Nuclear Safety Culture: The Threat of Bureaucratization

We recently read Sidney Dekker’s 2014 paper* on the bureaucratization of safety in organizations.  It’s interesting because it describes a very common evolution of organizational practices, including those that affect safety, as an organization or industry becomes more complicated and formal over time.  Such evolution can affect many types of organizations, including nuclear ones.  Dekker’s paper is summarized below, followed by our perspective on it. 

The process of bureaucratization is straightforward; it involves hierarchy (creating additional layers of organizational structure), specialized roles focusing on “safety related” activities, and the application of rules for defining safety requirements and the programs to meet them.  In the safety space, the process has been driven by multiple factors, including legislation and regulation, contracting and the need for a uniform approach to managing large groups of organizations, and increased technological capabilities for collection and analysis of data.

In a nutshell, bureaucracy means greater control over the context and content of work by people who don’t actually have to perform it.  The risk is that as bureaucracy grows, technical expertise and operational experience may be held in less value.

This doesn’t mean bureaucracy is a bad thing.  In many environments, bureaucratization has led to visible benefits, primarily a reduction in harmful incidents.  But it can lead to unintended, negative consequences including:

• Myopic focus on formal performance measures (often quantitative) and “numbers games” to achieve the metrics and, in some cases, earn financial bonuses,
• An increasing inability to imagine, much less plan for, truly novel events because of the assumption that everything bad that might happen has already been considered in the PRA or the emergency plan.  (Of course, these analyses/documents are created by siloed specialists who may lack a complete understanding of how the socio-technical system works or what might actually be required in an emergency.  Fukushima anyone?),
• Constraints on organizational members’ creativity and innovation, and a lack of freedom that can erode problem ownership, and
• Interest, effort and investment in sustaining, growing and protecting the bureaucracy itself.
  

Our Perspective

We realize reading about bureaucracy is about as exciting as watching a frog get boiled.  However, Dekker does a good job of explaining how the process of bureaucratization takes root and grows and the benefits that can result.  He also spells out the shortcomings and unintended consequences that can accompany it.

The commercial nuclear world is not immune to this process.  Consider all the actors who have their fingers in the safety pot and realize how few of them are actually responsible for designing, maintaining or operating a plant.  Think about the NRC’s Reactor Oversight Process (ROP) and the licensees’ myopic focus on keeping a green scorecard.  Importantly, the Safety Culture Policy Statement (SCPS) being an “expectation” resists the bureaucratic imperative to over-specify.  Instead, the SCPS is an adjustable cudgel the NRC uses to tap or bludgeon wayward licensees into compliance.  Foreign interest in regulating nuclear safety culture will almost certainly lead to its increased bureaucratization.  

Bureaucratization is clearly evident in the public nuclear sector (looking at you, Department of Energy) where contractors perform the work and government overseers attempt to steer the contractors toward meeting production goals and safety standards.  As Dekker points out, managing, monitoring and controlling operations across an organizational network of contractors and sub-contractors tends to be so difficult that bureaucratized accountability becomes the accepted means to do so.

We have presented Dekker’s work before, primarily his discussion of a “just culture” (reviewed Aug. 3, 2009) that tries to learn from mishaps rather than simply isolating and perhaps punishing the human actor(s) and “drift into failure” (reviewed Dec. 5, 2012) where a socio-technical system can experience unacceptable performance caused by systemic interactions while functioning normally.  Stakeholders can mistakenly believe the system is completely safe because no errors have occurred while in reality the system can be slipping toward an incident.  Both of these attributes should be considered in your mental model of how your organization operates.

Bottom line: This is an academic paper in a somewhat scholarly journal, in other words, not a quick and easy read.  But it’s worth a look to get a sense of how the tentacles of formality can wrap themselves around an organization.  In the worse case, they can stifle the capabilities the organization needs to successfully react to unexpected events and environmental changes.


*  S.W.A. Dekker, “The bureaucratization of safety,” Safety Science 70 (2014), pp. 348–357.  We saw this paper on Safety Differently, a website that publishes essays on safety.  Most of the site’s content appears related to industries with major industrial safety challenges, e.g., mining.

Nuclear Safety Culture at the 2017 NRC Regulatory Information Conference

NRC 2017 RIC

Nuclear Safety Culture (NSC) was assigned one technical session at the 2017 NRC Regulatory Information Conference (RIC).  The topic was maintaining a strong NSC during plant decommissioning.  This post reviews the session presentations and provides our perspective on the topic.

Nuclear Regulatory Commission (NRC)*

The presenter discussed the agency’s expectations that the requirements of the SC Policy Statement will continue to be met during decommissioning, recognizing that plant old-timers may experience issues with trust, commitment and morale while newcomers, often contractors, will need to be trained and managed to meet NSC standards going forward.  The presentation was on-target but contained no new information or insights.

International Atomic Energy Agency (IAEA)**

This presentation covered the IAEA documents that discuss NSC, viz., the General Safety Requirement “Leadership and Management for Safety,” and the Safety Guides “Application of the Management System for Facilities and Activities,” which covers NSC characteristics, and “The Management System for Nuclear Installations,” which covers NSC assessments, plus supporting IAEA Safety Reports and Technical Documents.  There was one slide covering decommissioning issues, none of which was new.

The slides were dense with turgid text; this presentation must have been excruciating to sit through.  The best part was IAEA did not attempt to add any value through some new approach or analysis, which always manages to muck up the delivery of any potentially useful information. 

Kewaunee***

The Kewaunee plant was shut down on May 7, 2013.  The shutdown announcement on Oct. 22, 2012 was traumatic for the staff and they went through several stages of grieving.  Management has worked to maintain transparency and an effective corrective action program, and retain people who can accept changing conditions.  It is a challenge for management to maintain a strong NSC as the plant transitions to long-term SAFSTOR.

It’s not surprising that Kewaunee is making the best of what is undoubtedly an unhappy situation for many of those involved.  The owner, Dominion Resources, has a good reputation in NSC space.

Vermont Yankee****

This plant was shut down on Dec. 29, 2014.  The site continued applying its process to monitor for NSC issues but some concerns still arose (problems in radiation practices, decline in industrial safety performance) that indicated an erosion in standards.  Corrective actions were developed and implemented.  A Site Review Committee provides oversight of NSC.

The going appears a little rougher at Vermont Yankee than Kewaunee.  This is not a surprise given both the plant and its owner (Entergy) have had challenges in maintaining a strong NSC. 

Our Perspective

The session topic reflects a natural life cycle: industrial facilities are built, operate and then close down.  But that doesn’t mean it’s painless to manage through the phase changes. 

In an operating plant, complacency is a major threat.  Complacency opens the door to normalization of deviation and other gremlins that move performance toward the edge of the envelope.  In the decommissioning phase, we believe loss of fear is a major threat.  Loss of fear of dramatic, even catastrophic radiological consequences (because the fuel has been off-loaded and the plant will never operate again) can lead to losing focus, lack of attention to procedural details, short cuts and other behaviors that can have significant negative consequences such as industrial accidents or mishandling of radioactive materials.

In a “Will the last person out please turn off the lights” environment, maintaining everyone’s focus on safety is challenging for people who operated the plant, often spending a large part of their careers there.  The lack of local history is a major reason to transfer work to specialty decommissioning contractors as quickly as possible. 

In 2016, NSC didn’t merit a technical session at the RIC; it was relegated to a tabletop presentation.  As the industry shrinks, we hope NSC doesn’t get downgraded to a wall poster.


*  D. Sieracki, “Safety Culture and Decommissioning,” 2017 RIC (Mar. 15, 2017).

**  A. Orrell, “Safety Culture and the IAEA International Perspectives,” 2017 RIC (Mar. 15, 2017).

***  S. Yeun, “Maintaining a Strong Safety Culture after Shutdown,” 2017 RIC (Mar. 15, 2017).

****  C. Chappell, “Safety Culture in Decommissioning: Vermont Yankee Experience,” 2017 RIC (Mar. 15, 2017).

Nuclear Safety Culture in the Latest U.S. Report for the Convention on Nuclear Safety

NUREG-1650 cover

The Nuclear Regulatory Commission (NRC) recently published NUREG-1650, rev. 6, the seventh national report for the Convention on Nuclear Safety.*  The report is prepared for the triennial meeting of the Convention and describes the policies, laws, practices and other activities utilized by the U.S. to meet its international obligations and ensure the safety of its commercial nuclear power plants.  Nuclear Safety Culture (NSC) is one of the topics discussed in the report.  This post highlights NSC changes (new items and updates) from the sixth report (NUREG-1650, rev. 5) which we reviewed on March 26, 2014.  The numbers shown below are section numbers in the current report.

8.1.5  International Responsibilities and Activities 

The NRC’s International Regulatory Development Partnership (IRDP) program supports the safe introduction of nuclear power in “new entrant” countries.  IRDP training addresses many topics including safety culture. (p. 99)

8.1.6.2  Human Resources 

This section was updated to include a reference to the 2015 NRC Safety Culture and Climate Survey.

10.1  Background [for article 10, “Priority to Safety”] 

The report notes “All U.S. nuclear power plants have committed to conducting a safety culture self-assessment every 2 years and have committed to conducting monitoring panels as described in Nuclear Energy Institute (NEI) 09-07, “Fostering a Healthy Nuclear Safety Culture,” dated March 2014.” (p. 120)  We reviewed NEI 09-07 on Jan. 6, 2011.

10.4  Safety Culture

The bulk of the report addressing NSC is in this section and exhibits a significant rewrite from the previous report.  Some of the changes reorganized existing material but there are also new items, discussed below, and additional background information.  Overall, section 10.4 is more complete and lucid than its predecessor.

10.4.1  Safety Culture Policy Statement

This contains material that formerly appeared under 10.4 and has been expanded to include two new safety culture traits, “questioning attitude” and “decisionmaking.”  The NRC worked with licensees and other stakeholders to develop a common language for discussing and assessing NSC; this effort resulted in NUREG-2165, “Safety Culture Common Language.”  We reviewed NUREG-2165 on April 6, 2014.

10.4.2  NRC Monitoring of Licensee Safety Culture 

This section has been edited to improve clarity and completeness, and provide more specific references to applicable procedures.  For example, IP 95003 now includes detailed guidance for NRC inspectors who conduct an independent assessment of licensee NSC.**

New language specifies interventions the NRC may take with respect to licensee NSC: “These activities range from requesting the licensee perform a safety culture self-assessment to a meeting between senior NRC managers and a licensee’s Board of Directors to discuss licensee performance issues and actions to address persistent and continuing safety culture cross-cutting issues.” (p. 128)

10.4.3 The NRC Safety Culture

This section covers the NRC’s efforts to maintain and enhance its own SC.  The section has been rewritten and strengthened throughout.  It discusses the need for continuous improvement and says “Complacency lends itself to a degradation in safety culture when new information and historical lessons are not processed and used to enhance the NRC and its regulatory products.” (p. 130)  That’s true; SC that is not actively maintained will invariably decay.

12.3.5  Human Factors Information System 

This system handles human performance information extracted from NRC inspection and licensee event reports.  The report notes “the database is being updated to include data with a safety culture perspective.” (p. 146)

Institute of Nuclear Power Operations (INPO)

INPO also provides content for the report, basically a description of INPO’s activities to ensure plant safety.  Their discussion includes a section on SC, which is not materially different from their contribution to the previous version of the report.

Our Perspective

Like the sixth national report, this seventh report appears to cover every aspect of the NRC’s operations but does not present any new information.  In other words, it’s a good reference document.

The NSC changes are incremental but move toward increased bureaucratization and intrusive oversight of NSC.  The NRC is certainly showing the hilt of the sword of regulation if not the blade.  We still believe if it reads like a set of requirements, results in enforceable interventions and quacks like the NRC, it’s de facto regulation.


*  NRC NUREG-1650 Rev. 6, “The United States of America Seventh National Report for the Convention on Nuclear Safety” (Oct. 2016).  ADAMS ML16293A104.  The Convention on Nuclear Safety is a legally binding commitment to maintain a level of safety that meets international benchmarks.

**  This detailed guidance is also mentioned in 12.3.6 Support to Event Investigations and For-Cause Inspections and Training (p. 148).

Training Materials for Teaching NRC Personnel about Safety Culture

This is a companion piece to our Aug. 24, 2015 post on how the NRC effectively regulates licensee safety culture (SC) in the absence of any formal SC regulations.  This post summarizes a set of NRC slides* for training inspectors on SC basics and how to integrate SC information and observations into inspection reports.

The slides begin with an overview of SC, material you’ve seen countless times.  It includes the Chernobyl and Davis-Besse events, the Schein tri-level model and a timeline of SC-related activities at the NRC.

The bulk of the presentation shows how SC is related to and incorporated in the Reactor Oversight Process (ROP).  The starting point is the NRC SC Policy Statement, followed by the Common Language Initiative** which defined 10 SC traits.  The traits are connected to the ROP using 23 SC aspects.  Aspects are “the important characteristics of safety culture which are observable to the NRC staff during inspection and assessment of licensee performance” (p. 13)  Each SC aspect is associated with one of the ROP’s 3 cross-cutting areas: Human Performance (14 aspects), Problem Identification and Resolution (6 aspects) and Safety Conscious Work Environment (3 aspects).  During supplemental and reactive inspections there are an additional 12 SC aspects to be considered.  Each aspect has associated artifacts that indicate the aspect’s presence or absence.  SC aspects can contribute to a cross-cutting theme or, in more serious cases, a substantive cross-cutting issue (SCCI).***

The integration of SC findings into inspection reports is covered in NRC Inspection Manual Chapter 0612 and NINE different NRC Inspection Procedures (IPs). (p. 30)  In practice, the logic chain between a SC aspect and an inspection report is the reverse of the description in the preceding paragraph.  The creation of an inspection report starts with a finding followed by a search for a related SC cross-cutting aspect.  Each finding has one most significant cause and the inspectors should “find the aspect that describes licensee performance that would have prevented or precluded the performance deficiency represented by that cause.” (p. 33)

Our Perspective

This is important stuff.  When NRC inspectors are huddled in their bunker evaluating their data and observations after reviewing your documentation, crawling around your plant and talking with your people, the information in these slides provides the road map for their determination of how one or more alleged SC deficiencies contributed to a performance problem which resulted in an inspection finding.

Think of the SC aspects as pegs on which the inspectors can hang their observations to beef up their theory of why a problem occurred. Under routine conditions, there are 23 pegs; under more stringent inspections, there are 35 pegs.  That’s a lot of pegs and none of them is trivial which means your organization’s response may consume sizable resources.

We’ll finish with a more cheery thought:  If you get to the point where the NRC is going to conduct an independent assessment of your SC, their team will follow the guidance in IP 95003.  But don’t worry about their competence, “IP 95003 inspection teams will receive "just-in-time" training before performing the inspection.” (p. 43)

Bottom line: If it looks like controlling oversight behavior and quacks like a bureaucrat, then it probably is de facto regulation.


*  NRC Training Slides, “Safety Culture Reactor Oversight Process Training” (July 10, 2015).  ADAMS ML15191A253.  The slides include other material, e.g., a summary of the conditions under which the NRC can “request” a licensee to perform a SC assessment, a set of case studies and sample test questions for trainees.

**  The Common Language Initiative led to NUREG-2165, “Safety Culture Common Language” which was published in early 2014 and we reviewed on April 6, 2014.

***  There are some complicated decision rules for determining when a problem is a substantive cross-cutting issue and these are worth reviewing on pp. 27-28.

NRC Regulation of Safety Culture: How They Do It

We have griped many times about how the NRC does, in fact, regulate (i.e., control or direct) licensee safety culture (SC) even though the agency claims it doesn’t because there is no applicable regulation.

A complete description of the agency’s approach was provided in 2010 NRC staff testimony* before the Atomic Safety and Licensing Board.  Note this testimony was given before the Safety Culture Policy Statement was issued but we believe it depicts current practices.  The key point is that “Oversight of an operating reactor licensee’s safety culture is implemented by the ROP [Reactor Oversight Process].” (p. 17)  Following are some lengthy quotes from the testimony and you can decide whether or not they add up to “regulation.”

“The ROP provides for the oversight of a licensee’s safety culture in four ways.  First, the ROP provides for the review of a licensee’s safety culture in a graded manner when that licensee has significant performance issues.  The level of the staff’s oversight is determined by the safety significance of the performance issues.  This review and evaluation is described in the ROP’s supplemental inspection program . . . An IP 95002 inspection is usually performed when a licensee enters [column 3] . . . of the ROP Action Matrix. . . [In certain circumstances] the NRC will request the licensee to perform an independent safety culture assessment.  An IP 95003 inspection is performed when a licensee enters [column 4] . . . of the ROP Action Matrix.  When this occurs, the NRC expects [emphasis added] the licensees to perform a third-party safety culture assessment.  The staff will review the results of the assessment and perform sample evaluations to verify the results.

“Second, the ROP’s reactive inspection program evaluates a licensee’s response to an event, including consideration of contributing causes related to the safety culture components, to fully understand the circumstances surrounding an event and its probable causes.

“Third, the ROP provides continuous oversight of licensee performance as inspectors evaluate inspection findings for cross-cutting aspects.  Cross-cutting aspects are aspects of licensee performance that can potentially affect multiple facets of plant operations and usually manifest themselves as the root causes of performance problems. . . .**

“Fourth, the ROP provides for the review of a licensee’s safety culture if that licensee has difficulty correcting long-standing substantive cross-cutting issues.  In these cases, the NRC will request the licensee to perform a safety culture assessment, and the NRC Staff will evaluate the results and the licensee’s response to the results.” (pp. 18-19)  In addition, “The ROP assessment process looks at long-standing substantive cross-cutting issues to determine if safety culture assessments need to be performed and reviewed.” (p. 24)  Significantly, “Safety culture is addressed through the use of cross-cutting issues which do not relate to the Action Matrix column that a plant may be placed in.” (p. 32)

Our Perspective

In our opinion, SC is regulated via a linkage to ongoing NRC activities.  Outputs from NRC inspection activities performed under the aegis of regulation (i.e., law) are used to assess licensee SC and force licensees to perform activities, e.g., SC assessments or corrective actions***, that the licensees might not choose to perform of their own free will.

The reality is NRC “requests” or “expectations” are like a commanding officer’s “wishes”; the intelligent subordinate understands they have the force of orders.  Here’s how the agency describes the fist inside the glove: “If the NRC requests a licensee to take an action, and the licensee refuses, the Agency can perform that action (i.e., the safety culture assessment) for them.” (p. 29)  We assume the NRC would invoke its regulatory authority to justify such an assessment.  But what licensee would want an under-experienced posse of federal inspectors, who expect to find problems because why else would they be assigned to the task, running through their organization?

Occasionally, the NRC drops the veil long enough to reveal the truth.  An NRC staffer (one of the witnesses who sponsored the ASLB testimony described above) recently made a presentation to the Korean nuclear regulator.  It included a figure that summarizes the SC aspects of the ROP Action Matrix.  Under columns 3 and 4, the figure says “may request” and “request” the licensee to conduct a SC assessment.  However, on the next page, the presentation bullets are more forthcoming: “For Plants in Columns 3 . . . and 4 . . . NRC requires [emphasis added] Licensee to conduct third party safety culture assessment which is reviewed by NRC.”****

We’re not opposed to the NRC squeezing licensees to strengthen their SC.  We just don’t like hypocrisy and doublespeak.  Perhaps the agency takes this convoluted approach to controlling SC to support their claim they don’t interfere with licensee management.  We don’t believe that; do you?


*  NRC Staff Testimony of V.E. Barnes et al Concerning Safety Culture and NRC Safety Culture Policy Development and Implementation before the Atomic Safety and Licensing Board (July 30, 2010) revised Sept. 7, 2010.  ADAMS ML102500605.

**  The ROP framework includes three cross-cutting areas (human performance, problem identification and resolution, and safety conscious work environment) which contain nine safety culture components. (p. 23)

***  This is another leverage point for the agency.  They make sure SC assessment findings are entered in the licensee’s corrective action program (CAP).  Then they use their regulatory authority over the CAP to ensure it is useful and effective, i.e., that SC corrective actions are implemented. (p. 30)

****  M. Keefe, “Incorporating Safety Culture into the Reactor Oversight Process (ROP),” presentation to the Korea Institute of Nuclear Safety (June 2-3, 2015), pp. 5-6.  ADAMS ML15161A109.

NRC Staff Review of National Research Council Safety Culture Recommendations Arising from Fukushima

On July 30, 2014 we reviewed the safety culture (SC) aspects of the National Research Council report on lessons learned from the Fukushima nuclear accident.  We said the report’s SC recommendations were pretty limited: the NRC and industry must maintain and monitor a strong SC in all safety-related activities, the NRC must maintain its independence from outside influences, and the NRC and industry should increase their transparency about their SC-related efforts.

The NRC staff reviewed the report’s recommendations, assessed whether the agency was addressing them and documented their results.*  Given the low bar, it’s no surprise the staff concluded “that all NAS’s recommendations are being adequately addressed.” (p.1)  Following is the evidence the staff assembled to show the NRC is addressing the SC recommendations.

Emphasis on Safety Culture (pp. 25-26) 

In 1989, after Peach Bottom plant operators were caught sleeping on the job, the NRC issued a “Policy Statement on the Conduct of Nuclear Power Plant Operations.”   The policy statement focused on personal dedication and accountability but also underscored management’s responsibility for fostering a healthy SC.

In 1996, after Millstone whistleblowers faced retaliation, the NRC issued another policy statement, “Freedom of Employees in the Nuclear Industry to Raise Safety Concerns without Fear of Retaliation.”  This policy statement focused on the NRC’s expectation that all licensees will establish and maintain a safety-conscious work environment (SCWE).

In 2002, after discovery of the Davis-Besse reactor pressure vessel’s degradation, the Reactor Oversight Process (ROP) was strengthened to detect potential SC weaknesses during inspections and performance assessments.  ROP changes were described in Regulatory Issue
Summary 2006-13, “Information on the Changes Made to the Reactor Oversight Process to More Fully Address Safety Culture.”

In 2004, INPO published “Principles for a Strong Nuclear Safety Culture.”  In 2009, an industry/NEI/INPO effort produced a process for monitoring and improving SC, documented in NEI 09-07 “Fostering a Strong Nuclear Safety Culture.”  We reviewed NEI 09-07 on Jan. 6, 2011.

In 2008, the NRC initiated an effort to define and expand SC policy.  The final Safety Culture Policy Statement (SCPS) was published on June 14, 2011.  We posted eight times on the SCPS effort before the policy was issued.  Click on the SC Policy Statement label to see both those posts and subsequent ones that refer to the SCPS. 

An Independent Regulator (pp. 26-27)

The Energy Reorganization Act of 1974 established the NRC.  Principal Congressional oversight of the agency is performed by the Senate Subcommittee on Clean Air and Nuclear Safety, and the House Subcommittee on Energy and the Environment.  It’s not clear how the NRC performing obeisance before these committees contributes to the agency’s independence.

The NRC receives independent oversight from the NRC’s Office of the Inspector General and the U.S. Government Accountability Office.

Perhaps most relevant, the U.S. is a contracting party to the international Convention on Nuclear Safety.  The NRC prepares a periodic report describing how the U.S. fulfills its obligations under the CNS, including maintaining the independence of the regulatory body.  On March 26, 2014 we posted on the NRC’s most recent report.

Industry Transparency (pp. 27-28)

For starters, the NRC touts its SC website which includes the SCPS and SC-related educational and outreach materials.

In March 2014, the NRC published NUREG-2165, “Safety Culture Common Language,” which
documents a common language to describe SC in the nuclear industry.  We reviewed the NUREG on April 6, 2014.

That’s all.

Our Perspective 

We’ll give the NRC a passing grade on its emphasis on SC.  The “evidence” on agency independence is slim.  Some folks believe that regulatory capture has occurred, to a greater or lesser degree.  For what it’s worth, we think the agency is fairly independent.

The support for industry transparency is a joke.  As we said in our July 30, 2014 post, “the nuclear industry’s penchant for secrecy is a major contributor to the industry being its own worst enemy in the court of public opinion.”     


*  NRC Staff Review of National Academy of Sciences Report, “Lessons Learned from theFukushima Dai-ichi Nuclear Accident for Improving Safety of U.S. Nuclear Plants” (Apr. 9, 2015).  ADAMS ML15069A600.  The National Research Council is part of the National Academy of Sciences.

More Safety Culture “Trait Talk” from the NRC

Typical NRC Trait Talk brochure

The NRC introduced a series of educational brochures, the Safety Culture Trait Talk, at the March 2014 Regulatory Information Conference.  Each brochure covers one of the nine safety culture (SC) traits in the NRC SC Policy Statement (SCPS), describing why the trait is important and providing examples of related attributes and an illustrative scenario.

At that time, only one Trait Talk was available, viz., Leadership Safety Values and Actions.  We thought the content was pretty good.  The “Why is this trait important?” portion was derived from an extensive review of SC-related social science literature, which we liked a lot and posted about Feb. 10, 2013.  The “What does this trait look like?” section (aka attributes) comes from the SC Common Language initiative, which we have reviewed multiple times, most recently on April 6, 2014.  The illustrative scenario is new content developed for each brochure.

During 2014 and early 2015, NRC published additional Trait Talk brochures and now has one for each trait in the SCPS.*  We reviewed them all and still believe they provide a useful introduction and overview for each trait.  Following is our take on each trait’s essence (based on the brochure contents), and each brochure’s strengths and weaknesses.  

Leadership Safety Values and Actions

This trait focuses on the responsibilities of leaders to set the tone for SC through their own visible actions.  There is a good discussion of how employees at all levels can face goal conflicts, e.g., safety vs. production.  The focus of the reward system is on the staff; unfortunately, there is no mention of management’s financial incentives.  Although leaders’ decisions set the priority for safety, there is no mention of the decision making process, arguably management’s most fundamental and important function.**

Work Processes

This trait focuses on controlling work.  It emphasizes limiting temporary modifications, minimizing backlogs and adhering to procedures, which is all good.  It also says “organizations may require strict adherence to normal and emergency operating procedures.   However, flexibility may be necessary when responding to off-normal conditions.”  This may give the purists heartburn but it reflects reality and is a major observation of the Fukushima disaster.

Questioning Attitude

This trait is about avoiding complacency, watching for abnormalities while going about one’s duties and stopping work if unexpected conditions or results are encountered.  The key is ensuring safety has its appropriate priority at all times, which is not easy if a plant is under significant financial or political pressure.

Problem Identification and Resolution

This trait is about identifying and permanently resolving current problems, and anticipating potential future challenges and dealing with them before they manifest.  In our view, this is one of the two most important areas (the other being decision making) where everyone sees what a plant’s real priorities are.  This Trait Talk covers the topic well.

Environment for Raising Concerns

The trait is about establishing and maintaining a safety conscious work environment (SCWE).  The Trait Talk lays out the theory but the truth is whistle-blowers in many industries, including nuclear, become pariahs.

Effective Safety Communication

This trait is about transparency (although the term does not appear in the brochure.)  All business communication should be clear, complete, understandable and respectful.  The Trait Talk’s discussion on the importance of first-level supervisors being a primary source of information for their employees is very good.

Respectful Work Environment

The title says it all about this trait which overlaps with others, including questioning attitude, SCWE and transparent communications.  The Trait Talk has a good discussion of trust, at both the individual and organizational level.  One aspect we would add to the trust “equation” is the perception of self-interest vs. concern for others.

Continuous Learning

This trait is about identifying, obtaining, sharing, applying and retaining new knowledge that can lead to improved individual or organizational performance.  This trait overlaps with others, including questioning attitude and a respectful work environment.

Personal Accountability

This trait is mostly about everyone’s willingness to accept responsibility for safety but it also encompasses assigned individuals’ obligation for specific safety responsibilities.  For the latter case, the brochure’s statement that “Personal accountability is not finger pointing, blame, or punishment” is simply not true. 

Our Perspective 

The brochures provide a useful introduction and overview for each trait in the SCPS.  The content is generally good, with some weak spots and missing items.  These are, after all, four-page brochures and roughly 45 percent of the content is the same in every brochure.


*  All the Trait Talk brochures can be downloaded from the SC education materials page on the NRC website.

**  Interestingly, Decision Making is included as a tenth trait in NRC NUREG-2165, “Safety Culture Common Language” (Mar. 2014).  ADAMS ML14083A200.

Safety Culture at the NRC Regulatory Information Conference

NRC Public Meeting

The NRC held their annual Regulatory Information Conference (RIC) March 11-13, 2014.  It included a session on safety culture (SC), summarized below.*

NRC Presentation

The NRC presentation reviewed their education and outreach activities on the SC Policy Statement (SCPS) and their participation in IAEA meetings to develop an implementation strategy for the IAEA Nuclear Safety Action Plan. 

The only new item was Safety Culture Trait Talk, an educational brochure.  Each brochure covers one of the nine SC traits in the SCPS, describing why the trait is important and providing examples of associated behaviors and attitudes, and an illustrative scenario. 

It appears only one brochure, Leadership Safety Values and Actions, is currently available.**  A quick read suggests the brochure content is pretty good.  The “Why is this trait important?” content was derived from an extensive review of SC-related social science literature, which we liked a lot and posted about Feb. 10, 2013.  The “What does this trait look like?” section comes from the SC Common Language initiative, which we have reviewed multiple times, most recently on April 6, 2014.  The illustrative scenario is new content developed for the brochure and provides a believable story of how normalization of deviance can creep into an organization under the skirt of an employee bonus program based on plant production.

Licensee Presentations

There were three licensee presentations, all from entities that the NRC has taken to the woodshed over SC deficiencies.  Presenting at the RIC may be part of their penance but it’s interesting to see what folks who are under the gun to change their SC have to say.

Chicago Bridge & Iron, which is involved in U.S. nuclear units currently under construction, got in trouble for creating a chilled work environment at one of its facilities.  The fixes focus on their Safety Conscious Work Environment and Corrective Action Program.   Detailed activities come from the familiar menu: policy updates, a new VP role, training, oversight, monitoring, etc.  Rapping CB&I’s knuckles certainly creates an example for other companies trying to cash in on the “Nuclear Renaissance” in the U.S.  Whatever CB&I does, they are motivated to make it work because there is probably a lot of money at stake.  The associated NRC Confirmatory Order*** summarizes the history of the precipitating incident and CB&I’s required corrective actions.

Browns Ferry has had SC-related problems for a long time and has been taken to task by both NRC and INPO.  The presentation includes one list of prior plant actions that DIDN’T work while a different list displays current actions that are supposedly working.  Another slide shows improvement in SC metrics based on survey data—regular readers know how we feel about SC surveys.  The most promising initiative they are undertaking is to align with the rest of the TVA fleet on NEI 09-07 “Fostering a Strong Nuclear Safety Culture.”  Click on the Browns Ferry label to see our posts that mention the plant.

Fort Calhoun’s problems started with the 2011 Missouri River floods and just got worse, moving them further down the ROP Action Matrix and forcing them to (among many other things) complete an independent SC assessment.  They took the familiar steps, creating policies, changing out leadership, conducting training, etc.  They also instituted SC “pulse” surveys and use the data to populate their SC performance indicators.  Probably the most important action plant owner OPPD took was to hire Exelon to manage the plant.  Fort Calhoun’s SC-related NRC Confirmatory Action Letter was closed in March 2013 so they are out of the penalty box.

Bottom line: The session presentations are worth a look.


*  RIC Session T11: Safety Culture Journeys: Lessons Learned from Culture Change Efforts (Mar. 11, 2014).  Retrieved April 25, 2014.  Slides for all the presentations are available from this page.

**  “Leadership Safety Values and Actions,” NRC Safety Culture Trait Talk, no. 1 (Mar. 2014).  ADAMS ML14051A543.  Retrieved April 25, 2014.

***  NRC Confirmatory Order EA-12-189 re: Chicago Bridge and Iron (Sept. 16, 2013).  ADAMS ML13233A432.  Retrieved April 25, 2014.

NRC Issues Safety Culture Common Language NUREG

The NRC has issued NUREG-2165* which formalizes the safety culture (SC) common language that has been under development since the NRC SC Policy Statement (SCPS) was issued.  On topics important to us the NUREG repeats word-for-word the text of a document** prepared after a common language workshop held January 29-30, 2013.  Both documents contain a set of SC traits, attributes that define each trait and examples that would evidence each attribute.  Because the language is the same, our opinion on the treatment of our important topics remains the same, as described in detail in our Feb. 28, 2013 post.  Specifically, the treatment of

Decision making, including the treatment of goal conflicts, is Good;

Corrective action, part of problem identification and resolution, is Satisfactory;

Management Incentives is Unsatisfactory because the associated attributes focuses on workers, not managers, and any senior management incentive program is not mentioned; and

Work Backlogs are mentioned in a couple of specific areas so the overall grade is Minimally Acceptable.

But we have one overarching concern that transcends our opinion of common language specifics.

Our Perspective

Our biggest issue with the traits, attributes and examples approach is our fear it will lead to the complete bureaucratization of SC evaluation, either consciously or unconsciously.  The examples in particular can morph into soft requirements on a physical or mental checklist.  Such an approach leads to numerous questions.  How many of the 10 traits does a healthy or positive SC exhibit?***  How many of the 40 attributes?  Are the traits equally important?  How about the attributes?  Could the weighting factors vary across plant sites?  How many examples must be observed before an attribute is judged acceptably present?

We understand the value of effective communications among regulators, licensee personnel and other stakeholders.  But we worry about possible unintended consequences as people attempt to apply the guidance in NUREG-2165, especially in the NRC’s Reactor Oversight Process (ROP).****


*  NRC NUREG-2165, “Safety Culture Common Language” (Mar. 2014).  ADAMS ML14083A200.

**  Nuclear Safety Culture Common Language 4th Public Workshop January 29-31, 2013.  ADAMS ML13031A343.

***  The NUREG-2165 text describes a “healthy” SC while the SCPS (published as NUREG/BR-0500, Rev. 1, ADAMS ML12355A122) refers to a “positive” SC.  The correct answer to “how many traits?” may be “more than ten” because the authors note “There may also be traits not included in the SCPS that are important in a healthy safety culture.” (p. 2)

****  The common language “initiative is within the Commission-directed framework for enhancing the ROP treatment of cross-cutting areas to more fully address safety culture.” (p. 3)  This may require a little linguistic jujitsu since the SCPS says “traits were not developed for inspection purposes.”

NRC "National Report" to IAEA

A March 25, 2014 NRC press release* announced that Chairman Macfarlane presented the Sixth National Report for the Convention on Nuclear Safety** to International Atomic Energy Agency (IAEA) member countries.  The report mentions safety culture (SC) several times, as discussed below.  There is no breaking news in a report like this.  We’re posting about it only because it provides an encyclopedic review of NRC activities including a description of how SC fits into their grand scheme of things.  We also tie the report’s contents to related posts on Safetymatters.  The numbers shown below are section numbers in the report.

6.3.11 Public Participation 

This section describes how the NRC engages with stakeholders and the broader public.  As part of such engagement, the NRC says it expects employers to maintain an open environment where workers are free to raise safety concerns. “These expectations are communicated through the NRC’s Safety Culture Policy Statement” and other regulatory directives and tools. (p. 72)  This is pretty straightforward and we have no comment.

8.1.6.2 Human Resources

Section 8 describes the NRC, from its position in the federal government to how it runs its internal activities.  One such activity is the NRC Inspector General’s triennial General Safety Culture and Climate Survey for NRC employees.  Reporting on the most recent (2012) survey, “the NRC scored above both Federal and private sector benchmarks, although in 2012 the agency did not perform as strongly as it had in the past.” (p. 96)  We posted on the internal SC survey back on April 6, 2013; we felt the survey raised a few significant issues.

10.4 Safety Culture

Section 10 covers activities that ensure that safety receives its “due priority” from licensees and the NRC itself.  Sub-section 10.4 provides an in-depth description of the NRC’s SC-related policies and practices so we excerpt from it at length.

The discussion begins with the SC policy statement and the traits of a positive (sic) SC, including Leadership, Problem identification and resolution, Personal accountability, etc.

The most interesting part is 10.4.1 NRC Monitoring of Licensee Safety Culture which covers “the policies, programs, and practices that apply to licensee safety culture.” (p. 118)  It begins with the Reactor Oversight Process (ROP) and its SC-related enhancements.  NRC staff identified 13 components as important to SC, including decision making, resources, work control, etc.  “All 13 safety culture components are applied in selected baseline, event followup, and supplemental IPs [inspection procedures].” (p. 119)

“There are no regulatory requirements for licensees to perform safety culture assessments routinely. However, depending on the extent of deterioration of licensee performance, the NRC has a range of expectations [emphasis added] about regulatory actions and licensee safety culture assessments, . . .” (p. 119)

“In the routine or baseline inspection program, the inspector will develop an inspection finding and then identify whether an aspect of a safety culture component is a significant causal factor of the finding. The NRC communicates the inspection findings to the licensee along with the associated safety culture aspect. 

“When performing the IP that focuses on problem identification and resolution, inspectors have the option to review licensee self-assessments of safety culture. The problem identification and resolution IP also instructs inspectors to be aware of safety culture components when selecting samples.” (p. 119)

“If, over three consecutive assessment periods (i.e., 18 months), a licensee has the same safety culture issue with the same common theme, the NRC may ask [emphasis added] the licensee to conduct a safety culture self-assessment.” (p. 120)

If the licensee performance degrades to Column 3 of the ROP Action Matrix and “the NRC determines that the licensee did not recognize that safety culture components caused or significantly contributed to the risk-significant performance issues, the NRC may request [emphasis added] the licensee to complete an independent assessment of its safety culture.” (p. 120)

For licensees in Column 4 of the ROP “the NRC will expect [emphasis added] the licensee to conduct a third-party independent assessment of its safety culture. The NRC will review the licensee’s assessment and will conduct an independent assessment of the licensee’s safety culture . . .” (p. 120)

ROP SC considerations “provide the NRC staff with (1) better opportunities to consider safety culture weaknesses . . . (2) a process to determine the need to specifically evaluate a licensee’s safety culture . . . and (3) a structured process to evaluate the licensee’s safety culture assessment and to independently conduct a safety culture assessment for a licensee . . . .  By using the existing Reactor Oversight Process framework, the NRC’s safety culture oversight activities are based on a graded approach and remain transparent, understandable, objective, risk-informed, performance-based, and predictable.” (p. 120)

We described this hierarchy of NRC SC-related activities in a post on May 24, 2013.  We called it de facto regulation of SC.  Reading the above only confirms that conclusion.  When the NRC asks, requests or expects the licensee to do something, it’s akin to a military commander’s “wishes,” i.e., they’re the same as orders.

10.4.2 The NRC Safety Culture 

This section covers the NRC’s actions to strengthen its internal SC.  This actions include appointing an SC Program Manager; integrating SC into the NRC’s Strategic Plan; developing training; evaluating the NRC’s problem identification, evaluation and resolution processes; and establishing clear expectations and accountability for maintaining current policies and procedures. 

We would ask how SC affects (and is affected by) the NRC’s decision making and resource allocation processes, work practices, operating experience integration and establishing personal accountability for maintaining the agency’s SC.  What’s good for the goose (licensee) is good for the gander (regulator).

Institute of Nuclear Power Operations (INPO) 

INPO also provided content for the report.  Interestingly, it is a 39-page Part 3 in the body of the report, not an appendix.  Part 3 covers INPO’s mission, organization, etc. and includes a section on SC.

6. Priority to Safety (Safety Culture)

The industry and INPO have their own definition of SC: “An organization’s values and behaviors—modeled by its leaders and internalized by its members—that serve to make nuclear safety the overriding priority.” (p. 230)

“INPO activities reinforce the primary obligation of the operating organizations’ leadership to establish and foster a healthy safety culture, to periodically assess safety culture, to address shortfalls in an open and candid fashion, and to ensure that everyone from the board room to the shop floor understands his or her role in safety culture.” (p. 231)

We believe our view of SC is broader than INPO’s.  As we said in our July 24, 2013 post “We believe culture, including SC, is an emergent organizational property created by the integration of top-down activities with organizational history, long-serving employees, and strongly held beliefs and values, including the organization's “real” priorities.  In other words, SC is a result of the functioning over time of the socio-technical system.  In our view, a CNO can heavily influence, but not unilaterally define, organizational culture including SC.” 

Conclusion

This 341 page report appears to cover every aspect of the NRC’s operations but, as noted in our introduction, it does not present any new information.  It’s a good reference document to cite if someone asks you what the NRC is or what it does.

We found it a bit odd that the definition of SC in the report is not the definition promulgated in the NRC SC Policy Statement.  Specifically, the report says the NRC uses the 1991 INSAG definition of SC: “that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear safety issues receive the attention warranted by their significance.” (p. 118)

The Policy Statement says “Nuclear safety culture is the core values and behaviors resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment.”***

Of course, both definitions are different from the INPO definition provided above.  We’ll leave it as an exercise for the reader to figure out what this means.


*  NRC Press Release No: 14-021, “NRC Chairman Macfarlane Presents U.S. National Report to IAEA’s Convention on Nuclear Safety” (Mar. 25, 2014).  ADAMS ML14084A303.

**  NRC NUREG-1650 Rev. 5, “The United States of America Sixth National Report for the Convention on Nuclear Safety” (Oct. 2013).  ADAMS ML13303B021. 

***  NUREG/BR 0500 Rev 1, “Safety Culture Policy Statement” (Dec 2012).  ADAMS ML12355A122.  This definition comports with the one published in the Federal Register Vol. 76, No. 114 (June 14, 2011) p. 34777.

NRC Outreach on the Safety Culture Policy Statement

An NRC public meeting

Last August 7th, the NRC held a public meeting to discuss their outreach initiatives to inform stakeholders about the Safety Culture Policy Statement (SCPS).  A meeting summary was published in October.*  Much of the discussion covered what we'll call the bureaucratization of safety culture (SC)—development of communication materials (inc. a poster, brochure, case studies and website), presentations at conferences and meetings (some international), and training.  However, there were some interesting tidbits, discussed below.

One NRC presentation covered the SC Common Language Initiative.**  The presenter remarked that an additional SC trait, Decision Making (DM), was added during the development of the common language.  In our Feb. 28, 2013 review of the final common language document, we praised the treatment of DM; it is a principal creator of artifacts that reflect an organization's SC.

The INPO presentation noted that “After the common language effort was completed in January, 2013, INPO published Revision 1 of 12-012, which includes all of the examples developed during the common language workshop.” (p. 6)  We reviewed that INPO document here.

But here's the item that got our attention.  During a presentation on NRC outreach, an industry participant cautioned the NRC to not put policy statements into regulatory documents because policy statements are an expectation, not a regulation. The senior NRC person at the meeting agreed with the comment “and the importance of the NRC not overstepping the Commission’s direction that implementing the SCPS is not a regulatory requirement, but rather the Commission’s expectations.” (p. 4)

We find the last comment disingenuous.  We have previously posted on how the NRC has created de facto regulation of SC.***  In the absence of clear de jure regulation, licensees and the NRC end up playing “bring me another rock” until the NRC accepts a licensee's pronouncements, as verified by NRC inspectors.  For an example of this convoluted kabuki, read Bob Cudlin's Jan. 30, 2013 post on how Palisades' efforts to address a plant incident finally gained NRC acceptance, or at least an NRC opinion that Palisades' SC was “adequate and improving.”

We'll keep you posted on SCPS-related activities.


*  D.J. Sieracki to R.P. Zimmerman, “Summary of the August 7, 2013, Public Meeting between the U.S. Nuclear Regulatory Commission Staff  and Stakeholders to  Exchange Information and Discuss Ongoing Education and Outreach Associated with the Safety Culture Policy Statement” (Oct. 1, 2013).  ADAMS ML13267A385.  We continue to find it ironic that the SCPS is administered by the NRC's Office of Enforcement.  Isn't OE's primary focus on people and companies who violate the NRC's regulations?

**  “The common language initiative uses the traits from the SCPS as a basic foundation, and contains definitions and examples to describe each trait more fully.” (p. 3)

***  For related posts, please click the "Regulation of Safety Culture" label.

Four Years of Safetymatters

Aztec Calendar

Over the four plus years we have been publishing this blog, regular readers will have noticed some recurring themes in our posts.  The purpose of this post is to summarize our perspective on these key themes.  We have attempted to build a body of work that is useful and insightful for you.

Systems View

We have consistently considered safety culture (SC) in the nuclear industry to be one component of a complicated socio-technical system.  A systems view provides a powerful mental model for analyzing and understanding organizational behavior. 

Our design and explicative efforts began with system dynamics as described by authors such as Peter Senge, focusing on characteristics such as feedback loops and time delays that can affect system behavior and lead to unexpected, non-linear changes in system performance.  Later, we expanded our discussion to incorporate the ways systems adapt and evolve over time in response to internal and external pressures.  Because they evolve, socio-technical organizations are learning organizations but continuous improvement is not guaranteed; in fact, evolution in response to pressure can lead to poorer performance.

The systems view, system dynamics and their application through computer simulation techniques are incorporated in the NuclearSafetySim management training tool.

Decision Making

A critical, defining activity of any organization is decision making.  Decision making determines what will (or will not) be done, by whom, and with what priority and resources.  Decision making is  directed and constrained by factors including laws, regulations, policies, goals, procedures and resource availability.  In addition, decision making is imbued with and reflective of the organization's values, mental models and aspirations, i.e., its culture, including safety culture.

Decision making is intimately related to an organization's financial compensation and incentive program.  We've commented on these programs in nuclear and non-nuclear organizations and identified the performance goals for which executives received the largest rewards; often, these were not safety goals.

Decision making is part of the behavior exhibited by senior managers.  We expect leaders to model desired behavior and are disappointed when they don't.  We have provided examples of good and bad decisions and leader behavior. 

Safety Culture Assessment

We have cited NRC Commissioner Apostolakis' observation that “we really care about what people do and maybe not why they do it . . .”  We sympathize with that view.  If organizations are making correct decisions and getting acceptable performance, the “why” is not immediately important.  However, in the longer run, trying to identify the why is essential, both to preserve organizational effectiveness and to provide a management (and mental) model that can be transported elsewhere in a fleet or industry.

What is not useful, and possibly even a disservice, is a feckless organizational SC “analysis” that focuses on a laundry list of attributes or limits remedial actions to retraining, closer oversight and selective punishment.  Such approaches ignore systemic factors and cannot provide long-term successful solutions.

We have always been skeptical of the value of SC surveys.  Over time, we saw that others shared our view.  Currently, broad-scope, in-depth interviews and focus groups are recognized as preferred ways to attempt to gauge an organization's SC and we generally support such approaches.

On a related topic, we were skeptical of the NRC's SC initiatives, which culminated in the SC Policy Statement.  As we have seen, this “policy” has led to back door de facto regulation of SC.

References and Examples

We've identified a library of references related to SC.  We review the work of leading organizational thinkers, social scientists and management writers, attempt to accurately summarize their work and add value by relating it to our views on SC.  We've reported on the contributions of Dekker, Dörner, Hollnagel, Kahneman, Perin, Perrow, Reason, Schein, Taleb, Vaughan, Weick and others.

We've also posted on the travails of organizations that dug themselves into holes that brought their SC into question.  Some of these were relatively small potatoes, e.g., Vermont Yankee and EdF, but others were actual disasters, e.g., Massey Energy and BP.  We've also covered DOE, especially the Hanford Waste Treatment and Immobilization Plant (aka the Vit plant).

Conclusion

We believe the nuclear industry is generally well-managed by well-intentioned personnel but can be affected by the natural organizational ailments of complacency, normalization of deviation, drift, hubris, incompetence and occasional criminality.  Our perspective has evolved as we have learned more about organizations in general and SC in particular.  Channeling John Maynard Keynes, we adapt our models when we become aware of new facts or better ways of looking at the data.  We hope you continue to follow Safetymatters.  

Regulatory Creep

The NRC's assessment of safety culture (SC) is an example of regulatory creep.  It began with the requirement that licensees determine whether specific safety-related performance problems or cross-cutting issues were caused, in whole or in part, by SC deficiencies.  Then the 2011 SC Policy Statement attempted to put a benign face on NRC intrusiveness because a policy statement is not a regulation.  However, licensees are “expected” to comply with the policy statement's goals and guidance; the NRC “expectations” become de facto regulations.

We have griped about this many times.*  But why does regulatory creep occur?  Is it inevitable?  We'll start with some background then look at some causes.

In the U.S., Congress passes and the President approves major legislative acts.  These are top-level policy statements characterized by lofty goals and guiding principles.  Establishing the detailed rules (which have the force of law) for implementing these policies falls to government bureaucrats in regulatory agencies.  There are upwards of 50 such agencies in the federal government, some part of executive branch departments (headed by a Cabinet level officer), others functioning independently, i.e., reporting to Congress with the President appointing, subject to Congressional approval, their governing boards (commissioners).  The NRC is one of the independent federal regulatory agencies.

Regulatory rules are proposed and approved following a specified, public process.  But once they are in place, multiple forces can lead to the promulgation of new rules or an expanded interpretation or application of existing rules (creep).  The forces for change can arise internal or external to the agency.  Internal forces include the perceived need to address new real or imagined issues, a fear of losing control as the regulated entities adapt and evolve, or a generalized drive to expand regulatory authority.  Even bureaucrats can have a need for more power or a larger budget.

External sources include interest groups (and their lobbyists), members of Congress who serve on oversight committees, highly motivated members of the public or the agency's own commissioners.  We classify commissioners as external because they are not really part of an agency; they are political appointees of the President, who has a policy agenda.  In addition, a commissioner may owe a debt or allegiance to a Congressional sponsor who promoted the commissioner's appointment.

Given all the internal and external forces, it appears that new rules and  regulatory creep are inevitable absent the complete capture of the agency by its nominally regulated entities.  Creep means a shifting boundary of what is required, what is allowed, what is tolerated and what will be punished—without a formal rule making.  The impact of creep on the regulated entities is clear: increased uncertainty and cost.  They may not care for increased regulatory intrusiveness but they know the penalty may be high if they fail to comply.  When regulated entities perceive creep, they must make a business decision: comply or fight.  They often choose to comply simply because if they fight and lose, they risk even more punitive formal regulation and higher costs.  If they fight and win, they risk alienating career bureaucrats who will then wait for an opportunity to exact retribution.  A classic lose-lose situation.  

Our perspective

Years ago I took a poli-sci seminar where the professor said public policy forces could be boiled down to: Who's mad?  How mad?  And who's glad?  How glad?  I sometimes refer to that simple mental model when I watch the ongoing Kabuki between the regulator, its regulated entities and many, many political actors.  Regulatory creep is one of the outcomes of such dynamics.


*  For related posts, click the "Regulation of Safety Culture" label.

Regulatory creep is not confined to the NRC.  The motivation for this post was an item forwarded by a reader on reported Consumer Product Safety Commission (CPSC) activity.  Commenting on a recent settlement, a CPSC Commissioner “expressed concern that . . . the CPSC had insisted on a comprehensive compliance program absent evidence of widespread noncompliance and that “the compliance program language in [the] settlement is another step toward just such a de facto rule.””  C.G. Thompson, “Mandated Compliance Programs as the New Normal?” American Conference Institute blog.  Retrieved June 6, 2013.

How the NRC Regulates Safety Culture

We have long griped about the back door regulation of safety culture (SC) in the U.S.  This post describes how the NRC gets to and through the back door.  (Readers familiar with the NRC regulatory process can skip this post.  If we get it wrong, please let us know.)

Oversight of Reactor Operations*

The Action Matrix

The NRC's Operating Reactor Assessment Program collects information from inspections (baseline and supplemental) and performance indicators (PIs) to develop conclusions about a licensee's safety performance.  Depending on the results of the NRC's assessment, a plant is assigned to a column in the Action Matrix, a table that categorizes various levels of plant performance and, for each level, identifies required and optional NRC and licensee actions.

The Action Matrix has five columns; the safety significance of plant problems increases as one goes from column 1 to column 5.  Plants in column 1 receive the NRC baseline inspection program, plants in columns 2-4 receive increasing NRC attention and licensee requirements and plants in column 5 have unacceptable performance and are not allowed to operate.

SC first becomes a consideration in column 2 when the NRC conducts a Supplemental Inspection using  IP 95001.  Licensees are expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's corrective action program (CAP).  NRC inspectors determine if the licensee's causal evaluations appropriately considered SC components and if any SC issues were identified that the corrective action is sufficient to address the SC issue(s).  If not, then the inspection report is kept open until the licensee takes sufficient corrective action.
   
For a plant in column 3, the licensee is again expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's CAP.  NRC inspectors independently determine if SC components caused or significantly contributed to the identified performance problems.  If inspectors cannot make an independent determination (e.g., the licensee does not perform a SC analysis) the inspection is kept open until the licensee takes sufficient corrective action.

If the NRC concludes SC deficiencies caused or significantly contributed to the performance issues, and the licensee did not recognize it, the NRC may request that the licensee complete an independent** SC assessment.  In other words, it is an NRC option.

For plants in column 4 or 5, the licensee is expected to have a third-party** SC assessment performed.  The NRC will evaluate the third-party SC assessment and independently perform a graded assessment of the licensee's SC.  Inspectors can use the results from the licensee's third party SC assessment to satisfy the inspection requirements if the staff has completed a validation of the third party SC methodology and related factors.  If the inspectors conduct their own assessment, the scope may range from focusing on functional groups or specific SC components to conducting a complete SC assessment 

Significant Cross-Cutting Issues

The NRC evaluates performance for seven cornerstones that reflect the essential safety aspects of plant operation.  Some issues arise that cross two or more cornerstones and result in a Significant Cross-Cutting Issue (SCCI) in the areas of Human Performance, Problem Identification and Resolution or Safety Conscious Work Environment.  Each SCCI has constituent components, e.g., the components of Human Performance are Decision-making, Resources, Work control and Work practices.  Each component is characterized, e.g., for Decision-making “Licensee decisions demonstrate that nuclear safety is an overriding priority” and has defining attributes, e.g., “The licensee makes safety-significant or risk-significant decisions using a systematic process, . . . uses conservative assumptions . . . [and] communicates decisions and the basis for decisions . . .” 

There are other components which are not associated with cross-cutting areas: Accountability, Continuous learning environment, Organizational change management and Safety policies.

Most important for our purpose, the NRC says the cross-cutting components and other components comprise the plant's SC components.

Thus, by definition analysis and remediation of SCCIs involve SC, sometimes directly.  For example, in the third consecutive assessment letter identifying the same SCCI, the NRC would typically request the licensee to perform an independent SC assessment.  (Such a request may be deferred if the licensee has made reasonable progress in addressing the issue but has not yet met the specific SCCI closure criteria.)

SCCIs are included with plants' annual and mid-cycle assessment letters.  Dana Cooley, a nuclear industry consultant, publishes a newsletter that summarizes new, continuing, closed and avoided SCCIs from the plant assessment letters.  The most recent report*** describes 15 new and continuing SCCIs, involving 6 plants.  Two plants (Browns Ferry and Susquehanna) have specific SC assessment requirements.

Our perspective

The NRC issued its SC Policy on June 14, 2011.  “The Policy Statement clearly communicates the Commission’s expectations that individuals at organizations performing or overseeing regulated activities establish and monitor a positive safety culture commensurate with the safety and security significance of their activities and the nature and complexity of their organizations and functions.”****

The SC Policy may be new to NRC licensees that do not operate nuclear reactors but as detailed above, the NRC's “expectations” have been codified in the operating reactor inspections for years.  (The SC language for the Action Matrix and SCCIs was added in 2006.)

Technically, there is no NRC regulation of SC because there are no applicable regulations.  As a practical matter, however, because the NRC can dig into (or force the licensees to dig into) possible SC contributions to safety-significant problems, then require licensees to fix any identified SC issues there is de facto regulation of SC.  SC is effectively regulated because licensees are forced to expend resources (time, money, personnel) on matters they might not otherwise pursue.

Because there is no direct, officially-recognized regulation of SC, it appears a weak SC alone will not get a plant moved to a more intrusive column of the Action Matrix.  However, failure to demonstrate a strong or strengthening SC can keep a plant from being promoted to a column with less regulatory attention.

Why does the industry go along with this system?  They probably fear that official regulation of SC might be even more onerous.  And it might be the camel's nose in the tent on NRC evaluation of licensee management competence, or looking at management compensation plans including performance incentives.  That's where the rubber meets the road on what is really important to a plant's corporate owners. 


*  This post is a high-level summary of material in the NRC Inspection Manual, Ch. 0305 “Operating Reactor Assessment Program” (Jun. 13, 2012), Ch. 0310 “Components Within the Cross-Cutting Areas” (Oct. 28, 2011) and NRC Inspection Procedures 95001 (Feb. 9, 2011), 95002 (Feb. 9, 2011) and 95003 (Feb. 9, 2011).  Many direct quotes are included but quotation marks have not been used in an effort to minimize clutter.

**  An independent SC assessment is performed by individuals who are members of licensee's organization but have no direct authority and have not been responsible for any of the areas being evaluated.  A third-party SC assessment is performed by individuals who are not members of the licensee's organization.  (IMC 0305, p. 4)

***  D.E. Cooley (SeaState Group), “NRC Reactor Oversight Program, Substantive Cross-Cutting Issues, 2012 Annual Assessment Letters, March 4, 2013 Data.” 

****  From the NRC website http://www.nrc.gov/about-nrc/regulatory/enforcement/safety-culture.html#programs

IAEA on Instituting Regulation of Licensee Safety Culture

The International Atomic Energy Agency (IAEA) has published a how-to report* for regulators who want to regulate their licensees' safety culture (SC).  This publication follows a series of meetings and workshops, some of which we have discussed (here and here).  The report is related to IAEA projects conducted “under the scope of the Regional Excellence Programme on Safe Nuclear Energy–Norwegian Cooperation Programme with Bulgaria and Romania. These projects have been implemented at the Bulgarian and Romanian regulatory bodies” (p. 1)

The report covers SC fundamentals, regulatory oversight features, SC assessment approaches, data collection and analysis.  We'll review the contents, highlighting IAEA's important points, then provide our perspective.

SC fundamentals

The report begins with the fundamentals of SC, starting with Schein's definition of SC and his tri-level model of artifacts, espoused values and basic assumptions.  Detail is added with a SC framework based on IAEA's five SC characteristics:

• Safety is a clearly recognized value
• Leadership for safety is clear
• Accountability for safety is clear
• Safety is integrated into all activities
• Safety is learning driven.

The SC characteristics can be described using specific attributes.

Features of regulatory oversight of SC 

This covers what the regulator should be trying to achieve.  It's the most important part of the report so we excerpt the IAEA's words.

“The objective of the regulatory oversight of safety culture, focused on a dynamic process, is to consider and address latent conditions that could lead to potential safety performance degradation at the licensees’ nuclear installations. . . . Regulatory oversight of safety culture complements compliance-based control [which is limited to looking at artifacts] with proactive control activities. . . . ” (p. 6, emphasis added)

“[R]egulatory oversight of safety culture is based on three pillars:

“Common understanding of safety culture. The nature of safety culture is distinct from, and needs to be dealt with in a different manner than a compliance-based control. . . .

“Dialogue. . . . dialogue is necessary to share information, ideas and knowledge that is often qualitative. . . .

“Continuousness. Safety culture improvement needs continuous engagement of the licensee. Regulatory oversight of safety culture therefore ideally relies on a process during which the regulator continuously influences the engagement of the licensee.” (p. 7)

“With regards to safety culture, the regulatory body should develop general requirements and enforce them in order to ensure the authorized parties have properly considered these requirements. On the other hand, the regulatory body should avoid prescribing detailed level requirements.” (p. 8)  The licensee always has the primary responsibility for safety.

Approaches for assessing SC

Various assessment approaches are currently being used or reviewed by regulatory bodies around the world. These approaches include: self-assessments, independent assessments, interaction with the licensee at a senior level, focused safety culture on-site reviews, oversight of management systems and integration into regulatory activities.  Most of these activities are familiar to our readers but a couple merit further definition.  The “management system” is the practices, procedures and people.**  “Integration into regulatory activities” means SC-related information is also collected during other regulatory actions, e.g., routine or special inspections.

The report includes a table (recreated below) summarizing, for each assessment approach, the accuracy of results and resources required.  Accuracy is judged as realistic, medium or limited and resource requirements as high, medium and low.  The table thus shows the relative strengths and weaknesses of each approach.

		Criteria
Approaches	Accuracy of SC picture	Effort	Management involvement	Human and Organizational Factors & SC skills
Self-assessment	Medium	Low (depending on	Low	Medium
Review		who initiates the		(to understand
(high experience and		self-assessment,		deliverables)
skills of the		regulator or
reviewers are		licensee)
assumed)
Independent	Medium	Low	Low	Medium
assessment Review				(to understand
(high experience and				deliverables)
skills of the
reviewers are
assumed)
Interaction with the	Limited (however	Medium	High	Medium
Licensee at Senior	can support a
Level	shared
	understanding)
Focused Safety	Realistic (gives	High	Medium	High
Culture On-Site	depth in a moment
Review	of time)
Oversight of	Medium (Reduced	Low	Low	Medium
Management System	if only formal
Implementation	aspects are
	considered)
Integration into	Medium (when	Medium (after an	Medium (with an	Medium (specific
Regulatory	properly trended	intensive initial	intensive initial	training
Activities	and analyzed)	introduction)	support)	requirement and
				experience sharing)

Data collection, analysis and presenting findings to the licensee

The report encourages regulators to use multiple assessment approaches and multiple data collection methods and data sources.  Data collection methods include observations; interviews; reviews of events, licensee documents and regulator documents; discussions with management; and other sources such as questionnaires, surveys, third-party documents and focus groups.  The goal is to approach the target from multiple angles.  “The aim of data analysis is to build a safety culture picture based on the inputs collected. . . . It is a set of interpreted data regarding the organizational practices and the priority of safety within these practices. (p. 17)

Robust data analysis “requires iterations [and] multi-disciplinary teams. A variety of expertise (technical, human and organizational factors, regulations) are necessary to build a reliable safety culture picture. . . . [and] protect against bias inherent to the multiple sources of data.” (p. 17)

The regulator's picture of SC is discussed with the licensee during periodic or ad hoc meetings.  The objective is to reach agreement on next steps, including the implementation of possible meeting actions and licensee commitments.

Our perspective

The SC content is pretty basic stuff, with zero new insight.  From our viewpoint, the far more interesting issue is the extension of regulatory authority into an admittedly soft, qualitative area.  This issue highlights the fact that the scope of regulatory authority is established by decisions that have socio-political, as well as technical, components.  SC is important, and certainly regulatable.  If a country wants to regulate nuclear SC, then have at it, but there is no hard science that says it is a necessary or even desirable thing to do.

Our big gripe is with the hypocrisy displayed by the NRC which has a SC policy, not a regulation, but in some cases implements all the steps associated with regulatory oversight discussed in this IAEA report (except evaluation of management personnel).  For evidence, look at how they have been pulling Fort Calhoun and Palisades through the wringer.


*  G. Rolina (IAEA), “Regulatory oversight of safety culture in nuclear installations” IAEA TECDOC 1707 (Vienna: International Atomic Energy Agency, 2013).

**  A management system is a “set of interrelated or interacting elements (system) for establishing policies and objectives and enabling the objectives to be achieved in an efficient and effective way. . . . These elements include the structure, resources and processes. Personnel, equipment and organizational culture as well as the documented policies and processes are parts of the management system.” (p. 30)