| ![]() DOE-STD-1134-99
7.0 Design Features (Passive & Active) And Administratively Controlled Limits &
The controls and constraints placed on the operation are described in this section. The reviewer
should ensure that the controls correspond to those listed in Section 5.0. The most typical
mistake made here is that controls are inadvertently dropped or ad-hoc controls are added. The
key here is the implementation of the controls. Potential common mode failure evaluations from
Section 2.0 must be addressed herein. A mechanism must be in place within the Contractor
infrastructure to implement and assess the adequacy of the controls. The control limits should be
measurable and auditable. Appropriate links to the configuration control system (including
maintenance and procurement of replacement parts) should be in place to ensure that physical
design features are not altered unintentionally. To the degree practicable, physical design
features should be used in place of administrative controls. Finally, watch for "infraction traps"
alluded to in Section 2.0. Only those controls needed for criticality safety as documented by the
contingency analysis should be imposed.
Key Review Issues
All controls and design features are consistent with contingency analysis.
Physical controls are used where applicable.
Implementation mechanisms are in place and adequate for all controls.
Ties exist to a configuration control program.
Infraction traps are avoided.
8.0 Summary & Conclusions
This section should summarize the conclusion of the CSE that the system is subcritical, as well
as "double contingent." Some discussion of the safety margin during normal and credible
abnormal conditions is appropriate here, too.
Key Review Issues
A positive statement of double contingency or discussion of accepted risk for single
contingent operations.
9.0 References
All references should be included in this section. Of particular interest are handbooks, previous
analyses, technical reports, and controlled drawings. However, to the extent possible, the CSE
should be self-contained. At a minimum the reviewer should be able to identify all documents
used as input to the CSE.
Privacy Statement - Press Release - Copyright Information. - Contact Us |