Final Report SLAC ISMS Effectiveness - Stanford...

U.S. Department of Energy Office of Science

Integrated Safety Management System Effectiveness Review of the

Stanford Linear Accelerator Center and Stanford Site Office

FINAL REPORT

August 2008

This page intentionally left blank.

Final Report – Integrated Safety Management System Effectiveness Review of the Stanford Linear Accelerator Center and Stanford Site Office August 2008



i

Table of Contents

Acronyms and Abbreviations ...................................................................................................................... iii Definitions .................................................................................................................................................... v Executive Summary .................................................................................................................................... vii 1.0 INTRODUCTION ........................................................................................................................... 1 2.0 PURPOSE AND SCOPE ................................................................................................................. 1 3.0 OVERALL APPROACH ................................................................................................................. 2

3.1 Development of the Review Plan and CRADs ........................................................................ 3 3.2 Selection of Team .................................................................................................................... 3 3.3 Fieldwork Activities ................................................................................................................ 3

4.0 ASSESSMENT OF ISMS IMPLEMENTATION ........................................................................... 4

4.1 Objectives ................................................................................................................................ 4 4.2 Proficiencies ............................................................................................................................ 6 4.3 Priority 2 Findings ................................................................................................................... 6 4.4 Priority 3 Findings ................................................................................................................... 7

5.0 CONCLUSIONS AND RECOMMENDATIONS .......................................................................... 8

5.1 Stanford Site Office ................................................................................................................. 8 5.2 Stanford Linear Accelerator Center ......................................................................................... 8

6.0 LESSONS LEARNED ................................................................................................................... 10 Appendix A: Summary of Proficiencies and Findings ............................................................................ A-1 Appendix B: Team Roster ....................................................................................................................... B-1 Appendix C: ISMS Effectiveness Review Forms .................................................................................... C-1


ii



iii

Acronyms and Abbreviations ACC accelerator AHA Area Hazards Analysis ALARA as low as reasonably achievable ARR Accelerator Readiness Review ASE accelerator safety envelope BAS Beam Authorization Sheet CAP corrective action plan CATS corrective action tracking system CFR Code of Federal Regulations CMP Configuration Management Plan CRAD criteria review and approach document DOE U.S. Department of Energy EMS Environmental Management System ES&H environment, safety, and health FAMIS Facility Asset Management Information System HAZ Hazards Identification and Standards Selection (team member) HQ Headquarters HSS Office of Health, Safety and Security IIA Internal Independent Assessments IIPP Injury and Illness Prevention Plan IRAT Incident Review and Assistance Team ISEMS Integrated Safety and Environmental Management System ISM Integrated Safety Management ISMS Integrated Safety Management System JHAM Job Hazards Analysis and Mitigation JSA job safety analysis LCLS Linac Coherent Light Source LINAC Linear Accelerator LO/TO lockout/tagout MCI Maximum Credible Incident MG Management (team member) NTS Noncompliance Tracking System OIO Office of Independent Oversight OP Operations ORPS Occurrence Reporting and Processing System OSHA Occupational Safety and Health Administration P1 Priority 1 P2 Priority 2 P3 Priority 3


iv

Acronyms and Abbreviations (Continued)

PAAA Price-Anderson Amendments Act PEMP Performance Evaluation and Management Plan PERT Procurement Evaluation and Reengineering Team PP&A Particle Physics and Astrophysics PPE personal protective equipment PRO Proficiency RCS Radiological Control Standard RP Radiological Protection RPP Radiological Protection Program RSWCF Radiation Safety Work Control Form RWP radiological work permit SAD Safety Assessment Document SLAC Stanford Linear Accelerator Center SMART Safety Management Records Tool SME subject matter expert SORI Safety and Operability Reliability Improvements SPEAR Stanford Positron Electron Asymmetric Ring SSO Stanford Site Office, DOE Office of Science SSSP Site Specific Safety Plan STA SLAC Training Assessment USI unreviewed safety issue UTR University Technical Representative WSHP Worker Safety and Health Program


v

Definitions

Priority 1 (P1) Finding Findings of major significance (e.g., imminent threats to worker

protection, public safety, or environmental quality or the presence of a major risk or vulnerability). Such findings can be a systematic breakdown in, or a failure to implement, a major work control element necessary for safety, quality, or the environment or a significant noncompliance with requirements. Priority 1 findings should have management buy in and a rapid contractor corrective action, with compensatory measures during the interim.

Priority 2 (P2) Finding Findings that represent nonconformances, deviations, and/or deficiencies in the implementation of requirements, procedures, standards, and/or regulatory requirements. Priority 2 Findings should require corrective actions.

Priority 3 (P3) Finding Observations that the assessor deems to be an isolated, minor, quick fix or nonadherence to best practices/internal procedures/accepted standards.

Proficiency (PRO) A practice that exceeds the normal performance expectations and should be considered for sharing with the rest of the DOE complex.


vi



vii

Executive Summary

This Integrated Safety Management System (ISMS) Effectiveness Review was performed at the request of the Stanford Site Office (SSO) Manager. The objective of this ISMS review was to provide a status to SSO on the Stanford Linear Accelerator Center’s (SLAC’s) ISMS implementation. The review addresses SSO’s Assessment Program, including oversight time spent in the field, and its technical qualifications program and addresses both SLAC’s self-performed work and its subcontracted activities. The review also addresses the effectiveness of SLAC’s processes for hazard identification and analysis, work planning and scheduling, assessments and issues management, the Worker Safety and Health Program (WSHP), and operations as selected by SSO. The dates for this review were August 4–14, 2008. In preparation for this review, the team leader reviewed the SLAC occurrence reports in the Occurrence Reporting and Processing System for January 2005 through mid-April 2008. The team leader also reviewed the findings from the Office of Science Integrated Support Center assessments from January 2005 through mid-April 2008, as well as the findings from the environment, safety, and health (ES&H) inspection of SLAC and SSO conducted by the Office of Independent Oversight in 2006. The subject areas for this ISMS review were chosen based on this analysis with concurrence of SSO. The SSO has realized much change over the last five years. This included four different site managers, multiple changes in the structure and function of site office personnel, and several significant events that required significant efforts to resolve. Today, SSO has the core Integrated Safety Management (ISM) systems in place to provide effective day-to-day oversight of the contractor. The SSO is very visible on site in providing the federal leadership required for an effective U.S. Department of Energy (DOE) site office. SSO has taken the initiative to provide increased oversight, where necessary, to impact adverse trends. The SSO is fostering a partnership commitment, while maintaining proper federal oversight, with SLAC and Stanford University. The integrated assessment scheduling involving SLAC, Stanford University, and SSO was noted as a proficiency in this review. SSO needs improvement in the areas of internal self-assessment, corrective-action closure and follow-up, and revision of the assessment schedule to include SLAC technical qualifications and contractor assurance. In summary, the results of this review indicate that the SSO has the core elements of an ISM system and that they are operating effectively. SLAC has experienced change over the last five years. This included a change in Laboratory Director, personnel changes in both senior- and staff-level positions, significant laboratory events, and numerous budget issues requiring changes in plans and schedules. SLAC’s recent partnership with Stanford University and SSO is one of the keys to improvement associated with lab-wide issues. The team found significant improvement in several areas including site housekeeping, especially in the construction areas, and a positive change in the overall attitude concerning the correction of problems by both line managers and support staff. SLAC personnel provided open and candid responses to questions during interviews. SLAC has made significant progress in the right direction on the development and revision of their safety basis documents associated with accelerator operations. In 2005, these safety basis documents were outdated, and the documents are now current and accelerator safety envelopes are in place. While some observations are noted, these are generally in the areas that will improve and/or strengthen the safety basis documents. Work planning and control was identified as a problem in the 2005 ISM review and the Office of Independent Oversight Inspection in 2006. While the team found that improvements have been made, this area continues to be a problem. Recent plans presented to the team, if implemented, should result in an effective program. Therefore, it appears that SLAC is currently on the right track.


viii

SLAC has developed and documented several parts of an assurance system. To date, these are being managed in a very pragmatic and attentive manner. Acceleration of these programs will impact overall lab-wide movement to a best-in-class operation. Weaknesses still exist in assessment tracking and trending, both of which are integral components of an effective ISM program. In summary, SLAC has components of an effective ISM system. SLAC also has corrective actions in place to address identified weaknesses. SLAC should continue to address the identified corrective actions which, if implemented, will result in an effective ISMS program. The on-site assessment was performed by seven senior technical personnel over the course of ten days, and the off-site assessment was performed by two senior technical personnel. During the assessment, several interviews were conducted; numerous documents were reviewed; and several visits or meetings were made to observe work activities. The team’s review identified three (3) Proficiencies (PRO), six (6) Priority 2 (P2) findings, and eight (8) Priority 3 (P3) findings which are summarized as follows: Proficiencies DOE.1.4.PRO-001 The immediate oversight increase directed by the SSO Manager because of

increased incidents at the Linac Coherent Light Source provided an example system.

DOE.2.2.PRO-002 The “Partnership Commitment” document signed by the SLAC Director, the Stanford University Vice President for SLAC, and the DOE SSO Manager provides an important foundation for progress in and improvements of SLAC current operations and future direction.

DOE.2.2.PRO-003 The initiative to jointly develop an integrated assessment schedule including SLAC, Stanford University, and SSO is a significant indication of a new spirit of cooperation that will better leverage available resources and provide all parties a means of maintaining a broader perspective on SLAC operations.

P2 Findings DOE.2.9.P2-001

The current corrective action processes are not structured in a way to promptly identify and drive closure of the actions necessary to correct significant issues.

DOE.3.4.P2-002 Self-assessments have not been completely established as a regular part of the overall assessment program.

HAZ-ACC.3.1.P2-003 A written Unreviewed Safety Issue process has not been developed or implemented to improve the contractor’s safety authorization basis process.

MG.5.P2-004 There is no formal, structured, and/or comprehensive institutional work planning and control process in place at SLAC.

MG.7.1.P2-005 Assessments identified in ES&H Manual Chapter 33 are not consistently being performed, documented, or tracked by SLAC, as required.


ix

WSHP.1.3.P2-006 As required in 10 Code of Federal Regulations 851.11(c)(2), contractors must submit annually to DOE either an updated WSHP for approval or a letter stating that no changes are necessary in the currently approved worker safety and health program. The revision to SLAC’s WSHP was submitted to SSO for approval two months after the annual submission date of the plan.

P3 Findings DOE.2.4.P3-001 The three-year assessment schedule does not include a review of the SLAC

qualification standard program, training program, or of SLAC staff training and qualifications related to ES&H.

DOE.2.5.P3-002 The depth and breadth to which SSO has reviewed the SLAC assurance system is not mature.

HAZ-ACC.1.1.P3-003 Specific roles and responsibilities for facility management between operations of the electron beam and operations of the photon beams were not addressed in the Safety Assessment Documents (SADs).

HAZ-ACC.1.1.P3-004 Beam Authorization Sheet instructions do not allow for handwritten changes.

HAZ-ACC.2.2.P3-005 The hazard analysis approval within the SADs needs to be strengthened.

HAZ-ACC.2.9.P3-006 Accelerator Safety Envelopes need to be improved in order to effectively communicate the risks associated with operating accelerators.

HAZ-ACC.3.2.P3-007 The Accelerator Readiness Review process is not formalized.

MG.9.4.P3-008 Metrics are not being established, and trending information is not being provided to senior management, as required by the SLAC Assurance Program Description, Section 3.4.


x



1

Final Report – Integrated Safety Management System Effectiveness Review of the Stanford Linear Accelerator Center and Stanford Site Office

1.0 INTRODUCTION

The Stanford Linear Accelerator Center (SLAC) is a federally-funded basic research and development facility, operated by Stanford University under the programmatic direction of U.S. Department of Energy (DOE) Office of Science. SLAC comprises numerous federally-owned facilities situated on land owned by Stanford University. The SLAC research program centers on experimental and theoretical research in elementary particle physics using electron beams and a broad program of research in atomic and solid-state physics, chemistry, biology, and medicine using synchrotron radiation. The total SLAC staff numbers approximately 1200, of which 150 are physicists with doctorate degrees. Each year, approximately 3000 scientists from academic and industrial concerns in 20 countries are active in the high-energy physics and synchrotron radiation program at SLAC.

SLAC is located just east of Interstate-280 in Menlo Park, California. SLAC occupies 426 acres of Stanford-owned land which is leased to DOE at no cost. The SLAC property was first provided on a 50-year lease to the Atomic Energy Commission in 1962. The main research instrument is a 3.2-kilometer-long Linear Accelerator (LINAC) that has generated high-intensity beams of electrons and positrons since 1966.

DOE Policy 450.4, Safety Management System Policy, requires that an Integrated Safety Management System (ISMS) be institutionalized by each major DOE prime contractor. The purpose of such a system is to ensure that work is conducted efficiently and in a manner that ensures protection of the worker, the public, the environment, and the facility. DOE Manual 450.4-1, Integrated Safety Management System Manual, requires each DOE field office to develop, approve, maintain, and implement a field office Integrated Safety Management (ISM) Program.

This ISMS Effectiveness Review was performed at the request of the DOE Stanford Site Office (SSO) Manager. The review was conducted in accordance with the guidance provided in DOE Guide 450.4-1B, Integrated Safety Management System Guide, Volumes 1 and 2; DOE Handbook 3027-99, Integrated Safety Management Systems (ISMS) Team Leader’s Handbook; and DOE Manual 450.4-1, Integrated Safety Management System Manual.

2.0 PURPOSE AND SCOPE

In preparation for this ISMS Effectiveness Review, the team leader reviewed the SLAC occurrence reports in the Occurrence Reporting and Processing System (ORPS) for January 2005 through mid-April 2008. The team leader also reviewed the findings from the Office of Science Integrated Support Center assessments from January 2005 through mid-April 2008, as well as the findings from the environment, safety, and health (ES&H) inspection of SLAC and SSO conducted by the Office of Independent Oversight (OIO) in January 2006. The subject areas for this focused ISMS review were chosen based on this analysis.

This review addresses SSO’s Assessment Program, including oversight time spent in the field, and its technical capabilities program. The review addresses both SLAC’s self-performed work and its subcontracted activities. The review addresses the effectiveness of SLAC’s processes for hazard identification and analysis, work planning and scheduling, assessments and issues management, the Worker Safety and Health Program (WSHP), and operations in selected areas. The review team was also tasked to determine whether SLAC’s subject matter experts (SMEs), as a whole, have a process-based or expert-based system. The operating experience/lessons learned program was originally scheduled to be conducted as part of this review by two technical personnel; however, it was determined that this portion of the review should be addressed separately. A separate report will be issued to discuss the status of the operating experience/lessons learned program. The dates for this review were August 4–14, 2008.


2

3.0 OVERALL APPROACH

This ISMS Effectiveness Review is a documented management assessment using a multidisciplined team of specialists led by a DOE team leader. The approach for this review is principally an assessment of management systems and processes. The team performed a portion of this review remotely by reviewing program documents and procedures and part of the review was conducted on site by reviewing activities, including document reviews, interviews, and activity observations.

Department of Energy (DOE) – On-Site Review: The team was tasked to determine if SSO line personnel maintains cognizance of SLAC’s overall facility and activity status, major changes planned, and overall safety posture. The team also reviewed the SSO Assessment Program to determine how assessment areas are selected and the associated assessment schedules are developed and maintained. The team reviewed how the SSO performs self-assessments of its ES&H oversight processes and activities to assess whether the requirements and management expectations are met. The team reviewed how the SSO determines the ES&H technical capabilities and positions that it requires to meet its mission needs and ensure safe operations.

Hazards Identification and Standards Selection (HAZ) – On-Site Review: The team focused on HAZ for the SLAC accelerators (ACC), specifically the Linac Coherent Light Source (LCLS), the LINAC, and the Stanford Position Electron Asymmetric Ring (SPEAR) 3 Safety Assessment Document (SAD).

Management (MG) – The MG functional area was a major focus area for this review.

• On-Site Document Review: For criteria review and approach documents (CRADs) MG.1–6, the team was tasked to determine whether SLAC has documented mechanisms with clear roles and responsibilities for requirements selection and management, including subcontracts. The team reviewed SLAC’s processes to identify the hazards and select the controls that are included in work packages, particularly with regard to subcontracts and nonroutine activities. The team reviewed the procedures to develop work packages and reviewed in detail a sample of open and recently closed work packages. The team was tasked to determine if the work packages included the instructions necessary to complete the work activities safely and efficiently, including integration of specific hazard controls, clear roles and responsibilities, and completion criteria. The team reviewed the process to request, prioritize, and schedule work, including the process for work not requiring a formal schedule. In addition, the team reviewed the documented process SLAC uses to confirm that an activity or operation is ready to commence. NOTE: For the purposes of this review, a work plan and associated implementing procedures were categorized as a work package.

• On-Site Review: For CRADs MG.7–9, the team reviewed SLAC’s assessment and issues management programs to confirm that SLAC performs regular, effective self-assessments that are conducted by organizations or personnel that have authority and independence from line management. The team was tasked to determine if SLAC has effectively implemented a formal issues management program to identify, track, correct, and trend deficiencies.

Operations (OP) – The OP team focused on the following:

• Remote Review: Radiological Protection Program (RPP). The team reviewed the program documents and procedures used to implement the program.

• On-Site Review: Construction Safety Program and the Worker Safety and Health Program (WSHP). The team sampled SLAC’s processes and activities used to execute the Construction Safety Program and the WSHP to determine whether work is being executed safely. In addition, one criterion was added to each OP review area pertaining to the state of housekeeping. The team members were tasked to determine if the housekeeping was adequate in each area inspected.


3

Subject Matter Expert System – On-Site and Remote Review: As part of the overall review focus, one criterion in each functional area pertains to whether SLAC’s SMEs have a process-based system or an expert-based system.

3.1 Development of the Review Plan and CRADs The Review Plan and the objectives and criteria for the review were developed using DOE directives (e.g., DOE Order 226.1A, DOE Manual 426.1-1A, DOE Order 210.2, DOE Order 226.1A, DOE Guide 440.1-8), CRADs posted in the ISM section of the DOE Headquarters’ (HQ) Office of Health, Safety and Security (HSS) website, CRADs contained in the Integrated Safety Management Systems (ISMS) Team Leader’s Handbook, and CRADs developed for reviews that covered similar functional areas (e.g., Assessment Plan for Safety of Accelerator Facilities at Oak Ridge National Laboratory, Review Plan for the Annual Assessment of the Environmental Management Waste Management Facility).

The team’s findings were categorized using the following criteria:

Priority 1 Finding – Findings of major significance (e.g., imminent threats to worker protection, public safety, or environmental quality or the presence of a major risk or vulnerability). Such findings can be a systematic breakdown in, or a failure to implement, a major work control element necessary for safety, quality, or the environment or a significant noncompliance with requirements. Priority 1 findings should have management buy in and a rapid contractor corrective action, with compensatory measures during the interim.

Priority 2 Finding – Findings that represent nonconformances, deviations, and/or deficiencies in the implementation of requirements, procedures, standards, and/or regulatory requirements. Priority 2 Findings should require corrective actions.

Priority 3 Finding – Observations that the assessor deems to be an isolated, minor, quick fix or nonadherence to best practices/internal procedures/accepted standards.

Proficiency – A practice that exceeds the normal performance expectations and should be considered for sharing with the rest of the DOE complex.

3.2 Selection of Team

Subsequent to selection and appointment of the team leader by the SSO Manager, the team leader immediately began identifying the necessary functional areas and expertise needed for the review. To the extent practical, line and support personnel from DOE Stanford Site Office and DOE Oak Ridge Office were used to staff the team.

The team leader developed the review schedule, scope, expected level of effort required of the team members, and a prospective team roster. A list of preliminary required reading materials, including this review plan, was prepared. Documentation was provided to each team member.

3.3 Fieldwork Activities

The on-site review was conducted over a 10-day period and involved observing work, performing record reviews, and conducting personnel interviews. The remote review process primarily involved document reviews and was conducted during the same period as the on-site review.


4

4.0 ASSESSMENT OF ISMS IMPLEMENTATION

The on-site assessment was performed by seven senior technical personnel over the course of ten days, and an off-site assessment was performed by two senior technical personnel. During the assessment, several interviews were conducted; numerous documents were reviewed; and several visits or meetings were made to observe work activities. The objectives reviewed during the assessment are included in Section 4.1. The team’s review identified three (3) Proficiencies (PRO), six (6) Priority 2 (P2) findings, and eight (8) Priority 3 (P3) findings. The proficiencies and findings identified by the team are listed in Sections 4.2 and 4.3. 4.1 Objectives

DOE - Assessment Program and Technical Capabilities

• DOE.1: SSO line personnel maintain cognizance of overall facility or activity status,

major changes planned, and overall safety posture.

• DOE.2: SSO has established and implemented an assessment program to determine SLAC’s compliance with requirements, including subcontractor compliance with requirements. SSO requires SLAC’s assurance systems to address all organizations, facilities, and program elements. SSO periodically evaluates SLAC’s performance in meeting contractual requirements and expectations.

• DOE.3: SSO performs self-assessments of its programmatic and line management oversight processes and activities to assess whether requirements and management expectations are met.

• DOE.4: The SSO has a documented, implemented program to determine the technical capabilities and positions that it requires to meet its mission needs and ensure safe operations. The program includes staffing analyses and plans that identify critical technical capabilities and positions. Continuing training is provided, as needed, to maintain necessary technical capabilities. SSO regularly assesses the program to determine its effectiveness.

Hazard Identification and Standards Selection - Accelerators (SPEAR 3, LCLS, and LINAC)

• HAZ-ACC.1: An integrated process has been established and is utilized to develop the controls that mitigate the identified hazards present within an accelerator facility or for accelerator-related activity. The set of controls ensures adequate protection of the public, worker, and the environment and is established as agreed upon by DOE. These mechanisms demonstrate integration, which merges together at the workplace.

• HAZ-ACC.2: A complete analysis has been performed of the safety and environmental hazards of the facility SAD, and specific controls have been developed and implemented to eliminate, control, or mitigate hazards (accelerator safety envelope [ASE]).

• HAZ-ACC.3: A configuration management process is in place whereby facility changes are evaluated for safety-related impacts and are approved at an appropriate level before implementation.

• HAZ-ACC.4: All accelerator operations are conducted in accordance with written, approved work instructions/procedures, and a system is in place to ensure that these work instructions/procedures are controlled so that only the most current approved version is used.


5

Objective: Management - Requirements Management

• MG.1: Applicable standards and requirements are identified and agreed upon.

Objective: Management - Work Planning and Control: Work Packages

• MG.2: The full spectrum of hazards associated with the scope of work is identified, analyzed, and categorized, including nonroutine operations and subcontractor work scopes. Those individuals responsible for analysis of the ES&H and worker protection hazards are integrated with personnel assigned to analyze the work processes.

• MG.3: SLAC’s procedures ensure that personnel responsible for analyzing the hazards and developing, reviewing, or implementing the controls have competence that is commensurate with their responsibilities. These personnel possess the experience, knowledge, skills, and abilities that are necessary to discharge their responsibilities.

• MG.4: The work package identifies the resources, including support organizations, needed to perform the work. The work package includes the instructions necessary to complete the work activities safely and efficiently, including integration of specific hazard controls and acceptance criteria for completion of the work. The work package is written so that it can be understood and effectively used by those who perform the work. The work package is formally approved prior to the start of work and formally closed when the task is complete. The roles and responsibilities are clearly defined and documented, with line management held responsible for safety. Personnel competence is commensurate with the assigned responsibilities.

Objective: Management - Work Planning and Control: Schedule Work

• MG.5: A defined process is used to identify, request, prioritize, and schedule work. The scheduling process has provisions for work not requiring a formal schedule. The schedule is managed through a formal change control process.

Objective: Management - Work Planning and Control: Confirm Readiness

• MG.6: Readiness to begin an activity or operation is confirmed prior to the scheduled work performance start with regard to the system (including software), prerequisite controls, work environment, people, documents, tools, and materials. The field conditions are confirmed to match the planning document(s). The work is formally authorized to proceed.

Objective: Management - SLAC Assessment Program

• MG.7: SLAC uses self-assessments to periodically evaluate performance at all levels and to determine the effectiveness of policies, requirements, and standards and their implementation status.

• MG.8: To support unbiased evaluations, internal independent assessments are performed by SLAC organizations or personnel that have authority and independence from line management.

Objective: Management - SLAC Issues Management

• MG.9: SLAC ensures that a comprehensive, structured issues management system is in place. This system provides for the timely and effective resolution of deficiencies, and it is an integral part of SLAC’s contractor assurance system.

Objective: Operations - Construction

• OP-CONST.1: An integrated process has been established and is utilized to effectively


6

plan, authorize, and execute the SLAC Facilities Department’s construction-related activities.

• OP-CONST.2: Each phase of the construction project must be evaluated for associated hazards. Appropriate protective measures are selected to specifically address the hazards identified in the hazard analyses. Identified hazards are promptly addressed.

• OP-CONST.3: Workers are aware of the hazards and selected controls to address project hazards.

• OP-CONST.4: Project safety personnel inspect the jobsite to identify existing hazards.

Objective: Operations - Radiological Protection (RP) (Remote)

• OP-RP.1: The SLAC Radiation Protection Program is adequately documented and implemented to meet the requirements of 10 Code of Federal Regulations (CFR) 835.

Objective: Worker Safety and Health Program

• WSHP.1: SLAC is meeting its management responsibilities for its WSHP under 10 CFR 851.

• WSHP.2: SLAC has documented processes to review its safety and health experience information for reportable items, trends, and lessons learned. SLAC trends this information, and senior management reviews the trend data regularly.

4.2 Proficiencies

DOE.1.4.PRO-001 The immediate oversight increase directed by the SSO

Manager because of increased incidents at the LCLS provided an example system.



4.3 Priority 2 Findings

DOE.2.9.P2-001



HAZ-ACC.3.1.P2-003 A written Unreviewed Safety Issue Process has not


7

been developed or implemented to improve the contractor’s safety authorization basis process.



WSHP.1.3.P2-006 As required in 10 CFR 851.11(c)(2), contractors must submit annually to DOE either an updated worker safety and health program for approval or a letter stating that no changes are necessary in the currently approved worker safety and health program. The revision to SLAC’s WSHP was submitted to SSO for approval two months after the annual submission date of the plan.

4.4 Priority 3 Findings

DOE.2.4.P3-001 The three-year assessment schedule does not include a

review of the SLAC qualification standard program, training program, or of SLAC staff training and qualifications related to ES&H.


HAZ-ACC.1.1.P3-003 Specific roles and responsibilities for facility management between operations of the electron beam and operations of the photon beams were not addressed in the SADs.

HAZ-ACC.1.1.P3-004 Beam Authorization Sheet (BAS) instructions do not allow for handwritten changes.


HAZ-ACC.2.9.P3-006 ASEs need to be improved in order to effectively communicate the risks associated with operating accelerators.

HAZ-ACC.3.2.P3-007 The Accelerator Readiness Review (ARR) process is not formalized.



8

5.0 CONCLUSIONS AND RECOMMENDATIONS

5.1 Stanford Site Office

There is evidence that over the past year that the SSO staff has been actively involved in field oversight of contractor activities and the process for event notification has been improved. SSO has established and is implementing an assessment program to monitor the contractor’s operations and evaluate performance. SSO can evaluate the contractual requirements and expectations through the development of the annual Contractor Performance Evaluation and Measurement Plan; however, additional improvement is needed to fully meet this objective. The SSO Assessment Program document includes management assessments (including self-assessments) as a key program element; however, self-assessments have not been completely established as a regular part of the overall assessment program.

5.2 Stanford Linear Accelerator Center

Three accelerator facilities (LCLS, LINAC, and the SPEAR-3) and their associated safety authorization basis documents (SADs and ASEs) were reviewed to ensure they were current and being maintained. The SLAC Guidelines for Operations and the Accelerator Division Operations Directives establish the processes and defines the majority of the roles, responsibilities, procedures, and program requirements necessary to carry out the functions of the accelerator program. The Radiation Safety Systems Technical Basis Document and Radiation Physics Notes provide a significant portion of the technical basis for radiation safety systems and controls used to operate the accelerator safely. A significant improvement has been made in updating these important documents. The authorization basis documents are adequate to support operations; however, the hazards and accident analysis and the overall accelerator safety envelope (ASE) should be improved to provide DOE a better understanding of the hazards, controls, and risks associated with operating its accelerators. Operating procedures and processes used to operate the accelerators were well written, approved, and controlled. Safety and health requirements, precautions, limitations, and response to alarms were also found to be adequate. Personnel are adequately trained for their area of responsibility, and operators at both the LINAC and SSRL accelerators were observed performing their job responsibilities dutifully and professionally. Areas for improvement in strengthening the configuration management process with a formal documented Unreviewed Safety Issue process that will address issues that have a significant impact to the safety of the facility; i.e., violation of facility design requirements, safety related equipment malfunction, radiation safety exposure, or safety envelope requirements. A formal documented Accelerator Readiness Review process is needed in order to provide a rigorous review and oversight process for commissioning and operating activities.

Work planning and control was previously identified in the OIO 2006 Assessment, and the corrective action remains open. Some organizations have effective parts of a work planning and control process; however, no organization interviewed had a system (or coordinated set of systems) that is formal, structured, and/or comprehensive (e.g., Particle Physics and Astrophysics plan, schedule, control, and perform work differently than the Facilities Group). There is no well-defined institutional process for work scheduling, prioritizing, and work control. SLAC is in the process of developing a comprehensive institutional work planning and control process which is scheduled to be tested in a few months. This process will focus on work scope definition, hazard analysis process, SME involvement, and the work authorization process and will provide consistency in work planning and control and include a consistent approach to hazard identification and control.


9

While the criteria and objectives of requirements management and work planning and control (CRADs MG.1-4) were not met, it was determined that additional findings for these objectives would not be identified in this review because it would be more productive for SLAC to concentrate on correcting items that have previously been identified in other assessments. It is apparent that SLAC recognizes the critical nature of the work planning and control process and the need for integration of hazards recognition and control as a part of work authorization and execution. Now that key players have been added to the staff, SLAC should place a high priority on implementing the corrective actions associated with Finding #C-1, as identified in the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center. It is also recommended that the effectiveness of the work planning and control process and hazard control requirements be assessed following implementation. There was no evidence that self-assessments were being conducted consistently across SLAC organizations. It is recommended that SLAC develop a consistent approach for conducting self-assessments and, as required in Chapter 33 of the ES&H Manual, enter the assessments into the Safety Management Records Tool (SMART) database. Implementation of the SLAC self-assessment process and implanting the required quality assurance management assessments would ensure a robust self-assessment program. A process was in place for internal independent assessments; however, the implementation is not mature enough to make an evaluation of its effectiveness.

A documented process exists for issues management (located in the SLAC Assurance Program Description); however, the Issues Management Program is not mature enough to determine the program’s effectiveness. In addition, roles and responsibilities for the data monitoring and analysis assurance professional identified in the Issues Management Program have not been assigned. The SLAC Radiation Protection Program is adequately documented and implemented to meet the requirements of 10 CFR 835. An integrated defined process has been established and is utilized to effectively plan, authorize, and execute the identified work for the SLAC subcontracting construction-related activities. Programs and procedures are in place to provide the direction necessary to incorporate ES&H requirements into the management of construction projects from initiation of a project through performance and closure. While controls identified were adequate to mitigate the hazards encountered during the work being performed, the Job Safety Analysis forms were often generic and lacking detail. This weakness in the preparation of job safety analyses (JSAs) has been previously identified and is being addressed in the current corrective action for work planning and control. Processes are in place to ensure hazards identified during the work activity are promptly addressed. SLAC is meeting its management responsibilities for its worker safety and health program as defined in 10 CFR 851. All management responsibilities have been identified and programs are in place to implement the process. SLAC has documented processes to review its safety and health experience information for reportable items, trends, and lessons learned; and information is provided to SLAC senior management for review on a periodic basis. While documented processes are in place and improvements are being made, some corrective actions resulting from the Office of Health Safety and Security Inspection conducted 2006, are still open which upon completion will further enhance the process of collecting and analyzing safety and health experience information. Evaluation of final effectiveness of this program is contingent upon completion and implementation of the current corrective actions.


10

6.0 LESSONS LEARNED

• Team members should be involved in development of the review plan and need

sufficient time allotted to prepare for the review. • Last minute changes to the team roster should be avoided. • The criteria for the objectives should accurately support the defined objectives and

review scope. • Site documents should be provided to the team members in sufficient time to allow

review prior to beginning field activities. • Onsite planning meetings should be held to focus on identification of activities and

information needed to support effective performance of field activities. • Use of previous reviews and assessments are a productive tool for defining the scope of

the assessment. • Excessive work hours (over 12 hours per day) tend to be unproductive and should be

avoided if possible. • Additional time should be factored into the schedule for reviewing and discussing the

identified issues as a group. • During the review, contractor staff should brief the assessors on the mechanisms that

are in place to assist with access to personnel for interviews and collection of documents (e.g., where computer databases are used to compile information, ensure that assessors have access prior to beginning of the assessment).

• For a review of this magnitude, additional administrative support personnel should be assigned to support the team.

• Contractor personnel should assist with scheduling interviews prior to the start of the review.

• A dedicated point of contact, knowledgeable of the site, should be assigned to assist each assessor.


A-1

Appendix A: Summary of Proficiencies and Findings


A-2



A-3

Summary of Proficiencies and Findings

CRAD

Identifier

Description

DEPARTMENT OF ENERGY

DOE.1 – The objective was met.

DOE.1.4.PRO-001 The immediate oversight increase directed by the SSO Manager because of increased incidents at the LCLS provided an example system.

DOE.2 – The objective was partially met.



DOE.2.9.P2-001


DOE.2.4.P3-001 The three-year assessment schedule does not include a review of the SLAC qualification standard program, training program, or of SLAC staff training and qualifications related to ES&H.


DOE.3 – The objective was not met.


DOE.4 – The objective was met.

None identified.


A-4

CRAD

Identifier

Description

HAZARD IDENTIFICATION AND STANDARDS SELECTION - ACCELERATORS

HAZ-ACC.1 – The objective was met.

HAZ-ACC.1.1.P3-003 Specific roles and responsibilities for facility management between operations of the electron beam and operations of the photon beams were not addressed in the SADs.

HAZ-ACC.1.1.P3-004 BAS instructions do not allow for handwritten changes.



HAZ-ACC.2.9.P3-006 ASEs need to be improved in order to effectively communicate the risks associated with operating accelerators.

HAZ-ACC.3 – The objective was not met.

HAZ-ACC.3.1.P2-003 A written Unreviewed Safety Issue Process has not been developed or implemented to improve the contractor’s safety authorization basis process.



None identified.

MANAGEMENT

MG.1 – The objective was not met.

None identified.


None identified.


None identified.


None identified.




A-5

CRAD

Identifier

Description


None identified.



MG.8 – The objective was met.

None identified.

MG.9 – The objective was met.


OPERATIONS-RADIOLOGICAL PROTECTION

OP-RP.1 – The objective was met.

None identified.

OPERATIONS-CONSTRUCTION

OP-CONST.1 – The objective was met.

None identified.


None identified.


None identified.


None identified.

WORKER SAFETY AND HEALTH PROGRAM

WSHP.1 – The objective was met.

WSHP.1.3.P2-006 As required in 10 CFR 851.11(c)(2), contractors must submit annually to DOE either an updated worker safety and health program for approval or a letter stating that no changes are necessary in the currently approved worker safety and health program. The revision to SLAC’s WSHP was submitted to SSO for approval two months after the annual submission date of the plan.

WSHP.2 – The objective was met.

None identified.


A-6



B-1

Appendix B: Team Roster


B-2



B-3

Team Roster

Team Position Name Organization

Team Lead David Allen DOE, Oak Ridge Office

Deputy Team Lead Don Wilhelm DOE, Stanford Site Office

Technical Editor Sheila Thornton Parallax, Inc.

Department of Energy (DOE.1, DOE.2, DOE.3, DOE.4)

Team Member Terry Allen DOE, Oak Ridge Office

Hazard Identification and Standards Selection – Accelerators (SPEAR 3, LCLS, and LINAC) (HAZ-ACC.1, .2, .3, and .4)

Team Member Scott Davis DOE, Oak Ridge Office

Management – Requirements (MG.1) and Work Planning and Control (Work Packages) (MG.2, .3, and .4)

Team Member Gary Love DOE, Oak Ridge Office

Management – Work Planning and Control (Schedule Work and Confirm Readiness) (MG.5 and MG.6), Assessment Program (MG.7 and MG.8), and Issues Management (MG.9)

Team Member Jack Weese DOE, Oak Ridge Office

Operations: Construction (OP-CONST.1, .2, .3, and .4)

Team Member James Craven DOE, Oak Ridge Office

Operations: Radiological Protection (Remote) (OP-RP.1)

Team Member Craig Booker DOE, Oak Ridge Office

Team Member Mike Henderson DOE, Oak Ridge Office

Worker Safety and Health Program (WSHP.1 and WSHP.2)

Team Member James Craven DOE, Oak Ridge Office


B-4



C-1

Appendix C: ISMS Effectiveness Review Forms


C-2



C-3

ISMS Effectiveness Review Form Review of SLAC and SSO

Functional Area: Department of Energy (DOE) – Assessment Program

Objective ID: DOE.1 Date: August 2008

OBJECTIVE DOE.1: SSO line personnel maintain cognizance of overall facility or activity status, major changes planned, and overall safety posture. [DOE O 226.1A, Att. 2, 2a] Criteria and Discussion of Results

DOE.1.1 SSO reviews and critiques SLAC’s processes and performance in identifying, evaluating, and reporting events and safety issues that are required to be reported by laws, regulations, or DOE directives to determine whether issues are properly screened, evaluated, and reported for ES&H. [DOE O 226.1A, Att. 2, 2a(1), 2c(4)]

Discussion of Results:

SSO has an Operational Awareness Program document that was initially established in April 2005 and subsequently updated in August 2006. This program document provides the foundation for the SSO activities involving the day-to-day interactions related to SSO oversight of the contractor. Included within the document is a tabulation of the key SSO and SLAC documents related to the Environment, Safety, Health, and Quality functional areas along with the requirement drivers associated with those documents.

With regard to reporting of events and safety issues, the DOE SSO Manager indicated that during a recent “summit” with key managers from SLAC and SSO a process was developed to improve event notifications and follow-up, both within SLAC and between SLAC and the SSO. Prior to the summit the method of sharing information within SLAC and between SLAC and SSO was haphazard, inconsistent, and often lacked follow-up and closure. The reporting process was revised and communicated to site personnel through a sequence of management and employee training sessions. The basic steps of the process have been captured on a SLAC approval job aid (card) that has been distributed to all SLAC and SSO staff and management as a means of informing all employees of the process steps. Since the new process was put in place in June 2008, only one event has occurred that has triggered the use of this process. The implementation of the new reporting process for this event went smoothly.

This criterion was met.

DOE.1.2 SSO evaluates and monitors SLAC’s evaluations, corrective actions, and trends, and it assesses whether SLAC has identified and implemented effective recurrence controls. SSO requires that deficiencies be analyzed both individually and collectively to identify causes and prevent recurrences. [DOE O 226.1A, Att. 2, 2a(2), 2b(10)]


The Lead for the ES&H and Facility Operations Team indicates that SSO now has direct access to SLAC’s Corrective Action Tracking System (CATS) where SSO can monitor the contractor’s corrective action progress. The SSO Annual Performance Plan has also


C-4

identified key performance improvement initiatives (described in detail in the annual Contractor P ) that are monitored at prescribed frequencies.

There are formal and informal direct communication of issues found during field observations to enable prompt follow-up and resolution by SSO and SLAC. The SSO also provides formal, semi-annual feedback to Stanford University and SLAC related to the contractor’s performance against the expectations established by SSO in the Performance Evaluation and Management Plan [PEMP]).


DOE.1.3 SSO’s operational awareness activities are documented, either individually or in periodic (e.g., weekly or monthly) summaries. [DOE O 226.1A, Att. 2, 2a(3)]


The SSO requirements for operational awareness activities (i.e., walkthroughs) are described in the SSO-OA-03, Rev. 1, SSO Assessment Program, procedure, Section 10. The procedure calls for documentation of the operational awareness activities in the ORION database system. The ES&H and Facility Operations Team Lead has a SLAC-maintained spreadsheet (since July 1, 2008) that captures LCLS findings and observations from field oversight activities that facilitates tracking and trending of the findings and observations. There were 53 entries on this spreadsheet, as of August 6, 2008, reflecting contributions from eight SSO staff members, including the DOE SSO Manager. The SSO has been entering field observations into ORION and/or SMART databases since 2005.


DOE.1.4 SSO management’s expectations for time to be spent in the field by both management and line organization personnel are documented and understood by SSO personnel. The time spent in the field (e.g., walkthroughs, management walkthroughs, field visits) is documented and tracked in either the SSO or SLAC tracking system.


There is evidence that there has been a significant increase in the field presence of the SSO staff at SLAC. The DOE SSO Manager has provided the SSO staff with his expectations for time in the field and is leading by example. The performance plans for the SSO managers, as well as the ES&H and Facility Operations Team staff, include a critical element that defines expectations associated with preparation and conduct of field observations. The individual performance plans for SSO managers and staff identify specific requirements for time in the field to meet performance expectations. At the direction of the SSO Manager, an extensive oversight system was also implemented to provide additional employees on LCLS oversight due to increased incidents on the construction site.

See DOE.1.3.


DOE.1.5 SSO communicates deficiencies in programs or performance identified during operational awareness activities to SLAC for resolution through a structured issues management process. The issues management tracking system can be managed by SSO or SLAC. [DOE O 226.1A, Att. 2, 2a(4)]


See DOE.1.2 and 1.3.


C-5


Conclusion There is evidence that over the past year the SSO staff has been actively involved in field oversight of contractor activities and the process for event notification has been improved. The objective was met. Findings None identified. Proficiencies DOE.1.4.PRO-001 The immediate oversight increase directed by the SSO Manager because of

increased incidents at the LCLS provided an example system.

Observations of Work Activities Walkthrough of the LCLS with the DOE SSO Manager Interviews Conducted DOE SSO Manager DOE SSO Deputy Site Manager ES&H and Facility Operations Team Lead Safety Engineer/Operational Safety Physical Scientist/Environmental Senior Contracting Officer Records Review SSO ES&H and Facility OpsTeam Roles, February 22, 2008 SSO Contract & Business Operations – Team Responsibilities, No date DE-AC02-76SF00515, Appendix B, FY 2009 Contractor Performance Evaluation and Measurement

Plan for Management and Operations of the Stanford Linear Accelerator Center, Draft 05, No date DOE/SSO-Building Assessment Program Calendar Year 2007, January 14, 2008 DOE Memorandum from Paul Golan, DOE SSO Manager, to George J. Malosh, DOE Chief Operating

Officer, Office of Science, subject: Transmittal of Stanford Site Office Integrated Safety and Environmental Management System Description, October 30, 2007

Integrated Safety and Environmental Management System Description for the U.S. Department of Energy, Stanford Site Office, October 30, 2007

Corrective Action Plan Summary Report of the Office of Independent Oversight October-November 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center, March 2007


C-6

DOE Memorandum from Glenn S. Podonsky, Chief Health, Safety and Security Officer, Office of Health, Safety and Security, to George J. Malosh, DOE Chief Operating Officer, Office of Science, subject: Response to the Final Corrective Action Plan—Independent Oversight Inspection of the Environment, Safety and Health Programs at the Stanford Linear Accelerator Center, March 28, 2007

SSO Training for SOP SSO-ADM-12, DOE Directives Distribution and Implementation, May 21, 2007 SSO-ADM-12, DOE Directives Distribution and Implementation, May 7, 2007 The SSO Work Smart Standards Process (SSO presentation), June 19, 2007 SSO Training for Work Smart Standards SOP, June 19, 2007 SSO-OA-12, Work Smart Standards Process, May 30, 2007 E-mail from David R. Allen to Aundra Richards, subject: RE: SSO Document Control System,

July 12, 2007 SOP-QA-05, Accident Investigation, August 7, 2007 SSO-OA-03, SSO Assessment Program, Rev. 1.0, October 30, 2007 SOP-ADM-03, Review of Key Documents, Rev. 0, October 30, 2007 Technical Qualification Program Manual for Federal Personnel with Safety Oversight Responsibilities

for Office of Science Facilities, Rev. 0, June 2007 SSO Office/Facility-Specific Qualification Standard, Rev. 0, March 2007 SSO-ADM-04, Technical Qualification Program, Rev. 0, March 27, 2007 DOE Site Observations, printed August 7, 2008 SSO Three (3) Year ES&H Assessment Plan, Rev. 2.0, August 2006 Stanford Site Office ES&H and Financial Assessment Schedule FY08-FY10, Draft, Rev. 2.0,

March 13, 2008 Stanford Site Office – Integrated Assessment Schedule, Rev. 1.0, No date Level III Functions, Responsibilities, and Authorities Manual, Rev. 0.0, April 22, 2008 Qualifying Officials SSO Office Standard, July 17, 2008 Qualifying Official List, Functional Area Standards, August 7, 2008 SSO Qualifying Official List, Office/Team Competencies, August 7, 2008 SLAC STA Training, Manager and Deputy Manager, No date Examples of TQP Assignment Memorandums, Various dates Examples of Technical Qualification Program Start Date, Various dates DOE Memorandum from Aundra Richards, DOE SSO Manager, to Identified Staff, subject: DOE

Technical Qualification Program Implementation and Participation, December 26, 2006 DOE Memorandum from Paul Golan, DOE SSO Manager, to Distribution, subject: Update—DOE

Technical Qualification Program Implementation and Participation, June 5, 2008 DOE Memorandum from Gerald G. Boyd, DOE Oak Ridge Office Manager, to George Malosh, Chief

Operating Officer, Office of Science, subject: Technical Qualification Program within Office of Science, March 8, 2007

Technical Qualification Program Manual, A Desktop Reference for Supervisors and Participants, March 2007

Technical Qualification Program Manual for Federal Personnel with Safety Oversight Responsibilities for Office of Science Facilities, Rev. 0, March 2007

Examples of TQP Assignment Memorandums, Various Dates Berkeley Site Office (BSO) and Stanford Site Office (SSO) TQP Implementation, Project Management

Plan, Draft, November 2006 The New but Practical SSO TQP (SSO Presentation), 2007 DOE-STD-1156-2002, Technical Qualification Program, Functional Area Qualification Standard, SSO

Office/Facility-Specific, Technical Qualification Card (blank example), March 2007 DOE-STD-1156-2002, Technical Qualification Program, Functional Area Qualification Standard, SSO

Office/Facility-Specific, Technical Qualification Card, Paul Golan, March 2007 The SSO TQP (SSO Presentation), 2007 Environmental Management System (EMS) Awareness Training (SSO Presentation), May 2008


C-7

DOE Memorandum from Nancy N. Sanchez, DOE SSO Manager, to SSO Files, subject: FY0 SSO ES&H Self-Assessment Report, October 3, 2006

Operational Awareness Program for the Oversight of the Stanford Linear Accelerator Center (SLAC), Rev. 2.0, August 28, 2006

SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 33, Line Management Self-assessment, April 24, 2008

Submitted by: Terry Allen and Don Wilhelm, Team Members Approved by: David Allen, Team Leader


C-8



C-9




OBJECTIVE DOE.2: SSO has established and implemented an assessment program to determine SLAC’s compliance with requirements, including subcontractor compliance with requirements. SSO requires SLAC’s assurance systems to address all organizations, facilities, and program elements. SSO periodically evaluates SLAC’s performance in meeting contractual requirements and expectations. [DOE O 226.1A, Att. 2, 2b, 2c, 2d] Criteria and Discussion of Results

DOE.2.1 SSO uses a combination of DOE line management oversight, contractor self-assessments, and other performance indicators (e.g., performance measures and event reports) to evaluate SLAC’s performance.

[DOE O 226.1A, Att. 2, 2d(1)]


At the time of this review, SSO was in the process of completing the Contractor Performance Evaluation and Measurement Plan that documents the SLAC performance expectations for FY 2009. The DOE SSO Manager directed SSO to improve the process for developing performance measures, as well as making the set of performance indicators more comprehensive and relevant to the laboratory operations. The FY 2009 PEMP includes performance expectations that not only flow down the key performance expectations from the Office of Science, but also identifies current areas of weakness that need focused attention from the contractor during the performance period. For example, there have been persistent issues identified for several years regarding deficiencies in the contractor’s work planning and control process. The FY 2009 PEMP has established some specific expectations and measures to drive timely improvements in this critical laboratory operational area.


DOE.2.2 SSO has established a documented program plan that describes its oversight activities. SSO develops an annual schedule of planned assessments and focus areas for operational awareness. Although modifications to the schedule are expected in response to changing circumstances, the modifications are approved by SSO in accordance with a defined, documented process; otherwise, assessments are completed as planned.

[DOE O 226.1A, Att. 2, 1m]


SSO-OA-03, Rev. 1, SSO Assessment Program, defines the requirements and responsibilities within SSO for the conduct of an assessment program. The procedure requires development of an assessment plan and integrated assessment schedule which have been developed and are being maintained. An effort is currently underway to


C-10

develop a comprehensive assessment program that consolidates and coordinates assessment activities among SLAC, Stanford University, and SSO. The overall assessment plan for FY 2009 is still under development; however, there is an important foundation for this kind of cooperation established by the “Partnership Commitment” that was signed earlier this year by the SLAC Director, the Stanford University Vice President for SLAC, and the DOE SSO Manager.

SSO has maintained an integrated three-year assessment plan and schedule for the past few years and has generally adhered to the schedule. SSO has been involved in any schedule adjustments, as necessary.

The SSO Assessment Program document includes descriptions of mechanisms for conducting assessments, reporting results, conducting root-cause analyses, developing corrective action plans (CAPs), and tracking and trending results.


DOE.2.3 SSO’s line management assessments are planned and scheduled based on requirements, analysis of the hazards and risks, reviewing/trending of past performance, and the effectiveness of SLAC’s assurance systems for organizations, facilities, operations, and programs.

[DOE O 226.1A, Att. 2, 2b(1)]


See DOE.2.2.


DOE.2.4 SSO’s assessments include reviews of SLAC’s site qualification standard programs, training programs, and individual training and qualifications as they relate to ES&H. The SSO Assessment Program provides assurance that DOE managers have an accurate picture of the status and effectiveness of SLAC’s programs and that deficiencies are identified in a timely manner. [DOE O 226.1A, Att. 2, 2b(7), 2b(4)]


There is no direct indication from the three-year assessment schedule that a review of the SLAC qualification standard program, training program, or of SLAC staff training and qualifications related to ES&H are included.

This criterion was partially met.

DOE.2.5 SSO assesses the implementation and effectiveness of SLAC’s assurance systems for ES&H and their subelements (e.g., radiation protection within ES&H) by examining the following:

• Assessment methods (e.g., whether sufficient emphasis is placed on observation of work activities).

• The frequency, breadth, and depth of self-assessments. • Line management involvement in self-assessments. • Evaluators’ technical expertise and qualifications. • The number and nature of findings identified. • The degree of rigor applied to self-assessments. [DOE O 226.1A, Att. 2, 2c(1)]


C-11


SLAC ES&H Manual Chapter 33, Line Management Self-assessment, describes the SLAC line management self-assessment program as it relates to ES&H. During interviews, it was noted that SSO has reviewed this program document and implementation as part of their oversight program. However, they also indicated that the depth and breadth to which they have reviewed the SLAC assurance system is not mature.

This criterion was not met.

DOE.2.6 In addition to scheduled assessments, SSO performs for-cause reviews when circumstances warrant (e.g., when events indicate degradation of a system or in support of startup and program document reviews). [DOE O 226.1A, Att. 2, 2b(2); 2b(8)]


Based on information gathered during interviews, SSO has not conducted a for-cause review.

This criterion is not currently applicable.

DOE.2.7 SSO performs assessments in support of facility startups and restarts, and it reviews and approves the required program documents (e.g., authorization basis documents). [DOE O 226.1A, Att. 2, 2b(3)]


The SSO routinely reviews and approves authorization basis documents. SSO has reviewed and approved SADs associated with site operations (See HAZ-ACC.1.4). This area may require support from the Integrated Support Center if such a review becomes necessary in the future.


DOE.2.8 Deficiencies identified by SSO’s assessments or other DOE reviews are addressed in a structured issues management process, including provisions for review of corrective action plans. SSO’s assessment results, including findings, are documented and provided to SLAC for timely resolution. [DOE O 226.1A, Att. 2, 2b(5), 2b(6), 2b(9)]


The most recent evidence is the process used for developing the corrective action plan for the Office of Health, Safety, and Security Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center conducted in 2006. The corrective action plan was completed cooperatively between SLAC and SSO, and the SSO Quality Assurance Manager is tracking corrective action closures, as well as maintaining supporting documentation in SSO files.


DOE.2.9 SSO verifies that SLAC’s corrective actions for DOE findings are complete and effective in addressing deficiencies before they are closed out in the issues management system. [DOE O 226.1A, Att. 2, 2b(6)]


There are corrective action development processes in place, including causal analysis, both within the SLAC and SSO programs. However, there is evidence that these processes are not entirely achieving their primary objective. Previous assessments have continued to identify similar issues and findings in significant program areas (e.g., work


C-12

planning and control).

See DOE.2.8.


DOE.2.10 SSO requires that SLAC track and resolve its internal findings through structured, formal processes. [DOE O 226.1A, Att. 2, 2b(9)]


See DOE.1.2 and 1.3.


DOE.2.11 SSO validates that corrective actions have been implemented and are effective in resolving deficiencies and preventing recurrence. [DOE O 226.1A, Att. 2, 2c(3)]


SSO has recently required that the contractor include, as part of their corrective action plans, an effectiveness review as a final step before corrective action closure. SSO has a documented process for effectiveness reviews.

See DOE.2.9.


Conclusion SSO has established and is implementing an assessment program to monitor the contractor’s operations and evaluate performance. SSO can evaluate the contractual requirements and expectations through the development of the annual Contractor Performance Evaluation and Measurement Plan; however, additional improvement is needed to fully meet this objective. The objective was partially met. Findings DOE.2.9.P2-001 The current corrective action processes are not structured in a way to promptly

identify and drive closure of the actions necessary to correct significant issues.

DOE.2.4.P3-001 The three-year assessment schedule does not include a review of the SLAC qualification standard program, training program, or of SLAC staff training and qualifications related to ES&H.


Proficiencies DOE.2.2.PRO-002 The “Partnership Commitment” document signed by the SLAC Director, the

Stanford University Vice President for SLAC, and the DOE SSO Manager provides an important foundation for progress in and improvements of SLAC current operations and future direction.


C-13


Observations of Work Activities None observed. Interviews Conducted See DOE.1. Records Review See DOE.1. Submitted by: Terry Allen and Don Wilhelm, Team Members Approved by: David Allen, Team Leader


C-14



C-15




OBJECTIVE DOE.3: SSO performs self-assessments of its programmatic and line management oversight processes and activities to assess whether requirements and management expectations are met. [DOE O 226.1A, Att. 2, 2e]

Criteria and Discussion of Results

DOE.3.1 SSO performs self-assessments of its oversight program activities to determine whether requirements and expectations are being met.

[DOE O 226.1A, Att. 2, 2e]


SSO conducted an ES&H self-assessment in October 2006 that included a guide for the SSO staff for conducting ES&H self-assessments. As the title indicates, this guide is limited to ES&H self-assessment activities. Recent external assessments have identified findings similar to those identified in the 2006 self-assessment report. For example, the 2006 self-assessment included a finding that “SSO does not have an office-wide document control system.” A similar finding was also noted in the subsequent HSS ES&H Inspection conducted in 2006.

The SSO Assessment Program document required by the OIO CAP (initially issued October 30, 2007) includes management assessments (including self-assessments) as a key program element. However, there are no SSO self-assessments scheduled.

A gap analysis that served as a self-assessment for DOE Order 226.1A was conducted in October 2007. Thirty-five of the thirty-eight requirements were identified as “partially met.” As a result of addressing findings from other assessments, some of the gaps have been addressed.

See DOE.3.4.

The SSO quality assurance program lead has informally self-assessed the completion of SSO corrective actions associated with the 2006 OIO review of the ES&H programs at SLAC. Two of the OIO corrective actions in the SSO portion of the corrective action plan that have no evidence of closure, although the actions are identified as closed. These corrective actions are (1) developing an SSO Requirements Management System (D2-2) and (2) establishment of an SSO Document Control System. This criterion was partially met.

DOE.3.2 The frequency of assessments of these functions is commensurate with the hazards and risks related to the activity being assessed.

[DOE O 226.1A, Att. 2, 2e]


C-16


Currently, there are no self-assessments formally scheduled as part of the SSO Assessment Program, although there is evidence that some self-assessments are being performed.

See DOE.3.4.


DOE.3.3 SSO has continuous improvement mechanisms (e.g., corrective action processes) in place to improve the effectiveness and efficiency of oversight programs and site operations. [DOE O 226.1A, Att. 2, 2e]


The SSO Assessment Program document includes descriptions of mechanisms for conducting assessments, reporting results, conducting root-cause analyses, developing corrective action plans, and tracking and trending results.


DOE.3.4 SSO regularly assesses the effectiveness of its processes for collecting, evaluating, and reporting SLAC’s performance data to ascertain the accuracy, completeness, and validity of the performance measures.

[DOE O 226.1A, Att. 2, 2c(5)]


In January 2008, SSO conducted a self-assessment of results from their Building Assessment Program activities conducted in calendar year 2007. The report from the self-assessment included an analysis of the data collected from building assessments during 2007, as well as identifying ways to improve the building assessment program.

Although there is evidence of some self-assessments, the evidence is from recent activities. Self-assessments have not been completely established as a regular part of the overall assessment program.

See DOE.3.1.


Conclusion The SSO Assessment Program document (initially issued October 30, 2007) includes management assessments (including self-assessments) as a key program element; however, self-assessments have not been completely established as a regular part of the overall assessment program. The objective was not met. Findings DOE.3.4.P2-002 Self-assessments have not been completely established as a regular part of the

overall assessment program.


C-17

Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted See DOE.1. Records Review See DOE.1. Submitted by: Terry Allen and Don Wilhelm, Team Members Approved by: David Allen, Team Leader


C-18



C-19


Functional Area: Department of Energy (DOE) – Technical Capabilities


OBJECTIVE DOE.4: The SSO has a documented, implemented program to determine the technical capabilities and positions that it requires to meet its mission needs and ensure safe operations. The program includes staffing analyses and plans that identify critical technical capabilities and positions. Continuing training is provided, as needed, to maintain necessary technical capabilities. SSO regularly assesses the program to determine its effectiveness. [DOE M 426.1-1A]


DOE.4.1 The roles, responsibilities, and procedures for implementing the SSO’s technical capability program are clearly defined and understood by all involved.

[DOE M 426.1-1A]


The SSO Technical Qualification Program, Rev. 0, March 2007, serves as the reference for supervisors and Technical Qualification Program (TQP) participants and describes how the TQP is implemented at SSO.

Significant implementation activities include enrolling in the program, identifying program and individualized competencies, attaining the competencies, completing the program, and maintaining and enhancing proficiency through continuing training and requalification. Each section of the manual lists the actions required by the TQP participant.

SSO has also developed training matrices for all SSO staff positions that identify training available with provisions for SSO management to identify mandatory training (driven by some requirement), supervisor required training, or voluntary training the individual can use for development.


DOE.4.2 SSO has performed an analysis to identify the related knowledge, skill, and ability elements to accomplish the duties and responsibilities for each critical ES&H technical position needed to ensure safe operations. This analysis is periodically updated.

[DOE M 426.1-1A]


The performance plans and individual development plans (IDPs) for the SSO staff have been revised this year to include technical qualification requirements where applicable. The DOE SSO Manager also indicated that the FY 2009 site office budget would be submitted with increases to enable additional staff training and development, including


C-20

completion of TQP requirements for key positions.


DOE.4.3 SSO develops and maintains technical staffing plans to identify critical safety positions

and other key technical positions within the organization. The staffing plans form the basis for recruiting, developing, and deploying technical personnel in the organization. [DOE M 426.1-1A]


SSO develops an Annual Performance Plan that includes an annual staffing analysis. Specific staffing needs and justifications are summarized, including projections of anticipated out-year needs.

SSO utilizes functional matrices that identify the various program and functional areas that are under the purview of SSO and has assigned staff to lead and backup roles. Similarly, SSO has developed a three-year assessment plan showing the functional areas that require site office oversight. Using these tools, SSO determines its staffing needs as well as areas where support is needed as a shared resource from the DOE Berkeley Site Office or from the Integrated Support Center.


DOE.4.4 SSO’s technical capability program ensures that it has an adequate number of SMEs with the right mix of technical qualifications to conduct oversight of SLAC’s ES&H activities. [DOE M 426.1-1A]


See DOE.4.3.


DOE.4.5 The technical position competency requirements include clearly defined knowledge, skill, and ability elements. Related professional certification requirements are considered in the program, as applicable.

[DOE M 426.1-1A]


SSO has developed training matrices for all SSO staff positions that identify training available with provisions for SSO management to identify mandatory training (driven by specific requirements), supervisor required training, or voluntary training the individual can use for development.


DOE.4.6 SSO employees in safety positions and other key technical positions possess the requisite education, training, experience, and background for their positions. They are familiar with the requirements related to the rules, regulations, codes, standards, and guides necessary to carry out their responsibilities.

[DOE M 426.1-1A]


SSO employees in the key safety and technical positions have been selected for their


C-21

respective positions based on their knowledge, skills, and abilities that coincide with the requirements for their position. In addition, the DOE SSO Manager has designated nine key staff positions that have been enrolled in the Technical Qualification Program. Status of completing the TQP requirements is at various stages for the various staff members depending on their start dates in the TQP program.


DOE.4.7 SSO managers are aware of the requirements and administrative flexibilities associated with recruiting, hiring, and retaining high-quality technical employees. SSO has implemented an effective process to attract highly competent technical personnel to fill key positions.

[DOE M 426.1-1A]


The DOE SSO Manager indicated that he uses the DOE Human Resources system to help define for individual staff members their potential advancement path and the training and qualifications necessary for advancement.


DOE.4.8 Continuing training is provided, as needed, to maintain necessary technical capabilities. [DOE M 426.1-1A]


SSO uses the Individual Development Plans to identify and get management input on needed continuing training. In addition, the DOE SSO Manager has included in the Annual Performance Plan projections of increases in travel and training funds to facilitate the need for continuing training and development of the SSO staff. SSO also utilizes the SLAC Training Assessment (STA) to obtain additional ES&H training provided by SLAC.

See DOE.4.5.


DOE.4.9 Individual development plans, training plans, technical qualification records, or other related documents are updated to reflect the activities required for each individual to satisfy technical competencies. The established records system includes all of SSO’s safety/technical personnel.

[DOE M 426.1-1A]


See DOE.4.2.


DOE.4.10 A formal evaluation process is in place to objectively measure the technical competency of employees. The rigor of the evaluation process is commensurate with the responsibilities of the position.

[DOE M 426.1-1A]


See DOE.4.2.


C-22


Conclusion The SSO Annual Performance Plan includes the results of the annual staffing analysis. This is complemented by the SSO Technical Qualification Program Manual along with training matrices and functional matrices that enables implementation of the key elements of the SSO training program. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted See DOE.1. Records Review See DOE.1. Submitted by: Terry Allen and Don Wilhelm, Team Members Approved by: David Allen, Team Leader


C-23


Functional Area: Hazard Identification and Standards Selection (HAZ) - Accelerators

Objective ID: HAZ-ACC.1 Date: August 2008

OBJECTIVE

The assessor’s focus for the HAZ-ACC objectives is limited to the SPEAR 3, the LCLS, and the LINAC.

HAZ-ACC.1: An integrated process has been established and is utilized to develop the controls that mitigate the identified hazards present within an accelerator facility or for accelerator-related activity. The set of controls ensures adequate protection of the public, worker, and the environment and is established as agreed upon by DOE. These mechanisms demonstrate integration, which merges together at the workplace. [ISMS Handbook, Ph 2, HAZ.2]


HAZ-ACC.1.1 SLAC’s procedures and/or mechanisms are in place to develop, review, approve, and maintain current all elements of the facility authorization basis documentation with an integrated workforce. [Ph 2, HAZ.2]


The area reviewed focused on SLAC accelerators, specifically the LINAC Coherent Light Source, the Linear Accelerator, and the Stanford Positron Electron Asymmetric Ring (SPEAR)-3 Safety Assessment Documents. SADs form the basis for authorizing and operating accelerators. Each SAD was reviewed; and selected procedures, processes, and mechanisms associated with implementing accelerator operations were assessed. Generally, SLAC accelerator safety procedures and the supporting documentation reviewed were found to be adequate for operations. Several areas could be improved with better integration of operations and consistent application of the requirements; i.e., hazards and analysis in each SAD for each facility. Review of the LINAC and LCLS SADs did not identify specific roles and responsibilities with respect to facility management between operations of the beam and operations of the photons.

Selected procedures and supporting documentation were reviewed and found to have been updated as required. The SLAC Guidelines for Operations are used to operate and maintain accelerator facilities in a safe configuration. While some guidelines were relatively old with respect to their revision date, SLAC management and operating personnel consistently referred to them for guidance in conducting operations. Guideline 13, Radiation Safety, dated March 1997, was reviewed and found to address both personnel and equipment safety aspects. Guideline 14, Configuration Control of Radiation Safety Systems, dated March 1998, was reviewed and found to address accelerator systems; shielding, Personnel Protection System; Beam Containment System and Beam Shut-Off Ion Chamber System; and the Radiation Safety Work Control Form (RSWCF) mechanism.

The RSWCF is used in part to ensure the facility authorization basis or safety envelope is maintained. Beam Authorization Sheets are defined in Guideline 14 and are used to setup or line up the accelerator for running conditions. Running conditions versus


C-24

modes of operations need to be clarified; however, currently the system seems to work for SLAC. The BAS, in connection with the RSWCF, serves to document the accelerator condition, its physical lineup, and documents those critical systems and components that are tested and verified to be working, and will control the operation of the accelerator within approved safety envelope parameters.

During the review, several parameters were checked and challenged and found to be current with respect to the General BAS (issued November 15, 2007) and the BAS for LINAC Pre-Running Conditions (issued December 3, 2007) and for LINAC operations and BAS LCLS Injector Pre-Running Conditions (issued December 12, 2007).

It was noted that the formality of changes to these documents were handwritten changes, and the changes made to page 2, Index, were handwritten and somewhat difficult to follow. One specific date was missing, and the BSA instruction did not specifically authorize handwritten changes to the BAS.

SLAC’s procedures and/or mechanisms are in place to ensure the facility maintains the authorization basis; however, some improvements can be made to the control room’s recordkeeping of the BAS.


HAZ-ACC.1.2 SLAC’s procedures and/or mechanisms that identify and implement the appropriate controls for hazards mitigation within a facility or for an activity are developed and utilized by competent personnel, include input from workers, and are approved by line managers. These procedures/mechanisms reflect the set of safety requirements agreed to by DOE. [Ph 2, HAZ.2]


Accelerator operations are conducted with approved procedures and mechanisms that identify and implement appropriate controls for hazards mitigation within the facilities. Managers and operators were interviewed to determine if they were well versed on facility hazards, controls, and mitigation actions necessary to protect the facility authorization basis. Interviews found SLAC personnel to be well trained and knowledgeable of facility operations and associated hazards. Matrix support personnel from Radiation Protection were knowledgeable of facility requirements and their safety responsibilities to adequately carry out their assigned functions.

Review of selected Beam Authorization Sheets and Radiation Physics Notes indicated that mechanisms are in place to identify and check safety requirements prior to performing accelerator operations. Operators interviewed were knowledgeable of the many procedures necessary to clear areas through search procedures, and verify interlocks and other safety systems, and use other subject matter expertise necessary to assist them in operating the accelerator.


HAZ-ACC.1.3 SLAC’s procedures and/or mechanisms are in place to develop and maintain the authorization basis documents. [Ph 2, HAZ.2]


Three accelerator facilities and their associated safety authorization basis documents were reviewed to ensure they were current and being maintained. The SAD and its associated Accelerator Safety Envelopes are considered to be the facility safety authorization basis. This review focused on the LCLS, the LINAC, and the SPEAR-3


C-25

SADs. The SLAC Guidelines for Operations and the Accelerator Division Operations Directives establish the processes and define the majority of the roles, responsibilities, and program requirements necessary to carry out the functions of the accelerator program. These documents define the process necessary to train and educate accelerator personnel on the procedures and mechanisms necessary for personnel to carry out the functions to safely operate the accelerator. In addition, the ES&H Manual identifies the applicable requirements for ES&H staff to interface with and address many of the safety and radiation safety requirements in facility safety basis or safety authorization requirements. The Radiation Safety Systems Technical Basis Document, dated June 22, 2007, provides the basis for the radiation safety requirements necessary to run the accelerator and supports the basis for the accelerator safety envelope.

DOE Order 420.2B, Safety of Accelerator Facilities, requires the contractor to have a shielding policy. The Shielding Policy for SLAC is contained in the Radiation Safety Systems Technical Basis Document, Section 1.2, Policies, Subsection 1.2.1, Shielding.


HAZ-ACC.1.4 SLAC’s procedures and/or mechanisms are in place to effectively and accurately implement all aspects of the authorization basis. [Ph 2, HAZ.2]


The facility authorization basis is implemented through a series of management and engineering systems that are designed to protect the worker, the public, and the environment. Some controls are implemented to protect the equipment and are part of the overall controls program. The Radiation Safety Systems Technical Basis Document provides the design and implementation criteria for many of the control systems associated with the operation of the accelerator. The Radiation Safety Systems Technical Basis Document, as reviewed, was found to be adequate for guidance in implementing controls supporting the facility authorization basis. Also, it should be noted that criteria necessary to support hazard analyses for the SAD is in the Technical Basis Document.


Conclusion Three accelerator facilities and their associated safety authorization basis documents were reviewed to ensure they were current and being maintained. This reviewed focused on the LCLS, the LINAC, and the SPEAR-3 Safety Assessment Documents. The SADs and its associated Accelerator Safety Envelope are considered to be the facility safety authorization basis. The SLAC Guidelines for Operations and the Accelerator Division Operations Directives establish the processes and defines the majority of the roles, responsibilities, procedures, and program requirements necessary to carry out the functions of the accelerator program. The Radiation Safety Systems Technical Basis Document provides the technical basis for radiation safety systems that make up the majority of the controls used to operate the accelerator safely. These documents, as reviewed, adequately describe the integrated process taken to establish and develop the controls that mitigate identified hazards present within the reviewed accelerator facilities. The objective was met.


C-26

Findings HAZ-ACC.1.1.P3-003 Specific roles and responsibilities for facility management between

operations of the electron beam and operations of the photon beams were not addressed in the SADs.

HAZ-ACC.1.1.P3-004 BAS instructions do not allow for handwritten changes.

Proficiencies None identified. Observations of Work Activities MCC LINAC Operations – Plan-of-the-Day Meeting MCC LINAC Operation – Operations Center Facility and Procedure Review SSRL Operations – Plan-of-the-Day Meeting SSRL Operations – Operations Center Facility and Procedure Review LCLS Facility Tour Interviews Conducted Acting Associate Laboratory Director for LCLS Directorate Associate Laboratory Director for SSRL Directorate Associate Laboratory Directory for LCLS Director, Operations and System SSRL for SSRL Director, Structural Molecular Biology and Science Research for SSRL Director, Accelerator Systems for PPA Deputy Director, Accelerator Systems for PPA Accelerator Operator, Engineer in Charge, Accelerator Operations for PPA Two Accelerator Systems Operators, ASO-1 Deputy Project Director, LCLS Director, ES&H Records Review SLAC-I-010-30100-000-R000, Linear Accelerator Facility Accelerator Safety Envelope, July 3, 2008 SLAC-I-010-30100-016-R000, LCLS Undulator Complex Safety Assessment Document, July 3, 2008 SLAC-I-720-0A29Z-001-R023.3, ES&H Manual, Chapter 9, Radiological Safety, December 31, 2007 RP-05-01, SLAC Radiation Physics Note, Operational Radiation Safety Program for SSRL Beamlines,

Rev. 4, July 30, 2008 SLAC-I-040-30800-001, Operations BAS Instructions, December 14, 2000, Beam Authorization Sheet,

November 15, 2007 SLAC-I-040-50400-001, ASO-1 Qualification Workbook, No date SLAC-I-040-50500-004, EOIC Qualification Workbook, No date Accelerator Division Documents List, July 31, 2008 Beam Authorization Sheet (with handwritten changes), December 3, 2007 SLAC-I-720-0A05Z-R002, Radiation Safety Systems Technical Basis Document, June 22, 2007 SLAC-PUB-11139, Comparison of Design and Practices for Radiation Safety among Five Synchrotron

Radiation Facilities, December 7, 2004


C-27

SLAC-PUB-9007, Radiation Safety Systems for Accelerator Facilities, September 27, 2001 SLAC-I-040-00100-002, New Employee Orientation Workbook, SLAC-I-010-00100-000-R005, SLAC Guidelines for Operations, July 18, 2008 SLAC-I-010-00100-001-R003, Accelerator Division Work Authorization Process, March 9, 2007 SLAC Internal Website (http://www-internal.slac.stanford.edu/ad/addo/addo.html, Accelerator Systems

Division Documentation, Printed August 5, 2008 SLAC-I-040-00100-001-R002, Accelerator Division Operations Directives, October 16, 2006 Linear Accelerator Facility Safety Assessment Document, December 5, 2007 Snapshot of the Accelerator Division Database, July 29, 2008 Basic Energy Sciences (BES) Annual Facilities Questionnaire for SSRL, FY 2007, October 22, 2007 Spreadsheet containing SSRL User Feedback, 2007 User Feedback Description of Spreadsheet and Example, July 24, 2006 RP-07-03, SLAC Radiation Physics Note, Safety analysis for safety dump line of the LCLS facility,

January 31, 2007 RP-07-26 DF, SLAC Radiation Physics Note, Radiation levels in FEE and NEH (phase I) from insertion

devices, Review of the dose from the BFW33, August 1, 2007 03-05, Abstract, Radiation Safety Designs for SSRL SPEAR3 Storage Ring, April 25, 2003 SPEAR3 Safety Assessment Document, Rev. 1, 2006 SLAC-I-010-00100-000-R002, Stanford Linear Accelerator Center Guidelines for Operations, Preface,

May 30, 2006 Beam Authorization Sheet, LCLS Injector (with handwritten changes), December 12, 2007 OPS-088, Description of the Stanford Synchrotron Radiation Laboratory Hutch Protection System and

Beam Line Configuration Control, October 26, 2007 SLAC-I-010-86G01-001, SSRL Accelerator Operations Directives (Preface and Chapters 1-4),

January 2005 SLAC letter from Jo Stohr, Associate Director, SLAC/SSRL, to Paul Golan, DOE SSO Manager, subject:

No Subject Line—transmits SSRL Beam Line Accelerator Safety Envelope for the SPEAR3 Beam Lines to DOE SSO for review and approval, October 24, 2007

Stanford Synchrotron Radiation Laboratory SPEAR3 Beam Line Safety Assessment Document, October 2007

OPS-082, SSRL ESRD Non-Experimental On-line Authorization (NOA) Implementation Procedure, October 2007

Interim, Work Authorization Process for Activities by Non-SSRL Workers at SSRL (blank form), February 9, 2005

ESRD-RP-05-01, Operational Radiation Safety Program for SSRL Beam Lines, March 2008 DOE Letter from Hanley Lee, Deputy Site Manager, SSO, to Jo Stohr, Associate Director, SLAC/SSRL,

subject: DOE Stanford Site Office Approval of the Stanford Synchrotron Radiation Laboratory Beam Line Accelerator Safety Envelope for SPEAR3, November 5, 2007

SSRL Weekly Schedule for August 4, 2008, to August 10, 2008 DOE Letter from Paul Golan, DOE SSO Manager, to John Seeman, Assistant Director of Particle Physics & Astrophysics, subject: DOE Stanford Site Office Review of the Revised Linear Accelerator Safety Assessment Document (SAD) and Approval of the Linac Accelerator Safety Envelope (ASE) Submitted by: Scott Davis, Team Member Approved by: David Allen, Team Leader


C-28



C-29


Functional Area: Hazard Identification and Standards Selection (HAZ) – Accelerators


OBJECTIVE HAZ-ACC.2: A complete analysis has been performed of the safety and environmental hazards of the facility SAD, and specific controls have been developed and implemented to eliminate, control, or mitigate hazards (accelerator safety envelope [ASE]).


HAZ-ACC.2.1 A current, approved SAD is in place.


The primary focus for this objective was limited to three Safety Analysis Documents—SPEAR 3, the LCLS, and the LINAC. Each SAD was reviewed for compliance with DOE Order 420.2B and consistency with DOE Guide 420.2-1, Accelerator Facility Safety Implementation Guide for DOE O 420.2B, Safety of Accelerator Facilities. SLAC has made considerable improvement in reviewing and revising its facility authorization basis type documents (or SADs) and are currently in the process of developing a schedule to complete the updates and revisions to the remaining SADs.

SLAC has recently reviewed and revised each of the referenced SADs with the oldest revision being the SPEAR 3 SAD, dated February 2006. The SPEAR 3 SAD is currently under review and revision and is being updated to reflect additional program requirements associated with upgrading the operating parameter to include “TOP-OFF” mode. SSRL is encouraged to work closely with the DOE Site Office during this review process to ensure that SSRL adequately addresses the hazard analysis and safety envelope requirements and expectations.

The SPEAR 3 beam line SAD was recently approved, dated October 2007, and addressed a finding (Finding #C-3) from the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center. This action effectively closes Finding #C-3.

The LINAC SAD was revised in December 2007. DOE approved the Accelerator Safety Envelope, and the facility is currently operating and undergoing commissioning operations with the LCLS injector in preparation for an Accelerator Readiness Review.


HAZ-ACC.2.2 The SAD specifies how the safety analysis was done, including:

• The review and approval approach. • How hazards were identified. • The methods used to perform the hazard, accident, or risk analyses.


C-30

• The basis for development of the accident scenarios. Discussion of Results:

Reviews of each of the referenced SADs identified several areas where SADs were inconsistent in providing the appropriate analysis. Comments provided are intended to improve the overall hazard analysis process for the next revisions of these documents. Methods used to perform the hazard, accident, and risk analyses were not supported with sufficient detail supporting identified controls as defined in the SAD. Additional analyses are available through the Radiation Safety and Physics Departments that would support the current controls and the safety envelope; however, it was not referenced in the SAD. Review of associated Radiation Physics notes provided sufficient detail to support facility controls (see referenced RP Notes). In addition, SLAC does not consistently develop accident scenarios across facilities or documents.

SPEAR 3 SAD Review

Review comments of the current SPEAR 3 SAD include:

1. The current version does not meet the recommended format as defined in the Implementation Guide.

2. The Safety Analysis Methodology used Oakland Guidance dated in 1999 (i.e., format).

3. The Safety envelope is adequate to support operations; however, it is limited to nominal maximum operating conditions and does not provide risks associated with operating the facility, i.e., negligible, low, etc.

Overall, the analysis is good, and it provides for an initiating event, method of detection, mitigation, consequences, likelihood, and risk. This approach is helpful for DOE to understand its risk associated with operating the accelerator. While additional information such as maximum credible incident would be helpful, this SAD is beneficial to both the operating organization and DOE. The ionizing radiation hazard analysis is also good because it provides for initiating events and a good thought process for overall hazard analysis. In addition, the Beam Loss Incident (normal, mis-steering, and accident scenarios) are support by RP Note 03-05. The fire hazards analysis is adequate, and it provides an overall assessment of the risk.

SPEAR 3 Beamline SAD Review

Review comments of the current SPEAR 3 Beamline SAD include:

1. The ASE was sent to DOE for approval. DOE approved the ASE on November 5, 2007.

2. The ASE provides nominal, maximum operating conditions and does not provide risks, i.e., negligible, low, etc.

3. Credited controls are not specifically addressed as credited; but program processes that address some hazards, such as radiation, are reviewed and referenced with Radiation Physics Reviews. These reviews and a summary statement may be beneficial to DOE in understanding controls.

4. Engineered controls, such as shielding and the personnel protection system, are addressed; but the analysis on why these controls are necessary is not provided.


C-31

5. Bounding conditions are provided for radiation protection, but the maximum credible incident is not referenced. It is apparent that hazard analyses are being conducted that support existing engineering and administrative controls; however, this analysis and subsequent accident scenarios are not provided. It is recommended that during the next review and update cycle the SAD include the additional hazard, accident, consequence, and risks analyses that support the existing safety envelope.

LINAC SAD Review

Review comments of the current LINAC SAD include:

1. Chapter 2, Hazard Summary, did not address some hazards as required in the Guideline for Operations, i.e., mis-steering, loss of power, flammable gases, loss of coolant etc…

2. Chapter 4, Section 4.1.1, references hazards that have been analyzed; however, the analysis was not provided in the SAD. Also, reference to the ARR process was made, but a formal process or procedure could not be located.

3. Section 4.3.2 provides the shielding requirements to reduce exposure; and a reference was provided to support this analysis, i.e., RP 05-15. This is a good practice. The summary provided is beneficial to DOE to better understand shielding requirements and controls.

4. Section 4.4.2 indicates that the Cryogenics and Oxygen Deficiency Programs are in place; however, there is no additional analysis provided as to why there is a concern.

5. In Section 4.4.3, the electrical description states that “free from reasonably foreseeable risk” is not a hazard analysis; other supporting documentation refers to loss of power, electrical fire, loss of electrical equipment; however, no analysis is provided.

6. There is no reference to a fire hazard analysis or consideration of a fire as an initiating event with analyzed consequences.

This type of program description continues throughout the document, with the exception of the Ionizing Hazards Section that provides a better analysis but limited accident scenarios. SLAC should provide DOE with an adequate analysis of the hazards, consequences, or accidents to determine or assess risks with operating these facilities. It is strongly suggested that SLAC develop a hazard analysis process that addresses the requirements identified in DOE Order 420.2B and its implementing guide.

The LINAC Accelerator Safety Envelope may not adequately communicate the risks associated with operating the facility based on the analyses contained in the SAD and other “safe harbor” type documents. There are numerous processes and procedures used to maintain and operate the facility, and the ASE does not provide much more than operating conditions. The ASE could provide modes of operation, running conditions, and level of risks associated with each. The ASE should not include anticipated operations; i.e., Electron and Positron Beams to the North Injection Transport and South Injection Transport Systems.


C-32

The maximum credible incident was not clearly communicated.

LCLS Undulator Complex SAD

The LCLS SAD is currently in Draft, and it is being reviewed and revised. The LCLS Undulator SAD has many of the same attributes as the other referenced SADs. Section 4.4.4, Fire, provides a brief description of a Title II Fire Hazard Analysis and conclusions that the analysis is reflected in the final facility design. No further description of the analysis is provided. There is mention of an electrical cable fire; however, no consequences or risk are provided.

DOE has reviewed and approved the Accelerator Safety Envelope for the referenced accelerators.


HAZ-ACC.2.3 The hazards identification in the SAD includes characterization and quantification of the inventory of hazards, energy sources, and potential sources of environmental pollution, including the form, type, location, and total quantity of radiological hazards.


Hazards identified in the referenced SADs are discussed in general terms. Generally, hazards are explained with respect to programs and processes that try to control or mitigate them. Quantification of the inventory of hazards, energy sources, and potential sources of environmental pollution, including the form, type, location, and total quantity of radiological hazards, were not adequately discussed or analyzed within the Linac and LCLS SADs.


HAZ-ACC.2.4 The hazard analyses in the SAD include impacts on the safe operation of the facility and the safety of the workers, the public, and the environment.


The hazard analysis, as reviewed, did not discuss the impacts or consequences associated with specific accident scenarios or failure of equipment.

Radiation Safety scenarios for environmental protection dose estimates were provided. Linac SAD Section 4.5.2, Ionizing Radiation Hazards, provided a threshold control level and provided the first reference to the Maximum Credible Incident (MCI). Events leading to the MCI were not provided. The Radiation Safety Systems Technical Basis Document is referenced and does provide some discussion concerning shielding for an accident scenario.


HAZ-ACC.2.5 The evaluation of controls includes a description of the engineered and administrative barriers that are credited as controls or for mitigation of potential injuries or environmental impact.


The SADs reviewed provide a general description of the controls needed to mitigate personnel and environmental impacts. There is evidence to suggest that additional analyses are conducted based on records reviewed; i.e., Radiation Physics Notes and


C-33

the Radiation Safety Systems Design and Documentation within the Radiation Safety

Systems Technical Basis Document. However, these design considerations and other support analyses were not included in the SAD.


HAZ-ACC.2.6 A range of accident scenarios is evaluated to identify the bounding scenarios for the facility. The accident scenarios evaluate impacts with and without the credited engineered and administrative controls.


Accident bounding scenarios are not discussed in the SAD. Supporting documentation, as discussed in HAZ-ACC.2.5, provides some design considerations; however, accidents are not detailed.


HAZ-ACC.2.7 The maximum credible incident is identified to provide a perspective on the potential hazards associated with the facility and information helpful for emergency planning or site assistance agreements.


The maximum credible incident is not identified within the SADs.


HAZ-ACC.2.8 A list of all credited engineered and administrative controls is included in the SAD. (The beam interlock system and the administrative controls on it should be summarized in the SAD.)


The SAD does provide a listing of processes and mechanisms that are considered to be engineering and administrative controls that are used to maintain the authorization basis for the facility. There is considerable discussion on potential hazard categories and qualitative assessments of how each hazard is reviewed and mitigated. SLAC does not use the term “credited control” in the SAD but actually takes credit for many of the engineered and administrative programs that are used to maintain the Accelerator Safety Envelope. In this area, the SAD and its supporting documents do provide a detail listing of its purpose and function.


HAZ-ACC.2.9 An ASE is documented and approved, and it contains:

• Bounding conditions and operational limits for credited engineered and administrative controls for safe operations.

• Consideration of both routine and nonroutine operating conditions.

NOTE: Credited controls may include the following: o Limits on operating variables (e.g., currents, voltages, energy

potentials, beam power, pressures; temperatures, flows, etc.) as identified in the SAD needed to preserve physical barriers or to otherwise prevent excessive short-term or long-term risk to persons.


C-34

o Shielding criteria adopted for different operational modes. o Requirements related to the calibration, testing, maintenance, or

inspection of credited engineering controls identified in the SAD to ensure their continued reliability.

o Requirements related to assuring that the credited administrative controls identified in the SAD are promulgated.

o Monitoring/release control of ventilation effluent and mitigation measures for the protection of the environment as identified in the SAD.

o Administrative controls such as minimum staffing levels, qualification, and training for operation, minimum operable equipment, critical records to be retained, procedures to be maintained current, and immediate imitative actions to be taken if the ASE is exceeded.

o Procedures addressing the ASE-required minimal administrative or engineered controls for operation. Alternative procedures may be necessary for certain minimal operations.


Review of the referenced ASEs found that they did not specify bounding conditions for credited engineered and administrative controls for safe operations. The exception is Shielding Design Limits, where the information indicates a limit of exposure to a worker during a system failure. This limit helps to define the required shielding. The ASEs do specify operational limits; however, the analysis of why these limits were acceptable was not provided. The ASEs reference the supporting documentation and processes necessary to implement the safety envelope.

The LINAC ASE provides technical requirements for operations within the safety envelope for current and envisioned operations. It is recommended that future operations not be added to existing Accelerator Safety Envelopes to ensure that appropriate commissioning activities and testing are conducted prior to DOE approval.

Monitoring/release control of ventilation effluent and mitigation measures for the protection of the environment is not addressed specifically in the ASE. Administrative controls, such as minimum staffing levels under certain modes of operation, are covered in procedures, but generally not in the ASE.


HAZ-ACC.2.10 Facility inspections and interviews indicate that the SAD facility description is consistent with the physical configuration of the facility and major safety equipment.


The facility was not inspected against the SAD during this review. However, the Beam Authorization Sheets require the facility to be in a specific configuration in order to operate. During this review, the SSRL and LINAC were both in an operational mode, and the facilities were in a configuration consistent with the SAD.


HAZ-ACC.2.11 User-planned experiments are evaluated for safety and health implications prior to implementation and operation. A safety analysis is performed if the experiment is not


C-35

within the bounds of an existing approved hazard assessment.


Several review committees exist that provide the appropriate oversight for evaluating user planned experiments. No specific user experiments were reviewed during this assessment; however, interviews with senior managers and facility operators indicate that this process is working well.


Conclusion The contractor has developed SADs and ASEs, and these are submitted to the DOE Site Office for review and approval. Based on the review, these authorization basis documents are adequate to support current operations. The contractor should provide DOE better analyses on the hazards and controls with respect to risks while operating its accelerators. The objective was met. Findings HAZ-ACC.2.2.P3-005 The hazard analysis approval within the SADs needs to be strengthened.

HAZ-ACC.2.9.P3-003 ASEs need to be improved in order to effectively communicate the risks

associated with operating accelerators.

Proficiencies None identified. Observations of Work Activities See HAZ-ACC.1. Interviews Conducted See HAZ-ACC.1. Records Review See HAZ-ACC.1. Submitted by: Scott Davis, Team Member Approved by: David Allen, Team Leader


C-36



C-37




OBJECTIVE


HAZ-ACC.3: A configuration management process is in place whereby facility changes are evaluated for safety-related impacts and are approved at an appropriate level before implementation.


HAZ-ACC.3.1 An approved unreviewed safety issue (USI) is in place.

NOTE: An activity involves a USI if significant safety consequences could result from either an accident or a malfunction of equipment that is important safety or for which a safety analysis has not been performed.


The LINAC SAD did mention (in Chapter 4) an Unreviewed Safety Issue process; however, specific references to guidelines or procedures to be used to support the process were not provided. A documented Unreviewed Safety Issue process in not in place to adequately support a robust configuration management program. This issue has been self identified by the contractor and needs to be placed into their corrective action tracking system.


HAZ-ACC.3.2 Activities involving identified USIs must not commence before DOE has provided written approval.


Activities involving identified USIs could not be determined because the contractor has not formalized a USI process. Review of the Guidelines of Operations did not reveal an Unreviewed Safety Issue process to complement the configuration control of Radiation or Atmospheric Safety Systems. However, Guideline 23, Safety Deficiency Reviews and Continued Operations, does address some of the areas necessary to support a USI process.

SLAC has conducted Accelerator Readiness Reviews, as evidenced by the SPEAR3 500ma conducted in June 2005. Review of the agenda did not provide evidence that the ARR process has been formalized. SLAC should formalize their ARR process by institutionalizing the format and content of these reviews. Part of the ARR should include verification that a USI process is in place and implemented.


C-38

The LINAC SAD refers to an Accelerator Readiness Review Process in Section 4.1.1; however, a formal, documented process could not be found.


HAZ-ACC.3.3 A formal, documented Configuration Management Program is in place to ensure that credited controls and accelerator systems important to safety are maintained in a functional condition in accordance with SAD.


The Accelerator Operations Division has a documented Configuration Management Program in place to ensure that controls and accelerator systems important to safety are maintained in a functional condition in accordance with the SAD. “Credited” controls have not been used within the documentation to support operations.

The Beam Authorization Sheets and the Radiation Safety Systems Work Control Forms are used extensively to ensure that systems and controls are configured to ensure safe facility operations as described in the SAD and its supporting processes and procedures.


HAZ-ACC.3.4 The Configuration Management Plan (CMP) contains a list of the items that are maintained under configuration control.


Accelerator Operations Division has a CMP list of safety items that are maintained and controlled. SLAC does not refer to this list as a configured items list but refers to it as the critical items or safety items list. The Controls Department was contacted to determine if the items listed within the BAS were controlled and maintained. The list, as reviewed on the Controls webpage, contains the items listed. Some items are referred to as Radiation Safety Related Items and other items are related to the Atmospheric Safety Related Items. A one-for-one comparison of items from the BAS or RSWCF was not conducted based on the amount of field time available; however, the system did seem to support a list of items recognized as safety related.


HAZ-ACC.3.5 The CMP specifies the process for obtaining approval to make a change to a configured item. The level of approval should be commensurate with the importance of the hazard controls afforded by the item being changed.


As discussed in HAZ-ACC.3.4, the SLAC CMP process requires multiple approvals for making a change to a safety-related item via the BAS or the RSWCF.


HAZ-ACC.3.6 The CMP identifies a process for replacement parts for configured items. Items that are not a “like-for-like” replacement have an approved equivalency determination before use.


The CMP has a process for replacement parts for safety related items. These items and replacement parts must be approved by the Radiation Safety Physicist and must meet the design requirements. A “like-for-like” requirement could not be found in the


C-39

current documentation; however, an approved equivalency determination before use is performed by the Controls Department.


HAZ-ACC.3.7 The CMP-designated spare parts are maintained under inventory control and are stored under environmental controls that prevent deterioration during their designated shelf life.


This criterion was not reviewed during this assessment. Physical inspection of spare parts was not conducted.

This criterion was not applicable.

HAZ-ACC.3.8 For beam-line equipment and components, there is a clear understanding by user groups of the type of changes that they are authorized to make during their experiments.


Based on the program descriptions and work control processes defined in the SAD, each user group is knowledgeable of the types of changes they are authorized to make during their experiments. Specific experiments were not reviewed during this assessment to ensure compliance with this criterion. Interviews with operators and facility engineers indicated that this process was well known and followed.


HAZ-ACC.3.9 Critical devices, security and safety devices, and wiring are clearly labeled to note that tampering is strictly forbidden.

NOTE: Critical devices are those specific accelerator or beam-line components that are used to ensure that the accelerator beam is either inhibited or cannot be steered into areas where people are present.


See discussion in HAZ-ACC.3.4, 3.5, and 3.6


HAZ-ACC.3.10 The following documentation has been prepared and maintained for the beam interlock:

• Functional description of the interlock system. • Physical and electrical configuration of the system. • Interlock system test results.


Documentation has been prepared and maintained for the beam interlock system to include the functional description, the physical and electrical configuration of the system, and routine system test results as found in the BAS.



C-40

Conclusion A configuration management process is in place for accelerator facilities where facility and equipment changes are evaluated for safety-related impacts. SLAC utilizes Beam Authorization Sheets and Radiation Safety Work Control Forms to ensure the facility and equipment are in a safe configuration for operations. An Unreviewed Safety Issue process has not been formally implemented for those issues that have a significant impact to the safety of the facility; i.e., violation of facility design requirements, safety related equipment malfunction, radiation safety exposure, or safety envelope requirements. SLAC should develop a formal Accelerator Readiness Review that will consistently provide a rigorous oversight process that will verify commissioning and operating readiness. Accelerator Operations does have a process that controls the equipment being used in accelerators. SLAC should perform an internal self- assessment to ensure that the equipment listed in the Safety Configuration Control Program meets the requirements as specified in the DOE Accelerator Order and Implementing Guide. The objective was not met. Findings HAZ-ACC.3.1.P2-006 A written Unreviewed Safety Issue Process has not been developed or

implemented to improve the contractor’s safety authorization basis process.


Proficiencies None identified. Observations of Work Activities See HAZ-ACC.1. Interviews Conducted See HAZ-ACC.1. Records Review See HAZ-ACC.1. Submitted by: Scott Davis, Team Member Approved by: David Allen, Team Leader


C-41




OBJECTIVE


HAZ-ACC.4: All accelerator operations are conducted in accordance with written, approved work instructions/procedures, and a system is in place to ensure that these work instructions/procedures are controlled so that only the most current approved version is used.


HAZ-ACC.4.1 Required controls and operational limits specified in the ASE and applicable job hazard analyses are flowed down to the operations procedures. The steps in procedures that are required by these safety analysis/control documents are clearly identified as such in the operations procedure.


Operational limits specified in the ASE are flowed down into the operating procedures and processes used to operate the accelerators. Operating procedures and programs that are addressed and/or required by the SAD and implementing Beam Authorization Sheets are clearly communicated to the operating staff and support organizations. BAS and operating procedures were reviewed and challenged during the review and were found to be adequate to support operations. Location of vital safety equipment was checked against operating procedures and found to be accurate and up to date.


HAZ-ACC.4.2 Written, approved, and controlled facility procedures are in place for:

• Startup. • Normal operation. • Emergency conditions. • Conduct of maintenance. • Approval and conduct of experiments. • Review and approval of facility modifications. • When and how to evaluate USIs. • Management of safety-related changes. • Control of facility access.


Written, approved, and controlled facility procedures were observed in the Control Room during this review. Emergency, facility, and equipment operating procedures


C-42

were reviewed and found to be adequate. The Accelerator Division Operations Directives provide guidance to personnel on the types of procedures that are necessary to carry out their roles and responsibilities related to safely operating the accelerator and associated systems. The Accelerator Division Operations Directives did not include a USI procedure or discussion of the process. (See HAZ-ACC.3.1)


HAZ-ACC.4.3 Written procedures describe tasks to be performed, appropriate safety and health precautions and controls, requirements for initial conditions to be verified, operating conditions to be maintained, and data to be recorded.


The procedures reviewed contained the necessary guidance to perform safe accelerator operations. Safety and health requirements, precautions, limitations, and response to alarms were provided. A detailed review of these procedures was not conducted; however, no issues or inconsistencies were found based on the supporting documents reviewed. Operators at both the LINAC and SSRL performed their job responsibilities dutifully and professionally.


HAZ-ACC.4.4 Procedures are maintained as controlled documents with approval status and effective dates clearly indicated. Revisions should be communicated to the responsible parties in a manner that clearly identifies obsolete versions.


The procedures reviewed were found to be maintained as controlled copy documents with approval status and effective dates indicated. One of the LINAC BASs was found current; however, the sheet was completed with a personal handwriting technique and was somewhat difficult to read. One date was incomplete, but the BAS was reviewed by SLAC senior management and found to be correct. Use of handwritten changes was indicated to be appropriate. Revisions to operating procedures were clearly communicated to operating personnel, and no other issues were noted during the review.


HAZ-ACC.4.5 Procedures used by operators are clearly designated as controlled versions and the most current version.


Procedures used by operating personnel were reviewed in the control room and were found to be controlled copy documents. Each procedure reviewed appeared to be the most current version. The controlled copy process for procedures is contained in the Writer’s Guide as referenced in the Accelerator Division Operations Directives, Section 2.2.2.2


HAZ-ACC.4.6 Management has designated a qualified custodian of the system documents important to safety.


The Accelerator Operations Division has designated a qualified custodian of system


C-43

documents. In addition, a Documentation Office has been assigned the responsibility to manage and maintain documentation governing operations and associated equipment. The Documentation Office has additional responsibilities in maintaining auditable training records.


HAZ-ACC.4.7 A Records Management Program is in place that specifies the types of records and data to be collected and retained and the methods (including timeframes) of storage/protection and final disposition.


The Accelerator Division Operations Directives provide the guidance for a Records Management Program. The responsibilities identified for the Documentation Office specifies the types of records and data to be collected and retained. Record archival instructions are addressed in Section 6.2.1


HAZ-ACC.4.8 Personnel responsible for control room operations are trained to discriminate between routine operation and abnormalities that could indicate the onset of problems, in particular those events that are indicative of imminent hazards to personnel, property, or the environment or which may be precursors to potential violations of the ASE.


Personnel are trained for control room duties. Personnel can differentiate between routine operation and non-routine operations. Operating personnel are knowledgeable of safety systems and processes necessary to safely operate the accelerators. Operators were interviewed and demonstrated a good working knowledge of facility hazards and systems used to control or mitigate hazards.


HAZ-ACC.4.9 The results of the review of the Accelerator Safety Program indicate that SLAC’s SMEs have a process-based system rather than an expert-based system.


The SMEs interviewed were knowledgeable of the requirements of the Accelerator Safety Program. The Radiation Safety SME was very knowledgeable of the many systems and processes necessary to implement a facility safety program. Operators interviewed were knowledgeable of their roles and responsibilities necessary to implement the requirements of a successful Accelerator Safety Program. The Accelerator Safety Program has many facets and is very complex, requiring everyone involved to be vigilant and mindful of the hazards and controls required to operate safely. Personnel interviewed had a process-based, working knowledge of the Accelerator Safety Program.



C-44

Conclusion SLAC has adequately developed the operational limits specified in the DOE approved ASE and these operating parameters are appropriately flowed down into the operating procedures and processes used to operate the accelerators. Written, approved, and controlled facility procedures were found in the control rooms. Procedures that provided safety and health requirements, precautions, limitations, and response to alarms were reviewed and found to be adequate. Records are maintained and kept current, and the documentation management program has defined roles and responsibilities. Personnel are trained for control room duties and can differentiate between routine operations and non-routine operations. Operators at both the LINAC and SSRL performed their job responsibilities dutifully and professionally. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities See HAZ-ACC.1. Interviews Conducted See HAZ-ACC.1. Records Review See HAZ-ACC.1. Submitted by: Scott Davis, Team Member Approved by: David Allen, Team Leader


C-45


Functional Area: Management (MG) - Requirements Management

Objective ID: MG.1 Date: August 2008

OBJECTIVE MG.1: Applicable standards and requirements are identified and agreed upon. [ISMS Handbook, Ph 1, HAZ.2]


MG.1.1 The hazard controls at the site level appear in the contract, while those at the facility level are reflected in the authorization basis documentation. Controls from both levels appear in subcontracts, as appropriate to the scope of work. [Ph 1, HAZ.2]


The Office of Independent Oversight corrective action plan closure documentation for finding C1 addresses the MG.1 CRAD, Applicable standards and requirements are identified and agreed upon.

The subcontractor construction work plans and work plans from service subcontracts were reviewed and indicate that SLAC program requirements (such as lockout/tagout [LO/TO], elevated work plans, and hoisting/rigging) were included in these work packages. While some organizations have effective parts of a work planning and control process, there is no formal, structured, and/or comprehensive institutional work planning and control process in place at SLAC.

SLAC is in the process of developing a comprehensive institutional work planning and control process which is scheduled to be tested in a few months. This process will focus on work scope definition, hazard analysis process, SME involvement, and the work authorization process. This process will provide consistency in work planning and control and include a consistent approach to hazard identification and control, if implemented.

As part of the OIO corrective actions, SLAC is developing a lab-wide Requirements Management System. The description for this system identifies the appropriate process components, stakeholders, and delineates roles and responsibilities down to the line managers. The process also recognizes the need for flowing down requirements to subcontractors as appropriate to the scope of work. The Alpha Candidate for this system is scheduled to be released for internal testing on September 30, 2008.

SLAC recognizes the need for a lab-wide Document Management System that incorporates SLAC’s Requirements Management Process, ensuring all external applicable requirements, including ES&H, are disseminated into appropriate documents (such as procedures, programs, and practices).

These systems will serve to identify and describe all work to be performed, the hazards associated with the work, the applicable standards and requirements related to the control of the hazards, and the documentation process involved. It is recommended that the effectiveness of these systems, as it pertains to standards and requirements for hazards


C-46

control, be assessed following implementation and integration.


MG.1.2 SLAC’s procedures ensure the identified standards, controls, and requirements are agreed upon and approved prior to the commencement of operations or work being authorized, including subcontractor activities. [Ph 1, HAZ.2]


See MG.1.1.


MG.1.3 SLAC’s documented procedures utilize accepted, structured methods and processes to identify, select, gain approval for, periodically review, and maintain the set of ES&H standards and requirements in its contract with DOE and in its subcontracts. [Ph 1, HAZ.2]


See MG.1.1.


MG.1.4 SLAC’s procedures define the processes for the development, approval, and maintenance of documentation addressing the establishment of authorization protocols and authorization agreements. [Ph 1, HAZ.2]


See MG.1.1.


Conclusion SLAC is in the process of developing a comprehensive institutional work planning and control process which is scheduled to be tested in a few months. This process will focus on work scope definition, hazard analysis process, SME involvement, and the work authorization process. This process will provide consistency in work planning and control and include a consistent approach to hazard identification and control. It is recommended that the effectiveness of these systems, as it pertains to standards and requirements for hazards control, be assessed following implementation.

The objective was not met. Findings See MG.5. Proficiencies None identified. Observations of Work Activities None observed.


C-47

Interviews Conducted Engineering and Services Coordinator, Facilities Department Chairman of SLAC Safety Oversight Committee and Research Division Head Department Head of Facilities Department Department Head of Mechanical Fabrication Department (also co-chair of C-2 Committee responsible for

work control issues in OIO Report) Carpentry Foreman, Facilities Department Electrician Foreman, Facilities Department Two Carpenters in the Facilities Department Six Electricians in the Facilities Department UTR and Materials Coordinator for Particle Physics and Astrophysics (PP&A) Directorate Deputy Department Head for Facilities Department Facilities Department, Supervisor Safety and Health Coordinator Facilities Department, Deputy Department Head and Engineering, Construction, and Project Management Director for Office of Assurance ES&H Assistant Associate Director ES&H Division Director

Building and Construction Safety Group Leader Work Planning and Control Manager

ES&H Price-Anderson Amendments Act (PAAA)/Noncompliance Tracking System (NTS) Coordinator Two Team Members for the SLAC Improvement Initiative

Records Review SLAC Requirements Management System, October 17, 2007 Work Planning & Control, No date Information Gateway, April 2008 SLAC: A Research Enterprise, July 2008 SLAC InfoGate, No date Stanford Linear Accelerator Center, Report of the Internal Independent Assessment of the Job Hazards

Analysis and Mitigation (JHAM) Program, July 2007 03-05, Abstract, Radiation Safety Designs for SSRL SPEAR3 Storage Ring, April 25, 2003 Safety Overview Committee (SOC) Examples Provided by Ken Moffeit (SOC Chairman), printed

August 4, 2008 SLAC Requirements Management Process Objectives, No date SLAC Memorandum from Steve Williams to Walter Leclerc, subject: SLAC Requirements Management

Process, August 7, 2008 OIO CAP C1-3, Evaluate the Impact of Revised Requirements Management Process – Gap Analysis, No

date SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 33, Line Management Self-assessment,

April 24, 2008 SLAC Memorandum from Clay Corvin to OIO-CAP Closure Documentation File, subject: OIO-CAP

Items C1-6 & C1-7A, October 23, 2007 Lockout Tagout Compliance Evaluation and Training Assessment Summary, October 2007 NEPA 70E: Reducing Workplace Electrical Hazards, No date


C-48

Packing Slip, National Fire Protection Association, Shipping ID Number 2561478, August 3, 2007 SLAC Memorandum from Clay Corvin to OIO-CAP Closure Documentation File, subject: OIO-CAP

Item C1-7C, January 31, 2008 SLAC Memorandum from Steve Williams to Frank O’Neill, subject: Training for Annual Audits of

LOTO Procedures and Workers SLAC Memorandum to Lockout Tagout Workers and Supervisors, subject: Training for Annual Audits of

LOTO Procedures and Workers, August 7, 2008 Course 157, ES&H Course Modification Form, Course Title: Control of Hazardous Energy Lockout

Tagout, December 10, 2007 Course 157R, ES&H Course Proposal Form, Proposed Course Title: Control of Hazardous Energy

Lockout Tagout Refresher, December 10, 2007 SLAC Letter from Fred Jones, SLAC ESO/AHJ, to Walter Leclerc, Director, Office of Assurance,

Re: Completion of OIO CAP Tasks C1-8 and C5-4, April 30, 2008 Stanford Linear Accelerator Center, Report of the Lockout/Tagout Program Internal Independent

Assessment, April 2008 Sample Work Packages, Division 1, General Requirements, October 16, 2006 Stanford University Letter from Walter Leclerc, Director, Office of Assurance, to Paul Golan, DOE SSO

Manager, subject: No Subject Line—transmits copy of the SLAC JHAM Program Internal Independent Assessment (IIA) Report, August 31, 2007

Service Request 85592, Conventional & Experimental Facilities Department, Minor Construction Project Sheet, Project Name: Café Dishwasher Replacement, August 8, 2005

Examples of Job Hazards Analysis, Excavation Permits, Hotwork Permit, Excavation Plan, and JHAM, from Carpenter Supervisor, August 7, 2008

Site Engineering & Maintenance Department, ISMS Pre-Work Safety Checklist (blank form), No date SLAC-I-720-0A00B-001-R004, SLAC Integrated Safety and Environmental Management System

Description, February 27, 2007 SLAC-I-010-00100-000, SLAC Guidelines for Operations, No date SLAC-I-720-0A29Z-001-R023.2, ES&H Manual, Chapter 1, General Policy and Responsibilities,

February 27, 2007 SLAC-I-720-0A18J-002-R001, Line Management Self-assessment: Management Walkthrough

Checklist, February 7, 2008 SLAC-I-720-0A18J-003-R001 Final v5, Line Management Self-assessment: Workspace Compliance

Assessment Checklist, February 7, 2008 Corrective Action Plan for Finding C#2, C2-1: Assessment Report on Extent of Condition, June 22, 2007 Corrective Action Plan for Finding C#2, C2-2 A-B-C: Benchmarking Summary Report, July 31, 2007 Work Planning and Control Committee Report, CAP C2-3, Draft Work Planning and Control Process,

November 30, 2007 Work Planning and Control Process for Activity Level Work, February 2008 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 2, Work Authorization, June 25, 2007 Electrical Work Plan ~480v, MCC 120 Analysis, Building 120, August 6, 2008 Building 040 Space Relocation, Statement of Work for Move of Building 040 Equipment and Material,

April 17, 2008 Work Plan with Check Off List for Building 42 Domestic Water Pipe Repair, July 17, 2008 SLAC Blanket Purchase Order No. 51213 for Emergency Excavation/Pipe Repair, July 14, 2008 Facilities Department Organization Chart, July 16, 2008 Work Planning & Control, No date Site-Specific Safety Plan for Newcomb Tree Service Tree Removal, No date Submitted by: Gary Love, Team Member Approved by: David Allen, Team Leader


C-49


Functional Area: Management (MG) – Work Planning and Control: Work Packages


OBJECTIVE MG.2: The full spectrum of hazards associated with the scope of work is identified, analyzed, and categorized, including nonroutine operations and subcontractor work scopes. Those individuals responsible for analysis of the ES&H and worker protection hazards are integrated with personnel assigned to analyze the work processes. [ISMS Handbook, Ph 1, HAZ.1; Ph 2, HAZ.1]


MG.2.1 SLAC’s procedures require identification, analysis, and categorization of all hazards associated with the site and the facilities/activities, including nuclear, chemical, industrial, etc. The procedures for analysis and categorization of hazards reflect accepted rigor and methodology. [Ph 1, HAZ.1]


In the discussion section for Finding #C-1 in the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center, the following statement was made—“ SLAC has not established a formal, structured, and comprehensive process (or coordinated set of processes) to ensure that the scope of work is clearly defined for all work at SLAC so that hazards can be systematically identified and the appropriate controls assured.” To address this finding, SLAC has identified several actions to better define and improve work planning and the JHAM/Area Hazards Analysis (AHA) process which supports work planning (as shown in the OIO CAP closure documentation for Finding #C-1).

ES&H Manual Chapter 2, Work Authorization, requires all hazards be identified, analyzed, and controls prescribed prior to authorization of work. An integral part of work authorization requirements and hazards analyses in this procedure is the development and use of Job Hazards Analysis and Mitigation and AHA. All of these requirements are included in the work planning “process” which was identified as deficient in the OIO assessment.

Several work packages from various SLAC organizations were reviewed and interviews were conducted with various levels of line management. It was noted that the quality of the JHAMs and AHAs varied significantly; and many lacked adequate work description, complete hazard identification, and controls for the hazards. During interviews with the ES&H Director, the Team Leader of the Work Planning Control Improvement Team, and the newly hired Work Planning and Control Manager, it was apparent that SLAC had recognized these weaknesses, as well as other areas requiring improvement, such as requirements identification and document management, as shown in the OIO CAP closure documentation for Finding #C-1.

An independent assessment of the SLAC JHAM Program was conducted in July 2007,


C-50

and the following program weaknesses were identified:

• No assigned JHAM Program Manager.

• Incomplete hazards identification and controls/recommended actions.

• Inadequate Integration of Environmental Hazards/Controls.


MG.2.2 SLAC’s procedures and/or mechanisms for hazard identification and standards selection are in place and utilized by personnel. The resulting documentation is defined, complete, and meets DOE’s expectations. [Ph 1, HAZ.1]


As discussed in MG.2.1, procedures and mechanisms for hazard identification and standards selection are in place; however, implementation and the degree of compliance with the procedures are not being consistently applied across all organizations. Documentation of the process is not well defined at the line organization level; therefore, the current process does not meet SLAC’s or DOE’s expectation.


MG.2.3 The hazard identification, analysis, and categorization process includes analyses related to potential abnormal/nonroutine operations and emergency situations. [HQ ISM CRAD]


Hazards identification, analysis, and categorization are not consistently administered, or well documented, in JHAMs and AHAs. As identified in the JHAM Independent Internal Assessment, since there is no JHAM Program Manager within ES&H, no one has been identified and recognized as the authority on the JHAM process to provide guidance to supervisors and employees.


MG.2.4 The impact of tools and temporary equipment (e.g., scaffolding, rigging, power supplies, welding equipment, enclosures, insulation, shielding, etc.) on facility systems and equipment is understood and accounted for when identifying the hazards and selecting controls. [HQ ISM CRAD]


Not evaluated.

This criterion was not evaluated.

MG.2.5 The results of the hazard analyses are utilized in selection of the standards included in the SLAC contract with DOE and in SLAC’s subcontracts. [Ph 1, HAZ.1]


Not evaluated.

This criterion was not evaluated.

MG.2.6 SLAC’s procedures ensure the selected controls are tailored to the hazards associated with the work or operations to be authorized, including the work scopes for subcontracts. The tailoring process is appropriately based on the complexity of the work, the hazard


C-51

analysis, and performance frequency. The process for selecting controls results in appropriate control sets for both the general hazards present on the site and the specific hazards related to particular facilities or activities. [Ph 1, HAZ.1; Ph 2, HAZ.2]


As discussed in MG.2.1, identified weaknesses exist in the JHAM Program; however, it is evident that controls for high hazards (such as LO/TO for electrical work and associated hazards, radiation work permits for radiological hazards, elevated work plans, and lift plans for hoisting and rigging operations) are being utilized in both lab performed and subcontracted work. In some instances, these controls address certain high hazard jobs and conditions in the absence of adequate JHAMs. The JHAM serves as a primary tool for hazards identification and control. A well-defined and implemented work control planning process will ensure a consistent approach to the application of these controls.


MG.2.7 SLAC’s execution of the mechanisms for hazard identification and standards selection ensure personnel responsible for the analysis of ES&H concerns are integrated with those assigned to analyze the hazards for the facility or activity. These mechanisms ensure direction and approval from line management and integration of the requirements. [Ph 2, HAZ.1]


There is no consistent system or mechanism in place to address the hazard identification and standards selection nor a comprehensive work control planning process. A proposed/draft work planning and control flowchart has been developed by the Work Planning and Control Manager. The flowchart depicts how work will be identified, planned, and controlled at sometime in the future. This draft system appears to be comprehensive, and if institutionalized in a documented process, SLAC will have better control of their work processes.


Conclusion While the assessor recognizes that the criteria and objective of this CRAD were not met, it is recommended that additional findings not be identified in this review in the area of work planning and control because it will be more productive for SLAC to concentrate on correcting items that have already been identified during previous assessments. It is apparent that SLAC recognizes the critical nature of the work planning and control process and the need for integration of hazards recognition and control as a part of work authorization and execution. Now that key players have been added to the staff, SLAC should place a high priority on implementing the corrective actions associated with Finding #C-1 as identified in the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center.

The objective was not met. Findings See MG.5. Proficiencies


C-52

None identified. Observations of Work Activities None observed. Interviews Conducted See MG.1.

Records Review See MG.1.

Submitted by: Gary Love, Team Member Approved by: David Allen, Team Leader


C-53




OBJECTIVE MG.3: SLAC’s procedures ensure that personnel responsible for analyzing the hazards and developing, reviewing, or implementing the controls have competence that is commensurate with their responsibilities. These personnel possess the experience, knowledge, skills, and abilities that are necessary to discharge their responsibilities. [ISMS Handbook, Ph 1, HAZ.3]


MG.3.1 SLAC’s procedures and/or mechanisms describe the interfaces, roles, and responsibilities of the personnel who identify and analyze the hazards of the scope of work. Personnel assigned to accomplish those roles are competent to execute those responsibilities. [Ph 2, HAZ.1]


ES&H Manual Chapter 1, General Policy and Responsibilities, and Chapter 2, Work Authorization, describes the interface and roles and responsibilities of the personnel and/or organizational committee who identify and analyze the hazards of the scope of work. These individuals may reside in the ES&H Division or in line organizations filling positions as safety coordinators for the line organization. Some have formal training in safety and health protection, including professional certifications in safety and industrial hygiene, and others have prior work history/experience in a skilled craft, such as an electrician, equipment operator, hoisting/rigging, trenching competent person, etc. Specific training requirements are identified by the individual’s supervisor and are entered into the STA, an online tool used by supervisors to assign employee training in ES&H. This information is then used by supervisors to track ES&H training for the group.

Inconsistencies observed in the JHAMs and AHAs, as discussed in MG.1 and MG.2, suggest that line organizations are not consistently ensuring that hazards are identified and analyzed in accordance with the SLAC processes. The processes include utilizing assistance from SMEs within the organization and/or ES&H. SLAC recognizes the need for improved hazards recognition training; however, to date, this training has not been developed to assist line organizations in the JHAM and AHA process.


MG.3.2 SLAC’s procedures have clearly defined roles and responsibilities for personnel assigned to oversee, review, and approve the hazards analysis and establish the controls associated with facilities and activities. Personnel assigned to accomplish those roles are competent to execute those responsibilities. [Ph 1, HAZ.3]


Inconsistencies demonstrate inadequate characterization of hazards and associated mitigating controls, which were identified in the OIO assessment and by the SLAC Work


C-54

Control Process Improvement Team. This criterion has not been fully implemented across the laboratory.

See MG.3.1.


MG.3.3 The results of the review of the hazard identification and standards selection procedures and implementation indicate that SLAC’s subject matter experts have a process-based system rather than an expert-based system.


This review did not find evidence of a process-based system for hazards identification and standards selection.


Conclusion See conclusion in MG.2.

The objective was not met. Findings See MG.5. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted See MG.1.




C-55




OBJECTIVE MG.4: The work package identifies the resources, including support organizations, needed to perform the work. The work package includes the instructions necessary to complete the work activities safely and efficiently, including integration of specific hazard controls and acceptance criteria for completion of the work. The work package is written so that it can be understood and effectively used by those who perform the work. The work package is formally approved prior to the start of work and formally closed when the task is complete. The roles and responsibilities are clearly defined and documented, with line management held responsible for safety. Personnel competence is commensurate with the assigned responsibilities. [HQ ISM CRAD; ISMS Handbook, Ph 1, MG.2]

NOTE: For the purposes of this review, a work plan and associated implementing procedures may be categorized as a work package.


MG.4.1 Applicable documents are identified (e.g., procedures, drawings, specifications, vendor manuals, training materials, etc.), and the latest versions/revisions are used in the work package. [HQ ISM CRAD]


During interviews conducted with the Facilities Department and Particle Physics and Astrophysics personnel, it was determined that the rigor of scheduling did not match the complexity of the work. While some organizations have effective parts of a work planning and control process, there is no formal, structured, and/or comprehensive institutional work planning and control process in place at SLAC. An interview with the PP&A University Technical Representative (UTR), confirmed that no documented, structured process for developing work packages was in place at SLAC for PP&A activities.

This issue was previously identified during the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center (Finding C2-1). A corrective action plan was prepared and approved by the Office of Science in March 2007 to correct this deficiency. An Assessment Report on Extent of Condition was conducted by SLAC on June 22, 2007. SLAC acknowledged that many conditions identified during the OIO review are wide-spread throughout SLAC and that no comprehensive, site-wide set of work planning and control processes exist and no consistent definition for work planning and control of work authorization exists. SLAC is currently working toward implementing the agreed upon actions which should result in a comprehensive work control process.


MG.4.2 The individuals responsible for work package execution (typically the first-line supervisor


C-56

or person in charge) and closure are clearly identified. SLAC’s procedures clearly identify that line management is responsible for safety. The procedures require line managers to be responsible for verifying adequate implementation of controls to mitigate the hazards prior to authorizing work to commence and for ensuring that the controls remain in place as long as the hazards are present (e.g., oversight during operations, safety checks). [HQ ISM CRAD; ISMS Ph1-MG.2]


See MG.4.1.


MG.4.3 The procedures identify the points in the planning process where ES&H SMEs are included. The appropriate SME disciplines are routinely identified and included in the planning process based on the scope of work being performed. The environmental aspects (such as pollution prevention, waste minimization, etc.) are covered during the planning process. Workers are involved in the planning process. [HQ ISM CRAD]


See MG.4.1.


MG.4.4 The hazards associated with the work and the controls developed to protect the worker are appropriately documented in the work package, including potential abnormal or emergency situations. The types of controls (engineering, administrative, personal protective equipment [PPE]) have been applied in the correct sequence using the appropriate technical basis. [HQ ISM CRAD, ISMS Ph 1-MG.2]


See MG.4.1.


MG.4.5 Where standardized controls have been selected, they have been appropriately tailored to the operation/activity (e.g., radiological work permit [RWP], energized work permit). [HQ ISM CRAD]


See MG.4.1.


MG.4.6 Instructions in the work package identify the impacts on safety systems, equipment, facility operations/processes, and applicable technical safety requirements or other administrative controls. [HQ ISM CRAD]


See MG.4.1.


MG.4.7 The work package includes all necessary prerequisite actions to be completed and verified before proceeding with the work. Examples of these include verifying required facility condition (e.g., correct operating mode), confirming system status, and confirming proper


C-57

installation of controls (e.g., LO/TO). [HQ ISM CRAD]


See MG.4.1.


MG.4.8 The instructions in the work package include the appropriate features (e.g., identification of appropriate controls, warnings and precautions, quality assurance hold points, control room communications, required inspections, approvals to proceed to next steps, and independent verifications, etc.) necessary for confirmation of critical steps, values, equipment positions, permit compliance, etc. [HQ ISM CRAD]


See MG.4.1.


MG.4.9 All required information is identified in the work package (e.g., prerequisites, needed tools, test equipment, vendor information, reference materials, services, support equipment or personnel, conditions). [HQ ISM CRAD]


See MG.4.1.


MG.4.10 The work packages are user friendly (e.g., unnecessary information, having to look up required referenced information in other documents, or other actions that result in overly complex or cumbersome work packages are avoided). The facility safety requirements have been clearly integrated into the work instructions (e.g., building, system, and/or equipment information). The steps in the instructions in the work package are in the correct order, clearly worded, and easy to understand. [HQ ISM CRAD]


See MG.4.1.


MG.4.11 Required work package reviews and approvals are appropriate. [HQ ISM CRAD]


See MG.4.1.


MG.4.12 The work package requires documentation of as-found conditions; incomplete/uncompleted items; discrepancies; unexpected, unusual, abnormal, unplanned, or unexplained conditions; equipment responses and surrounding circumstances; relevant and indications or alarms, etc., to ensure preservation of evidence and allow for subsequent analysis. [HQ ISM CRAD]


See MG.4.1.


C-58


MG.4.13 Acceptance/performance criteria in the work package conclusively determines whether the work was accomplished successfully, verifies that the work did not introduce or cause other deficiencies or problems, and determines that applicable design, safety, and interface criteria were met. [HQ ISM CRAD]


See MG.4.1.


MG.4.14 The work package ensures proper equipment restoration and return to service so that there is positive assurance/confidence that design and safety functions will be adequately performed. [HQ ISM CRAD]


See MG.4.1.


Conclusion See conclusion in MG.2.

The objective was not met. Findings See MG.5. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted See MG.1.




C-59


Functional Area: Management (MG) – Work Planning and Control: Schedule Work


OBJECTIVE MG.5: A defined process is used to identify, request, prioritize, and schedule work. The scheduling process has provisions for work not requiring a formal schedule. The schedule is managed through a formal change control process. [HQ ISM CRAD] Criteria and Discussion of Results

MG.5.1 The rigor of scheduling matches the complexity of the work (i.e., complex work requiring multiple resources, coordination, etc., is scheduled in detail, where simple work may not require scheduling beyond understanding resource requirements). [HQ ISM CRAD]


This issue was previously identified during the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center (Finding C2). Six out of the twelve corrective actions for C2 have been completed. The corrective action remains open.

Discussions were held with the Facilities Department and Particle Physics and Astrophysics personnel. As a result of these discussions, it was determined that the rigor of scheduling did not match the complexity of the work.

While some organizations have effective parts of a work planning and control process, there is no formal, structured, and/or comprehensive institutional work planning and control process in place at SLAC. During an interview with the PP&A UTR, it was confirmed that no documented, structured process for developing work packages was in place at SLAC for PP&A.

A proposed/draft work planning and control flowchart has been developed by the Work Planning and Control Manager. The flowchart depicts how work will be identified, planned, and controlled at sometime in the future. This draft system appears to be comprehensive, and if institutionalized in a documented process, SLAC will have better control of their work processes.


MG.5.2 The following items are considered when assigning priorities: personnel safety, equipment repair urgency/limiting conditions of operations, operability of redundant equipment, critical path equipment, facility conditions required for equipment repair, repair or replacement parts status, and manpower availability. [HQ ISM CRAD]


The Facilities Department is utilizing a data program to request and schedule work which takes into account personnel safety (a software package entitled Facility Asset


C-60

Management Information System [FAMIS]). In PP&A, no evidence of a documented process was observed for assigning priorities.


MG.5.3 Schedule tools (such as rolling work week schedules, Plan of the Day Meetings, and Plan of the Week Meetings) are used to manage and coordinate all work activities and resource needs that can potentially impact safety and/or operations. The schedules are developed and updated, as necessary, to effectively coordinate and communicate work activities. [HQ ISM CRAD]


Plan-of-the-day meetings are being conducted for the craft groups, as needed, in the Facilities Department. It was determined that work activities and resource needs that can potentially impact safety and/or operations are being managed and coordinated in an effective manner.


MG.5.4 All departments involved in the task are also involved in the work scheduling. [HQ ISM CRAD]


When work is requested from the Facilities Department, they prioritize their work by assigning a code in FAMIS pertaining to the appropriate level of safety significance. The requester is able to request work and provide an initial “code” or ranking for consideration in work scheduling or prioritization. After the Facilities Department receives the work request, they either agree or disagree with the rating and make changes to the scheduling in accordance with the overall scheduling priority and then notify the affected organization.


MG.5.5 Facility personnel, especially facility managers, are apprised of scheduled maintenance activities that affect them, thus ensuring proper activity coordination. [HQ ISM CRAD]


Through the requesting of work/maintenance, facility personnel who request work from the Facilities Department are apprised of the priority and schedule of work to be completed within their specific facilities. In addition, an engineering associate from the Mechanical Fabrication Department was interviewed, and it was determined that they are apprised of scheduled maintenance activities, as required.


Conclusion Work planning and control was previously identified in the OIO 2006 Assessment. The corrective action remains open. A work planning and control process flowchart has been drafted; however, it has not been finalized. There is no well defined institutional process for work scheduling, prioritizing, and work control. The objective was not met.


C-61

Findings MG.5.P2-004 There is no formal, structured, and/or comprehensive institutional work

planning and control process in place at SLAC. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted Office of Assurance Director Purchasing Manager Facilities Department Safety and Health Coordinator Facilities Department Supervisor Safety and Health Coordinator LCLS Safety and Health Coordinator PP&A Safety and Health Coordinator ES&H Assistant Associate Director ES&H PAAA/NTS Coordinator ES&H Alternate PAAA/NTS Coordinator Work Planning and Control Manager ES&H Corrective Action Tracking System Manager Facilities Department Deputy Department Head and Engineering, Construction, and Project Management UTR and Materials Coordinator for PP&A Division Engineering and Services Coordinator, Facilities Department Department Head Facilities Department Building and Construction Safety Group Leader Engineering Associate, Mechanical Fabrication Department Records Review Roles of ES&H Program Managers, Rev. 17, June 3, 2008 Work Planning Flowchart, Draft, No date Price Anderson Amendments Act (PAAA) and SLAC Non-compliance Tracking System (NTS) Program

Self Assessment Report, April 16, 2008 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 42, Subcontractor Construction Safety,

March 28, 2008 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 33, Line Management Self-assessment,

April 24, 2008 SLAC-I-720-0A18J-002-R001, Line Management Self-assessment: Management Walkthrough

Checklist, February 7, 2008 SLAC-I-720-0A18J-003-R001 Final v5, Line Management Self-assessment: Workspace Compliance

Assessment Checklist, February 7, 2008 SLAC-I-720-0A00B-001-R004, SLAC Integrated Safety and Environmental Management System

Description, February 27, 2007 SLAC-I-730-0A21T-010-R001, Subcontractor Construction Safety: Site-specific Safety Plan Guideline,

March 28, 2008


C-62

Subcontractor Construction Safety: Subcontractor Safety Qualification Form (blank form) SLAC-I-720,0A29Z-001-R023.2, ES&H Manual, Chapter 49, Service Subcontractor Safety, June 7, 2007 SLAC Issues Management Process (flowchart), February 11, 2008 Integrated Assessment Schedule, FY 2008, August 1, 2008 SLAC Assessment Report (blank form) SLAC-I-770-0A19Z-002-R000, Risk Prioritization Manual, August 3, 2007 SLAC-I-770-0A19J-002-R000, Assurance: Risk Scoring Worksheet (blank form), August 3, 2007 SLAC-D01000-OA-001-001, SLAC Assurance Program Description, June 12, 2008 Issues Management Program Committee Meetings (various dates) Stanford Linear Accelerator Center Report of the Internal Independent Assessment of the Chemical

Management Services and Hazardous Materials Programs, June 2007 Corrective Action Plan for Finding C#2, C2-1: Assessment Report on Extent of Condition, June 22, 2007 Corrective Action Plan for Finding C#2, C2-2 A-B-C: Benchmarking Summary Report, July 31, 2007 Work Planning and Control Committee Report, CAP C2-3, Draft Work Planning and Control Process,

November 30, 2007 Work Planning and Control Process for Activity Level Work, February 2008 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 2, Work Authorization, June 25, 2007 Electrical Work Plan ~480v, MCC 120 Analysis, Building 120, August 6, 2008 Building 040 Space Relocation, Statement of Work for Move of Building 040 Equipment and Material,

April 17, 2008 Work Plan with Check Off List for Building 42 Domestic Water Pipe Repair, July 17, 2008 SLAC Blanket Purchase Order No. 51213 for Emergency Excavation/Pipe Repair, July 14, 2008 Facilities Department Organization Chart, July 16, 2008 Work Planning & Control, No date Submitted by: Jack Weese, Team Member Approved by: David Allen, Team Leader


C-63


Functional Area: Management (MG) – Work Planning and Control: Confirm Readiness


OBJECTIVE MG.6: Readiness to begin an activity or operation is confirmed prior to the scheduled work performance start with regard to the system (including software), prerequisite controls, work environment, people, documents, tools, and materials. The field conditions are confirmed to match the planning document(s). The work is formally authorized to proceed. [HQ ISM CRAD] Criteria and Discussion of Results

MG.6.1 The scope of work is clearly defined in the work package, and the supervisor understands the work scope/boundaries. [HQ ISM CRAD]


The work package for the Removal of the Library, Machine Shop Equipment, and other machines for Building 040 was reviewed. The scope of work was clearly defined in the work package. While no interviews were conducted with the supervisor to determine whether the work scope/boundaries were understood, the instructions were clearly defined and understandable.


MG.6.2 Workers review the work package prior to starting work to ensure the workability of the package and their familiarity with the planned work. [HQ ISM CRAD]


The electricians in the Facilities Department were interviewed to determine whether work packages were reviewed prior to beginning work. The electricians were knowledgeable of the work being conducted.


MG.6.3 A walkdown is performed of the final draft of the work package and the work site to ensure that the hazards analysis results reflect the actual conditions and to verify that all hazards which could potentially affect the safety of the workers have been identified and that the selected controls are appropriate and adequate. [HQ ISM CRAD]


During an interview with the PP&A UTR, he indicated that a walkdown of the Removal of the Library, Machine Shop Equipment, and other machines for Building 040, was conducted to verify that all hazards that could potentially affect the safety of the workers was conducted.



C-64

MG.6.4 Workers are confirmed to be trained and qualified. [HQ ISM CRAD]


A training record for an electrician from the Facilities Division Electrical Group was verified that lockout/tagout training was complete and current.


MG.6.5 The availability of tools, equipment, materials, and support services is confirmed. [HQ ISM CRAD]


During the visit to the Facilities Department Electrical Group work area, it was observed that tools, equipment, and materials were readily available and adequate to complete electrical work activities.


MG.6.6 The impact of tools and temporary equipment (e.g., scaffolding, rigging, power supplies, welding equipment, enclosures, insulation, shielding, etc.) on facility systems and equipment is understood and accepted. [HQ ISM CRAD]


Interviews were conducted with electricians, and it was determined that the electricians understood how tools and temporary equipment could impact facility systems.


MG.6.7 The work package clearly identifies the line manager (name or position) who is responsible and accountable for authorizing the work and ensuring that the work is conducted safely. [HQ ISM CRAD]


A work package was examined for the Electrical Group, and the line manager responsible and accountable for authorizing the work and ensuring that the work is conducted safely was identified.


MG.6.8 The responsible facility manager understands the scope of work being performed and its relationship to other ongoing facility work activities. [HQ ISM CRAD]


The Facilities Department Facility Manager was interviewed, and it was determined that he has a clear understanding of the work being performed in his facility. The Facilities Department Facility Manager attends a plan-of-the-day meeting to understand work activities.


MG.6.9 There is a formal work authorization process that ensures all preparations have been completed (including required notifications, approvals, permits, etc.) and that the required controls are implemented before the work is started. [HQ ISM CRAD]


C-65


During the interviews conducted, it could not be determined that there was a formal work authorization process in place. Some organizations have effective parts of a work planning and control process; however, no organization interviewed had a system (or coordinated set of systems) that is formal, structured, and/or comprehensive (e.g., Particle Physics and Astrophysics plan, schedule, control, and perform work differently than the Facilities Group). The Facilities Department conducts work activities in one manner, and the PP&A conducts work activities in a totally different manner. The work planning and control process lacks consistency.

See MG.5.


MG.6.10 Signs and postings clear and current with regard to the hazards and entry requirements. [HQ ISM CRAD]


During the tour of the LCLS construction site, signs and posting were clear and hazards and entry requirements were posted.


Conclusion Some organizations have effective parts of a work planning and control process; however, no organization interviewed had a system (or coordinated set of systems) that is formal, structured, and/or comprehensive (e.g., Particle Physics and Astrophysics plan, schedule, control, and perform work differently than the Facilities Group). The objective was not met. Findings See MG.5. Proficiencies None identified. Observations of Work Activities Tour of LCLS Construction Site Facilities Department Plan-of-the-Day Meeting


C-66

Interviews Conducted See MG.5. Records Review See MG.5. Submitted by: Jack Weese, Team Member Approved by: David Allen, Team Leader


C-67


Functional Area: Management (MG) – Assessment Program


OBJECTIVE MG.7: SLAC uses self-assessments to periodically evaluate performance at all levels and to determine the effectiveness of policies, requirements, and standards and their implementation status. [DOE O 226.1A]


MG.7.1 Management self-assessments (also called management assessments) are formally scheduled and performed by SLAC management and are developed (scope and review criteria) based on the nature of the facility/activity being assessed and the hazards and risks to be controlled. The requirements are defined in written procedures. [DOE O 226.1A]


The requirements to perform management self-assessments are documented in ES&H Manual Chapter 33, Line Management Self-assessment. ES&H Manual Chapter 33 requires line managers to perform and document walkthroughs, ES&H workspace compliance assessments, and assessments of procedures. Section 5.1.1.5 requires deficiencies that are not corrected on the spot be recorded in the SMART system and reported to SLAC’s Corrective Action Tracking System. Those walkthroughs where no deficiencies are recorded still require reporting in the SMART system.

Interviews with the ES&H Assistant Associate Director, ES&H PAAA/NTS Coordinator, and ES&H Alternate PAAA/NTS Coordinator revealed that ES&H assessment results are not being entered into the SMART database, as required by ES&H Manual Chapter 33.

During an interview with the Facilities Department Manager, he indicated that he conducted facility walkthroughs; however, his walkthroughs were not formally documented. He further explained that assessments (line management walkthroughs, line management led ES&H workspace compliance assessments, and line management assessments of procedures) were delegated to his supervisors. In discussions with the Facilities Department supervisors, they stated that no formal, documented assessments had been conducted, and they were unaware of the requirements in ES&H Manual Chapter 33 to perform these assessments.

Discussion with two of the Facilities Department ES&H coordinators that ES&H workspace compliance inspections were being conducted on a regular basis and that these assessments were formally documented; however, they were not being recorded in the SMART system. Copies of the write-ups were reviewed, and found to be sufficient.

This issue was previously identified during the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear

Accelerator Center (Finding #D5). Eight of ten corrective actions associated with D5


C-68

have been completed. The corrective action remains open.


MG.7.2 Self-assessments that focus on hands-on work and the implementation of administrative processes involve workers, supervisors, and managers to encourage identification and resolution of deficiencies at the lowest level practicable (e.g., workplace inspections and post-job reviews). [DOE O 226.1A]


ES&H Manual Chapter 33 contains checklists for line management self-assessments (Line Management Self-assessment: Management Walkthrough Checklist and Line Management Self-assessment: Workspace Compliance Assessment Checklist). These checklists appear to be adequate for conducting workplace inspections and post-job reviews.


MG.7.3 Support organizations have established, documented, and implemented a routine schedule of self-assessments of their performance and the adequacy of their processes. The implementation requirements are defined in procedures. [DOE O 226.1A]


Interviews with the Facilities Department managers revealed they have no schedules for self-assessments. Chapter 33 of the ES&H Manual and Chapter 4 of the SLAC Integrated Safety and Environmental Management System (ISEMS) Description do not require a schedule for self-assessments as required by DOE O 226.1A.


MG.7.4 SLAC includes subcontractors in its self-assessment program such that subcontractor work is reviewed with same depth and breadth as SLAC’s self-performed work.


In June 2007, the Procurement Evaluation and Reengineering Team (PERT) issued a deficiency on the Purchasing Department for not performing self-assessments on the subcontractors. Evidence was not presented that self-assessments were being conducted of subcontractor work.


MG.7.5 Self-assessment schedules are tracked to ensure completion using a documented system (e.g., SLAC’s Corrective Action Tracking System) and management is kept apprised of the schedule status.


See MG.7.3.


MG.7.6 SLAC personnel at all levels assess the implementation and adequacy of their processes, including analysis of the collective results of lower-level self-assessments. [DOE O 226.1A]



C-69

See MG.7.3.


MG.7.7 Self-assessment results are documented with a level of detail commensurate with the significance of and risks associated with the activities being evaluated. Deficiencies are accurately described and documented for evaluation and correction using a formal issues management process. [DOE O 226.1A]


While some self-assessment results are being documented and deficiencies are documented in CATS, as previously stated in MG.7.1, the Facilities Department does not perform assessments as required in ES&H Manual Chapter 33 and deficiencies are not being entered into CATS.


Conclusion There is no evidence that self-assessments are being conducted consistently across the board. Chapter 33 of the ES&H Manual requires that information for self-assessments performed be entered into the SMART database, and this is not being performed consistently. The objective was not met. Findings MG.7.1.P2-005 Assessments identified in ES&H Manual Chapter 33 are not consistently being

performed, documented, or tracked by SLAC, as required. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted See MG.5. Records Review See MG.5. Submitted by: Jack Weese, Team Member Approved by: David Allen, Team Leader


C-70



C-71


Functional Area: Management (MG) – Assessment Program


OBJECTIVE MG.8: To support unbiased evaluations, internal independent assessments are performed by SLAC organizations or personnel that have authority and independence from line management. [DOE O 226.1A] Criteria and Discussion of Results

MG.8.1 The assessments are formally planned and scheduled based on the risk, hazards, and the complexity of the processes and activities to be evaluated. Management is kept informed of the schedule status. [DOE O 226.1A]


An independent assessment manual and a risk prioritization manual have been developed and approved by the Office of Assurance. The Office of Assurance has also developed an integrated assessment schedule that has identified 27 Internal Independent Assessments that have been scheduled (beginning in 2005 through 2013). Out of the 27 scheduled, to date, eight have been completed and six are identified as ongoing. Interviews with the Office of Assurance Director and document reviews indicate that a formal independent assessment process is in place at SLAC and that management is kept informed of the schedule status.

This issue was previously identified during the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center (Findings #D5). Eight of ten corrective actions associated with D5 have been completed. The corrective action remains open.


MG.8.2 Independent evaluators are appropriately trained and qualified and have knowledge of the areas assessed. [DOE O 226.1A]


Independent evaluators are trained and/or qualified in the methods of leading or participating in independent assessments (for example, SLAC’s recent EMS Internal Independent Assessment lead assessor had not only led ISO 14001 and EMS registered programs, but he is also a certified ISO 14001 auditor).


MG.8.3 Reviewers are dedicated SLAC staff, members of external organizations, or both. (DOE O 226.1A]


C-72


Internal Independent Assessments (IIAs) are performed by an individual or team (SLAC staff, members of external organizations, and/or both) that is not affiliated with the organization performing the work. In addition, a SME is usually assigned to support the assessment team and evaluate the technical accuracy and appropriateness of a particular area or function. For example, the assessment team for the Chemical Management System and Hazardous Material Program IIA was composed of SLAC staff, peers from sister laboratories (Lawrence Livermore National Laboratory and Sandia National Laboratory), and Stanford University personnel.


MG.8.4 Although independent assessments are applied to individual activities and processes, they typically focus on entire facilities or projects or on programs and management processes that are used by multiple organizations. [DOE O 226.1A]


Internal independent assessments evaluate the performance of work processes with regard to requirements, compliance and expectations for safely performing the work, and achieving the goals of the organization. IIAs are focused on the items and services produced and their associated processes. For example, the assessment team for the Chemical Management System and Hazardous Material Program IIA evaluated the work processes with regard to requirements.


MG.8.5 Internal independent assessments concentrate on performance and observation of work activities and the results of process implementation. [DOE O 226.1A]


During this review, observations of work activities were not observed.

This criterion was not applicable.

Conclusion

A system and processes are now in place for internal independent assessments; however, the implementation is not mature enough to make an evaluation of its effectiveness.

The objective was met.

Findings

No findings identified.

Proficiencies

No proficiencies identified.

Observations of Work Activities

None observed.


C-73

Interviews Conducted

See MG.5.

Records Review

See MG.5.

Submitted by: Jack Weese, Team Member

Approved by: David Allen, Team Leader


C-74



C-75


Functional Area: Management (MG) – Issues Management


OBJECTIVE MG.9: SLAC ensures that a comprehensive, structured issues management system is in place. This system provides for the timely and effective resolution of deficiencies, and it is an integral part of SLAC’s contractor assurance system. [DOE O 226.1A]


MG.9.1 Program and performance deficiencies, regardless of their source, are captured in a system or systems that provide for effective analysis, resolution, and tracking. Issues management includes structured processes for:

(a) Determining the risk, significance, and priority of deficiencies.

(b) Evaluating the scope and extent of the condition or deficiency (e.g., applicability to other equipment, activities, facilities, or organizations).

(c) Determining event reportability under applicable requirements (e.g., Price-Anderson Amendments Act, Occurrence Reporting and Processing System, security incident reporting).

(d) Identifying root causes, which are applied to all items using a graded approach based on risk.

(e) Identifying and documenting suitable corrective actions and recurrence controls, based on analyses, to correct the deficient conditions and prevent recurrence.

(f) Identifying individuals/organizations responsible for implementing corrective actions.

(g) Establishing appropriate milestones for completion of corrective actions, including consideration of significance and risk.

(h) Tracking progress toward milestones such that responsible individuals and managers can ensure timely completion of actions and resolution of issues.

(i) Verifying that corrective actions are complete.

(j) Validating that corrective actions are effectively implemented and accomplish their intended purposes, using a graded approach based on risk.

(k) Ensuring that individuals and organizations are accountable for performing their assigned responsibilities.

[DOE O 226.1A]


A documented process exists for issues management (located in the SLAC Assurance Program Description). On page 31 of the issues management process description, a responsibilities matrix summarizes many aspects of the Issues Management Program and


C-76

the application of the graded approach. Issues Management Program committee meeting minutes were reviewed, and it was determined that the minutes document the major improvements/developments to the program over the last 18 months. This issue was previously identified during the Office of Independent Oversight’s 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center (Finding D6). Seven of eight corrective actions associated with D6 have been completed. The corrective action remains open.

The Issues Management Process is not mature. A reasonable assessment of this criterion was not accomplished. It is recommended that this criterion be revisited and assessed as part of a future assessment.


MG.9.2 SLAC’s Issues Management Program provides a process for rapidly determining the impact of identified weaknesses and taking timely action to address conditions of immediate concern. For such conditions, interim corrective actions (e.g., stopping work, shutting down activities, or revising a procedure) are taken as soon as a condition is identified and without waiting until a formal report is issued. [DOE O 226.1A]


The SLAC Assurance Program Description was reviewed, and compensatory measures are defined in Section 3.4.3. As defined in the ES&H Manual Chapter 2, Work Authorization, interim corrective actions are taken when a condition is identified that requires immediate action without waiting for a formal report to be issued.


MG.9.3 SLAC’s processes for analyzing deficiencies, individually and collectively, enable the identification of programmatic or systemic issues. Process products are used by management to monitor progress in addressing known systemic issues and to optimize the allocation of assessment resources. [DOE O 226.1A]


As an example of identifying programmatic/systemic issues, the assessor reviewed an independent assessment of SLAC’s JHAM process conducted by the Office of Assurance. Systemic issues were identified, and resolution of these deficiencies is being addressed as part of the new work control process.


MG.9.4 SLAC has effective processes for communicating issues up the management chain to senior management, using a graded approach that considers hazards and risks. The processes provide sufficient technical basis to allow managers to make informed decisions and must include provisions for communicating and documenting dissenting opinions. The processes for resolving disputes about oversight findings and other significant issues are implemented. The processes include provisions for independent technical reviews of significant issues. [DOE O 226.1A]


Tracking and trending analyses are necessary to ensure that effective communications are in place using a graded approach. The roles and responsibilities for establishing metrics, providing trending information to senior management, and making recommendations for


C-77

program improvement were assigned to a data monitoring and analysis assurance professional. At this time, no individual has been designated as the data monitoring and analysis assurance professional.


Conclusion A documented process exists for issues management (located in the SLAC Assurance Program Description); however, the Issues Management Program is not mature enough to determine the program’s effectiveness. In addition, roles and responsibilities for the data monitoring and analysis assurance professional identified in the Issues Management Program have not been assigned. The objective was met. Findings MG.9.4.P3-008 Metrics are not being established, and trending information is not being

provided to senior management, as required by the SLAC Assurance Program Description, Section 3.4.

Proficiencies No proficiencies identified. Observations of Work Activities None observed. Interviews Conducted See MG.5. Records Review See MG.5. Submitted by: Jack Weese, Team Member Approved by: David Allen, Team Leader


C-78



C-79


Functional Area: Operations (OP) – Radiological Protection (RP)

Objective ID: RP.1 Date: August 2008

OBJECTIVE OP-RP.1: The SLAC Radiation Protection Program is adequately documented and implemented to meet the requirements of 10 CFR 835. Criteria and Discussion of Results (Insert Finding and Proficiency Number Following Text)

OP-RP.1.1 Procedures being developed by SLAC are in conformance with the Corrective Action Plan Summary Report of the Office of Independent Oversight October-November 2006 Inspection of Environment, Safety, and Health Programs at the Stanford Linear Accelerator Center, March 2007, responding to findings from the HSS review of 2006, and meet the requirements of 10 CFR 835 and the intent of relevant DOE guides and handbooks dealing with radiation protection programs.


The SLAC Radiological Control Manual was reviewed. From this review, it is apparent that SLAC is well versed in the DOE radiation protection implementation process. The manual references 10 CFR 835 (the DOE Radiological Control Standard [RCS]), the Radiation Protection Program Guides, DOE Policy statements, and the Price Anderson Amendments Act process. In the Overview Section of the SLAC Manual, it states that "As allowed by DOE guidelines, the specific application of the various practices of this Manual will be used as appropriate for operations at SLAC and as a means of implementing the requirements of 10 CFR 835." This was interpreted by the reviewer to mean that the manual is used as the SLAC RPP, and the interspersing and citing of 10 CFR 835 requirements throughout the SLAC Manual appears to affirm this belief. The following comments are provided on the referenced documents.

Radiation Protection Program Guides and the RCS – The provisions in the Program Implementation Guides and the RCS (Standardized version of the RadCon Manual) are DOE's view of acceptable methods to implement a radiation protection program. They are not mandatory but create an inference of compliance with regulatory requirements (10 CFR 835). Only "shall" statements in the guides represent actual 10 CFR 835 requirements. The many "should" and "may" statements in the guides are optional program recommendations. Along those lines, the guides also suggest using consensus standards such as those developed by the American National Standards Institute and the Health Physics Society. The language in the 10 CFR 835 preamble was very specific. It stated that the Manual is not regulatory in nature, but provides "best practices" guidance for radiological control. The rule further states that sites may consider citing all or parts of the Manual in its 10 CFR 835 RPP. The rule then states the following: since compliance with the RPP is a requirement of 10 CFR 835.101, the citing of a provision from a site-specific manual or any other document will make compliance with the cited provision a requirement.

For those not familiar with the Rules/PAAA process, this means that if you cite a best practice guidance provision in your site manual, and use that manual as part of your RPP,


C-80

then if you don't follow all the cited provisions, your site is subject to PAAA penalties, even though the provision is not a 10 CFR 835 requirement. Only "reasonable" controls are required. For the most part, reasonable controls can be achieved by implementing the requirements of 10 CFR 835. It is up to each contractor and their respective DOE site office to determine which portions (if any) of the guidance documentation best fits their mission and meets their as low as reasonably achievable (ALARA) principles.


Conclusion The SLAC Radiation Protection Program is adequately documented and implemented to meet the requirements of 10 CFR 835. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities None observed. Interviews Conducted No interviews were conducted. Records Review SLAC-I-720-0A05Z-001-R003, Radiological Control Manual, January 1, 2008 SLAC-I-720-0A29Z-001-R023.3, ES&H Manual, Chapter 9, Radiological Safety, December 31, 2007 SLAC-I-760-0A05C-002-R004, RP Department Radiological Work Permits Procedure, Rev. 4,

June 28, 2007 SLAC-I-720-2A04G-006-R008, Draft RP Department Health Physics Technician Qualification

Standard, Rev. 8, June 5, 2008 SLAC-I-760-2A05C-004, Radiological Posting, Rev. 1.0, June 28, 2008 SLAC-I-760-2A-05C-013, Contamination Monitoring, Rev. 1.0, June 13, 2008 SLAC-I-760-2A-26C-002, Draft Portable Radiation Detection Instrumentation Program Manual,

Rev. 1.0, April 8, 2008 SLAC-I-760-2A26C-002-R004, Radiological Instrument Equipment and Calibration Intervals, June 2008 SLAC-I-760-0A050-011, Draft RP Department MDA for Contamination, Rev. 0, March 2008 SLAC-I-760-2A-26C-002, Radiation Generating Devices Program Manual, Rev. 1.0, April 8, 2008 Submitted by: Craig Booker and Mike Henderson, Team Members Approved by: David Allen, Team Leader


C-81


Functional Area: Operations (OP) – Construction (CONST)

Objective ID: OP-CONST.1 Date: August 2008

OBJECTIVE OP-CONST.1: An integrated process has been established and is utilized to effectively plan, authorize, and execute the identified work for the SLAC Facilities Department’s construction-related activities. (CE II-4) (ISMS Handbook, Ph II, OP.1)


OP-CONST.1.1 The Facilities Department’s procedures and/or mechanisms are in place to ensure that work planning is integrated at the individual maintenance or activity level, fully analyzes the hazards, and develops appropriate controls. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


The scope of work for subcontracted construction work is adequately described in contract documents, drawings, and specifications. These are available at the worksites.

SLAC ES&H Manual Chapter 42, Subcontractor Construction Safety, defines the processes required to ensure that work planning, identification of hazards, and development of appropriate controls are completed for construction work activities/projects.

Construction subcontractors are required to submit their California Injury and Illness Prevention Plan (IIPP) and Code of Safe Work Practices for review and approval at the time of bid. The IIPP, Code of Safe Work Practices, and subcontractor qualification information are reviewed by Purchasing, ES&H, and Project Management and must be approved prior to award of the subcontract. Upon award of a project, all construction subcontractors and service subcontractors performing high-risk work must then prepare a Site Specific Safety Plan (SSSP). The SSSP addresses the specific work activities and hazards and identifies controls applicable to the work scope, including acknowledgement of 10 CFR 851 requirements, identification of responsible persons with authority to implement the safety program, and specific requirements such as permits, competent persons, and training. The SSSP is reviewed and approved by line management safety coordinators, the University Technical Representative, and the Project Manager prior to issuing the Notice to Proceed.

The construction subcontractor must then prepare a Job Safety Analysis that addresses each task within the scope of work. JSAs are key to the identification of hazards and development of work controls at the working level and must be discussed with workers prior to beginning any work task. The JSAs must be developed or revised prior to the start of any on-site work, before initiating any new phase of work or new task, and before modifying an existing work task. The JSA must be reviewed and approved by the UTR. If the UTR is not familiar with the hazards and controls for a specific scope of work, he must have the work task and


C-82

JSA reviewed by an ES&H Program SME prior to approval.

JSAs must be reviewed at the daily pre-job briefing by construction subcontractor employees and must be signed prior to beginning work. JSAs must also be reviewed and signed by any other personnel (e.g., engineering, management, visitors, etc.) entering the work site each day.

JSAs reviewed identified the hazards and controls for the work being performed and were signed by the workers on site prior to performing work for the day. While the JSAs addressed hazards, provided general controls and were adequate to address the work that was being performed, they were minimal. There is room for improvement in the level of detail, as well as consistency, with JSAs throughout all the site organizations.

See MG.5.


OP-CONST.1.2 The Facilities Department’s procedures and/or mechanisms are in place which ensures that a process used to confirm that the facility or activity and the operational workforce are in an adequate state of readiness prior to authorizing the performance of the work. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


SLAC ES&H Manual Chapter 2, Work Authorization, defines the process used by SLAC management for the authorization of work activities. For construction activities involving a significant hazard, a review is required by the Safety Overview Committee and Citizen Committees in accordance with the limits defined in ES&H Manual Chapter 31, Institutional ES&H Committees. For work activities that do not meet the criteria for review by the Safety Oversight Committee or Committees, approval for initiating the performance of work is granted by the Project Manager, as described in ES&H Manual Chapter 42, Subcontractor Construction Safety, with the input and approval of the appropriate ES&H safety officers.


OP-CONST.1.3 The Facilities Department’s procedures and/or mechanisms are in place which ensures that a process used to gain authorization to conduct operations. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


See OP-CONST.1.2.


OP-CONST.1.4 The Facilities Department’s procedures and/or mechanisms are in place which ensures that safety requirements are integrated into work performance. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


Safety requirements are integrated into the work performance activities. Daily toolbox meetings are conducted prior to the start of work to review the associated work task, the JSA, and the permits applicable to the scope of work being performed. The subcontractor is required to have someone available at the work site that is responsible for ES&H at all times while the work is being performed.


C-83

The subcontractor supervisor is required to complete a daily job-site safety checklist for the current work site. A sample of these checklists was reviewed and was adequate for the work being performed.

In addition, the SLAC University Technical Representative performs routine inspections of the work site and observes work activities to ensure all permits are in place, JSAs are current and complete, and work is being performed in accordance with prescribed requirements.

While appropriate hazard identification and controls were in place for all the projects reviewed and the vast majority of work activities were being performed in accordance with established controls, isolated instances of noncompliance were noted during one site visit. Specifically, craft employees were observed driving in a vehicle across the site without wearing seat belts; and a ladder, not appropriate for the intended use, was in place to provide access to an excavation. Both observations were corrected during the review.


OP-CONST.1.5 The Facilities Department’s procedures and/or mechanisms are in place which ensures that adequate performance measures and indicators, including safety performance measures, are established for the work. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


Performance criteria are established in the General Terms and Conditions of the Contract Document. Criteria include the assessment of monetary fines for safety and health violations and progress up to and including termination of the contract.

The project UTR is notified of all incidents and injuries and provides the information to the ES&H Industrial Safety Organization.


OP-CONST.1.6 The Facilities Department’s workers actively participate in the work planning process. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


Subcontract construction workers participate in daily tool box meetings to discuss the days planned work activities and review the applicable JSA. Meetings observed were open and workers reviewed felt free to discuss work activities.


OP-CONST.1.7 The Facilities Department’s procedures and/or mechanisms demonstrate effective integration of safety management. (ISMS Handbook, Ph II, OP.1) (construction-related activities)


Processes are in place for reviewing subcontractors’ Injury and Illness Prevention Plan and Code of Safe Practices, Site Specific Safety Plan, Job Safety Analysis, and

specific permits, as required, to ensure that safety is integrated into the construction


C-84

management process.

See OP-CONST-1.1.


OP-CONST.1.8 The Facilities Department provides adequate oversight of its contractors. (construction-related activities)


Oversight of construction projects is provided on multiple levels. A University Technical Representative is assigned to each construction project; and for significant projects, multiple UTRs may be assigned. The UTRs’ responsibilities (as defined in the UTR Manual and ES&H Manual Chapter 41) include reviewing safety plans and documentation; attending subcontractor meetings, including tailgate meetings; and meeting with the subcontractor daily to discuss the JSA for the day and any changes in safety or environmental compliance.

The facility safety coordinators are responsible for routine monitoring of subcontractor work activities for compliance with the established ES&H requirements.

The project manager is responsible for conducting routine job site visits, including frequent unannounced visits.

The assigned UTR was observed at each of the job sites visited during this inspection, and the project manager and safety coordinators were observed on site at numerous times. There was also a routine presence of the SSO Federal Project Director, safety specialist, and manager at the field job sites.


OP-CONST.1.9 The review of the Facilities Department’s procedures and implementation indicates that SLAC’s SMEs have a process-based system rather than an expert-based system. (construction-related activities)


SLAC has definitive procedures and processes in place to govern the selection and oversight of construction subcontractors, as well as specific ES&H programs for developing the scope of work, identifying hazards, developing hazard controls, and performing work. The basic document for subcontractor work processes is ES&H Manual Chapter 42, Subcontractor Construction Safety, and referenced procedures.


Conclusion An integrated defined process has been established and is utilized to effectively plan, authorize, and execute the identified work for the SLAC construction-related activities. Programs and procedures are in place to provide the direction necessary to incorporate ES&H requirements into the management of construction projects from initiation of a project through performance and closure. The objective was met. Findings


C-85

None identified. Proficiencies None identified. Observations of Work Activities Safety and Operability Reliability Improvements (SORI) Underground Upgrades Project Pipe Installation

Work (multiple locations) Tree Cutting and Disposal LCLS Civil Construction Activities LCLS SLAC directing Electrical Subcontractor Work Activities SORI Project Subcontractor Daily Tool Box Meeting LCLS Plan of the Day Coordination Meeting Interviews Conducted Facilities Department Head Facilities Department Deputy Department Head and Engineering, Construction, and Project Management Facilities Department Construction Manager Facilities Department Supervisor Safety and Health Coordinator Foreman Pacific Underground Construction, Inc. Facilities Division SORI UTR Foreman Western Allied Mechanical SSO Project Director Facilities Division Safety Coordinator Newcomb Tree Service Project Manager and Supervisor/Safety Officer Newcomb Tree Service UTR Building and Construction Safety Group Leader LCLS ES&H Coordinator Buyer, Procurement Construction Group ES&H Industrial Safety Group Leader ES&H Chemical and General Safety Department Head SSRL Facility Manager SSRL Safety Coordinator UTR SSRL LCLS Project Coordinator Two Welders Pipe Fitter Tree Cutter Records Review ES&H Approved Construction Vendors as of August 1, 2008, August 6, 2008 SLAC-I-720-0A29Z-001-R023.2, ES&H Manual, Chapter 49, Service Subcontractor Safety, June 7, 2007 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 2, Work Authorization, June 25, 2007 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 42, Subcontractor Construction Safety,

March 28, 2008 SLAC-I-730-0A23R-003-R002, Subcontractor Construction Safety: Job Safety Analysis Form,

Department: Chemical and General Safety, SLAC Underground Utilities Upgrade – Phase II,


C-86

July 21, 2008 SLAC-I-730-0A23R-003-R002, Subcontractor Construction Safety: Job Safety Analysis Form,

Department: Chemical and General Safety, SLAC Underground Utilities Upgrade – Phase II, July 24, 2008

Contract DE-AC02-76-SF00515, April 25, 2008 ISMS Pre-Work Safety Checklist, July 21, 2008 E-mail from Harry K. Shin, SLAC, to Raymond Kenneth Radau, et al., subject: Hot Water System-

Shutdown Schedule, July 17, 2008 SLAC-I-730-0A23R-003-R002, Subcontractor Construction Safety: Job Safety Analysis Form,

Department: Chemical and General Safety, SLAC Underground Utilities Upgrade – Phase II, July 25, 2008

SLAC-I-730-0A21J-027-R001, Subcontractor Construction Safety: Subcontractor Safety Qualification Form (blank example), No date

SLAC-I-730-0A21J-025-R002, SLAC Site-Specific Safety Plan (blank example), No date SLAC-I-720-0A03Z-002-R000, SLAC University Technical Representative Requirements and

Procedures for Construction, June 1, 2007 SLAC-I-730-0A21J-025-R002, SLAC Site-Specific Safety Plan, Subcontract/Purchase Order Number

515-S-69642, Seismic Upgrades for SSRL Building 120, August 1, 2007 SLAC-I-730-0A23R-003-R002, Subcontractor Construction Safety: Job Safety Analysis Form,

Department: Chemical and General Safety, LCLS – Phase 4, August 5, 2008 Pacific Underground Construction, Inc., Injury & Illness Prevention Program for Construction,

July 15, 2008 Job Site Safety Checklist, SORI – Cold/Hot Water, July 24, 2008 Construction Subcontract, Number 55-S-74555, AIM Sheet Metal Inc., April 2007 Job Site Safety Checklist, SORI – Hot & Cold H20, August 4, 2008 SLAC-I-730-0A21J-025-R001, SLAC Site-specific Safety Plan, Hot & Chilled Water, Cooling Tower

Water Systems, May 1, 2008 Construction Safety Paperwork Checklist for Contractors, August 7, 2007 UTR Training, ES&H Course 394, January-February 2008 Jefferson Lab Environment Health & Safety for Construction Subcontractors (Presentation), August 2007 SLAC-I-720-0A29Z-R023.1, ES&H Manual, Chapter 31, Institutional ES&H Committees, July 22, 2006 SLAC Memorandum from Burl Skaggs to S. Williams and B. Sherin, subject: Roles and Responsibilities

for University Technical Representatives, Project Managers and Environmental Safety and Health Staff in Construction at SLAC, July 31, 2008

LCLS Tailgate Meeting 104C 7 a.m., August 5, 2008 Attendance Sheets from LCLS Tailgate Meeting 7 A.M. 104C, August 6-7, 2008 LCLS Work Authorization, Install LION Cables in BTH, June 29, 2008 LCLS Work Authorization, LCLS Phase V Fiber Optic Terminations, June 11, 2008 SLAC-I-730-0A21J-025-R001, SLAC Site-specific Safety Plan, Cable Plant Systems Phase 4 – BTH,

Undulator, and Beam Dump Installation Project, February 11, 2008 UTR Qualifications, July 2008 Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader


C-87




OBJECTIVE OP-CONST.2: Each phase of the construction project shall be evaluated for associated hazards. Appropriate protective measures are selected to specifically address the hazards identified in the hazard analyses. Identified hazards are promptly addressed. (HQ CRAD)


OP-CONST.2.1 A hazard evaluation is conducted for each phase of the project identified within the project safety and health plan. (10 CFR 851, Appendix A, Section 1(a)(1)(i)) (construction-related activities)


Prior to procurement, the scope of work is prepared by the project manager and reviewed by the Safety Oversight Committee, Citizen Committees, and/or safety officers as applicable to ensure that potential hazards are identified and the appropriate requirements are incorporated prior to issuing a contract for bid.

Upon award of a project, the construction subcontractor must prepare a Site Specific Safety Plan that addresses specific work activities, hazards, and controls applicable to their work scope, this includes acknowledgement of 851 requirements, identification of responsible persons with authority to implement the safety program, and specific requirements such as permits, competent persons, and training. The SSSP is reviewed and approved by line management safety Coordinators, the University Technical Representative, and Project Manager prior to the Notice to Proceed.

The construction subcontractor must then prepare a Job Safety Analysis that addresses each task within the scope of work. JSAs are key to the identification of hazards and development of work controls at the working level and must be discussed with workers prior to beginning any work task. The JSAs must be developed or revised prior to the start of any on-site work, before initiating any new phase of work or new task, and before modifying an existing work task. The JSA must be reviewed and approved by the UTR. If the UTR is not familiar with the hazards and controls for a specific scope of work, he must have the work task and JSA reviewed by an ES&H Program SME prior to approval.

JSAs must be reviewed at the daily pre-job briefing by construction subcontractor employees and must be signed prior to beginning work. JSAs must also be reviewed and signed by any other personnel (e.g., engineering, management, visitors, etc.) entering the work site each day.


C-88

This process is defined in ES&H Manual Chapter 42, Subcontractor Construction Safety. See MG.5. This criterion was met.

OP-CONST.2.2 Hazards to be evaluated also include those related to site-specific information or characterization data provided by the construction manager. (10 CFR 851, Appendix A, Section 1(a)(1)(ii)) (construction-related activities)


Site specific characterization information is developed during the initial project evaluation by SLAC ES&H personnel and safety officers prior to release of the bid, and this information is provided to the subcontractor during the bid process. Prior to the development of the Site Specific Safety Plan, the subcontractor has been given an opportunity to review the work site and identify any site specific hazards that must be addressed. If additional site evaluation is needed, such as identification of underground utilities, specific JSAs are put in place to identify the hazards and controls necessary to perform the evaluation, along with specific permits such as lockout/tagout and excavation, as required.


OP-CONST.2.3 Appropriate engineering or administrative controls, as well as PPE, are selected for each identified hazard. (10 CFR 851, Appendix A, Section 1(a)(1)(i)) (construction-related activities)


The construction subcontractor must prepare an SSSP and have it approved prior to beginning work. The SSSP is prepared using the template provided in Chapter 42 of the SLAC ES&H Manual and requires the subcontractor to address the hazards and controls for each of the specified work tasks. The template also requires the subcontractor to address specific work phases, such as mobilization, barricades and signage, and waste disposal, and provides referenced requirements from the ES&H Manual for each item. The SSSP must be reviewed and approved by the project manager and UTR prior to beginning work.

Once the SSSP is approved, the subcontractor must provide a detailed JSA that addresses specific work tasks, such as welding, identify the hazards, and establish controls. The SLAC Subcontractor Construction Safety Job Safety Analysis Guide in Chapter 42 of the ES&H Manual defines the process for development and approval of the JSA. The JSA must be reviewed and approved prior to use and must be reviewed with the workers daily before they can begin work.

JSAs reviewed identified the hazards and controls for the work being performed and were signed by the workers on site prior to performing work for the day. JSAs addressed hazards, provided general controls, and were adequate to address work that was being performed. Review of selected JSAs found that they could be improved (see OIO Finding #C-2 regarding work planning). There is room for improvement in the level of detail, as well as consistency, with JSAs throughout all the site organizations.



C-89

OP-CONST.2.4 Selected controls take into account identified SLAC site-specific safety and health requirements. (10 CFR 851, Appendix A, Section 1(a)(1)(ii)) (construction-related activities)


The subcontract’s standard terms and conditions incorporate ES&H Manual Chapter 42 as part of the contract. As a result, site specific health and safety requirements applicable to construction activities are a contractual requirement.

Controls identified during the development of the SSSP and the JSA incorporate the SLAC site specific requirements including specific work procedures and permit requirements.


OP-CONST.2.5 As required by the Occupational Safety and Health Administration (OSHA) standards, protective measures requiring design by a Professional Engineer or other competent professional are developed accordingly. (10 CFR 851, Appendix A, Section 1(a)(1)(iii)) (construction-related activities)


The construction subcontract terms and conditions section, Article 12, requires the subcontractor to have personnel trained and qualified to perform the subcontract task. ES&H Manual Chapter 42, Section 5.1.7.1, requires that where California/OSHA requires a competent person, the subcontractor will designate, in writing, a person qualified to perform the task and be prepared to demonstrate to the SLAC project manager and the ES&H Program Manager the individual’s competency. Section 5.1.7.9 incorporates the requirement into the subcontractor’s responsibilities.


OP-CONST.2.6 Identified hazards are immediately abated. (10 CFR 851, Appendix A, Section 1(c)) (construction-related activities)


The construction subcontract terms and conditions (Article 20, Section E) requires the subcontractor to take immediate corrective actions for safety problems, or effectively mitigate the hazard through other means such as signs, barricades, changes in procedures, or other effective methods. The SLAC subcontractor shall also notify workers, the UTR, and the Purchasing Officer of safety problems, and the corrective actions taken to remedy problems encountered.

As example of the process, during the walkdown of the LCLS construction project, an extension cord was identified passing through an unprotected opening in a gang box, the cord was immediately removed.


OP-CONST.2.7 If immediate corrective action is not possible, or if abatement falls outside project scope, the construction contractor immediately notifies affected workers, posts appropriate warnings, implements needed interim controls, and notifies the construction manager of actions taken. (10 CFR 851, Appendix A, Section 1(c)) (construction-related activities)



C-90

The construction subcontract terms and conditions (Article 20, Section E) address the actions to be taken to correct safety problems. During walkdowns of the Safety and Operability Reliability Improvements (SORI) underground utilities upgrade project, an inappropriate ladder was being used for access to an excavation. Since the ladder belonged to another subcontractor, the using subcontractor took action to prohibit his personnel from using the ladder until an appropriate ladder could be obtained. The project UTR and appropriate personnel were notified of the identified problem and planned action. This observation was corrected during the review.


Conclusion SLAC construction subcontracting activities are controlled by written procedures that provide adequate guidance to ensure protective measures are selected to specifically address the hazards identified in the hazard analyses. While controls identified were adequate to mitigate the hazards encountered during the work being performed, the Job Safety Analysis forms were often generic and lacking detail. This weakness in the preparation of JSAs has been previously identified and is being addressed in the current corrective action for work planning and control. Processes are in place to ensure hazards identified during the work activity are promptly addressed. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities See OP-CONST.1. Interviews Conducted See OP-CONST.1. Records Review See OP-CONST.1. Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader


C-91




OBJECTIVE OP-CONST.3: Workers are aware of the hazards and selected controls to address project hazards. (HQ CRAD)


OP-CONST.3.1 Workers are trained on the hazards and mitigative measures identified by the hazard analysis for each phase of work. (10 CFR 851, Appendix A, Section 1(a)(3)) (construction-related activities)


Before beginning work on site, each construction subcontractor employee must complete ES&H Course 375, Safety Orientation for Construction Contractors. Construction subcontractor workers scheduled to be on site for 60 days or more or who must have general employee radiological training must complete ES&H Course 219, Employee Orientation to Environmental Safety and Health. Any subcontractor employee needing unescorted access to a radiological control area must complete ES&H Course 115, General Radiological Training.

Each subcontractor is responsible for providing personnel “trade specific” training. In addition, subcontractor employees designated as competent persons must have specific training in the area they are responsible. This training must be documented by the subcontractor and documentation submitted to SLAC prior to mobilization.

Each employee must be briefed on the Site Specific Safety Plan, Job Safety Analysis, and applicable work permits prior to beginning work.

The subcontractor must certify in writing that they have safety training records for each employee at the start of the project. When an employee receives additional training or a new employee comes on site, the subcontractor must submit certification of his training to the UTR.


OP-CONST.3.2 Records of completed training are maintained by the construction contractor. (10 CFR 851, Appendix A, Section 1(a)(3)) (construction-related activities)


Subcontractor training records were reviewed during site construction project visits. The subcontractor had signed copies of the SSSP, JSAs, and permits at the job site. Other training records were available based on the employees work assignment.



C-92

Conclusion SLAC has processes in place to require that construction employees are trained on the hazards and control measures in place for the work they are performing. Review of sample records indicated that workers had been trained and were aware of the hazards and controls in place for the work they were performing. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities See OP-CONST.1. Interviews Conducted See OP-CONST.1. Records Review See OP-CONST.1. Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader


C-93




OBJECTIVE OP-CONST.4: Project safety personnel inspect the jobsite to identify existing hazards. (HQ CRAD)


OP-CONST.4.1 The construction superintendent or the project construction safety supervisor makes frequent and regular inspections of the construction worksite. SLAC provides adequate oversight of the project. In addition, subcontractors are adequately overseen by their own safety supervisory personnel. (10 CFR 851, Appendix A, Section 1(b)) (construction-related activities)


The SLAC subcontract terms and conditions (Article 12) require that the subcontractor have a competent foreman or superintendent, satisfactory to the University and with authority to act for the subcontractor, at the site of the work at all times during performance. SLAC ES&H Manual Chapter 42, Subcontractor Construction Safety, requires daily worksite inspections by the subcontractor. Daily inspections were being performed by the supervisor/safety officer for all active construction projects reviewed.

In addition, the ES&H Manual Chapter 42 requires that the project managers, UTRs, and ES&H program managers monitor field activities on a regular basis. The UTRs were performing daily inspections of the worksite, and review of the completed project JSAs revealed that the project managers were on the job sites multiple times each week.

Interviews with construction personnel also revealed that the SSO Federal project managers, ES&H personnel, and the DOE SSO Manager were walking the worksites on a routine basis.


OP-CONST.4.2 Competent persons make frequent and regular inspections of the respective phases of work for which they are responsible. (10 CFR 851, Appendix A, Section 1(a)(1)(iv)) (construction-related activities)


Competent persons were inspecting work sites as required. The Safety and Operability Reliability Improvements underground utility upgrade work involved installation of piping in open excavations. The subcontractor excavation competent person performs daily inspections of the excavation prior to beginning work, and documentation of the inspection was maintained in the job trailer.



C-94

OP-CONST.4.3 Records are maintained of all construction worksite inspections. (10 CFR 851(a)(2)) (construction-related activities)


The subcontractors were maintaining records of all worksite inspections. For the SORI projects, daily inspection records were collected by the UTR and submitted for inclusion in the Facility Management’s SORI project documents database. Records of site inspections for other projects were being maintained by the subcontractor.


OP-CONST.4.4 Housekeeping is determined to be acceptable in all areas inspected. (construction-related activities)


Multiple work areas were reviewed during this inspection, including the LCLS Civil Construction and general construction areas and the SORI project worksites. On all construction projects, housekeeping was being maintained in an excellent condition. All materials were properly stored, laydown areas were well maintained, and walking and work areas were clear of extraneous material and clutter.


OP-CONST.4.5 The results of the review of the Construction Safety Program procedures and implementation at the LCLS indicate that SLAC’s SMEs have a process-based system rather than an expert-based system. (construction-related activities)


SLAC has programs and procedures in place that provide direction for the management of construction work activities and the involvement of the safety officers, safety coordinators, and other SMEs. The management and oversight of construction work is a process-based system.


Conclusion Subcontractor and project management and safety personnel perform documented inspections of construction work sites on a routine basis. The objective was met. Findings None identified. Proficiencies None identified. Observations of Work Activities See OP-CONST.1.


C-95

Interviews Conducted See OP-CONST.1. Records Review See OP-CONST.1. Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader


C-96



C-97


Functional Area: Worker Safety and Health Program (WSHP)

Objective ID: WSHP.1 Date: August 2008

OBJECTIVE WSHP.1: SLAC is meeting its management responsibilities for its WSHP under 10 CFR 851. [DOE G 440.1-8] Criteria and Discussion of Results

WSHP.1.1 The SLAC WSHP has been approved by DOE. [DOE G 440.1-8]


The 10 Code of Federal Regulations (CFR) 851 SLAC Worker Safety and Health Plan, SLAC Worker Safety and Health Program Description, February 2007, was submitted to the DOE SLAC Site Office on February 26, 2007, and was approved by the DOE SSO Manager on May 22, 2007.


WSHP.1.2 SLAC’s programs that are covered by the WSHP have not changed since it was approved. SLAC performs a documented annual review to make this determination. [DOE G 440.1-8]


SLAC performed an annual review of its 10 CFR 851 WSHP and determined that revisions to the plan were needed to address changes in programs, referenced implementing procedures, and organizational structures. The revised plan was submitted to SSO for review and approval on August 1, 2008. Review has been scheduled for completion by SSO within 30 days.


WSHP.1.3 If there have been no significant changes to the WSHP, SLAC submitted a letter to the Site Office prior to the WSHP approval anniversary date stating that no changes were necessary to the program. [DOE G 440.1-8]


As required in 10 CFR 851.11(c)(2), contractors must submit annually to DOE either an updated worker safety and health program for approval or a letter stating that no changes are necessary in the currently approved worker safety and health program. The revision to SLAC’s WSHP was submitted to SSO for approval two months after the annual submission date of the plan. DOE G 440.1-8, Section 3.2.2.5, states that the contractor should submit the updated program or letter in advance of the anniversary of the previous approval so that the head of the DOE field element has sufficient time to approve the submittal by the anniversary of the prior approval.


C-98

See WSHP.1.2. This criterion was not met.

WSHP.1.4 The WSHP states that subcontractors are covered under the approved WSHP. Existing and new subcontractors aware that they are subject to 10 CFR 851. [DOE G 440.1-8]


SLAC’s approved WSHP, paragraph 1.6, states that subcontractors must understand and conform to SLAC’s WSHP and that they must comply with 10 CFR 851. SLAC General Terms and Conditions for Fixed Price Construction Subcontracts, Rev. 10:

• Article 20, paragraph J, states that the subcontractor shall perform work in accordance with 10 CFR 851; and

• Article 20, paragraph A, states that the subcontractor must comply with SLAC’s ES&H Manual Chapter 42, which incorporates requirements for subcontractors to comply with 10 CFR 851.

Completed subcontractor Site Specific Safety Plans reviewed included specific direction that the subcontractor was responsible for complying with 10 CFR 851.

In May 2007, SLAC Procurement sent letters to all SLAC subcontractors performing work, or on the approved vendors list, informing them of the 10 CFR 851 requirements. The letter required acknowledgement of receipt from each subcontractor. As existing subcontracts have been updated, the revised terms and conditions defining the 10 CFR 851 requirements have been incorporated.


WSHP.1.5 SLAC and its subcontractors coordinate effectively to ensure clear roles, responsibilities, and procedures to achieve an integrated approach to ensuring the safety and health of the workers is consistent with 10 CFR 851.11(a)(2)(ii). [DOE G 440.1-8]


SLAC’s Worker Health and Safety Program Description applies to all SLAC and SLAC Subcontracts on site. SLAC Construction subcontractor’s requirements and responsibilities are defined in the subcontract documents and in Chapter 42 of the ES&H Manual. These processes ensure application of consistent requirements for personnel. Each construction subcontractor is required to develop a Site Specific Safety Plan and Job Safety Analysis to identify hazards and controls for their work activities.

A SLAC University Technical Representative is assigned to each of the construction projects and, along with the SLAC Project Manager, facilitates coordination of interfaces between construction subcontractors and SLAC organizations.

The Linac Coherent Light Source daily coordination meeting is one example of effective coordination of work activities and interface between multiple organizations. During this meeting, all entities (the civil construction subcontractor, SLAC direct subcontractors, and SLAC) working within the area are present to discuss interfaces and issues needed to protect all personnel working within the area.



C-99

WSHP.1.6 SLAC’s WSHP integrates the requirements of 10 CFR 851 with other site worker protection activities and the Integrated Safety Management System. SLAC has established, maintained, and documented how coordination is achieved among worker safety and health technical disciplines and other safety and health organizations (e.g., radiation control, construction safety) at a site to ensure successful implementation of its WSHP. [10 CFR 851.11(a)(3)(ii)]


SLAC’s WSHP (approved in May 2007), paragraphs 2.2 and 3, define the integration of the WSHP program with the SLAC Integrated Safety and Environmental Management System and overall ES&H program requirements. The SLAC ES&H Manual provides the implementing processes for both the WSHP and the ISEMS.


WSHP.1.7 SLAC has established written policy, goals, and objectives for the WSHP. [10 CFR 851.20(a)(1)]


SLAC has defined the ES&H policy and overall goals in Section 4.1 of the WSHP. The PEMP defines current goals for ES&H performance and progress is measured as part of the PEMP process.


WSHP.1.8 SLAC uses qualified worker protection personnel to direct and manage the WSHP. The expected qualifications (education, experience, equivalencies) for these positions are documented. [10 CFR 851.20(a)(2)]


Qualified ES&H worker protection personnel are being used to direct and manage the worker safety and health program. Formal position descriptions that define personal qualification requirements are in place for supervisors and managers in the ES&H Division, and the personnel on staff have met the defined qualifications.


WSHP.1.9 SLAC formally assigns worker protection responsibilities, evaluates personnel performance, and holds personnel accountable for worker protection performance. [10 CFR 851.20(a)(3)]


Worker protection responsibilities are defined in the SLAC WSHP and are assigned throughout the ES&H Manual and operating level procedures. Specific responsibilities are evaluated by employees and supervisors through the development and review of the individual’s Job Hazards Analysis and Mitigation form.

In addition, safety performance criteria have been included in the supervisors’ and employees’ annual performance appraisal process.



C-100

WSHP.1.10 SLAC provides mechanisms to involve workers and their elected representatives in the development of the WSHP goals, objectives, and performance measures and in the identification and control of hazards in the workplace. SLAC provides for regular

communication with workers about workplace safety and health matters. [10 CFR 851.20(a)(4), (a)(8)]


SLAC provides an opportunity for worker involvement in the hazard identification and control process by having employees involved in the development of Job Hazard and Mitigation Forms for their work process. Employees also have an opportunity to attend safety meetings and participate in Citizen Safety Committees and divisional self-assessments.

Subcontract construction personnel are involved in development of job safety analyses, daily toolbox meetings, and monthly safety meetings.

Numerous avenues for communication of ES&H information are available, including formal training programs, ES&H websites, newsletters, bulletin-board postings, pre-job meetings, and periodic safety meetings.


WSHP.1.11 SLAC has established procedures for workers to report, without reprisal, job-related fatalities, injuries, illnesses, incidents, and hazards and make recommendations about appropriate ways to control those hazards. SLAC management ensures prompt response to the reports and recommendations made by workers. [10 CFR 851.20(a)(6) and (7)]


Procedures are in place for employees to report, without reprisal, job-related injuries and illnesses as well as hazards. Injury and illness reporting is defined in ES&H Manual Chapter 28, Incident Investigation. The WSHP, Section 5.6, identifies the process for expressing employee concerns. ES&H Manual Chapter 1, General Policy and Responsibilities, paragraph 5.3, provides direction for employees and former employees who wish to submit a concern. An ES&H web page is also available that provides information on multiple avenues for employees to express concerns including processes for remaining anonymous.


WSHP.1.12 SLAC has a documented procedure for stop work authority. [10 CFR 851.20(a)(9)]


The SLAC WSHP, Section 4.2, addresses individual stop activity process. ES&H Manual Chapter 2, section 5.3, defines the process for stopping unsafe activities and includes both individual and management responsibilities. Employees interviewed acknowledged that they had the right and responsibility to stop unsafe activities.


WSHP.1.13 SLAC informs workers of their rights and responsibilities by appropriate means, including posting the DOE-designed Worker Protection Poster in the workplace where it is accessible to all workers. [10 CFR 851.20(a)(10)]


C-101


SLAC WSHP, Section 5, incorporates the worker rights identified in 10 CFR 851. These rights are also communicated to employees in the safety orientation training program. The DOE Worker Rights posters are present on official bulletin boards throughout the site.


Conclusion SLAC is meeting its management responsibilities for its worker safety and health program as defined in 10 CFR 851. All management responsibilities have been identified and programs are in place to implement the process. The objective was met. Findings WSHP.1.3.P2-006 As required in 10 CFR 851.11(c)(2), contractors must submit annually to DOE

either an updated worker safety and health program for approval or a letter stating that no changes are necessary in the currently approved worker safety and health program. The revision to SLAC’s WSHP was submitted to SSO for approval two months after the annual submission date of the plan.

Proficiencies None identified. Observations of Work Activities SORI Project Subcontractor Daily Tool Box Meeting LCLS Plan of the Day Coordination Meeting Interviews Conducted ES&H Chemical and General Safety Department Head ES&H Industrial Safety Group Leader Facilities Department Supervisor Safety and Health Coordinator Building and Construction Safety Group Leader LCLS ES&H Coordinator Records Review Site-Specific Safety Plan for Newcomb Tree Service Tree Removal, No date SLAC-I-720-0A21B-001-R001, SLAC Worker Safety and Health Program Description, July 31, 2008 SLAC-I-720-0A21B-001-R000, SLAC Worker Safety and Health Program Description, Approval Page,

May 22, 2007 SLAC-I-720-0A21B-001-R000, SLAC Worker Safety and Health Program Description, February 2007 SLAC-I-720-0A00B-001-R004, SLAC Integrated Safety and Environmental Management System

Description, February 27, 2007 General Terms and conditions for Fixed Price Construction Subcontracts and Purchase Orders, Rev. 10,


C-102

December 2007 SLAC Letter from Robert Todaro, SLAC Purchasing Officer, to West Valley Construction, Inc., subject:

(No Subject Line—Notification of 10 CFR 851 Worker Safety and Health Program Requirement for all Contractors and Subcontractors/Suppliers Working at DOE sites and Signed Acknowledgement), May 22, 2007

SLAC-I-730-0A21J-025-R002, SLAC Site-Specific Safety Plan, March 28, 2008 ES&H Excerpts from Annual Employee Performance Plan, Supervisory Personnel, March 27, 2007 DE-AC02-76SF00515, Appendix B, FY 2008 Contractor Performance Evaluation and Measurement

Plan for Management and Operations of the Stanford Linear Accelerator Center, M544, October 3, 2007

SLAC-I-720-0A29Z-001-R023.2, ES&H Manual, Chapter 1, General Policy and Responsibilities, February 27, 2007

SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 42, Subcontractor Construction Safety, March 28, 2008

E-mail from Brian Sherin, SLAC, to Donald Wilhelm, SSO, subject: Revised WSHP, July 29, 2008 Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader


C-103


Functional Area: Worker Safety and Health Program (WSHP)

Objective ID: WSHP.2 Date: August 2008

OBJECTIVE WSHP.2: SLAC has documented processes to review its safety and health experience information for reportable items, trends, and lessons learned. SLAC trends this information, and senior management reviews the trend data regularly. [10 CFR 851.21(a)(7), 10 CFR 851.26(b)] [DOE G 440.1-8] Criteria and Discussion of Results

WSHP.2.1 SLAC has documented processes to review its safety and health experience information for reportable items, trends, and lessons learned. [10 CFR 851.21(a)(7)]


The processes for reporting, investigating, and managing occupational injuries and illnesses are described in various documents. ES&H Manual Chapter 28, Incident Investigation, establishes the process for reporting, documentation, and investigation of events. Additional information is also found in ES&H Manual Chapter 3, Medical, and various ES&H and Human Resource websites.

Improvements have been made in the process for classifying injuries to ensure all cases are properly reviewed and classified and adequate investigations are conducted. The Incident Review and Assistance Team (IRAT) consists of the SLAC Workers’ Compensation Specialist, Occupational Health Physician, the SLAC Industrial Safety Group Lead, and an SSO representative. The IRAT has been implemented to review all supervisors’ accident investigation forms and meet with each supervisor to evaluate categorization and corrective actions. This process sets the basis for doing proper evaluation of trends.

All OSHA recordable injuries are documented on the OSHA 300 log maintained by Stanford University and are submitted periodically to the DOE Computerized Accident Incident Reporting and Recording System database. ORPS reportable events are investigated, documented, and tracked in accordance with the occurrence reporting system including root cause and causal analysis, as required.

Lessons learned are developed in accordance with the ES&H Manual Chapter 28, Incident Investigation¸ and the SLAC Lessons Learned and Operating Experience Policy. Lessons learned are distributed to the directorates, as applicable, and maintained in the lessons learned database on the ES&H SharePoint site.


WSHP.2.2 SLAC trends its safety and health experience information, and does senior management review the trend data regularly. [10 CFR 851.26(b)]


SLAC collects and trends its safety and health experience information. Injury and illness data is collected by the ES&H Division Industrial Safety Group. Data is reviewed,


C-104

analyzed, and reports are prepared for distribution to ES&H, the safety coordinators, and SLAC management. Quarterly reports are prepared for and distributed to senior management for review and are available on the SLAC ES&H website.


WSHP.2.3 SLAC regularly reviews its health and safety experience information for potential reportable noncompliances with 10 CFR 851. [DOE G 440.1-8]


Noncompliance Tracking System data resulting from ORPS reports, self assessments, and/or trend recognition by the NTS Coordinators is collected, evaluated, and tracked in accordance with the Stanford Linear Accelerator Center Non-Compliance Tracking System Procedure. The data and associated evaluations are the basis for determining eligibility for entry into the DOE NTS database.

The NTS Review Committee receives, records, and evaluates events or issues to determine if the event constitutes a violation of 10 CFR 835 or 10 CFR 851, and if the event is serious enough to be reportable in the database. The NTS Final Approval Committee reviews the draft DOE NTS database submittal prior to entry.

Events or issues that are not determined to be DOE NTS reportable are maintained on file in the SLAC NTS Event and Entry Tracking Log, which includes a justification documenting the reason the event is non-reportable.


WSHP.2.4 SLAC has a documented process to report noncompliances with 10 CFR 851 to the DOE Noncompliance Tracking System. [DOE G 440.1-8]


Stanford Linear Accelerator Center Non-Compliance Tracking System Procedure defines requirements and the documented process for reporting 10 CFR 851 noncompliances.


WSHP.2.5 SLAC has a documented process to regularly review nonreportable events/illness/injuries for trends that could lead to a reportable noncompliance. [DOE G 440.1-8]


A function of the NTS Review Committee, as defined in Stanford Linear Accelerator Center Non-Compliance Tracking System Procedure, is to review events for trends. If a new identified violation does not rise to the level requiring reporting to the DOE NTS database, then it is evaluated to determine if it corresponds with previous nonreportable violations to determine the potential for a programmatic failure that would be reportable.



C-105

Conclusion

SLAC has documented processes to review its safety and health experience information for reportable items, trends, and lessons learned; and information is provided to SLAC senior management for review on a periodic basis, as well as being available on the SLAC Incident Statistical Information and Reports Webpage.

While documented processes are in place and improvements are being made, some corrective actions resulting from the Office of Health Safety and Security Inspection conducted in 2006 are still open which upon completion will further enhance the process of collecting and analyzing safety and health experience information. Evaluation of final effectiveness of this program is contingent upon completion and implementation of the current corrective actions.

The objective was met.

Findings None identified. Proficiencies None identified. Observations of Work Activities None observed. Evaluation was based on review of documents and interviews. Interviews Conducted ES&H Division Chemical and General Safety Department Head ES&H Division Industrial Safety Group Leader ES&H Division Building and Construction Safety Group Leader Records Review SLAC-I-720-0A29Z-001-R023.2, ES&H Manual, Chapter 28, Incident Investigation, June 14, 2007 SLAC-I-720-0A29Z-R023.3, ES&H Manual, Chapter 3, Medical, March 13, 2008 SLAC-I-720-0A29Z-001-R023.4, ES&H Manual, Chapter 33, Line Management Self-assessment,

April 24, 2008 Quarterly Report on Environment, Safety, and Health, Fiscal Year 2008, Quarter 2, January 1st through

March 31st 2008 SLAC Internal Website (http://www-group.slac.stanford.edu/esh/groups/cgs/safety/statreports.htm, SLAC

Incident Statistical Information and Reports, printed August 8, 2008 SLAC Internal Website

(https://slacspace.slac.stanford.edu/sites/esh/cgs/ll/Lists/LessonsLearned/Threaded.aspx?Roo..., Current Lessons Learned, Acid Tank Design/Secondary Containment Control, printed August 6, 2008

SLAC Internal Website (https://slacspace.slac.stanford.edu/sites/esh/cgs/ll/Lists/LessonsLearned/Threaded.aspx?Roo..., Current Lessons Learned, Accuracy of Work Documents after a Changed Condition, printed August 6, 2008

Letter from Stephen Hauptman, Industrial Safety Group Lead, to Walter Leclerc, Director, Office of Assurance, subject: Completion of OIO Cap Task D-7-7, March 27, 2008

Workbook for Occurrence Reporting, Effective July 1, 2008, Log # EHS 308, Preliminary Notification Report, April 16, 2008


C-106

SLAC Internal Website (https://slacspace.slac.stanford.edu/sites/esh/division/qr/Shared%20Documents/ QRprocedure..., Quarterly Reports, Quarterly Reports Procedures, printed August 6, 2008

ESH 308, Investigative Report, SC-SSO-SU-SLAC-2008-0004, no date SLAC Assurance Program Description, June 12, 2008 Non-Compliance Tracking System Procedure, June 19, 2008 SLAC SU-17 Form, Stanford Linear Accelerator Center, Occupational Accident/Incident Report, Part A-

Injured Party’s Statement (blank form), Rev. 1, June 29, 2007 SLAC Internal Website (https://slacspace.slac.stanford.edu/sites/esh/cgs/ll/Lists/LessonsLearned/

Threaded.aspx?Roo..., Current Lessons Learned, Bellows Expansion in Chilled Water System, August 6, 2008

SLAC-I-730-0A21S-013-R000, Incident Investigation: Notification Requirements, September 1, 2006 Submitted by: James Craven, Team Member Approved by: David Allen, Team Leader

Final Report SLAC ISMS Effectiveness - Stanford...

Documents

Transcript of Final Report SLAC ISMS Effectiveness - Stanford...