GSG-12 Organization, Management and Staffing of the Regulatory Body for Safety

The development and/or provision of regulations and guides;

Notification and authorization, including registration and licensing;

Regulatory review and assessment;

Regulatory inspection;

Enforcement;

Emergency preparedness and response;

Communication and consultation with interested parties.

Administrative support, including human resources, finance, management of documents and records, and equipment purchasing and control;

Legal assistance;

Research and development processes;

Arrangements for contracting external expert support, where needed;

Establishment of advisory committees;

International cooperation.

Independent, impartial, transparent, proportionate, objective and evidence based decision making;

Individual and collective commitment to safety, based on a scientific and technical approach;

Acting in the public interest, demonstrating accountable public service and being accountable for decisions;

Respect, fairness and courtesy in all the activities of the regulatory body;

Openness and transparency in dealing with the public and other interested parties, in order to promote confidence and trust in the judgements and decisions of the regulatory body;

Fostering mutual understanding and respect between the regulatory body and authorized parties through a frank, open and formal relationship;

Frank, open and honest communications, including when dealing with appeals, problems and complaints both within and outside the regulatory body;

A supportive environment with respect for personal integrity, expertise and professionalism;

A commitment to learning and continuous improvement;

A questioning attitude.

Precedents for the funding of other national regulatory organizations;

The types and scale of regulated facilities and activities, and the associated workload based on the application of a graded approach to the execution of the functions of the regulatory body;

How the regulatory body is structured, including its use of in-house and outsourced competences.

Competence in the relevant scientific and technological areas;

Competence with regard to the facilities, organizations and activities of authorized parties;

Competence in applying the regulatory processes in accordance with their underpinning legal framework, ethical principles and codes of conduct.

Forums for discussion of public concerns;

Forums for discussions of technical and regulatory aspects of safety;

Means to enable the public to communicate its concerns and questions;

Information channels specifically for public information.

Promoting a systemic approach to safety that embraces interactions between all human, technological and organizational factors;

Developing shared values for safety, establishing behavioural expectations so as to shape a strong safety culture, and encouraging acceptance of personal accountability for safety among all individuals;

Establishing and communicating a clear vision for safety, which is elaborated through a safety policy, strategy, plans and objectives, whereby safety is paramount;

Ensuring that responsibilities and accountabilities are in line with policies, strategies and objectives, to ensure that safety requirements and safety goals are met and to guide decision making at all levels;

Effectively communicating the regulatory body’s vision, strategy, plans and objectives;

Encouraging the involvement of all individuals in the regulatory body in the implementation and continuous improvement of the regulatory body’s vision, strategy, plans and objectives;

Developing and maintaining leadership capabilities at all levels in the regulatory body, including capabilities for competence management, change management and crisis management⁷;

Encouraging open communication and seeking feedback on how effective leadership in the regulatory body is in ensuring and improving safety, and taking action, as necessary;

Supporting and encouraging staff to focus on safety and including them in the regulatory decision making process;

Demonstrating a commitment to continuous improvement of the integrated management system by actively seeking and assessing information on performance within their area of responsibility, and sharing this information within the regulatory body in an open and transparent manner;

Fostering and encouraging the involvement of all individuals in the regulatory body in the implementation and continuous improvement of the integrated management system and encouraging a readiness to challenge acts or conditions that are inconsistent with the values of the regulatory body;

Identifying and removing pressures and conflicts that inhibit the discharge of responsibilities and functions;

Involvement in the resolution of difficult issues, including differences in professional opinion;

Creating a working environment that allows staff to feel responsible for their work and develop their competences, for example by assigning them challenging tasks and coaching them adequately in case of difficulties;

Ensuring timely and effective communication with interested parties.

Safety is a clearly recognized value.

Leadership for safety is clear.

Accountability for safety is clear.

Safety is integrated into all activities.

Safety is learning driven.

Individual and collective commitment to safety;

Acceptance by individuals of personal accountability for their attitudes and conduct with regard to safety;

An open attitude that encourages trust, collaboration and free communication, and that values the reporting of problems;

The prompt acknowledgement of and feedback regarding identified problems and suggestions for improvement;

Continuously seeking to develop and improve safety and the safety culture;

Encouraging a questioning and learning attitude and discouraging complacency at all levels in the regulatory body with regard to safety;

A common understanding of the key aspects of safety and safety culture within the regulatory body;

An awareness of the potential consequences of regulatory activities, including risks and hazards associated with them;

Ensuring that all factors that might impact safety are taken into account in the regulatory decision making process and other regulatory activities.

Should establish or adopt regulations and guides that are sufficient in scope to cover all types of facilities and activities within the scope of its responsibilities;

Should ensure that those responsible for facilities and activities are made aware of their prime responsibility for safety;

Should verify and assess safety in compliance with regulatory requirements through an effective system of authorization, review and assessment, inspection and enforcement.

Should establish policies and standards against which it can be judged by the government and other interested parties in an open and transparent manner;

Should be able to justify and explain its judgements and decisions;

Should incorporate a formal appeals process into the framework for safety;

Should establish an effective mechanism for interactions with interested parties.

The collective experience of the staff of the regulatory body;

Technical expertise;

Lessons learned from regulatory practices, for example, techniques of assessment and inspection;

Feedback from interested parties;

Feedback of experience from other authorities and national and international bodies;

Operating experience in authorized facilities and activities in the State and in other States.

Questionnaires, interviews and discussions, and reports (special attention should be paid to the transfer of knowledge when experienced staff leave or retire from the regulatory body);

Databases, libraries, ‘knowledge portals’ and archives.

Offices, including furniture, equipment and supplies;

Computer and communications equipment, including software and network systems;

Arrangements for conventional emergencies;

Personal protective equipment;

Radiation monitoring and dosimetry equipment;

Laboratory facilities;

Record-keeping systems;

Support facilities;

Means of transport.

Identifying relevant interested parties and the legal requirements relevant to informing and consulting interested parties;

Clarifying the needs and expectations of interested parties and ensuring that these are recognized and understood;

Evaluating these needs and expectations and determining an appropriate and balanced response;

Deciding on a communication strategy that sets out the methods and frequency of informing, involving and consulting each party, as appropriate, including keeping relevant parties informed of possible radiation risks associated with facilities and activities;

Communicating the response to relevant parties;

Using feedback to inform regulatory policy, strategies, plans and other decisions;

Periodically assessing the satisfaction of interested parties to determine whether their needs are being met.

Have sufficient and appropriate scope commensurate with the radiation risks associated with the facilities and activities, in accordance with a graded approach;

Are consistent and clear;

Are kept up to date;

Are developed in consultation with interested parties.

Verify that on-site emergency arrangements are in place;

Verify that coordination with off-site response organizations is in place;

Establish and maintain its internal arrangements for emergency preparedness and response;

Discharge its assigned responsibilities in emergency response.

Administrative functions supporting the routine operations of the regulatory body (e.g. finance, management of documents and records, purchasing and control of equipment);

Technical functions directly relating to the effective implementation and fulfilment of the core regulatory functions (e.g. legal support, research and development, the functions of advisory committees, external expert support, liaison with other governmental organizations, international cooperation and assistance).

General administration, such as internal planning, maintenance of buildings and equipment, operation of communication systems and physical security of the premises;

Management of human resources, which covers recruitment and training, internal communication, arrangements for medical care, security of staff and travel arrangements;

Financial administration, including procurement, contracting, accounting, salaries and invoicing;

Management of documentation and records, including the preparation, storage, retrieval, access control, reproduction and distribution of documents including legal instruments (e.g. authorizations or permits);

Computer and/or data administration, ensuring adequate computing capability for technical use (data handling, analytical computing) as well as general uses of information technology and computer security;

Knowledge management and library services, including access to specialized publications.

The development of basic legislation;

The development of regulations and review for compatibility with other relevant laws and regulations;

Assisting in the development of the internal administrative procedures of the regulatory body;

Providing legal advice in the authorization process;

Providing legal advice on proposed enforcement actions;

Representing the regulatory body in the event of enforcement activities involving formal legal processes;

Assisting regulatory body staff in responding to requests for public information.

How the regulatory body performs its regulatory responsibilities and functions;

The adequacy of its regulations, implementing guides and procedures;

Authorization by the regulatory body for facilities and activities;

Enforcement actions;

Existing and proposed safety standards, and technical and policy issues relating to the authorization of facilities and activities;

Other matters deemed relevant by the regulatory body (e.g. contracts, matters involving cooperation with other organizations).

Confirm existing knowledge on specific technical matters;

Identify any technical safety issues and resolutions;

Improve existing scientific and technical knowledge and safety assessment methods;

Develop technical and scientific bases to support new regulations and/or procedures of the regulatory body.

How effectively the regulatory body performs its regulatory responsibilities and functions;

The adequacy of its regulations and guides, and procedures for such regulations and guides;

Existing and proposed safety standards, and technical and policy issues relating to the authorization of facilities and activities;

Other matters referred to the committee by the regulatory body.

Environmental protection authorities;

Radioactive waste management authorities;

Authorities responsible for public liability issues;

Authorities responsible for nuclear security and/or the State system of accounting for and control of nuclear material;

Authorities for planning water resources and land use;

Authorities responsible for water and food safety;

Authorities responsible for public and occupational health and safety;

Fire protection authorities;

Transport authorities;

Law enforcement bodies;

Bodies with responsibility for conventional or industrial safety;

Other bodies with responsibilities for emergency preparedness and response;

Other bodies with responsibilities relating to the release of radioactive effluents.

International conventions that establish common obligations and mechanisms for ensuring protection and safety;

Codes of conduct that promote the adoption of good practices in the relevant facilities and activities;

The development of internationally agreed IAEA safety standards that promote the development and application of internationally harmonized safety requirements, guides and practices;

International peer reviews of the regulatory control and safety of facilities and activities, and mutual learning by participating States;

International and regional agreements and networking to enhance the ability of the regulatory body to fulfil its regulatory responsibilities and contribute to the global harmonization of safety standards;

Regular multilateral and bilateral cooperation with regulatory bodies in other States, relevant national and international organizations to enhance safety by means of harmonized approaches as well as to increase the quality and effectiveness of safety reviews and inspections by means of sharing of knowledge and feedback of experience (e.g. by the development of networks).

The size, number, type, nature and stage in the lifetime of existing facilities and activities;

Future plans (e.g. new installations and/or facilities, new technology and activities relating to new stages in the lifetime of facilities, such as decommissioning);

The national legal framework;

Other existing regulatory authorities;

Expectations of interested parties;

The availability of competences at a national level (e.g. educational institutions and technical support organizations, as applicable);

The availability of funding.

Managers develop and implement plans for their areas of responsibility that are aligned with the broader vision, values, policies, strategies, goals and plans of the regulatory body;

Managers communicate effectively with their staff to keep them informed about the regulatory body’s strategic plans and their contribution to delivering these;

Managers provide effective supervision and oversight as well as appropriate support for their staff.

Implementing the mission, strategy and plans;

Identifying and developing strategies and plans for their organizational units;

Allocating duties and responsibilities to staff in their organizational units;

Implementing, managing, monitoring and evaluating processes in accordance with the integrated management system;

Identifying the necessary resources for their organizational units;

Developing a motivating work environment for staff by giving them responsibilities for challenging tasks and supporting and coaching them in case they need assistance.

To ensure that the responsibilities assigned to the regulatory body are properly discharged;

To maintain and improve the performance of the regulatory body by means of the planning, control and supervision of its safety related activities;

To foster and support a safety culture in the regulatory body through the development and reinforcement of leadership as well as good attitudes and behaviour in relation to safety on the part of individuals and teams.”

Requirements for safety;

Requirements for nuclear security; — Legal requirements;

Quality requirements;

Environmental requirements;

Health and industrial safety requirements;

Economic requirements;

Human performance requirements;

Requirements relating to societal expectations and the expectations of interested parties.

That regulatory functions are carried out in an effective and efficient manner;

That regulatory responsibilities are adequately discharged;

The consistency and predictability of regulatory actions;

Continuous improvement;

That a strong safety culture is fostered, including the promotion of an open and questioning attitude.

The development phase: Identifying and defining the processes necessary for the regulatory body to discharge its responsibilities and detailed documenting of the content of each individual process in the context of the overall structure;

The implementation phase: Implementing the processes in a planned and systematic way across the regulatory body;

The maintenance phase: Ensuring that processes continue to be reliably applied and improved across the regulatory body.

The development of regulations and guides;

Notification and authorization;

The review and assessment of facilities and activities;

The inspection of facilities and activities;

The enforcement of regulatory requirements;

Communication and consultation with interested parties;

Emergency preparedness and response.

Management processes: Concerned with the governance and management of the regulatory body, strategic planning, the provision of resources, competence management, and evaluation and audit (see Appendix II for descriptions of generic administrative processes);

Core processes: Derived from the core functions, which relate directly to the discharge of regulatory responsibilities such as notification and authorization, review and assessment of facilities and activities, inspection and enforcement, and emergency preparedness and response (for more details on the core functions see GSG-13 [4]);

Support processes: Supporting the functioning of the regulatory body, such as human resource management, financial management, purchasing, information technology and document control.

The identification of all staff involved in the process.

Communication of the principles of an integrated management system, and the process and dissemination of the associated documentation.

Training, briefings and workshops, where the process introduces new practices. A graded approach should be adopted commensurate with the importance and complexity of the process.

Coaching and supervision for correct application of the process.

Follow-up inspections and audits to identify and correct any early signs of difficulties with implementation.

Motivating high standards of personal performance;

Sustaining a strong safety culture;

Learning from experience, and improving performance and the integrated management system;

Holding those with responsibilities accountable for their performance;

Demonstrating to interested parties the efficiency and effectiveness of the regulatory body and the achievement of the regulatory mandate.

Changes in the national nuclear power programme, or in other facilities and activities;

Changes relating to nuclear commercial developments;

New legislation and industrial standards;

Technological advances and lessons from research;

Lessons from worldwide operating experience;

Economic, societal and ecological trends;

The experience and perceptions of interested parties, including authorized parties, and their views on regulatory performance.

Identify and correct weaknesses that hinder the achievement of the regulatory body’s objectives;

Enhance the safety culture and the effectiveness of processes and activities;

Assess present performance against good practices to identify opportunities for improvement;

Identify good practices and strengths in order to improve the integrated management system.

Group discussions and brainstorming sessions;

Coaching and observations;

Collection and analysis (e.g. for identification of trends) of performance data;

Benchmarking processes and activities across different parts of the regulatory body or with other organizations, such as other regulatory bodies;

Comparison with international standards, such as the IAEA safety standards.

Reviews of non-conformances to establish trends and any common problems;

Reviews of suggestions for improvements and of difficulties with implementation to identify problems with processes and/or inconsistent implementation across parts of the organization;

Sampling process documents, records and products to confirm proper implementation and that process criteria are being met;

Structured interviews with staff about the implementation of processes and procedures.

Outputs from different forms of assessment, including self-assessments of senior management itself;

Results delivered and objectives achieved by the regulatory body and its processes and activities;

Non-conformances and the progress and effectiveness of corrective and preventive actions;

Feedback from operating experience, including lessons learned and good practices from other organizations;

Opportunities for improvement.

The fulfilment of the regulatory mandate and the vision, mission, policies, strategies, plans and objectives of the regulatory body;

Governance, leadership, management and organizational culture of the regulatory body;

The adequacy of resources provided to meet requirements, policies, strategies, plans and objectives;

The effectiveness of regulatory activity in ensuring the safe operation of facilities and conduct of activities by authorized parties.

Changing processes or the organizational structure;

Retraining and requalifying individuals;

Improving the organizational culture of the regulatory body;

Changing or modifying documents;

Improving the integrated management system;

Enforcing requirements for documentation;

Issuing new documents.

At the working level within a process, by those directly involved in daily activities;

At the level of management processes, under the supervision of the process owners;

At the organizational level, through organizational improvement projects under the supervision of senior management.

An overview of the integrated management system and a description of how it complies with the requirements imposed on the regulatory body;

The mission and values of the regulatory body;

The expectations of senior management;

Policy and strategy statements and plans of the regulatory body;

A description of the structure of the regulatory body, including a description of the responsibilities, accountabilities, levels of authority and interactions of those leading and managing the organization and managing, performing and assessing work;

A description of the regulatory body’s decision making process;

A description of the processes and procedures, as well as supporting information that explains when, how and by whom work is to be prepared, reviewed, carried out, recorded, assessed and improved;

A structured overview (a ‘process map’) of all processes that illustrates the integrated management system as a whole and the interrelation and interactions of the processes;

A description of the interfaces with interested parties and external organizations.

The purpose, scope and objectives of the process;

The process owner;

The organizational units and individuals who use the process;

The sequence of steps, activities and decision points within the process;

The interfaces with other processes, to explain how the process fits into the integrated management system and its significance for the regulatory activity;

The inputs to the process, including the necessary information, in accordance with an evidence based approach to regulation;

The outputs from the process and records that should be retained;

Performance criteria for measuring the consistency, effectiveness and efficiency of the process;

The resources necessary and the responsibilities for maintaining the process (the process owner), and the competence requirements of those performing and managing the process;

Mechanisms for obtaining feedback on the effectiveness of the integrated management system.

Should be as objective as possible in discharging their responsibilities;

Should be open to receiving information and opinions from others, and regulatory positions and decisions should demonstrate transparency and clarity;

Should not engage in, or hold any kind of interest in, activities that may represent a conflict of interest with the performance of regulatory functions;

Should be open but also formal and professional in their interactions with authorized parties and should, at all times, maintain their integrity and independence.

Analysis of competence needs:

• Task analysis leading to determination of the necessary competences;

• Analysis of existing competences within the regulatory body;

• Gap analysis (personal performance review and assessment).

Prioritization of competence needs and filling competence gaps:

• Recruitment and human resources planning;

• Staff training and development;

• Management of external expert support.

Knowledge capture and management.

Reviews and audits of competence management and feedback.

Experience of the activities being regulated;

Experience of regulatory enforcement;

Knowledge of the regulatory framework;

Knowledge of the procedures for producing regulations and guides;

Legal expertise and knowledge of the legal basis for regulations.

Documented competence requirements for each task and profile;

Job descriptions;

Individual competence development plans and performance reviews;

Records of competences possessed by individuals;

Staff certification;

Records of training provided and training activities;

Outsourcing and external expert support;

Recruitment procedures and records;

Records of reallocation of individuals within the organization.

Effectiveness of training and development;

Delivered training;

Individual performance;

Recruitment, reorganization and outsourcing;

Reviews and audits.

A training policy;

Budgetary provisions for training;

Processes (as part of the integrated management system) to establish training and development programmes that take into consideration the gaps that exist between the existing and required competences.

Unexpected applications or demands combined with a lack of internal resources (number of specialists or specific competences);

A need to build up specific internal competences;

A specific project for which special additional competences are needed;

A need for a second opinion;

Permanent outsourcing of certain activities (e.g. complex, specialized or infrequent activities).

Advisory bodies. Many governments and regulatory bodies appoint external experts in the form of an advisory committee to give advice on overall regulatory approaches and policies.

Expert panels. A regulatory body may appoint external experts to a panel to give advice on technical and/or policy issues.

Dedicated technical support organizations. Some States have established arrangements for particular independent organizations to dedicate part of their resources to assisting the regulatory body. Such organizations are separate from the regulatory body and undertake to maintain a proven capability and provide support, as necessary.

Government laboratories or research centres, to conduct experimental investigations, analysis or verification.

Legal organizations, to review legal documents and assist in legal enforcement actions.

Other governmental organizations.

International and regional organizations.

Regulatory bodies of other States, which can be particularly useful when designs or regulatory procedures utilized in one State are considered in another.

Standards organizations, quality assurance organizations and professional bodies.

Engineering or service organizations, which provide services in technical, engineering and scientific fields.

Certified testing and analytical services, to conduct environmental, workplace or individual monitoring.

Academic institutions, to provide advice on a range of scientific, technical and engineering issues.

Individual experts, including recent retirees from the regulatory body, who can be useful sources of advice.

Financial organizations, to provide advice on matters such as the financial status of an applicant, the appropriateness of investments of decommissioning funds or potential financial conflicts of interest.

The external expert’s processes and systems should meet the standard of, and be compatible with, those of the regulatory body.

Providers of external expert support should be able to demonstrate technical competence to the standards specified by the regulatory body.

There should be no actual conflicts of interest. In case of a potential or perceived conflict of interest, the situation should be discussed with all involved parties and managed.

Providers of external expert support should be able to conduct their work within the time frame specified by the regulatory body, which should be commensurate with the scope of the work.

Providers of external expert support should be able to prepare and deliver specific documentation as required containing its formal advice and rationale.

The documentation provided should be accurate and relevant and should be sufficient to allow the regulatory body to judge the quality of the work.

When the use of advice from experts in other States is considered, the regulatory body should be aware that the use of translation services in a highly specialized technical area could lead to misunderstandings.

Fully understand the need for an external expert’s services and the context in which the work is performed;

Know what is required and how the work will be used;

Specify the objective, scope and requirements of the work so that the product meets the needs;

Set the time frame for delivery of the work and divide work into key stages or milestones, if appropriate;

Provide any information that could be useful to the external expert;

Understand the expected outcome;

Not inappropriately influence the outcome of the work or the advice from the external expert, or allow any other body to do so, to ensure that the external expert advice reflects unbiased technical opinion;

Supervise the work in accordance with the regulatory body’s procedures and technically review it when necessary;

Ensure regular interaction with the provider of external expert support and facilitate interaction with other parties when necessary.

Verifying that the provider of external expert support has mechanisms in place such as a code of ethics and an organizational structure that promotes a strong safety culture and detects and avoids conflicts of interest.

Verifying that the organizational structure of the provider of external expert support and its internal procedures provide functional and personal separation to ensure effective independence between units carrying out work for the regulatory body and units carrying out similar work for authorized parties or other organizations. The links between such units should be carefully monitored.

When a financial tie (e.g. through a stockholder or through funding) exists between an external expert or organization and the nuclear industry (e.g. a licensee, a designer or a vendor);

When the external expert or organization is part of, or is closely linked to, an organization that has been assigned responsibilities in relation to the promotion of nuclear technologies;

When there may be a conflict of national interest or commercial interest;

When the external expert or organization is providing support on the same or closely related issues to potential licensees, designers or vendors in the State or in other States;

When the external expert or organization is involved in research and development activities in collaboration with other interested parties.

The existence of a strategy for training the provider’s own staff and implementing this training in its technical field of competence;

Involvement in an ongoing up to date research and development programme in its field of competence;

Development of technical tools and equipment (including software and key scientific developments);

Access to operating experience information from authorized parties;

Technical cooperation with other similar bodies;

Experience gained in performing safety related tasks in the State and in other States;

Bilateral cooperation with the regulatory body, covering areas such as exchange of experience, sharing of skills and organization of activities relating to familiarization with operating procedures and with the documentation of authorized parties;

International activities aimed at research analyses, participation in international activities relating to safety and other areas of cooperation;

Results from self-assessments and assessments by a national body or international peer reviews.

How to prepare documents;

How to review documents and confirm their acceptability;

How documents at different levels are to be subject to approval;

How to issue and distribute documents;

How to control any temporary documents;

How documents are to be modified or changed;

How to suspend or cancel documents;

How to control documents from sources outside the regulatory body;

How to archive documents.

Review and assessment reports;

Inspection and audit reports;

Regulations, policies and guides;

Authorizations (including draft authorizations);

Certificates of approval (e.g. for transport, operating personnel or regulatory body staff);

Enforcement action (e.g. notices, directions, orders and reports);

Documentation of the integrated management system;

Plans (e.g. plans for strategic regulatory activities and training);

Communications with interested parties (e.g. annual reports, financial reports, seminars, decision letters, requests for information, research and development reports, and contributions to international and national cooperation);

Public information (e.g. press releases, web sites and material for conferences);

Regulatory recommendations in support of decision making;

Internal communications to staff;

Results of analyses of operating experience and external events.

Are categorized;

Are registered upon receipt;

Are readily retrievable;

Are indexed and placed in their proper locations in the files of the record facility with the retention times clearly specified;

Are stored in a controlled and safe environment;

Are stored in appropriate storage media;

Remain unchanged under normal circumstances.

Principles of nuclear, radiation, waste and transport safety;

Radiation and industrial safety;

Relevant legislation;

Human and organizational factors;

Safety culture;

Site characterization;

Design, operation and maintenance of facilities and systems, including instrumentation and control, and surveillance methods;

Accident analysis;

Emergency preparedness and response;

Safety assessment;

Decommissioning of facilities;

Radioactive waste management, including disposal;

Quality assurance and organizational matters;

Nuclear security.

Physics;

Nuclear engineering;

Systems engineering;

Electrical engineering;

Mechanical engineering;

Civil engineering;

Radiation protection;

Chemistry;

Biology;

Behavioural sciences;

Ergonomics;

Medicine;

Geology;

Law;

Communication;

Administration.

Links between legislative aspects and implementation of regulatory functions;

Regulatory policy and its objectives;

Regulations and use of regulatory guides;

Authorization stages and procedures, including the purpose and content of supporting documentation;

Internal guidance and procedures of the regulatory body;

Methods of review and assessment;

Inspection techniques;

Enforcement procedures.

Regulatory control;

Review and assessment skills;

Inspection skills;

Job specific training;

On the job training.

Oral communication;

Effective writing;

Interviewing;

Negotiation;

Leadership;

Project management;

Teamwork;

Decision making;

Dispute resolution;

Languages;

Use of computers;

Public information.

Refresher training;

Further personal development.

Level 1: An overview of how the regulatory body and its integrated management system are designed to meet its policies and objectives.

Level 2: A description of the processes to be implemented to achieve the policies and objectives and the specification of which organizational unit is to carry them out.

Level 3: Detailed instructions and guidance that enable the processes to be carried out and specification of the individual or unit that is to perform the work.

The vision, mission and goals of the regulatory body;

Policy statements of the regulatory body;

Organizational structure;

Levels of authority and responsibilities and accountabilities of senior management and organizational units;

Structure of the integrated management system documentation;

An overview of the regulatory body’s processes;

Responsibilities of owners of the processes;

Arrangements for measuring and assessing the effectiveness of the integrated management system.

Purpose: Why the document exists. The specific objectives of the document should be stated clearly and concisely.

Scope: The actions that are addressed by the document and who is supposed to use it. The type of work and situations to which the document applies should be defined. The boundaries of application of the document should be stated.

Responsibilities: Who is responsible for the document (the process owner).

Details: How the work is to be conducted. This information may take the form of a flow chart or process map describing the sequence of actions necessary to accomplish the work. The text should be simple and direct. Approved numbering and nomenclature for job titles and documents should be used. The details section of a document should describe what is to be done, typically by providing the following information:

• Planning and scheduling considerations, to ensure that work is dealt with safely, systematically and efficiently;

• Administrative and technical information;

• Work steps and actions to be carried out;

• Responsibilities and authorities;

• Interfaces;

• Lines of communication both within and outside the regulatory body;

• Any cross-references between the document and other documents, including working documents at level 3.

Any cross-references between the document and other documents, including working documents at level 3.

Definitions and abbreviations: The words or acronyms that are used in the document that might not be commonly understood. Such terms and any jargon that may cause confusion should be defined and clearly explained.

References: Other documents that may be of use to those who have to use the document. The specifications, standards or other documents that are cited in the text, and which may provide additional information to users, should be listed. If documents are referenced in part, the page and paragraph numbers should be stated.

Records: The records that are necessary to conduct the work and the records that need to be retained after the work has been completed. The records that are necessary to demonstrate that the tasks specified in the document have been accomplished should be identified.

Appendices (where applicable), if additional information is necessary.

EUROPEAN ATOMIC ENERGY COMMUNITY, FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR ORGANIZATION, INTERNATIONAL MARITIME ORGANIZATION, OECD NUCLEAR ENERGY AGENCY, PAN AMERICAN HEALTH ORGANIZATION, UNITED NATIONS ENVIRONMENT PROGRAMME, WORLD HEALTH ORGANIZATION, Fundamental Safety Principles, IAEA Safety Standards Series No. SF-1, IAEA, Vienna (2006).

INTERNATIONAL ATOMIC ENERGY AGENCY, Governmental, Legal and Regulatory Framework for Safety, IAEA Safety Standards Series No. GSR Part 1 (Rev. 1), IAEA, Vienna (2016).

EUROPEAN COMMISSION, FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR ORGANIZATION, OECD NUCLEAR ENERGY AGENCY, PAN AMERICAN HEALTH ORGANIZATION, UNITED NATIONS ENVIRONMENT PROGRAMME, WORLD HEALTH ORGANIZATION, Radiation Protection and Safety of Radiation Sources: International Basic Safety Standards, IAEA Safety Standards Series No. GSR Part 3, IAEA, Vienna (2014).

INTERNATIONAL ATOMIC ENERGY AGENCY, Functions and Processes of the Regulatory Body for Safety, IAEA Safety Standards Series No. GSG-13, IAEA, Vienna (2018).

FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL CIVIL AVIATION ORGANIZATION, INTERNATIONAL LABOUR ORGANIZATION, INTERNATIONAL MARITIME ORGANIZATION, INTERPOL, OECD NUCLEAR ENERGY AGENCY, PAN AMERICAN HEALTH ORGANIZATION, PREPARATORY COMMISSION FOR THE COMPREHENSIVE NUCLEAR-TEST-BAN TREATY ORGANIZATION, UNITED NATIONS ENVIRONMENT PROGRAMME, UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS, WORLD HEALTH ORGANIZATION, WORLD METEOROLOGICAL ORGANIZATION, Preparedness and Response for a Nuclear or Radiological Emergency, IAEA Safety Standards Series No. GSR Part 7, IAEA, Vienna (2015).

INTERNATIONAL ATOMIC ENERGY AGENCY, Establishing the Safety Infrastructure for a Nuclear Power Programme, IAEA Safety Standards Series No. SSG-16, IAEA, Vienna (2012). (A revision of this publication is in preparation.)

INTERNATIONAL ATOMIC ENERGY AGENCY, IAEA Safety Glossary: Terminology Used in Nuclear Safety and Radiation Protection, 2018 Edition, IAEA, Vienna (in preparation).

INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/ Revision 5), IAEA Nuclear Security Series No. 13, IAEA, Vienna (2011).

INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Radioactive Material and Associated Facilities, IAEA Nuclear Security Series No. 14, IAEA, Vienna (2011).

INTERNATIONAL ATOMIC ENERGY AGENCY, Leadership and Management for Safety, IAEA Safety Standards Series No. GSR Part 2, IAEA, Vienna (2016).

Convention on Nuclear Safety, INFCIRC/449, IAEA, Vienna (1994).

INTERNATIONAL ATOMIC ENERGY AGENCY, Joint Convention on the Safety of Spent Fuel Management and on the Safety of Radioactive Waste Management, IAEA International Law Series No. 1, IAEA, Vienna (2006).

INTERNATIONAL ATOMIC ENERGY AGENCY, Code of Conduct on the Safety of Research Reactors, IAEA, Vienna (2006).

INTERNATIONAL ATOMIC ENERGY AGENCY, Code of Conduct on the Safety and Security of Radioactive Sources, IAEA, Vienna (2004).

INTERNATIONAL ATOMIC ENERGY AGENCY, Communication and Consultation with Interested Parties by the Regulatory Body, IAEA Safety Standards Series No. GSG-6, Vienna (2017).

INTERNATIONAL ATOMIC ENERGY AGENCY, Managing Regulatory Body Competence, Safety Reports Series No. 79, IAEA, Vienna (2013)

Review and analysis of relevant information requirements and lessons learned;

Development of policy options based on evidence and involvement of relevant experts;

Consultation with regulatory body staff and interested parties;

Impact and cost–benefit assessment of proposals;

Refinement of proposals into new policies;

Development of specific proposals for approval by senior management, including implementation plans.

Establish the scope of the process.

Prepare and map the process.

Identify the purpose, roles and responsibilities, process description, inputs, outputs, records, key interfaces, and resource implications (e.g. IT tools, and competence and training requirements).

Specify control points and performance indicators.

Identify references.

Document the process, which may include:

Validate the process (desktop review).

Approve the process.

Procedures;

Work instructions;

Criteria and guides (e.g. a writing guide);

Standard forms, templates and checklists.

Plan the implementation;

Deploy the process;

Verify initial performance of the process and identify and implement corrective actions, as necessary.

Execute the process;

Review performance and assessment results;

Address any identified process improvement opportunities;

Modify the process, as necessary.

Review and approve documents and records;

Manage and retain documents and records (interface with the information management process).

Identify accountabilities and reporting responsibilities at each level of the regulatory body.

Identify frequencies of monitoring, review and reporting at each level of the regulatory body.

Identify performance objectives, criteria and key performance indicators that can be used to demonstrate effectiveness, efficiency, and ‘process health’. Process health includes such things as: throughput time for each process; resources allocated and used by each process; backlogs and delays in processes; consistency of application of a process, for example timeliness specifications are met; standards for assessing the consistent application of judgement and discretion within a process; and numbers, nature and trends of non-conformances.

Analyse and synthesize information to identify key issues and significant aspects relating to the performance objectives and criteria. Present the right information, in the right way at the right time and in the right place for evaluation.

Compare information with performance objectives and criteria to determine the performance gap.

Decide what to do to address the performance gap, including initiating further studies or analyses (e.g. root cause analysis) to understand the reasons for the gap and identifying appropriate, prioritized corrective actions and adjustments.

Plan and implement corrective actions, including adjustments to strategy, programme and plans.

Senior management takes the lead, supported by advisers.

Link the external demands and expectations of interested parties with the internal operations of the regulatory body.

Clarify which responsibilities, powers and decisions are reserved for senior management, and which are delegated to others.

Set out the cycle of activities by which senior management plans, monitors and reviews:

Identify the information needs relevant to each activity, commensurate with the significance of the topic or issue in scope.

For each activity (or event or meeting):

The relevance of the vision, mission and values (typically every 3–5 years);

The effectiveness of the strategy, policy, plans and performance;

The effectiveness of the structure of the regulatory body (typically annually);

The implementation of programmes and plans and supervision of the activities of management (typically several times within a year, e.g. monthly or quarterly).

Collect relevant information and provide to participants in advance of the meeting, event or activity.

Ensure adequate:

After each meeting, event, or activity, provide appropriate notes, records or reports and communicate these to interested parties.

Consideration of information relative to its significance;

Discussion and debate;

Consideration of options where appropriate;

Clear decisions and actions, which can be implemented.

Analyse and document relevant regulatory challenges for the coming multi-year period;

Establish priorities using a graded approach;

Assess available resources;

Draft the strategic plan with objectives, outcomes, resources and timelines.

Extract relevant information from the strategic plan;

Draft detailed work plans identifying:

The scope;

Objectives;

Key interfaces;

The various tasks involved and who is responsible for these tasks;

The work schedule, resources and competences needed;

Regulatory requirements associated with the work;

Work controls;

Expected deliverables.

Identify changes that may impact performance;

Assess or filter changes to identify those changes with significant potential impact;

Graded systematic assessment of change and potential impact on strategy, policy, structure, capability and competence of staff and processes;

Impact or cost–benefit assessment of change;

In consultation with relevant interested parties, develop a proportionate and progressive change plan that includes milestones and controls to exploit opportunities and to minimize the risks of change, and that is aligned with other plans;

Develop a monitoring scheme and success criteria for the implementation of the change plan and the review of its effectiveness;

Obtain agreement on the change plan at the appropriate management level.

Analyse and determine the need for new or updated regulations or guides, and their scope.

Establish a project to develop the regulations or guides.

Review relevant international safety standards and industrial standards.

Draft new regulations or guides.

Review the draft within the regulatory body, including an expert legal review.

Consult with interested parties, including the public.

Consult with advisory committees, as appropriate.

Revise the draft to take due account of any comments received, and conduct final legal review.

Formally decide to adopt the regulations or guides.

Publish and implement a strategy for communicating this to all relevant parties.

Provide a means of disseminating and distributing copies of the regulations and guides.

Inform and train staff on the new regulations or guides

Extract relevant information from all inputs;

Verify completeness of notification or of the application for authorization;

Require applicant for authorization to submit a safety assessment commensurate with the risk;

Require applicant for authorization to submit additional safety related information, if necessary;

Conduct review and assessment to support the authorization process;

Conduct verification activities (e.g. on-site inspection), as appropriate;

Make a decision on the application for authorization, specifying any necessary limits and conditions and controls on the authorized party’s subsequent activities;

Formally record and document the decision and basis for decision, as appropriate;

Issue an authorization or refusal.

Extract relevant information from inputs.

Establish a review and assessment plan. Identify key issues and tasks, milestones and assigned resources (both internal and external).

Conduct review and assessment activities.

Collect and integrate assessment results¹, and request additional information if necessary.

Document the conduct of the review and assessment and the results.

Propose authorization conditions.

Provide feedback to the authorization process.

Extract relevant information from inputs.

Establish a review and assessment plan. Identify key issues and tasks, milestones and assigned resources (both internal and external).

Request additional technical and other documents, if necessary.

Conduct review and assessment activities.

Document the conduct of the review and assessment and the results.

Provide feedback information for other regulatory processes.

Identify key aspects (see GSR Part 1 (Rev. 1) [A–2]) to be included in the baseline inspection programme, as appropriate to the type of facility and activity.

Identify priorities and safety significant targets for the programme.

Allocate inspection resources across facilities and activities in proportion to the relative risk posed by each, taking into account safety performance, results of regulatory inspections, and the number and nature of outstanding issues.

Make provisions for reactive inspections.

Prepare inspection plan for different types of facility and activity, including objectives and outcomes, number and type of inspections, method(s), resources, and schedules and timetables.

Prepare plans for individual inspections, including objectives, resources, sets of questions, method of conducting inspection and collecting data, identification of non-compliances, preparation of the inspection report and communication of the report to the authorized party. Individual inspections can be either announced or unannounced.

Record findings and follow-up.

Assess unplanned situations or incidents against relevant inspection selection criteria and decide if a reactive inspection is necessary.

For each reactive inspection, select objectives consistent with the nature and significance of the incident or event.

Within the context of the overall inspection plan for the facility or activity and licensee performance, assign resources, prepare sets of questions, verify access arrangements and analyse relevant documents.

Conduct inspection and data collection, prepare the inspection report and communicate to the authorized party.

Record findings and follow-up.

Assess the significance of a non-compliance by considering the following criteria:

Select the appropriate enforcement action(s), which may include one or more of: recorded verbal notification, written notification, imposition of additional regulatory requirements and conditions, written warnings, penalties and, ultimately, revocation of the authorization.

Apply enforcement using an associated procedure for the selected enforcement action and with clear documentation of the facts, findings and the basis for the enforcement action.

Confirm that the authorized party has effectively implemented any necessary corrective actions. If necessary, consider further enforcement action

The number (or recurrence) of non-compliances;

The (actual or potential) safety consequences;

The severity of the non-compliance, and the degree to which it was intentional;

The impact on risk intervals in risk monitors or the increase in conditional risk, and acceptance criteria, if applicable.

Analyse national requirements and arrangements to be made for emergency preparedness and response by the regulatory body.

Develop the necessary arrangements identified in the analysis (for example by developing procedures, supplying tools and equipment, and assigning facilities).

Identify the necessary staff knowledge and skills to effectively discharge the regulatory body’s functions in emergency preparedness and response.

Develop and implement suitable staff training and exercise programmes that take into account the needs of authorized parties and other relevant interested parties, as well as national and international requirements.

Evaluate the effectiveness of training and exercise programmes.

Provide feedback to staff involved in planning and response.

Review and revise the emergency arrangements, periodically and also when significant changes are made to any process inputs.

Develop a communication and consultation plan, including the strategies and methods for communicating regulatory activities, judgements and decisions to interested parties, including the public.

Develop information material on radiation risks and on requirements to protect the public that is understandable to the general public.

Identify regulatory requirements, judgements, decisions and processes to be communicated to the public.

Identify information on incidents in facilities and activities to be communicated to interested parties.

Analyse and select the most efficient means to reach and interact with the public. Examples include printed information material, web sites, exhibitions, meetings with interested parties, visits to schools and local organizations.

Periodically review and update outreach material

Identify the research needs;

Conduct a literature search;

Contact institutions (e.g. scientific or regulatory institutions, universities, the IAEA) for additional information;

Specify the research to be done;

Specify the acceptance/success criteria;

Start the purchasing process;

Monitor project delivery;

Evaluate quality of deliverables and check against original specifications;

If necessary, start iterations with the support organization;

When deliverables are acceptable, conclude the purchasing process;

Document the outcomes, review the process and look for improvements.

Identify the required external expert support (in terms of objectives, scope, timeline and milestones);

Develop the specifications;

Identify possible support organizations;

Start the purchasing process;

Monitor project delivery;

Evaluate quality of deliverables and check against original specifications;

If necessary, start iterations with the support organization;

When deliverables are acceptable, conclude the purchasing process;

Document the outcomes, review the process and look for improvements.

Identify the subject areas on which cooperation is required;

Identify the institutions, organizations or States that may contribute to the subject;

Contact the corresponding institution, organization or State;

Define the form of contact and collaboration;

Obtain an agreement with the institution, organization or State;

Identify the responsible staff to contact the institution, organization or State;

Develop a collaboration plan;

If necessary, start the purchasing process;

Start the cooperation;

Regularly check the effectiveness of the collaboration and the need for continuing the collaboration.

Periodically evaluate the regulatory body’s staffing needs.

Apply subprocesses such as:

Recruitment;

Induction of new staff (education and training);

Staff development (including appraisals, continuous professional development and refresher training);

Staff departures and retirement.

Planning;

Finance;

Knowledge management (staff departures and retirement);

Training and competence management;

External expert support.

Periodically identify the regulatory body’s information needs;

Periodically review the existing knowledge base;

Identify needs for update of information;

Compare with existing knowledge base and identify gaps;

Identify and access internal and external sources of information and capture the necessary information to fill the gaps (essential for retirements and departures);

Convert information to knowledge of use to the regulatory body:

Store the information adequately and safely;

Ensure easy retrieval;

Inform the concerned individuals about changes and updates.

Compare input data with existing documentation.

Regularly identify important activities (processes) performed by the regulatory body that are not documented yet (in the form of process descriptions, procedures and forms).

Regularly identify needs for modifications in documents (caused by e.g. changes in legislation, organization and changed modes of collaboration).

Use a subprocess for drafting or modifying documents:

Regularly identify obsolete documents, take them out of circulation and archive them.

Collect necessary information;

Draft new or modified document using templates and writers’ guide;

Review of the draft (by different people), test user friendliness (may need iterations);

Approval of the draft by authorized people;

Inform the staff about changes in documentation (if necessary, do training);

Issue new document;

Distribute new document;

Archive old documents.

Define the necessary information to develop the product (as a subprocess of other processes: core functions and functions supporting core functions);

Screen the available information for relevance and completeness; if necessary, collect more information;

Perform the task (a core function or function supporting core functions);

Draft the regulatory product;

Perform an expert review of draft product;

Finalize the product;

Approval of the product by the relevant parts of the regulatory body.

Register all documents (incoming, outgoing, internally produced) according to the structure of the document management system.

Process documents based on relevant document and records classification.

Follow subprocess for registration and archiving:

Follow subprocess for retrieval.

Register and process all records;

Distribute copies of the records to concerned users;

Respect confidentiality and security rules;

Archive original record according the structure of the document management system.

Specify the required product or service.

Define acceptance criteria.

Identify appropriate potential providers.

Identify if cost of product or service is within the budget. If not, look for additional financial resources or redefine priorities.

Call for bids for the product or service (respect legal constraints).

Collect and evaluate the bids.

Select the supplier (respect legal constraints).

If necessary, create, sign and countersign the contract.

Commission the product or service.

After delivery, evaluate the delivered product or service, compare with specifications and acceptance criteria; if not acceptable, either iterate or take other appropriate actions.

If acceptable, authorize the payment and close the contract.

Periodically review the adequacy of measuring and test equipment;

If measuring and test equipment is outdated, look for adequate new equipment;

If needed, start purchasing process.

Periodically review the calibration of measuring and test equipment;

If calibration date is close, start calibration, respect the necessary criteria;

After successful calibration, note the calibration date and the date for next calibration on the measuring and test equipment;

Enter calibration date and the date for next calibration into database.

Main process: Periodically create the budget and provide the necessary financial resources;

Subprocesses: Financial control, bookkeeping