|Last updated date:||Reason for update:|
|01 March 2021||Original issue|
A guide for applicants and licence holders on what ARPANSA expects to be considered in the preparation and maintenance of the safety analysis report for a non-reactor facility
When a controlled person as defined in section 13 of Australian Radiation Protection and Nuclear Safety Act 1998 (the Act)  intends to undertake any of the following activities:
- prepare a site for a controlled facility
- construct a controlled facility
- have possession or control of a controlled facility
- operate a controlled facility
- decommission, dispose of or abandon a controlled facility
- remediate a prescribed legacy site
they must submit a facility licence application to ARPANSA. Section 46 of the Australian Radiation Protection and Nuclear Safety Regulations 2018 (the Regulations)  details what the application must contain. In particular, section 46(1)(e) requires a safety analysis report (SAR) to be provided for each activity described above.
The SAR is a document produced by the operator which details the site and facility, describes any hazards and risks associated with the facility, how the facility will be used and managed, and the controls that must be in place to mitigate the risks.
The SAR must cover technical, organisational and human factors in a systemic/holistic approach to safety. The SAR is usually a detailed top-level document that references all supporting evidence, for example, the risk assessments and the operators’ management system (plans and arrangements).
The primary user of the SAR is the operator who should use it as a reference document to manage safety throughout the life of the facility. The SAR is a ‘living’ document which, as operations evolve and operational knowledge is gained, is continuously reviewed and updated so that operational safety margins are known and managed accordingly. All changes to the SAR must be assessed against the change requirements of s63 and s64 of the Regulations.
The SAR is also important to the regulator. Assessors must critically examine and test the SAR to ensure that it demonstrates that the facility is safe and can be operated safely into the future. The assessor must ensure that the SAR informs the licensing basis for the facility on which a program of safety oversight and compliance monitoring will be established. This is achieved through the clear identification of performance standards for any aspects important for safety including the arrangements to ensure that the SAR is maintained and accurate.
The SAR describes all activities with safety significance in appropriate detail including any restrictions on inputs to and outputs from the facility. It should include the application of the safety principles and criteria in the design for the protection of workers, the public and the environment. The SAR should contain an analysis of the hazards associated with the operation of the facility and should demonstrate compliance with the regulatory requirements. It should also contain analyses of accidents and of the safety features incorporated in the design for preventing accidents or minimising the likelihood of their occurrence and for mitigating their consequences in accordance with the concept of defence in depth.
This document provides guidance for an applicant, a licence holder and/or a responsible person1, technical support organisations, and other interested parties on preparing safety analysis at each stage of the facility life. It aims to assist in ensuring that the safety analysis of non-reactor facilities is prepared in accordance with international best practice. This document is also used for the regulatory assessment of a licence application for each stage of a controlled facility.
The safety analysis confirms that the design of a facility:
- is capable of meeting the design and safety requirements and to derive or confirm operational limits and conditions that are consistent with the design and safety requirements
- assists in establishing and validating accident management procedures and guidelines
- assists in demonstrating that safety goals which may be established to limit the risks posed by the facility are met
- helps to demonstrate that the design of the facility reflects effective defence in depth and that the plant design and operation are robust and provide acceptable levels of safety
This regulatory document provides guidance for undertaking the safety analysis of non-reactor nuclear facilities and other controlled facilities including radioisotope and radiopharmaceuticals production facilities, radioactive waste management facilities, particle accelerators and research and development facilities. The document covers radiation risks and associated consequences arising from facilities.
For guidance on the safety analysis of research reactors, ARPANSA uses guidance published by the IAEA in Specific Safety Guide SSG-20 .
For guidance on the safety analysis for remediating a prescribed legacy site, ARPANSA uses guidance published by the IAEA .
For the guidance on safety analysis for abandoning a prescribed legacy site, ARPANSA uses guidance published by the IAEA .
1.4. General Expectations
Submissions to ARPANSA should be accurate and complete and be built from claims, arguments and evidence. A claim is a statement by the applicant about a property of an object or process. The evidence is an artefact that establishes fact to support the claim. Arguments describe the relationship that links the evidence with the claims to demonstrate that they have been met.
The regulatory assessor must assess any claims and arguments that lack supporting evidence with caution. Such claims and statements should carry less weight in the overall assessment. A good quality SAR also helps to demonstrate the applicant’s understanding of a facility and its operation and is therefore an indirect indication of the applicant’s capacity to comply with any licence issued (as required under section 53(f) of the Regulations.
An example of a claims-arguments-evidence approach is provided in Appendix A of this guide.
2. Content of the safety analysis report
This section of the guide provides general guidance on the topics for a typical SAR for a non-reactor facility. ARPANSA does not stipulate a format or structure for a SAR. This should be determined by the applicant or licence holder to meet its organisation’s requirements. The section headings shown below may be suitable for different chapters of the SAR. The content of the SAR should be applied as far as practicable and in a graded approach commensurate with the degree of hazard associated with the conduct or dealing. Graded approach is defined by the IAEA as a process or method in which the stringency of the control measures and conditions to be applied is commensurate, to the extent practicable, with the likelihood and possible consequences of, and the level of risk associated with, a loss of control.
2.1. Introduction and facility description
- An introduction of general information about the facility and any associated facilities.
- Facility overview should typically include the purpose of the facility, facility configuration, and the processes to be performed therein. The safety objectives and design requirements should also be included.
- Facility description should include the facility and processes in support of hazard identification, hazard and accident analysis, and selection of hazard controls. The description of the facility will allow the reader to understand facility structures, operations and application. Graded information should be provided based on the hazard category and the complexity of the safety analyses.
- Facility structure should include facility buildings and structures including construction details such as floor plans, equipment layout, construction materials, and dimensions relevant to hazard and accident analyses.
- Process description should include details on basic process parameters including: (1) types and quantities of radioactive and other hazardous materials; (2) process equipment; (3) instrumentation and control systems and equipment; (4) basic flow diagrams; and (5) operations including major interfaces between structures, systems and components (SSC).
2.2. Site characteristics
The site description should describe the location of the site and of the facility on the overall site, identify facility boundaries, and locate nearby facilities that could affect the safety of operations or be affected by the facility. Information should be provided on external accident initiators both natural and man-made to support assumptions used in the hazard and accident analyses.
- Information on the geological, seismological, hydrological and meteorological characteristics of the site and the vicinity in conjunction with present and projected population distributions, land use, site activities, and planning controls should be included. For low hazard facilities it is not necessary to discuss meteorological conditions, hydrological, geological, seismological characteristics, and offsite accident effects.
2.3. Safety structures, systems and components
- Information should be provided on the structures, systems and components (SSCs) necessary to protect the public and workers and to provide major contributions to defence in depth. The section should also describe the attributes (functional requirements and performance criteria) required to support the safety functions identified in the hazard and accident analyses and to support subsequent derivation of safety requirements. In preparing information the Regulatory Guide: Construction of an item important for safety  should be consulted.
- The design codes, standards and guides used for establishing the safety basis of the facility should be listed.
- The description of each such SSC should contain sufficient detail for describing its safety function and its relationship to the facility safety analysis taking into account the design basis and various modes of operation.
- The SSCs should be categorised based on the importance of the safety function(s) they provide, the consequences of failure to perform the safety function, and related factors.
- Information on: component reliability, system interdependence, redundancy, diversity of fail-safe characteristics and physical separation of redundant system; evidence that the material used will withstand the postulated conditions; provisions for tests, inspections and surveillance, and effects of ageing on the operability of the SSC should be provided.
2.4. Hazard and accident analysis
- Detailed information should be provided on the evaluation of normal, abnormal, and accident conditions. The process used to systematically identify hazards, categorise the facility, and evaluate the potential internal, man-made external, and natural phenomena events that could trigger accidents should be described in this chapter.
- Postulated initiating events, including human induced events, which could affect safety should be identified and their effects, both individually and in credible combinations, should be evaluated. The list of internal and external hazards, including human induced hazards should be used to select initiating events for detailed analysis. Expert judgement, feedback from operating experience of similar facilities and deterministic assessment should be used for identifying postulated initiating events.
- Certain events might be consequences of other events, such as a flood following an earthquake. An external hazard causing multiple simultaneous events on a site and major releases of hazardous chemicals and radioactive material from various source locations should be considered in the hazard analysis. This should include the provision of external services to the facility that may be impacted. Credible consequential effects should form part of the initiating event. The impact of multiple correlated events on a single facility and the impact of a single event on all facilities on the same site should be considered in the safety analysis.
- For each hazard scenario, hazard evaluation should typically describe:
- unmitigated hazard scenario and assumptions such as the initiating event, energy sources, qualitative or quantitative magnitude of radioactive or other hazardous material involved, release pathway(s), and initial conditions, if any
- estimated likelihood of the unmitigated hazard scenario
- estimated unmitigated consequences of the hazard scenario for the facility worker (qualitative or semi-quantitative), the workers of the co-located facilities (qualitative or semi-quantitative), and the public
- available preventive and mitigating controls
- Where a large number of scenarios are involved simple summary groupings and summaries in terms of hazards, energy sources, causes, preventive and mitigating features, unmitigated consequence estimates, and unmitigated frequency estimates may be presented in this section.
- The accident analysis should include accident selection, design basis accident and design extension conditions. For each design basis accident or equivalent the consequences to personnel, the public and the environment should be evaluated.
- In analysing the design basis accidents each event scenario (or group of event scenarios), the safety functions and corresponding items important to safety and administrative controls that are used to implement the defence in depth should be identified.
- For multi-facility sites the potential interaction with or impact from accidents at other facilities on the same site should be considered in the analysis of the fourth and fifth levels of defence in depth.
- Where appropriate the analysis of design basis external events should demonstrate that the design is adequately conservative so that margins are available to withstand external events more severe than those selected for the design basis.
- The analysis of internal events should demonstrate whether the SSCs are able to perform their safety functions under the loads induced by normal operation and the anticipated operational occurrences and accident conditions that were taken into account explicitly in the design of the facility.
2.5. Operational limits and conditions
This chapter should provide and justify functional safety requirements derived from the functions of the SSCs and the accident analysis. This may include safety limits, safety systems settings, limiting conditions for operations, surveillance requirements and administrative requirements.
- The safety limits2 of the process variables or parameters required for adequate control of the operation to protect the integrity of the physical system designed to guard against the uncontrolled release of radioactivity should be clearly described. These limits should reflect the capacity of the facility rather than its intended use or proposed production level.
- Safety system settings3 should be provided for those process variables and parameters having significant safety functions such that if not controlled could result in a safety limit being exceeded. The analysis should demonstrate that the safety limits will not be exceeded.
- Limiting conditions for safe operation should be clearly described demonstrating that there are acceptable margins between normal operating values and the safety system settings for items important to safety.
- The settings for limiting conditions for safe operation should avoid the undesirably frequent actuation of safety systems. Limiting conditions for safe operation should include limits on operating parameters, requirements relating to minimum operable equipment and minimal staffing levels, and interventions to be taken by operating personnel to avoid the need for actuation of safety systems.
- Surveillance requirements describing the frequency and scope of periodic testing, calibration, or inspection activities to assure that necessary performance of systems and components is maintained and facility operations remain within safety limits, safety system settings and limiting conditions for safe operation.
- The administrative and organisational requirements for operational procedures, staffing, training and retraining of personnel, review and audit procedures, maintenance, modifications, records and reports, and required actions following a violation of operational limits and conditions should be clearly described.
- The operational limits and conditions need to include administrative requirements concerning the organisational structure of the operating organisation and the responsibilities of key positions necessary for the safe operation of the facility.
2.6. Radiation protection
- A description of protection objectives, criteria and principles, including application of the principle of optimisation of protection and safety and the radiation sources in the facility. The information should include the radiation protection objectives of the design and a description of the dose limitation system for workers and the public including requirements for the optimisation of protection. All potential sources of radiation due to operation of the facility should also be described.
- Design features for radiation protection including radiation safety systems (e.g. shielding, ventilation) and appropriate equipment to ensure that radiation protection and contamination control are adequately provided for operational states of the facility should be described.
- The operational radiation protection program describing the administrative controls, equipment, instrumentation and facilities and procedures for radiation protection should be included noting that a ‘radiation protection plan’ is required by subsection 46(1)(iii) of the Regulations as part of the plans and arrangements for managing the facility. Detailed guidance on preparing a ‘radiation protection plan’ is presented in ARPANSA’s Regulatory Guide: Plans and arrangements for managing safety .
2.7. Radioactive waste management
- A description of the adequacy of measures for the safe management of all types of radioactive waste generated throughout the lifetime of the facility. These measures should be based on a waste management policy and strategy. This includes compliance with the applicable requirements for radioactive waste and effluent management. Descriptions of the facility design provisions, operating procedures and practices to minimise the generation of radioactive waste and effluents as well as the arrangements for managing the radioactive waste generated including segregation, monitoring, treatment, transport, storage and monitoring while in storage should also be included in this chapter. It is noted that a ‘radioactive waste management plan’ is required by subsection 46(1)(iv) of the Regulations as part of the plans and arrangements for managing the facility. Detailed guidance on preparing a ‘radioactive waste management plan’ is presented in ARPANSA’s Regulatory Guide: Plans and arrangements for managing safety.
- The radioactive waste management system covering gaseous, liquid, and solid waste should be described in accordance with the description of SSCs as applicable. The solid, liquid, and gaseous waste streams and sources including estimated inventories should be summarised in this chapter.
- Estimates of the quantity, volume, and characteristics of secondary radioactive waste resulting from radioactive waste pre-treatment or treatment in the facility. Possible disposal routes for the radioactive waste generated from the facility should be identified and presented in this section. Guidance for classifying radioactive waste with primary focus on long term safety after disposal is provided in the Guide for Classification of Radioactive Waste . The classification scheme supports implementation of the safety requirements outlined in the Code for Disposal Facilities for Solid Radioactive Waste .
- A comprehensive baseline radiological characterisation of a site should be undertaken prior to a facility becoming operational as this will greatly assist the decommissioning and site remediation processes.
- This chapter should describe the provisions and measures considered in the facility’s design, construction, commissioning and operation to facilitate decommissioning (e.g. modular construction to facilitate dismantling, operational practices to reduce generation of radioactive waste, operation and maintenance record keeping, control of modifications).
- Information on conceptual plans for decommissioning should be presented to demonstrate that adequate measures have been taken in the design and operation of the facility. This includes an evaluation of vulnerabilities to a spectrum of events to minimise site or environmental contamination that would complicate decommissioning or limit the effectiveness of environmental restoration.
- The provisions for managing the radioactive waste that will be generated during decommissioning of the facility should also be included in this chapter. Details of guidance on decommissioning are presented in the ARPANSA Regulatory Guide: Decommissioning of controlled facilities .
- Design aspects such as SSCs which will facilitate decommissioning, and potential points of contamination which will facilitate decommissioning should also be included in this chapter.
- The information on decommissioning should be adequate to demonstrate that an appropriate decommissioning plan has been prepared and will be maintained throughout the lifetime of the facility and that decommissioning can be accomplished safely and in such a way as to meet the defined end state.
2.9. Emergency planning and preparedness
- A description of the emergency planning and preparedness arrangements of the facility describing policies and procedures including but not limited to the prompt declaration of an emergency, timely notification, activation of emergency response, assessment of the situation and implementation of necessary protective actions, and coordination of response actions and communication with relevant authorities. These arrangements should be based on the emergency preparedness category of the facility as required in GSR Part 7 .
- The emergency procedures should include the actions to be taken to mitigate the consequences of a nuclear or radiological emergency.
- Emergency procedures should be based on the accidents analysed in the safety analysis as well as those additionally postulated for the purposes of emergency planning in accordance with the requirements of GSR Part 7.
- Detailed guidance on preparing an ‘emergency plan’ is presented in ARPANSA’s Regulatory Guide: Plans and arrangements for managing safety .
2.10. Management System
- This chapter should describe the planning, implementation and control of essential activities relating to the management system procedures to ensure that the specific requirements at each stage of the facility — such as regulatory requirements, design and construction criteria, and acceptance criteria — are correctly applied and fulfilled. In particular, the responsibilities and authorities of the personnel concerned under the management system should be specified.
- The management system should consider four functional categories: management responsibility; resource management; process implementation; and measurement, assessment and improvement. The reporting hierarchy and lines of responsibility and authority should be such that they do not create conflicts between organisations and activities that could compromise safety during that conduct.
- The management system should include provisions to ensure that relevant aspects of each stage of the facility such as the facility design, changes to the design, operating procedures, organisational structure and safety assessment are appropriately addressed.
- Activities including development, review, and approval of engineering calculations and documents, use of computer codes and their updates should be included in the management system.
- The management system should include the plans and arrangements for managing safety and in particular how effective control is maintained.
Detailed guidance on preparing the management system is presented in ARPANSA’s Regulatory Guide: Plans and arrangements for managing safety . ARPANSA expects the management system to be reflective of IAEA GSR Part 2: Leadership and Management for Safety .
Appendix A: An example of a claims-arguments-evidence approach to demonstrating the safety case
The facility presents an acceptably low risk of radiation exposure to personnel.
- The facility design has taken into account the potential for radiation exposure of personnel.
- Area radiation monitors are installed to provide indication of a radiation levels and to alarm if pre-set values are exceeded.
- Personnel receive training in radiation awareness, radiation protection, safety culture, task procedures and procedural use and adherence.
- Task procedures take radiation hazards and protection into account.
- A corrective action reporting system is in place to report radiation exposure risks, accidents and near misses.
- The facility and system design includes interlocks and shielding to protect personnel from radiation exposure.
- Commissioning and routine testing has confirmed the functionality of interlocks.
- Commissioning measurements and routine surveys show radiation levels around the facility to be acceptably low.
- Radiation levels in facility work areas are routinely monitored and logged.
- Personnel radiation monitoring show radiation exposures to be low and well below dose limits and constraints.
- Records indicate that the calibration of area radiation monitors and radiation survey instruments is maintained.
- Work procedures provide pre-requisites, precautions and warnings in regard to radiation hazards and protection.
- Training records and assessments indicate attendance and proficiency in various topics including facility design, operation and safety.
- The corrective action database includes records demonstrating the actions to address radiation-related events.
 Australian Radiation Protection and Nuclear Safety Agency, Australian Radiation Protection and Nuclear Safety Act 1998.
 Australian Radiation Protection and Nuclear Safety Agency, Australian Radiation Protection and Nuclear Regulations 2018.
 Australian Radiation Protection and Nuclear Safety Agency, Code for Radiation Protection in Planned Exposure Situations, Radiation Protection Series C-1 (Rev 1) 2020.
 International Atomic Energy Agency, Safety Assessment for Research Reactors and Preparation of Safety Analysis Report, Specific Safety Guide No. SSG-20, IAEA, Vienna (2012).
 International Atomic Energy Agency, Remediation Strategy and Process for Areas Affected by Past Activities or Accidents, Specific Safety Guide, WS-G-3.1
 International Atomic Energy Agency, Release of Sites from Regulatory Control on Termination of Practices, Safety Guide, WS-G-5.1 (2006)
 Australian Radiation Protection and Nuclear Safety Agency, Regulatory Guide: Construction of an item important for safety
 Australian Radiation Protection and Nuclear Safety Agency, Regulatory Guide: Plans and arrangements for managing safety
 Australian Radiation Protection and Nuclear Safety Agency, Guide for Classification of Radioactive Waste, Radiation Protection Series G-4, 2020.
 Australian Radiation Protection and Nuclear Safety Agency, Code for Disposal Facilities for Solid Radioactive Waste, Radiation Protection Series C-3, 2018.
 Australian Radiation Protection and Nuclear Safety Agency, Regulatory Guide: Decommissioning of controlled facilities
 International Atomic Energy Agency, GSR Part 7 Preparedness and Response for a Nuclear or Radiological Emergency, 2015
 International Atomic Energy Agency, GSR Part 2 Leadership and Management for Safety, 2016
1 A Responsible Person has the same meaning as a Person Conducting a Business or Undertaking (PCBU), as defined in the Commonwealth Work Health and Safety Act 2011, who is conducting a business or undertaking that uses radiation and requires authorisation under appropriate legislation.
Responsible person is defined in the Code for Radiation Protection in Planned Exposure Situations Radiation Protection Series C-1 (Rev.1), 2020
Safety limits are operational limits and conditions beyond those for normal operation. [IAEA Safety Glossary 2018]
3 Safety system settings: Settings for levels at which safety systems are automatically actuated in the event of anticipated operational occurrences or design basis accidents, to prevent safety limits from being exceeded. [IAEA Safety Glossary 2018]