The Proper Role of Administrative Controls in the Implementation of Controls for Criticality Safety
The Double Contingency Analysis (DCA) is a common tool used in the evaluation and establishment of requirements for the control of criticality in operations involving fissile materials. In one case involving a chemical processing facility the administrative controls resulting from the analysis did not contribute to safety.
The analysis (DCA) and resulting engineering documentation indicated that the equipment and processes at this facility were designing with engineered controls such that the assurance of criticality safety would be simple and straightforward. These engineered controls included the use of favorable geometry tanks, well engineered gloveboxes, robust physical constraints on addition of reflection and moderation, low fire loadings, primary reliance on Halon fire suppression, siphon breaks, and the physical design of eductors. These engineered features created a scrap recovery process that needed only limited reliance on administrative controls on mass. The criticality safety system implemented however, places tremendous burden on administrative mass controls.
The failure to identify the complete sequence of events required for a potential criticality and all of the controls, including passive engineered controls, active engineered controls, and administrative controls, limits the usefulness of the DCA to the operations of this facility. The failure of the DCA to identify (and take credit for) all of the controls present can be expected to result in needless occurrence reports when the operation is quite safe. Lesson learned: Although administrative controls play an important role in the safety of DOE operations, the over-use of these controls and/or under-utilization of engineered controls may actually have a negative impact on facility safety.
For further information or comments on the ORR web site, please contact James M. Heffner.