Regulatory Creep

The NRC's assessment of safety culture (SC) is an example of regulatory creep.  It began with the requirement that licensees determine whether specific safety-related performance problems or cross-cutting issues were caused, in whole or in part, by SC deficiencies.  Then the 2011 SC Policy Statement attempted to put a benign face on NRC intrusiveness because a policy statement is not a regulation.  However, licensees are “expected” to comply with the policy statement's goals and guidance; the NRC “expectations” become de facto regulations.

We have griped about this many times.*  But why does regulatory creep occur?  Is it inevitable?  We'll start with some background then look at some causes.

In the U.S., Congress passes and the President approves major legislative acts.  These are top-level policy statements characterized by lofty goals and guiding principles.  Establishing the detailed rules (which have the force of law) for implementing these policies falls to government bureaucrats in regulatory agencies.  There are upwards of 50 such agencies in the federal government, some part of executive branch departments (headed by a Cabinet level officer), others functioning independently, i.e., reporting to Congress with the President appointing, subject to Congressional approval, their governing boards (commissioners).  The NRC is one of the independent federal regulatory agencies.

Regulatory rules are proposed and approved following a specified, public process.  But once they are in place, multiple forces can lead to the promulgation of new rules or an expanded interpretation or application of existing rules (creep).  The forces for change can arise internal or external to the agency.  Internal forces include the perceived need to address new real or imagined issues, a fear of losing control as the regulated entities adapt and evolve, or a generalized drive to expand regulatory authority.  Even bureaucrats can have a need for more power or a larger budget.

External sources include interest groups (and their lobbyists), members of Congress who serve on oversight committees, highly motivated members of the public or the agency's own commissioners.  We classify commissioners as external because they are not really part of an agency; they are political appointees of the President, who has a policy agenda.  In addition, a commissioner may owe a debt or allegiance to a Congressional sponsor who promoted the commissioner's appointment.

Given all the internal and external forces, it appears that new rules and  regulatory creep are inevitable absent the complete capture of the agency by its nominally regulated entities.  Creep means a shifting boundary of what is required, what is allowed, what is tolerated and what will be punished—without a formal rule making.  The impact of creep on the regulated entities is clear: increased uncertainty and cost.  They may not care for increased regulatory intrusiveness but they know the penalty may be high if they fail to comply.  When regulated entities perceive creep, they must make a business decision: comply or fight.  They often choose to comply simply because if they fight and lose, they risk even more punitive formal regulation and higher costs.  If they fight and win, they risk alienating career bureaucrats who will then wait for an opportunity to exact retribution.  A classic lose-lose situation.  

Our perspective

Years ago I took a poli-sci seminar where the professor said public policy forces could be boiled down to: Who's mad?  How mad?  And who's glad?  How glad?  I sometimes refer to that simple mental model when I watch the ongoing Kabuki between the regulator, its regulated entities and many, many political actors.  Regulatory creep is one of the outcomes of such dynamics.


*  For related posts, click the "Regulation of Safety Culture" label.

Regulatory creep is not confined to the NRC.  The motivation for this post was an item forwarded by a reader on reported Consumer Product Safety Commission (CPSC) activity.  Commenting on a recent settlement, a CPSC Commissioner “expressed concern that . . . the CPSC had insisted on a comprehensive compliance program absent evidence of widespread noncompliance and that “the compliance program language in [the] settlement is another step toward just such a de facto rule.””  C.G. Thompson, “Mandated Compliance Programs as the New Normal?” American Conference Institute blog.  Retrieved June 6, 2013.

How the NRC Regulates Safety Culture

We have long griped about the back door regulation of safety culture (SC) in the U.S.  This post describes how the NRC gets to and through the back door.  (Readers familiar with the NRC regulatory process can skip this post.  If we get it wrong, please let us know.)

Oversight of Reactor Operations*

The Action Matrix

The NRC's Operating Reactor Assessment Program collects information from inspections (baseline and supplemental) and performance indicators (PIs) to develop conclusions about a licensee's safety performance.  Depending on the results of the NRC's assessment, a plant is assigned to a column in the Action Matrix, a table that categorizes various levels of plant performance and, for each level, identifies required and optional NRC and licensee actions.

The Action Matrix has five columns; the safety significance of plant problems increases as one goes from column 1 to column 5.  Plants in column 1 receive the NRC baseline inspection program, plants in columns 2-4 receive increasing NRC attention and licensee requirements and plants in column 5 have unacceptable performance and are not allowed to operate.

SC first becomes a consideration in column 2 when the NRC conducts a Supplemental Inspection using  IP 95001.  Licensees are expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's corrective action program (CAP).  NRC inspectors determine if the licensee's causal evaluations appropriately considered SC components and if any SC issues were identified that the corrective action is sufficient to address the SC issue(s).  If not, then the inspection report is kept open until the licensee takes sufficient corrective action.
   
For a plant in column 3, the licensee is again expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's CAP.  NRC inspectors independently determine if SC components caused or significantly contributed to the identified performance problems.  If inspectors cannot make an independent determination (e.g., the licensee does not perform a SC analysis) the inspection is kept open until the licensee takes sufficient corrective action.

If the NRC concludes SC deficiencies caused or significantly contributed to the performance issues, and the licensee did not recognize it, the NRC may request that the licensee complete an independent** SC assessment.  In other words, it is an NRC option.

For plants in column 4 or 5, the licensee is expected to have a third-party** SC assessment performed.  The NRC will evaluate the third-party SC assessment and independently perform a graded assessment of the licensee's SC.  Inspectors can use the results from the licensee's third party SC assessment to satisfy the inspection requirements if the staff has completed a validation of the third party SC methodology and related factors.  If the inspectors conduct their own assessment, the scope may range from focusing on functional groups or specific SC components to conducting a complete SC assessment 

Significant Cross-Cutting Issues

The NRC evaluates performance for seven cornerstones that reflect the essential safety aspects of plant operation.  Some issues arise that cross two or more cornerstones and result in a Significant Cross-Cutting Issue (SCCI) in the areas of Human Performance, Problem Identification and Resolution or Safety Conscious Work Environment.  Each SCCI has constituent components, e.g., the components of Human Performance are Decision-making, Resources, Work control and Work practices.  Each component is characterized, e.g., for Decision-making “Licensee decisions demonstrate that nuclear safety is an overriding priority” and has defining attributes, e.g., “The licensee makes safety-significant or risk-significant decisions using a systematic process, . . . uses conservative assumptions . . . [and] communicates decisions and the basis for decisions . . .” 

There are other components which are not associated with cross-cutting areas: Accountability, Continuous learning environment, Organizational change management and Safety policies.

Most important for our purpose, the NRC says the cross-cutting components and other components comprise the plant's SC components.

Thus, by definition analysis and remediation of SCCIs involve SC, sometimes directly.  For example, in the third consecutive assessment letter identifying the same SCCI, the NRC would typically request the licensee to perform an independent SC assessment.  (Such a request may be deferred if the licensee has made reasonable progress in addressing the issue but has not yet met the specific SCCI closure criteria.)

SCCIs are included with plants' annual and mid-cycle assessment letters.  Dana Cooley, a nuclear industry consultant, publishes a newsletter that summarizes new, continuing, closed and avoided SCCIs from the plant assessment letters.  The most recent report*** describes 15 new and continuing SCCIs, involving 6 plants.  Two plants (Browns Ferry and Susquehanna) have specific SC assessment requirements.

Our perspective

The NRC issued its SC Policy on June 14, 2011.  “The Policy Statement clearly communicates the Commission’s expectations that individuals at organizations performing or overseeing regulated activities establish and monitor a positive safety culture commensurate with the safety and security significance of their activities and the nature and complexity of their organizations and functions.”****

The SC Policy may be new to NRC licensees that do not operate nuclear reactors but as detailed above, the NRC's “expectations” have been codified in the operating reactor inspections for years.  (The SC language for the Action Matrix and SCCIs was added in 2006.)

Technically, there is no NRC regulation of SC because there are no applicable regulations.  As a practical matter, however, because the NRC can dig into (or force the licensees to dig into) possible SC contributions to safety-significant problems, then require licensees to fix any identified SC issues there is de facto regulation of SC.  SC is effectively regulated because licensees are forced to expend resources (time, money, personnel) on matters they might not otherwise pursue.

Because there is no direct, officially-recognized regulation of SC, it appears a weak SC alone will not get a plant moved to a more intrusive column of the Action Matrix.  However, failure to demonstrate a strong or strengthening SC can keep a plant from being promoted to a column with less regulatory attention.

Why does the industry go along with this system?  They probably fear that official regulation of SC might be even more onerous.  And it might be the camel's nose in the tent on NRC evaluation of licensee management competence, or looking at management compensation plans including performance incentives.  That's where the rubber meets the road on what is really important to a plant's corporate owners. 


*  This post is a high-level summary of material in the NRC Inspection Manual, Ch. 0305 “Operating Reactor Assessment Program” (Jun. 13, 2012), Ch. 0310 “Components Within the Cross-Cutting Areas” (Oct. 28, 2011) and NRC Inspection Procedures 95001 (Feb. 9, 2011), 95002 (Feb. 9, 2011) and 95003 (Feb. 9, 2011).  Many direct quotes are included but quotation marks have not been used in an effort to minimize clutter.

**  An independent SC assessment is performed by individuals who are members of licensee's organization but have no direct authority and have not been responsible for any of the areas being evaluated.  A third-party SC assessment is performed by individuals who are not members of the licensee's organization.  (IMC 0305, p. 4)

***  D.E. Cooley (SeaState Group), “NRC Reactor Oversight Program, Substantive Cross-Cutting Issues, 2012 Annual Assessment Letters, March 4, 2013 Data.” 

****  From the NRC website http://www.nrc.gov/about-nrc/regulatory/enforcement/safety-culture.html#programs

IAEA on Instituting Regulation of Licensee Safety Culture

The International Atomic Energy Agency (IAEA) has published a how-to report* for regulators who want to regulate their licensees' safety culture (SC).  This publication follows a series of meetings and workshops, some of which we have discussed (here and here).  The report is related to IAEA projects conducted “under the scope of the Regional Excellence Programme on Safe Nuclear Energy–Norwegian Cooperation Programme with Bulgaria and Romania. These projects have been implemented at the Bulgarian and Romanian regulatory bodies” (p. 1)

The report covers SC fundamentals, regulatory oversight features, SC assessment approaches, data collection and analysis.  We'll review the contents, highlighting IAEA's important points, then provide our perspective.

SC fundamentals

The report begins with the fundamentals of SC, starting with Schein's definition of SC and his tri-level model of artifacts, espoused values and basic assumptions.  Detail is added with a SC framework based on IAEA's five SC characteristics:

• Safety is a clearly recognized value
• Leadership for safety is clear
• Accountability for safety is clear
• Safety is integrated into all activities
• Safety is learning driven.

The SC characteristics can be described using specific attributes.

Features of regulatory oversight of SC 

This covers what the regulator should be trying to achieve.  It's the most important part of the report so we excerpt the IAEA's words.

“The objective of the regulatory oversight of safety culture, focused on a dynamic process, is to consider and address latent conditions that could lead to potential safety performance degradation at the licensees’ nuclear installations. . . . Regulatory oversight of safety culture complements compliance-based control [which is limited to looking at artifacts] with proactive control activities. . . . ” (p. 6, emphasis added)

“[R]egulatory oversight of safety culture is based on three pillars:

“Common understanding of safety culture. The nature of safety culture is distinct from, and needs to be dealt with in a different manner than a compliance-based control. . . .

“Dialogue. . . . dialogue is necessary to share information, ideas and knowledge that is often qualitative. . . .

“Continuousness. Safety culture improvement needs continuous engagement of the licensee. Regulatory oversight of safety culture therefore ideally relies on a process during which the regulator continuously influences the engagement of the licensee.” (p. 7)

“With regards to safety culture, the regulatory body should develop general requirements and enforce them in order to ensure the authorized parties have properly considered these requirements. On the other hand, the regulatory body should avoid prescribing detailed level requirements.” (p. 8)  The licensee always has the primary responsibility for safety.

Approaches for assessing SC

Various assessment approaches are currently being used or reviewed by regulatory bodies around the world. These approaches include: self-assessments, independent assessments, interaction with the licensee at a senior level, focused safety culture on-site reviews, oversight of management systems and integration into regulatory activities.  Most of these activities are familiar to our readers but a couple merit further definition.  The “management system” is the practices, procedures and people.**  “Integration into regulatory activities” means SC-related information is also collected during other regulatory actions, e.g., routine or special inspections.

The report includes a table (recreated below) summarizing, for each assessment approach, the accuracy of results and resources required.  Accuracy is judged as realistic, medium or limited and resource requirements as high, medium and low.  The table thus shows the relative strengths and weaknesses of each approach.

		Criteria
Approaches	Accuracy of SC picture	Effort	Management involvement	Human and Organizational Factors & SC skills
Self-assessment	Medium	Low (depending on	Low	Medium
Review		who initiates the		(to understand
(high experience and		self-assessment,		deliverables)
skills of the		regulator or
reviewers are		licensee)
assumed)
Independent	Medium	Low	Low	Medium
assessment Review				(to understand
(high experience and				deliverables)
skills of the
reviewers are
assumed)
Interaction with the	Limited (however	Medium	High	Medium
Licensee at Senior	can support a
Level	shared
	understanding)
Focused Safety	Realistic (gives	High	Medium	High
Culture On-Site	depth in a moment
Review	of time)
Oversight of	Medium (Reduced	Low	Low	Medium
Management System	if only formal
Implementation	aspects are
	considered)
Integration into	Medium (when	Medium (after an	Medium (with an	Medium (specific
Regulatory	properly trended	intensive initial	intensive initial	training
Activities	and analyzed)	introduction)	support)	requirement and
				experience sharing)

Data collection, analysis and presenting findings to the licensee

The report encourages regulators to use multiple assessment approaches and multiple data collection methods and data sources.  Data collection methods include observations; interviews; reviews of events, licensee documents and regulator documents; discussions with management; and other sources such as questionnaires, surveys, third-party documents and focus groups.  The goal is to approach the target from multiple angles.  “The aim of data analysis is to build a safety culture picture based on the inputs collected. . . . It is a set of interpreted data regarding the organizational practices and the priority of safety within these practices. (p. 17)

Robust data analysis “requires iterations [and] multi-disciplinary teams. A variety of expertise (technical, human and organizational factors, regulations) are necessary to build a reliable safety culture picture. . . . [and] protect against bias inherent to the multiple sources of data.” (p. 17)

The regulator's picture of SC is discussed with the licensee during periodic or ad hoc meetings.  The objective is to reach agreement on next steps, including the implementation of possible meeting actions and licensee commitments.

Our perspective

The SC content is pretty basic stuff, with zero new insight.  From our viewpoint, the far more interesting issue is the extension of regulatory authority into an admittedly soft, qualitative area.  This issue highlights the fact that the scope of regulatory authority is established by decisions that have socio-political, as well as technical, components.  SC is important, and certainly regulatable.  If a country wants to regulate nuclear SC, then have at it, but there is no hard science that says it is a necessary or even desirable thing to do.

Our big gripe is with the hypocrisy displayed by the NRC which has a SC policy, not a regulation, but in some cases implements all the steps associated with regulatory oversight discussed in this IAEA report (except evaluation of management personnel).  For evidence, look at how they have been pulling Fort Calhoun and Palisades through the wringer.


*  G. Rolina (IAEA), “Regulatory oversight of safety culture in nuclear installations” IAEA TECDOC 1707 (Vienna: International Atomic Energy Agency, 2013).

**  A management system is a “set of interrelated or interacting elements (system) for establishing policies and objectives and enabling the objectives to be achieved in an efficient and effective way. . . . These elements include the structure, resources and processes. Personnel, equipment and organizational culture as well as the documented policies and processes are parts of the management system.” (p. 30)

NRC Regulatory Information Conference (RIC) - Safety Culture Preview

The RIC is this week, March 12-14.  The teaser on the NRC blog says the technical sessions will include safety culture (SC) policies.  Let's look at the program agenda and see what's in store for SC.

There will be 36 technical sessions.  I reviewed all the titles and drilled down into sessions that might make some mention of SC, e.g.,  T4 - Construction Inspection Experience–The First Year and T7 - Human Impacts.  However, I could find no mention of SC in any of the currently available slide presentations.

That left the last technical session on the agenda: TH36 - The NRC’s Safety Culture Policy Statement–Domestic and International Initiatives.  Following is a summary of the available presentations for this session.

The introductory remarks summarize the development of the SC policy statement and its implementation.  There is no news here.

The SC common language presentation reviews the history of this initiative (which we have previously reviewed here and here).  The presentation has one quotable statement: “NRR will work to incorporate language into the ROP guidance documents and inspection procedures, as appropriate.”  Does that sound like back door regulation of SC to you?

A presentation on domestic and international cooperation reviews the relationship between NRC and INPO, NRC and IAEA, and others.  As an example of cooperation, the authors summarize the INPO SC survey data that were collected from operating plants and then analyzed by INPO (and later NRC) to show “statistically significant relationships between safety culture survey results and measures of plant performance.”  We commented on this work when it first appeared in 2010, congratulating INPO for making the effort and agreeing with some of the findings but finally concluding that the analysis was incomplete and potentially misleading.   

An industry presentation by Nuclear Fuel Services Inc. (NFS) describing their SC improvement program is worth a look.  It lists almost two dozen program components, none of which is a trivial undertaking, which suggest how much work is involved in changing an existing SC.  (I have no idea if NFS is actually pursuing the listed activities or how well they're doing.)

All in all, it's probably not worth traveling to Bethesda if you're seeking enlightenment about SC. 

Talking Sheep at Palisades

In Lewis Carroll’s Through the Looking Glass, Alice and the White Queen advance into the chessboard's fifth rank by crossing over a brook together, but at the very moment of the crossing, the Queen transforms into a talking sheep.  Alice soon finds herself struggling to handle the oars of a small rowboat, where the Sheep annoys her with nonsensical shouting.  Now consider the NRC’s Nov. 9, 2012 followup inspection report* at Palisades related to the DC panel event and the Service Water pump coupling failure.  It brings to mind a similar picture - in this case inspectors struggling to propel a small rowboat of substance on a river of nonsensical jargon and bureaucratese.

Reading this inspection report (IR) reveals endless repetition of process details and findings of other reports, and astonishingly little substance or basis for the inspectors' current findings and conclusions.  The IR “assesses” the findings of the Palisades root cause analysis and associated extent of condition and corrective actions.  The discussion is deeply ingrained with yellow findings, white findings, crosscutting this and cornerstone that, a liberal dose of safety culture traits and lots of significance determinations.  Frankly it’s hard to even remember what started the whole thing.  Perhaps of most interest, the IR notes  that much of the Palisades management team was replaced in the period since these two events. (p. 23)  Why?  Were they deemed incompetent? Unwilling to implement appropriate risk and safety priorities?  Or just sacrificial lambs? (more sheep).  It appears that these changes carried significant weight with the NRC inspectors although it is not specifically stated. 

Then there is this set of observations:

“During interviews the inspectors heard that there were concerns about staffing levels in multiple departments, but the site was aware and was actively working with Entergy corporate management to post and fill positions. . . Entergy Corporate was perceived by many on the site to be stifling progress in filling positions.  The many issues at Palisades and staffing problems have contributed to the organization becoming more reactive to addressing maintenance and equipment reliability issues versus being proactive in addressing possible problems.” (p. 23)

Which is it?  The site was actively working with Entergy or Entergy was stifling progress in filling positions?  Without further amplification or justification the IR delivers its conclusion: “The inspection team concluded the safety culture was adequate and improving.” (p. 24, emphasis added)  There is no discussion of how or on what basis the inspectors reached this conclusion.  In particular the finding of “improving” is hard to understand as it does not appear that this inspection team had previously assessed the safety culture at the site.

At one point the IR stumbles into a revealing and substantive issue that could provide significant insight into the problems at Palisades.  It describes another event at the plant with a lot of similarities to the DC panel. 

“The inspection team focused inspection efforts on ... an occurrence when, on May 14, 2012, workers erroneously placed a wire jumper between 115 Volt AC and 125 Volt DC circuits ...many of the actions and behaviors exhibited by the workers involved were similar in nature to the loss of DC bus event that occurred in September 2011...Those similar behaviors included the lack of a pre-job brief and discussion regarding the limitations of the work scope, workers taking action outside of the scope allowed by ‘toolpouch maintenance,’ supervisors failing to adequately challenge the workers, and workers proceeding in the face of uncertainty when unexpected conditions arose.” (p. 21)

So far so good.

“Many of the supervisors and managers the inspection team interviewed stated that the May 2012 near-miss was not a repeat event of the September 2011 event because the May 2012 near-miss involved only a handful of individuals, whereas the September 2011 occurrence involved multiple individuals across multiple organizations at Palisades. The inspectors agreed that the May 2012 near-miss involved fewer individuals, but there were individuals from several organizations involved in the near-miss. The inspectors concluded that the RCE assessment was narrow in that it stated only the field work team failed to internalize the cause and corrective actions from the September 2011 DC bus event. The inspectors concluded that other individuals, including the WCC SRO, CRS, and a non-licensed plant operator also exhibited behaviors similar to those of the September 2011 DC bus event.” (p. 21)

Still good but starting to wonder if the Palisades supervisors and managers really got the lessons learned from September 2011.

“The inspectors determined that, while the May 2012 near-miss shared some commonalities with the September 2011 event, the two conditions were not the result of the same basic causes. The inspectors reached this conclusion because the May 2012 near-miss did not result in a significant plant transient [emphasis added] and also did not exhibit the same site wide, organizational breakdowns in risk recognition and management that led to the September 2011 event.” (pp. 21-22)

Whoops.  First, what is the relevance of the outcome of the May 2012 event?  Why is it being alluded to as a cause?  Are the inspectors saying that if in September 2011 the Palisades personnel took exactly the actions they took but had the good fortune not to let the breaker stab slip it would not be a significant safety event?  

With regard to the extent of organizational breakdown, in the prior paragraph the inspectors had pushed back on this rationale - but now conclude the May 2012 event is different because it was not “site-wide”.  It is not clear how you square these arguments particularly if one goes back to the original root cause of  the DC panel event: 

“...senior leaders had not established a sufficiently sensitive culture of risk recognition and management, which resulted in the plant’s managers, supervisors, and workers not recognizing, accounting for, or preparing for the industrial safety risk and plant operational nuclear risk…” (p. 1) and, quoting from the licensee root cause analysis “site leadership at all levels was not sufficiently intrusive into work on panel ED-11-2.” (p. 13)

It is hard to see how the May 2012 event didn’t exhibit these same causes.  In addition, the “Why Staircase” in the Palisades root cause analysis (p. 21) does not identify or allude to the extent of involvement of multiple organizations - at all.  While we do not believe that such linear, “why” thinking is adequate for a complex system, it is the basis for what Palisades found and what the NRC inspectors accepted.

We’re not really sure what to make of this inspection effort.  On its face it doesn’t provide much of a basis for its conclusion that the safety culture is adequate and improving.  Perhaps the real basis is the new management team?  Or perhaps the NRC doesn’t really have many options in this situation.  If the current inspection found the weaknesses not to have been resolved, what could the NRC do?  Is there such a thing as an “inadequate” safety culture?  Or just safety culture that need improvement?  It seems the NRC’s safety culture construct has created a Looking Glass-like inversion of reality - maybe a convenient trope within the agency but increasingly a baffling and unsatisfying distraction to achieving competent nuclear safety management. 

Bottom line:  The NRC close out inspection is a baaaad report.


*  S. West (NRC) to A. Vitale (Entergy), “Palisades Nuclear Plant - NRC Supplemental Inspection Report 05000255/2012011; and Assessment Follow-up Letter” (Nov. 9, 2012) ADAMS ML12314A304.

NRC Non-Regulation of Safety Culture: Fourth Quarter Update

NRC SC Brochure ML113490097

On March 17, July 3 and October 17, 2012 we posted on NRC safety culture (SC) related activities with individual licensees. This post highlights selected NRC actions during the fourth quarter, October through December 2012. We report on this topic to illustrate how the NRC squeezes plants on SC even if the agency is not officially regulating SC.

Prior posts mentioned Browns Ferry, Fort Calhoun and Palisades as plants where the NRC was undertaking significant SC-related activities. It appears none of those plants has resolved its SC issues.

Browns Ferry

An NRC supplemental inspection report* contained the following comment on a licensee root cause analysis: “Inadequate emphasis on the importance of regulatory compliance has contributed to a culture which lacks urgency in the identification and timely resolution of issues associated with non-compliant and potentially non-conforming conditions.” Later, the NRC observes “This culture change initiative [to address the regulatory compliance issue] was reviewed and found to still be in progress. It is a major corrective action associated with the upcoming 95003 inspection and will be evaluated during that inspection.” (Two other inspection reports, both issued November 30, 2012, noted the root cause analyses had appropriately considered SC contributors.)

An NRC-TVA public meeting was held December 5, 2012 to discuss the results of the supplemental inspections.** Browns Ferry management made a presentation to review progress in implementing their Integrated Improvement Plan and indicated they expected to be prepared for the IP 95003 inspection (which will include a review of the plant's third party SC assessment) in the spring of 2013.

Fort Calhoun

SC must be addressed to the NRC’s satisfaction prior to plant restart. The NRC's Oct. 2, 2012 inspection report*** provided details on the problems identified by the Omaha Public Power District (OPPD) in the independent Fort Calhoun SC assessment, including management practices that resulted “. . . in a culture that valued harmony and loyalties over standards, accountability, and performance.”

Fort Calhoun's revision 4 of its improvement plan**** (the first revision issued since Exelon took over management of the plant in September, 2012) reiterates management's previous commitments to establishing a strong SC and, in a closely related area, notes that “The Corrective Action Program is already in place as the primary tool for problem identification and resolution. However, CAP was not fully effective as implemented. A new CAP process has been implemented and root cause analysis on topics such as Condition Report quality continue to create improvement actions.”

OPPD's progress report***** at a Nov. 15, 2012 public meeting with the NRC includes over two dozen specific items related to improving or monitoring SC. However, the NRC restart checklist SC items remain open and the agency will be performing an IP 95003 inspection of Fort Calhoun SC during January-February, 2013.^

Palisades

Palisades is running but still under NRC scrutiny, especially for SC. The Nov. 9, 2012 supplemental inspection report^^ is rife with mentions of SC but eventually says “The inspection team concluded the safety culture was adequate and improving.” However, the plant will be subject to additional inspection efforts in 2013 to “. . . ensure that you [Palisades] are implementing appropriate corrective actions to improve the organization and strengthen the safety culture on site, as well as assessing the sustainability of these actions.”

At an NRC-Entergy public meeting December 11, Entergy's presentation focused on two plant problems (DC bus incident and service water pump failure) and included references to SC as part of the plant's performance recovery plan. The NRC presentation described Palisades SC as “adequate” and “improving.”^^^

Other Plants

NRC supplemental inspections can require licensees to assess “whether any safety culture component caused or significantly contributed to” some performance issue. NRC inspection reports note the extent and adequacy of the licensee’s assessment, often performed as part of a root cause analysis. Plants that had such requirements laid on them or had SC contributions noted in inspection reports during the fourth quarter included Braidwood, North Anna, Perry, Pilgrim, and St. Lucie. Inspection reports that concluded there were no SC contributors to root causes included Kewaunee and Millstone.

Monticello got a shout-out for having a strong SC. On the other hand, the NRC fired a shot across the bow of Prairie Island when the NRC PI&R inspection report included an observation that “. . . while the safety culture was currently adequate, absent sustained long term improvement, workers may eventually lose confidence in the CAP and stop raising issues.”^^^^ In other words, CAP problems are linked to SC problems, a relationship we've been discussing for years.

The NRC perspective and our reaction

Chairman Macfarlane's speech to INPO mentioned SC: “Last, I would like to raise “safety culture” as a cross-cutting regulatory issue. . . . Strengthening and sustaining safety culture remains a top priority at the NRC. . . . Assurance of an effective safety culture must underlie every operational and regulatory consideration at nuclear facilities in the U.S. and worldwide.”^^^^^

The NRC claims it doesn't regulate SC but isn't “assurance” part of “regulation”? If NRC practices and procedures require licensees to take actions they might not take on their own, don't the NRC's activities pass the duck test (looks like a duck, etc.) and qualify as de facto regulation? To repeat what we've said elsewhere, we don't care if SC is regulated but the agency should do it officially, through the front door, and not by sneaking in the back door.

*  E.F. Guthrie (NRC) to J.W. Shea (TVA), “Browns Ferry Nuclear Plant NRC Supplemental Inspection Report 05000259/2012014, 05000260/2012014, 05000296/2012014” (Nov. 23, 2012) ADAMS ML12331A180.

**  E.F. Guthrie (NRC) to J.W. Shea (TVA), “Public Meeting Summary for Browns Ferry Nuclear Plant, Docket No. 50-259, 260, and 296” (Dec. 18, 2012) ADAMS ML12353A314.

***  M. Hay (NRC) to L.P. Cortopassi (OPPD), “Fort Calhoun - NRC Integrated Inspection Report Number 05000285/2012004” (Oct. 2, 2012) ADAMS ML12276A456.

****  T.W. Simpkin (OPPD) to NRC, “Fort Calhoun Station Integrated Performance Improvement Plan, Rev. 4” (Nov. 1, 2012) ADAMS ML12311A164.

*****  NRC, “Summary of November 15, 2012, Meeting with Omaha Public Power District” (Dec. 3, 2012) ADAMS ML12338A191.

^  M. Hay (NRC) to L.P. Cortopassi (OPPD), “Fort Calhoun Station – Notification of Inspection (NRC Inspection Report 05000285/2013008 ” (Dec. 28, 2012) ADAMS ML12363A175.

^^  S. West (NRC) to A. Vitale (Entergy), “Palisades Nuclear Plant - NRC Supplemental Inspection Report 05000255/2012011; and Assessment Follow-up Letter” (Nov. 9, 2012) ADAMS ML12314A304.

^^^  O.W. Gustafson (Entergy) to NRC, Entergy slides to be presented at the December 11, 2012 public meeting (Dec. 7, 2012) ADAMS ML12342A350. NRC slides for the same meeting ADAMS ML12338A107.

^^^^  K. Riemer (NRC) to J.P. Sorensen (NSP), “Prairie Island Nuclear Generating Plant, Units 1 and 2; NRC Biennial Problem Identification and Resolution Inspection Report 05000282/2012007; 05000306/2012007” (Sept. 25, 2012) ADAMS ML12269A253.

^^^^^  A.M. Macfarlane, “Focusing On The NRC Mission: Maintaining Our Commitment to Safety” speech presented at the INPO CEO Conference (Nov. 6, 2012) ADAMS ML12311A496.

NRC Non-Regulation of Safety Culture: Third Quarter Update

On March 17 we published a post on NRC safety culture (SC) related activities with individual licensees since the SC policy statement was issued in June, 2011.  On July 3, we published an update for second quarter 2012 activities.  This post highlights selected NRC actions during the third quarter, July through September 2012.

Our earlier posts mentioned Browns Ferry, Fort Calhoun and Palisades as plants where the NRC was undertaking significant SC-related activities.  It looks like none of those plants has resolved its SC issues and, at the current rate of progress, I’m sure we’ll be reporting on all of them for quite awhile.

Browns Ferry

As we reported earlier, this plant’s SC problems have existed for years.  On August 23, TVA management submitted its Integrated Improvement Plan Summary* to address NRC inspection findings that have landed the plant in column 4 (next to worst) of the NRC’s Action Matrix.  TVA’s analysis of its SC and operational performance problems included an independent SC assessment.  TVA’s overall analysis identified fifteen “fundamental problems” and two bonus issues; for SC improvement efforts, the problems and issues were organized into five focus areas: Accountability, Operational Decision Making (Risk Management), Equipment Reliability, Fire Risk Reduction and the Corrective Action Program (CAP).

The NRC published its mid-cycle review of Browns Ferry on September 4.  In the area of SC, the report noted the NRC had “requested that [the Substantive Cross-Cutting Issue in the CAP] be addressed during your third party safety culture assessment which will be reviewed as part of the Independent NRC Safety Culture Assessment per IP 95003. . . .”**

Fort Calhoun

SC must be addressed to the NRC’s satisfaction prior to plant restart.   The Omaha Public Power District (OPPD) published its Integrated Performance Improvement Plan on July 9.***  The plan includes an independent safety culture assessment to be performed by an organization “that is nationally recognized for successful performance of behavior-anchored nuclear safety culture assessments.” (p. 163)  Subsequent action items will focus on communicating SC principles, assessment results, SC improvement processes and SC information.

The NRC and OPPD met on September 11, 2012 to discuss NRC issues and oversight activities, and OPPD’s performance improvement plan, ongoing work and CAP updates.  OPPD reported that a third-party SC assessment had been completed and corrective actions were being implemented.****

Palisades

The NRC continues to express its concerns over Palisades’ SC.  The best example is NRC’s August 30 letter***** requesting a laundry list of information related to Palisades’ independent SC assessment and management's reaction to same, including corrective actions, interim actions in place or planned to mitigate the effects of the SC weaknesses, compliance issues with NRC regulatory requirements or commitments, and the assessment of the SC at Entergy’s corporate offices. (p. 5)

The NRC held a public meeting with Palisades on September 12, 2012 to discuss the plant’s safety culture.  Plant management’s slides are available in ADAMS (ML12255A042).  We won’t review them in detail here but management's Safety Culture Action Plan includes the usual initiatives for addressing identified SC issues (including communication, training, CAP improvement and backlog reduction) and a new buzz phrase, Wildly Important Goals.

Other Plants

NRC supplemental inspections can require licensees to assess “whether any safety culture component caused or significantly contributed to” some performance issue.#  NRC inspection reports note the extent and adequacy of the licensee’s assessment, often performed as part of a root cause analysis.  Plants that had such requirements laid on them or had SC contributions noted in inspection reports during the third quarter included Brunswick, Hope Creek, Limerick, Perry, Salem, Waterford and Wolf Creek.

One other specific SC action arose from the NRC’s alternative dispute resolution (ADR) process at Entergy’s James A. FitzPatrick plant.  As part of an NRC Confirmatory Order following ADR, Entergy was told to add a commitment to maintain the SC monitoring processes at Entergy’s nine commercial nuclear power plants.##

The Bottom Line

None of this is a surprise.  Even the new Chairman tells it like it is: “In the United States, we have . . . incorporated a safety culture assessment into our oversight program . . . . “###  What is not a surprise is that particular statement was not included in the NRC’s press release publicizing the Chairman’s comments.  Isn’t “assessment” part of “regulation”?

Given the attention we pay to the issue of regulating SC, one may infer that we object to it.  We don’t.  What we object to is the back-door approach currently being used and the NRC’s continued application of the Big Lie technique to claim that they aren’t regulating SC.


*  P.D. Swafford (TVA) to NRC, “Integrated Improvement Plan Summary” (Aug. 23, 2012)  ADAMS ML12240A106.  TVA has referred to this plan in various presentations at NRC public and Commission meetings.

**  V.M. McCree (NRC) to J.W. Shea (TVA), “Mid Cycle Assessment Letter for Browns Ferry Nuclear Plant Units 1, 2, and 3” (Sept. 4, 2012)  ADAMS ML12248A296.

***  D.J. Bannister (OPPD) to NRC, “Fort Calhoun Station Integrated Performance Improvement Plan Rev. 3” (July 9, 2012)  ADAMS ML12192A204.

**** NRC, “09/11/2012 Meeting Summary of with Omaha Public Power District” (Sept. 25, 2012)  ADAMS ML12269A224.

*****  J.B. Giessner (NRC) to A. Vitale (Entergy), “Palisades Nuclear Plant – Notification of NRC Supplemental Inspection . . . and Request for Information” (Aug. 30, 2012)  ADAMS ML12243A409.

#  The scope of NRC Inspection Procedure 95001 includes “Review licensee’s evaluation of root and contributing causes. . . ,” which may include SC; IP 95002’s scope includes “Determine if safety culture components caused or significantly contributed to risk significant performance issues” and IP 95003’s scope includes “Evaluate the licensee’s third-party safety culture assessment and conduct a graded assessment of the licensee’s safety culture based on evaluation results.”  See IMC 2515 App B, "Supplemental Inspection Program" (Aug. 18, 2011)  ADAMS ML111870266.

##  M. Gray (NRC) to M.J. Colomb (Entergy), “James A. FitzPatrick Nuclear Power Plant - NRC Integrated Inspection Report 05000333/2012003” (Aug. 7, 2012)  ADAMS ML12220A278.

###  A.M. Macfarlane, “Assessing Progress in Worldwide Nuclear Safety,” remarks to International Nuclear Safety Group Forum, IAEA, Vienna, Austria (Sept. 17, 2012), p. 3 ADAMS ML12261A373; NRC Press Release No. 12-102, “NRC Chairman Says Safety Culture Critical to Improving Safety; Notes Fukushima Progress in United States” (Sept. 17, 2012) ADAMS ML12261A391.

DOE Nuclear Safety Workshop

The DOE held a Nuclear Safety Workshop on September 19-20, 2012.  Safety culture (SC) was the topic at two of the technical breakout sessions, one with outside (non-DOE) presenters and the other with DOE-related presenters.  Here’s our take on the outsiders’ presentations.

Chemical Safety Board (CSB)

This presentation* introduced the CSB and its mission and methods.  The CSB investigates chemical accidents and makes recommendations to prevent recurrences.  It has no regulatory authority. 

Its investigations focus on improving safety, not assigning blame.  The CSB analyzes systemic factors that may have contributed to an accident and recognizes that “Addressing the immediate cause only prevents that exact accident from occurring again.” (p. 5) 

The agency analyzes how safety systems work in real life and “why conditions or decisions leading to an accident were seen as normal, rational, or acceptable prior to the accident.” (p. 6)  They consider organizational and social causes, including “safety culture, organizational structure, cost pressures, regulatory gaps and ineffective enforcement, and performance agreements or bonus structures.” (ibid.)

The presentation included examples of findings from CSB investigations into the BP Texas City and Deepwater Horizon incidents.  The CSB’s SC model is adapted from the Schein construct.  What’s interesting is their set of artifacts includes many “soft” items such as complacency, normalization of deviance, management commitment to safety, work pressure, and tolerance of inadequate systems.

This is a brief and informative presentation, and well worth a look.  Perhaps because the CSB is unencumbered by regulatory protocol, it seems freer to go where the evidence leads it when investigating incidents.  We are impressed by their approach.
 
NRC

The NRC presentation** reviewed the basics of the Reactor Oversight Process (ROP) and then drilled down into how potential SC issues are identified and addressed.  Within the ROP, “. . . a safety culture aspect is assigned if it is the most significant contributor to an inspection finding.” (p.12)  After such a finding, the NRC may perform an SC assessment (per IP 95002) or request the licensee to perform one, which the NRC then reviews (per IP 95003).

This presentation is bureaucratic but provides a useful road map.  Looking at the overall approach, it is even more disingenuous for the NRC to claim that it doesn’t regulate SC.

IAEA

There was nothing new here.  This infomercial for IAEA*** covered the basic history of SC and reviewed contents of related IAEA documents, including laundry lists of desired organizational attributes.  The three-factor IAEA SC figure presented is basically the Schein model, with different labels.  The components of a correct culture change initiative are equally recognizable: communication, continuous improvement, trust, respect, etc.

The presentation had one repeatable quote: “Culture can be seen as something we can influence, rather than something we can control” (p. 10)

Conclusion

SC conferences and workshops are often worthless but sometimes one does learn things.  In this case, the CSB presentation was refreshingly complete and the NRC presentation was perhaps more revealing than the presenter intended.


*  M.A. Griffon, U.S. Chemical Safety and Hazards Investigation Board, “CSB Investigations and Safety Culture,” presented at the DOE Nuclear Safety Workshop (Sept. 19, 2012). 

**  U. Shoop, NRC, “Safety Culture in the U.S. Nuclear Regulatory Commission’s Reactor Oversight Process,” presented at the DOE Nuclear Safety Workshop (Sept. 19, 2012).

***  M. Haage, IAEA, “What is Safety Culture & Why is it Important?” presented at the DOE Nuclear Safety Workshop (Sept. 19, 2012).

SafetyMatters and the Schein Model of Culture

A reader recently asked: “Do you subscribe to Edgar Schein's culture model?”  The short-form answer is a qualified “Yes.”  Prof. Schein has developed significant and widely accepted insights into the structure of organizational culture.  In its simplest form, his model of culture has three levels: the organization’s (usually invisible) underlying beliefs and assumptions, its espoused values, and its visible artifacts such as behavior and performance.  He describes the responsibility of management, through its leadership, to articulate the espoused values with policies and strategies and thus shape culture to align with management’s vision for the organization.  Schein’s is a useful mental model for conceptualizing culture and management responsibilities.*     

However, we have issues with the way some people have applied his work to safety culture.  For starters, there is the apparent belief that these levels are related in a linear fashion, more particularly, that management by promulgating and reinforcing the correct values can influence the underlying beliefs, and together they will guide the organization to deliver the desired behaviors, i.e., the target level of safety performance.  This kind of thinking has problems.

First, it’s too simplistic.  Safety performance doesn’t arise only because of management’s espoused values and what the rest of the organization supposedly believes.  As discussed in many of our posts, we see a much more complex, multidimensional and interactive system that yields outcomes which reflect, in greater or lesser terms, desired levels of safety.  We have suggested that it is the totality of such outcomes that is representative of the safety culture in fact.** 

Second, it leads to attempts to measure and influence safety culture that are often ineffective and even misleading.  We wonder whether the heavy emphasis on values and leadership attitudes and behaviors - or traits - that the Schein model encourages, creates a form versus substance trap.  This emphasis carries over to safety culture surveys - currently the linchpin for identifying and “correcting” deficient safety culture -  and even doubles down by measuring the perception of attitudes and behaviors.  While attitudes and behaviors may in fact have a beneficial effect on the organizational environment in which people perform - we view them as good habits - we are not convinced they are the only determinants of the actions, decisions and choices made by the organization.  Is it possible that this approach creates an organization more concerned with how it looks and how it is perceived than with what it does?   If everyone is checking their safety likeness in the cultural mirror might this distract from focusing on how and why actual safety-related decisions are being made?

We think there is good support for our skepticism.  For every significant safety event in recent years - the BP refinery fire, the Massey coal mine explosion, the shuttle disasters, the Deepwater oil rig explosion, and the many instances of safety culture issues at nuclear plants - the organization and senior management had been espousing as their belief that “safety is the highest priority.”  Clearly that was more illusion than reality.

To give a final upward thrust to the apple cart, we don’t think that the current focus on nuclear safety culture is primarily about culture.  Rather we see “safety culture” more as a proxy for management’s safety performance - and perhaps a back door for the NRC to regulate while disclaiming same.*** 


*  We have mentioned Prof. Schein in several prior blog posts: June 26, 2012, December 8, 2011, August 11, 2010, March 29, 2010, and August 17, 2009.

**  This past year we have posted several times on decisions as one type of visible result (artifact) of the many variables that influence organizational behavior.  In addition, please revisit two of Prof. Perin’s case studies, summarized here.  They describe well-intentioned people, who probably would score well on a safety culture survey, who made plant problems much worse through a series of decisions that had many more influences than management’s entreaties and staff’s underlying beliefs.

***  Back in 2006, the NRC staff proposed to enhance the ROP to more fully address safety culture, saying that “Safety culture includes . . . features that are not readily visible such as basic assumptions and beliefs of both managers and individuals, which may be at the root cause of repetitive and far-reaching safety performance problems.”  It wouldn’t surprise us if that’s an underlying assumption at the agency.  See L.A. Reyes to the Commissioners, SECY-06-0122 “Policy Issue Information: Safety Culture Initiative Activities to Enhance the Reactor Oversight Process and Outcomes of the Initiatives” (May 24, 2006) p. 7 ADAMS ML061320282.