RD/GD-369: Licence Application Guide, Licence to Construct a Nuclear Power Plant

Preface

In order to obtain a licence to construct for a nuclear power plant in Canada, a formal application must be submitted to the Canadian Nuclear Safety Commission (CNSC). This guidance document identifies the information that should be submitted to support such an application.

This document applies to applications for a licence to construct a water-cooled nuclear power plant. It does not presuppose or limit an applicant’s intention to follow any particular kind of water-cooled reactor technology.

This document follows the format of the IAEA Safety Guide No. GS-G-4.1, Format and Content of the Safety Analysis Report for Nuclear Power Plants [1], but is more specific to the Canadian context. In following these guidelines, applicants can submit the appropriate information to demonstrate that they are qualified, and will make adequate and reasonable provisions to undertake the activity to be licensed, pursuant to subsection 24(4) of the Nuclear Safety and Control Act and associated regulations.

The CNSC will review the submitted application and judge if the information contained in the application is acceptable. If the CNSC accepts this information, it becomes the reference safety case for the plant, and will form part of the licensing basis at the construction licence stage. The information provided with the licence application, including the documents to which the application makes reference, constitutes the construction safety case.

The information that will be required at the time of the operating licence application will be added to this construction safety case. The operating licence application needs to update or make reference to documents previously provided in the preceding construction licence application. It will constitute the facility reference safety case. The reference safety case is then kept up to date over the facility’s lifetime to reflect its current state and condition.

---

Table of Contents

---

1.0 Introduction

This guidance document identifies the information that should be submitted in support of an application for a licence to construct a nuclear power plant.

Each application should comprise a document (or series of related documents), consisting of 16 chapters containing the information outlined in this document. This information should be accompanied by documentation that has the necessary information to complete the safety case being presented for the plant.

The CNSC may request additional information even though the application generally conforms to these guidelines. Applicants should ensure that they have included sufficiently detailed information to allow the regulatory safety assessment and licensing process to proceed efficiently.

There is some redundancy of information requested in the various sections of this document. The applicant is encouraged to cross reference to detailed information in other sections as appropriate.

Applicants are strongly encouraged to submit the documents electronically. Security program information and certain other information are sensitive and should be submitted to CNSC in a secure manner.

The requirements that are relevant to the preparation of the safety case for a licence to construct a nuclear power plant are provided in Appendix B.

1.1 General considerations

Chapter 1 of the application should introduce the application and describe its structure. The objectives and scope of each chapter, as well as the intended connections between them, should be described. This chapter should also describe the approach to be followed by the applicant if new information is added to the plant’s safety case after the licence is issued.

In this chapter, the applicant should also explain the relationship of this application to any previous licences issued by the CNSC, including any changes to the safety case that was included in the previous licences.

The applicant is expected to address all follow-up activities relevant to the design, construction and commissioning phases that would have been identified during the environmental assessment (EA) and the review of the application for a licence to prepare site. This could include the need to follow up on the implementation of mitigation measures identified in the EA or as a result of EA recommendations for design, construction and commissioning phases. If the information in the environmental impact statement and licence to prepare site was based on a bounding plant parameter envelope approach, this section should describe how the selected design fits within that envelope, or point to information elsewhere in the application where the information is provided.

1.2 Specific information

This section should contain the following information:

1. applicant’s name and business address
2. statement of the main purpose of the application and activities to be licensed
3. evidence that the applicant is the owner of the site or has authority from the owner of the site to carry on the activity to be licensed
4. names of the persons who have authority to interact for the applicant with the CNSC
5. name, maximum quantity and form of any nuclear substance to be encompassed by the licence
6. description of the safety approach supporting the design of the proposed nuclear power plant
7. description of the plant’s existing licensing status, if any
8. identification of the designer, vendor, constructor and operating organization of the nuclear power plant, and an overview of their relationships
9. names and position titles of the persons who are to be responsible for the management and control of the licensed activity
10. statement concerning any similar plants either assessed and licensed by the CNSC or any foreign national regulatory body, and a description of the main differences or design improvements made since that earlier licence was granted
11. a summary of financial guarantees relating to the proposed plant
12. description of the proposed public information program as described in G-217, Licensee Public Information Programs

1.3 Public consultation

The applicant is expected to demonstrate that ongoing consultations with the appropriate parties have been integrated into construction activities. The consultation process should demonstrate involvement of stakeholders in good faith, with a genuine desire to utilize the input received.

Applicants should reference the description of the proposed public information program as described in G-217, Licensee Public Information Programs and are expected to work with all stakeholders to establish:

1. the most appropriate methods by which to consult
2. the objectives and expectations of the consultation process
3. the means by which interested parties will be able to participate in the formulation and implementation of decisions
4. a dispute resolution mechanism that documents disputes and records efforts taken in their resolution

Applicants are encouraged to thoroughly document the consultation process, and to include a summary of that process when submitting an application to construct a nuclear power plant to the CNSC. The summary is expected to include such information as:

1. a list of the stakeholders that were engaged and how they were identified
2. the project information provided to the stakeholders
3. a summary of issues raised
4. a description of how the applicant has already responded, or plans to respond, to any issues raised

1.3.1 Aboriginal consultation

Canada has statutory, contractual, and common law obligations to consult with Aboriginal groups on the effects of proposed projects on established or potential Aboriginal rights. The common-law duty to consult is based on judicial interpretation of the obligations of the Crown in the context of existing Aboriginal and treaty rights of the Aboriginal peoples of Canada, recognized and affirmed in Section 35 of the Constitution Act (1982).

The duty to consult by the CNSC arises when it has knowledge, real or constructive, of the potential existence of an Aboriginal right or title, and the CNSC contemplates conduct that might adversely affect the right or title.

Although this legal obligation does not extend to third parties such as industry proponents, early engagement with Aboriginal groups by the proponent can enhance relationships, promote trust, improve understanding of the project by the affected Aboriginal groups, and help the proponent to understand the interests of those in the affected region.

Aboriginal consultation is discussed in further detail in RD-346, Site Evaluation for New Nuclear Power Plants.

2.0 Plant Description

2.1 General considerations

Chapter 2 of the application should include the general description of the plant, the practices and current safety concepts, and a comparison of the plant’s design and construction with prevailing modern standards and international practices. The description should provide an overall understanding of the facility, without the need to refer to the subsequent chapters in the application.

2.2 Applicable regulations, codes and standards

This section should contain a list of all regulations, codes and standards, and guides that apply to the facility. The applicant is expected to evaluate these documents for their applicability, sufficiency and adequacy, and provide the results of this work in this section. If necessary, the standards used should be supplemented with additional requirements that should also be identified in the section.

Where the licence application relies on the use of documents not traditionally used in the Canadian nuclear industry, the applicant should submit an accompanying assessment to facilitate a timely review of the submission. This assessment may be a gap analysis between the documents referenced in the application versus Canadian industry-equivalent documents, or an independent assessment of the design against equivalent documents commonly used in Canada.

The section should include declarations of the design’s compliance with the codes and standards used.

This section should provide information pertaining to cases where the expectations contained in any of the various regulatory documents and other applicable codes and standards are not met. The safety significance of the deviations should be assessed and where necessary, a separate and complete justification should be provided for each deviation. This justification should include all the information necessary to assure the CNSC that any deviations from CNSC requirements and expectations will not negatively affect the facility’s overall level of safety. This justification should be included in each of the applicable sections or documented in referenced documents provided with the application.

2.3 Basic technical characteristics

This section of the application should present briefly (in a table, if appropriate) the principal features and specifications of the plant, including:

1. number of reactor units
2. type of plant and its main features and characteristics
3. safety systems
4. type of nuclear steam supply system employed
5. type of containment structure
6. thermal power levels to be reached in the core
7. corresponding net electrical power output for each thermal power level
8. any other characteristics necessary for understanding the main technological processes of the design

In cases where the plant design is similar to earlier designs licensed by the CNSC, the applicant should provide a comparison that identifies and justifies the main modifications and improvements that have been incorporated into the submitted design.

2.4 Information on the layout and other aspects

Basic technical and schematic drawings of the main plant systems and equipment should be provided in this section, including:

1. details of the physical and geographical location of the plant
2. connections with the electricity grid
3. means of access to the site by rail, road, and water

This information should be sufficient to verify that the plant design conforms to sections 6.5 and 6.6 of RD-337, Design of New Nuclear Power Plants. The applicant should also provide general layout drawings of the entire plant, accompanied by a brief description of the main systems and equipment and their individual purposes and interactions. Information on plant layout that contains security related information must be submitted in a secure manner (see section 5.11, Security and robustness).

This section should also reference other chapters of the application that provide more detailed descriptions of specific systems and equipment. The main interfaces and boundaries between on-site equipment and systems provided by different design organizations should be described, including the interfaces with equipment and systems external to the plant (e.g., the electricity grid). The description should provide sufficient detail to reveal how the plant operation will be co-ordinated.

This section should also refer to the confidential information on the provisions made for the physical protection of the plant.

2.5 Material incorporated by reference

This section should list all documents that are incorporated by reference in the application. These documents include the results of experimental programs, tests or analyses (e.g., results of manufacturers’ material tests and qualification data, and results of fuel behaviour experimental programs). The documents listed in this section should also be referenced (or summarized, as required) in other section(s) of the application as appropriate. Any references made to a supporting document in the application should indicate which parts of these documents are relevant.

These documents are also those that have been submitted to, received from, or published by a foreign national regulatory body. Materials incorporated by reference may also include information published by a national agency or an international nuclear agency such as, the International Atomic Energy Agency or the International Commission on Radiological Protection.

Material that is incorporated by reference should have been previously submitted to the CNSC or be available from the applicant upon request.

3.0 Management of Safety

3.1 General considerations

Chapter 3 of the application should describe the management system and organizational management structure of the applicant, and any other organization involved in design, engineering, procurement, manufacturing, construction or commissioning. The management system and organizational management structure of the applicant in support of operation should be outlined. The management system programs, processes and procedures that have been or will be put in place to protect health, safety and the environment should be outlined in this chapter.

This chapter should also indicate the manner in which a qualified staff of adequate numbers, skills and competencies will be established and maintained.

It should also describe the safety policies, the roles of safety assessment organizations, and the safety advisory committees that will advise the management of the operating organization (see Glossary for definitions of “applicant” and “operating organization”).

3.2 Management systems

This section should describe the management system. The description should demonstrate that appropriate provisions integrating safety, health, environmental, security, quality and economic elements have been implemented for all safety-related plant activities. These activities should include design (including engineering assessment and analysis), procurement of goods and services (including the use of contractors’ organizations), manufacturing, plant construction, and commissioning. Finally, this section should describe measures taken to ensure the implementation and observance of the management system procedures.

This section should further describe the corporate and site management structures of the applicant, major technical support organizations, designer, constructor and major contractors and sub-contractors. Applicants should include an explanation of the way that effective management control has been and will continue to be exercised for the design, construction, commissioning and technical support functions (including control of contractors) so as to promote and assure the safety aspects of work being performed. The applicant should confirm that the personnel responsible for compliance have direct access to senior levels of the applicant’s management structure, to ensure that their needs and concerns receive adequate consideration.

Where the applicant plans for a different management system and organizational management structure for operating the plant, the applicant should outline in general terms the overall arrangements including those for the transition from construction to commissioning. (see section 9.1, General considerations, and section 9.4, Operational management processes). Provisions for decommissioning should also be outlined.

The described management system arrangements should demonstrate compliance to those clauses of CSA Standard N286, Management system requirements for nuclear facilities [2], or equivalent standard, applicable to the relative project phase.

3.3 Consideration of safety culture

Safety culture is applicable to all the activities that can have an impact on health, safety and on the environment, and it applies to all personnel involved in every phase of the plant’s lifecycle. This section should describe the strategy leading to the establishment and maintenance of a healthy safety culture for all parties (including contractors and sub-contractors) involved in design, procurement, construction, commissioning, operation, and decommissioning activities that can impact safety throughout the life of the plant. The description of the programs that have been and will be established and promoted should contain detailed information, to a degree sufficient to demonstrate the manner in which safety culture has been or will be developed, documented, promoted, maintained, continuously assessed, and enhanced.

3.4 Design authority

This section should demonstrate that the expectations set out in section 5.1 of RD-337 will be met. This section should also describe:

1. formal design authority for each phase of the lifecycle of the facility up to and including commercial operation
2. other organizations (responsible designers) assigned responsibility for the design of specific parts of the plant, including the tasks and functions of the design authority and the responsible designers
3. formal relationship, including authorities, roles and responsibilities, between the design authority and
   1. applicant
   2. major technical support organizations
   3. constructor and major contractors and sub-contractors
   4. procurement
   5. commissioning and operations organizations
4. prerequisites to be met before the design authority can be transferred, with sufficient detail provided to demonstrate that the recipient of the design authority will have the requisite knowledge, expertise and resources to assume this responsibility

3.5 Monitoring and review of safety performance

This section should demonstrate that an adequate audit and review system is in place to ensure that the applicant’s safety policy is implemented effectively. This section should also describe the provisions that have been made for an independent and ongoing safety review. This includes an objective internal self-evaluation program supported by periodic external reviews carried out by qualified persons and should take into account national and international experience and feedback from ongoing NPP construction projects. Applicants should show that the indicators of their organizational effectiveness and safety performance are measured. Applicants should also show that these indicators will enable senior management to detect any shortcomings and deterioration in safety and to respond to these occurrences in a timely manner.

The section should also describe how the applicant intends to identify any development or change in the organization that could lead to the degradation of safety performance during plant construction and commissioning. The applicant should also demonstrate the appropriateness of the measures planned to prevent such degradation.

3.6 Occupational health and safety

The production and use of nuclear energy is under federal jurisdiction. The operation and management of a federal undertaking — including labour relations and working conditions, which are part of occupational health and safety (OHS) — also fall under federal jurisdiction. However, as OHS is also normally under provincial jurisdiction, OHS in nuclear power plants is regulated by both federal and provincial bodies: Human Resources and Skills Development Canada (HRSDC), the CNSC and various provincial ministries of labour. Under HRSDC, the Canada Labour Code, Part II, applies. However, in Ontario, the courts have granted an exception to this rule, and provincial legislation concerning OHS has been incorporated by reference into the Canada Labour Code. A Memorandum of Understanding (MOU) is in place between the Province of Ontario and the Canadian federal government, whereby OHS matters in Ontario are governed by provincial requirements, on behalf of HRSDC.

In other provinces and territories, governance of OHS matters can only be determined on a case-by-case basis through analysis and identification of the applicable jurisdiction. Although OHS matters at nuclear facilities generally fall under the responsibility of the Labour Program at HRSDC, provincial licensee organizations that operate nuclear facilities benefit from provincial Crown immunity unless it is displaced by law. This effectively excludes federal jurisdiction over OHS matters at nuclear facilities operated by provincial licensee organizations. MOUs between the CNSC and provincial labour ministries, to formally establish jurisdiction over the administration of OHS matters, may be in place and must also be considered when reviewing any site licensee application.

This section of the application should demonstrate that the applicant’s proposed health and safety organization is adequate and that the applicant will:

1. adequately execute the proposed worker health and safety policies and procedures
2. be qualified and make adequate provision for the protection of the health and safety of persons, including making provision to
   1. demonstrate adequate oversight of the site OHS program
   2. ensure compliance with applicable OHS regulations and requirements
   3. ensure adequate OHS training of persons involved in site preparation activities
   4. have the capabilities for reporting and investigating incidents and significant events

The proposed health and safety organization is expected to meet the requirements as set out in the applicable provincial or federal codes.

The CNSC expects applicants to develop, implement and maintain effective OHS programs and to take actions toward preventing occupational injuries and illnesses. Under the OHS program, applicants are also expected to identify potential OHS hazards, assess the associated risks, and put in place the necessary materials, equipment, programs and measures to effectively manage, control and minimize those risks. Applicants will also be expected to implement processes and procedures under the OHS program to:

1. investigate incidents and significant events
2. identify root causes
3. implement corrective actions in order to eliminate the identified root causes
4. verify that the corrective actions are completed and will effectively prevent recurrence of the incident or significant event

The occupational health and safety policies and procedures of the licensee, or contractors engaged by the licensee for purposes of site preparation, are expected to comply with applicable provincial requirements.

4.0 Site Evaluation

4.1 General considerations

Chapter 4 of the application should describe the geological, seismological, hydrological, and meteorological characteristics of the site and the surrounding region, including the present and projected population distribution, and land use that are relevant to the design and operation of the plant.

Where applicable, this chapter should refer to, summarize, and add details to the information previously submitted in the environmental impact statement and in the application for a licence to prepare site.

The chapter should also describe the current and expected future uses of the land and water resources in the surrounding region during the life of the plant (e.g., agriculture and urban development). The description should consider master plans for provincial, regional or municipal land use near the plant and should include an assessment of their probable impact on the plant and vice-versa; the documentation should identify any land or water use that is incompatible with the plant.

All site characteristics that may affect the safety of the plant should have been investigated, and the results of the investigation should be presented in this chapter. The application should provide information concerning the site evaluation process and procedures used during the design phase and design assessment stage, including:

1. site-specific hazard evaluation for external events (of human or natural origin)
2. design assumptions or values in terms of recurrence probability of external events
3. definition of the design basis for external events
4. collection of site reference data for the plant design (geotechnical, seismological, hydrological, hydrogeological and meteorological)
5. evaluation of the impact of the site-related issues to be considered in the application, concerning emergency preparedness and accident management
6. arrangements for the monitoring of site-related parameters throughout the life of the plant

This chapter should also discuss the site exclusion and/or acceptance criteria used during the preliminary site suitability screening and after the site evaluation phase. It should include any direct (or indirect) expected interaction with biological species of conservation status, or their critical habitats.

The applicants should explain how they meet the expectations listed in sections 4.1, 4.2.2 and 6.4 of RD-337, and in section 5 of RD-346, Site Evaluation for New Nuclear Power Plants.

4.2 Site reference data

This section should describe:

1. the site location, including the area under the direct control of the applicant and the surrounding area for which there is a need for consultation with other authorities on the control of activities with the potential to affect plant operation, including flight exclusion zones. The information presented should be supported by:
   1. a legal description of the site and its exclusion zone
   2. documented legal evidence of the ownership of the site and control of the exclusion zone
   3. a drawing approved by a certified/registered land surveyor
2. information on the activities including relevant data on the population distribution and density and on the disposition of all public and private facilities (e.g., airports, harbours, railways and rail transport centres, roads, highways, factories and other industrial sites, schools, hospitals, police services, fire fighting services and municipal services) around the plant site
3. uses of the land and water resources in the surrounding area; e.g., for agriculture and urban development, including an assessment of any possible interaction with the plant and vice-versa
4. environmental baseline characteristics of the site and the surrounding area, including flora, fauna and habitat areas, air quality, geology, soils and sediments, surface and ground waters. The information presented should be in accord with section 6 of RD-346
5. geology of the site, including details on the prevailing structural geology for the regional, local, and site scales, with explanation of the methods followed to obtain the data
6. geotechnical soil properties and groundwater hydrology including the collection of data for the design of foundations, the evaluation of the effects of soil and structure interaction, the construction of earth structures and buried structures, and soil improvements at the site, and sufficient data on groundwater hydrology to allow an independent assessment of contaminant transport due to accidental or planned releases of either radioactive nuclear substances or hazardous substances
7. topographical character of the site and surrounding land, including the prevailing vegetation, in order to permit independent evaluation of the factors affecting the dispersion of radioactive nuclear substances and hazardous substances in the environment

In summary, this section should present the relevant data for the site after completion of authorized site preparation activities and include the associated ranges of uncertainty taken into account in the plant structural design and in the dispersion studies for radioactive nuclear substances and hazardous substances. Reference should be made to the technical reports describing in detail the conduct of the investigation campaigns and the origin of the data collected. The design of earth structures and site protection measures should also be described, if relevant. Projected developments relating to the site evaluation information should be described, with updates provided as required. The information provided in this section should be linked to and consistent with other information given in the application.

4.3 Exclusion zone authority and control

This section should:

1. define the exclusion zone boundary
2. identify the party that has the legal authority to exercise control over the exclusion zone
3. list the activities to be permitted within it and describe how these will be controlled in order to avoid any negative impact on plant operational safety
4. identify any activity that could adversely impact the plant’s construction or operation

The section should also explain how the expectations concerning the establishment of exclusion zones, protective zones, and facility layout, which are outlined in section 5.5 of RD-346 and in sections 6.5 and 6.6 of RD-337, will be met.

4.4 Evaluation of site-specific hazards

This section should present a detailed evaluation of potential natural and human induced hazards at the site, as listed in subsections 4.4.1 to 4.4.6. This evaluation should meet the expectations contained in the applicable sections of RD-346 and in section 7.4 of RD-337. The administrative measures employed to mitigate these hazards (especially for human-induced events) should be identified, and information should be presented on their nature and implementation, together with the roles and responsibilities of the persons charged with their enforcement.

Where applicable, this section should summarize and refer to the relevant information submitted in the environmental impact statement and in the application for a licence to prepare site. More detailed information should be provided for topics not fully addressed in the environmental impact statement and in the application for a licence to prepare site.

The screening criteria used for each hazard (including the probability thresholds and credibility of events) and the expected impact of each hazard (in terms of the originating source, potential propagation mechanisms and predicted effects at the site) should also be described in this section.

Design assumptions or values in terms of recurrence probabilities for external events should be defined and described. The approach for monitoring against the design assumptions or values should also be described.

The information presented in this section needs to be considered when establishing the design basis for the facility.

Finally, this section should demonstrate that appropriate arrangements are in place to update evaluations of site-specific hazards periodically, in accordance with the results of up-to-date assessment methods, accumulated monitoring data, and surveillance activities.

Provisions should be made to ensure that confidential information relating to site-specific hazards should remain confidential, whether for security reasons, or to protect the interests of external third parties who have provided potentially sensitive information to facilitate the assessment.

4.4.1 Proximity of transportation routes, industrial facilities and urban locations

This subsection should describe all types of access routes (land, water and air) in the vicinity of the site, including the industrial and urban developments, and identify any risks they may present to the plant.

It should also describe the results of a detailed evaluation of the effects of potential incidents at existing and proposed industrial sites, of incidents at other installations in the vicinity, and of transport incidents, in accordance with the expectations of sections 5.2 and 8 of RD-346. All the identified risks should be considered for inclusion in the design basis events cited in the application, in order to determine if additional design features to mitigate the consequences of these incidents are necessary. A description of any future developments in the vicinity of the site should also be provided; this information should be periodically reviewed and updated.

4.4.2 Activities at the plant site that may influence plant safety

This subsection should take into account the expectations of sections 8 and 9 of RD-346 and should describe all processes and activities in the site vicinity that might impact the safe operation of the plant if carried out incorrectly. These processes and activities include, for example, vehicular traffic (land, water and air) in the plant vicinity, storage and potential spillage of fuels, gases and other chemicals, on-site transport of explosives, and personnel inhalation of (or contamination by) harmful particles, smoke or gases.

Site protection measures (including dams, dikes, drainage and shoreline armouring) and any modifications to the site (such as soil substitution, or changes to the site elevation) are also relevant to the site characterization stage, and they should be assessed in relation to the design basis and described in this subsection.

4.4.3 Hydrology

This subsection should provide all the information necessary for an independent evaluation of the potential implications of the site hydrological conditions on the plant design, on its performance requirements and its safe operation. The information presented should be consistent with the expectations of sections 6.4 and 7.3 of RD-346. Conditions that should be evaluated include:

1. drought
2. floods from watercourses, reservoirs, adjacent drainage areas, or site drainage
3. potential flood waves resulting from dam failures
4. ice-related flooding
5. seismically generated water-based effects on- and off-site

For coastal and estuary plant sites, tsunamis, seiches, and the combined effects of tides and strong wind should be evaluated.

The potential effects of climate change on the local hydrology should also be taken into account. Finally, this subsection should describe any foreseeable changes in off-site land use or upstream shoreline development that could affect site hydrological conditions and therefore the plant design, performance, and safety.

This subsection should also describe the hydrogeological/groundwater aspects relevant to the site and the surrounding region. Data derived from local and regional hydrogeological investigation and groundwater monitoring programs should be documented. The following items should be evaluated in relation to the design:

1. hydrogeological stratigraphy
2. groundwater flow and potential contaminant transport patterns and rates
3. potential groundwater interaction with surface water bodies along with drawdown cones caused by construction and operation of the NPP
4. effects of the groundwater flow system on the stability and integrity of the NPP’s foundations and below-surface structures

The information presented should be consistent with the expectations of sections 6.5 and 7.4 of RD-346.

4.4.4 Meteorology

This subsection should describe the meteorological aspects relevant to the site and the surrounding region, taking into account the regional and local effects of climate, and should include data deriving from on-site meteorological monitoring programs.

Potential climate change effects should be evaluated in relation to the design, including extreme values in meteorological parameters such as temperature, humidity levels, rainfall levels, straight and rotational wind speeds, and snow loads. The possibility that lightning and windborne debris can affect the plant safety should also be considered. The information presented should be consistent with the expectations of sections 7.1 and 7.2 of RD-346.

4.4.5 Seismology

This subsection should describe the seismic and tectonic characteristics of the site and the surrounding region. The evaluation of seismic hazards should be based on a suitable geotectonic model substantiated by appropriate evidence and data. The results of this evaluation should be detailed and should be used anywhere in the application where structural design and the seismic qualification of components and safety analysis are considered. The information presented should be consistent with the expectations of sections 7.5 and 7.6 of RD-346.

4.4.6 Other hazards

The applicants should describe and provide information concerning any other hazards specific to the site that has not already been treated in subsections 4.4.1 through 4.4.5.

4.5 Radiological conditions due to external sources

This section should describe the radiological conditions in the environment of the plant site and should take into account the radiological effects of any neighbouring plant units and other external sources. The information provided should be detailed enough to serve as an initial reference point and to provide understanding of the prevailing radiological conditions at the site.

The radiation monitoring systems in place and the techniques used for the detection of radiation and radioactive contamination should be briefly described in this section. This description should be linked to and complement section 11.5, Radiation monitoring and section 13.6, Environmental monitoring program.

4.6 Site-related issues in emergency planning and accident management

This section should describe the results of an assessment of population studies and emergency planning considerations related to the site, and should demonstrate that the regulatory requirements and expectations such as those contained in RD-346 and sections 4.2.2 and 4.2.4 of RD-337 are met.

The assessment topics should include:

1. population density and distribution within the protective zone
2. present and future land and resource uses
3. physical characteristics of the site
4. availability of trained workers to develop and implement the emergency plans
5. populations in the area that may be difficult to evacuate or shelter (e.g., hospitals, schools, prisons)
6. population and land-use activities in the protective zone, which must be maintained at levels that will not impede implementation of the emergency plans
7. confirmation that the emergency plans and related protective actions that are the responsibility of the municipality(ies), province(s), or territory(ies), and foreign state(s) in the surrounding region can be implemented at any time during the plant lifecycle
8. any natural or man-made event within the design basis that would impact emergency management requirements, such as forest fires, earthquakes, extreme weather conditions, toxic fume clouds, explosions, and airplane crashes
9. any natural or man-made events beyond the design basis that are considered in the design, and would impact emergency management requirements

This section should also complement and be linked to sections relating for example, to the proximity to the plant of airports, railways, roads, and emergency services and to sections 4.2, Site reference data and 4.5, Radiological conditions due to external sources.

4.7 Monitoring of site-related parameters

This section should describe the provisions for monitoring the site-related parameters affected by seismic, atmospheric, water and groundwater-related events, and demographic, industrial and transport-related developments. This description should be sufficiently detailed to provide the information necessary to support emergency actions in response to external events, to support a periodic review of safety at the site, and to develop dispersion modelling for radioactive material. It also serves as a confirmation of the completeness of the set of site-specific hazards that have been taken into account.

Long-term monitoring programs used to detect the occurrence of significant variations from the design basis should be described. The description should include details of the collection of data using site-specific instrumentation along with data from specialized national institutions. The strategies and monitoring tools that serve to forecast, prevent or mitigate the effects of off-and on-site hazards should also be described in this section.

5.0 General Design Aspects and Support Programs

5.1 General considerations

Chapter 5 of the application should describe the plant design and support programs. The description should include the approach followed for the basic design, the goals and objectives met by the design, the manner in which these goals and objectives were met, and the codes and standards used in the design (see section 2.2, Applicable regulations, codes and standards).

The design should be provided in sufficient detail such that independent reviews can be performed. These independent reviews include the independent peer review expected in RD-337 section 5.6 and regulatory review of the design.

This section should also describe the programs put in place to ensure that the design is carried out by technically qualified and appropriately trained staff. The description should demonstrate that a systematic approach to training has been adopted and that all contractors and sub-contractors involved in the design of the plant are qualified to carry out their respective activities.

This section should also provide information on support programs that will help to ensure that:

1. the design
   1. conforms to high standards
   2. incorporates the latest developments in knowledge and technology
   3. maintains its characteristics during its lifetime within the bounds accounted for in the design and safety analysis
   4. is resistant to the effects of common cause events and, to the extent practicable, to severe accidents
2. the plant will remain reliable, robust, and easy to maintain and operate

All references to other sections of this application, or to other documents, should clearly indicate the location of the supporting information.

The information provided in this chapter should include a clause-by-clause demonstration that the expectations contained in RD-337, are met.

5.2 Safety objectives and goals

5.2.1 Safety objectives

This subsection should describe the safety objectives to be met by the chosen design, and should demonstrate that these are compatible with the expectations of section 4.1 of RD-337. The description should complement and link to other relevant sections of the application where evidence of meeting the safety objectives may be found.

5.2.2 Safety goals

This subsection should state the safety goals the design is expected to meet, and should demonstrate that these safety goals meet the expectations contained in subsection 4.2.2 of RD-337.

5.2.3 Radiation protection

This subsection should describe, in general terms, the design approach adopted to meet the Radiation Protection Regulations, and the radiation protection objectives and the dose acceptance criteria expectations contained in sections 4.1.1 and 4.2.1 of RD-337. It should demonstrate that, in all operational states, radiation doses, within the plant or due to any planned release of radioactive material from the plant, are kept below regulatory limits and are as low as reasonably achievable (ALARA), with economic and social factors being taken into account. Design features for radiation protection are discussed in section 11.4, Design features for radiation protection, of the application, while ALARA is discussed in section 11.2, Application of the ALARA principle.

5.2.4 Defence in depth

This subsection should describe, in general terms, the approach taken to incorporate the defence in depth concept (sections 4.3.1 and 6.1 of RD-337) into the design of the plant. It should show that defence in depth has been considered for all plant safety-related activities. The design approach adopted should ensure that multiple and (to the extent practicable) independent levels and barriers for defence are present in order to provide protection against operational occurrences and accidents, regardless of their origin. The selection of the main barriers should be described and justified. Particular emphasis should be placed on systems important to safety. Where appropriate, any proposed operator actions to mitigate the consequences of events and to assist in the performance of important plant safety functions should be included in the description.

5.2.5 Safety functions

The fundamental safety functions that ensure plant safety during normal operation, anticipated operational occurrences (AOOs), design basis accidents (DBAs), and (to the extent practicable) during beyond design basis accidents (BDBAs), are listed in section 6.2 of RD-337 as:

1. control of reactivity
2. removal of heat from the core
3. confinement of radioactive material
4. control of operational discharges, as well as the limitation of accidental releases
5. monitoring of safety-critical parameters to guide operator actions

This subsection should describe and explain how the fundamental safety functions have been incorporated into the design of the plant. It should identify the plant structures, systems and components (SSC) used to perform necessary safety functions at various time intervals following a postulated initiating event.

Any additional plant safety functions should also be identified and described; for example, heat removal from irradiated fuel in fuel handling and storage systems.

5.2.6 Design codes and standards

Section 7.2 of RD-337 expects applicants to define the design envelope of the NPP. This subsection of the application should describe the process and include the reference to how the requirement and expectations of the adopted Canadian and international codes and standards are met. These documents, which may also be referenced elsewhere in the application, provide the evidence that all the relevant licensing expectations for design and safety analysis have been met.

5.2.7 Design principles and criteria

This subsection should provide a general description of the way in which the design principles selected are embodied in the design. The safety assessment for the plant may be considerably simplified if conservative principles and criteria are adopted at the design stage. When aspects of the design are based on conservative deterministic principles, such as those outlined in international codes and standards or in regulatory documents, the use of such principles should be described. If the design of the plant does not fully comply with a specific deterministic principle in a regulatory guidance document, the application should demonstrate that the overall level of safety is not impaired. CNSC staff should be consulted about important deviations at an early stage.

The criteria used for determining the level of acceptable risk should be identified and shown to meet the expectations of RD-337 section 4. The applicant should also explain how design practices (such as enhancing system reliability and addressing common cause, common mode, and cross-link failures) have been used to render the risk acceptable. The conceptual framework dealing with the cases that fall between the two risk levels should be described. The cost-benefit methodology used to decide which design option was selected should also be covered.

5.2.8 Identification of plant states and operational configurations

This subsection should identify all plant states and demonstrate that the expectations of sections 5.2.3 of RD-310, Safety Analysis for Nuclear Power Plants, and 7.3 of RD-337 are met. Plant states typically include normal operation, anticipated operational occurrences, design basis accidents and beyond design basis accidents.

For operational states (normal operation and AOO), the information being submitted should cover configurations such as start-up, normal power operation, shutdown, refuelling, and any other normal operating configuration. The key parameters and unique characteristics of each operational configuration, including the specific design provision for maintaining the configuration, should also be identified. The permissible periods of operation at different conditions (e.g., power level) in the event of a deviation from normal operating conditions should also be described.

5.2.9 Single failure criterion

This subsection should provide a general description of how the single failure criterion, referred to in section 7.6.2 of RD-337, has been taken into account in the design of all systems important to safety. The description should include consideration of random failure in the operation of an individual component, as well as the consequential failures potentially induced by the performance of other components or systems. In addition, assumptions regarding the worst permissible system configuration, including its mode of operation and the permissible outage times for its components, should be described. Any exceptions to the expectations of section 7.6.2 of RD-337 should be identified.

5.2.10 Reliability assurance

This subsection should describe the reliability program established in accordance with the expectations of S-98, Reliability Programs for Nuclear Power Plants, to ensure that systems important to safety meet their reliability targets. The program should meet the design expectations for reliability outlined in section 7.6 of RD-337 and should include the basis for the reliability targets for equipment and systems important to safety. The description should include the following:

1. methods used for reliability assessment
2. how aging-related considerations are taken into account
3. selection criteria for the reliability assessment input data and subsequent updates, based on testing, surveillance and other experience

5.2.11 Other safety features

This subsection should specify, describe and explain the appropriateness of any other safety requirements or criteria that have been respected in the design. The plant design should take into account the specific safety features, such as adequate safety margins, simplification of the design, passive safety features, gradually responding plant systems, fault-tolerant plant and systems, operator-friendly systems, leak-before-break concepts, fail-safe design, or any other design approaches that can reduce the impact of failures and enhance the safety of the design.

5.3 Classification of structures, systems and components (SSC)

This section should describe the approach adopted in the design for the classification of the systems, structures, and components important for the safety of the plant. The approach taken should be consistent with the expectations of section 7.1 of RD-337 and with the identified codes and standards to be used. It should include criteria for deciding on the appropriate design requirements for each class such as:

1. appropriate codes and standards to be used in the design, manufacturing, construction, testing and inspection of individual SSC
2. system-related characteristics such as the degree of redundancy, the diversity, the separation, the reliability expectations (section 7.6 of RD-337), the environmental qualification expectations (section 7.8 of RD-337), and seismic qualification expectations (section 7.13 of RD-337)
3. availability requirements for particular SSC for on-demand duty, as well as for reliability for the prescribed mission time
4. quality assurance requirements

The description of design requirements should also address special cases, such as where:

1. there is sharing of the structures/components between two or more systems, or a system performs multiple functions
2. some SSC could potentially be vulnerable to fault propagation due to cross-links, or common cause events
3. there is a potential for physical interaction (e.g., pipe whip, jet impingement) or functional interaction between the SSC (e.g., depressurisation of heat transport system for the emergency core cooling injection, initiation of the emergency water supply, or shutdown cooling)
4. the boundary of some important systems can be a function of the operating configuration of the plant

The classification of system, structures and components should provide the criteria for the level of design detail included in this application related to the SSC as described in section 6.1. The description provided in this subsection should be sufficient to permit independent assessment of the adequacy of the classification approach.

5.4 Pressure boundary design

This section should describe the basis for the design of the pressure-retaining systems, components and their supports. The information provided in this subsection should meet the expectations of section 7.7 of RD-337. The information provided should include general design considerations and an explanation of the assessment methodology used, including the codes and standards employed. The code classification and design of pressure-retaining SSC should be in accordance with safety classification, nationally recognized codes and standards, or with codes and standards accepted by national or international institutions. This section should include a high level description of the pressure boundary design registration process, including proposed Authorized Inspection Agencies, pressure boundary quality assurance processes, identification of major process steps and interfaces with external authorities.

The description should include the basis for pressure boundary code classification of such components. It should also include, directly or by reference, other support processes that are an integral part of the design such as:

1. specification and traceability of the materials of construction
2. requirements for quality assurance
3. qualifications and certifications of designers; fabricators; authorized inspectors and examination personnel
4. the codes and standards to be used for examination and pressure testing
5. documentation and records
6. in-service inspection
7. maintenance and testing of pressure-retaining SSC

This section should also provide information concerning general design considerations, such as the methodology used to address protection against postulated piping failures for medium- and high-energy systems.

5.5 Civil engineering works and structures

This section should describe the approach followed for the design of civil engineering works and structures. The information provided will allow CNSC staff to verify that the design meets the expectations contained in section 7.15 of RD-337 over the full spectrum of considered reactor operating and accident conditions, including BDBAs. It will also permit CNSC staff to verify if the design is compliant with the applicable codes and standards. The information provided should include a brief description of the design principles and criteria used, and describe how the necessary safety margins for the construction of buildings and structures that are relevant to safety (including their seismic classification) have been substantiated. Any deviations from published design requirements should be clearly stated, and it should be explained why they are necessary and how they are achieved.

5.6 Equipment qualification and environmental factors

This section should describe the procedure adopted for equipment qualification, and should confirm that the items important for plant safety will meet the design requirements, and will remain fit for purpose when subjected to the range of individual or combined environmental challenges identified throughout the lifetime of the plant.

5.6.1 Environmental qualification

This subsection should describe the environmental qualification program. It should comprise a set of planned and coordinated activities that will ensure that equipment can perform its intended safety functions under the environmental conditions defined for all plant states in which it is credited. Refer to section 5.2.8, Identification of plant states and operational configurations, for identification of plant states. The program should be verifiable.

The information presented here should include a complete list of the equipment (mechanical, electrical, instrumentation and control and post accident monitoring) required to be environmentally qualified (for both harsh and mild environments). It should also include the designated functional requirements, the definition of the applicable environmental parameters, and the documentation of the qualification process used to demonstrate that the required equipment is capable of meeting the expectations of sections 5.7, 7.3, 7.5, 7.8 and 7.14 of RD-337. A sample of the equipment qualification documentation should be submitted.

Certain SSC and equipment may be credited to mitigate the consequences or to monitor the conditions following a BDBA or a severe accident. The ability of the credited equipment to operate in the BDBA environment should be assessed to a reasonable degree of confidence (see section 5.9.6, Severe accident management). The equipment credited for mitigation of the consequences of BDBAs and for accident management is not required to be qualified to the same level of confidence as that for DBAs.

5.6.2 Electromagnetic interference

This subsection should describe the design approach for protecting the instrumentation and electrical equipment of the safety systems and systems important to safety from electromagnetic interference (EMI)-induced faults.

The information provided in this subsection should meet the expectations of section 7.9 of RD-337. It should also demonstrate the capability, as specified in the design, of instrumentation and electrical equipment to function within the applied electromagnetic environment of the plant in different states, and without introducing significant electromagnetic disturbances to other equipment within the plant.

The following information should be provided or referenced in this subsection, to help demonstrate how the design objectives with respect to EMI and electromagnetic compatibility (EMC) will be met:

1. applicable codes and standards for dealing with EMI and EMC
2. governing quality assurance program
3. plant states affecting EMI with corresponding electromagnetic environment specifications and area details
4. any relevant plant layout strategies
5. any relevant plant construction strategies for grounding and shielding
6. requirements for device EMI safety, immunity, emission, qualification, and testing (EMC of the instrumentation and of the electrical equipment that should be taken into account in the environmental qualification program for the plant)
7. EMI-qualified device handling and storage requirements
8. installation requirements and EMI mitigation practices
9. identification and tracking requirements for EMI-qualified equipment
10. applicable maintenance training requirements
11. relevant and current internationally recognized guidance documents, codes and standards used for the EMI design and qualification process (e.g., those of the International Electrotechnical Commission (IEC), Institute of Electrical and Electronics Engineers (IEEE), International Atomic Energy Agency (IAEA))

5.6.3 Seismic qualification

This subsection should describe how the plant design protects SSC (including building structures) from earthquake damage. It should also demonstrate how the approach followed meets the expectations of section 7.13 of RD-337. The description should explain the seismic design and qualification of SSC and the seismic qualification of equipment, and refer to the applicable national (such as CSA) and international (such as IAEA) codes and standards that have been used. The seismic qualification program should take into account considerations such as:

1. seismic input, which includes the design response spectra, design time history, selection and determination of design basis ground motion and critical damping values
2. for seismic qualification by testing, the test equipment requirements, test input response spectra and acceptance criteria should be included
3. seismic analysis for building structures, taking into account the seismic analysis method, procedure used for modeling, soil-structure interaction, development of floor response spectra, and combination of modal responses
4. seismic analysis methodology for sub-systems, including structures and components that do not have an interface with the soil structure interaction analyses
5. seismic qualification of equipment in order to demonstrate its capability to perform designated safety functions during a design basis seismic event

This subsection should also describe seismic instrumentation systems necessary to determine and record site-specific seismic responses.

Certain SSC and equipment may be credited to mitigate the consequences or to monitor the conditions following a beyond design basis earthquake (BDBE). The ability of the credited equipment to operate in the BDBE environment should be assessed to a reasonable degree of confidence (see section 5.9.6, Severe accident management). The equipment credited for mitigation of the consequences of BDBEs and for accident management is not required to be qualified to the same level of confidence as that for DBEs.

5.7 Fire safety

This section should describe how the plant’s design provisions will address prevention, protection, control, mitigation, response to, and recovery from fires (including explosions) in order to protect the SSC, persons and the environment. In addition, this section should demonstrate that — in all the areas of the plant — the design meets the requirements of the NSCA and its regulations, and the expectations of RD-310 and RD-337 in general, and those in section 7.12 of RD-337 in particular. The description should complement and should be linked to section 6.10, Fire protection systems, of the application.

Design documentation is an essential element of the fire safety design process and is necessary for successful plant operation and maintenance. In order to meet this expectation, this section should enclose the following documents:

1. a design report which, as a minimum, should include the fire safety objectives and the following information as specified in sections 6.2, System description, and subsection 6.2.1, Engineering/safety evaluation
   1. design specifications and drawings
   2. design requirements document(s)
   3. design description document(s)
2. an independent third-party review of the design assessing compliance against the codes and standards used in the design, such as the National Building Code of Canada [3], the National Fire Code of Canada [4], and CSA N293, Fire Protection for CANDU Nuclear Power Plants [5]
3. a statement of compliance of the design with the codes and standards used for the design (see item 1. c) above) by the responsible design engineer

This section should contain a fire hazard assessment and a fire-safe shutdown assessment (also refer to sections 7.3, Identification, scope and classification of postulated initiating events; 7.6, Severe accidents; 7.7, Probabilistic safety assessment, and 7.8, Hazard analysis. In addition, this subsection should provide a comprehensive description of the fire protection program.

5.8 Human factors engineering

This section should describe how the plant design takes into account, or will take into account, human factors considerations in order to meet the expectations contained in G-276, Human Factors Engineering Program Plans; G-278, Human Factors Verification and Validation Plans; G-323, Ensuring the Presence of Sufficient Qualified Staff at Class I Nuclear Facilities – Minimum Staff Complement; and section 7.21 of RD-337.

This section should also describe the systematic process that has been followed, for all systems, to incorporate human factors considerations into requirements specification, requirements definition, requirements analysis, design activities and verification and validation activities.

Interfaces of human factors in design with other areas should also be described (e.g., as inputs to the development of operating and other procedures and training.). Human factors considerations that apply to the design of specific SSC should be presented in accordance with the relevant subsections.

A list of design requirements, design guides, and human factors analyses and activities that were used in developing the design should be included here. The description should show that human factors engineering and human-machine interface considerations have been applied to all operational states and accident conditions, and for all plant locations where such interactions are anticipated. This section should be linked to (via the human factors engineering program) and complement sections 9.11, Qualification and training of personnel, and 9.12, Certification of personnel.

5.9 Other requirements and programs

5.9.1 Feedback from operating experience and safety research

This subsection should describe how lessons learned from the operation of other plants or results of new research have been incorporated into the submitted plant design, in accordance with the expectations of section 5.5 of RD-337. The description should take into account:

1. changes in design due to recent advances in material properties
2. improved methods of construction and fabrication
3. considerations related to improvement in reliability and in the operability and maintainability of the plant
   

Approaches followed to mitigate the occurrence and impacts of human error during important activities such as operations, maintenance, and engineering should be explained. The subsection should also include considerations on the current safety approach, the understanding of important phenomena governing plant behaviour, and the methods and tools used in design and analysis. (See also section 9.15, Operational experience feedback, for expectations about the operational phase of the lifecycle.)

5.9.2 Safety assessment

This subsection should describe the process which has been followed to demonstrate that the expectations contained in section 5.6 of RD-337 are met and that the plant design is complete and meets all the other applicable safety and regulatory requirements.

5.9.3 Plant operability and maintainability

This subsection should describe how the issues associated with the operability and maintainability described in sections 7.3.1 and 7.14 of RD-337 have been addressed, and how, in general, the design process and its outputs support the design for system and equipment operability and maintainability. More specifically, the description should explain how the following considerations have been taken into account in the design:

1. provision of sufficient design and operating margins to reduce the frequency of abnormal conditions (conditions departing from the bounds established in the design)
2. facilitation of maintenance through systematic consideration of human factors issues in the design
3. systems for condition monitoring and problem diagnosis
4. provision of redundant heat sinks during outages
5. provisions for testing after maintenance
6. minimization of need for re-qualification for environmental qualification
7. provisions for heavy lift equipment to ensure integrity and functionality of the SSC important to safety

This subsection should be linked to and complement sections 9.11, Qualification and training of personnel, and 9.12, Certification of personnel.

5.9.4 In-service monitoring, inspection, testing and repairs/replacements/modifications

Information should be provided to demonstrate that the design takes into account in-service monitoring, inspection, testing and preventive maintenance for SSC important to safety.

This subsection should also describe the strategy and the program established for the monitoring, inspection, testing and repair of plant SSC to ensure they remain capable and available to perform their designed safety functions and to meet the expectations contained in section 7.14 of RD-337.

The approach taken should include a well-planned and effective program for monitoring and trending SSC performance, integrated with a preventative maintenance program.

The applicant should make a commitment to meet the expectations of the applicable codes, standards and regulations.

This subsection should also indicate the actions to be taken when an inspection is limited or prevented due to physical or other difficulties. Where it is intended that indirect methods to infer integrity are to be used in these circumstances, they should be described. Such methods may include the surveillance of designated reference items.

In addition, this subsection should describe the strategy and the program to be followed in the event that repairs are to be made to restore a component or system to a safe and satisfactory condition in order to meet existing design requirements.

This subsection should be linked to and complement:

1. section 9.7, Maintenance, surveillance, inspection and testing
2. section 9.11, Qualification and training of personnel
3. section 9.12, Certification of personnel
4. section 11.2, Application of the ALARA principle

5.9.5 Plant aging management

In this subsection, the applicant should describe the proactive strategy and program chosen for integrated aging management to ensure that:

1. aging issues for SSC important to safety are adequately understood and effectively addressed in the plant design for its entire lifetime
2. adequate measures will be in place for implementing an effective aging management program throughout all phases of the plant lifecycle

The strategy should meet the requirements and expectations of applicable national and international codes and standards, and the expectations contained in RD-334, Aging Management for Nuclear Power Plants, and in section 7.17 of RD-337. The description should take into account any unique features possessed by the plant, and any operating experience and practices that may have potential impact on the aging management at the plant.

The information to be submitted includes, but is not limited to following (note that system names, definitions and boundaries will vary between reactor designs):

1. outline of a pro-active strategy for aging management (including addressing aging issues in the plant design and implementing effective AMP throughout plant lifetime).
2. high-level description of the plant integrated aging management program (policies, processes, procedures, and activities that provide direction for effective aging management):
   1. organizational arrangements
   2. data collection and record keeping
   3. screening and selection process for aging management
   4. process for evaluating aging management (understanding, preventing, monitoring, mitigating)
   5. e. process for condition assessments
   6. process for SSC-specific aging management processes (AMPs)
   7. process for managing obsolescence
   8. interfaces with other supporting plant programs
   9. process for implementing AMPs
   10. process for reviewing and improving AMPs
3. preliminary SSC-AMP summaries for specific major plant SSC important to safety
4. identification of aging issues important to the safety analysis data and assumptions

5.9.6 Severe accident management

This subsection should describe the design provisions, methodology and programs for dealing with severe accidents and should show that these programs meet the expectations contained in G-306, Severe Accident Management Programs for Nuclear Reactors. The description should include:

1. principles used to develop severe accident management (SAM) programs
2. results of a probabilistic safety assessment that confirm selection of key accident scenarios and challenges to safety barriers
3. results of assessments confirming feasibility of SAM actions
4. evaluation of capability of complementary design features which may be used in accident management
5. the availability of material resources needed for their operation

This subsection should also include the identification of sequences that could potentially lead to severe accidents, and the methodology and the codes used to analyze such cases, in accordance with the scope of events described in section 5.2.2 of RD-310.

5.10 Nuclear criticality safety

This section should describe the nuclear criticality safety program established at the plant to prevent the occurrence of criticality events outside the reactor. In accordance with the requirements and expectations of RD-327 Nuclear Criticality Safety and GD-327 Guidance for Nuclear Criticality Safety, this nuclear criticality safety program should:

1. identify applicable nuclear criticality safety standards and guidelines, and the CNSC requirements
2. list the requirements that should be met to comply with the applicable standards, and guidelines, including the expectations contained in section 8.12 of RD-337
3. identify the responsibilities and authorities for implementing and managing the program
4. describe how the program meets the applicable nuclear criticality safety requirements in every functional category (such as administration, nuclear criticality safety analysis, criticality alarm system, engineering design, procedures, materials control, and ongoing oversight)
5. detail the methods used for calculations, and describe the design and operational measures to be undertaken for the monitoring, control and prevention of criticality events outside the reactor
6. identify the administrative margin of sub-criticality, the method used to determine this safety margin and the upper sub-critical limit
7. identify the risk assessment methodology to be used to demonstrate that all normal and credible abnormal ¹ conditions were assessed so that the upper sub-critical limit is not exceeded
8. identify and describe the engineered and administrative controls, including the use of an approved margin of sub-criticality for safety, in order to assure that the entire (out of reactor) process will be sub-critical under normal conditions and under credible abnormal conditions
9. describe specific postulated (out of reactor) criticality events and demonstrate that the consequences of these events do not violate criteria established by IAEA Standard GS-R-2, Preparedness and Response for a Nuclear or Radiological Emergency [7], or Health Canada Guide H46-2/03-326E, Canadian Guidelines for Intervention during a Nuclear Emergency [8], as a trigger for a temporary personnel/public evacuation
10. describe a means of detecting (out of reactor) criticality events that meets the expectations contained in the following areas of RD-337:
    1. section 8.12.1, paragraph 1, part (b)
    2. section 8.12.2, paragraph 1, part (b)
    3. section 8.13

The arrangements provided should protect workers from unacceptable radiation exposure resulting from a criticality event. The arrangements should employ only instrumentation and other equipment that conform to applicable standards.

¹ Credible abnormal conditions are events or event sequences with a frequency of occurrence equal to or more than 10^-6 per year.

5.11 Security and robustness

This section should describe the measures taken to ensure the security and robustness of the plant, and to defend against malevolent acts. As well as meeting the requirements of the Nuclear Security Regulations, the information should also meet those of section 7.22 of RD-337 and in section 9 of RD-346. This section should also identify the codes and standards used. It should also describe the general design approach, and the approach and provisions followed to ensure the physical protection of the plant (including control areas) against internal and external sabotage. These measures should take into account the selection of specific materials, the physical separation of redundant systems, the performance requirements of the equipment, and the use of barriers to segregate redundant trains.

The design description should also include:

1. rules followed to establish the scope of the threats
2. justification for the specification of vital areas, and the loads (impact forces, blast pressure waves, internal induced vibrations, fires, and missiles) on SSC and buildings that are to be expected
3. methodology used for assessing the vulnerability of the plant, along with the measures chosen to address these vulnerabilities and their consequences

In addition, the section should describe provisions for protecting the capability of:

1. monitoring and control of plant parameters
2. emergency management and response
3. mitigation and recovery measures to ensure the safety of the plant personnel and the public

Cyber/network robustness against internal and external malevolent acts should also be addressed.

Note: Applicant submissions and resultant review correspondence related to this topic is considered to be prescribed information under the Nuclear Safety and Control Act and must be submitted in a secure manner. The Government of Canada Treasury Board Secretariat Policy on Government Security, [9] can be referenced for further details on handling, submitting and transmitting assets considered security sensitive.

6.0 Design of Plant Structures, Systems and Components

6.1 General considerations

Chapter 6 of the application should provide a description of all plant structures, systems and components (SSC) that are important to safety, and should explain how they contribute to meeting the safety objectives and goals identified in section 5.2, Safety objectives and goals. A list of SSC important to safety, along with their classification, categorization and the criteria for the level of detail should be included as an annex or referenced here. The level of detail presented depends upon the safety importance of the particular structure, system or component described. As indicated in chapter 5, General Design Aspects and Support Programs, the application should provide a clause-by-clause demonstration of compliance with RD-337. The application should clearly indicate the relevant sections of all supporting/reference documents.

6.2 System description

Each section of chapter 6, Design of Plant Structures, Systems and Components, focuses on a specific system should describe in detail the characteristics and major components of the system and its design basis requirements (e.g., the functional and performance requirements associated with the definition of design basis). The following information should also be provided:

1. objective of the system, its safety, seismic, environmental and quality assurance classifications, and how it relates to the entire plant
2. design description of the system and its main components with their configuration and their modes of operation, including
   1. functional requirements (e.g., postulated demands and required performance for all plant states)
   2. the design basis events that contribute to the determination of the system design requirements, and which design limits are determined by which events
   3. interfaces with other systems
   4. measures taken to minimize the generation of hazardous and radioactive waste through design
   5. e. any other specific requirements imposed by applicable regulations, codes and standards
3. supporting design documentation and any related documents, such as design requirements of the system
4. safety and pressure boundary code classifications, seismic and environmental requirements, requirements developed to ensure consistency with other systems and the safety analysis, the design reliability targets for systems and main components, and any requirements resulting from operational feedback
5. human factors requirements , including
   1. human-machine interface(s) for all plant states
   2. instrumentation, displays and alarms provided to monitor system operations
   3. physical location, accessibility and usability of equipment requiring testing, maintenance and surveillance
   4. physical interlocks, and indication of bypassed or inoperable status
6. detailed elements of system design, including, as appropriate
   1. design flow-sheets for fluid systems
   2. single line diagrams for electrical, and instrumentation and control systems
   3. functional block diagrams for logic systems
   4. physical location and isometric drawings
   5. e. system boundaries as a function of mode of operation
   6. containment boundaries including isolation requirements
   7. code classification and classification boundaries for pressure-retaining systems and components
   8. seismic categories and seismic boundaries and their interfaces with support systems providing services, such as electric, pneumatic or hydraulic power, cooling, lubrication, and sampling systems
   9. chemical control specifications
7. operational aspects, such as
   1. operation of the system and its expected performance (including under beyond design conditions, if it is important)
   2. interdependence with the operation of other systems
   3. requirements for technical specifications regarding system operability
   4. system testing for availability, reliability, and capability, including online health monitoring, reporting and trending
8. maintenance aspects, including
   1. surveillance
   2. condition-based preventive maintenance
   3. periodic maintenance and overhauls to ensure continued safety performance and to meet design reliability targets throughout the system’s qualified life
9. in-service inspection specifications, including visual, surface and/or volumetric non-destructive examination for SSC to confirm that the actual condition of the SSC complies with design assumptions
10. commissioning testing requirements to
    1. demonstrate to the extent practicable that the SSC meet their performance requirements in all operational states and accident conditions credited in the safety analysis (particularly important for those design features which are new or first of a kind)
    2. verify that the SSC have been correctly installed/constructed (refer to section 8.4, Commissioning program)

Any design features necessary to support commissioning tests should be described.

6.2.1 Engineering/safety evaluation

This sub-section should demonstrate that the design has met all the relevant functional codes, standards and regulatory requirements for each structure, system, and component. For systems important to safety, this includes:

1. failure modes and effects analysis
2. assessment of vulnerability to single failures, cross-links, common cause and common mode failures
3. assessment of system reliability and equipment function in the anticipated environment, and seismic events, as applicable

Supporting technical information to demonstrate compliance with design requirements should be summarized (with reference to the original reports), including information on:

1. material strength
2. overpressure protection
3. corrosion resistance
4. environmental qualification
5. reliability assessment, resistance to electromagnetic and radiofrequency interference
6. verification and validation of software

This subsection should also provide the following information for each system that is credited (or which supports a system credited) in the safety analysis:

1. an assessment of the functional capability of the system that is directly credited in the safety analysis, including, but not limited to:
   1. timing of system operation
   2. minimum system performance envelope to meet safety analysis assumptions
   3. ability of the system to perform over the lifetime of the plant
   4. ability of the system to perform in any abnormal environmental conditions in accident scenarios for which the system is credited
2. a demonstration that the physical separation, the electrical and/or fluid isolation devices and the environmental qualification requirements (or any other special protective measures) provide sufficient capacity to deliver the credited functions reliably

The generic points described above should be implemented and supplemented by more detailed information on the specific features or functions to be fulfilled by each particular structure, system, and component, as detailed in the rest of chapter 6, Design of Plant Structures, Systems and Components.

6.3 Civil and structural design

This section should present relevant information on the design of the site layout and on civil engineering works and structures associated with the nuclear facility. The design and analysis procedures, the assumed boundary conditions and the computer codes used in the analysis should be described. This information should be in accordance with sections 7.15 and 8.6.2 of RD-337 and include a description of the design principles, design basis requirements and criteria, and applicable codes and standards used in the design. It should also demonstrate sufficient safety margins for the buildings and structures that are important to nuclear safety (e.g., seismic design and robustness against internal and external events). Any deviation from applicable codes and standards or from other design requirements should be clearly stated and justified.

The information on site and plant layout should describe the principal design considerations, including human factors issues considered when the layout of the site was determined, main building and structures, sources of cooling water, grid connection, and access to all essential services required for both normal and emergency operation.

The seismic classification for each structure and building should be provided. The range of anticipated structural loadings and performance requirements should be described, including design consideration for specific hazards during construction, commissioning, or operation, and for any design considerations or mitigation measures in place to deal with beyond design basis accidents.

The safety classification for each building containing equipment or used for operations important to safety should be commensurate with the classification of the systems and equipment that it contains or the operations it is used for. The descriptions provided here should include the extent to which various load combinations have been considered, in order to confirm the building’s ability to fulfill its safety functions. If a structure performs a function other than structural support (e.g., radiation shielding, separation barrier, or containment), then the additional requirements necessary for this function should be specified and referenced in other relevant sections of the application.

The description of structures housing nuclear materials (e.g., new and spent fuel or tritiated light or heavy water) should include the design considerations (e.g., applied loads, codes and standards, analytical tools, and material properties), the structural stability, the relative displacements, and the means of protection against internal and external events that were considered.

The description should address the safety requirements for the containment building or system, including, for example, its structural strength, leak tightness, and resistance to steady-state and transient loads (such as those arising from pressure, temperature, radiation, and mechanical impact) that could be caused by postulated internal and external events. The main design features of the structures provided to comply with these safety requirements should also be described.

In addition, the safety requirements and design features for the containment internal structures, such as the reactor vault structure, the shielding doors, the airlocks, and the access control and facilities should be detailed. This description should include the coupling between the internal structures and the main containment structure that affects the transmission of loads from external events to the internal structures.

The information provided on the containment structure should also include the design features provided to meet the applicable safety expectations identified in section 5.2, Safety objectives and goals, and in section 8.6 of RD-337. The containment description should also cover matters such as:

1. identification of the applicable design guides and design requirements
2. description of the structure, including:
   1. base slab and sub-base
   2. containment wall design
   3. containment wall openings and penetrations
   4. pre-stressing system
   5. e. containment liner and its attachment method

If the design incorporates confinement or secondary containment, this should also be described, including the analytical models and methods used, and the results of the design evaluation of the containment’s ultimate pressure capacity with the corresponding acceptance criteria. For designs incorporating a liner plate, the analysis and design procedures for the liner plate and its anchorage should be provided.

6.4 Reactor

This section should demonstrate how the expectations contained in sections 8.1 and 8.4 of RD-337 are met. The applicant should provide relevant information concerning the reactor, following the format outlined in section 6.2, System description, and should provide a summary description of:

1. mechanical, nuclear, thermal and hydraulic behaviour of the designs of the various reactor components
2. fuel, reactor internals, and reactivity control systems
3. related instrumentation and control systems in place to demonstrate the capability of the reactor to perform its design safety functions in all operational states throughout its design life

6.4.1 Design of the fuel system

This subsection should contain information concerning the design of the fuel system, including the following:

1. description of the main elements of the fuel system, including the fuel design drawings
2. design basis requirements, including identification of all fuel damage mechanisms, a description of the design limits, and the characterization of fuel performance under conditions of normal operation, anticipated operational occurrences, and design basis accidents
3. results of out- and in-reactor tests, operational experience in other reactors, and the results of analytical assessments to demonstrate that the fuel design meets its design requirements and design limits
4. description of the methods and computer codes used to assess the fuel performance under normal and accident conditions, including the knowledge base of phenomena governing the fuel’s response to various service challenges., and a justification of the safety limits set to prevent fuel damage from exceeding acceptable levels
5. program to be followed to monitor and evaluate fuel performance
6. description of the fuel manufacturing process dictated by design specifications and drawings and how this ensures that the fuel will fulfill its design basis requirements

6.4.2 Design of the reactor internals

This subsection should provide a description of the design of the reactor internals and their design basis requirements, defined as:

1. general external details of the fuel
2. structures into which the fuel has been assembled (e.g., the fuel assembly or fuel bundle)
3. related components required for fuel positioning
4. all supporting elements internal to the reactor, including any separate provisions for moderation and fuel location

The information provided should link to and complement other sections that cover related aspects of the reactor fuel and its handling and storage:

1. physical and chemical properties of the fuel components including:
   1. thermalhydraulic, structural and mechanical aspects
   2. the expected response to static and dynamic mechanical loads and their behaviour
   3. a description of the effects of irradiation on the ability of the reactor internals to perform their safety functions adequately over the design life of the plant
2. any significant sub-system components, including any separate provisions for moderation and fuel location (corresponding design drawings should be provided)
3. consideration of service effects on the performance of safety functions, including surveillance and/or inspection programs for reactor internals to monitor the effects of irradiation and aging on them
4. program to monitor the behaviour and performance of the core, which should include provisions to monitor the neutronics, dimensions, and temperatures of the core

6.4.3 Nuclear design and core nuclear performance

This subsection should describe the design basis requirements established for:

1. nuclear design of the fuel
2. reactivity control systems (including nuclear and reactivity control limits such as excess reactivity, fuel burn-up, reactivity feedbacks)
3. core design lifetime
4. fuel replacement strategies
5. reactivity coefficients
6. stability criteria
7. maximum controlled reactivity insertion and removal rates
8. control of power distributions
9. shutdown margins
10. rod speeds and stuck rod criteria
11. chemical and mechanical shim control
12. neutron poison requirements
13. all shutdown provisions

The standards used should conform to generally accepted modern engineering norms.

The description should also include the following applicable areas of the design:

1. fuel enrichment distributions
2. burnable poison distributions
3. physical features of the lattice or assemblies relevant to nuclear design parameters
4. delayed neutron fractions and neutron lifetimes
5. core lifetime and burn-up
6. plutonium build-up
7. soluble poison insertion rates
8. xenon burnout or any other transient requirements

Further detailed information should be provided in the following specific areas, as appropriate:

1. power distributions
2. reactivity coefficients
3. reactivity control requirements
4. reactivity devices
5. criticality during refuelling
6. reactor core stability, irradiation issues
7. analytical methods used (with verification and validation information and uncertainties)
8. testing and inspection plans
9. operational limits and conditions

6.4.4 Core thermalhydraulic design

In this subsection, information concerning the reactor and reactor coolant system thermalhydraulic design should be provided, including the following:

1. design basis requirements, the thermal and hydraulic design for the reactor core and attendant structures, and the interface requirements for the thermal and hydraulic design of the reactor coolant system
2. analytical tools, methods, and computer codes (with codes for verification, and validation information and uncertainties) used to calculate thermal and hydraulic parameters
3. flow, pressure, void, and temperature distributions, and the specification of their limiting values and a comparison with design limits
4. justification for the thermalhydraulic stability of the core, for example, stability in forced or natural circulation flow against:
   1. neutronic/thermalhydraulic feedback
   2. flow oscillations
   3. parallel channel instabilities

6.4.5 Reactor materials

In this subsection, a justification for the materials used for the components of the reactor (including the materials for the reactor coolant system pressure boundary, the materials for the core support function and the materials for in-core components such as control rods and instrumentation) should be provided. Neutronic properties of control rod materials are considered in section 6.4.3, Nuclear design and core nuclear performance. Information should also be provided on the material specifications, including:

1. chemical, physical and mechanical properties
2. resistance to corrosion
3. dimensional stability, strength, toughness, crack tolerance, and hardness
4. microstructrure and material fabrication details, where this is important

The properties and required performance of seals, gaskets and fasteners in the primary pressure boundary should also be described.

This section should include a description of a material surveillance program that will address potential material degradation for all components, particularly for components operated in high radiation fields, in order to determine the metallurgical or other degradation effects of factors such as irradiation, stress corrosion cracking, flow-accelerated corrosion, thermal embrittlement, vibration fatigue, and other aging mechanisms.

6.5 Reactor coolant and associated systems

This section should demonstrate that the design of the reactor coolant system and its associated systems meets the expectations of section 8.2 of RD-337. It should use the format outlined in section 6.2, System description.

The information requested in subsections 6.5.1, Integrity of the reactor coolant system pressure boundary, and 6.5.2, Design of the reactor coolant system and reactor auxiliary systems, should demonstrate how the reactor coolant system and associated systems will retain their required level of structural integrity for the plant design life in operational states and in accident conditions.

6.5.1 Integrity of the reactor coolant system pressure boundary

This subsection should describe and support the results of the detailed analytical and numerical stress evaluations, and of the engineering mechanics and fracture mechanics studies for all components comprising the reactor coolant system pressure boundary. It should take into account the entire range of operating and postulated accident conditions in all operating and shutdown states and should list all components and their corresponding applicable design and other codes. The description should directly refer to the detailed stress analyses for each of the major components, to permit further evaluations to be made, if necessary. The information provided should be detailed enough to demonstrate that the materials, fabrication methods, inspection techniques, loading conditions and load combinations used conform to all applicable regulations, codes and standards. The pressure boundary materials, the pressure-temperature limits and the integrity of the reactor pressure boundary, including embrittlement considerations, should all be taken into account in this information.

If the reactor design includes a calandria vessel, similar information for these components should also be presented at a level of detail commensurate with their importance to safety.

6.5.2 Design of the reactor coolant system and reactor auxiliary systems

This subsection should document the design basis requirements for the reactor coolant system and its major components, and should describe and justify its design performance and features to ensure that its various components and its interfacing sub-systems meet the safety requirements for design.

Where applicable, the information provided should cover the following:

1. reactor coolant pumps
2. steam generators or boilers
3. depressurization system
4. reactor coolant system piping
5. main steamline isolation system
6. isolation cooling system for the reactor core
7. main steamline and feedwater piping
8. pressurizer
9. pressure-relief discharge system
10. provisions for main and emergency cooling
11. residual heat removal system and its components, such as pumps and valves
12. supports for piping, vessels and components

The information provided should also show that the reactor coolant system, structures, and components are designed and will be manufactured and installed in a manner to allow periodic inspections and tests during their operating lifetime. The location of specified inspection information in the design documentation, including the volumetric or visual examination and testing, should be indicated.

This subsection should describe any additional systems associated with the reactor that are not described elsewhere in the application. For example, for CANDU reactors, such information would include the moderator system and its auxiliaries, the end shield cooling system and the annulus gas system. An example for light water reactors would be the primary leak detection system.

6.6 Safety systems

This section should present relevant information for the plant safety systems (as defined in RD-337) and their associated systems, using the format of section 6.2, System description. Where necessary, additional system-specific information should also be provided as indicated in the subsections 6.6.1 through 6.6.5.

6.6.1 Reactivity control systems

This subsection should describe the reactivity control systems of the reactor and include the following:

1. design basis requirements for the systems
2. demonstration that the reactivity control systems, including any essential ancillary equipment, are designed to provide the required functional performance and are properly isolated from other equipment
3. qualification and commissioning tests that are to be carried out, in order to ensure that the equipment and system performance comply with the design requirements and meet the claims for their performance made in the safety analysis
4. description on how the necessary separation and diversity expected by section 8.4 of RD-337, have been achieved
5. description of the rate of reactivity insertion and the depth of each reactivity control system as expected by section 8.4 of RD-337

Actuation of the reactor reactivity control systems by the safety system instrumentation and control systems is discussed below in section 6.7, Instrumentation and control. Taken together, the safety system instrumentation and control systems and the reactivity control systems should meet the expectations for shutdown means, as stated in section 8.4 of RD-337.

6.6.2 Emergency core cooling system

This subsection should contain information on the emergency core cooling system and associated fluid systems, including the design basis requirements for the individual systems. It should also demonstrate that the expectations of section 8.5 of RD-337 have been met (initiation of the emergency core cooling systems is to be dealt with in section 6.7, Instrumentation and control).

6.6.3 Containment systems

This subsection should describe the containment systems incorporated in the plant design in order to localize the effects of accidents. It should demonstrate that the expectations of section 8.6 of RD-337 have been met, covering the full spectrum of operational states and accident conditions and including applicable codes and standards. The description should include, as appropriate:

1. heat removal systems of the containment
2. functional design of the secondary containment
3. containment isolation system
4. containment ventilation system
5. containment penetrations
6. protection of the containment against overpressure and under-pressure
7. control of combustible gas in the containment
8. containment venting provisions
9. containment spray system
10. containment leakage testing system

The design basis requirements for each of the systems identified above should be addressed. This subsection should also include a schematic presentation of the containment envelope showing the containment boundary for each operational state.

6.6.4 Emergency heat removal

This subsection should describe the measures in place to meet the expectations of section 8.8 of RD-337 to provide a diverse means of heat removal. If the system credited in this subsection has another role in normal operation, then this part of the application should also describe how the system will meet the expectations for a safety system when used during an emergency. The design basis requirements for the system in this role should be included in the information provided.

6.6.5 Other safety systems

This subsection should identify and describe all other safety systems incorporated in the plant design and should provide their individual design basis requirements. Examples of such other systems include the auxiliary feedwater system, the steam dump to the atmosphere, and backup cooling systems.

6.7 Instrumentation and control

This section should describe the plant instrumentation and control (I&C) systems, in accordance with section 6.2, System description. The description should explain the design approach for I&C pertaining to all SSC of the plant. It should also include the various design rules followed to implement that approach and to ensure that the reliability of the systems meets design targets. Particular attention should be given to explaining common cause and cross-link effects arising from the various events considered in the safety case, and the equipment diversity and independence that have been incorporated into the design to deal with these eventualities. Interfaces (including independence and separation between safety and all other instrumentation and control systems) should be addressed.

The reactor instrumentation senses various reactor parameters and transmits appropriate signals to the control and safety systems during normal operation and anticipated operational occurrences, as well as under accident conditions. This subsection should emphasize those instruments and associated equipment that actuate the safety systems. It should also emphasize the systems relied upon by operators for monitoring plant conditions, in order to be able to shut down the plant reliably and maintain it in a safe shutdown state after a design basis accident.

The description should include failure end-states for key instrumentation and control devices, taking into account the implications of these failure states for the safe operation of the plant. General expectations for instrumentation and control are given in section 7.9 of RD-337. Other important expectations, for example, those related to reliability and sharing and those dealing with human factors, are given in sections 7.6 and 7.21, respectively, of RD-337. More specific expectations concerning instrumentation and control are addressed in subsections 6.7.1 through 6.7.4.

6.7.1 Safety system instrumentation and control

This subsection should describe the design of the safety systems’ instrumentation and control (I&C). This includes the following specific information:

1. design basis requirements for individual actuation parameters (physical measurements used to trigger safety system action), including a list of the postulated initiating events for which each parameter is credited
2. identification of the interfaces with other systems, including the provisions to ensure the proper isolation of electrical signals, the means used to ensure the physical separation of redundant actuation system channels, and the means used to generate coincidence signals from redundant independent channels
3. a description of the hardware and software quality assurance programs and the software development process (including software requirements, design, implementation, verification, computer system integration, computer system validation, commissioning, and configuration control). The description for software is needed when digital computers are used for safety systems
4. specification of actuation system set-points for safety systems, the time delays in system operation, the measurement uncertainties, and how these relate to the assumptions made in chapter 7, Safety Analyses
5. provisions for equipment protective interlocks (e.g., pump and valve interlocks and motor protection) within the actuation system, including a demonstration that such interlocks will not adversely affect the operation of safety systems
6. provisions for manually initiating safety systems from the main control room and the secondary control room
7. relevant remote operator and/or automatic control, local control, on-off control or modulating control considered in the design and credited in the safety analysis
8. elementary logic diagrams of the safety systems from the sensors to the end devices
9. provisions of a secure development and operating environment for the protection of digital computer-based safety system I&C

6.7.2 Information systems important to safety

This subsection should describe display instrumentation of systems important to safety to demonstrate that the expectations of sections 7.21 and 8.10 of RD-337 are met. The following specific information should also be provided (it is recognized that some information will be preliminary):

1. safety class of each information system important to safety
2. list of the measured parameters
3. physical locations of the sensors
4. equipment qualification envelope (defined by the most limiting conditions in operational states or accident condition)
5. the duration of the time period for which the reliable operation of the sensors is required

If the measured parameters are processed by a computer, this subsection should describe:

1. characteristics of any computer software (e.g., scan frequency, parameter validation, and cross-channel sensor checking) used for filtering, trending, or to generate alarms
2. long-term storage of data and displays and how information will be made available to the operators in the control room and the secondary control room
3. implications of the failure of the plant computers and the mitigating strategies developed to provide operators with essential information
4. means of achieving the synchronization of the different computer systems if data processing and storage are performed by multiple computers

6.7.3 All other instrumentation systems important to safety

This subsection should describe any other instrumentation systems required for safety. It should cover:

1. any particular system needed for the management of severe accidents
2. leak detection systems
3. vibrations and loose parts monitoring systems
4. protective interlock systems that are credited in the safety analyses with preventing damage to SSC important to safety and for preventing specific accidents (e.g., valve interlocks at interfaces between low-pressure and high-pressure fluid systems whose operation could result in an inter-system loss of coolant accident)

This subsection should describe the control systems for normal operation, including any power reduction systems. Specific information should be provided to demonstrate that postulated failures of control systems will not defeat the operation of systems of a higher safety class, or result in scenarios more severe than those already postulated and analyzed in the safety analyses. The following should be included:

1. a description of control systems used for normal plant operations
2. a description of any limitation systems (e.g., control grade power reduction systems installed to avoid a reactor trip, by initiating a partial power reduction)
3. evidence that such systems do not challenge the operation of other systems important to safety

6.7.4 Control room instrumentation and control

This subsection should describe instrumentation and control systems for the control room facilities, including their grouping and separation. See section 6.15, Control room facilities, for other aspects.

The means of physical and electrical isolation between the plant systems and communication signals routed to the main control room and the secondary control room should be described in detail. This description should demonstrate that the secondary control room instrumentation and control equipment is redundant and fully independent from the main control room.

The mechanisms for the transfer of control and communications from the main control room to the secondary control room should also be described in detail to demonstrate how this transfer would occur under accident conditions. Communication with the emergency support centre should also be described.

6.8 Electrical systems

This section should describe the plant’s electrical power systems, following the format provided in section 6.2, System description. It should provide an explanation of the overall design approach for the systems and their design basis requirements, as well as the following information:

1. divisions of electrical power systems, including the differing system voltages and specification of which parts of each system are considered essential
2. assurance that the electrical power systems important to safety, including breakers, are functionally adequate, and that these systems have adequate redundancy, physical separation, independence, reliability, and testability in compliance with applicable design criteria
3. description of the electrical equipment protection, including the provisions to bypass this protection under accident conditions
4. general description of the utility grid and its interconnection to other grids, and the connection point to the on-site electrical system (or switchyard), including the capacity, stability and reliability of the grid in relation to the safe operation of the plant
5. description of the physical location of the load dispatching centre controlling the grid with the provisions for communications between the dispatch centre, the remote major load centres, and the generating plants
6. description of the principal means of regulating the voltage and frequency to connect and disconnect safely from the external grid
7. simplified line drawing showing the main grid interconnections

The electrical system should meet the expectations of sections 7.10 and 8.9 of RD-337.

6.8.1 Off-site power systems

This subsection should provide information concerning the off-site electrical power systems. The information should include a description of the off-site power systems, with emphasis on features for control and protection (e.g., breaker arrangements, manual and automatic disconnect switches) at the interconnection to the on-site power system. The responsible authority controlling the operation of these grid connections to the on-site power system, and the availability of those operations, should be clearly explained. Special emphasis should be placed on all design provisions used to protect the plant from off-site electrical disturbances and to maintain power supply to in-plant auxiliaries via transfer schemes and manual switching capabilities. Information on grid reliability should also be provided, and any design-specific provisions necessary to cope with grid failures should be explained.

6.8.2 On-site power systems – AC power systems

This subsection should provide information concerning the plant’s AC power systems. The information should include:

1. a description of the on-site AC power systems, including:
   1. standby or emergency generator systems and associated transfer schemes and reloading sequences
   2. main generator configuration
   3. redundancy and grouping of the plant electrical distribution along with any associated transfer schemes
   4. non-interruptible AC power system
2. the power and availability requirements for each plant AC load should be identified, including:
   1. steady-state load, load requirements, including qualifications specified in the safety case during abnormal process conditions
   2. start-up kilovolt-amperes for motor loads
   3. nominal voltage, the allowable voltage drop (to achieve full functional capability within the required time period as specified in the safety case)
   4. sequence and time necessary to achieve full functional capability for each load, as specified in the safety casenominal frequency and the allowable frequency fluctuation
   5. e. number and coordination of electrical trains, and the minimum number of trains of safety systems to be energized simultaneously
   6. standby generator/emergency generator instantaneous step-load capability

In addition to the above information, specific information should be provided to demonstrate that the on-site AC power systems meet the expectations contained in section 8.9 of RD-337 and that:

1. in a design basis accident with a subsequent loss of off-site power, the required safety system loads can be sequenced onto the standby or emergency generators without overloading the generators and within the time presented in the safety case
2. on-site AC power system breakers are co-ordinated to ensure the reliable delivery of standby or emergency power to safety systems and non-interruptible AC power system loads
3. non-interruptible AC power is continuously provided to safety systems and instrumentation and control systems important to safety for the defined mission times specified in the safety case, while normal off-site AC power systems are available, and during postulated loss of off-site power events
4. maximum frequency decay-rate and the limiting under-frequency value, as specified in the safety case, are justified
5. on-site AC power system performance requirements during station blackout conditions are sufficient

6.8.3 On-site power systems – DC power systems

This subsection should describe the DC power systems, covering specific system details such as:

1. evaluation of the long-term discharge capacity of the battery system (the projected voltage decay as a function of time without charging when subjected to design safety loads)
2. identification of the major DC loads present (including the non-interruptible AC power system rectifiers, inverters, static transfer switches, and any non DC loads important to safety such as the lubrication oil pumps for the turbine bearings)
3. description of the fire protection measures for the DC battery vault area and cable systems
4. requirements for each plant DC load, including:
   1. steady-state load
   2. surge loads (including under emergency conditions)
   3. load sequence
   4. nominal voltage
   5. e. allowable voltage drop to achieve full functional capability within the required time period specified in the safety case
   6. number of trains
   7. minimum number of safety system trains to be energized simultaneously if more than two trains are provided

6.9 Plant auxiliary systems

This section should describe the plant auxiliary systems, including their design basis requirements in accordance with the format followed in section 6.2, System description.

6.9.1 Water systems

This subsection should provide information concerning the water systems associated with the plant. It should include the station service water systems, the cooling system for reactor auxiliaries, the makeup system for demineralised water, the condenser cooling water system, the ultimate heat sink, and the condensate storage facilities.

The safety significance and reliability requirements of each of the water systems should be addressed with respect to any claims made in the safety case for their availability to provide cooling. Those water systems that support safety systems or safety functions should meet the expectations of section 7.10 of RD-337.

6.9.2 Process auxiliaries

This subsection should describe the auxiliary systems associated with the reactor process system. It should include information on the following:

1. compressed air systems
2. process and post-accident sampling systems
3. equipment drainage and floor drainage systems
4. chemical control systems and volume control systems
5. purification system
6. system for controlling the use of soluble poisons.

If soluble poisons are used to provide a guaranteed shutdown state, then it should be demonstrated that the expectations of section 7.11 of RD-337 are met.

6.9.3 Heating, ventilation and air conditioning systems

This subsection should describe the plant’s heating, ventilation, air conditioning and cooling (HVAC) systems. It should include coverage of the ventilation systems for the control room area, the spent fuel pool area, the auxiliary and radioactive waste area, the turbine building (in boiling water reactors), and the ventilation systems for safety systems. The safety significance of any HVAC system credited in the plant safety analysis should be clearly stated, including all common safety-related functionality dependencies such as the air-conditioning system for an equipment room that may contain multiple divisions or groupings of support systems.

6.9.4 Other auxiliary systems

This subsection should describe any other plant auxiliary system whose operation may influence plant safety, but that has not been covered elsewhere in the application (e.g., the communication and lighting systems).

6.9.5 Power conversion systems

This subsection should describe the plant’s power conversion system. Information on steam and power conversion systems should include, as appropriate:

1. safety and performance requirements for the turbine-generator(s) in normal operational states and under accident conditions
2. description of:
   1. main steamline piping and the associated control valves main condenser
   2. main condenser
   3. evacuation system
   4. turbine gland sealing system
   5. e. turbine bypass system
   6. circulating water system
   7. condensate cleanup system
   8. condensate and feedwater system; and, where applicable
   9. steam generator blowdown system
3. description of the water chemistry program with a discussion of the materials of the steam, feedwater and condenser systems
4. detailed description of any other type of power conversion systems used by a plant in order to demonstrate its compliance with the applicable design requirements

6.10 Fire protection systems

This section should describe the fire protection provisions for the SSC of the systems important to safety, in accordance with the format outlined in section 6.2, System description. The documentation provided should demonstrate that the fire protection systems meet the expectations of RD-337 in general and of section 7.12 of RD-337 in particular. It should also justify the arrangements made to ensure that the plant design provides adequate fire protection.

The design should include adequate provisions for defence in depth by providing fire prevention, fire detection, fire warning, emergency communication, fire by-product management, fire suppression, and fire containment as appropriate to address fire scenarios. The design should ensure provisions for emergency egress, exits and access for emergency responders. The description must show that proper consideration has been given to the selection of materials in the physical separation of redundant systems, the seismic and environmental qualification of equipment, and the use of fire separation systems to segregate redundant trains. Pressure boundary design, system classification and registration of fire safety systems, should be in accordance with section 5.4, Pressure boundary design.

The extent to which the design has been successful in providing adequate fire safety should be assessed and explained. The subsection may refer to other sections of the application for this information (e.g., chapter 7, Safety Analyses). Where appropriate, this section should also describe provisions to ensure the fire safety of personnel and protection of the environment from event sequences involving fire, including the means to be used by plant staff for communications during routine operations and during fire alarms or a fire.

6.11 Fuel-handling and storage systems

This section should describe the plant fuel-handling and storage systems, including their design basis requirements, using the format outlined in section 6.2, System description. The description should include details of the measures taken to ensure that fresh fuel is maintained at all times in conditions preventing fuel damage and contamination by foreign materials. Considerations such as packaging, fuel accounting systems, storage, criticality prevention, fuel integrity control, foreign material exclusion procedures and fuel security, should be taken into account in the description.

The description should also show that the fuel-handling and storage systems meet the expectations contained in section 8.12 of RD-337, and should include details of the arrangements provided for monitoring and alarming, for criticality prevention, and for shielding, handling, storage, cooling, transfer and transport of nuclear fuel. Human/machine interface aspects of fuel-handling should also be discussed, and the manner in which the expectations of section 7.21 of RD-337 are met should be explained.

6.11.1 Fresh fuel

This subsection should describe the fuel-handling and storage systems to be used for fresh fuel. The description should cover the measures taken to ensure that fresh fuel is maintained in a safe condition at all times. It should also explain how considerations such as packaging, process and procedures for the receipt and inspection of new fuel, for fuel accounting systems and storage, for criticality prevention, and for fuel integrity control and fuel security have been taken into account.

6.11.2 Irradiated fuel

This subsection should describe the irradiated fuel fuel-handling and storage systems. The description should include details of the measures taken to ensure that irradiated fuel is maintained in a safe condition at all times. It should explain the appropriate provisions for radiological protection, criticality prevention, and fuel integrity control, which includes special provisions to deal with failed fuel, fuel chemistry, fuel cooling, fuel accounting systems, fuel security, and arrangements for fuel consignment and transport.

6.11.3 Failed fuel detection

This subsection should describe the measures taken to ensure the detection and alarming of failed fuel in the reactor, as well as the fuel-handling and storage facilities inspection and quarantining arrangements, to meet the expectations of section 8.12.3 of RD-337.

6.12 Complementary design features

This section should describe any additional and complementary plant design features relating to the plant SSC in the design that meet the expectations contained in sections 7.1 and 7.2 of RD-337 and that have not been covered elsewhere in the application.

6.13 Radioactive and hazardous waste treatment systems

This section should describe the radioactive and hazardous waste treatment systems and their design basis requirements in accordance with the format outlined in section 6.2, System description. The description should show that the design of the systems meets the expectations of sections 8.11 and 10 of RD-337, and it should list the design features of the plant that safely control, collect, handle, process, store and dispose of solid, liquid and gaseous forms of radioactive and hazardous wastes arising from all activities on the site throughout the plant’s lifetime. The SSC provided for these purposes, as well as the instrumentation incorporated to monitor for possible leaks or escapes of radioactive and hazardous waste, should also be detailed. This section should also indicate how the principles in P-290, Managing Radioactive Waste, will be addressed.

The section should provide a description of the sources of radioactive and hazardous materials that have been accounted for in the design requirements relating to the waste treatment systems.

As appropriate, this section should refer to, link to and complement information provided in the following chapters: 9, Operational Aspects; 11, Radiation Protection; 13, Environmental Protection; 14, Radioactive and Hazardous Waste Management; and 15, Decommissioning and End of Life Aspects.

6.14 Laboratories and Class II nuclear facilities

This section should provide information on the design of laboratories and Class II nuclear facilities within the nuclear power plant. The design of laboratories and Class II nuclear facilities must meet the requirements of the Class II Nuclear Facilities and Prescribed Equipment Regulations and the Nuclear Substances and Radiation Devices Regulations, as applicable. GD-52, Design Guide for Nuclear Substance Laboratories and Nuclear Medicine Rooms, provides further information on laboratory design. 

This section should also provide information on the provisions for storage of items such as, but not limited to, contaminated tooling and radiation sources.

6.15 Control room facilities

This section should describe the plant control room facilities and emergency support centre and demonstrate that the expectations of sections 7.21 and 8.10 of RD-337 are met. Instrumentation and Control aspects are covered in section 6.7, Instrumentation and control.

The description should cover the habitability systems, equipment, supplies and procedures that are in place to ensure that essential plant personnel, including those in the main and supplementary control rooms, can remain at their posts and operate the plant safely in all operational states, or to maintain the plant in a safe condition under all accident conditions considered in the safety case. The documentation should explain how staff will relocate from the main control room to the secondary control room when the circumstances demand it, and should demonstrate that the route is properly qualified to ensure safe passage in these circumstances. In addition to the habitability systems for the control rooms, this section should cover:

1. shielding
2. air purification systems
3. systems for the control of climatic conditions
4. storage capacity for food and water, as required

This section should also describe the general design approach followed for the main control room. It should explain how the design meets the expectations of sections 7.21 and 8.10.1 of RD-337, and should include a description of the layout of the main control room, with an emphasis on the human/machine interface and the safety grouping concept. The results of the formal design review for developing the main control room layout should be summarized and should take into account human factors considerations.

7.0 Safety Analyses

7.1 General considerations

Chapter 7 of the application should provide a safety analysis of the plant. The safety analysis should include a deterministic safety analysis, a probabilistic safety assessment (PSA), and a hazards analysis. The design information provided in chapter 6, Design of Plant Structures, Systems and Components, should adequately support the safety analysis (which should also be supported by reference material, where appropriate). The safety analysis should be provided in sufficient detail such that an independent review can be performed. These independent reviews include the independent peer review expected in RD-337 section 5.6 and regulatory review of the safety analysis.

The safety analyses should proceed in parallel with the design process, with iteration taking place between the two activities. This chapter should outline the methodology used to advance the detailed design and the safety analyses, and should include the appropriate information links and checks between them. The scope and level of detail of the analyses should increase as the design progresses, so that the final safety analyses reflect the finished plant design. The design, procurement, manufacture, equipment qualification, construction, installation and commissioning processes should all be integrated with the safety analyses to ensure that the design intent will be achieved in the “as-built” plant.

The analyses should be conducted in accordance with the expectations of section 9 of RD-337, and with requirements of RD-310 and S-294, Probabilistic Safety Assessment (PSA) for Nuclear Power Plants. The analyses should demonstrate compliance with the applicable safety criteria and with the authorized limits for radiation doses and releases of radioactive and hazardous substances, and should include:

1. deterministic safety analysis performed for normal operation, anticipated operational occurrences and design basis accidents that:
   1. demonstrate the overall safety of the plant
   2. show the effectiveness of plant response to postulated initiating events
   3. demonstrate that the dose acceptance criteria expectations contained in section 4.2.1 of RD-337 are met
2. deterministic safety analysis to support the PSA for beyond design basis accidents and selected severe accidents
3. PSA to demonstrate that the safety goals in section 4.2.2 of RD-337 are met

This chapter should also describe the programs and oversight in place to ensure that the safety analysis is carried out by technically qualified and appropriately trained staff, and is in accordance with the quality management program supporting safety analysis. This chapter should provide information to demonstrate that all contractors and sub-contractors involved in the safety analysis are qualified to carry out their respective activities.

7.2 Safety objectives and acceptance criteria

This section should describe and explain the principles and objectives followed in the plant design for nuclear safety, and the supporting elements of radiation protection and technical safety, and should demonstrate how they meet the expectations of sections 4.1 and 4.2 of RD-337. The description should also take into account the expectations previously identified in section 6.2, System description.

The information should specify radiation dose acceptance criteria in accordance with the expectations contained in section 4.2.1 of RD-337. The technical acceptance criteria described here should demonstrate the integrity of physical barriers specific to the plant systems, structures and components, and they should be in accordance with the expectations contained in section 5.3.4 of RD-310, for the different classes of events that apply. The information provided on the acceptance criteria should be detailed and should clearly demonstrate that frequently occurring plant events will have minor consequences. It should also be demonstrated that events with severe potential consequences will have a very low frequency of occurrence.

7.3 Identification, scope and classification of postulated initiating events

This section should explain the methods used to identify postulated initiating events (PIEs), with their scope and classification. It should also demonstrate that they meet the expectations of section 5.2 of RD-310.

The events themselves should be identified and described in accordance with the expectations of section 5.2.1 of RD-310, section 7.4 of RD-337, and of sections 7 and 8 of RD-346. The information provided should indicate in detail if the identification methods have used analytical tools, such as master logic diagrams, hazard and operability analysis, and failure mode and effects analysis. Initiating events caused by human error should also be considered in the identification of PIEs. Notwithstanding the methods used, it should be demonstrated that the identification of PIEs has been conducted in a systematic way, and has led to the development of a comprehensive list of events.

The scope of PIEs should be established to meet the expectations of section 5.2.2 of RD-310.

Events should be classified in accordance with their anticipated frequencies, and other factors, as appropriate, in accordance with the expectations of section 5.2.3 of RD-310.

The purpose of event classification is to:

1. justify the basis for the range of events under consideration
2. reduce the number of initiating events requiring detailed analysis to a set that includes the most bounding cases in each of the various event groups credited in the safety analyses, but that excludes events with identical system performance (relating, for example, to their timing, the plant systems response, or radiological release fractions)
3. allow the application of different acceptance criteria to differing event classes, with a justification of the basis for each of the event classifications included in the description provided in this section

The process of event classification, in which initiators of all types (internal and external to the plant), and all normal operating configurations (including normal operation, shutdown and refuelling) are considered, should lead to a list of the different classes of events to be analyzed.

Different plant conditions, such as manual control or automatic control, should be investigated. Different site conditions (such as the availability of off-site power or the total loss of off-site power) should also be evaluated, taking into account the possible interactions between plant manoeuvres and the grid and, where appropriate, the possible interactions between different reactor units on the same site. Failures in other plant systems, such as in the storage for irradiated fuel and in storage tanks for radioactive gas, should also be considered.

The list of the specific events to be analyzed should include internal PIEs such as:

1. increase or decrease of heat removal
2. increase or decrease of reactor coolant flow
3. reactivity and power anomalies (including incorrect positioning of fuel)
4. increase or decrease of the reactor coolant inventory
5. release of radioactive material from a subsystem or component
6. loss of support systems
7. internal floods, fires and explosions
8. internally generated missiles
9. collapse of structures and falling objects

The set of external PIEs to be considered should include, where appropriate:

1. fires, floods, earthquakes or volcanism
2. extreme winds and other extreme weather conditions
3. biological phenomena
4. human-induced events (such as aircraft crashes and explosions)
5. toxic and asphyxiant gases and corrosive gases and liquids
6. electromagnetic interference
7. damage to water intakes
8. explosions at nearby industrial plants and parts of transport networks

These external events should be identified according to the evaluation of site-specific hazards described in section 4.4, Evaluation of site-specific hazards.

7.4 Human actions

This section should describe and justify the approaches adopted to take into account human actions in the different types of safety analyses carried out, as well as the methods selected to model these actions in each analysis. The description should cover the relevant operating experience at other plants. Any information concerning human actions that is part of the safety analyses should also be covered in section 9.11, Qualification and training of personnel, and in section 9.12, Certification of personnel.

7.5 Deterministic safety analysis

This section should describe the deterministic analysis conducted to meet the expectations of RD-310 to evaluate and justify plant safety.

The level of conservatism of each deterministic safety analysis should be appropriate for the class of event analyzed and the analysis objectives in accordance with RD-310 subsection 5.4.6. The analysis of anticipated operational occurrences (AOOs) conducted to demonstrate the capability of control systems (Level 2 defence in depth) may be of the “best estimate” type. The analysis of AOOs and design basis accidents (DBAs) conducted to demonstrate the capabilities of the safety systems (Level 3 defence in depth) should be sufficiently conservative to give a very high level of confidence that the acceptance criteria can be met by the action of safety systems acting alone. The analysis of beyond design basis accidents (BDBAs) may be less conservative than the analysis of DBAs. Best estimate codes are acceptable for deterministic analyses, provided they will be combined with a conservative selection of input data or will include evaluation of the uncertainties of the results.

The description should include models and the computer codes used for the deterministic analyses, as well as the general assumptions made concerning plant parameters, the operability of systems (including control systems), and the potential operators’ actions in such events. Any important simplifications should be properly justified. The set of limiting assumptions for the deterministic safety analysis performed for the different types of PIEs should be identified and explained. This section should also describe the methods used to demonstrate that sufficient safety margins are achieved for PIEs of each classification.

A general summary of the verification and validation processes used for the computer codes should be provided and should include references to more detailed reports on the subject. All computer programs used should be identified, including references to the relevant supporting documentation. Emphasis should be placed on demonstrating the applicability of each computer program to a particular event, and reference should be made to the validation documentation. In turn, this documentation should refer to the relevant supporting experimental programs and/or actual plant operating data. The validation status of the plant models (input data used by safety analysis computer codes) should also be presented.

This section should also describe any general guidelines for the analysis (such as on the choice of operating states of systems and/or support systems, conservative time delays, and operator actions) employed in setting up the methods and models used to demonstrate acceptability in the deterministic safety analysis.

7.5.1 Safety in normal operation

This subsection should demonstrate that the normal plant operations can be carried out safely, thereby confirming that radiation doses to workers and members of the public, as well as any planned discharges and/or releases of radioactive material from the plant, will be within the authorized limits specified in the Radiation Protection Regulations and will meet the expectations of section 4.1.1 of RD-337.

All allowable conditions of normal operation should be analyzed and described in this subsection. These should include:

1. normal reactor start -up (from shutdown, through criticality, to full power)
2. power operation, including full-power and low-power operation
3. changes in reactor power, including load-follow modes and return to full power after an extended period at low power
4. reactor shutdown from power operation
5. hot shutdown
6. cool-down process
7. refuelling during normal operation, where applicable
8. shutdown in a refuelling mode or other maintenance condition that opens the reactor coolant or containment boundary
9. handling of fresh and irradiated fuel

7.5.2 Anticipated operational occurrences and design basis accidents

In accordance with the expectations of section 4.3.1 of RD-337 for Level 2 and Level 3 defence in depth, this subsection should describe the results of the analyses of AOOs and DBAs performed to provide a demonstration of the robustness of the fault tolerance of the engineering design and the effectiveness of the safety systems. The analysis should cover the full range of events over the full range of reactor power. The analyses should also cover all normal operational configurations, including low-power and shutdown states.

For a wide range of AOOs, the objective is to provide reasonable confidence that any deviations from normal operation can be detected, and that the control systems can be expected to return the plant to a safe state, normally without the activation of safety systems. For both AOOs and DBAs, there should be high confidence that qualified systems (as identified in section 5.4.4 of RD-310) acting alone can mitigate the event.

For each class of PIE it may be sufficient to analyze only a limited number of bounding initiating events, which can represent a bounding response for a group of events. The rationale for the choice of these selected bounding events should be provided in this subsection. The plant parameters that are important to the outcome of the safety analysis should also be identified. These parameters would typically include:

1. reactor power and its distribution
2. core temperature
3. fuel cladding oxidation, and/or deformation
4. pressures in the primary and secondary systems
5. containment parameters
6. temperatures and flows
7. reactivity coefficients
8. reactor kinetics parameters
9. reactivity worth of reactivity devices

Those characteristics of the safety systems, including the operating conditions in which the systems are actuated, the time delays, and the systems’ capacity after the actuation claimed in the design, should be specified and demonstrated to be consistent with the overall functional requirements of the systems described in the application.

In some cases, different analyses may be necessary for a single PIE, in order to demonstrate that applicable, but different acceptance criteria are met. This subsection must show that all the relevant acceptance criteria for a particular PIE are met, and the results from all the necessary analyses should be explicitly included in the application.

7.5.3 Analysis of individual groups of postulated initiating events

This subsection should provide the following information for each individual group of postulated initiating events (PIEs) analyzed:

1. description of each PIE, its frequency, the class to which it belongs, and the acceptance criteria to be met
2. accident boundary conditions, including a detailed description of the plant operating configuration prior to the occurrence of the PIE, the model-specific and event-specific assumptions, and the computer codes used
3. systems and operator actions that have been credited in the analysis, such as
   1. normally operating plant systems and support systems
   2. normally operating plant instrumentation and controls
   3. safety systems and their actuation set points
   4. operator action, if any
4. initial plant state, including:
   1. specific values of important plant parameters and initial conditions used in the analysis (these may be presented in a table)
   2. an explanation of how these values were chosen, and the degree to which they are conservative for the specific PIE being analyzed
5. identification of additional postulated failures, with a discussion of any additional single failure postulated to occur in the accident scenario, including a justification of the basis for selecting it as the limiting single failure
6. plant response assessment, including
   1. a discussion of the modelled plant behaviour highlighting the timing of the main events, including the initial event, any subsequent failures, times at which various safety groups are actuated, and the time at which a safe long-term stable state is achieved
   2. individual system actuation times, including the reactor trip time and the time of operator intervention
   3. key parameters, graphically presented as functions of time during the event, and selected to give a complete picture of the event’s progression within the context of the acceptance criterion being considered
   4. relevant acceptance criteria and a comparison with the corresponding plant parameters, together with a final statement on the acceptability of the result
   5. e. the status of the physical barriers and the fulfilment of the safety functions
   6. the plant end state, including identification of systems and operator actions necessary to ensure the safety functions are available in the long term
7. results of the assessment of radiological consequences, if applicable, including a comparison of key results with the acceptance criteria
8. results of any sensitivity studies and uncertainty analyses performed to demonstrate the robustness of the results and the conclusions of the accident analysis

7.5.4 Consideration of design capability for beyond design basis accidents

This subsection should demonstrate the capability of the design to mitigate certain beyond design basis accidents (BDBAs). It should also include the evaluation of the design’s capability to meet the expectations contained in section 7.3.4 of RD-337. The choice of the BDBAs to be analyzed should be explained and justified, indicating whether it has been made on the basis of a PSA or according to another fault analysis that identifies potential vulnerabilities of the plant.

Events in this category are typically sequences involving more than one failure (unless they are taken into account in the DBAs at the design stage), such as plant blackout, design basis events with degraded performance of a safety system, and sequences that lead to containment bypass and/or confinement bypass. The analysis may:

1. use best estimate models and assumptions
2. take credit for realistic system action and performance beyond original intended functions, including systems not important to safety
3. take credit for realistic operator actions

Where this is not possible, reasonably conservative assumptions should be made in which the uncertainties in the understanding of the physical processes being modelled are considered. The subsection should describe, explain and justify the approach taken.

The format and content of the analyses of BDBAs to be presented here should be consistent with the presentation of the analyses for anticipated operational occurrences and design basis events, with the following modifications:

1. objective of the analysis of BDBAs and/or the specific acceptance criteria consistent with section 5.4.2 of RD-310 should be stated
2. discussion of the additional postulated failures in the accident scenario should be provided, including a discussion of the reason(s) for their selection
3. whenever operator action is taken into account, it should be demonstrated that the operators will have reliable information, sufficient time to perform the required actions, documented procedures to follow, and will have been trained
4. key results of the analyses should be compared with specific acceptance criteria, and the conclusions on meeting the acceptance criteria should be clearly stated

7.5.5 Summary of event mitigation

A summary of event mitigation should be provided (a simple tabular format is suggested). This should present a brief entry for each of the events within the design basis (AOO and DBA). The summary of event mitigation should indicate the defence in depth provisions of the design (up to level 3) by identifying features that can contribute to providing the required safety functions in each event. For each individual group of events, the following information should be included:

1. PIE
2. frequency and classification of the event
3. safety functions that are challenged by the event
4. inherent design features and normally operating systems (including plant control systems) that can eliminate or mitigate the consequences of the event
5. safety system actions and operator actions credited in the AOO and DBA analysis and additional safety system or operator actions that could also provide mitigation
6. safety system initiating signals credited in the AOO and DBA analysis and backup signals that would also be effective
7. plant end state following the event, including identification of systems that provide the fundamental safety functions in the long term

7.6 Severe accidents

This section should provide detailed information concerning the analysis performed to identify accidents that can lead to significant core damage, and/or off-site releases of radioactive material (severe accidents). In addition, this section should describe the evaluation that has been carried out on the capability of complementary plant design features to meet the expectations contained in section 7.3.4 and section 8.6.12 of RD-337. The challenges to the plant presented by such events, and the extent to which the design may be reasonably expected to mitigate their consequences should also be considered, justified and referenced here, and should meet expectations stated in G-306.

The information should include an explanation of the analysis performed for severe accident sequences, including, as applicable, hydrogen fire, steam explosion and molten fuel-coolant interaction. The results of the most relevant severe accident analyses used in the development of the accident management programs and emergency preparedness planning for the plant should also be described in this section.

The results of the severe accident analysis need to be taken into account in the accident management measures that should be carried out to mitigate the effects of accidents, and in emergency planning and preparedness. (Refer to section 9.5, Operating procedures, and section 9.6, Accident management, regarding accident management programs and procedures.)

7.7 Probabilistic safety assessment

This section should provide information concerning the integrated review of the plant design and operational safety, carried out to complement the results of the deterministic analyses already performed and to give indication of the success of the deterministic design in achieving the design objectives. The PSA should meet the expectations of S-294. The section should include a description of the scope of the PSA study, the methods used and the results obtained. If any quantitative probabilistic safety criteria or goals have been used in the development of the plant design (as mentioned in the section of the application on probabilistic design criteria), these should also be referenced here.

The topics to be included in the description on the methods and scope of the PSA should include, as appropriate:

1. justification of the selected scope of the PSA study
2. accident sequence modelling (including event sequence and system modelling, human performance analysis, dependence analysis and classification of accident sequences into plant damage states)
3. data assessment and parameter estimation (including assessment of the frequency of initiating events, component reliability, common cause failure probabilities and human error probabilities)
4. quantification of accident sequences (including uncertainty, importance and sensitivity analyses)
5. source-term analysis and assessment of off-site consequences

The summary results of the probabilistic analyses carried out for the plant should be described in this section, and it should be demonstrated that these results meet the expectations for safety goals contained in section 4.2.2 of RD-337. The results should be presented in a manner that clearly conveys the quantitative risk measures taken, and the aspects of the plant design and operation that are the most important contributors to these risk measures. This section should identify and refer to the completed plant PSA as a separate document, which should accompany the application.

A comparison of the main PSA results with the expectations for safety goals, contained in section 4.2.2 of RD-337, should be provided to demonstrate compliance.

7.8 Hazard analysis

RD-346, RD-337, and S-294 address the expectations concerning hazard analyses. This section should provide a description of the scope of the plant hazard analysis that has been carried out, the methods used, and the results obtained. It should include:

1. full list of hazards identified as PIEs and a justification of the scope of the list
2. selection criteria for design basis hazards and the list of design basis hazards
3. summary of the results of the deterministic hazard analysis
4. summary of the results of the probabilistic hazard analysis
5. conclusion concerning the contribution of the hazards to the overall plant risk, and the demonstration that the expectations for safety goals and dose acceptance criteria given in section 4.2 of RD-337 have all been met

All plant internal and external hazards should be named as part of the identification of postulated initiating events, described in section 7.3, Identification, scope and classification of postulated initiating events. The hazards that make an insignificant contribution to plant risk can be screened out from the detailed analysis, but the rationale for this screening should be given. The remaining PIEs constitute the scope of the hazard analysis.

The hazards included in the scope of detailed analysis should be sorted, with the purpose of identifying specific design basis hazards. Clear criteria should be established for this process, and they must be described in detail. The design basis hazards should be analyzed using the deterministic techniques listed in section 7.5, Deterministic safety analysis and the expectations of RD-337. However, according to section 7.7, Probabilistic safety assessment, and to S-294, all hazards should be analyzed when using probabilistic techniques. The detailed analyses and their results should be documented in the appropriate deterministic and probabilistic parts of the safety analysis report (see section 7.9, Summary of the results of the safety analysis).

7.9 Summary of the results of the safety analysis

This section should provide a summary of the overall results of the deterministic analysis and PSA, confirming that the safety objectives and technical acceptance criteria (as described in section 7.2) for the analyses have been met in every respect. If any of the technical acceptance criteria have been changed as a result of specific considerations or have not been met entirely, this should be justified. Any compensatory measures taken to meet the safety objectives and dose acceptance criteria should be explained.

8.0 Construction and Commissioning

8.1 General considerations

Chapter 8 of the application should describe how the applicant will exercise overall responsibility for the safe and satisfactory completion of all construction and commissioning activities, including the procurement of equipment and services. It should also demonstrate how effective oversight of these activities will be carried out. All construction and commissioning activities should be governed by the provisions of the management system (see chapter 3, Management of Safety).

This chapter should also describe the overall program that will be used to demonstrate that the plant has been fabricated and constructed in accordance with the design (including the procurement of equipment and services). It should also describe how the commissioning program will confirm that the equipment, SSC, and the plant as an integrated unit will perform and function in accordance with the design specifications, regulatory requirements, and as credited in the safety analyses.

This chapter should also explain the processes used to ensure there is an appropriate and controlled turnover of SSC, from the construction phase to commissioning, and from the commissioning phase to operations. It should describe the activities to be carried out by contractors (such as site preparation, procurement, manufacturing, fabrication, construction, and commissioning) and how the applicant intends to monitor, evaluate, verify and approve all such activities. It should also demonstrate that the applicable technical specifications, procurement specifications, manufacturing specifications and acceptance criteria will be complied with at all stages during the construction and commissioning phases.

The following information should also be provided in this chapter:

1. provisions made for communication with CNSC staff on all matters related to the plant construction and commissioning activities
2. provisions made for making permanent and temporary design changes during construction and commissioning
3. provisions made for the identification, resolution and approval of deviations from the design
4. provisions to ensure that changes to the design baseline are identified, reviewed, approved and documented for the handover of completed work:
   1. from the construction organization to the commissioning organization
   2. from the commissioning organization to the operating organization
5. provisions to ensure the maintenance of SSC during construction and commissioning
6. provisions for procurement, supply chain, fabrication, on-site fabrication, construction and commissioning
7. development, validation and implementation of programs and procedures related to commissioning, reliability testing, maintenance, and operation
8. health and safety arrangements made for all activities conducted during construction and commissioning (see section 9.1, General considerations, and section 9.4, Operational management processes)
9. security and safeguards arrangements, including access control and access clearance requirements to the construction site (see section 9.1, General considerations, and section 9.4, Operational management processes)
10. training and qualification of all staff engaged in construction and commissioning activities (see section 9.11, Qualification and training of personnel)
11. provisions for the validation at the end of construction, of records that will be transferred to the commissioning or operating organization to be maintained for the lifetime of the installation (see section 9.16, Documents and records)

The document should describe the approach followed for fostering the development and maintenance of a healthy safety culture for all parties involved in plant construction and commissioning. The safety culture must be effective during these phases and become fully developed for the subsequent operation phase.

8.2 Applicant roles in construction and commissioning

This section should specify the structure and role of the applicant in the oversight of construction activities and in the oversight and direct involvement in commissioning activities.

In most cases, the applicant is also the responsible organization that will later operate the plant. Where this is not the case, the responsibility for the plant and its safety continues, nevertheless, to reside with the applicant, who must supervise the activities of the operating organization (see Glossary for definitions of “applicant” and “operating organization”). Information concerning the involvement of the applicant in plant operation should be provided in chapter 9, Operational Aspects.

8.2.1 Role of construction organizations

This subsection should describe the organizational and management arrangements established by the applicant for the effective oversight of activities carried out by organizations that will construct the facility. In addition, the application should also describe how the applicant will ensure that construction organizations build the plant in accordance with the applicable regulations, the expectations of the relevant CNSC regulatory documents, the applicable codes and standards, and all applicable design information.

The description should also include an explanation of the organizational structure and of the quality management system established by the construction organizations in order to enable the effective accomplishment of their roles, and the achievement of the highest level of safety and quality in the construction of the plant. The safety, environmental and security policies that are to be applied should also be described. The application should clearly indicate that the necessary tests and checks will be performed to verify that the plant is constructed in accordance with the design documentation.

The submission should also describe the programs that will be in place to ensure that:

1. procurement, equipment lay-up and storage, fabrication, construction and installation work will be carried out in accordance with the design, codes and specifications, drawings, procedures and instructions, including the implementation of the quality assurance requirements that are specified
2. construction and installation work undertaken, including work by suppliers and contractors, is coordinated, conducted and completed in accordance with a planned program of work
3. SSC are constructed and functionally tested in accordance with design specifications

The completion and turnover of plant SSC from construction to commissioning are to be managed in a systematic, documented, and progressive manner, in accordance with the overall control and coordination schedule. The turnover process should be developed in close consultation and agreement with the applicant and any commissioning organization. Key elements of the turnover process should include a joint agreement between those parties on the scope of each turnover package, including the scope of validation and functional testing and clear identification in turnover documents, and in the field, of turnover boundaries. As part of the turnover package, each construction organization should complete and document any outstanding and/or newly-discovered construction deficiencies.

8.2.2 Role of engineering organizations

This subsection should describe the organizational and management arrangements established by the applicant for the effective oversight of activities carried out by organizations that will provide engineering services for the design, procurement, construction, and commissioning of the plant. The majority of engineering services are usually provided by external organizations; however, the applicant may establish its own organization for providing engineering services.

An explanation should be provided as to how the applicant will ensure that the design is accurately and completely translated into procurement, manufacturing, inspection, testing, quality, construction, commissioning and operation specifications for the plant.

The structure of the engineering organization and its quality management or management system should be described in this subsection, along with the organization’s role in providing support to construction and commissioning in areas such as:

1. procurement specification
2. commissioning specification
3. design clarification
4. codes and standards requirements
5. definition of any operational constraints
6. review of the specifications and the results of the commissioning activities
7. disposition/resolution of any design-related system/equipment performance issues, in accordance with a formal design change process

8.2.3 Role of commissioning organization

This subsection should describe the organizational and management arrangements established by the applicant for the effective oversight and direct involvement in commissioning activities. It is expected that commissioning will be performed by external organizations and the applicant.

This subsection should describe the commissioning organization authorized by the applicant to carry out oversight activities, in order to ensure that all plant SSC meet their design intent and to provide assurance that the plant has been properly designed, constructed and tested and is ready for operation. An explanation of the commissioning organization’s organizational structure and the quality management system that it is to follow while performing its activities should be included in this subsection.

This subsection should also present information on the interfaces between engineering, construction, and commissioning organizations, and the applicant during the commissioning period.

The applicant should maintain its own routines for the oversight of the commissioning organization’s activities. When commissioning activities are conducted by contractors, the applicant should participate directly in the commissioning activities; as a minimum, it should participate in the review and approval of the activities. It should also be shown that sufficient numbers of qualified operating personnel at all levels of the applicant’s organization will be directly involved in the commissioning process.

8.3 Construction program

This section should describe the plant construction program to be implemented. Communication programs linking the regulatory authority, the applicant’s organization, construction organizations and other involved parties are of special importance and need to be established early. This section should demonstrate that the construction program recognizes this necessity and should describe how communications are to be managed, describing the procedures to be followed and the documented protocols to be invoked for conflict resolution.

The section should demonstrate that the construction program is well planned, controlled and properly documented, and that it adequately covers:

1. procurement, construction, fabrication, certification, identification, transportation, and storage
2. design and engineering, or testing of SSC, either at the construction site or at fabrication facilities remote from the site

The construction program should take feedback from ongoing NPP construction projects into account.

The information provided should describe the processes and procedures that are to be used to confirm that the plant’s SSC are constructed according to their design specifications and applicable regulatory requirements, codes and standards. A list of the construction functional tests and commissioning tests that are planned for the different construction stages should also be included.

Construction activities should be documented in a controlled construction documentation program that includes construction work plans showing:

1. activities to be performed (described in manageable units)
2. planned sequential order and duration of these activities
3. resource allocation for each activity
4. identification, preparation and control of procedures and work instructions
5. requirement for special equipment or materials
6. inspection or regulatory body hold points
7. treatment of environmental considerations

This section should also describe the management organization, the major participants’ roles and responsibilities, the contract structures, interfacing between different participants, construction management techniques, construction methods, control of modifications (see section 9.10), project management tools and schedule monitoring.

This section should also provide the following information:

1. description of all necessary functional tests to be carried out, in order to demonstrate that the SSC have been properly installed
2. confirmation that responsible and competent staff for design, engineering, maintenance, operations and other relevant technical support has been involved in documenting the construction test specifications, including the demonstration that safety objectives have been achieved
3. the arrangements in place to ensure that construction and tests are performed in a systematic sequence, from pre-operational tests on each SSC to integrated plant performance tests
4. arrangements made to facilitate regulatory oversight of specified construction stages, tests and/or hold points for specified licensing actions in the construction program

8.3.1 Procurement programs

This subsection should describe the procurement programs that will be implemented during the construction phase. The provisions to ensure that procurement documents will be clear and complete, in order to avoid important misunderstandings between the parties concerned at an early stage in the supply process, should be explained in this subsection. A model version of the format and content that is to be used for procurement documents should be included.

It should be demonstrated that the overall approach to procurement and manufacturing will be systematically controlled in all respects. This control is to ensure that the equipment, SSC and services purchased by the applicant, the applicant’s contractors, and their suppliers and sub-suppliers (and so on) meet applicable specifications. The process steps to be taken and the measures to be implemented to exert effective control within the programs, in order to assure positive outcomes, should be explained.

Considerations that should be taken into account include:

1. ensuring that, as a contractual obligation, the applicant and the regulatory body will have right of access to the premises of any suppliers to the construction program
2. ensuring that, as a contractual obligation, all sub-suppliers will provide right of access to their premises by their clients who are suppliers to the construction program
3. suppliers will be selected only after their capability and competence have been systematically evaluated and found to be satisfactory
4. spares are procured for plant items at the time original items are procured, where practicable considering shelf life
5. inspection and testing activities at source (in the supplier’s works) are done in accordance with the importance to safety of the item concerned, and are subject to oversight by the applicant
6. when source inspection and testing take place at a sub-supplier’s works, the supplier will, in turn, control the sub-supplier’s activities
7. when an item cannot be satisfactorily verified as conforming until it is tested in an installation, appropriate instructions will be given to the installation staff and the verification requirement will be included in the procurement documents

The following should be described :

1. all relevant information pertaining to early procurement of SSC to accommodate early use or long (critical path) procurement spans, including but not limited to, technical requirements (including pressure-boundary code effective date, design requirements) and management system requirements
2. a description of methods to reconcile any differences between provisional and final requirements, including justifying and requesting CNSC acceptance of any variance

Finally, this subsection should describe the quality assurance program that the applicant requires of each manufacturer. The subsection should identify what the program accounts for and should include:

1. importance to safety of the item or service
2. understanding of the manufacturing implications of the design
3. clean conditions, foreign material exclusion and other environmental controls to meet requirements and to achieve item quality
4. handling, storing, packaging and delivery requirements
5. traceability of materials and components
6. the need for inspections and tests specified by the designers and the regulatory bodies, as well as those deemed necessary by the manufacturer to control item quality and to ensure that the manufacturing process has been properly followed
7. imposition of quality assurance requirements on all sub-suppliers, consistent with the importance to safety of the item or service

8.3.2 Concrete construction

This subsection should describe the overall process to be followed in order to satisfactorily complete the necessary concrete work during the plant construction phase. Sufficient information should be provided to permit a clear understanding of how the concrete construction is to proceed, how its quality is to be controlled and assured and what objective evidence is to be collected, in order to demonstrate that the design performance specifications for the buildings and structures will be properly verified.

The subsection should provide information describing how the following considerations are to be accounted for:

1. material certification, identification and control, batching, mixing of concrete constituents, curing of concrete, and construction joint preparation
2. measures to be taken to control the quality of the construction, including the inspection and tests required
3. processes to be followed for grouting work
4. control of forms in final structures, arrangements for their bracing to ensure conformance of structures with design drawings
5. control of concrete temperatures and, when required, the specification of pre-heating or pre-cooling of the concrete constituents, and prevention of thermal shock
6. fabrication and placing requirements for reinforcing systems of concrete containments to comply with the relevant design, and construction drawings
7. installation procedure for the tendons

8.3.3 Metallic construction and installation

This subsection should describe the measures taken to control the quality of the construction and the installation of plant’s metallic components, including the inspections and tests to which they are to be subject. This subsection should also describe the codes, standards and technical specifications for metallic components used during construction and the installation process. The materials used for welding, manufacturing, construction, and installation should be identified and certified as per their applicable codes and standards. The processes and certifications for examination, shop inspection, field inspection, and testing should be identified.

8.4 Commissioning program

This section should describe, in general terms, the program established for the implementation of commissioning activities up to, but not including, the first loading of fuel into the reactor. This is to confirm that the plant SSC have been properly installed and will perform within their design specifications and that the integrated plant will perform all the necessary safety functions, in accordance with design requirements. This is particularly important for those design features that are new or first of a kind.

This section should also indicate the commissioning plans, processes, procedures and documents proposed for commissioning following fuel loading, and the approach to commercial operation. The timeline and milestones for preparation and completion of the commissioning plans, processes, procedures and documents should be presented.

The section should show that the commissioning program has been well planned and is properly documented. It should also show that responsible and competent staff for design, engineering, maintenance, operations, and other relevant technical support has been involved in documenting the commissioning specifications, including those for the demonstration of safety objectives.

A clear link should be established between the commissioning program and the equipment performance requirements assumed in the safety analyses. In addition, the section should show, as part of the later phases of the commissioning program, that the plant operating procedures (normal, abnormal, upset, and emergency) will be validated with the participation of the future operating personnel to the extent practicable. In particular, the connection between the pre-fuel load commissioning program and the training program for certified staff should be described.

The information provided in this section and the associated subsections should be detailed enough to demonstrate that the program is complete up to the point of first fuel loading, and that, with the aid of competent personnel, it can be progressively and successfully implemented in a coordinated manner as the plant is constructed and turned over to the commissioning phase.

This section should also provide the following information:

1. description of the technical process to be followed to manage commissioning
2. confirmation that tests are to be performed in a systematic sequence from pre-operational tests on each system, structure, and component, to integrated plant performance tests
3. description of the verification activities and integrated system validation of the as-built design that are to be carried out, including a description of the human factors verification and validation plan that meets the expectations of section 7.16 of RD-337
4. confirmation that the program provides for regulatory witnessing of specified tests and/or hold points for specified licensing phases in the commissioning program
5. proposal to establish overlaps between commissioning and operations/maintenance procedure development to allow an efficient transfer of knowledge to the operating organization
6. proposed arrangements, including timelines and milestones, for the validation of operating procedures (covering normal, abnormal, upset and emergency conditions) that will (to the extent practicable) be carried out as part of the commissioning program and with the participation of the future plant operating personnel
7. description of the tests (including acceptance criteria) to be carried out in the different commissioning phases in order to demonstrate that the installed plant meets the design and safety requirements
   1. detailed information is expected for Phase A commissioning
   2. for later stages of commissioning, a high level description of the tests along with a schedule and milestones for provision of detailed information is sufficient

Section 6.2, System description, provides specific guidance on information to be provided regarding commissioning tests for SSC.

8.4.1 Commissioning phases and control points

This subsection should describe the commissioning program that has been put in place up to, but not including, the first loading of fuel into the reactor. It should also indicate the proposed control points. The description should make clear that a review of the results at each control point will be carried out, in order to enable the applicant to judge if all necessary pre-requisites have been met. The control points that require regulatory approvals should be identified. For each control point, the program should define the applicable prerequisites and should demonstrate how, through documented evidence, they will be satisfactorily completed.

Some control points may be used to ensure that requirements and expectations of codes and standards have been met and that the design is in compliance with regulatory requirements. This subsection should outline actions that require CNSC approval prior to loading reactor fuel. These actions are:

1. completion assurances for the design, construction and inactive commissioning to support fuel load
2. provision of a sufficient number of staff with the necessary level of professional and skills competence to support fuel load and subsequent activities (e.g., control room operators being certified prior to fuel load)
3. establishment of programs, processes, and procedures necessary to support design, construction, control of modifications (see section 9.10), loading of fuel, and subsequent activities

The commissioning program should also indicate that a formal process for commissioning completion assurance (CCA) will be adopted for the SSC that are important to plant safety. This process should require formal review by the applicant’s engineering staff before the CCA is presented for approval to management of the operating organization. The timelines and milestones should also be included in this subsection and should cover the detailed development of the rest of the commissioning program and control points for the first fuel loading and beyond.

The commissioning program phases should be set up along the following lines:

Phase A: focuses on ensuring that those systems required to ensure safety with fuel loaded into the reactor have been adequately commissioned. This phase should be successfully completed prior to loading fuel in the reactor

Phase B: focuses on ensuring the fuel is loaded into the reactor safely, and confirms that the reactor is in a suitable condition to be started up and that all prerequisites for permitting the reactor to go critical have been met. This phase should be successfully completed prior to removal of the guaranteed shutdown state (GSS)

Phase C: focuses on confirming reactor behaviour during initial criticality and subsequent low-power tests, and includes activities that cannot be done during the GSS

Phase D: focuses on demonstrating reactor and systems behaviour at higher power levels, and includes activities that could not be carried out at the power levels in Phase C

8.4.2 Commissioning documentation

This subsection should describe the commissioning program documentation that covers commissioning activities up to, but not including, the first loading of fuel into the reactor. Documents that should be presented include:

1. commissioning plans and procedures
2. commissioning specifications
3. commissioning tests (a list of tests to be carried out in the different commissioning phases, test scope, objectives and pre-requisites, and the methods and acceptance criteria should all be included)

The program documentation should also include a commissioning specification document for each system, which defines the design and analysis requirements that should be met during physical commissioning checks and tests.

Upon completion of commissioning activities, formal commissioning reports (that include results and lessons learned) and a completion certificate will need to be presented.

This subsection should also describe, in general terms, the commissioning documentation proposed for the rest of the commissioning program for first fuel loading and beyond. It should include the timelines and milestones planned for its detailed development and completion.

Consideration should be given to organizing the commissioning procedures for the plant into three levels of detail, in descending order, as follows:

Level 1: primarily intended for integrating system commissioning activities into the overall plant schedule

Level 2: defines the commissioning activities and interface logic

Level 3: describes details of each activity for field execution

In addition, a suite of standard commissioning procedures should form part of the program to cover repetitive pre-operational checks on mechanical, electrical, and instrumentation and control equipment.

9.0 Operational Aspects

9.1 General considerations

Chapter 9 of the application should describe the main operational safety objectives for the plant throughout its operational lifetime. It should explain, in general terms, the planned organizational structure, management programs and processes, required services and facilities, and the promotion and maintenance of a healthy safety culture to achieve those safety objectives.

The programs and processes needed to support the operation of the plant should be identified and described. The timeline and milestones for their development and implementation, as well as an explanation of their interface with the construction phase, should also be included.

9.2 Operating organization structure

This section should describe the operating organization. It should outline the staffing and qualification requirements proposed for the construction, commissioning, and operation phases of the plant lifecycle.

Responsibilities of each of the different components within the organization should be identified during each phase. The approach, programs and processes proposed for service procurement, and the monitoring and management of contractors should also be addressed. The organization and responsibilities of the oversight bodies (e.g., safety committees, advisory panels) should also be included in the description. It should be demonstrated that the integration of all of the management functions necessary for the safe operation of the plant, such as policy-making functions, operating functions, supporting functions, and review functions, is adequately addressed. The role planned for the operating organization during the decommissioning phase of the plant lifecycle should be described in general terms in this section, including the proposed timeline and milestones for the later development of the necessary detailed arrangements and the supporting documentation.

If the applicant plans for a different management system and organizational structure for operating the plant, then the application should describe the transition (and/or transfer if a contractor's construction management system is used) from construction to commissioning to operations. The description should include the timeline and milestones for developing and implementing the management system and organizational structure. 

9.3 Management direction

This section should include a clear statement of the applicant’s commitment to safe, reliable and efficient operation of the plant in compliance with the NSCA, applicable regulations, and licence requirements. It should also include a commitment to implement and maintain a viable management system with associated programs and processes, in order to achieve these objectives. The description should explain how management will make its high-level expectations clear to all staff, through formal and well-publicized statements on its vision, mission, core values, guiding principles, safety policy and safety culture, and performance objectives.

9.4 Operational management processes

The programs and processes in place to manage the key functions important to safety should be described in this section. Many of these programs and processes will begin during the construction and commissioning of the plant and will be completely implemented when normal plant operation begins. The beginning of applicability and the point at which full implementation will occur should be indicated in the description of each process. If a program is expected to be implemented later in support of plant operation, the applicant should supply sufficient information to demonstrate how the program’s development and implementation is planned, including the timelines and milestones that will apply. The information provided in this section may be presented in three major categories: executive, core, and support programs and processes.

The description of the executive programs and processes should include:

1. setting and communicating goals for the plant and plans to achieve them
2. overseeing the work to be performed
3. allocation of financial and human resources
4. assurance of sufficient qualified staff
5. improving human performance
6. maintaining effective business processes

The core programs and processes should describe how certain key functions will be performed such as:

1. operating the plant
2. maintaining the plant
3. providing technical support to ensure continued equipment reliability and maintaining design configuration

The “operate the plant” programs and processes should describe how the plant SSC will be operated in accordance with approved operating procedures during normal operation, abnormal and upset operational occurrences, and accident conditions. The description needs to include the preparation of equipment for maintenance and the monitoring of SSC to confirm that they will continue to operate as required by the design.

The “maintain the plant” programs and processes should describe how the maintenance work will be planned and scheduled, including the performance of physical inspections, adjustment, repairs and overhauls, so that the SSC will continue to perform their intended design function throughout their service life.

The “provide technical support” programs and processes should describe activities such as:

1. monitoring SSC performance and the resolution of identified problems
2. developing preventive maintenance programs, analyzing results and carrying out adjustments as required
3. the development and implementation of changes to the design and/or operation of the SSC
4. ensuring that the design and analysis documentation is kept up to date to reflect the “as operating” configuration

The support programs and processes should describe how various services are provided to enable the executive and core processes to be effective. These include, but are not limited to:

1. processes to provide human resources
2. training
3. personnel safety and security
4. environmental services
5. documentation control
6. financial services
7. materials management
8. engineering support
9. licensing activities

The description in the section should also demonstrate that all the appropriate programmatic information has been incorporated into the job and task analyses for the applicable training programs.

9.5 Operating procedures

This section of the application should provide overriding safety principles and the operating organization’s management approach, policies and guidance, which are to be followed in the development, validation and implementation of operating procedures that cover normal, abnormal, upset and emergency conditions. The applicant should reference the information submitted in section 9.6, Accident management regarding the development of procedures for upset and emergency conditions. The description should give confidence that the normal operating procedures will provide safe conduct in all normal operational configurations (including start-up, power operation, shutdown, cool down, load changes, power transients and fuel handling )and that operation will be consistent with the operational limits and conditions for the plant covered in chapter 10, Operational Limits and Conditions.

Sufficient information should also be given to demonstrate that the operator actions required to diagnose and respond to anticipated and unanticipated events will be covered appropriately and will utilize both symptom-based and event-based procedures. This section should also cover the manner in which human factors principles and processes will be considered in the development and validation of the appropriate administrative, maintenance and operating procedures.

This section should refer to the following other parts of the application that are related to accident management:

1. section 4.6, Site-related issues in emergency planning and accident management
2. subsection 5.9.6, Severe accident management
3. section 7.6, Severe accidents
4. section 9.6, Accident management
5. section 9.11, Qualification and training of personnel
6. section 9.12, Certification of personnel
7. chapter 12, Emergency Preparedness

The timeline and milestones for the development, validation and implementation of all normal, abnormal, upset, and emergency operating procedures should be described, and the organizations that will be involved in such procedures should be identified. This should include the detailed plans for the development and provision of procedures required for the operation of equipment as it is turned over from Phase A commissioning to fuel load and subsequent commissioning phases, and for the preparation of procedures for staff training.

9.6 Accident management

This section should describe the program that will be followed to develop the emergency operating procedures and severe accident management guidelines. These procedures and guidelines should support the operator when responding to anticipated and unanticipated events. The role of the safety analysis in supporting the emergency operating procedures, including severe accident management guidelines, should be clearly indicated. The description should demonstrate that the following has been taken into account in the development of the accident management guidelines (timeline and milestones included):

1. results of all accident analysis presented in the application
2. identified vulnerabilities of the plant to such accidents
3. strategies selected to deal with those vulnerabilities
4. measures to be taken to minimize the likelihood of severe accidents and to mitigate their consequences should they occur
5. principles used for development and structure of emergency operating procedures or their equivalents
6. information needs for effective accident management
7. approach to operators’ training to deal with accidents, including plant simulator and in-field drills

The description of the accident management program should include high level information on:

1. management structure (including management, operational and technical support staff) in place to deal with the in-plant and off-plant consequences of severe accidents and the roles and responsibilities of these staff members
2. guidelines for operating procedures and training needs
3. protocol for interface with the public, and regulatory or other agencies
4. analysis methods and results of the study of the feasibility of the emergency arrangements planned

The information presented should demonstrate that a systematic approach has been taken for the development of accident management guidelines.

The information presented on the accident management program should:

1. describe and justify the approach taken for severe accident prevention and mitigation of consequences
2. demonstrate that a systematic approach has been taken to the development of accident management guidelines
3. meet the applicable expectations of sections 7.3 and 7.9.3, and 8.5 to 8.10 of RD-337

The information presented in this section needs to be taken into account in the development of emergency operating procedures, including severe accident management (section 9.5, Operating procedures).

Reference should also be made to parts of the application that are related to accident management:

1. section 4.6, Site-related issues in emergency planning and accident management
2. subsection 5.9.6, Severe accident management
3. section 7.6, Severe accidents
4. section 9.5, Operating procedures
5. section 9.11, Qualification and training of personnel
6. section 9.12, Certification of personnel
7. chapter 12, Emergency Preparedness

9.7 Maintenance, surveillance, inspection and testing

This section should describe and justify the programs and processes that the operating organization will implement. These programs and processes are to identify, control, plan, execute, audit and review the maintenance, surveillance, inspection, and testing practices that will be followed in the plant and that will impact the plant’s reliability and nuclear safety.

The maintenance program should be optimized through a careful analysis of the plant systems and equipment, and may utilize reliability-centered maintenance methodology, whereby maintenance activities are focused on the systems and equipment that are critical to the operation, safety and reliability of the plant.

While maintenance, surveillance, inspection and testing take place primarily during the operating phase of the plant’s lifecycle, this section should describe what should be done during the construction phase, to ensure that they can be carried out effectively and without difficulty when the plant is in operation. The surveillance program described in this section should adequately cover all aspects of the operational limits and conditions (OLCs) referred to in Chapter 10, Operational Limits and Conditions. The frequency of surveillance should be based on a reliability analysis, a probabilistic safety assessment, and previous experience. This section should show the viability of inspection techniques to meet performance requirements, taking ALARA into account.

This section should also demonstrate that the inspection program to be followed will be capable of demonstrating that the plant meets the specified standards and satisfies the inspection criteria adopted while remaining able to perform its required safety functions.

The section should describe the approach to be taken for the development of acceptance criteria in the SSC inspection program. Defects subject to such criteria include crack-like flaws and metal loss. When establishing the acceptance criteria, consideration should be given to the worst possible combination of design loading conditions and to the potential for propagation of a flaw if subjected to system transients and/or adverse environmental conditions.

The section should also describe the program planned to cover the testing to be carried out for all the plant SSC that can affect the safety functions of the plant, in order to confirm their continuing performance effectiveness. The program should emphasize inspection of the primary and secondary coolant systems, given the importance of their integrity to plant safety, and the severity of the possible consequences of their failure.

The information provided in the sections covering the surveillance program, the inspection program, and the testing program should include a timeline for each of these activities, with milestones for the development and implementation of the program and the processes to be followed. There should be a description of the systems to ensure that each activity is carried out within the time-frames allowed and that the results obtained in each of these activities are reviewed against the applicable acceptance criteria. The program should include periodic reviews to ensure that it continues to meet its objectives.

This section should be linked to and complement the following:

1. subsection 5.9.4, In-service monitoring, inspection, testing and repairs
2. section 9.11, Qualification and training of personnel
3. section 9.12, Certification of personnel
4. section 11.2, Application of the ALARA principle

9.8 Chemistry control

This section should describe the industry research and operating experience-based approach that will be used for the chemical control of plant fluid systems important to safety during construction and commissioning, and at a programmatic level for operational states.

The description should include information and provide references to more detailed documents to demonstrate how chemistry program objectives will be achieved during construction, commissioning activities and operation. The information should address matters such as:

1. policy that states the goals and objectives of the chemistry program
2. chemistry procedures, specifications and methods of control and how they will be monitored through the use of adequate performance indicators
3. surveillance program to monitor system chemistry through appropriate sampling and analysis of plant systems
4. methods of data management, including adequate trending, evaluation and reporting of analysis results and investigations
5. administrative controls to ensure compliance with industry practices for controlling products in the workplace
6. sufficient training program that determines the content, periodic review of needs, an assessment of final competencies and evaluation of the training efficiency

A timeline and milestones for the development and implementation of the remaining matters relating to chemistry control should be provided.

9.9 Core management and fuel-handling

This section of the application should describe, at a high level, the programs and processes respecting core management, fuel-handling and storage that will be applied prior to and following initial fuel load. This section should be linked to and complement sections, 9.11, Qualification and training of personnel and 9.12, Certification of personnel.

9.10 Control of modifications

This section should describe the processes proposed to identify, review, approve, control, plan, execute, audit and document the activities related to modifications to the plant configuration, including both temporary and permanent design modifications. The processes should take into account the safety significance of proposed modifications, including the requirements for approvals by the CNSC, where these are necessary. The modification control processes should cover the changes made to the physical plant, to safety-related software, to plant OLCs and to important plant procedures.

For pressure boundary SSC, the section should explain the arrangements that have been made to ensure that the related quality assurance program and its implementation processes and procedures, as well as any SSC modifications, are subject to approval by an authorized inspection agency acceptable to the CNSC.

The description should also demonstrate that the modification and control processes established will ensure that radiation protection requirements will be addressed and that exposures will be maintained as low as reasonably achievable (ALARA), in accordance with section 11.2, Application of the ALARA principle. Information should also be provided to demonstrate that measures have been taken to ensure that adequate and sufficient records of all configuration modifications will be made and retained during the plant lifetime, and that the requirements for configuration management will be met at all times during plant modifications.

9.11 Qualification and training of personnel

This section should indicate the job-specific qualification requirements for plant personnel and the associated training programs to achieve them. This section should also describe the qualification and training requirements for personnel engaged in the plant design phases, and the proposed program and schedule for recruiting, training and qualifying personnel for work relating to the construction, commissioning, operation and maintenance phases of the plant’s lifecycle.

The description should demonstrate that a systematic approach to training was and will be adopted and used, in order to manage the qualitative, quantitative and resource aspects of implementing the training system. The training programs should be based on an analysis of the responsibilities and tasks involved in doing the work and this approach should be applied to all staff, including management. The training programs and facilities, including simulator facilities, should reflect the “as operating” status of the plant.

In addition, this section should demonstrate that the defined qualifications and supporting training programs for the staff at the plant are adequate. It should be shown that arrangements have been made to achieve and maintain the required numbers of staff with the necessary professional competence and skill level, in accordance with the expectations of G-323 Ensuring the Presence of Sufficient Qualified Staff at Class I Nuclear Facilities – Minimum Staff Complement.

The section should also describe the documentation system established to track the status of training program development and delivery, as well as to manage and track the status of staff and contractor qualifications. Explanation should be provided to demonstrate how training staff are to acquire the requisite skills, knowledge and attitudes needed to develop training programs for the plant personnel. The technology that will be acquired to aid training, and the approach to be followed concerning its operation, maintenance and support over its life, and who will be responsible for these activities, should all be accounted for.

During its lifetime, the plant will undergo changes to its SSC, procedures and regulations that could affect plant training programs. An explanation should be provided to demonstrate how the training department plans will ensure that training programs capture the changes that take place and continue to reflect the “as operating” status of the plant.

The section should also indicate the identity of the staff positions planned to cover all plant states, along with the proposed personnel occupational groupings at the plant. It should explain in general terms how the analysis connecting the two has been performed, as well as how the individual personnel will be recruited, their skills assessed and the ensuing performance gaps identified to determine the required level of training programs. Finally, the section should outline the qualification and skill requirements that have been set for contracting organizations and their personnel who perform activities relating to the plant. Where detailed specific qualification and training documentation is to be developed later on, the section should provide a proposed timeline and milestones for completion of the work.

9.12 Certification of personnel

This section should describe the program and schedule established for the certification of personnel for work relating to the construction, commissioning, operation and maintenance of the plant. For the positions requiring certification, as set out in RD-204, Certification of Persons Working at Nuclear Power Plants, this section should outline the program that will be implemented to achieve the specified requirements for certification training. The description should also include any proposed alternative approaches that will be implemented to achieve certification in advance of the first fuel load.

Information on how the certification program training and testing positions will be staffed should also be provided. This should include information on the personnel required for certification-related activities on the plant full scope simulator. This section should also describe how the certification training will be linked to or built upon the training programs that are common to other staff. The additional training for certified staff should be justified and explained using a systematic approach.

Where it is planned to use previously certified or experienced staff for certified positions, the section should show that a gap analysis of their competencies will be done and that the required supplementary training programs will be developed and conducted. Training and assessment of certified staff should address the skills and knowledge necessary to perform the duties required to oversee and supervise commissioning activities. The certification program should account for control room operation staffing levels during construction, commissioning and operation. It should also include plans to fill these positions soon enough to allow the selected personnel to:

1. receive the required certification training
2. develop their skills and knowledge using the plant full-scope simulator
3. participate in the requisite parts of the commissioning programs
4. become fully acquainted with the “as operating” condition of the plant

Where detailed specific certification documentation is to be developed later on, the section should provide a proposed timeline and milestones for completion of this work.

9.13 Full-scope simulator

This section should describe the full-scope training simulator to be used for the plant. It should include information showing how the simulator meets the expectations of section 15 of RD-204. The manner in which the simulator will be used to support commissioning should also be described.

9.14 Safety performance

This section should demonstrate the applicant’s commitment to promote and support excellence in safety performance, including human performance, at all levels in the organization. Human performance should be understood as the outcomes of all human behaviours, functions and actions in the plant environment, and it should reflect the ability of staff and management to meet the plant’s defined performance under the plant’s operating conditions.

This section should describe the programs that aim to continuously improve human performance, to take steps to identify human performance weaknesses and to remove human performance-related root-causes of events. Plans for developing and updating these programs should be included in this section.

This section should demonstrate that the applicant acknowledges that safety culture is based on fundamental safety beliefs and on a code of conduct that reflects safety values commonly shared by all individuals. Consequently, the applicant should commit to:

1. ensuring that there is a common understanding of the key aspects of the safety culture
2. providing the means to support individuals and teams to carry out their tasks safely and successfully by reinforcing learning and by questioning attitude
3. providing the means by which the organization continually seeks to develop and improve safety performance

The section should acknowledge the applicant’s responsibility for establishing and promoting the relevant safety principles that serve as guidance for decision-making and behaviours, including the following:

1. everyone has a role in nuclear safety
2. all staff clearly recognize the value of performing work safely
3. leadership for safety is clearly defined at the management level
4. leaders demonstrate commitment to safety
5. accountability for safety is clearly defined at the working level
6. nuclear safety undergoes constant examination
7. decision-making reflects safety first
8. safety is integrated into all activities
9. safety is driven through continuous learning and experience feedback
10. trust and open communication permeates the organization
11. a questioning attitude is cultivated
12. organizational learning is embraced

Finally, this section should clearly state how the applicant intends to present, promote and assess the key characteristics of good safety performance by all personnel working at the plant, including the contractors. The section should provide a proposed timeline and milestones for completion of detailed specific safety performance documentation that is proposed to be developed later on.

9.15 Operational experience feedback

This section should describe how the program for feedback of operating experience has been implemented during the site evaluation and design phases, and how it will continue during the construction, commissioning and operating phases of the plant lifecycle. The description should explain how the program has addressed/will address how plant incidents and events are identified, recorded, investigated, and reported internally and to the regulator, as well as how these incidents and events will be used to promote enhanced safety performance of the personnel and the plant. The section should demonstrate that the root-cause programs and root-cause analysis of incidents and events will consider technical, organizational and human factor aspects and that the necessary arrangements have been made to report and analyze low-level and near-miss events.

This section should also demonstrate that the feedback program has covered/will cover feedback of relevant operational experience from other plants, including the identification of generic problems and the implementation of measures for improvements as required. It should also state the number of personnel trained in and assigned to root-cause analysis and the general staffing in this area. Finally, it should explain how non-event operational experience feedback (e.g., good practices observed, lessons learned from post-job briefings) will be collected, analyzed and disseminated. The proposed timeline and milestones for completion of the work should be provided for detailed specific operational experience documentation to be developed later.

9.16 Documents and records

This section should describe the provisions to be made for managing plant configuration and for maintaining all required documents and records. It should include information relating to the measures for creating, receiving, classifying, controlling, storing, retrieving, updating, revising and deleting documents and records that relate to activities over the plant’s lifetime. It should also cover the documentary measures to be taken for the management of waste and decommissioning of the plant. If detailed specific documents and records-related documentation are to be developed later on, this section should provide a proposed timeline and milestones for the work.

9.17 Outages

This section should describe the approach and relevant arrangements that are proposed for conducting periodic shutdowns of the reactor, as required by the operating cycle and other factors. The applicant should outline the human resources approach to be followed in outage activities, including the management of worker qualifications and work activities. A description of the policies, program, processes and procedures governing the various aspects of outages, along with a timeline and milestones for their development and implementation should be included in this section.

10.0 Operational Limits and Conditions

10.1 General considerations

Chapter 10 of the application should describe the plant’s operational limits and conditions (OLCs). The information provided can be entirely included in this chapter, or provided in a separate document(s) referenced in this chapter. Whichever approach is used, it should demonstrate that the OLCs have been derived and developed in a systematic way from the design, and the safety case (including the safety analysis) and the description should meet the expectations contained in section 4.3.3 of RD-337. The OLCs should accompany the design information for the plant, and should be used to establish and carry out the training, qualification and certification of plant personnel.

The chapter should provide detailed information concerning the safe operating envelope (SOE) for the plant. It should identify the set of limits and conditions within which the plant should be operated to ensure its conformance with the safety case (including the safety analysis), which forms the basis for the licensing of reactor operation and can be monitored by (or on behalf of) the applicant and that will be controlled by the applicant.

This chapter should describe the unambiguous instructions, clearly linked to the safety case for the plant, that will be issued to ensure that the plant will be operated at all times within the limits of the OLCs, so that that it will not present an undue risk to the environment, worker health and safety, or the public.

This chapter should explain the reason for the adoption of each OLC (accounting at the same time for any uncertainties associated with the safety analysis) and should provide any relevant background information that applies. It should also indicate the provisions that have been made to amend OLCs as necessary, including changes resulting from the testing carried out during the plant commissioning phase.

The OLCs described should contain numerical values of limiting parameters and operability conditions of systems and components. The corresponding requirements for surveillance, maintenance and repair to ensure that these parameters remain within acceptable limits and that systems and components are operable should also be specified. Where appropriate, this information should be supported by means of a probabilistic safety assessment (PSA). This chapter should also identify and explain how, in some instances, essential administrative aspects (such as the minimum shift composition, hours of work, and the frequency of internal reviews) have been covered in specific OLCs.

Finally, the actions to be taken in the event that plant’s OLCs are not fulfilled should also be clearly established and elaborated in this chapter.

11.0 Radiation Protection

11.1 General considerations

Chapter 11 of the application should describe the policy, strategy, methods, and design provisions made for radiation protection. It should also explain the expected occupational radiation exposures during normal operation and anticipated operational occurrences, including an outline of measures to avoid and restrict exposure.

The description should include either a brief summary of how adequate provisions for radiation protection have been incorporated into the plant design, or it should refer to other chapters in the application where this information can be found. Details should be provided on how the basic protection measures of time, distance and shielding have been considered. This chapter should also demonstrate that appropriate design and operational arrangements have been made to minimize the number and locations of radiation sources in the plant.

11.2 Application of the ALARA principle

This section should describe the policy and application of the ALARA (as low as reasonably achievable) principle, as described in G-129 (Rev. 1), Keeping Radiation Exposures and Doses “As Low As Reasonably Achievable (ALARA)”. The estimated annual occupancy of the plant’s radiation areas during normal operation and anticipated operational occurrences should be provided. The approach followed, beginning with plant design, should meet the radiation protection objectives stated in section 4.1.1 of RD-337, and it should be demonstrated that:

1. radiation doses resulting from the operation of the plant will be reduced, by means of radiation protection measures, to levels such that any further expenditures on design, construction and operational measures would not be warranted by the expected reduction in radiation doses
2. the design has duly considered issues such as avoiding the need for workers to be in areas where they are exposed to radiation for long periods of time
3. the ALARA principle is applied in the operation and maintenance of the plant to reduce further occupational exposure, wherever practicable
4. the necessity for workers to be present in high-dose areas of the plant has been investigated and justified

11.3 Radiation sources

This section should identify and describe all on-site radiation sources (see chapter 14, Radioactive and Hazardous Waste Management), taking into account contained and immobile sources, potential out-of-core criticality (resulting from mishandling of enriched fuel), and potential sources of airborne radioactive material. The description should also cover all possible exposure pathways.

11.4 Design features for radiation protection

This section should describe the features in the design of the equipment and the plants that ensure radiation protection from the sources described in section 11.3, Radiation sources. It should be demonstrated, in accordance with the expectations contained in section 8.13 of RD-337, that suitable provisions have been made in the design and layout of the plant in order to reduce doses and radioactive releases from all sources. Such provisions should include the adequate design of systems, structures and components so that radiation exposures are reduced during all activities in the plant throughout its lifetime. Activities where no significant benefit accrues should be eliminated. Examples of such provisions include the design of the civil engineering structures; the ventilation system that minimizes the movement of air from zones containing high-level radioactivity to those containing low-levels, radiation shielding, and other mitigation measures for areas where maintenance work is done, or where operator action is required in case of an accident.

Where appropriate, this section should refer to section 11.6, Radiation protection program, and chapter, Design of Plant Structures, Systems and Componentsof the application.

The principles of radiation protection that have been accounted for in the design should be stated in the description. They should include, for example:

1. no person will receive doses of radiation in excess of the regulatory dose limits as a result of normal operation
2. occupational exposures will be ALARA
3. all practical steps will be taken to prevent accidents with radiological consequences and to minimize radiological consequences of any accident

This section should also state radiation dose targets included in the plant design specification, including those that relate to the dose levels expected for workers and members of the public resulting from operation of the plant throughout its lifetime.

11.5 Radiation monitoring

This section should describe the arrangements that have been made for the monitoring of all significant radiation sources during all activities throughout the lifetime of the plant. The information provided should justify the adequacy of the provisions for monitoring to cover operational states, design basis accidents and beyond design basis accidents and, where appropriate, severe accidents. In addition to this, and in support of section 6.11, Fuel-handling and storage systems and section 11.3, Radiation sources, monitoring for out-of-core criticality should be covered, including criticality accident alarm systems that meet applicable industry standards.

11.6 Radiation protection program

This section should describe the radiation protection program established for the plant. It should outline the administrative organization, equipment, instrumentation and facilities, and procedures established to support the program. It should demonstrate that the radiation protection program will keep doses ALARA (see section 11.2, Application of the ALARA principle), through the implementation of management control over work practices, personnel qualification and training, control of occupational and public exposure to radiation, and planning for unusual situations. It should also demonstrate that the radiation protection program is based on a risk assessment that takes into account the location and magnitude of all radiation hazards in the plant and that addresses matters such as the following:

1. classification of work areas and access control
2. local rules and supervision of work
3. monitoring of individuals and the workplace
4. work planning and work permits
5. protective clothing and protective equipment
6. facilities, shielding and equipment
7. optimization of protection
8. source reduction
9. training
10. arrangements for response to emergencies

12.0 Emergency Preparedness

12.1 General considerations

Chapter 12 of the application should describe the preparations that have been made to ensure that any emergencies that may arise at the plant, during its lifetime, will be dealt with safely and effectively. The information provided should show that requirements in subsection 24(4) of the NSCA, and paragraph 5(i) of the Class I Nuclear Facilities Regulations have been met, and that arrangements at the plant will meet the expectations contained in G-225, Emergency Planning at Class I Nuclear Facilities and Uranium Mines and Mills, and RD-353, Testing the Implementation of Emergency Measures.

This section should include details of the emergency preparedness policies, programs and procedures, relevant to the activities associated with the licence to construct. In addition, the application should include general information related to the overall emergency preparedness for the operation and decommissioning phases of the project, including a schedule for the provision of detailed information concerning emergency preparedness for the operation and decommissioning phases of the project.

If the application relates to a site with an existing Class I nuclear facility, any changes to the existing site emergency plan are dealt with under the existing licence.

13.0 Environmental Protection

13.1 General considerations

This section should describe the approach that will be taken to assess the impact of the plant on the environment throughout its lifetime, from construction through to decommissioning.

The environmental impact assessment work should be carried forward into the development of a set of environmental protection policies, programs and procedures for the plant, based on a quantitative environmental risk assessment. These policies, programs and procedures should meet, but not be limited to, the expectations contained in P-223, Protection of the Environment, S-296, Environmental Protection Policies, Programs, and Procedures at Class I Nuclear Facilities and Uranium Mines and Mills, and G-296, Developing Environmental Protection Policies, Programs and Procedures at Class I Nuclear Facilities and Uranium Mines and Mills.

An environmental management system (EMS) based on ISO 14001: 2004, Environmental Management Systems [10] should be developed. The information provided should demonstrate that the environmental protection requirements of the NSCA, its regulations, and other Canadian environmental protection legislation have been followed.

The environmental protection strategies described in the application should be centered on preventive or control measures that reflect avoidance, precautionary and preventive principles. These strategies should show that emphasis has been placed on tempering or preventing the cause or source of an effect or sequence of effects, before addressing how to reverse or compensate for an effect once it occurs.

The application should indicate that where prevention of effects cannot be assured, or the effectiveness of mitigation presumed is uncertain, the approach to be followed in the plant will entail further mitigation measures in the form of contingency responses, including activation of the emergency response plan.

In cases where specific documentation concerning arrangements for the management of environmental aspects are not part of the environmental protection programs and will be developed later, the proposed timeline and milestones for completion of the work should be provided in this section and in each of the following sections in the chapter.

The application should include details of the environmental policies, programs and procedures, relevant to the activities associated with the licence to construct. It should also include generic information related to the overall environmental effects resulting from the operation and decommissioning phases of the project with a schedule for the provision of detailed information concerning these effects on the environment.

13.2 Radiological impacts

This section should identify and describe all the radiological aspects of site activities that could have environmental effects, including exposure to members of the public, throughout the lifetime of the plant, from construction through to decommissioning. This section should explain in particular the measures that will be taken to identify releases of solid, liquid and gaseous radioactive effluents into the environment and it should indicate how these effluents will be managed to conform to the ALARA principle. This section should:

1. identify any authorized limits and specify operational targets for solid, liquid and gaseous effluent releases, and the measures to be taken to comply with such limits
2. describe the off-site monitoring regime for contamination levels and radiation levels in the various components of the surrounding environment, and the methods to be followed to estimate radiation doses to members of the public
3. identify methods to be used to prepare, store and retain records of the radioactive releases that will routinely be made from the site
4. describe the dedicated release monitoring programs and alarm systems that are required to respond to unplanned radioactive releases and the automatic devices to be provided to interrupt such releases, if applicable
5. identify the measures that will be taken to make appropriate data available to the authorities and the public

This section should also give details on the approach that will be taken to determine the effects on the environment and on members of the public arising from the discharge from the plant of solid, gaseous and liquid radioactive effluents to the environment.

13.3 Non-radiological aspects

This section should describe all non-radiological aspects of site activity that could have environmental effects, including exposure to members of the public, throughout the lifetime of the plant, from construction through to decommissioning. This section should explain, in particular, the measures that will be taken to identify potential or expected releases of hazardous substances to the environment and to identify any physical effects to biota, such as impingement and entrainment or habitat loss.

The information provided should also include:

1. identification of the chemical and physical nature of the releases, and their potential chemical and physical effects
2. identification of the authorized limits and operational targets for releases and measures taken to comply with such limits
3. details of the off-site monitoring regime for hazardous substances and the physical effects they cause
4. details concerning the alarm systems required to respond to unplanned releases
5. identification of the measures that will be taken to make appropriate data available to the authorities and the public

13.4 Preventive and control measures

This section should describe all preventive and control measures that will be taken for the protection of the environment throughout the lifetime of the plant, from construction through to decommissioning. With reference to section 6.13 Radioactive and hazardous waste treatment systems, this section should demonstrate that best available technology economically achievable has been incorporated into the plant design to:

1. prevent or minimize controlled releases of contaminants (e.g., radionuclides, hazardous substances, or thermal pollution) to the environment
2. prevent uncontrolled releases to the environment of solid, liquid and gaseous radioactive effluents and non-radiological/hazardous substances
3. mitigate physical effects such as impingement and entrainment of biota

This section should identify all standards, guidelines or criteria that have been applied with respect to preventive and control measures for environmental protection from plant discharges, and should also describe:

1. preventive and control measures taken pertaining to environmental protection, including their expected performance
2. SSC of the plant that are important for preventive and control measures
3. maintenance program established to ensure the sustained operational performance of preventive and control measures
4. alarm systems to be installed to respond to failure of preventive and control measures
5. provisions to be made to make appropriate data/information available to the public

13.5 Effluent monitoring program

This section should describe the plant effluent monitoring program that will be the primary indicator of plant performance in terms of releases to air, surface waters, groundwater, and soils, from both plant operations and waste management activities. The program should encompass all activities to be carried out related to monitoring releases of radioactive and hazardous substances with potential environmental effects, from construction through to decommissioning. It should also document and integrate all site routines that will sample, measure, and analyze radiological and hazardous substances, and physical parameters.

The program described in this section should include details to:

1. explain the criteria established to identify the radioactive and hazardous substances that will be monitored, and the detection limits that will be set to verify the performance of the preventive and control measures taken to manage releases
2. include an inventory of potential radionuclides and physico-chemical elements that could be released and affect the environment
3. identify the authorized limits (e.g., dose to the public, derived release limits, action levels, and discharge limits), and operational targets for releases and the mitigation of physical effects
4. describe the alarm systems provided to respond to unplanned releases (see section 6.13)
5. include availability targets for the various monitoring devices, and a maintenance program to assure sustained performance of monitoring equipment at their availability targets (see section 6.13)
6. include a staff qualifications and training document that describes the training program for specialist staff and contractors participating in the implementation of this program
7. describe the quality assurance and quality control document to be followed when undertaking discrete monitoring tasks
8. describe the sampling and analytical procedures document containing procedures for sampling, analytical methods, calibration of equipment and data management
9. describe the audit and review process document that outlines the audit process for each of the elements of the effluent monitoring program

13.6 Environmental monitoring program

This section should describe the environmental monitoring program (EMP) established to cover all environmental monitoring activities on the site throughout the lifetime of the plant, from construction through to decommissioning. The program should be based on the level of risk posed by the plant’s anticipated release of substances into the environment and should integrate and document all the activities that sample, measure and analyze radiological and hazardous substances, and physical and biological parameters.

The key objectives of the overall EMP is to obtain data demonstrating that the plant controls are working effectively to prevent unreasonable risks to public health and the environment, and confirming that the plant’s environmental effects and radiation doses to members of the public remain below the applicable regulatory limits. The EMP should document all important pathways, contaminants, and parameters, and their relevance to the protection of the environment and human and non-human biota and should comprise the five following elements:

1. design document that describes the structural framework, environmental monitoring components, and associated rationale for the EMP and includes
   1. description of objectives and monitoring rationale
   2. methodology and criteria to identify radiological and hazardous substances and physical and biological parameters that require monitoring
   3. sampling and analytical frequency
   4. sampling locations
   5. e. environmental media to be sampled
   6. analytical detection limits
   7. performance indicators, targets and action levels
   8. corrective action plan to be implemented if the levels or performance targets are exceeded
2. staff qualifications and training document that outlines the training program required by staff and contractors
3. quality assurance and quality control document for field and laboratory activities that describes the activities that specifically plan, monitor, and control discrete laboratory and field tasks
4. sampling and analytical procedures document that describes the procedures for sampling, analytical methods, equipment calibration and data management
5. audit and review process document that describes the audit process for each of the elements of the environmental monitoring program

13.7 Environmental management system

This section should describe the environmental management system (EMS) established to ensure protection of the environment throughout the lifetime of the plant, from construction through to decommissioning. All activities at the facility (discharges, emissions, start-ups, shut-downs etc.) that can interact with the environment (environmental aspects) should be identified and documented, and the establishment, implementation, and maintenance of the EMS should be based upon their management and significance.

The section should describe the provisions made within the EMS to control the release of radioactive and hazardous substances into the environment, to reduce the generation of wastes, and to prevent or mitigate adverse environmental effects. Mitigation should also include a site environmental emergency preparedness and response program. The EMS should be developed and documented in accordance with the criteria contained in ISO-14001: 2004 [10] and S-296 and should incorporate the following principal elements:

1. general requirements
2. environmental policy
3. planning
4. implementation
5. checking and control
6. management review

G-296 has been developed to assist licence applicants in the development of these environmental policies, programs and procedures.

14.0 Radioactive and Hazardous Waste Management

14.1 General considerations

This chapter should identify the main sources of solid, liquid and gaseous radioactive and hazardous waste and provide estimates of their generation rates in conformance with the plant design requirements (see section 6.13, Radioactive and hazardous waste treatment systems). The measures to be taken for the safe management of these wastes throughout the lifetime of the plant (from construction through to decommissioning) should also be described and justified. This chapter pertains to management of radioactive waste within the facility (i.e., reactor building and any attached auxiliary buildings).

During the construction and Phase A commissioning of the plant in particular, it is likely that the waste material to be managed will be exclusively hazardous waste (non-radioactive); however, the waste should not be considered of low importance. This chapter (and others as appropriate) should provide clear information on how all hazardous waste will be managed.

The measures described should meet the expectations contained in the following CNSC documents:

1. P-290, Managing Radioactive Waste , which describes the philosophy that underlies the CNSC approach to regulating the management of radioactive waste and the principles that are taken into account when making regulatory decisions
2. section 8.11 of RD-337, regarding the design of waste treatment and control systems
3. section 7.21 of RD-337 concerning human factors considerations

This chapter should explain how, to the extent practicable, the generation of radioactive waste will be minimized at the source, by the implementation of methods such as:

1. product changes
2. source control
3. technology
4. design measures
5. security provisions, operating procedures
6. decommissioning

Information should also be provided on:

1. characteristics of the accumulation rates and the quantities
2. conditions and forms of radioactive waste with different states of aggregation and activity level for normal and abnormal conditions of operation and for accident conditions
3. methods and technical means for the processing and/or conditioning, handling, storage and transport of waste (see section 11.3, Radiation sources)

This section should address options for the safe predisposal management of waste. If detailed specific documentation concerning arrangements for the management of radioactive and hazardous waste are not part of the plant design and will be developed later, this section and each of the following sections should provide a proposed timeline and milestones for completion of the work, and a description of the waste management facilities to be developed.

This section should include details of the waste management policies, programs and procedures, relevant to the activities associated with the licence to construct. It should also include generic information related to waste management for the operation and decommissioning phases of the project with a schedule for the provision of detailed information concerning waste management from the operation and decommissioning phases of the project.

14.2 Control of waste

The measures to be taken to control and contain the waste produced at all stages throughout the lifetime of the plant, from construction through decommissioning, should be described in this section of the application. As appropriate, the information provided should also include the measures taken to categorize (physical, chemical and radiological) and separate waste.

14.3 Handling of radioactive and hazardous waste

This section should describe the measures taken to meet the expectations contained in sections 7.19 and 8.11 of RD-337 to safely handle waste of all types that is produced at every stage of the plant’s life, from construction to decommissioning. The information provided should cover the provisions made for the packaging and safe handling of the generated waste, while transporting it from the point of origin to the specified storage point. The description should also take into account the possible need to retrieve waste at some time in the future, including during the decommissioning stage.

14.4 Minimizing accumulation of waste

This section should describe the measures taken to minimize the accumulation of waste produced at all stages throughout the lifetime of the plant, from construction through decommissioning. The information provided should include an explanation of the provisions made to reduce the waste arising to a level that is as low as practicable. The assessment leading to the provisions should show that both the volume and the activity of the waste are minimized to meet any specific requirements that may be posed by the design of the waste storage facility.

14.5 Conditioning of waste

This section should describe the measures taken to condition the waste produced at all stages throughout the lifetime of the plant, from construction to decommissioning. Where it is considered prudent, waste may be processed in accordance with established procedures, in which case the conditioning options considered should be identified and described here. The conditioning option selected as the most suitable should be the one that, to the extent practicable, does not foreclose the implementation of alternative options in the future if the preferences for waste disposal change during the lifetime of the plant.

14.6 Storage of waste

This section should describe the measures taken for the safe storage of waste produced at all stages throughout the lifetime of the plant, from construction to decommissioning. This section should consider the quantities, types, and volumes of radioactive and hazardous waste that will be accumulated, and the need to categorize and separate waste within the provisions made for storage. The potential need for specialized systems to deal with issues of storage in both the near and longer term (such as cooling, containment, volatility, chemical stability, reactivity, retrievably, and criticality) should also be addressed, and any system already in place should be described.

To the extent practicable, radioactive waste measures should be in accordance with IAEA recommendations for passive safety in safety guide WS-GS-6.1, Storage of Radioactive Waste [11]. They should also support the common safety considerations for waste storage, including:

1. immobility and low energy state of the radioactive material
2. stability and resistance to degradation of the waste form and container
3. multi-barrier containment approach
4. waste package life and retrievability
5. facility resistant to hazards, with minimized need for monitoring and maintenance
6. appropriate robustness for the storage period, prior to disposal activities

14.7 Disposal of waste

This section should describe the measures taken, or planned to be taken, for the safe disposal of the waste produced at the plant during its lifetime, from construction to decommissioning. Here, the applicant should include the provisions made for ensuring the safe transport of waste to another specified location for longer-term storage, if necessary.

15.0 Decommissioning and End of Life Aspects

15.1 General considerations

The decommissioning of the plant will become necessary either at the end of its lifetime, or earlier, if the applicant so decides (e.g., if construction is terminated early). The capability for decommissioning the plant should be built into the design. This section should contain the proposals, anticipated at the construction stage of the plant life, for its eventual decommissioning. The proposals should be periodically updated over time to include additional details and to reflect developments in the strategy for decommissioning. They should meet the expectations contained in G-219, Decommissioning Planning for Licensed Activities.

15.2 Decommissioning concept

This section should briefly describe the decommissioning concept proposed for the plant, and should take into account the following aspects:

1. design solutions that minimize the amount of waste material produced and that facilitate decommissioning and meet the expectations contained in section 7.24 of RD-337 addressing design provisions for decommissioning
2. consideration of the type, volume and activity of radioactive and hazardous waste produced during the operational and decommissioning phases
3. options identified for decommissioning
4. planning, phasing or staging of the decommissioning process, including appropriate surveillance requirements and security provisions throughout the process
5. adequate document control and maintenance of suitable and sufficient records, including records of the “as built” state and on-going changes, and how the preservation of digital information is to be dealt with
6. human factors considerations in design

15.3 Provisions for safety during decommissioning

This section should contain a short description of the measures considered necessary to ensure safety during decommissioning, according to the specified safety principles and objectives. Special attention should be paid to the following aspects:

1. releases of radioactive nuclear substances and hazardous substances (airborne and liquid) during the decommissioning process should be in accordance with the ALARA principle, and should be kept at least within authorized limits
2. adherence to the concept of defence in depth against radiological and conventional hazards during the decommissioning process should also be demonstrated

15.4 Differing approaches to decommissioning

This section should describe the options identified and the method chosen for decommissioning, with their corresponding justification. The main differences between the alternative approaches should be explained (e.g., minimization of all risks to personnel, the public and the environment, and optimization of the technological, economic, social, and other relevant indicators). Different options and their effects on the time-scale for the decommissioning process should also be described.

15.5 Planning of the preliminary work

This section should present a preliminary plan for the decommissioning work that would be required to decommission the nuclear facility at the end of its construction and to the point of completion of Phase A commissioning. This preliminary decommissioning plan should meet the expectations contained in G-219. This plan will form the basis for establishing a financial guarantee sufficient for decommissioning the nuclear facility during the construction period.

The schedule for the provision of detailed information concerning the decommissioning phase of the project should be provided.

15.6 Financial guarantees

This section of the application should describe the financial guarantee necessary to permit the decommissioning of the nuclear facility, should it be required at the time the licence to construct expires. It should include the form and structure of the guarantee instrument. The financial guarantee should meet the expectations contained in G-206, Financial Guarantees for the Decommissioning of Licensed Activities.

16.0 Safeguards

16.1 General considerations

This chapter should describe the safeguards approach and the implementing infrastructure to be followed at the plant in accordance with sections 7.23 and 8.12 of RD-337. These should have been established in consultation with the International Atomic Energy Agency (IAEA) and the CNSC. The approach and infrastructure should be sufficient to enable the CNSC (the designated federal agency responsible for implementing the agreements for the application of Canadian safeguards) to ensure conformity with Canada’s international safeguards obligations under the Treaty on the Non-Proliferation of Nuclear Weapons. Pursuant to the treaty, the Government of Canada has entered into a safeguards agreement with the IAEA, and a protocol additional to the agreement.

The agreement and additional protocol give the IAEA the right and the responsibility to verify that Canada is fulfilling its international commitment concerning the peaceful uses of nuclear energy. The safeguards approach described in this chapter should facilitate IAEA verification activities at the plant. The CNSC provides the general mechanisms, through the NSCA, the General Nuclear Safety and Control Regulations and plant licences for the IAEA to carry out its role under the safeguards agreement and additional protocol. The essential requirements for the application of IAEA safeguards are inscribed in specific conditions that form part of the plant licence when it is issued.

To comply with regulatory requirements, the safeguards approach and implementing infrastructure described in this chapter should provide for the following:

1. timely provision of accurate reports and information
2. provision of access and assistance to IAEA inspectors for verification activities
3. submission of annual operational information and accurate design information of plant structures, processes and procedures
4. development and satisfactory implementation of appropriate facility safeguards procedures

The description given in this chapter should specifically detail arrangements made by the applicant that will permit the CNSC to discharge Canada’s treaty obligation to provide information to the IAEA about site buildings and structures, operational parameters, and the flow and storage of nuclear material, from the plant’s design and commissioning phases through to its decommissioning and eventual abandonment.

This chapter should indicate how the applicant already has and will continue, to work cooperatively with both the CNSC and the IAEA in the development and implementation of an appropriate safeguards approach, based on the plant’s specific design.

The information provided should also explain how the safeguards equipment installations have been taken into account at an early stage in the plant design. It should also detail the infrastructure that has been established for the safeguards approach (e.g., plant procedures in place, operations and security staff trained) prior to the introduction of nuclear material at the close of commissioning Phase A.

---

Appendix A: Review Objectives for Construction Licence Applications

When establishing the scope of CNSC staff’s review of an application to construct a nuclear power plant, three levels of objectives are considered. These objectives are developed to assist in integrating individual reviews into an overall assessment of the adequacy of a licence application.

A.1 First-level objectives

As specified in subsection 24(4) of the Nuclear Safety and Control Act:

(4) No licence may be issued, renewed, amended or replaced unless, in the opinion of the Commission, the applicant

(a) is qualified to carry on the activity that the licence will authorize the licensee to carry on

(b) will, in carrying on that activity, make adequate provision for the protection of the environment, the health and safety of persons and the maintenance of national security and measures required to implement international obligations to which Canada has agreed.

Additionally, the facility design and operation needs to address the mitigation measures identified in the environmental assessment.

A.2 Second-level objectives

S Design safety objective: The design of an NPP to be constructed should make adequate provisions (not pose an unreasonable risk) for the protection of the environment, the health and safety of persons and the maintenance of national security and measures required to implement international obligations to which Canada has agreed.

C Construction program objective: Adequate provisions should be made for the NPP construction to be carried out in a safe manner and with sufficient quality.

Q Qualifications objective: The applicant, and all entities involved in the design, construction and commissioning of the NPP, should be qualified to carry out the licensed activity. The program and schedule for recruiting, training, qualifying and certifying workers in respect of the operation and maintenance of the nuclear facility should be adequate.

The design safety objective captures a large portion of the general nuclear safety objective, as established by the IAEA and explicitly stated in section 4.1 of RD-337 that “NPPs be designed and operated in a manner that will protect individuals, and society from harm.”

The construction program objective expresses the high-level expectations for the NPP construction program.

The qualifications objective expresses the high-level expectations to have adequately qualified persons for the design, construction and commissioning of the NPP. It also addresses the requirements of the Class I Nuclear Facilities Regulations pertaining to training, qualification and certification of workers.

A.3 Third level objectives

In essence, meeting the design safety objective means satisfying the relevant expectations outlined in RD-337 and other relevant CNSC regulatory documents, such as RD-310, Safety Analysis for Nuclear Power Plants, and RD-346, Site Evaluation for New Nuclear Power Plants. At an intermediate level, the expectations of RD-337 may be grouped in several main categories, which can be thought of as the third-level objectives for the assessment of a licence application to construct an NPP.

Third-level objectives pertaining to the design safety objective are:

SO1 The NPP design captures all of the mitigation measures identified during the EA and ensures that operating performance meets all regulatory requirements concerning the radioactive and non-radioactive (hazardous substances) releases.

SO2 The NPP design follows the ALARA principle.

SO3 The NPP design complies with the dose acceptance criteria and safety goals.

SO4 The NPP design complies with the defence-in-depth principle.

SO5 The fundamental safety functions perform adequately in the NPP design.

SO6 The NPP design provides adequate means to mitigate and manage accidents.

SO7 Adequate design provisions have been made for security and design robustness.

SO8 The management system of programs, policies and procedures fosters a healthy safety culture and it is adequate for the designing, constructing and commissioning of the NPP.

SO9 The management system of programs, policies and procedures fosters a healthy safety culture and it is adequate for the future operation and decommissioning of the NPP.

SO10 Adequate design, infrastructure and programmatic provisions are made in the area of safeguards.

Third-level objectives pertaining to the construction program objective are:

CO1 adequate assurance that all activities involving construction/erection of structures and systems and fabrication/erection of components are carried out by qualified personnel

CO2 adequate provisions have been made to ensure that relevant rules and regulations will be followed during fabrication, construction, and erection activities and that the construction/erection activities are conducted in a safe manner

CO3 sufficient quality of fabrication, erection, and construction is assured and adequate provisions are made to minimize design deviations

CO4 adequate plans for inactive commissioning of the built NPP (without a fuel load) are in place

Third-level objectives for the qualifications objective are:

QO1 The applicant is qualified to oversee all design, construction and commissioning activities carried out by itself, or by contractors or sub-contractors.

QO2 The applicant has enough qualified staff to oversee all design, construction and commissioning activities carried out by itself, or by contractors or sub-contractors.

QO3 All contractors and sub-contractors involved in the design, construction and commissioning of the NPP are qualified to carry out their respective activities.

QO4 The proposed full-scope training simulator for the nuclear facility is adequate.

Appendix B: Relevant Requirements

This table gives the requirements referenced in this document that are relevant to preparing the safety case for a licence to construct a nuclear power plant.

Table 1: Relevant Requirements

Document Section	General Nuclear Safety and Control Regulations	Class I Nuclear Facilities Regulations	Other Regulations
1. Introduction	3(1)(a), 3(1)(b), 3(1)(c), 3(1)(k), 3(1)(l), 3(1)(m)	3(c), 3(j), 15(a), 15(b), 15(c)
2. Plant Description	3(1)(d)	3(a), 3(b), 5(a), 5(b), 5(d), 5(e)
3. Management of Safety	3(1)(k)	3(d), 3(e), 3(f), 5(g), 5(i)
4. Site Evaluation	3(1)(d)	3(a), 3(b), 5(a), 5(b), 5(i)
5. General Design Aspects and Support Programs	3(1)(d), 3(1)(i), 3(1)(m)	3(a), 3(b), 5(a), 5(b), 5(d), 5(e), 5(g), 5(i),	Radiation Protection Regulations Nuclear Security Regulations
6. Design of Plant Systems, Structures and Components	3(1)(d), 3(1)(i)	3(a), 3(b), 5(a), 5(b), 5(d), 5(e), 5(g), 5(i)	Radiation Protection Regulations Class II Nuclear Facilities Regulations Nuclear Substances and Radiation Devices Regulations
7. Safety Analyses	3(1)(d), 3(1)(i)	3(a), 3(b), 5(a), 5(b), 5(d), 5(e), 5(f), 5(g), 5(i)
8. Construction and Commissioning		5(c), 14(1), 14(2), 14(4), 14(5)
9. Operational Aspects	3(1)(k), 28, 29, 30, 31, 32	3(d), 3(e), 3(f), 5(c), 5(i), 5(l), 5(m), 14(1), 14(2), 14(4), 14(5)	Radiation Protection Regulations
10. Operational Limits and Conditions	3(1)(d), 3(1)(i)	5(f), 5(g), 5(i)
11. Radiation Protection	3(1)(e), 3(1)(f)	5(i), 14(2), 14(4), 14(5)	Radiation Protection Regulations
12. Emergency Preparedness		3(f), 5(i)
13. Environmental Protection		3(e), 3(g), 3(h), 5(b), 5(i), 5(j), 5(k)
14. Radioactive and Hazardous Waste Management	3(1)(j)	3(e), 5(i), 5(j), 5(k),	Radiation Protection Regulations
15. Decommissioning and End of Life Aspects	3(1)(l)	3(k)
16. Safeguards	3(1)(g), 3(1)(h)	5(h)

Glossary

acceptance criteria

Specified bounds on the value of a functional indicator or condition indicator used to assess the ability of a structure, system or component to meet its design and safety requirements.

accident

Any unintended event (including operating errors, equipment failures or other mishaps) the consequences or potential consequences of which are not negligible from the point of view of protection or safety.

For the purposes of this document, accidents include design basis accidents and beyond design basis accidents. Accidents exclude anticipated operational occurrences, which have negligible consequences from the perspective of protection or safety.

accident conditions

Deviations from normal operation more severe than anticipated operational occurrences, including design basis accidents and beyond design basis accidents.

accident management

The taking of a set of actions during the evolution of a beyond design basis accident to:

• prevent the escalation of the event into a severe accident
• mitigate the consequences of a severe accident
• achieve a long term safe stable state

anticipated operational occurrence

An operational process deviating from normal operation that is expected to occur at least once during the operating lifetime of a nuclear power plant, but which, in view of appropriate design provisions, does not cause any significant damage to items important to safety or lead to accident conditions.

applicant

The organization that has applied to the CNSC for a licence to construct for a nuclear power plant, which has the overall responsibility, and controlling and coordinating authority, for overseeing the safe and satisfactory completion of all design, procurement, manufacturing, construction and commissioning work. In most cases, the applicant is also the responsible organization that will later operate the plant (also referred to as the operating organization). Where this is not so, responsibility for the plant and its safety nevertheless continues to reside with the applicant, who must supervise the activities of an operating organization that operates the plant.

beyond design basis accident (BDBA)

Accident conditions less frequent and more severe than a design basis accident. A BDBA may or may not involve core degradation.

design basis

The range of conditions and events taken explicitly into account in the design of the facility, according to established criteria, such that the facility can withstand them without exceeding authorized limits by the planned operation of safety systems.

design basis accident (DBA)

Accident conditions against which a nuclear power plant is designed according to established design criteria, and for which the damage to the fuel and the release of radioactive material are kept within authorized limits.

licensing basis

For a regulated facility or activity, a set of requirements and documents comprising:

• regulatory requirements set out in the applicable laws and regulations
• conditions and safety and control measures described in the facility’s or activity’s licence and the documents directly referenced in that licence
• safety and control measures described in the licence application and the documents needed to support that licence application

normal operation

Operation within specified operational limits and conditions including startup, power operation, shutdown, maintenance, testing and refuelling.

operating organization

The responsible organization that will operate the plant. This organization may be the applicant, or may be an organization that will operate the plant on behalf of the applicant. In this case, the applicant must supervise the activities of the operating organization.

operation

All activities performed to achieve the purpose for which a facility was constructed. For nuclear power plants, this includes maintenance, refuelling, in-service inspection and other associated activities.

operational limits and conditions

A set of rules setting forth parameter limits and the functional capability and performance levels of equipment and personnel, which are approved by the regulatory body for safe operation of an authorized facility. This set of limits and conditions is monitored by or on behalf of the operator and can be controlled by the operator.

operational states

States defined under normal operation and anticipated operational occurrences.

plant states

A configuration of nuclear power plant components, including the physical and thermodynamic states of the materials and the process fluids in them. Note: For the purpose of this document, a plant is said to be in one of the following states: normal operation, anticipated operational occurrence, design basis accident, or beyond design basis accident (severe accidents are a subset of the beyond design basis state).

postulated initiating event (PIE)

An event identified during design as capable of leading to anticipated operational occurrences or accident conditions. This means that a postulated initiating event is not necessarily an accident itself; rather it is the event that initiates a sequence that may lead to an AOO, a DBA, or a BDBA, depending on the additional failures that occur.

practicable

Technically feasible and justifiable while taking cost-benefit considerations into account.

probabilistic safety assessment (PSA)

A comprehensive and integrated assessment of the safety of the reactor facility. The safety assessment considers the probability, progression and consequences of equipment failures or transient conditions to derive numerical estimates that provide a consistent measure of the safety of the reactor facility, as follows:

• a Level 1 PSA identifies and quantifies the sequences of events that may lead to the loss of core structural integrity and massive fuel failures
• a Level 2 PSA starts from the Level 1 results and analyses the containment behaviour, evaluates the radionuclides released from the failed fuel and quantifies the releases to the environment
• a Level 3 PSA starts from the Level 2 results and analyses the distribution of radionuclides in the environment and evaluates the resulting effect on public health

protective zone

The area beyond the exclusion zone that needs to be considered with respect to implementing emergency measures.

regulation

The legal requirements prescribed in the Nuclear Safety and Control Act, its regulations, and site-specific licence conditions.

safety case

An integrated collection of arguments and evidence to demonstrate the safety of the facility and that all applicable regulatory requirements are met. This will normally include a safety assessment, but could also typically include information (including supporting evidence and reasoning) on the robustness and reliability of the safety assessment and the assumptions made therein.

safety function

A specific purpose that needs to be accomplished for safety.

safety system

A system important to safety, provided to ensure the safe shutdown of the reactor or the residual heat removal from the core, or to limit the consequences of anticipated operational occurrences and design basis accidents.

severe accident

Accident conditions more severe than a design basis accident and involving significant core degradation.

single failure

A failure that results in the loss of capability of a component to perform its intended safety function(s), and any consequential failure(s) resulting from it.

single failure criterion

A criterion (or requirement) applied to a system such that it will be capable of performing its task in the presence of any single failure.

structures, systems and components

A general term encompassing all of the elements of a facility or activity that contribute to protection and safety, except human factors.

Structures are the passive elements: buildings, vessels, shielding, etc. A system comprises several components, assembled in such a way as to perform a specific (active) function. A component is a discrete element of a system: wires, transistors, integrated circuits, motors, relays, solenoids, pipes, fittings, pumps, tanks, valves, etc.

---

References

1. International Atomic Energy Agency, Safety Standard Series GS-G-4.1, Format and Content of the Safety Analysis Report for Nuclear Power Plants, Vienna, 2004.
2. Canadian Standards Association, N286, Management System Requirements For Nuclear Facilities, latest or agreed edition.
3. Canadian Commission on Building and Fire Codes, National Building Code of Canada, Ottawa, 2005.
4. Canadian Commission on Building and Fire Codes, National Fire Code of Canada, Ottawa, 2005.
5. Canadian Standards Association, N293-07, Fire Protection for CANDU Nuclear Power Plants, 2008.
6. International Atomic Energy Agency, GS-R-2, Safety Standard Series, Preparedness and Response for a Nuclear or Radiological Emergency, Vienna, 2002.
7. Health Canada, H46-2/03-326E, Canadian Guidelines for Intervention during a Nuclear Emergency, Ottawa, 2003.
8. Government of Canada Treasury Board Secretariat, Policy on Government Security, Ottawa, 2009.
9. International Organization for Standardization, ISO 14001: 2004, Environmental Management Systems, 2004.
10. International Atomic Energy Agency, Safety Guide No. WS-GS-6.1, Storage of Radioactive Waste, Vienna, 2006.