Click for next page ( 104


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 103
APPENDIX F COMMENTARY ON REPRESENTATIVE SAFETY GOALS AND APPROACHES The question of "how safe is safe enough," is one that various government agencies have addressed within the context of their mission. The science of risk assessment and management to address these issues has advanced greatly in recent years. MODERN SAFETY GOALS Public Safety There is an established but still evolving discipline for determining acceptable levels of public safety. Chauncey Starr, of the Electric Power Research Institute (EPRI), published seminal articles on this topic in the 1970s. A large volume of literature and analyses has developed since then, holding that it is especially vital for a public agency to have an explicit and defensible rationale for its safety goals. In the absence of explicit, rational goals, systems become vulnerable to attack from a "zero-risk viewpoint, which has perennial appeal as a political posture. Such situations have developed in some areas of the OCS where leasing is being considered. When these situations develop, any deviation from perfection in operation even if it does not result in fatalities, serious injuries, or property damage can be portrayed as a "near-miss" (or more precisely, a near-hit) to a disaster. Environmental Safety Acceptable environmental safety is even more complex an issue than acceptable public safety, since esthetic and fundamental philosophical considerations are involved as well as objective measures of actual and potential damage. As to public safety, actual practice shows that activities contributing less than 0.1 percent of the total average yearly risk of death or disability (less than 1 in 1,000) rarely are subject to intensive activity or regulation to reduce the risks. Considerably higher risks are tolerated for some activities. For environmental hazards, however, the measures of damage are more subjective and value-laden. An acceptable algebra of incommensurables is yet to be developed. For example, how does one scale the potential loss of a particular subpopulation of snail-darters against the occasional occurrence of tar or oil on a beach, or the visible presence of a distant steel structure on a seascape? The objective measure of potential damage from spills or blowouts usually is tempered by the relatively short duration of severe and demonstrable consequences. However, the perception that any event is a precursor to a much greater disaster is not uncommon. This can often result in demands for extension of jurisdiction by federal and state 103

OCR for page 103
104 agencies, greater activism in regulation, intensified deterrence or prohibitions of industrial and commercial activities, and litigation. The implication of these perceptions is that it is prudent for both government and industry to provide state-of-the-art levels of safety management and protection against severe accidents of low probability, and also against less severe "environmental insults than those that historically have been accepted. SPECIFIC EXAMPLES Nuclear The Nuclear Regulatory Commission (NRC) uses a highly developed discipline for estimating the likelihood of severe events of low probability. The importance of this discipline is that it provides a systematic and cumulative record of all of the hazards that have been experienced or that can be imagined (within the bounds of physically possible events.) This discipline, Probabilistic Risk Analysis (PRA), also provides a method for estimating the likelihood of highly improbable events that may never have happened, but that are conceivable and physically possible. The method involves the systematic tabulation of the different sequences that can occur when things fail, break, leak, or are subject to errors in control functions or human performance. Initially, the method depended largely on failure rate data from fossil-hred power plants and chemical plants. (For example, for control systems, pipes, valves, motors, vessels, etc.) Since the original study (WASH-1400, 1975) the data from over 3,000 unit-years of nuclear plant operation have been accumulated. Since 1979, these data have been systematically recorded and analyzed for lessons learned and for remedial measures necessary to reduce the likelihood of recurrence. Three computerized data bases capture component reliability data, along with the events data that also included human error as a frequent element., These data bases provide a sound basis for estimating and managing the risk levels for any conceivable type of event, to about the level of 1 in 10,000 likelihood per year, per plant. While these data bases go well beyond the needs of the OCS industry and MMS, they do illustrate the process for acquiring data to conduct PRAs (Probabilistic Risk Analyses) and establish one precedent for having a common, accessible data base provided from industry sources. Occupational Safety and Health Administration (OSHA) OSHA now sets standards for occupational exposures on the basis of a systematic risk assessment discipline. The intent is to define allowable levels in terms of a non-zero expected response (toxic, carcinogenic, mutagenic or teratogenic) of an average population. The goals usually are in the range of one expected effect per ten thousand to one million exposed individuals. The target range is large because of the inherent uncertainties in extrapolation of animal data to The three data bases are License Event Report, which is NRC recorded onsite and which deals with lessons learned for any nonstandard events, including safety-related ones, as defined by the operating license; the Nuclear Plant Reliability Data System, which is a report maintained by the Institute for Nuclear Power Operations (INPO), based on data provided by the operator and covering component-related performance and quality history; and the Significant Operating Experience report, which is a "must fix" report from the industry audits conducted by INPO. A large bulk of this information is maintained by INPO and is open to all utilities; this information base includes input from 14 foreign countries.

OCR for page 103
105 humans, in the actual net levels delivered, in variations in individual response, and in the different effects of short-term versus chronic exposures. Food and Drug Administration (FDA) The FDA increasingly has used systematic risk assessment. This trend was driven in part by the dilemmas posed by the Delaney Amendment, which banned the use of any material that was a known or suspected carcinogen in animal tests. This zero-risk approach involved serious absurdities once it was recognized that nearly all classes of foodstuffs, in a natural unadulterated condition, contain substances that are carcinogenic in animal tests. The risk assessment methodology has provided a defensible basis for establishing that sufficiently small amounts of such substances are acceptable and probably necessary for life itself. This has been reasonably successful in countering the zero-risk posturing that sometimes drives legislatures.