All hazard controls are identified and characterized in support of the DSA. Judgments must be
made regarding what constitutes appropriate controls. These judgments should consider the
level of the hazard and potential consequences, the practicality and effectiveness of possible
control options, the importance of the mission of the facility, and other relevant factors, if any.
These are all elements of the graded approach.
Hazard controls in the DSA are selected to reduce the risks of hazardous activities. Controls
are classified by comparison to an evaluation guideline in the case of safety class SSCs for
protection of the public, and by criteria described in DOE STD-3009 for safety significant SSCs
for worker protection and defense-in-depth. SC and SS SSCs are expected to be addressed in
When selecting hazard controls, it is preferable to choose engineering controls over ACs due to
the inherent uncertainty of human performance. When choosing engineering controls, it is
preferable to choose passive SSCs over active SSCs. When ACs are selected over
engineering controls, and the AC meets the criteria for an SAC as provided in this Standard, the
AC shall be designated as an SAC.
While SACs may be acceptable for ensuring safe operation, they must be evaluated carefully
when choosing safety measures for long-term hazardous activities because of their generally
lower reliability compared with engineered controls. The actual design and selection process
should consider the ensemble of controls used to address a hazard, such as cost, availability,
required reliability, and consequence of mechanical or human failure for each potential control.
SACs have elevated safety significance, and have more stringent implementation and
verification requirements to ensure their effectiveness and dependability, as described in this
Controls identified as part of a safety management program (e.g., fire, criticality, radiation
protection, etc.) may or may not end up as controls that need to have enhanced dependability,
as is the case with SACs, based on the designations derived from the hazards and accident
analyses in the DSA. Hazard controls should be identified on a case-by-case basis and should
be graded according to the guidance in DOE G 421.1-2, Implementation Guide for Use in
Developing Documented Safety Analyses to Meet Subpart B of 10 CFR 830, DOE STD-3009,
and this Standard, with regard to the classification of hazard controls.