UNCLASSIFIED MINISTRY OF DEFENCE DEFENCE NUCLEAR SAFETY REGULATOR NUCLEAR PROPULSION REGULATOR DNSR/ 17/9/891 See distribution Em• Direct line: Fax e-mail: Date : 22 April 2010 Dear Sirs, DNSR SAFETY IMPROVEMENT NOTICE - BABCOCK EVENT No 19720: FAILURE TO REINSTATE PRIMARY SAFETY SYSTEMS REFERENCES: A. B. DNSR/17/9/883 dated 16 April 2010, DNSR INVESTIGATION INTO BABCOCK EVENT No 19720: FAILURE TO REINSTATE PRIMARY SYSTEMS. Babcock Marine / DE&S Interim Report of Joint Investigation — 12 March 2010 1. This is a Safety Improvement Notice, following from a DNSR investigation into Babcock Event no 19720 (Reference A), which led to the extended operation of 2 platforms with a disabled primary safety system on a Nuclear Safety Implicated system. 2. The key failing in the sequence of events was that the BM Nuclear Procedure allowed blanks to remain fitted after the Nuclear Procedure was closed, without explicitly including a control to ensure their removal. However, the TXB facility operator and NRPA as joint operators are considered responsible as those in control when the reactor was taken critical. 3. That the information on the blanks fit was captured and then lost by all 3 parties on more than one occasion indicates a failure of safety culture as defined by the IAEA, and shortfalls against Authorisation/ Licence Conditions 17, 21 and 22. 4. BM are required to amend their business processes, such that safety significant changes cannot be introduced to nuclear procedures without an associated step to confirm that the additional hazard has been removed or mitigated, prior to closure of the Nuclear Procedure. This should be completed by the time of the undocking of HMS 5. BM and the TXB Facility Operator are required to review their documentation to identify the potential for other similar, open ended procedural changes, and to provide appropriate assurance to the Regulators that the risk is appropriately managed, prior to the undocking of HMS 6. BM, TXB and NRPA are required to review their procedures to ensure that key safety information is clearly identified when transferred at handover from procedure to procedure, or PAG to PAG. This should be completed by end of July, 2010. 7. Prior to plant start up, NRPA as operator, and the TXB Facility Operator are required to review the close out of their processes to assure themselves that they do all that could reasonably be expected to mitigate the risks to plant and platform from the work completed in that maintenance period. This should complete by the end of July 2010. UNCLASSIFIED UNCLASSIFIED 8. NRPA and BM are required to present their interface arrangements to the Regulators, and to clarify how they relate to the identification and management of safety issues in practice, by end of June, 2010. 9. The content of this letter has been agreed with HSE-N11. (Signed on original) Nuclear Propulsion Regulator Defence Nuclear Safety Regulator Distribution To: NRPA , , RN Babcock Marine for the attention of M HMNB Devonport NBCD, RN Copies: Internal SM IS-Hd FLEET-CAP SM E CSOE DACOS NRPA NP-Saii. RN NBCD CBS, RN DNSR-Hd DNSR 1(CD) DNSR 1(0R) DNSR 1(CD)-a File External NII Div.3 Propulsion SI, NII Div.3 DRDL PI, Babcock Babcock Babcock Babcock Marine, Marine, Marine, Marine, UNCLASSIFIED RESTRICTED MANAGEMENT MINISTRY OF DEFENCE DEFENCE NUCLEAR SAFETY REGULATOR NUCLEAR PROPULSION REGULATOR DNSR/19/3/2 [916] Direct line: Fax e-mail: Wednesday, 26 May 2010 Safety Improvement Notice on Nuclear Propulsion Project Team (NP PT) Organization for delivery of Nuclear Safety by the Approval Authority role. BACKGROUND 1. In November 20091, DNSR wrote to the Nuclear Propulsion Project Team (NP PT) with some observations on their organization for delivery of nuclear safety expressed in process documents'. A conclusion of this letter was that DNSR, recognizing the positive attempt to deliver safety management in a changed environment with a resource shortfall, would not seek an immediate re-issue of the documents. However, it noted that, as a regulator, DNSR is required to take appropriate action should they find repeated failure to meet internal process as claimed in compliance arrangements, and/or good safety management practice. CURRENT POSITION 2. Since then, the Next Generation Nuclear Propulsion Plant (NGNPP) project has progressed further, as has Astute build, requiring the input of the NRPA in its Approving Authority role, involving both Technical Director and Safety Director functions. However, the requests and concerns set down in the letter have not been addressed, and the failure to meet good safety management practice, as evidenced in a number of DNSR Inspections', has continued (Annex A). 3. In particular, DNSR has raised significant concerns with the NRPA relating to the adequacy of resourcing17 18 both within the NRPA and key Duty Holders (DHs) and remains of the opinion that inadequate resourcing forms the root-cause of failing to address Regulatory concerns'. This is confirmed by the examples provided at Annex A. DNSR considers that failure to address resourcing concerns is no longer tolerable noting the increasing risk this presents to establishing ' DNSR/19/3/2 [801] dated 2 Nov 09. NRPA 1 — 1, NRPA Roles and Responsibilities 3 NRPA 2 — 1, NPIPT Organizational Baseline, Issue 1 Aug 09 4 NP PT Technical Governance Process, C38 5 For example but not limited to: DNSR 19/4/755 dated 18 Aug 09 and DNSR/19/4[829] dated 11 Dec 09. 6 As examples of resourcing shortfalls, DNSR understands that there are currently in the region of 10 posts requiring filling within SM P, 1 within the NP Safety-Hd Section (NP-SDM2) currently gapped with another key NP PT post working part-time (NP-NPIM) and the potential gapping of a key post within the BAM area responsible for conducting NP PT Internal Regulation (NP-BAM-N2). 2 Page 1 of 4 RESTRICTED MANAGEMENT RESTRICTED MANAGEMENT and implementing robust NRPA Design/Safety Management Arrangements and ultimately delivering demonstrable ALARP future Naval Reactor Plant (NRP). 4. DNSR considers clarity of Design Management Arrangements (DMAs) a fundamental enabler to delivering future ALARP NRP and does not consider that the required clarity has been established to date. This position is no longer tolerable to DNSR noting the slippage associated with formal implementation of Astute 4-7 arrangements and the lack of clarity surrounding successor arrangements at a time when key design decisions are being made'. From information gained to date it appears that the DMAs and the Technical Governance process applied to Successor will be different to that deployed on Astute Class 1 — 3, and 4 - 7. DNSR expects the differences to be clarified and the reasons and drivers for change outlined, together with an analysis of the implications for internal management and resourcing and how this will be met. This has not been done adequately to date. 5. Some formal guidance on DNSR expectations can be found in HSE document T/AST/079 — Issue 1, Licensee Design Authority Capability, which was influenced and agreed by DNSR. DNSR interpretation of the application of this to DMA's is outlined in Annex B. DNSR POSITION 6. At this stage, given the importance to future operational nuclear safety of good technical and safety governance during the design and build phases, and the failure of NP PT to deliver against earlier findings, DNSR needs to take further formal regulatory action. Accordingly, DNSR hereby notifies NP PT of its expectations for clarification of and improvement in the technical and safety governance and design control exercised by NRPA: a. Clarification of the interface between technical assessment and governance and safety assurance. This is to include the scope of technical assessment and safety assessment activities, how technical assessment interfaces with and supports nuclear safety cases, and how these will be contracted (including contract specifications). b. Demonstration/Assurance that the NP PT Technical and Safety cells, together forming the NRPA, are adequately resourced to exercise informed technical and safety judgement', essential given their position in receipt of TA, ITA and INSA advice. This can be by the provision of a satisfactory Organizational Baseline, and is to include demonstration of solid plans and organizational infrastructure to maintain this requirement over a long (e.g. 10 year) period. c. Demonstration/Assurance that key NRPA DHs, supporting the Approving Authority, are adequately resourced and have clear lines of delegation from the NRPA. d. Demonstration of separation of Project (delivery) and Technical and Safety Assurance functions across all NRP lifecycle phases, and where the delivery function lies within or without NP PT. e. Clarification of Technical and Safety cell engagement in the design process', to include demonstration of satisfactory functioning of technical decision classification to determine appropriate NRPA engagement and assessment. f. Clarification of Technical and Safety decision making authority, according to classification where appropriate, and demonstration of satisfactory functioning of the process established. Hence fixing ALARP delivery. Fulfilling an intelligent customer role 9 Can include involvement in TA processes 7 8 Page 2 of 4 RESTRICTED MANAGEMENT g. RESTRICTED MANAGEMENT Clarification of any differences in the proposed DMAs for Astute 4-7 and Successor. h. Demonstration of adequate focus on key nuclear safety topics (e.g. Structural Integrity, continuous improvement/LFE across all lifecycle phases, ALARP) by Technical and/or Safety cells, to include demonstration of adequate resourcing and plans to maintain this focus and resource. CONCLUSION 7. This letter constitutes a formal DNSR Safety Improvement Notice (SIN) on the NRPA. Timescales for delivery of the above to DNSR satisfaction are: a. b. c. d. e. f. g. h. End June 2010. By Oct 2010. End Dec 2010. End June 2010. End June 2010. End June 2010. End June 2010. End September 2010 (based on Successor RPV HP and 2nd Hops Astute Boat 2). 8. NP PT should note that DNSR considers the management of in-service safety issues by NRPA in line with their Authorisee Sea role to be generally good, such that operational nuclear safety and delivery of ALARP nuclear risk at sea has not been compromised. DNSR's concern is that future NRP1° safety may be compromised, leading to "Reverse ALARP" justifications'', resulting from an understandable prioritization of immediate nuclear safety issues in a resource limited environment. 9. As highlighted at paragraph 3 above, NP PT should note that DNSR is aware of current resource limitations which are considered to be largely responsible for the failures leading to this SIN. However, this is not a sufficient excuse for failing to address regulatory findings any more than affordability is a factor in ALARP. On the basis of the shortfalls identified within this SIN, DNSR will support NP PT arguments for appropriately targeted additional resource. [Signed On Original] Nuclear Propulsion Regulator (NPR) for DEFENCE NUCLEAR SAFETY REGULATOR Distribution (* by e-mail): Internal: DES SE DNSR Hd* DES SE DNSR IFR* 10 DES SE DNSR IOR* DNESB Chairman Both follow on Astute Class and Successor NRP. dated 10 Nov 08. 11 DNSR/22/7/639 Page 3 of 4 RESTRICTED MANAGEMENT DES SE DNSR IRB* File RESTRICTED MANAGEMENT External: DES SM NP-Technical-DepHd * DES SM NP-Safety-DepHd* DSM RSD — Annex: A. Examples of Shortfalls in NP PT/NRPA Performance in Approval Authority Role B. Application of HSE document T/AST/079 — Issue 1, Licensee Design Authority Capability to DMA's for new plant Page 4 of 4 RESTRICTED MANAGEMENT UNCLASSIFIED MINISTRY OF DEFENCE DEFENCE NUCLEAR SAFETY REGULATOR NUCLEAR PROPULSION REGULATOR DNSR/ 17/9/941 See distribution Em• Direct line: Fax e-mail: Date : Wednesday, 28 July 2010 Dear Sirs, DNSR SAFETY IMPROVEMENT NOTICE - BABCOCK EVENT No 19720: FAILURE TO REINSTATE PRIMARY SAFETY SYSTEMS REFERENCES: A. B. C. D. DNSR/ 17/9/891 dated 22 April 2010 DNSR SAFETY IMPROVEMENT NOTICE BABCOCK EVENT No 19720: FAILURE TO REINSTATE PRIMARY SAFETY SYSTEMS DNSR/17/9/883 dated 16 April 2010, DNSR INVESTIGATION INTO BABCOCK EVENT No 19720: FAILURE TO REINSTATE PRIMARY SYSTEMS. Presentation to regulators, 21' July 2010, including written annotated "Response to DNSR Blanks" Safety Improvement Notice, Babcock Marine / DE&S Report of Joint Investigation - DNSQ/MJR/JG/110 dated 14 June 2010 & HMS Blanks — HMS DNSR issued a Safety Improvement Notice (SIN, Reference A), affecting Babcock Marine 1. (BM), HMNB Devonport and NRPA, following from a DNSR investigation into Babcock Event no 19720 (Reference B). This event led to the extended operation of 2 platforms with a disabled primary safety system on a Nuclear Safety Implicated pressure system. The key failing in the sequence of events was that the BM Nuclear Procedure allowed MN blanks to remain fitted after the Nuclear Procedure was closed, without explicitly including a control to ensure their removal. However, the TXB facility operator and NRPA as joint operators supported by Ships Staff were considered responsible as those in control when the reactor was taken critical, and were required to take actions to support closure of the SIN. 2. All 3 parties have now responded with actions to address the requirements of the SIN 3. (reference C). This letter captures DNSR's view of the adequacy of these actions, and DNSR's approach to future monitoring of related issues at BM and HMNB Devonport, including interfacing with NRPA and Ships Staff. DNSR notes that the information on the blanks fit was captured and then lost by all 3 parties 4. on more than one occasion indicating a failure of safety culture as defined by the IAEA, and shortfalls against Authorisation/ Licence Conditions 17, 21 and 22. Thus resolution of the issues leading to this specific incident will not in themselves resolve all concerns raised by the incident and both DNSR and NII will continue to monitor behaviours indicative of safety culture at Devonport. However, DNSR also notes that the thorough internal investigation of the incident, reference D, is indicative of a commitment to continued improvement to safety behaviours throughout Devonport, a positive safety culture indicator. UNCLASSIFIED UNCLASSIFIED At reference A, BM were "required to amend their business processes, such that safety 5. significant changes cannot be introduced to nuclear procedures without an associated step to confirm that the additional hazard has been removed or mitigated, prior to closure of the Nuclear Procedure." This requirement is addressed by procedures at flags A and B of the document handed over at reference C (processes FP 15-28-000 and FP 15-12-191). DNSR and NII note that the revised procedure at flag B is a significant change, and will monitor how well this works in practice via normal inspections and other interventions. In particular, DNSR will seek assurance from NRPA that responsible staff are adopting the new procedure in full, and proving it beneficial. At reference A, BM and the TXB Facility Operator were "required to review their 6. documentation to identify the potential for other similar, open ended procedural changes, and to provide appropriate assurance to the Regulators that the risk is appropriately managed." This requirement is addressed by procedures at flags A and C of the document handed over at reference C (processes FP 15-28-000 and FP 08-65-000). BM, TXB and NRPA were further "required to review their procedures to ensure that key safety information is clearly identified when transferred at handover from procedure to procedure, or PAG to PAG." This requirement is specifically addressed by procedures at flag H (process OP 15-01-000), as well as the procedures referenced above. The procedures and checklists at flags D to G of the document handed over at reference C 7. address the requirement of reference A for NRPA and the TXB Facility Operator "to review the close out of their processes to assure themselves that they do all that could reasonably be expected to mitigate the risks to plant and platform from the work completed in that maintenance period." In practice, this addresses the specific issues leading to the particular failure leading to the SIN, and the process changes are aimed at the important safety issue of as such they are welcomed by DNSR and NII. However, they are of limited value in identifying other potential safety issues which might arise as a consequence of the safety culture deficiency alluded to at paragraph 4. meetings at HMNB Devonport, The proposed Business Process to implement 8. presented in draft at flag I of the document handed over at reference C, would provide a useful final check which would be of value in identifying other potential nuclear safety issues, and hence any future safety culture deficiency. NRPA are encouraged to develop this process, identifying the most appropriate "controlling mind" to understand all nuclear safety issues, including those also affecting whole boat safety. DNSR hereby formally lifts the SIN raised in reference A, accepting that all 3 parties 9. involved have responded appropriately in terms of process revision to address its specific requirements. DNSR and NII will monitor both adherence to the revised processes and the safety culture issues identified as a result of the incident via normal inspections and interventions, taking account of the specific observations above. 10. The content of this letter has been agreed with HSE-NII. (Signed on original) Nuclear Propulsion Regulator Defence Nuclear Safety Regulator Distribution UNCLASSIFIED UNCLASSIFIED To: , RN NRPA , Babcock Marine for the attention of HMNB Devonport NBCD, RN Copies: External Internal SM IS-Hd FLEET-CAP SM E CSOE DACOS RN NRPA NP-Safet , RN NBCD CBS, DNSR-Hd DNSR I(CD) DNSR I(OR) DNSR I(CD)-a File NII Div.3 Propulsion SI, NII Div.3 DRDL PI, Babcock Babcock Babcock Babcock Marine, Marine, Marine, Marine, UNCLASSIFIED Ministry of Defence DEFENCE NUCLEAR SAFETY REGULATOR NUCLEAR PROPULSION REGULATOR DNSR/19/3/2 [1135] Direct line Fax e-mail 24 June 2011 NAVAL REACTOR PLANT AUTHORISEE (NRPA) SAFETY IMPROVEMENT NOTICE (SIN) - UPDATE BACKGROUND 1. As a result of shortfalls in Authorisation compliance arrangements the Defence Nuclear Safety Regulator (DNSR) imposed a SIN on the NRPA during May 20101. The SIN highlighted shortfalls within the following key areas: a. NRPA Organisation. b. Resourcing. c. Design Management Arrangements (DMAs). 2. Consequently, DNSR identified the following expectations for clarification of and improvement in the technical and safety governance and design control exercised by the NRPA: a. Clarification of the interface between technical assessment and governance and safety assurance. This is to include the scope of technical assessment and safety assessment activities, how technical assessment interfaces with and supports nuclear safety cases, and how these will be contracted (including contract specifications). b. Demonstration/Assurance that the Nuclear Propulsion Project Team (NP PT) Technical and Safety cells, together forming the NRPA, are adequately resourced to exercise informed technical and safety judgement2, essential given their position in receipt of Technical Authority (TA), Independent Technical Advice (ITA) and Independent Nuclear Safety Advice (INSA). This can be by the provision of a satisfactory Organisational Baseline (OB), and is to include demonstration of solid plans and organizational infrastructure to maintain this requirement over a long (e.g. 10 year) period. DNSR/19/3/2 [916] dated 26 May 2010. 2 Fulfilling an intelligent customer role. RESTRICTED MANAGEMENT Page 1 of 4 RESTRICTED MANAGEMENT c. Demonstration/Assurance that key NRPA Duty Holders (DHs), supporting the Approving Authority (AA), are adequately resourced and have clear lines of delegation from the NRPA. d. Demonstration of separation of Project (delivery) and Technical and Safety Assurance functions across all Naval Reactor Plant (NRP) lifecycle phases, and where the delivery function lies within or without NP PT. e. Clarification of Technical and Safety cell engagement in the design process3, to include demonstration of satisfactory functioning of technical decision classification to determine appropriate NRPA engagement and assessment. f. Clarification of Technical and Safety decision making authority, according to classification where appropriate, and demonstration of satisfactory functioning of the process established. g. Clarification of any differences in the proposed DMAs for Astute 4-7 and Successor. h. Demonstration of adequate focus on key nuclear safety topics (e.g. Structural Integrity, continuous improvement/LFE across all lifecycle phases. ALARP by Technical and/or Safety cells, to include demonstration of adequate resourcing and plans to maintain this focus and resource. DNSR POSITION UPDATE Organisational Baseline and Resourcing 3. It is acknowledged that the NRPA has applied a significant level of effort to demonstrating an OB including the issuing of several draft iterations of NRPA 2-1 (NRP Authorisee Nuclear Baseline). However, DNSR have consistently highlighted a fundamental gap in the NRPA's presentation of their OB; the justification of the size of organisation. 4. Since the issue of the SIN in May 2010, further guidance has been issued in the form of a Nuclear Industry Code Of Practice (NICOP)4, which amplifies the requirement for this justification. DNSR has subsequently clarified that a relatively crude methodology for justification of the size of organisation would be an acceptable approach to progress with as oppose to immensely detailed and impracticable task/time analysis. DNSR also support the principle detailed in the NICOP of utilising performance indicators as an additional leg to strengthen the justification. 5. Whilst DNSR accepts that the NRPA is currently concentrating effort on establishing an OB for the NRPA nucleus contained directly within the NP PT as a starting point, there also remains work to be undertaken to demonstrate a complete OB incorporating identified DHs and where appropriate key supporting TAs and Contractors e.g. SERCO hence meeting industry best practice requirements as identified within the NICOP. 6. A number of NRPA initiatives have either now been implemented or are subject to a FAP to address manpower resource concerns. In particular, DNSR notes the additional post created within the NRPA's Internal Regulation Team, the implementation of a full time Integrity Manager and commitment to recruit two additional Posts for discharging the QA function within Submarine production Project Team (SM P PT) along with production of an SM P PT FAP for resolving other 3 Can include involvement in TA processes_ ° Nuclear Industry Code of Practice; Nuclear Baseline and the Management of Organisational Change — First Edition Oct 2010. RESTRICTED MANAGEMENT Page 2 of 4 RESTRICTED MANAGEMENT significant DH compliance arrangement shortfalls. In addition to these improvements, DNSR has seen a marked improvement regarding co-operation with the NRPA on resolving Regulatory Findings and Observations, implementation of improved A2A arrangements and publication of a number of NRPA NSMA documents. Subsequently, these original areas of Regulatory concern can now be considered as being addressed through normal business. 7. DNSR welcomes the above improvements, which provide confidence that the NRPA is taking action to address Regulatory concerns however a robust OB remains to be fully identified and implemented. It is therefore considered that SIN expectations 2b and c above, remain to be fully satisfied. 8. Noting NRPA commitments' to fully close out remaining DNSR concerns regarding the NRPA OB in the short—term SIN expectations 2b and c are now closed. They are replaced by a specific Regulatory Direction which can be found at Annex A. This Direction clearly identifies what elements of the OB remain to be demonstrated and the criteria that will need to be met by the NRPA to achieve full closure of this issue. Design Management Arrangements 9. DNSR recognises that significant work has been undertaken by the NRPA to clarify NGNPP DMAs including the interface between technical assessment and governance and safety assurance. At a recent L4 RIF', a clear explanation was provided, at all levels, of the arrangements that the NRPA were working to, and these appeared to be provisionally acceptable to DNSR. However, it was noted that management arrangements have yet to be fully formalised due to documents remaining draft at this time or yet to be written. 10. Whilst production of documentation defining arrangements has progressed satisfactory evidence demonstrating robust implementation has yet to be provided. As a result a number of Regulatory Findings remain to be closed. Having struck a Full Concept Design (FCD), the Project is now well within the detailed plant design phase. Noting that extant DNSR Findings remain to be closed the risk of 'reverse ALARP' arguments emerging due to foreclosure of design optioneering increases and remains a key Regulatory concern. 11. Following the recent RIF, DNSR is aware of the NRPA's intent to develop both a Technical Assessment Plan (TAP) and Safety Assessment Plan (SAP) to establish the totality of NGNPP documentation and establish the associated technical/ safety Due Process' requirements. DNSR expects this work to significantly clarify how the technical and safety assessment processes integrate. It is further expected that once this work has been completed the evidence of process implementation sought by DNSR should become available through the requirement to provide technical and safety evidence in support of forthcoming Review/Hold Point release activities. 12. Noting the above, DNSR considers that SIN expectations re-iterated at paragraph 2a, e, f, g and If , remain to be fully satisfied. However. DNSR do acknowledge the good progress made by the NRPA to date on documentation production, recent commitments from the NRPA to hold further Level 4 RIFs on this specific area to address extant Regulatory Findings and the intent to development the TAP & SAP to establish the scope of ITA and INSA workstreams. DNSR expects that evidence to close out extant DNSR concerns should therefore become available in the shortDiscussed at recent Level 4 RIFs. 6 Level 4 NRPA/DNSR RIF dated 27 May 2011. 7 VVhilst good progress has been made regarding establishing robust technical focus in the Structural Integrity area. Expectation 2h has yet to be fully satisfied noting ongoing concerns regarding demonstration of appropriate focus on demonstrating the ALARP principle within the Technical and Safety governance arrangements for NGNPP. RESTRICTED MANAGEMENT Page 3 of 4 RESTRICTED MANAGEMENT term. On this basis DNSR, is satisfied that these elements of the original SIN can be replaced with a specific Regulatory Direction on establishing adequate Naval Reactor Plant (NRP) DMAs as detailed at Annex B. Expectation 2d can be considered closed. CONCLUSION 13. DNSR welcomes the actions undertaken by the NRPA to date and commitments to provide further evidence supporting full closure of DNSR concerns by end 2011 latest'. DNSR judge that the safety concerns resulting in enforcement of the original SIN have now reduced to a level commensurate with placement of specific targeted Regulatory Directions. This letter therefore constitutes the placement of two new Directions on specific areas of the NRPA authorisation compliance arrangements and replaces the original wide ranging SIN which is now closed. Expectations supporting closure of these Directions can be found at Annexes A and B respectively. 14. DNSR re-iterates that the management of in-service safety issues by the NRPA in line with their Authorisee Sea role remains generally good, such that operational nuclear safety and delivery of ALARP nuclear risk at sea has not been compromised. DNSR's primary concern is that future NRP safety may be compromised, leading to "Reverse ALARP" justifications9, resulting from an understandable prioritization of immediate nuclear safety issues in a resource limited environment. [Signed On Original] Nuclear Propulsion Regulator (NPR) for DEFENCE NUCLEAR SAFETY REGULATOR Distribution (* by e-mail): Internal: DES SE DNSR Hd* DES SE DNSR IFR* DES SE DNSR IOR* DNESB Chairman* DES SE DNSR IRB* File DSM* RSD — External: DES SM NP-Technical-DepHd * DES SM NP-Safety-DepHd* Annexes: A. DIRECTION — NRPA OB. B. DIRECTION — DMAs. Through further RIF meetings where evidence supporting closure or proposed FAP is to be presented for DNSR consideration. DNSR/22/7/639 dated 10 Nov 08. RESTRICTED MANAGEMENT Page 4 of 4 k4,9 Defence Safety Authority Military Network: Telephone: Email: DNSR Reference: DNSR Letter [19531] DNSR/04/13/03/02 Copied to: See Distribution 30 Sep 16 DNSR/AWE/SIN1/16 — SAFETY IMPROVEMENT NOTICE (SIN) ON AWE PLC FOR NONCOMPLIANCE WITH DNSR FURTHER AUTHORISATION CONDITION 1 — DUTY OF COOPERATION 1. This letter serves the Nuclear Weapon Programme Lifecycle Phase (LCP) 1 Authorisee with a formal Safety Improvement Notice2 for continued non-compliance with the requirements of DNSR Further Authorisation Condition (FAC) 1 — Duty of Cooperation. DNSR informed AWE PLC3 of the Findings which related to those non-compliances, which to date have not been adequately resolved and are as follows: a. DNSR Finding (AWE/F/011) — No objective evidence of a Further Authorisation Condition 1 Compliance Statement was presented. b. DNSR Finding (AWE/F/012) — ESH-MSS-1501 - Standard For Compliance With Site Licence Condition 1, Authorisation Condition 1 and the Licence Conditions Handbook 2011 do not accurately describe the current LCP1 FAC1 arrangements. c. DNSR Finding (AWE/F/013) — No objective evidence of a LCP1 to LCP3 or LCP1 to LCP4 protocol document was presented. d. DNSR Finding (AWE/F/014) — No objective evidence of a fit-for-purpose LCP1 to Nuclear Weapon Approving and Design Authority (NWADA) was presented. 1 Changed horn 1950 to 1953 due to an admistrahon error in the DNSR Outmail system 2 In accordance with JSP 538 Pt 1 (V11 Jul 14) Paragraph 53 3 DNSR Letter It 782] AWE PLC (LCP 1) FAC1 - Inspection Report dated 28 Sep 15 Page 1 of 3 2. AWE letter' accepted the above Findings and provided a commitment to pursue Finding AWE/F/011 and AWE/F/012 to closure through the A6 meeting, and to address finding AWE/F/013 and AWE/F/014 by amendment of AWE PLC Management Arrangements (Document MA200). 3. AWE letters proposed the following amendment to AWE PLC Management Arrangements (Document MA200): "AWE PLC arrangement for the implementation of this requirement is to communicate with NWADA, who will coordinate communications to and from the other LCPs". 4. DNSR letters stated that appropriate Regulatory Interface Meetings are required between DNSR, the LCPs and NWADA before any amendment is made to MA200, to ensure a consistent approach to FAC1 compliance across the Nuclear Weapon Programme and that the proposed amendment was not sufficient to close Findings AWE/F/013 and AWE/F/014. 5. DNSR is aware' that a decision by the MOD/AWE Joint Programme Board in January 2016 had been reversed and AWE PLC was to continue the work on FAC1 to address the DNSR Findings to demonstrate adequate compliance. 6. AWE letters committed to providing DNSR with a resourced plan9 that detailed how the FAC1 non-compliances would be resolved through the Authorisee's management system arrangements. In response, DNSR notified' Head of Environment Safety and Health that the schedule therein would be used by DNSR to closely monitor the delivery of the documents and assess their adequacy to meet compliance with FAC1. However, the LCP1 Authorisee has failed to demonstrate adequate compliance with FAC1 within the timescale required by DNSR11, where two of the three documents submitted were draft and yet to undergo the Authorisee's due process. 7. Consequently, DNSR/SIN/AWE/1/16 requires the Authorisee to: a. Arrange a L4 RIM to understand the DNSR expectation for compliance with FAC1 within 1 month from the date of this letter. b. Provide a credible, resourced plan for agreement with DNSR and deliver the following outputs within 3 months from the date of this letter. i. Stakeholder engagement with all associated Authorisees, Approving Authorities and organisations (internal and external) for all activities that may affect nuclear weapon safety, to support development of adequate Authorisee's FAC1 arrangements. ii. Written safety management arrangements, which have been issued after stakeholder engagement thorough the Authorisee's due process that addresses DNSR Findings AWE/F/011, AWE/F/012, AWE/F/013, and AWE/F/014. Reference DNSR05-198 dated 2 Oct 15. Reference DNSR05-202 dated 14 Oct 15. 6 DNSR Letter 1797 DNSR Res onse to AWE Pro osed Chan es to MA200 with Respect to FAC1 Arrangements dated 2 Nov 15. Email: to sent Tue 29/03/2016 at 16:34. Reference DNSR05-253 dated 5 May 16. FAC 1 Arrangements Plan received by email from Head of ESH dated 28 Jul 16. 10 DNSR-IAWE email to Head of ESH dated 29 Jul 16. 11 DNSR Letter [1929] DNSR Direction to Submit AWE PLC Further Authorisation Condition (FAC) 1 — Duty of Cooperation Documentation for Assessment. 5 Page 2 of 3 8. Accordingly, the Authorisee is encouraged to seek continued engagement throughout resolution of this SIN with DNSR-IAWE, for any further clarification and or agreement to achieve the requirements detailed above. for DEFENCE NUCLEAR SAFETY REGULATOR Distribution Internal: DSA-DNSR-Hd* DSA-DNSR-IAWE* DSA-DNSR-IAWE-a* DES SM SW-SAM-DepHd* External: AWE RICO Office* Head of the Assembly/Disassembly Technology Centre — AWE PLC* Director Assurance — AWE PLC)* Head of Assurance at Burghfield — AWE PLC)* Head of Internal Regulation — AWE PLC)* — ONR* — ONR* * Copy by email. Page 3 of 3 Defence Safety Authority DNSR/04/19/04/00[1954] Telephone [MOD]: Facsimile [MOD]: E-mail: 07 Oct 16 DEFENCE NUCLEAR SAFETY REGULATOR IMPROVEMENT NOTICE — AUTHORISATION CONDITION 36 ORGANISATIONAL CAPABILITY BACKGROUND 1. The Naval Reactor Plant Authorisee's (NRPA's) Authorisation Condition (AC) 36 Organisational Capability arrangements have long attracted enhanced regulatory attention. A Safety Improvement Notice (SIN)1 on the Nuclear Propulsion Project Team Organization for delivery of Nuclear Safety by the Approval Authority role was placed in May 10. Following satisfactory progress, in Jun 11, the Defence Nuclear Safety Regulator (DNSR) closed the SIN but replaced it with two Directions' on specific areas of the NRPA authorisation compliance arrangements. In Mar 12, DNSR agreed to the closure of the two regulatory Directions3 but replaced them with two Findings and one Observation. 2. Further DNSR inspections were conducted in Jun 134 and Mar 145. Various issues and areas for improvement were identified. This culminated in a thorough review of all extant Findings and Observations during the Mar 15 inspections. Limited progress was discovered concerning the key outstanding Findings from the Mar 14 inspection report and additional Findings were placed. DNSR/19/3/2[916], dated 26 May 10 — Safety Improvement Notice on Nuclear Propulsion Project Team (NP PT) Organization for delivery of Nuclear Safety by the Approval Authority role. 2 DNSR/19/3/2[1135], dated 24 Jun 11 — Naval Reactor Plant Authorisee (NRPA) Safety Improvement Notice (SIN) — Update. DNSR/4/19/3/2[1263], dated 13 Mar 12 - Naval Reactor Plant Authorisee (NRPA) Nuclear Organisational Baseline — Closure of Regulatory Direction. 3 DNSR/04/19/04[1407]. dated 13 Jun 13 — NRPA Inspection (NRPA V 130002) —AC36 Organisational Capability Inspection Report. DNSR/04/24/04[1537]. dated 25 Mar 14 — AC36 Inspection Report. DNSR/04/16/[1701], dated 28 Apr 15 — DNSR Systems Based Inspection on NRPA Organisational Capability. OFFICIAL _SENSITIVE OFFICIAL-SENSITIVE CURRENT POSITION 3. In accordance with JSP 5187, DNSR conducted an inspection' of the NRPA's arrangements relating to AC 36 Organisational Capability on 04 and 05 Oct 16. 4. During the inspection, DNSR reviewed progress against all extant AC 36 Findings. At best, limited progress was demonstrated against the key Findings from the last AC 36 Organisational Capability inspection conducted in Mar 156. There remains a lack of demonstrable evidence that the NRPA has an adequate, extant Nuclear Baseline. This is a non-compliance against AC 36 sub clause (1). As a consequence DNSR places formal enforcement action in the form of an Improvement Notice (IN). 5. DNSR IN. The NRPA is to clearly demonstrate the adequacy of the extant Nuclear Baseline. This is to include (but not be limited to) vulnerability analysis, post loading, succession planning and the demonstration of compliance with their own published arrangements. CONCLUSION 6. DNSR directs: a. The NRPA to produce a jointly agreed Forward Action Plan' by end Oct 16. b. The NRPA to demonstrate tangible progress against the agreed FAP by end Dec 16. Signed On Original Nuclear Propulsion Regulator For Defence Nuclear Safety Regulator Copy (* by email): DSA-DNSR-DNSR-Hd NNPPI* DSA-DNSR-IOR NNPPI* DSA-DNSR-IFR NNPPI* DES SM NP-Safety-DepHd (NNPPI)* DES SM NP-IAM (NNPPI)* DSA-MAA-Tech-D* JSP 518 Regulation of the Naval Nuclear Propulsion Programme, Version 4.1. Jul 14. 8 DNSR/04/19/04[1948], dated 23 Sep 16 - DNSR Inspection (NRP_V_160009) of Naval Reactor Plant Authorisee (NRPA) — Organisational Capability. 'This should address the DNSR IN and all extant AC 36 Findings. OFFICIAL _SENSITIVE 2 Defence Safety Authority Military Network: Telephone: Email: Our reference: DNSR Letter [1982] DNSR/04/13/03/02 10 Feb 17 Copied to: See Distribution CLOSURE OF SAFETY IMPROVEMENT NOTICE (SIN) ON AWE PLC FOR NON-COMPLIANCE WITH DNSR FURTHER AUTHORISATION CONDITION 1 — DUTY OF COOPERATION 1. DNSR Letter [1953]1 served DNSR/AWE/SIN1/16 on the LCP1 Authorisee for continued noncompliance with the requirements of Further Authorisation Condition (FAC) 1. The SIN required the Authorisee to: a. b. Arrange a L4 RIM to understand the DNSR expectation for compliance with FAC1 within 1 month from the date of that letter. Provide a credible, resourced plan for agreement with DNSR and deliver the following outputs within 3 months from the date of this letter. i. Stakeholder engagement with all associated Authorisees, Approving Authorities and organisations (internal and external) for all activities that may affect nuclear weapon safety, to support development of adequate Authorisee's FAC1 arrangements. ii. Written safety management arrangements, which have been issued after stakeholder engagement thorough the Authorisee's due process that addresses DNSR Findings AWE/F/011, AWE/F/012, AWE/F/013, and AWE/F/014. 2. DNSR has since engaged with the Authorisee's representatives2 to discuss the content of the SIN, DNSR expectation for FAC1 compliance and has since received reviewed and updated documentation to support closure of the SIN'. 3. DNSR has assessed the adequacy of the submission and concludes that the requirements of DNSR/AWE/SIN1/16 have been met and is content to close the SIN and Findings AWE/F/011, This letter was originallysent out as 1950], but later changed to [1953] due to an Outmail administration error. Meeting with and 17 Oct 16. 3 DNSR 05-293a and supporting attachments dated 3 Nov 16. 1 2 Defence Nuclear Safety Regulator An Independent Regulator in Defence AWE/F/012, AWE/F/013, and AWE/F/014. The Authorisee is to note that it is DNSR's intention to re-inspect his safety management arrangements to support compliance with FAC1 in Q1 2017 as a whole, to include those that underpin the for DEFENCE NUCLEAR SAFETY REGULATOR Copy to: Internal: DSA-DNSR-Hd* DSA-DNSR-IAWE* DSA-DNSR-IAWE-a* DES SM SW-SAM-DepHd* External: AWE RICC Office* Head of the Assembly/Disassembly Technology Centre — AWE PLC* Director Assurance — AWE PLC)* Head of Assurance at Burghfield — AWE PLC)* Head of Internal Regulation — AWE PLC)* — ONR* — ONR* — ONR* * Copy by email. Defence Nuclear Safety Regulator An Independent Regulator in Defence Defence Safety Authority DNSR/04/19/04/00[2141] Telephone [MOD]: Facsimile [MOD]: E-mail: 01 Jun 17 DEFENCE NUCLEAR SAFETY REGULATOR IMPROVEMENT NOTICE — AUTHORISATION CONDITION 36 ORGANISATIONAL CAPABILITY: RESOLUTION 1. Following a Defence Nuclear Safety Regulator (DNSR) inspection of the Naval Reactor Plant Authorisee's (NRPA's) arrangements for compliance with Authorisation Condition (AC) 36 Organisational Capability in Oct 16, DNSR placed an Improvement Notice (IN) 1. In Nov 16, DNSR formally agreed2 the NRPA's Forward Action Plan (FAP) in response to the IN. 2. On 16 Dec 16, DNSR conducted a line by line review of the FAP and was content that tangible progress had been achieved3. Further reassessments were conducted on 10 Feb 17 and 08 Mar 174. A final examination of the FAP took place on 31 May 17. 3. DNSR acknowledges and welcomes the extensive work that has been carried out in the areas of Post Loading, Vulnerability Analysis and Succession Planning; especially by the Nuclear Propulsion (NP) Programmes team. During the Oct 16 inspections, it was noted that these were particularly weak areas and DNSR recognises the efforts made to strengthen the NRPA's position. 4. On the basis of the evidence presented on 31 May 17, DNSR is content to: a. Lift DNSR IN 02-16. b. Close Findings F/NRPA_V_150004/5, F/NRPA_V_150004/12 and Recommendation R/NRPA V 160009/1. DNSR/04/19/04/00[1954), dated 07 Oct 16 — Defence Nuclear Safety Regulator — Authorisation Condition 36 Organisational Capability. DNSR/04/19/04/00[1970], dated 01 Nov 16 - Defence Nuclear Safety Regulator — Authorisation Condition 36 Organisational Capability. 2 DNSR/04/19/04/00[20061. dated 19 Dec 16 - Defence Nuclear Safety Regulator — Authorisation Condition 36 Organisational Capability: FAP Review. DNSR/04/19/04[2101], dated 06 Apr 17 — DNSR Inspection (NRP_V_170003) of Naval Reactor Plant Authorisee AC36 Organisational Capability — Review Against Agreed FAR DNSR/04/19/04[1969], dated 28 Oct 16 - DNSR Inspection (NRP_V_160009) of Naval Reactor Plant Authorisee AC36 Organisational Capability. OFFICIAL—SENSITIVE 1 5. In closing the IN, the Nuclear Baseline will continue to receive significant regulatory scrutiny from DNSR. In particular, DNSR welcomes the proposed NP Project Team (PT) focus on further improving their performance against the three key areas of Post Loading, Vulnerability Analysis and Succession Planning. In order to gauge delivery of the NRPA's future commitments, it is intended that a Level 4 Regulatory Interface Forum will be held in Q4 17 specifically targeted in these areas. 6. The wider Nuclear Baseline will be subject to a further AC 36 Regulatory Inspection planned for Q1 18 (recognising DE&S Transformation, the establishment of the Submarine Delivery Agency and NP PT Re-organisation). During this joint inspection with Principal Inspector Reactor Build, DNSR will focus on the adequacy of the NRPA's extant Nuclear Baseline and management arrangements to deliver robust Build Assurance activities. Principal Inspector Operational Reactors For Defence Nuclear Safety Regulator Copy (* by email): DSA-DNSR-DNSR-Hd NNPPI* DSA-DNSR-NPR NNPPI* DSA-DNSR-IFR NNPPI* DSA-DNSR-IRB NNPPI* DES DES DES DES SM SM SM SM NP-Safety-DepHd (NNPPI)* NP-Prog-DepHd (NNPPI)* NP-IAM (NNPPI)* NP-IAM-N1 (NNPPI)* OFFICIAL —SENSITIVE 2 Ministry of Defence DNSR/04/11/04/00[2218] Telephone [MOD]: E-mail: 14 Sept. 2017 DEFENCE NUCLEAR SAFETY REGULATOR (DNSR) INSPECTION OF STRATEGIC WEAPON PROJECT TEAM (SWPT) NUCLEAR BASELINE ORGANISATIONAL CAPABILITY 1. As notified' DNSR carried out an inspection of the SWPT arrangements for Approving and Design Authority Condition (ADAC) 36, and concurrently the Life Cycle Phase 2 (LCP2) arrangements for Authorisation Condition (AC) 36 - Organisational Capability. The inspection was carried out at MoD Abbey Wood on the 26'h and 271h July 2017. A detailed inspection report can be found at Annex B. 2. The main focus of the inspection was to determine the adequacy of the Strategic Weapons Project Team (in its capacity as the Accreditee and Authorisee) arrangements for compliance with ADAC 36 and AC36 and in particular the review of an extant and justified nuclear baseline. 3. The following areas were reviewed through examination of documentation and interview with SWPT personnel: • • • • The arrangements used to determine the baseline The arrangements used for monitoring, management and review of baseline adequacy The relationship between the nuclear baseline and the core organisation The resilience, including succession planning, of the baseline. 4. DNSR would like to thank the SWPT for their assistance in conducting this inspection and for the open discussions that took place. DNSR also commends the efforts made in producing a thorough and honest Nuclear Safety Baseline Internal Review 2 prior to the inspection. The DNSR inspection team concur with the overall conclusions of this review and have independently identified areas which require improvement. 1 DNSR Letter: DNSR/04/11/04/00[2150], 26th June 2017. 'DNSR Inspection of Strategic Weapon Nuclear Baseline Organisational Capability'. 2 SDA Report: Issue 1, July 2017, 'Nuclear Safety Baseline Internal Review, Risk Assessment & Forward Action Plan'. Defence Nuclear Safety Regulator An Independent Regulator in Defence E-1 OFFICIAL-SENSITIVE 5. Prior to the inspection a copy of the extant Nuclear Baseline was requested from SWPT, this was not provided and it was evident from the inspection conducted and from the Nuclear Safety Baseline Internal Review, that the SWPT do not have a feasible Nuclear Baseline. 6. DNSR considers that the lack of a Nuclear Baseline and therefore the lack of control of organisational change demonstrates a non-compliance with ADAC 36 and AC36 sub clauses 1 and 2 as detailed in JSP 538 Regulation of the Nuclear Weapons Programme. 7. As a consequence, and in accordance with Defence Safety Authority Enforcement Policy, DNSR places a formal Improvement Notice (IN) on the SWPT Accredited and Authorised functions: DNSR Improvement Notice (IN) ADA/IN/2017/01 TR/IN/01 In accordance with the expectations of JSP 538 AC36 and ADAC36, sub clauses 1 and 2, the SWPT (authorised and accredited functions) shall provide and maintain adequate financial and human resources to ensure the safe management of activities. They shall make and implement adequate arrangements to control any change to its organisational structure or resources which may affect safety. This is to include, but is not limited to: a. The production of a justified Nuclear Baseline with roles clearly linked to the identified nuclear activities. b. A review and up issue of the procedure for the management of and control of change to the Nuclear Baseline. DNSR requires: a. The SWPT (in its capacity as the Accreditee and Authorisee) to produce and provide DNSR with a Forward Action Plan (FAP) to address the IN and all the Corrective Action Requirements and Recommendations made in the report by October 2017. DNSR will expect to see evidence in the FAP of SWPT Senior Management commitment to addressing the FAP items. Details such as manpower and financial commitment will also be expected. c. The SWPT to demonstrate tangible progress against the agreed FAP by end December '17 Principal Inspector Approval & Design Authorities Principal Inspector Transport for DEFENCE NUCLEAR SAFETY REGULATOR Defence Nuclear Safety Regulator An Independent Regulator in Defence E-1 OFFICIAL-SENSITIVE Annexes: A. B. C. Inspection Agenda and Inspection Team DNSR's Inspection Report D. Sampled Documentation Summary of DNSR's Corrective Action Requirements and Recommendations E. Report Issue Status Distribution: DES SM CSSE-Dir DES SM SW-Hd-WarhdProg DES SM SW-Hd of Trident Sys DES SM SW-SAM-DepHd DES SM SW-SA1 DES SM RI1D Copy: DSA-DNSR-Hd DSA-DNSR-NWR DSA-DNSR-IADA-a DSA-DNSR-ICF DSA-DNSR-IAWE RSD (- Defence Nuclear Safety Regulator An Independent Regulator in Defence E-1 OFFICIAL-SENSITIVE