In an effort to identify adverse trends and problem areas, the licensee performed a collective review of approximately 600 relatively significant CRs. . . . The licensees’ review efforts identified numerous discrepancies involving an inadequate CAP, inadequate configuration control, degraded hardware conditions, inconsistent and potentially non-conservative assumptions in design basis and licensing basis documents, deficient or unavail- able calculations, and non-conservative operating and test procedures which did not reflect design and licensing basis documents.
During the inspection, the [NRC] team reviewed approximately 0 CRs. Of these, the team determined that approximately 20 had weaknesses or deficiencies, of some type. As a result of the team’s findings, the licensee initiated approximately 20 additional CRs to document and address the team’s findings. Overall, the team determined that approximately 0 percent of the CRs actually reviewed by the team had weaknesses or deficiencies to some degree.8
The CAP at Davis-Besse was no worse in 2004 than it had been in 2001. What changed was the NRC’s perception of the program. A near-disaster showed just how far from reality the agency’s original conclusion had wandered. It is imperative that the gap between perception and reality with respect to CAP effectiveness be minimized if future extended outages—or worse, accidents—are to be avoided. The next chapter probes this topic further.
Lesson 5: Problems Are Allowed to Recur
Michigan’s Palisades nuclear power reactor was shut down from August 1973 until October 1974 due (at least initially) to a leak in a steam generator tube. Though that problem had been corrected by spring 1974, the AEC inspected the site and con- cluded the reactor was not ready to be restarted.
Walking a Nuclear Tightrope
The first item on the AEC’s list of concerns was an inadequate quality assurance program.
This same problem has been on nearly all of the NRC’s restart lists for the 49 year-plus outag- es that followed Palisades. This is clearly a case in which an ounce of prevention would have been worth a pound of cure. Had the nuclear power industry and its regulatory agency heeded the lesson of the Palisades outage and given more than mere lip service to quality assurance, many if not all of the ensuing extended outages would likely have been avoided. It’s not too late to get serious about effective quality assurance (or, under its current moniker, problem identification and resolution).
Lesson 6: Perceptions (Not Reality) Guide Safety Decisions
As previously stated, more than 70 percent of year-plus outages were caused by broad, programmatic breakdowns. In most of these cases, the NRC’s assessments of a plant’s safety performance prior to the beginning of the out- age were positive. It was only after an extended outage began that the assessments underwent a sea change and began documenting poor safety performance at that plant.
Michigan’s Donald C. Cook facility typifies this bizarre pattern of assessments (Figure 14, p. 24). For three years prior to the beginning of the plant’s year-plus outage in the third quarter of 1997 (and the NRC’s apparent sea change), the agency recorded less than one violation every two weeks. In the first few months of the outage, the NRC began to identify violations— most of which had existed for years—at a rate of nearly one every other day.
By the first quarter of 1998, when Indiana Michigan Power Company was preparing to restart the plant, the number of violations the NRC identified dropped to pre-outage levels. But questions remained about plant safety, and as public pressure forced the NRC to go back