 |
|||
|
|
|||
|
|
|||
| ||||||||||
|
|  DOE-STD -3009-94
The individual features that comprise defense in depth are identified in
"Hazard Evaluation," Section 3.3.2.3. Table 3-1 provides an example of how
existing and proposed features (barriers to uncontrolled hazardous material or
energy release) for specific operations are identified. The raw information in
the hazard evaluation tables will be examined and distilled into an organized
discussion of the elements of defense in depth. Relevant accidents may be
used to frame and focus the discussion, but the hazard evaluation already
provided in or appended to the DSA in tabular form should not be duplicated.
Organize the presentation in a systematic manner (i.e., inner to outer) to clearly
identify the layers of defense. Note that there is no requirement to demonstrate
any generic, minimum number of layers of defense. The intent is to support
the conclusion that defense in depth for a given hazard is commensurate with
industrial practices for the relevant type of activity.
Identify the broad purpose and importance of defense-in-depth features, not the
details of their design or implementation. For example, a glovebox represents
an aspect of defense in depth. Only its major features and interactions with
other elements of defense in depth, such as ventilation zone confinement, need
to be summarized. It is not necessary to discuss the individual penetration
fittings, welded piping junctions, gloveport designs, etc., which allow the
glovebox to function as designed. Likewise, if there is a procedura l
requirement for the operator to perform an action if a parameter is exceeded, it
is not necessary to identify the exact procedure, the exact phrasing of the
requirement, the specific details of how the operator accomplishes that action,
etc. Stating the action, providing a brief summary of its rationale, and noting
that both procedures and training needed to cover that action are sufficient.
Safety-Significant SSCs
Distinguish safety-significant SSCs from among those structures, systems, and
components contributing to defense in depth. To effectively use the graded-
approach concept, focus on the most important items of defense in depth
whose failure could result in the most adverse uncontrolled releases of
hazardous material. This Standard maintains that all SSCs with a safety
function do not require classification as equipment requiring detailed
description in the DSA (i.e., safety-class SSCs and safety-significant SSCs).
As noted in the Introduction, this is one of the principle reasons for the
emphasis on programmatic commitments.
The major features of defense in depth typically comprise the outer or
predominant means of mitigating uncontrolled release of hazardous materials
[e.g., ventilation system directing airflow to High Efficiency Particulate Air
(HEPA) filters, overall building structure], any preventive features that are
designed to preclude highly energetic events that potentially threaten multiple
layers of defense in depth or essentially defeat any one layer (e.g., a hydrogen
detector and purge flow interlock on a vessel that prevents a large hydrogen
explosion, a sprinkler system that prevents a large fire that is physically
possible for a type of operation), or any SSCs needed to insure the availability
Page 39
|
|
Privacy Statement - Press Release - Copyright Information. - Contact Us |
Click
here for thousands of PDF manuals