The Nuclear Regulatory Commission (NRC) recently published NUREG-1650, rev. 6, the seventh national report for the Convention on Nuclear Safety.* The report is prepared for the triennial meeting of the Convention and describes the policies, laws, practices and other activities utilized by the U.S. to meet its international obligations and ensure the safety of its commercial nuclear power plants. Nuclear Safety Culture (NSC) is one of the topics discussed in the report. This post highlights NSC changes (new items and updates) from the sixth report (NUREG-1650, rev. 5) which we reviewed on March 26, 2014. The numbers shown below are section numbers in the current report.
8.1.5 International Responsibilities and Activities
The NRC’s International Regulatory Development Partnership (IRDP) program supports the safe introduction of nuclear power in “new entrant” countries. IRDP training addresses many topics including safety culture. (p. 99)
8.1.6.2 Human Resources
This section was updated to include a reference to the 2015 NRC Safety Culture and Climate Survey.
10.1 Background [for article 10, “Priority to Safety”]
The report notes “All U.S. nuclear power plants have committed to conducting a safety culture self-assessment every 2 years and have committed to conducting monitoring panels as described in Nuclear Energy Institute (NEI) 09-07, “Fostering a Healthy Nuclear Safety Culture,” dated March 2014.” (p. 120) We reviewed NEI 09-07 on Jan. 6, 2011.
10.4 Safety Culture
The bulk of the report addressing NSC is in this section and exhibits a significant rewrite from the previous report. Some of the changes reorganized existing material but there are also new items, discussed below, and additional background information. Overall, section 10.4 is more complete and lucid than its predecessor.
10.4.1 Safety Culture Policy Statement
This contains material that formerly appeared under 10.4 and has been expanded to include two new safety culture traits, “questioning attitude” and “decisionmaking.” The NRC worked with licensees and other stakeholders to develop a common language for discussing and assessing NSC; this effort resulted in NUREG-2165, “Safety Culture Common Language.” We reviewed NUREG-2165 on April 6, 2014.
10.4.2 NRC Monitoring of Licensee Safety Culture
This section has been edited to improve clarity and completeness, and provide more specific references to applicable procedures. For example, IP 95003 now includes detailed guidance for NRC inspectors who conduct an independent assessment of licensee NSC.**
New language specifies interventions the NRC may take with respect to licensee NSC: “These activities range from requesting the licensee perform a safety culture self-assessment to a meeting between senior NRC managers and a licensee’s Board of Directors to discuss licensee performance issues and actions to address persistent and continuing safety culture cross-cutting issues.” (p. 128)
10.4.3 The NRC Safety Culture
This section covers the NRC’s efforts to maintain and enhance its own SC. The section has been rewritten and strengthened throughout. It discusses the need for continuous improvement and says “Complacency lends itself to a degradation in safety culture when new information and historical lessons are not processed and used to enhance the NRC and its regulatory products.” (p. 130) That’s true; SC that is not actively maintained will invariably decay.
12.3.5 Human Factors Information System
This system handles human performance information extracted from NRC inspection and licensee event reports. The report notes “the database is being updated to include data with a safety culture perspective.” (p. 146)
Institute of Nuclear Power Operations (INPO)
INPO also provides content for the report, basically a description of INPO’s activities to ensure plant safety. Their discussion includes a section on SC, which is not materially different from their contribution to the previous version of the report.
Our Perspective
Like the sixth national report, this seventh report appears to cover every aspect of the NRC’s operations but does not present any new information. In other words, it’s a good reference document.
The NSC changes are incremental but move toward increased bureaucratization and intrusive oversight of NSC. The NRC is certainly showing the hilt of the sword of regulation if not the blade. We still believe if it reads like a set of requirements, results in enforceable interventions and quacks like the NRC, it’s de facto regulation.
We recently read two journal articles that present the Korean perspective on nuclear safety culture (NSC), one from a nuclear research institute and the other from the Korean nuclear regulator. Selected highlights from each article are presented below, followed by our perspective on the articles’ value.
Warning: Although the articles are in English, they were obviously translated from Korean, probably by a computer, and the translation is uneven. However, the topics and references (including IAEA, NRC, J. Reason and Schein) will be familiar to you so with a little effort you can usually figure out what the authors are saying.
Korean NSC Situation and Issues*
The author is with the Korea Atomic Energy Research Institute. He begins by describing a challenge facing the nuclear industry: avoiding complacency (because plant performance has been good) when the actual diffusion of NSC attributes among management and workers is unknown and major incidents, e.g., Fukushima, point to deficient NSC has a major contributor. One consequence of this situation is that increased regulatory intervention in licensee NSC is a clear trend. (pp. 249, 254)
However, different countries have differing positions on how to intervene in or support NSC because (1) the objectification of an essentially qualitative factor is necessarily limited and (2) they fear diluting the licensee’s NSC responsibilities and/or causing unintended consequences.
The U.S. NRC’s NSC history is summarized, including how NSC is addressed in the Reactor Oversight Process and relevant supplemental inspection procedures. The author’s perception is “If safety culture vulnerability is judged to seriously affect the safety of a nuclear power plant, NRC orders the suspension of its operation, based on the judgment.” (p. 254) In addition, the NRC has “developed and has been applying a licensee safety culture oversight program, based on site-stationed inspector's observation and assessment . . .” (ibid.)
The perception that the NRC would shut down a plant over NSC issues is a bit of a stretch. While the agency is happy to pile on over NSC shortcomings when a plant has technical problems (see our June 16, 2016 post on ANO) it has also wrapped itself in knots to rationalize the acceptability of plant NSC in other cases (see our Jan. 30, 2013 post on Palisades).
There is a passable discussion of the methods available for assessing NSC, ranging from observing top management leadership behavior to taking advantage of “Big data” approaches. However, the author cautions against reliance on numeric indicators; they can have undesirable consequences. He observes that Europe has a minimal number of NSC regulations while the U.S. has none. He closes with recommendations for the Korean nuclear industry.
Regulatory Oversight of NSC**
The authors are with the Korea Institute of Nuclear Safety, the nuclear regulatory agency. The article covers their philosophy and methods for regulating NSC. It begins with a list of challenges associated with NSC regulatory oversight and a brief review of international efforts to date. Regulatory approaches include monitoring onsite vulnerabilities (U.S.), performing standard reviews of licensee NSC evaluations (Canada, Korea) and using NSC indicators (Germany, Finland) although the authors note such indicators do not directly measure NSC. (pp. 267-68)
In the Korean view, the regulator should perform independent oversight but not directly intervene in licensee activities. NSC assessment is separate and different from compliance-based inspection, requires effective two-way communications (i.e., a common language) and aims at creating long-term continuous improvement. (pp. 266-67) Their NSC model uses a value-neutral definition of NSC (as opposed to strong vs. weak); incorporates Schein’s three levels; includes individuals, the organization and leaders; and emphasizes the characteristics shared by organization members. It includes elements from IAEA GSR Part 2, the NRC, J. Reason's reporting culture, DOE, INPO, just culture and Korea-specific concerns about economics trumping safety. (pp. 268-69)***
In the detailed description of the model, we were pleased to see “Incentives, sanctions, and rewards correspond to safety competency of individuals.” (p. 270) An organization’s reward system has always been a hot-button issue for us; all nuclear organizations claim to value NSC, few are willing to pay for achieving or maintaining it. Click the “Compensation” label to see all our posts on this topic.
The article presents a summary of an exercise to validate the model, i.e., link model components to actual plant safety performance. The usual high-level mumbo-jumbo is not helped by the rough spots in the translation. Inspection results, outage rates, scrams, incidents, unplanned shutdowns and radiation doses were claimed to be appropriately correlated with NSC model components.
There should be no surprise that the model was validated. Getting a “right” answer is obviously good for the regulator. We routinely express some skepticism over studies that validate models when we can’t see the actual data and we don’t know if the analysis was independently reviewed by anyone who actually understands or cares about the subject matter.
During the pilot study, several improvement areas in Korean NPP's safety culture were identified. The approach has not been permanently installed.
Our Perspective
These articles are worth reading just to get a different, i.e., non-U.S., perspective on regulatory evaluation of (and possible intervention in) licensee SC. It’s also worthwhile to get a non-U.S. perspective on what they think is going on in U.S. nuclear regulatory space. Their information sources probably include a June 2015 NRC presentation to Korean regulators referenced in our Aug. 24, 2015 post.
It’s interesting that Europe has some regulations that focus on ongoing communications with the licensees. In contrast, the U.S. has no regulations but an approach that can stretch like a cheap blanket to cover all possible licensee situations.
Afterword
We haven’t posted for awhile. It’s not because we’ve lost interest but there hasn’t been much worth reporting. The big nuclear news in the U.S. is not about NSC, rather it’s about plants being scheduled for shutdown because of their economics. International information sources have not been offering up much either. For example, the LinkedIn NSC forum has pretty much dried up except for recycled observations and consultants’ self-serving white papers.
Five years after the Fukushima disaster, the Nuclear Energy Agency (NEA) has released an updated report* on Fukushima lessons learned. It summarizes NEA and member country safety improvements and corrective actions, including “efforts to understand and characterise the importance of strong nuclear safety cultures . . .” (p. 3)
Keep in mind that countries (not plant operators) comprise the NEA so safety culture (SC) discussion centers on government, i.e., regulatory, activities. Selected SC-related excerpts from the report follow:
“Several NEA member countries have adopted a broad consideration of safety culture characteristics, including human and organisational factors, which include specific safety culture programmes that focus on attitudes towards safety, organisational capability, decision-making processes [including during emergencies] and the commitment to learn from experience.” (p. 11)
“Some [countries] have adopted a systematic consideration of safety culture characteristics in inspection and oversight processes. . . . These include periodic internal and external safety culture assessments.” (p. 29)
Desirable SC characteristics for a regulator (as opposed to a licensee) are discussed on pp. 40-42. That may seem substantial but it’s all pulled from a different 2016 NEA publication, “The Safety Culture of an Effective Nuclear Regulatory Body,” which we reviewed on Feb. 10, 2016. That publication had one point worth repeating here, viz., the regulator, in its efforts to promote and ensure safety, should think holistically about the overall regulator-licensee- socio-technical-legal-political system in terms of causes and effects, feedback loops and overall system performance.
Our Perspective
This report may be a decent high-level summary of activities undertaken around the world but it is not sufficiently detailed to provide guidance and it certainly contains no original analysis. The report does include a respectable list of Fukushima-related references.
Many of the actions, initiatives and activities described in the report are cited multiple times, creating the impression of more content than actually exists. For example, the quote above from p. 11 is repeated, in whole or in part, in at least four other places.
If the NEA were a person, we’d characterize it as an “empty suit.” While the summaries of and excerpts from the references, meetings, etc. are satisfactory, the NEA-authored top-level observations are often pro-nuclear cheerleading or just plain blather, e.g., “NEA member countries have continued to take appropriate actions to maintain and enhance the level of safety at their nuclear facilities, and thus nuclear power plants are safer now because of actions taken since the accident. Ensuring safety is a continual process, . . .” (p. 11)**
** As a catty aside, the reputation of the NEA’s relatively new Director-General doesn’t exactly contribute to the agency’s respectability, his having been called “a treacherous, miserable liar,” “first-class rat” and “a tool of the nuclear industry” by an influential U.S. Senator during a 2012 Huffington Post interview. At that time, the Director-General was a U.S. Nuclear Regulatory Commissioner.
This is a companion piece to our Aug. 24, 2015 post on how the NRC effectively regulates licensee safety culture (SC) in the absence of any formal SC regulations. This post summarizes a set of NRC slides* for training inspectors on SC basics and how to integrate SC information and observations into inspection reports.
The slides begin with an overview of SC, material you’ve seen countless times. It includes the Chernobyl and Davis-Besse events, the Schein tri-level model and a timeline of SC-related activities at the NRC.
The bulk of the presentation shows how SC is related to and incorporated in the Reactor Oversight Process (ROP). The starting point is the NRC SC Policy Statement, followed by the Common Language Initiative** which defined 10 SC traits. The traits are connected to the ROP using 23 SC aspects. Aspects are “the important characteristics of safety culture which are observable to the NRC staff during inspection and assessment of licensee performance” (p. 13) Each SC aspect is associated with one of the ROP’s 3 cross-cutting areas: Human Performance (14 aspects), Problem Identification and Resolution (6 aspects) and Safety Conscious Work Environment (3 aspects). During supplemental and reactive inspections there are an additional 12 SC aspects to be considered. Each aspect has associated artifacts that indicate the aspect’s presence or absence. SC aspects can contribute to a cross-cutting theme or, in more serious cases, a substantive cross-cutting issue (SCCI).***
The integration of SC findings into inspection reports is covered in NRC Inspection Manual Chapter 0612 and NINE different NRC Inspection Procedures (IPs). (p. 30) In practice, the logic chain between a SC aspect and an inspection report is the reverse of the description in the preceding paragraph. The creation of an inspection report starts with a finding followed by a search for a related SC cross-cutting aspect. Each finding has one most significant cause and the inspectors should “find the aspect that describes licensee performance that would have prevented or precluded the performance deficiency represented by that cause.” (p. 33)
Our Perspective
This is important stuff. When NRC inspectors are huddled in their bunker evaluating their data and observations after reviewing your documentation, crawling around your plant and talking with your people, the information in these slides provides the road map for their determination of how one or more alleged SC deficiencies contributed to a performance problem which resulted in an inspection finding.
Think of the SC aspects as pegs on which the inspectors can hang their observations to beef up their theory of why a problem occurred. Under routine conditions, there are 23 pegs; under more stringent inspections, there are 35 pegs. That’s a lot of pegs and none of them is trivial which means your organization’s response may consume sizable resources.
We’ll finish with a more cheery thought: If you get to the point where the NRC is going to conduct an independent assessment of your SC, their team will follow the guidance in IP 95003. But don’t worry about their competence, “IP 95003 inspection teams will receive "just-in-time" training before performing the inspection.” (p. 43)
Bottom line: If it looks like controlling oversight behavior and quacks like a bureaucrat, then it probably is de facto regulation.
* NRC Training Slides, “Safety Culture Reactor Oversight Process Training” (July 10, 2015). ADAMS ML15191A253. The slides include other material, e.g., a summary of the conditions under which the NRC can “request” a licensee to perform a SC assessment, a set of case studies and sample test questions for trainees.
** The Common Language Initiative led to NUREG-2165, “Safety Culture Common Language” which was published in early 2014 and we reviewed on April 6, 2014.
*** There are some complicated decision rules for determining when a problem is a substantive cross-cutting issue and these are worth reviewing on pp. 27-28.
We have griped many times about how the NRC does, in fact, regulate (i.e., control or direct) licensee safety culture (SC) even though the agency claims it doesn’t because there is no applicable regulation.
A complete description of the agency’s approach was provided in 2010 NRC staff testimony* before the Atomic Safety and Licensing Board. Note this testimony was given before the Safety Culture Policy Statement was issued but we believe it depicts current practices. The key point is that “Oversight of an operating reactor licensee’s safety culture is implemented by the ROP [Reactor Oversight Process].” (p. 17) Following are some lengthy quotes from the testimony and you can decide whether or not they add up to “regulation.”
“The ROP provides for the oversight of a licensee’s safety culture in four ways. First, the ROP provides for the review of a licensee’s safety culture in a graded manner when that licensee has significant performance issues. The level of the staff’s oversight is determined by the safety significance of the performance issues. This review and evaluation is described in the ROP’s supplemental inspection program . . . An IP 95002 inspection is usually performed when a licensee enters [column 3] . . . of the ROP Action Matrix. . . [In certain circumstances] the NRC will request the licensee to perform an independent safety culture assessment. An IP 95003 inspection is performed when a licensee enters [column 4] . . . of the ROP Action Matrix. When this occurs, the NRC expects [emphasis added] the licensees to perform a third-party safety culture assessment. The staff will review the results of the assessment and perform sample evaluations to verify the results.
“Second, the ROP’s reactive inspection program evaluates a licensee’s response to an event, including consideration of contributing causes related to the safety culture components, to fully understand the circumstances surrounding an event and its probable causes.
“Third, the ROP provides continuous oversight of licensee performance as inspectors evaluate inspection findings for cross-cutting aspects. Cross-cutting aspects are aspects of licensee performance that can potentially affect multiple facets of plant operations and usually manifest themselves as the root causes of performance problems. . . .**
“Fourth, the ROP provides for the review of a licensee’s safety culture if that licensee has difficulty correcting long-standing substantive cross-cutting issues. In these cases, the NRC will request the licensee to perform a safety culture assessment, and the NRC Staff will evaluate the results and the licensee’s response to the results.” (pp. 18-19) In addition, “The ROP assessment process looks at long-standing substantive cross-cutting issues to determine if safety culture assessments need to be performed and reviewed.” (p. 24) Significantly, “Safety culture is addressed through the use of cross-cutting issues which do not relate to the Action Matrix column that a plant may be placed in.” (p. 32)
Our Perspective
In our opinion, SC is regulated via a linkage to ongoing NRC activities. Outputs from NRC inspection activities performed under the aegis of regulation (i.e., law) are used to assess licensee SC and force licensees to perform activities, e.g., SC assessments or corrective actions***, that the licensees might not choose to perform of their own free will.
The reality is NRC “requests” or “expectations” are like a commanding officer’s “wishes”; the intelligent subordinate understands they have the force of orders. Here’s how the agency describes the fist inside the glove: “If the NRC requests a licensee to take an action, and the licensee refuses, the Agency can perform that action (i.e., the safety culture assessment) for them.” (p. 29) We assume the NRC would invoke its regulatory authority to justify such an assessment. But what licensee would want an under-experienced posse of federal inspectors, who expect to find problems because why else would they be assigned to the task, running through their organization?
Occasionally, the NRC drops the veil long enough to reveal the truth. An NRC staffer (one of the witnesses who sponsored the ASLB testimony described above) recently made a presentation to the Korean nuclear regulator. It included a figure that summarizes the SC aspects of the ROP Action Matrix. Under columns 3 and 4, the figure says “may request” and “request” the licensee to conduct a SC assessment. However, on the next page, the presentation bullets are more forthcoming: “For Plants in Columns 3 . . . and 4 . . . NRC requires [emphasis added] Licensee to conduct third party safety culture assessment which is reviewed by NRC.”****
We’re not opposed to the NRC squeezing licensees to strengthen their SC. We just don’t like hypocrisy and doublespeak. Perhaps the agency takes this convoluted approach to controlling SC to support their claim they don’t interfere with licensee management. We don’t believe that; do you?
** The ROP framework includes three cross-cutting areas (human performance, problem identification and resolution, and safety conscious work environment) which contain nine safety culture components. (p. 23)
*** This is another leverage point for the agency. They make sure SC assessment findings are entered in the licensee’s corrective action program (CAP). Then they use their regulatory authority over the CAP to ensure it is useful and effective, i.e., that SC corrective actions are implemented. (p. 30)
This paper* was referenced in a safety culture (SC) presentation we recently reviewed. It was prepared for Canadian offshore oil industry regulators. Although not nuclear oriented, it’s a good introduction to SC basics, the different methods for evaluating SC and possible approaches to regulating SC. We’ll summarize the paper then provide our perspective on it. The authors probably did not invent anything other than the analysis discussed below but they used a decent set of references and picked appropriate points to highlight.
Introduction to SC and its Importance The paper provides some background on SC, its origins and definition, then covers the Schein three-tier model of culture and the difference between SC and safety climate. The last topic is covered concisely and clearly: “. . . safety climate is an outward manifestation of culture. Therefore, safety culture includes safety climate, but safety culture uniquely includes shared values about risk and safety.” (p. 11) SC attributes (from the Canadian Nuclear Safety Commission) are described. Under attributes, the authors stress one of our basic beliefs, viz., “The importance of safety is made clear by the decisions managers make and how they allocate resources.” (p. 12) The authors also summarize the characteristics of High Reliability Organizations, Low Accident Organizations, and James Reason’s model of SC and symptoms of poor SC.
The chapter on SC as a causal factor in accidents contains an interesting original analysis. The authors reviewed reports on 17 offshore or petroleum related accidents (ranging from helicopter crashes to oil rig explosions) and determined for each accident which of four negative SC factors (Normalization of deviance, Tolerance of inadequate systems and resources, Complacency, Work pressure) were present. The number of negative SC factors per accident ranged from 0 (three instances) to 4 (also three instances, including two familiar to Safetymatters readers: BP Texas City and Deepwater Horizon). The negative factor that appeared in the most accidents was Tolerance of inadequate systems and resources (10) and the least was Work pressure (4).
Assessing SC The authors describe different SC assessment methods (questionnaires, interviews, focus groups, observations and document analysis) and cover the strengths and weaknesses of each method. The authors note that no single method provides a comprehensive SC assessment and they recommend a multi-method approach. This is familiar ground for Safetymatters readers; for other related posts, click on the “Assessment” label in the right hand column.
A couple of highlights stand out. Under observations the authors urge caution: “The fact that people are being observed is likely to influence their behaviour [the well-known Hawthorne Effect] so the results need to be treated with caution. The concrete nature of observations can result in too much weight being placed on the results of the observation versus other methods.“ (p. 37) A strength of document analysis is it can evidence how (and how well) the organization identifies and corrects its problems, another key artifact in our view.
Influencing SC
This chapter covers leadership and the regulator’s role. The section on leadership is well-trod ground so we won’t dwell on it. It is a major (but in our opinion not the only) internal factor that can influence the evolution of SC. The statement that “Leaders also shape the safety culture through the allocation of resources” (p. 42) is worth repeating.
The section on regulatory influence is more informative and describes three methods: the regulator’s practices, promotion of SC, and enforcement of SC regulations. Practices refer to the ways the regulator goes about its inspection and enforcement activities with licensees. For example, the regulator can promote organizational learning by requiring licensees to have effective incident investigation systems and monitoring how effectively such systems are used in practice. (p. 44) In the U.S. the NRC constantly reinforces SC’s importance and, through its SC Policy Statement, the expectation that licensees will strive for a strong SC.
Promoting SC can occur through research, education and direct provision of SC-related services. Regulators in other countries conduct their own surveys of industry personnel to appraise safety climate or they assess an organization’s SC and report their findings to the regulated entity.** (pp. 45-46) The NRC both supports and cooperates with industry groups on SC research and sponsors the Regulatory Information Conference (which has a SC module).
Regulation of SC means just what it says. The authors point out that direct regulation in the offshore industry is controversial. (p. 47) Such controversy notwithstanding, Norway has developed regulations requiring offshore companies to promote a positive SC. Norway’s experience has shown that SC regulations may be misinterpreted or result in unintended consequences. (pp. 48-50) In the nuclear space, regulation of SC is a popular topic outside the U.S.; the IAEA even has a document describing how to go about it, which we reviewed on May 15, 2013. More formal regulatory oversight of SC is being developed in Romania and Belgium. We reported on the former on April 21, 2014 and the latter on June 23, 2014.
Our Perspective This paper is written by academics but intended for a more general audience; it is easy reading. The authors score points with us when they say: “Importantly, safety culture moves the focus beyond what happened to offer a potential explanation of why it happened.” (p. 7) Important factors such as management decision making and work backlogs are mentioned. The importance of an effective CAP is hinted at.
The paper does have some holes. Most importantly, it limits the discussion on influencing SC to leadership and regulatory behavior. There are many other factors that can affect an organization’s SC including existing management systems; the corporate owner’s culture, goals, priorities and policies; market factors or economic regulators; and political pressure. The organization’s reward system is referred to multiple times but the focus appears to be on lower-level personnel; the management compensation scheme is not mentioned.
Bottom line: This paper is a good introduction to SC attributes, assessments and regulation.
On August 27, 2014 the Defense Nuclear Facilities Safety Board (DNFSB) convened the second of three hearings “to address safety culture at Department of Energy defense nuclear facilities and the Board’s Recommendation 2011–1, Safety Culture at the Waste Treatment and Immobilization Plant.”* The first hearing was held on May 28, 2014 and heard from industry and federal government safety culture (SC) experts; we reviewed that hearing on June 9, 2014. The second hearing received SC expert testimony from the U.S. Navy, the U.S. Chemical Safety and Hazard Investigation Board and academia. The following discussion reviews the presentations in the order they were made to the board.
Adm. Norton's (Naval Safety Center) presentation** on the Navy’s SC programs was certainly comprehensive with 32 slides for a half-hour talk (plus 22 backup slides). It appears the major safety focus has been on aviation but the Center’s programs also address the afloat communities (surface, submarine and diving) and Marines. The programs make heavy use of surveys and unit visits in addition to developing and presenting training and workshops. Not surprisingly, the Navy stresses the importance of leadership, especially personal involvement and commitment, in creating a strong SC. They recognize that implementing a strong SC faces a direct challenge from other organizational values such as the warfighter mentality*** and softer challenges in areas such as IT (where there are issues with multiple systems and data problems).
Program strengths include the focus on leadership (leadership drives climate, climate drives cultural change) and the importance of determining why mishaps occurred. The positive influence of a strong SC on decision making is implied.
Program weaknesses can be inferred from what was not mentioned. For example, there was no discussion of the importance of fixing problems or identifying hard-to-see technical problems. More significantly, there was no mention of High Reliability Organization (HRO) attributes, a real head-scratcher given that some of the seminal work on HROs was conducted on aircraft carriers.
Adm. Eccles' (Navy ret.) presentation**** basically reviews the Navy’s SUBSAFE program and its focus on compliance with program requirements from design through operations. Eccles notes that ignorance, arrogance and complacency are challenges to maintaining an effective program. Mr. Griffon's (Chemical Safety Board Member) presentation***** illustrates the CSB’s straightforward approach to investigating incidents, as reflected in the following quotes:
“Intent of CSB investigations are to get to root cause(s) and make recommendations toward prevention.” (p. 3)
While searching for root causes the CSB asks: “Why conditions or decisions leading to accident were seen as normal, rational, or acceptable prior to the accident.” (p. 4)
CSB review of incident-related artifacts includes two of our hot button issues, Process Safety Management action item closure (akin to a CAP) and the repair backlog. (p. 5) Griffon reviews major incidents, e.g., Texas City and Deepwater Horizon. For Deepwater, he notes how certain decisions were (deliberately) incompletely informed, i.e., did not utilize readily available relevant information, and thus are indicative of an inadequate SC. (p. 16) Toward the end Griffon observes that “Safety culture study/change must consider inequalities of power and authority.” (p. 19) That seems obvious but it doesn’t often get said so clearly.
We like the CSB’s approach. There is no new information here but it’s a quick read of what basic SC should and shouldn’t be.
Prof. Meshkati's (Univ. of S. Cal.) presentation^ compares the cultures at TEPCO’s Fukushima Daiichi plant and Tohoku Electric’s Onagawa plant. It is mainly a rehash of the op-ed Meshkati co-authored back in March 2014 (and we reviewed on March 19, 2014.) The presentation adds something we pointed out as an omission in that op-ed, viz., that TEPCO’s Fukushima Daini plant eventually managed to shut down safely after the earthquake and tsunami. Meshkati notes approvingly that Daini personnel exhibited impromptu, but prudent, decision-making and improvisation, e.g., by flexibly applying emergency operation procedures. (p. 37)
Prof. Sutcliffe (John Hopkins Univ.) co-authored an important book on High Reliability Organizations (which we reviewed on May 3, 2013) and this academically-oriented presentation^^ draws on her earlier work. It begins with a familiar description of culture and how its evolution can be influenced. Importantly it shows rewards (including money) as a key input affecting the link between leaders’ philosophy and employees’ behavior. (p. 6)
Sutcliffe discusses how failure to redirect action (in a situation where a change is needed) can result from failure of foresight or sensemaking, or being overcome by dysfunctional momentum. She includes a lengthy example featuring wildland firefighters that illustrates the linkages between cues, voiced concerns, search for disparate perspectives, situational reevaluation and redirected actions. It’s worth a few minutes of your time to flip through these slides.
Our Perspective
For starters, the Naval Safety Center's activities may be too bureaucratic, with too many initiatives and
programs, and focused mainly on compliance with procedures, rules,
designs, etc. It’s not clear what SC lessons can be learned from the Navy experience beyond the vital role of leadership in creating a cultural vision and attempting to influence behavior toward that vision.
The other presenters added nothing that was not already available to you, either through Safetymatters or from observing SC tidbits in the information soup that flows by everyone these days.
Subsequent to the first hearing we reported that Safety Conscious Work Environment (SCWE) issues exist at multiple DOE sites (see our July 8, 2014 post). This should increase the sense of urgency associated with strengthening SC throughout DOE. However, our bottom line remains the same as after the first hearing: “The DNFSB is still trying to figure out the correct balance between prescription and flexibility in its effort to bring DOE to heel on the SC issue. SC is a vital part of the puzzle of how to increase DOE line management effectiveness in ensuring adequate safety performance at DOE facilities.”
^ Najm Meshkati, “Leadership and Safety Culture: Personal Reflections on Lessons Learned,” presentation to DNFSB (Aug. 27, 2014). Prof. Meshkati was also the technical advisor to the National Research Council’s safety culture lessons learned from Fukushima report which we reviewed on July 30, 2014.
The latest International Nuclear Safety Journal has an article* by Benoit Bernard describing a new safety culture (SC) regulatory oversight process now in use in Belgium. It is based on observations of SC during interactions with a licensee. This post describes the process and the rationale for it, followed by our perspective.
Bernard starts with a brief history of SC in the nuclear industry then describes two types of regulation currently used, compliance-based and performance-based, and highlights the shortcomings of each. “Compliance-based” regulation is focused on a licensee’s control of isolated technical components. This traditional approach can lead to an “adversarial legalism” between the regulator and the licensee, discourage open communication and fail to promote continuous improvement. In contrast, “performance-based” regulation is based on specific outcomes the licensee is expected to achieve. The regulator focuses on monitoring outcomes. This is a reactive approach that can tend to concentrate on well-known risks or familiar issues, and ignore emergent new issues. Both approaches are inadequate to deal with human factors issues.
The New Process
The author notes “Safety culture cannot be directly regulated but it can be observed . . . [The new Belgian approach] is based on field observations provided by inspectors or safety analysts during any contact with a licensee (inspections, meetings, phone calls…).” (p. 3) It is expected to be more proactive and systemic than the earlier regulatory approaches.
The process has both short-term and longer-term applications. In the short term, the purpose is to identify findings that require more-or-less immediate licensee attention or action. In the longer term, SC observations are input to the overall oversight process. (p. 4)
Observations focus on both facts (what happened) and context (the circumstances surrounding an event). The approach leads to “Why?” questions rather than degree of compliance with defined SC attributes. For example, if someone doesn’t follow a rule, is it because of bad behavior or a bad rule? Was there inadequate training or task-specific knowledge, an inadequate procedure, poor documentation or lack of management commitment to SC? “The important point is to . . . shed light on the underlying reasons as to why the rules were ignored. . . . [L]inking an observation to an attribute must not be considered as an end but as a starting point to further questions.” (p. 7)
Bernard goes on to describe three aspects of SC that an overall assessment must address: Integration, Differentiation and Fragmentation. “Integration” refers to the “level of consensus concerning a set of values unifying people and reflected in practices and management systems.” (p. 8) Prior to the annual SC review with a licensee, SC observations are assessed through four key safety dimensions: Management, Organization, Workplace Practices and Behavior. You probably can’t read the figure below but each dimension has two component factors, e.g., Management consists of “Management system” and “Leadership,” and each factor appears under two different dimensions, e.g., “Management system” appears under Management and Organization. Each factor also has several attributes. This is where the rubber meets the road so think about the training, teamwork, supervision and overall effort required to get regulatory observers (who are more likely to be technical experts than social scientists) to reliably associate specific observations with the correct dimension(s), factor(s) and attribute(s) and then integrate their findings into an overall SC assessment.
“Differentiation” refers to “the ability of [sub-]groups to share a common definition of problems” and “Fragmentation” refers to the “contrast of perceptions and contradictions [across an organization] about what is safe or dangerous.” (p. 9)
Comparison with Romanian Approach
If this topic sounds familiar, on April 21, 2014 we posted on an SC oversight process developed by the Romanian nuclear regulatory agency (CNCAN). The CNCAN approach looks at artifacts (documents, interviews and observations) to develop an overall, longer-term perspective on SC.
CNCAN recognizes there are limitations to using their process including findings that reflect a reviewer’s subjective opinion and over-reliance on one specific finding. The Belgian paper recognizes that training technically-oriented reviewers to become competent observers is a challenge. But Bernard also appears to promote the possibility of “one specific finding” being an early warning, a leading indicator of problems.
Bernard explicitly states this is not a one-size-fits all approach. The search for event context implies a type of customization of the process for each licensee. The author says the result is “a regulation style responding to the reference framework of a particular licensee.” (p. 9)
Belgium has seven operating units at two sites, both sites owned and managed by Electrabel, a Belgium-based energy company. A customized approach may work in Belgium. But as we noted in our review of the CNCAN approach, “the U.S. currently has 32 operators reporting to 81 owners. Developing SC assessment techniques that are comprehensive, consistent and perceived as fair by such a large group is not a simple task.”
Our Perspective
This is a good paper for its comprehensive discussion of nuclear SC in general and its description of two existing regulatory world views.
But we have some concerns with the SC observation process. As noted above, training observers is a major challenge and we think it would be very difficult to adopt such a process in the relatively fragmented U.S. nuclear industry.
In addition, observations are a very soft artifact (compared to documents or even structured interviews) and thus open to to misunderstandings, observational errors and false positives. It’s easy to imagine a licensee being sent off on a wild goose chase after a regulator misreads one (or more) interactions with licensee personnel.
Furthermore, as instant observations become used as leading indicators, the process could become more like a backseat driver commenting on every turn of the steering wheel. Licensees might oversteer in their attempt to get back into this new type of compliance. The risk is the observational process begins to intrude on day-to-day management. And, at some point, ownership of plant SC could subtly shift from the licensee to the regulator.
Finally, although we constantly chide the industry for concentrating on the “what” and ignoring the “why” associated with incidents or infractions, it’s also clear that the pendulum could swing too far in the other direction. In plain language, not every minor issue merits an in-depth “why” investigation; that can be a route to over-use of resources and organizational paralysis.
We’re not condemning this as a bad idea. But a regulatory user (and licensees) should be alert to the possibility of unintended consequences.
Two weeks ago we posted on NUREG-2165, a document that formalizes a “common language” for describing nuclear safety culture (SC). The NUREG contains a set of SC traits, attributes that define each trait and examples that would evidence each attribute. We expressed concern about how traits and attributes could and would be applied in practice to assess SC.
Well, we didn’t have to wait very long. This post reviews a recent International Nuclear Safety Journal article* that describes the SC oversight process developed by the Romanian nuclear regulatory agency (CNCAN). The CNCAN process uses the International Atomic Energy Agency (IAEA) SC definition and attributes and illustrates how attributes can be used to evaluate SC. Note that CNCAN is not attempting to directly regulate SC but they are taking comprehensive steps to evaluate and influence the licensee’s SC.
CNCAN started with the 37 IAEA attributes and decided that 20 were accessible via the normal review and inspection activities. Some of the 20 could be assessed using licensee and related documentation, others through interviews with licensee and contractor personnel, and others by direct observation of relevant activities.
CNCAN recognizes there are limitations to using this process, e.g., findings that reflect a reviewer’s subjective opinion, the quality of match (relevance) between an attribute and a specific technical or functional area, the quality of the information gathered and used, and over-reliance on one specific finding. Time is also an issue. “[A] large number of review and inspection activities are required, over a relatively long period of time, to gather sufficient data in order to make a judgement on the safety culture of an organisation as a whole.” (p. 4)
However, they are optimistic about longer-term effectiveness. “. . . evidence of certain attributes not being met for several functional areas and processes would provide a clear indication of a problem that would warrant increased regulatory surveillance.” In addition, “[t]he implementation of the [oversight process] proved that all the routine regulatory reviews and inspections reveal aspects that are of certain relevance to safety culture. Interaction with plant staff during the various inspection activities and meetings, as well as the daily observation by the resident inspectors, provide all the necessary elements for having an overall picture of the safety culture of the licensee.” (ibid., emphasis added)
Our Perspective
We reviewed a draft of the CNCAN SC oversight process on March 23, 2012. We found the treatment of issues we consider important to be generally good. For example, in the area of decision making, goal conflict is explicitly addressed, from production vs. safety to differing personal opinions. Corrective action (CA) gets appropriate attention, including CA prioritization based on safety significance and verification that fixes are implemented and effective. Backlogs in many areas, including maintenance and corrective actions, are addressed. In general, the treatment is more thorough than the examples included in the NUREG.
However, the treatment of management incentives is weak. We favor a detailed evaluation of the senior managers’ compensation scheme focusing on how much of their compensation is tied to achieving safety (vs. production or other) goals.
So, do we feel better about the qualms we expressed over the NUREG, viz., that it is a step on the road to the bureaucratization of SC evaluation, a rigid checklist approach that ultimately creates an incomplete and possibly inaccurate picture of a plant’s SC? Not really. Our concerns are described below.
Over-simplification
For starters, CNCAN decided to focus on 20 attributes because they believed it was possible to gather relevant information on them. What about the other 17? Are they unrelated to SC simply because it might be hard to access them?
A second simplification is limiting the information search to artifacts: documents, interviews and observations. One does not have to hold some esoteric belief, e.g., that SC is an emergent organizational property that results from the functioning of a socio-technical system, to see that focusing on the artifacts may be similar to the shadows in Plato’s cave. Early on, the article refers to this problem by quoting from a 1999 NEA report: “the regulator can evaluate the outward operational manifestations of safety culture as well as the quality of work processes, and not the safety culture itself.” (p. 2)
Limited applicability
Romania has a single nuclear plant and what is, at heart, a one-size-fits-all approach is much more practical when “all” equals one. This type of approach might even work in, say, France, where there are multiple plants but a single operator. On the other hand, the U.S. currently has 32 operators reporting to 81 owners.** Developing SC assessment techniques that are comprehensive, consistent and perceived as fair by such a large group is not a simple task. The U.S. approach will continue to subsume SC evaluation under the ROP, which arguably ties SC evaluation to “objective” safety-related performance but unfortunately leads to de facto regulation of SC, less transparency and incomprehensible results in specific cases.***
(It could be worse. For an example, just look at DOE where the recent “guidance” on conducting SC self-assessments led to unreliable self-assessment results that can’t be compared with each other. For more on DOE, see our March 31, 2014 post or click on the DOE label at the bottom of this post.)
Bottom line
Ultimately the article can be summarized as follows: It’s hard, maybe impossible to directly evaluate SC but here’s what we (CNCAN) are doing and we think it works. We say a CNCAN-style approach may be helpful but one should remain alert to important SC factors that may be overlooked.
* M. Tronea, “Trends and Challenges in Regulatory Assessment of Nuclear Safety Culture,” International Nuclear Safety Journal, vol. 3 no. 1 (2014), pp. 1-5. Retrieved April 14, 2014. Dr. Tronea works for the Romanian nuclear authority (CNCAN) and is the founder/moderator of the LinkedIn Nuclear Safety group.
The NRC has issued NUREG-2165* which formalizes the safety culture (SC) common language that has been under development since the NRC SC Policy Statement (SCPS) was issued. On topics important to us the NUREG repeats word-for-word the text of a document** prepared after a common language workshop held January 29-30, 2013. Both documents contain a set of SC traits, attributes that define each trait and examples that would evidence each attribute. Because the language is the same, our opinion on the treatment of our important topics remains the same, as described in detail in our Feb. 28, 2013 post. Specifically, the treatment of
Decision making, including the treatment of goal conflicts, is Good;
Corrective action, part of problem identification and resolution, is Satisfactory;
Management Incentives is Unsatisfactory because the associated attributes focuses on workers, not managers, and any senior management incentive program is not mentioned; and
Work Backlogs are mentioned in a couple of specific areas so the overall grade is Minimally Acceptable. But we have one overarching concern that transcends our opinion of common language specifics. Our Perspective
Our biggest issue with the traits, attributes and examples approach is our fear it will lead to the complete bureaucratization of SC evaluation, either consciously or unconsciously. The examples in particular can morph into soft requirements on a physical or mental checklist. Such an approach leads to numerous questions. How many of the 10 traits does a healthy or positive SC exhibit?*** How many of the 40 attributes? Are the traits equally important? How about the attributes? Could the weighting factors vary across plant sites? How many examples must be observed before an attribute is judged acceptably present?
We understand the value of effective communications among regulators, licensee personnel and other stakeholders. But we worry about possible unintended consequences as people attempt to apply the guidance in NUREG-2165, especially in the NRC’s Reactor Oversight Process (ROP).****
*** The NUREG-2165 text describes a “healthy” SC while the SCPS (published as NUREG/BR-0500, Rev. 1, ADAMS ML12355A122) refers to a “positive” SC. The correct answer to “how many traits?” may be “more than ten” because the authors note “There may also be traits not included in the SCPS that are important in a healthy safety culture.” (p. 2)
**** The common language “initiative is within the Commission-directed framework for enhancing the ROP treatment of cross-cutting areas to more fully address safety culture.” (p. 3) This may require a little linguistic jujitsu since the SCPS says “traits were not developed for inspection purposes.”
A March 25, 2014 NRC press release* announced that Chairman Macfarlane presented the Sixth National Report for the Convention on Nuclear Safety** to International Atomic Energy Agency (IAEA) member countries. The report mentions safety culture (SC) several times, as discussed below. There is no breaking news in a report like this. We’re posting about it only because it provides an encyclopedic review of NRC activities including a description of how SC fits into their grand scheme of things. We also tie the report’s contents to related posts on Safetymatters. The numbers shown below are section numbers in the report.
6.3.11 Public Participation
This section describes how the NRC engages with stakeholders and the broader public. As part of such engagement, the NRC says it expects employers to maintain an open environment where workers are free to raise safety concerns. “These expectations are communicated through the NRC’s Safety Culture Policy Statement” and other regulatory directives and tools. (p. 72) This is pretty straightforward and we have no comment.
8.1.6.2 Human Resources
Section 8 describes the NRC, from its position in the federal government to how it runs its internal activities. One such activity is the NRC Inspector General’s triennial General Safety Culture and Climate Survey for NRC employees. Reporting on the most recent (2012) survey, “the NRC scored above both Federal and private sector benchmarks, although in 2012 the agency did not perform as strongly as it had in the past.” (p. 96) We posted on the internal SC survey back on April 6, 2013; we felt the survey raised a few significant issues.
10.4 Safety Culture
Section 10 covers activities that ensure that safety receives its “due priority” from licensees and the NRC itself. Sub-section 10.4 provides an in-depth description of the NRC’s SC-related policies and practices so we excerpt from it at length.
The discussion begins with the SC policy statement and the traits of a positive (sic) SC, including Leadership, Problem identification and resolution, Personal accountability, etc.
The most interesting part is 10.4.1 NRC Monitoring of Licensee Safety Culture which covers “the policies, programs, and practices that apply to licensee safety culture.” (p. 118) It begins with the Reactor Oversight Process (ROP) and its SC-related enhancements. NRC staff identified 13 components as important to SC, including decision making, resources, work control, etc. “All 13 safety culture components are applied in selected baseline, event followup, and supplemental IPs [inspection procedures].” (p. 119)
“There are no regulatory requirements for licensees to perform safety culture assessments routinely. However, depending on the extent of deterioration of licensee performance, the NRC has a range of expectations [emphasis added] about regulatory actions and licensee safety culture assessments, . . .” (p. 119)
“In the routine or baseline inspection program, the inspector will develop an inspection finding and then identify whether an aspect of a safety culture component is a significant causal factor of the finding. The NRC communicates the inspection findings to the licensee along with the associated safety culture aspect.
“When performing the IP that focuses on problem identification and resolution, inspectors have the option to review licensee self-assessments of safety culture. The problem identification and resolution IP also instructs inspectors to be aware of safety culture components when selecting samples.” (p. 119)
“If, over three consecutive assessment periods (i.e., 18 months), a licensee has the same safety culture issue with the same common theme, the NRC may ask [emphasis added] the licensee to conduct a safety culture self-assessment.” (p. 120)
If the licensee performance degrades to Column 3 of the ROP Action Matrix and “the NRC determines that the licensee did not recognize that safety culture components caused or significantly contributed to the risk-significant performance issues, the NRC may request [emphasis added] the licensee to complete an independent assessment of its safety culture.” (p. 120)
For licensees in Column 4 of the ROP “the NRC will expect [emphasis added] the licensee to conduct a third-party independent assessment of its safety culture. The NRC will review the licensee’s assessment and will conduct an independent assessment of the licensee’s safety culture . . .” (p. 120)
ROP SC considerations “provide the NRC staff with (1) better opportunities to consider safety culture weaknesses . . . (2) a process to determine the need to specifically evaluate a licensee’s safety culture . . . and (3) a structured process to evaluate the licensee’s safety culture assessment and to independently conduct a safety culture assessment for a licensee . . . . By using the existing Reactor Oversight Process framework, the NRC’s safety culture oversight activities are based on a graded approach and remain transparent, understandable, objective, risk-informed, performance-based, and predictable.” (p. 120)
We described this hierarchy of NRC SC-related activities in a post on May 24, 2013. We called it de facto regulation of SC. Reading the above only confirms that conclusion. When the NRC asks, requests or expects the licensee to do something, it’s akin to a military commander’s “wishes,” i.e., they’re the same as orders.
10.4.2 The NRC Safety Culture
This section covers the NRC’s actions to strengthen its internal SC. This actions include appointing an SC Program Manager; integrating SC into the NRC’s Strategic Plan; developing training; evaluating the NRC’s problem identification, evaluation and resolution processes; and establishing clear expectations and accountability for maintaining current policies and procedures.
We would ask how SC affects (and is affected by) the NRC’s decision making and resource allocation processes, work practices, operating experience integration and establishing personal accountability for maintaining the agency’s SC. What’s good for the goose (licensee) is good for the gander (regulator).
Institute of Nuclear Power Operations (INPO)
INPO also provided content for the report. Interestingly, it is a 39-page Part 3 in the body of the report, not an appendix. Part 3 covers INPO’s mission, organization, etc. and includes a section on SC.
6. Priority to Safety (Safety Culture)
The industry and INPO have their own definition of SC: “An organization’s values and behaviors—modeled by its leaders and internalized by its members—that serve to make nuclear safety the overriding priority.” (p. 230)
“INPO activities reinforce the primary obligation of the operating organizations’ leadership to establish and foster a healthy safety culture, to periodically assess safety culture, to address shortfalls in an open and candid fashion, and to ensure that everyone from the board room to the shop floor understands his or her role in safety culture.” (p. 231)
We believe our view of SC is broader than INPO’s. As we said in our July 24, 2013 post “We believe culture, including SC, is an emergent organizational property created by the integration of top-down activities with organizational history, long-serving employees, and strongly held beliefs and values, including the organization's “real” priorities. In other words, SC is a result of the functioning over time of the socio-technical system. In our view, a CNO can heavily influence, but not unilaterally define, organizational culture including SC.”
Conclusion
This 341 page report appears to cover every aspect of the NRC’s operations but, as noted in our introduction, it does not present any new information. It’s a good reference document to cite if someone asks you what the NRC is or what it does.
We found it a bit odd that the definition of SC in the report is not the definition promulgated in the NRC SC Policy Statement. Specifically, the report says the NRC uses the 1991 INSAG definition of SC: “that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear safety issues receive the attention warranted by their significance.” (p. 118)
The Policy Statement says “Nuclear safety culture is the core values and behaviors resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment.”***
Of course, both definitions are different from the INPO definition provided above. We’ll leave it as an exercise for the reader to figure out what this means.
*** NUREG/BR 0500 Rev 1, “Safety Culture Policy Statement” (Dec 2012). ADAMS ML12355A122. This definition comports with the one published in the Federal Register Vol. 76, No. 114 (June 14, 2011) p. 34777.
Last August 7th, the NRC held a public meeting to discuss their outreach initiatives to inform stakeholders about the Safety Culture Policy Statement (SCPS). A meeting summary was published in October.* Much of the discussion covered what we'll call the bureaucratization of safety culture (SC)—development of communication materials (inc. a poster, brochure, case studies and website), presentations at conferences and meetings (some international), and training. However, there were some interesting tidbits, discussed below.
One NRC presentation covered the SC Common Language Initiative.** The presenter remarked that an additional SC trait, Decision Making (DM), was added during the development of the common language. In our Feb. 28, 2013 review of the final common language document, we praised the treatment of DM; it is a principal creator of artifacts that reflect an organization's SC.
The INPO presentation noted that “After the common language effort was completed in January, 2013, INPO published Revision 1 of 12-012, which includes all of the examples developed during the common language workshop.” (p. 6) We reviewed that INPO document here.
But here's the item that got our attention. During a presentation on NRC outreach, an industry participant cautioned the NRC to not put policy statements into regulatory documents because policy statements are an expectation, not a regulation. The senior NRC person at the meeting agreed with the comment “and the importance of the NRC not overstepping the Commission’s direction that implementing the SCPS is not a regulatory requirement, but rather the Commission’s expectations.” (p. 4)
We find the last comment disingenuous. We have previously posted on how the NRC has created de facto regulation of SC.*** In the absence of clear de jure regulation, licensees and the NRC end up playing “bring me another rock” until the NRC accepts a licensee's pronouncements, as verified by NRC inspectors. For an example of this convoluted kabuki, read Bob Cudlin's Jan. 30, 2013 post on how Palisades' efforts to address a plant incident finally gained NRC acceptance, or at least an NRC opinion that Palisades' SC was “adequate and improving.”
** “The common language initiative uses the traits from the SCPS as a basic foundation, and contains definitions and examples to describe each trait more fully.” (p. 3)
*** For related posts, please click the "Regulation of Safety Culture" label.
We’ve often thought that intentional or willful violations of safety/regulatory requirements could provide a useful window into the dynamics of safety culture. Now the NRC has just issued an Information Notice* listing recent instances of willful violations. The Notice is titled “Willful Misconduct/Record Falsification and Nuclear Safety Culture” and reports on seven recent instances of such conduct. From the title and throughout the notice the NRC asserts a link between willful violations and nuclear safety culture. To wit it states, “An effective safety-culture is essential to nuclear safety at all phases of design, construction and operation and can help prevent willful misconduct by ensuring expectations and consequences are clearly stated and understood.” (p. 5) The NRC adds, “The above willful misconduct issues and discussion highlights the need... to establish and implement an effective nuclear safety-culture. This includes training, adequate oversight, and frequent communications especially for workers new to the nuclear industry.” (p. 6) What we see here is consistent with the NRC’s pro forma approach to organizational safety performance issues. The problem is culture; the answer is more training, more clarity of expectations, more oversight.** Oh, and disciplinary actions for the errant individuals. Are we to take from this that the individuals involved in these situations are just “bad eggs”? And the answer is some punishment and re-education? Is this even consistent with the nature of willful violations and does the sheer number of recent experiences raise more fundamental questions, the most basic of which is “Why?” Let’s start with what is different about willful violations. Willful violations are deliberate, intentional and knowing. In other words the individual knows his/her actions are against established policies or procedures. This is not a case of carelessness or lack of knowledge of what is expected. Thus it is hard to understand what would be achieved by more training and reinforcement of expectations. The prescription for more oversight is also puzzling. It appears to assume that violations will continue unless there is strict monitoring of behaviors. Interestingly it is reliance on more oversight by managers who apparently weren’t providing the necessary oversight in the first place. So on the one hand the corrective actions identified in the these events do not appear well suited to the nature of a willful violation. Perhaps more importantly this treatment of the problem obscures deeper analysis of why such violations are occurring in the first place. Why are personnel deciding to intentionally do something wrong? Often willful acts have their basis in personal gain or covering up some other misdeed. Nothing in the seven instances in the Notice even hint at this type of motivation. Could it be an intent to do harm to the organization due to some other personal issue - a problem with a supervisor, being passed by for a promotion, etc? Hmmm, I guess it’s possible but again there does not appear to be any hint of this in the available documentation. Or could it be that the individuals were responding to some actual or perceived pressure to get something done - more quickly, at less cost, or to avoid raising an issue that itself would cost time or money? Again there was no exploration of motive for these violations in the NRC’s or licensee’s investigations.*** The apparent failure to fully investigate the motive for these violations is unfortunate as it leaves other critical factors unexplored and untreated. Goal pressures almost always have their origin higher up in the organization. Defaulting to reinforcing the culture side of the equation may not be effective due to the inherent contradiction in signals from upper management. In a prior post we suggested that safety culture be thought of as a “pressure boundary”, specifically “the willingness and ability of an organization to resist undue pressure on safety from competing business priorities”. When resistance breaks down it can lead to shading of safety assessments, a decided lack of rigor in pursuing causes and extent of condition - or it can even lead to willful violations. Relieving business pressure may be the far more effective antidote.
* NRC Information Notice 2013-15: Willful Misconduct/Record Falsification and Nuclear Safety Culture (Aug. 23, 2013). ADAMS ML13142A437. ** In two instances modest civil penalties were also assessed. *** We would remind our readers of our post dated April 2, 2012 regarding the guilty plea of one of the Massey coal mine supervisors to intentional violations of the law. The stated reason: following the law would decrease coal production.
