizations within DOE stated that they thought another organization was responsible for performing Radcalc contractor QA audits.  DOE procedures do not clearly delineate which organization is responsible for QA/SQA audits and assessments.” (Report, p. 4)

Later, the report says “In addition, this review identified potentially significant systemic [emphasis added] concerns that could affect other safety software. These are: inadequate QA/SQA requirement specification in DOE contracts and the lack of policy identifying the DOE organizations in charge of performing QA assessments to ensure compliance; unqualified and/or inadequate numbers of qualified federal personnel to oversee contract work; . . . and additional instances of inadequate oversight of computer work within DOE (e.g., Radtran).” (Report, p. 5)

Our Perspective

Even without the DNFSB pointing out “systemic” concerns, this report practically shouts the question “What kind of SC would let this happen?”  We are talking about a large group of organizations where a significant, safety-related activity failed to take place and the primary reason (excuse) is “Not my group’s job.”  And no one took on the task to determine whose job it was.  This underlying cultural attitude could be as significant as the highly publicized SC problems at individual DOE facilities, e.g., the Hanford Waste Treatment Plant or the Waste Isolation Pilot Plant.

The DNFSB asked DOE to respond to the report within 90 days.  What will such a report say?  Let’s go out on a limb here and predict the report will call for “improved procedures, training and oversight.”  The probability of anyone facing discipline over this lapse: zero.  The probability of DOE investigating its own and/or contractor cultures for a possible systemic weakness: also zero.  Why?  Because there’s no money in it for DOE or the contractors and the DNFSB doesn’t have the organizational or moral authority to force it to happen.

We’ve always championed the DNFSB as the good guys, trying to do the right thing with few resources.  But the sad reality is they are a largely invisible backroom bureaucracy.  When a refinery catches fire, the Chemical Safety Board is front and center explaining what happened and what they’ll recommend to keep it from happening again.  When was the last time you saw the DNFSB on the news or testifying before Congress?  Their former chairman retired suddenly late last year, with zero fanfare; we think it’s highly likely the SC initiative he championed and attempted to promulgate throughout DOE went out the door with him.

*  J.H. Roberson (DNFSB) to D.M. Klaus (DOE), letter (Mar. 16, 2015) with enclosed Staff Issue Report “Review of Federal Oversight of Software Quality Assurance for Radcalc” (Dec. 17, 2014).  Thanks to Bill Mullins for bringing this document to our attention.

Monday, April 13, 2015

Safety-I and Safety-II: The Past and Future of Safety Management by Erik Hollnagel

This book* discusses two different ways of conceptualizing safety performance problems (e.g., near-misses, incidents and accidents) and safety management in socio-technical systems.  This post describes each approach and provides our perspective on Hollnagel’s efforts.  As usual, our interest lies in the potential value new ways of thinking can offer to the nuclear industry.


This is the common way of looking at safety performance problems.  It is reactive, i.e., it waits for problems to arise** and analytic, e.g., it uses specific methods to work back from the problem to its root causes.  The key assumption is that something in the system has failed or malfunctioned and the purpose of an investigation is to identify the causes and correct them so the problem will not recur.  A second assumption is that chains of causes and effects are linear, i.e., it is actually feasible to start with a problem and work back to its causes.  A third assumption is that a single solution (the “first story”) can be found. (pp. 86, 175-76)***  Underlying biases include the hindsight bias (p. 176) and the belief that the human is usually the weak link. (pp. 78-79)  The focus of safety management is minimizing the number of things that go wrong.

Our treatment of Safety-I is brief because we have reported on criticism of linear thinking/models elsewhere, primarily in the work of Dekker, Woods et al, and Leveson.  See our posts of Dec. 5, 2012; July 6, 2013; and Nov. 11, 2013 for details.


Safety-II is proposed as a different way to look at safety performance.  It is proactive, i.e., it looks at the ways work is actually performed on a day-to-day basis and tries to identify causes of performance variability and then manage them.  A key cause of variability is the regular adjustments people make in performing their jobs in order to keep the system running.  In Hollnagel’s view, “Finding out what these [performance] adjustments are and trying to learn from them can be more important than finding the causes of infrequent adverse outcomes!” (p. 149)  The focus of safety management is on increasing the likelihood that things will go right and developing “the ability to succeed under varying conditions, . . .” (p. 137).

Performance is variable because, among other reasons, people are always making trade-offs between thoroughness and efficiency.  They may use heuristics or have to compensate for something that is missing or take some steps today to avoid future problems.  The underlying assumption of Safety-II is that the same behaviors that almost always lead to successful outcomes can occasionally lead to problems because of performance variability that goes beyond the boundary of the control space.  A second assumption is that chains of causes and effects may be non-linear, i.e., a small variance may lead to a large problem, and may have an emergent aspect where a specific performance variability may occur then disappear or the Swiss cheese holes may momentarily line up exposing the system to latent hazards. (pp. 66, 131-32)  There may be multiple explanations (“second stories”) for why a particular problem occurred.  Finally, Safety-II accepts that there are often differences between Work-as-Imagined (esp. as imagined by folks at the blunt end) and Work-as-Done (by people at the sharp end). (pp. 40-41)***

The Two Approaches

Safety-I and Safety-II are not in some winner-take-all competitive struggle.  Hollnagel notes there are plenty of problems for which a Safety-I investigation is appropriate and adequate. (pp. 141, 146)

Safety-I expenditures are viewed as a cost (to reduce errors). (p. 57)  In contrast, Safety-II expenditures are viewed as bona fide investments to create more correct outcomes. (p. 166)

In all cases, organizational factors, such as safety culture, can impact safety performance and organizational learning. (p. 31)

Our Perspective

The more complex a socio-technical entity is, the more it exhibits emergent properties and the more appropriate Safety-II thinking is.  And nuclear has some elements of complexity.****  In addition, Hollnagel notes that a common explanation for failures that occur in a System-I world is “it was never imagined something like that could happen.” (p. 172)  To avoid being the one in front of the cameras saying that, it might be helpful for you to spend a little time reflecting on how System-II thinking might apply in your world.

Why do most things go right?  Is it due to strict compliance with procedures?  Does personal creativity or insight contribute to successful plant performance?  Do you talk with your colleagues about possible efficiency-thoroughness trade-offs (short cuts) that you or others make?  Can thinking about why things go right make one more alert to situations where things are heading south?  Does more automation (intended to reduce reliance on fallible humans) actually move performance closer to the control boundary because it removes the human’s ability to make useful adjustments?  Has any of your root cause evaluations appeared to miss other plausible explanations for why a problem occurred?

Some of the Safety-II material is not new.  Performance variability in Safety-II builds on Hollnagel’s earlier work on the efficiency-thoroughness trade-off (ETTO) principle.  (See our Jan. 3, 2013 post.)   His call for mindfulness and constant alertness to problems is straight out of the High Reliability Organization playbook. (pp. 36, 163-64)  (See our May 3, 2013 post.)

A definite shortcoming is the lack of concrete examples in the Safety-II discussion.  If someone has tried to do this, it would be nice to hear about it.

Bottom line, Hollnagel has some interesting observations although his Safety-II model is probably not the Next Big Thing for nuclear safety management.


*  E. Hollnagel, Safety-I and Safety-II: The Past and Future of Safety Management  (Burlington, VT: Ashgate , 2014)

**  In the author’s view, forward-looking risk analysis is not proactive because it is infrequently performed. (p. 57) 

***  There are other assumptions in the Safety-I approach (see pp. 97-104) but for the sake of efficiency, they are omitted from this post.

****  Nuclear power plants have some aspects of a complex socio-technical system but other aspects are merely complicated.   On the operations side, activities are tightly coupled (one attribute of complexity) but most of the internal organizational workings are complicated.  The lack of sudden environmental disrupters (excepting natural disasters) means they have time to adapt to changes in their financial or regulatory environment, reducing complexity.

Sunday, March 29, 2015

Nuclear Safety Assessment Principles in the United Kingdom

A reader sent us a copy of “Safety Assessment Principles for Nuclear Facilities” (SAPs) published by the United Kingdom’s Office for Nuclear Regulation (ONR).*  For documents like this, we usually jump right to the treatment of safety culture (SC).  However, in this case we were impressed with the document’s accessibility, organization and integrated (or holistic) approach so we want to provide a more general review.

ONR uses the SAPs during technical assessments of nuclear licensees’ safety submissions.  The total documentation package developed by a licensee to demonstrate high standards of nuclear safety is called the “safety case.”


The language is clear and intended for newbies as well as those already inside the nuclear tent.  For example, “The SAPs contain principles and guidance.  The principles form the underlying basis for regulatory judgements made by inspectors, and the guidance associated with the principles provides either further explanation of a principle, or their interpretation in actual applications and the measures against which judgements can be made.” (p. 11) 

Also furthering ease of use, the document is not strewn with acronyms.  As a consequence, one doesn’t have to sit with glossary in hand just to read the text.


ONR presents eight fundamental principles including responsibility for safety, limitation of risks to individuals and emergency planning.  We’ll focus on another fundamental principle, Leadership and Management (L&M) because (a) L&M activities create the context and momentum for a positive SC and (b) it illustrates holistic thinking.

L&M is comprised of four subordinate (but still high-level) inter-related principles: leadership, capable organization, decision making and learning.  “Because of their inter-connected nature there is some overlap between the principles. They should therefore be considered as a whole and an integrated approach will be necessary for their delivery.” (p. 18)

Drilling down further, the guidance for leadership includes many familiar attributes.  We want to acknowledge attributes we have been emphasizing on Safetymatters or reflect new thoughts.  Specifically, leaders must recognize and resolve conflict between safety and other goals, ensure that the reward systems promote the identification and management of risk, encourage safe behavior and discourage unsafe behavior or complacency; and establish a common purpose and collective social responsibility for safety. (p.19) 

Decision making (another Safetymatters hot button issue) receives a good treatment.  Topics covered include explicit recognition of goal conflict; appreciating the potential for error, uncertainty and the unexpected; and the essential functions of active challenges and a questioning attitude.

We do have one bone to pick under L&M: we would like to see words to the effect that safety performance and SC should be significant components of the senior management reward system.

Useful Points

Helpful nuggets pop up throughout the text.  A few examples follow.

“The process of analysing safety requires creativity, where people can envisage the variety of routes by which radiological risks can arise from the technology. . . . Safety is achieved when the people and physical systems together reliably control the radiological hazards inherent in the technology. Therefore the organizational systems (ie interactions between people) are just as important as the physical systems, . . . “ (pp. 25-26)

“[D]esigners and/or dutyholders may wish to put forward safety cases that differ from [SAP] expectations.   As in the past, ONR inspectors should consider such submissions on their individual merits. . . . ONR will need to be assured that such cases demonstrate equivalence to the outcomes associated with the use of the principles here,. . .” (p. 14)  The unstated principle here is equifinality; in more colorful words, there is more than one way to skin a cat.

There are echoes of other lessons we’ve been preaching on Safetymatters.  For example “The principle of continuous improvement is central to achieving sustained high standards of nuclear safety. . . . Seeking and applying lessons learned from events, new knowledge and experience, both nationally and internationally, must be a fundamental feature of the safety culture of the nuclear industry.” (p. 13)

And, in a nod to Nicholas Taleb, if a “hazard is particularly high, or knowledge of the risk is very uncertain, ONR may choose to concentrate primarily on the hazard.” (p. 8)

Our Perspective

Most of the content of the SAPs will be familiar to Safetymatters readers.  We suggest you skim the first 23 pages of the document covering introductory material and Leadership & Management.  SAPs is an excellent example of a regulator actually trying to provide useful information and guidance to current and would-be licensees and is far better than the simple-minded laundry lists promulgated by IAEA.

*  Office for Nuclear Regulation, “Safety Assessment Principles for Nuclear Facilities” Rev. 0 (2014).  We are grateful to Bill Mullins for forwarding this document to us.

Wednesday, March 18, 2015

Safety Culture at the 2015 NRC Regulatory Information Conference

NRC Public Meeting
The Nuclear Regulatory Commission (NRC) held its annual Regulatory Information Conference (RIC) on March 10-12, 2015.  As usual, safety culture (SC) played a minor supporting role: it was the topic of one technical session out of 37 total.  The SC session focused on assessing and/or measuring SC.  It featured a range of presentations—from NRC, Duke Energy, DOE and a SC consultant—which are summarized below.*


This presentation consisted of one (sic) slide recounting the NRC’s SC outreach program during the past year including the Trait Talk brochures, SC case studies and meetings with other nuclear regulatory bodies.

Duke Energy

The presenter provided a list of internal (CAP, Employee Concerns Program )and external (INPO, NRC) information, and management activities (Nuclear SC Monitoring Panel, Site Leadership team, Corporate Nuclear SC Monitoring Panel, Fleet Nuclear SC Monitoring Panel, Executive Nuclear Safety Council) that are used to assess equipment, processes and people across the Duke fleet.  There was no information on how these activities are integrated to describe plant or fleet SC, or if any SC issues have been identified or corrective actions taken; the slides were basically a laundry list.

Department of Energy (DOE)

The speaker was from DOE’s Office of Environment, Health, Safety and Security.  He reviewed the safety mission and goals related to DOE’s Integrated Safety Management program, DOE’s SC focus areas (leadership, employee/worker engagement and organizational learning) and SC-related activities (extent of condition reviews, self‐assessments, sustainment plans, independent assessments and the SC Improvement Panel.) 

The presentation covered the challenges in relating SC to safety management performance (mostly industrial safety metrics) and in implementing cultural changes.  Factors that make SC improvement difficult include production vs. safety goal conflict, fiscal pressures, leadership changes and internal inertia (resistance to change).

This presentation covered the basics of SC, as customized for DOE, but had no supporting details or any mention of the SC issues that have arisen at various DOE facilities, e.g., Hanford, Pantex and the Waste Isolation Pilot Plant.  We have posted many times on DOE SC; please click on the DOE label to retrieve these posts.

SC Consultant

The presenter was Sonja Haber.  She reviewed the fundamentals of the linkage between culture, behavior and ultimate performance, and the Schein three-level model of culture.

She also covered the major considerations for conducting SC assessments including having a diversity of expertise in assessing culture, using multiple methods of data collection, understanding how cultural complexity impacts performance and considering the interaction of human, organizational and technological factors.

Our Perspective

This was thin gruel compared to the 2014 RIC SC session (which we reviewed April 25, 2014).  Based on the slides, there was not much “there” there at this session.  The speaker who offered the most was Dr. Haber, not a surprise given that she has been involved in SC evaluations at various DOE facilities and testified at a Defense Nuclear Facilities Safety Board hearing on SC (which we reviewed June 9, 2014).

If a webcast of the SC technical session becomes available, we will review it to see if any useful additional information was presented or arose during the discussion.

*  The SC technical session presentations are available on the NRC website.

Friday, March 6, 2015

More Safety Culture “Trait Talk” from the NRC

Typical NRC Trait Talk brochure
The NRC introduced a series of educational brochures, the Safety Culture Trait Talk, at the March 2014 Regulatory Information Conference.  Each brochure covers one of the nine safety culture (SC) traits in the NRC SC Policy Statement (SCPS), describing why the trait is important and providing examples of related attributes and an illustrative scenario.

At that time, only one Trait Talk was available, viz., Leadership Safety Values and Actions.  We thought the content was pretty good.  The “Why is this trait important?” portion was derived from an extensive review of SC-related social science literature, which we liked a lot and posted about Feb. 10, 2013.  The “What does this trait look like?” section (aka attributes) comes from the SC Common Language initiative, which we have reviewed multiple times, most recently on April 6, 2014.  The illustrative scenario is new content developed for each brochure.

During 2014 and early 2015, NRC published additional Trait Talk brochures and now has one for each trait in the SCPS.*  We reviewed them all and still believe they provide a useful introduction and overview for each trait.  Following is our take on each trait’s essence (based on the brochure contents), and each brochure’s strengths and weaknesses.  

Leadership Safety Values and Actions

This trait focuses on the responsibilities of leaders to set the tone for SC through their own visible actions.  There is a good discussion of how employees at all levels can face goal conflicts, e.g., safety vs. production.  The focus of the reward system is on the staff; unfortunately, there is no mention of management’s financial incentives.  Although leaders’ decisions set the priority for safety, there is no mention of the decision making process, arguably management’s most fundamental and important function.**

Work Processes

This trait focuses on controlling work.  It emphasizes limiting temporary modifications, minimizing backlogs and adhering to procedures, which is all good.  It also says “organizations may require strict adherence to normal and emergency operating procedures.   However, flexibility may be necessary when responding to off-normal conditions.”  This may give the purists heartburn but it reflects reality and is a major observation of the Fukushima disaster.

Questioning Attitude

This trait is about avoiding complacency, watching for abnormalities while going about one’s duties and stopping work if unexpected conditions or results are encountered.  The key is ensuring safety has its appropriate priority at all times, which is not easy if a plant is under significant financial or political pressure.

Problem Identification and Resolution

This trait is about identifying and permanently resolving current problems, and anticipating potential future challenges and dealing with them before they manifest.  In our view, this is one of the two most important areas (the other being decision making) where everyone sees what a plant’s real priorities are.  This Trait Talk covers the topic well.

Environment for Raising Concerns

The trait is about establishing and maintaining a safety conscious work environment (SCWE).  The Trait Talk lays out the theory but the truth is whistle-blowers in many industries, including nuclear, become pariahs.

Effective Safety Communication

This trait is about transparency (although the term does not appear in the brochure.)  All business communication should be clear, complete, understandable and respectful.  The Trait Talk’s discussion on the importance of first-level supervisors being a primary source of information for their employees is very good.

Respectful Work Environment

The title says it all about this trait which overlaps with others, including questioning attitude, SCWE and transparent communications.  The Trait Talk has a good discussion of trust, at both the individual and organizational level.  One aspect we would add to the trust “equation” is the perception of self-interest vs. concern for others.

Continuous Learning

This trait is about identifying, obtaining, sharing, applying and retaining new knowledge that can lead to improved individual or organizational performance.  This trait overlaps with others, including questioning attitude and a respectful work environment.

Personal Accountability

This trait is mostly about everyone’s willingness to accept responsibility for safety but it also encompasses assigned individuals’ obligation for specific safety responsibilities.  For the latter case, the brochure’s statement that “Personal accountability is not finger pointing, blame, or punishment” is simply not true. 

Our Perspective 

The brochures provide a useful introduction and overview for each trait in the SCPS.  The content is generally good, with some weak spots and missing items.  These are, after all, four-page brochures and roughly 45 percent of the content is the same in every brochure.

*  All the Trait Talk brochures can be downloaded from the SC education materials page on the NRC website.

**  Interestingly, Decision Making is included as a tenth trait in NRC NUREG-2165, “Safety Culture Common Language” (Mar. 2014).  ADAMS ML14083A200.

Friday, February 20, 2015

NRC Office of Investigations 2014 Annual Report: From Cases to Culture

The Nuclear Regulatory Commission (NRC) Office of Investigations (OI) recently released its FY2014 annual report.*  The OI investigates alleged wrongdoing by entities regulated by the NRC; OI’s focus is on willful and deliberate actions that violate NRC regulations and/or criminal statutes.

The OI report showed a definite downward trend in the number of new cases being opened, overall a 41% drop between FY2010 and FY2014.  Only one of the four categories of cases increased over that time frame, viz., material false statements, which held fairly steady through FY2013 but popped in FY2014 to 67% over FY2010.  We find this disappointing because false statements can often be linked to cultural attributes that prioritize getting a job done over compliance with regulations.

The report includes a chapter on “Significant Investigations.”  There were eight such investigations, four involving nuclear power plants.  We have previously reported on two of these cases, the Indian Point chemistry manager who falsified test results (see our May 12, 2014 post) and the Palisades security manager who assigned a supervisor to an armed responder role for which he was not currently qualified (see our July 24, 2014 post).  The other two, summarized below, occurred at River Bend and Salem.

In the River Bend case, a security officer deliberately falsified training records by taking a plant access authorization test for her son, a contractor employed by a plant supplier.  Similar to the Palisades case, Entergy elected alternative dispute resolution (ADR) and ended up with multiple corrective actions including revising its security procedures, establishing new controls for security-related information (SRI), evaluating SRI storage, developing a document highlighting the special responsibilities of nuclear security personnel, establishing decorum protocols for certain security posts, preparing and delivering a lessons learned presentation, conducting an independent third party safety culture (SC) assessment of the River Bend security organization [emphasis added], and delivering refresher training on 10 CFR 50.5 and 50.9.  Most of these requirements are to be implemented fleet-wide, i.e., at all Entergy nuclear plants, not just River Bend.**

The Salem case involved a senior reactor operator who used an illegal substance then performed duties while under its influence.  The NRC issued a Level III Notice of Violation (NOV) to the operator.  The operator’s NRC license was terminated at PSE&G’s request.***  PSE&G was not cited in this case.

Our Perspective

You probably noticed that three of the “significant” cases involved Entergy plants.  Entergy is no stranger to issues with a possible cultural component including the following:****

In 2013, Arkansas Nuclear One received a NOV after an employee deliberately falsified documents regarding the performance of Emergency Preparedness drills and communication surveillances.

In 2012, Fitzpatrick received a Confirmatory Order (Order) after the NRC discovered violations, the majority of which were willful, related to adherence to site radiation protection procedures.

During 2006-08, Indian Point received two Orders and three NOVs for its failure to install backup power for the plant’s emergency notification system.

In 2012, Palisades received an Order after an operator left the control room without permission and without performing a turnover to another operator.  Entergy went to ADR and ended up with multiple corrective actions, some fleet-wide.  We have posted many times about the long-running SC saga at Palisades—click on the Palisades label to pull up the posts. 

In 2005, Pilgrim received a NOV after an on-duty supervisor was observed sleeping in the control room.  In 2013, Pilgrim received a NOV for submitting false medical documentation on operators.

In 2012, River Bend received a NOV for operators in the control room accessing the internet in violation of an Entergy procedure. 

These cases involve behavior that was (at least in hindsight) obviously wrong.  It’s not a stretch to suggest that a weak SC may have been a contributing factor.  So has Entergy received the message?  You be the judge.

“Think of how stupid the average person is, and realize half of them are stupider than that.” ― George Carlin (1937–2008)

*  NRC Office of Investigations, “2014 OI Annual Report,” NUREG-1830, Vol. 11 (Feb. 2015).  ADAMS ML15034A064.

**  M.L. Dapas (NRC) to E.W. Olson (River Bend), “Confirmatory Order, Notice of Violation, and Civil Penalty – NRC Special Inspection Report 05000458/2014407 and NRC Investigation Report 4-2012-022- River Bend Station” (Dec. 3, 2014).  ADAMS ML14339A167.

***  W.M. Dean (NRC) to G. Meekins (an individual), “Notice of Violation (Investigation Report No. 1-2014-013)” (July 9, 2014).  ADAMS ML14190A471.

****  All Entergy-related NRC enforcement actions were obtained from the NRC website.