The largely qualitative techniques described in the above reference on hazard ana lysis
provide methodologies for comprehensive definition of the accident spectrum for workers
and the public. The basic identification of hazards inherent in the process provides a
broad, initial basis for identification of safety programs needed (e.g., radiation protection,
hazardous chemical protection). The hazard analysis then moves beyond basic hazard
identification to evaluation of the expected consequences and estimation of likelihood of
accidents, an activity that in no way connotes the level of e ffort of a probabilistic or
quantitative risk assessment.
Throughout the evaluation process, preventive and mitigative SSCs, and SACs and
pertinent elements of programmatic controls are identified. This identification also
establishes functional requireme nts, which will subsequently delineate the technical
information (i.e., response parameters) needed to establish performance criteria. The DSA
summarizes these requirements and criteria for safety-class and safety-significant SSCs
and SACs only. Refineme nt of the information obtained in hazard evaluation leads to
overall definition of defense in depth, worker safety, and environmental protection.
The most significant aspects of defense in depth and worker safety are subject to
designation as safety-signif icant SSCs and coverage by TSRs. Other items noted are
encompassed by the details of safety management programs (e.g., procedures, training,
maintenance, quality assurance), which can be captured in top- level fashion in TSR
administrative controls. However, programmatic administrative controls should not be
used to provide preventive or mitigative functions for accident scenarios identified in the
safety basis where the safety function has importance similar to, or the same as the safety
function of safety-class or safety-significant SSCs. The classification of SAC was
specifically created for this safety function. The hazard evaluation conducted to assess the
accident spectrum associated with hazards germane to the DSA indicates the adequacy of
programmatic efforts and provides input to programmatic activities whose discipline
provides a significant margin of safety.
The process outlined above is self- grading for analytical effort. Analytical effort can be
limited to a simple, resource efficient hazard analysis geared to facility needs, unless
events are noted that are of sufficient complexity to require more detailed, quantitative
evaluations to understand the basis for safety assurance. Implicit in this methodology is
the statement of DOE-STD-1027 that the largely qualitative level of effort in hazard
analysis is appropriate and sufficient for accident analysis of Hazard Category 3 facilities.
It is again noted that the hazard analysis effort is not a quantitative risk assessment.
Preparers (and subsequent reviewers) cannot expect the level of detail associated with a
quantitative risk assessment in a hazard analysis, as the hazard analysis is focused on
systematically assessing what can go wrong in a facility as opposed to deriving
mathematical expressions of risk.
The final purpose of hazard analysis is to identify a limited subset of accidents to be
carried forward to accident analysis. Identification of DBAs in safety analysis and use of
DBAs is appropriate in defining a facility safety basis. DBAs are accidents that are
utilized to provide the design parameters for release barriers and mitigating systems.
DBAs are a "front-end" device for designing individual equipment or systems to meet
functional requirements, as evidenced by use of the phrase "utilized to provide the design
parameters." An accident can be defined as a DBA if relevant SSCs were specifically