Union of Concerned Scientists
In addition, the NRC (under Appendix B to 10 CFR Part 50) requires plant owners to implement quality assurance (QA) programs (now commonly referred to as corrective action programs but constituting the same measures). Quality assurance is defined as “all those planned and systematic actions necessary to provide adequate confidence that a structure, system, or component will perform satisfactorily in service, and Appendix B also defines 18 criteria needed to measure quality assurance. Criterion XVI, for example, describes the proper approach to “corrective action:” ”9
Measures shall be established to assure that conditions adverse to qualit , such as failures, malfunctions, deficiencies, deviations, defective material and equipment, and nonconformances are promptly identified and corrected. In the case of significant conditions adverse to qualit , the measures shall assure that the cause of the condi- tion is determined and corrective action taken to preclude repetition. The identification of the significant condition adverse to qualit , the cause of the condition, and the corrective action taken shall be documented and reported to appropriate levels of management.0
In other words, QA programs ensure that plant owners have effective methods in place for promptly finding and fixing problems, and that nuclear power reactors are operated and main- tained within the configuration reviewed and approved by the NRC.
Multilayered Defense or Feedback Loop?
Just as the “defense-in-depth” approach to nuclear power plant design (see Chapter 3) employs features such as redundant pumps to ensure that a single equipment failure will not result in disas- ter, QA programs incorporate multiple levels of quality control (Figure 16).
Plant workers provide the first level of QA defense; these individuals must be qualified for their work assignments and trained to complete specific tasks, and they must follow pre-approved procedures. Supervisors provide the second level of QA defense by ensuring that the right indi- viduals are doing the right tasks the right way, and verifying the outcomes by monitoring work in progress and checking the results. The third level of QA defense is provided by other workers inside the plant who independently verify the outcomes of specific tasks. The shared objective of these three levels is to find and fix problems as required for both safe reactor operation and con- formance with Appendix B to 10 CFR Part 50.
NRC inspectors provide the fourth level of QA defense. For an NRC inspector to find a problem, all three other levels had to have failed. That point cannot be over-emphasized. If the individual worker had been successful, or the worker’s supervisor had been successful, or the internal oversight had been successful, the NRC inspector would not have identified a problem. Thus, every NRC finding of a safety problem has two components: the broken equipment and the concurrent failure of all three internal levels of QA protection.
This context is important because while the NRC has periodically revised how it oversees safety levels at nuclear power plants, it has never made substantive progress in how it assesses the health of QA programs. When an NRC inspec- tor finds broken equipment today, the owner must do the same thing that was done when an AEC inspector found a similar problem in 1966: fix the broken equipment. But that’s only part of the problem that should be addressed.
As explained above, the fact that an NRC inspector has found broken equipment means that all three levels of the plant’s QA program failed. Yet findings by NRC inspectors are treated