‘Defence in Depth’ (DiD) has become a fundamental aspect of the analysis of the adequacy of technical systems to ensure nuclear safety. It provides a systematic means to analyse and ensure layers of systems to prevent or mitigate accidents. This was discussed in International Nuclear Safety Group (INSAG) publication Defence in Depth in Nuclear Safety in 1996 (INSAG 10). INSAG 10 presented the history of the ‘Defence in Depth’ concept and how it was being applied in the nuclear industry at that time. DiD is a comprehensive approach to providing a systematic means to analyse and assure layers of systems to prevent or mitigate accidents.
In late May 2017, INSAG published Ensuring Robust National Nuclear Safety Systems – Institutional Strength in Depth (INSAG 27), which provides a similar approach to guidance organisations thinking in respect of institutional structures necessary to assure nuclear safety. INSAG 27 refers to the three important institutional subsystems – the nuclear industry (nuclear site licensees and their supply chains), nuclear regulators and stakeholders – and describes the interfaces that should be nurtured among these as well as within each subsystem. INSAG 27 recommends an analysis of the institutional sub-systems and of their interfaces, the correction of any weaknesses as a means to enhance nuclear safety and the establishment of a set of strong and mutually reinforcing sub-systems by the term ‘Institutional Strength in Depth’ (ISiD).
The nuclear industry has the key role in ensuring nuclear safety in its and its supply chain activities by the effective application of ‘Institutional Strength in Depth’ through the components built on the principles of redundancy, diversity, absence of single point failure and organisational separation. The key elements in action in the nuclear industry, cascaded from nuclear site licence through the supply chain should include:
- Existence of vibrant nuclear safety culture (as defined by WANO), led by the executive leadership of the organisation, which facilitates a questioning attitude by all employees and effective arrangements for learning from external/internal experience
- Strong technical, design and operational capability to underpin the activities on the site
- Nuclear safety related posts must be filled by suitability qualified and experienced personnel
- Strong management systems with multiple checks for nuclear safety-related decisions and actions
- The decision authority for the plant should be delegated to those with the qualifications and experience for fulfilling the responsibility for nuclear safety
- There should be strong internal independent oversight of nuclear safety with responsibilities for policy, assessment and inspection (the nuclear site licensees’ internal regulator or assurance function) separate from the delivery functions and with suitable independent reporting routes
- Management also has access to advice on significant nuclear safety related issues from an independent, diverse source, such as a company nuclear safety committee which has sufficient external members
- The board of the nuclear site licensee is expected to take active oversight of nuclear safety performance and to challenge the management on these matters
The elements of the ISiD for the nuclear site licensee guard against single points of failure and common mode failure for organisations, such as inappropriate leadership, group thinking and organisational complacency.
INSAG 27 also provides guidance on ISiD elements for the nuclear regulators and stakeholders.
L2 has extensive experience in the provision of advice to prospective and existing Nuclear Site Licensees and their supply chains on development of management systems, organisational design, organisational capability, supply chain oversight and the development of a robust nuclear safety culture.