Safety Case Toolkit

Operating Rules and Technical Specifications

Introduction

Licence Condition 23 (LC23) requires that the ‘adequate safety case’ that licensees must produce ‘in respect of any operation that may affect safety’ should ‘identify the conditions and limits necessary in the interests of safety’. LC23 calls such conditions and limits ‘Operating Rules’ (ORs). The Office for Nuclear Regulation (ONR) Technical Assessment Guidelines (TAGs) (NS-TAST-GD-035) and accompanying Technical Inspection Guide (TIG) (NS-INSP-GD-023), have been produced following extensive surveys of guidance and practice on the derivation and application of limits and conditions at nuclear facilities, both across the UK and internationally. A fundamental aspect of this guidance is that ORs are, by definition, conditions and limits identified by the licensee in its safety case.

LC23 requires that ORs are complied with at all times. This places a duty on the licensee to link the theoretical analysis documented in the safety case with actual operational limits and conditions, and through these to operate in accordance with the safety case.

It should be noted that in (NS-TAST-GD-035) the definition of OR is wider that that historically used by some UK licensees in that ORs are not only the limits of the safe operating envelope, but should include any other limit or condition needed for safety.

Technical Specifications

Modern power stations adopt a Technical Specification (Tech Spec) approach to ORs, whereby limits and conditions include specific time periods so that non-compliance is only deemed to have occurred when the limit has been exceeded for longer that a prescribed time, or on a specific number of times within a given time period (NS-TAST-GD-035). Tech Specs are the lowest functional capability or performance levels of equipment for safe operation.

This approach, where appropriately justified in the safety case, provides a graded approach of OR compliance and can seek to avoid situations whereby returning to normal operations may induce a greater risk than a slower, more measured return to normal operations. The Tech Spec approach has also been applied to environmentally significant plant and activities on modern power stations, and are designated as Environmental Specifications (ESpecs).

Derivation of Operating Rules

The ONR Safety Assessment Principles (SAPs) and in particular paragraph 643 of the SAPs, provides guidance on how to identify conditions and limits in practice, suggesting that these should be derived primarily from the Design Basis Analysis (DBA). Para 643 identifies three types of limits and conditions which are:

  • Trip settings and performance requirements.
  • Configuration and availability conditions.
  • The safe operating envelope for the facility.

The SAPs provide detailed guidance on the measures that should be taken in the design and operation of the facility to achieve these objectives. This includes, but is not limited to, the need to operate so that Structures, Systems and Components (SSCs) remain within defined limits with associated monitoring such that this remains the case, the need for safety systems to maintain a defined safe state and the need to identify minimum levels of equipment needed for safe operation.

Although any limit or condition identified in the licensee’s safety case is an OR, for the purposes of LC23 the ONR expects the licensee to focus (target) their attention on those ORs that have the greatest bearing on safety. Similarly, it is ONRs expectation that licensees will adopt some form of OR hierarchy to assist with the targeting of their attention on limits and conditions that have the greatest bearing on safety. The technical details of this hierarchy is for the licensee to determine and will likely be based upon their individual approach to safety case development and fault assessment.

Types of Operating Rules

The types of limits and conditions that inspectors can expect to see within the licensee’s safety case are noted in (NS-TAST-GD-035) and described below.

  • Parametric: defines the boundaries between Defence in Depth (DiD) levels (e.g. normal operations, fault conditions) in terms accessible to the operators that will initiate an appropriate response in the event of non-compliance, including notification and reporting of non-compliances.
  • Operational: defining minimum levels of, and permissible configurations for plant, equipment and associated supplies, together with staffing levels that the safety case determines are needed.
  • Protective: defining safety settings, the point at which a safety measure is intended to activate or initiate during fault conditions.
  • Time-based: defines surveillance requirements for monitoring against each OR, time periods when safety measures are permitted to be unavailable and the time period which operators need to complete defined activities.
  • Theoretical: captures the success criteria used in the safety case, design basis limits, safety limits.
  • Underlying: captures assumptions made in the safety case of lesser importance to safety.

Additional Information & Guidance

  • ONR, NS-TAST-GD-035, Limits and Conditions for Nuclear Safety (Operating Rules), March 2018.
  • ONR, NS-INSP-GD-023, LC23: Operating Rules, March 2019.
  • ONR, Safety Assessment Principles for Nuclear Facilities, 2014 Edition Revision 1 (January 2020).