This regulatory document is part of the CNSC’s operating performance series of regulatory documents, which also covers commissioning, construction and severe accident management. The full list of regulatory document series is included at the end of this document and can also be found on the CNSC's Web site.
Nuclear power plants in Canada are subject to the CNSC’s ongoing regulatory oversight to ensure that the health, safety, security of Canadians and the environment are protected, and that Canada conforms to its international obligations regarding the peaceful use of nuclear energy.
To comply with the CNSC’s regulatory requirements and their own internal governance, nuclear power plant (NPP) licensees conduct regular reviews of their performance to ensure safety is maintained. Licensees have also performed integrated safety reviews (ISRs) to assess the safety of their operations, facilities and equipment, prior to either a reactor refurbishment or the granting of a life extension to an existing plant. Combined with annual reporting on safety performance, ISRs aim to identify the necessary improvements to assure the continued safe operation of an NPP.
Regulatory document REGDOC-2.3.3, Integrated Safety Reviews, sets out the CNSC’s requirements for the conduct of an ISR for an NPP. Following international practice, the CNSC is committed to introducing periodic ISRs for all NPPs. Guidance is also provided on how these requirements may be met. Conduct of an ISR will be a requirement for licence renewals. REGDOC-2.3.3 supersedes RD-360, Life Extension of Nuclear Power Plants, published in February 2008.
An ISR is a rigorous safety assessment that is complementary to – and does not replace – routine and non-routine regulatory reviews, inspections, mid-term reports, event reporting and investigations, or other CNSC compliance and verification activities.
The ISR involves an assessment of the current state of the plant and its performance to determine the extent to which it conforms to applicable regulatory requirements, and modern codes, standards and practices, and to identify any factors that would limit safe long-term operation. Operating experience in Canada and around the world, new knowledge from research and development activities, and advances in technology, are taken into account. This enables determination of reasonable and practical modifications that should be made to, structures, systems and components, and to existing programs, to ensure the safety of the facility to a level approaching that of modern nuclear power plants, and to ensure continued safe operation.
This document is intended to form part of the licensing basis for a regulated facility or activity within the scope of this document. It is intended for inclusion in licences, either as part of the conditions and safety and control measures in a licence, or as part of the safety and control measures to be described in a licence application and the documents needed to support that application.
Guidance contained in this document exists to inform the applicant, to elaborate further on requirements or to provide direction to licensees and applicants on how to meet requirements. It also provides more information about how CNSC staff evaluate specific problems or data during their review of licence applications. Licensees are expected to review and consider guidance; should they choose not to follow it, they should explain how their chosen alternate approach meets regulatory requirements.
For existing nuclear power plants, the requirements contained in this document do not apply unless they have been included, in whole or in part, in the licence or licensing basis.
An applicant or licensee may put forward a case to demonstrate that the intent of a requirement is addressed by other means and demonstrated with supportable evidence.
The requirements and guidance in this document are consistent with modern national and international practices addressing issues and elements that control and enhance nuclear safety. In particular, they establish a modern, risk-informed approach to the categorization of accidents – one that considers a full spectrum of possible events, including events of greatest consequence to the public.
Important note: Where referenced in a licence either directly or indirectly (such as through licensee-referenced documents), this document is part of the licensing basis for a regulated facility or activity.
The licensing basis sets the boundary conditions for acceptable performance at a regulated facility or activity and establishes the basis for the CNSC's compliance program for that regulated facility or activity.
Where this document is part of the licensing basis, the word "shall" is used to express a requirement, to be satisfied by the licensee or licence applicant. "Should" is used to express guidance or that which is advised. "May" is used to express an option or that which is advised or permissible within the limits of this regulatory document. "Can" is used to express possibility or capability.
Nothing contained in this document is to be construed as relieving any licensee from any other pertinent requirements. It is the licensee's responsibility to identify and comply with all applicable regulations and licence conditions.
REGDOC-2.3.3, Integrated Safety Reviews, sets out the CNSC’s requirements for the conduct of an integrated safety review (ISR). An ISR is a comprehensive evaluation of the design, condition and operation of a nuclear power plant (NPP, plant). It is an effective way to obtain an overall view of actual plant safety and the quality of the safety documentation, and to determine reasonable and practical modifications to ensure safety until the next ISR or, where appropriate, until the end of commercial operation.
Adopting periodic ISRs in support of licence renewal will ensure the continued improvement of NPP safety. Past experience with life-extension projects gives the CNSC and the Canadian nuclear industry a large degree of familiarity with the ISR process. As such, the periodic application of an ISR in Canada represents an evolution of a current practice, as opposed to the adoption of a new one.
This regulatory document sets out the CNSC’s requirements with regard to the conduct of an integrated safety review for an NPP in support of licence renewal. Guidance is also provided on how these requirements may be met.
The following provisions of the Nuclear Safety and Control Act (NSCA) and regulations made under the NSCA that are relevant to this regulatory document:
Subsection 24(4) of the NSCA states that "No licence shall be issued, renewed, amended or replaced – and no authorization to transfer one given – unless, in the opinion of the Commission, the applicant (a) is qualified to carry on the activity that the licence will authorize the licensee to carry on; and (b will, in carrying on that activity, make adequate provision for the protection of the environment, the health and safety of persons and the maintenance of national security and measures required to implement international obligations to which Canada has agreed"
Subsection 24(5) of the NSCA states that "A licence may contain any term or condition that the Commission considers necessary for the purposes of this Act..."
Section 3 of the General Nuclear Safety and Control Regulations states the general licence application requirements
Paragraphs 12(1)(c), (f) and (i) of the General Nuclear Safety and Control Regulations state that "Every licensee shall (c) take all reasonable precautions to protect the environment and the health and safety of persons and to maintain security of nuclear facilities and of nuclear substances; ... (f) take all reasonable precautions to control the release of radioactive nuclear substances or hazardous substances within the site of the licensed activity and into the environment as a result of the licensed activity; ... (i) take all necessary measures to facilitate Canada’s compliance with any applicable safeguards agreement;"
Sections 3 and 6 of the Class I Nuclear Facilities Regulations state the general licence application requirements specific to Class I nuclear facilities and the information required to apply for a Class I nuclear facility operating licence
Key principles and elements used in developing this regulatory document are consistent with national and international standards, guides and practices. In particular, this regulatory document is consistent with International Atomic Energy Agency (IAEA) Specific Safety Guide SSG 25, Periodic Safety Review of Nuclear Power Plants - Safety Guide, 2013. 
The licensee shall conduct an ISR in accordance with this regulatory document for the period until the next ISR or, if applicable, until the end of commercial operation of the plant. The ISR shall be conducted according to the following four phases:
preparation of an ISR basis document
conduct of the safety factors reviews and identification of findings
analysis of the findings and their integral impact on the NPP’s safety (global assessment)
preparation of a plan of safety improvements (integrated implementation plan)
In accordance with IAEA SSG-25 and international practice, 10 years is considered an appropriate interval between ISRs to determine the extent to which the nuclear power plant conforms to applicable regulatory requirements, and modern codes, standards and practices, and to identify any factors that would limit its continued safe operation.
The complex process of conducting an ISR can be facilitated by subdividing it into tasks that are identified as safety factors. These safety factors are intended to cover all aspects that are important to the safety of an operating nuclear power plant.
The objectives of the ISR are to determine:
the extent to which the facility conforms to applicable regulatory requirements and modern codes, standards and practices
the extent to which the licensing basis remains valid for the next licensing period
the adequacy and effectiveness of the arrangements and the structures, systems and components (SSCs) that are in place to ensure plant safety until the next ISR or where appropriate, until the end of commercial operation
the improvements to be implemented to resolve any findings identified in the review and timelines for their implementation
The ISR is complementary to, and does not replace activities required and/or performed by the CNSC, including routine and non-routine regulatory reviews and inspections, mid-term reports, event reporting and investigations, or any other CNSC licensing and verification activities.
The ISR approach is outlined in IAEA Specific Safety Guide SSG-25, Periodic Safety Review for Nuclear Power Plants . The terms "safety factor" and "safety factor reports" are an adoption of the IAEA SSG-25 terms, with the addition of a safety factor for radiation protection. Safety factor reports are discussed further in Sections 3 and 4.
In general, the licensee first prepares the ISR basis document which defines the scope and methodology for the ISR. This is then used to conduct the review, prepare the safety factor reports, and the global assessment report. The results of the ISR are used to establish the corrective actions and safety improvements to be included in the integrated implementation plan.
The documentation submitted to the CNSC includes:
ISR basis document
reports on the review of each safety factor (safety factor reports)
The ISR basis document is an essential instrument that governs the conduct of the ISR. It ensures that the licensee and the CNSC have the same expectations for the scope, methodology and outcomes of the ISR.
The ISR basis document shall be submitted to the CNSC for acceptance. The required elements of the ISR basis document are:
statement of current licensing basis
statement of the proposed operating strategy of the facility
description of scope of the ISR
description of the methodology for the performance of the ISR, including the period for which the ISR is valid
statement of applicable regulatory requirements, and modern codes, standards and practices
description of the methodology for the identification, dispositioning and tracking of gaps
description of the methodology for the global assessment
3.2 Proposed operating strategy of the nuclear power plant
In the ISR basis document, the licensee shall state the proposed operating strategy of the plant.
The ISR is performed to assess the condition of the NPP and the adequacy of the programs, including aging management programs, which are in place to maintain reactor safety. The review is forward-looking and the operating life of the plant should be considered to identify potentially lifetime-limiting features of the plant in order to plan future modifications and to determine the timing of future reviews.
In the ISR basis document the licensee shall describe the scope of the ISR. The licensee shall:
address all safety factors of the NPP including any interdependencies
identify all facilities and associated SSCs to be covered by the ISR
address unit-specific and site-specific issues
for multi-unit NPPs, address interdependencies on common SSCs not covered by item 1
consider all expected modes of operation; for a multi-unit facility, taking into consideration the operational state of each unit
include a comprehensive review of current licensing issues applicable to the safety factors
The scope of the ISR should include a review of each of the following safety factors:
actual condition of SSCs important to safety
equipment qualification (environmental and seismic)
deterministic safety analysis
probabilistic safety assessment
use of experience from other NPP and research findings
organization, the management system and safety culture
radiological impact on the environment
SSG-25, Periodic Safety Review of Nuclear Power Plants – Safety Guide,  describes 14 safety factors that have been selected on the basis of international experience and are intended to cover all factors important to NPP safety. The scope, tasks and methodologies of these 14 safety factors are considered to meet the CNSC’s expectations for corresponding safety factors 1-14 listed above. The CNSC has included an additional safety factor on radiation protection; the licensee should refer to the licence conditions handbook for the scope and tasks for the review of this safety factor. The ISR basis document should include, in the scope and tasks, how the intent of each task listed for a safety factor in SSG-25 will be addressed.
It is expected that the effort necessary to carry out a second (or subsequent) ISR of an NPP will often be considerably less than the first. In general, subsequent ISRs will focus on changes in requirements, facility conditions, operating experience and new information, rather than repeating the activities of previous reviews. However, while focusing on the changes, the subsequent ISR should consider explicitly whether the earlier ISR conclusions continue to remain valid (for example, in light of the time elapsed since it was performed).
3.4 Methodology for the performance of the integrated safety review
The licensee shall specify the methodology for:
conducting assessments that confirm that the plant meets, and will continue to meet, the current licensing basis
conducting assessments against applicable regulatory requirements, and modern codes, standards and practices
conducting a global assessment of facility safety in view of all ISR findings
identifying any corrective actions and modifications that are necessary to address ISR findings to improve the level of safety
The methodologies that will be applied for the ISR should be described in the ISR basis document to show how the licensee plans to achieve the ISR objectives as stated in section 2. The methodologies outlined in SSG-25  for performing safety factor reviews provide an acceptable approach.
Since processes and programs have many levels of interdependencies and interrelationships, the reviews should be conducted using internal documents that correctly represent these dependencies and relationships. To ensure this, a freeze date should be established for the internal documents used in the safety factor reviews. The reviews are then carried out using documents that are applicable to the document freeze date.
3.5 Applicable regulatory requirements, and modern codes, standards and practices
The licensee shall state what CNSC regulatory requirements, modern national and international codes, standards and practices will be used in the reviews, including their effective dates, as well as:
the criteria for their selection
the ISR cut-off date beyond which changes to codes and standards and new information will not be considered
the type of review to be performed (clause-by-clause, high level or alternative)
An integral element of the ISR is the assessment of the conformance of the current NPP’s state to requirements and expectations set out in CNSC regulatory requirements, and modern codes, standards and practices. A list of modern codes, standards and practices with their cut-off dates, should be established prior to any work being carried out. This ensures a common and consistent expectation for the reviews.
Modern codes, standards and practices should be selected taking into consideration the CNSC’s regulatory framework, as well as modern international practices and operational experience. Primary consideration for selection of codes and standards should rest with those referenced in licences and CNSC regulatory documents. IAEA documents and other appropriate international standards should also be considered. If an appropriate Canadian code or standard is not available, the licensee should propose a reasonable substitute.
It is expected that all mandatory clauses in a code or standard will be reviewed to determine if the identified requirements are met. Any applicable sub-tier references in the mandatory clauses to other codes, standards and licensee documentation (for example, implementing procedures) should also be reviewed and addressed. A clause-by-clause type review should also be performed for new versions of codes and standards referenced by the licence and licence condition handbook. For other codes and standards, licensees may propose other types of reviews.
3.6 Methodology for the identification, dispositioning and tracking of gaps
The licensee shall describe the process and methodology for identifying, categorizing, prioritizing and dispositioning gaps. The licensee shall state what decision-making process will be used to evaluate and decide on the various alternatives to disposition the gaps.
The licensee shall confirm that any non-compliance with the current licensing basis will be addressed as quickly as practicable. To the extent practicable, the licensee shall also resolve identified gaps with respect to modern regulatory requirements, codes, standards and practices. The licensee shall track dispositioning and resolution of all gaps identified during the ISR through to their resolution.
The ISR review should identify findings of the following types:
strengths – current practices are equivalent to or better than those established in modern codes and standards or industry practices
gaps – current practices are not equivalent to those established in modern codes and standards or industry practices, or do not meet the current licensing basis, or are inconsistent with the operational documentation for plant
The rationale behind identifying the findings and their disposition should be justified using valid arguments and supporting evidence. All gaps should be categorized and prioritized according to their safety significance. While assessing gaps for safety significance, the licensee should consider deterministic and probabilistic safety analyses, engineering judgment or a combination thereof. Suitability for assessment via selected means should be determined by the nature of the finding.
Depending on the nature of the findings, the licensee may also include considerations such as public radiation safety, plant operability, occupational radiation safety, emergency preparedness, and the environment when prioritizing gaps. The overall priority of a gap should inform the course of action to be taken to establish its recommended disposition. Any gaps representing the plant’s non-compliance against the current licensing basis may be resolved through the existing plant programs. The licensee should establish and maintain a database of all gaps identified during the ISR.
The methodology for performing the global assessment shall be described in the ISR basis document. The methodology shall address and include:
results of the safety factor reviews, in particular, the findings (both gaps and strengths) of NPP design and operation
the interdependencies between gaps and the significance of their aggregate effects
recommended corrective actions and safety improvements to address individual and consolidated gaps
the extent to which the safety requirements of defence in depth are fulfilled
an estimate of global risk associated with facility operation with any unresolved gaps
The results from the global assessment shall be documented in the global assessment report.
The objective of the global assessment is to present an overall evaluation of facility safety taking into account a balanced assessment of all findings identified in the ISR. The global assessment should take into account all the strengths and gaps from the ISR, and the corrective actions and/or safety improvements proposed to improve the overall level of safety.
Findings from the review of individual safety factors may indicate that the NPP’s safety is acceptable; however, when a review of the interactions, overlaps and gaps between safety factors is performed, new findings may be identified that have an impact on overall level of safety.
Upon completion of the safety factor reviews, the licensee shall prepare reports for submission to CNSC in accordance with the accepted ISR basis document. The licensee shall ensure that each safety factor report documents:
objective, scope, tasks and methodology for the review
applicable codes , standards and practices
overview of applicable facility programs and processes
results of the review which identify gaps and strengths
categorized and prioritized gaps
interfaces with other safety factor report findings
options for corrective actions for each gap
The safety factor reports document the results for specific review tasks. The results of the assessments and the comparison against applicable regulatory requirements and modern codes, standards, and practices are included. Any gaps are identified, recorded, categorized, prioritized and dispositioned.
The overall structure of each report should be a summary of the review followed by detailed reporting and conclusions. The report should:
clearly indicate the type of review conducted for each review element: a clause-by-clause review, a high-level review or a combination thereof, and provide the rationale for selecting the type of review
provide systematic coverage of the expected review tasks with detailed analysis of how the licensee addressed requirements to fulfill licensing bases, as well as the expectations for satisfying applicable regulatory requirements and modern codes, standards and practices set out in the basis document
clearly indicate the licensee’s acceptance of any work done by an outsourced contractor
provide enough information to allow CNSC staff to make a regulatory determination based on the information contained in the report
The licensee should prepare the safety factor reports to be as self-contained as practicable, avoiding excessive referencing. Where a code, standard or practice addresses more than one review element, the results of such reviews should be cross-referenced.
Safety factor reports should be submitted concurrently or in a single package because some reports may be inter-related. For example, the report for aging may be inter-related with the reports on the actual condition of SSCs important to safety and deterministic safety analysis.
The licensee shall prepare a report that documents the results of the global assessment. The global assessment report (GAR) shall present the results of the ISR, both strengths and gaps, to provide an overall assessment of the safety of plant. The GAR shall document the overall conclusions, corrective actions and safety improvements to be considered. It shall be submitted to the CNSC for review.
The GAR should provide a living database that captures the current state of the gaps. The database should be fully traceable so that a change in a gap, or in the assessment of a gap, can be easily tracked to its resolution. The GAR should include the following elements:
summaries of the safety factor report findings and identified gaps and strengths
overlaps, omissions, and interface issues of the findings from the safety factor reports
consolidation of gaps into global issues where appropriate
safety significance and risk ranking of all gaps (individual and consolidated)
corrective actions and safety improvements proposed for all gaps and global issues
a global assessment based on the aggregate effect of the findings resulting from all safety factor reports, taking the proposed corrective actions and safety improvements into account, and defence in depth
statement of the licensee’s assessment of the overall acceptability of operation of the NPP
The licensee shall develop an integrated implementation plan (IIP) that addresses the results of the global assessment. The IIP shall be submitted to the CNSC for acceptance.
In the IIP, the licensee shall:
list the corrective actions and safety improvements that will address all gaps identified in the ISR, and their safety significance and priority
specify the schedule for implementing the corrective actions and safety improvements
An overview of the acceptability of safe operation of plant in view of the proposed changes should be included in the IIP, to demonstrate that the outcome of safety improvements serves the intended purpose of the ISR.
In the IIP, the licensee should:
demonstrate traceability and provide references to the GAR
specify the processes used for determining the detailed scope, including prioritization and scheduling of corrective actions and safety improvements
ensure that corrective actions and improvements that have the greatest impact on safety are completed in a timely manner
specify processes for identification and management of project risks and controls
specify the process to be used to track the progress and completion of the corrective actions and safety improvements
The IIP should be submitted to the CNSC, organized according to both safety factors and CNSC’s Safety and Control Areas.
To ensure the IIP’s success, the licensee should have the following in place:
a project organization, structured to execute the IIP
governance for IIP delivery
scope, schedules and dependencies, at least for the earlier tasks
definition of resources and a resourcing plan
a mechanism for overall integration, peer or independent review and oversight
The framework that establishes the processes and programs required to ensure an organization achieves its safety objectives, continuously monitors its performance against these objectives, and fosters a healthy safety culture.
Human performance management
The activities that enable effective human performance through the development and implementation of processes that ensure a sufficient number of licensee personnel are in all relevant job areas and have the necessary knowledge, skills, procedures and tools in place to safely carry out their duties.
This includes an overall review of the conduct of the licensed activities and the activities that enable effective performance.
Maintenance of the safety analysis that supports the overall safety case for the facility. Safety analysis is a systematic evaluation of the potential hazards associated with the conduct of a proposed activity or facility and considers the effectiveness of preventative measures and strategies in reducing the effects of such hazards.
The activities that impact the ability of structures, systems and components to meet and maintain their design basis given new information arising over time and taking changes in the external environment into account.
Fitness for service
The activities that impact the physical condition of structures, systems and components to ensure that they remain effective over time. This area includes programs that ensure all equipment is available to perform its intended design function when called upon to do so.
The implementation of a radiation protection program in accordance with the Radiation Protection Regulations. This program must ensure that contamination and radiation doses received are monitored and controlled, and maintained as low as reasonably achievable (ALARA)
Conventional health and safety
The implementation of a program to manage workplace safety hazards and to protect personnel and equipment.
The programs that identify, control and monitor all releases of radioactive and hazardous substances and effects on the environment from facilities or as the result of licensed activities.
Emergency management and fire protection
The emergency plans and emergency preparedness programs which exist for emergencies and for non-routine conditions. This area also includes any results of participation in exercises.
The internal waste-related programs that form part of the facility’s operations up to the point where the waste is removed from the facility to a separate waste management facility. This area also covers the planning for decommissioning.
The programs required to implement and support the security requirements stipulated in the regulations, in the license, in orders, or in expectations for the facility or activity.
Safeguards and non-proliferation
The programs required for the successful implementation of the obligations arising from the Canada/IAEA safeguards agreements, as well as all other measures arising from the Treaty on the Non-Proliferation of Nuclear Weapons.
Packaging and transport
The programs that manage the safe packaging and transport of nuclear substances and radiation devices to and from the licensed facility.
Engineering, operations, inspection, and maintenance actions to control, within acceptable limits, the effects of physical aging and obsolescence of structures, systems and components.
ALARA (as low as reasonably achievable)
As low as reasonably achievable with social and economic factors taken into account. A concept in which optimized protective measures result in doses that are considered to be as low as reasonably achievable.
Measures taken to eliminate the cause of a detected nonconformity or other undesirable situation to prevent reoccurrence.
The range of conditions and events taken explicitly into account in the design of the facility, according to established criteria, such that the facility can withstand them without exceeding authorized limits by the planned operation of safety systems.
An overall risk judgment on the acceptability of continued operation of a nuclear facility.
integrated implementation plan (IIP)
A plan that considers the scope and schedule of safety improvements to support continued operation of a facility, based on the results of an integrated safety review.
integrated safety review (ISR)
A comprehensive assessment of nuclear power plant design and operation that deals with the cumulative effects of aging, modifications, operating experience, technical developments and siting factors, and aims at ensuring a high level of safety throughout the operating life of plant.
integrated safety review (ISR) basis document
The information that sets out the scope and methodology for the conduct of the ISR.
A set of requirements and documents for a regulated facility or activity comprising:
the regulatory requirements set out in the applicable laws and regulations
the conditions and safety and control measures described in the facility’s or activity’s licence and the documents directly referenced in that licence
the safety and control measures described in the licence application and the documents needed to support that licence application
A set of interrelated or interacting elements (system) for establishing policies and objectives and enabling the objectives to be achieved in an efficient and effective way. The management system integrates all elements of an organization into one coherent system to enable all of the organization’s objectives to be achieved. These elements include the structure, resources, and processes. Personnel, equipment, and organizational culture as well as the documented policies and processes are parts of the management system. The organization’s processes have to address the totality of the requirements on the organization as established in, for example, IAEA safety standards and other international codes and standards.
nuclear power plant
Any nuclear fission reactor installation that has been constructed to generate electricity on a commercial scale and is a Class 1A nuclear facility, as defined in the Class I Nuclear Facilities Regulations. Where a licence is issued for multiple reactors, NPP means all the reactors identified in the licence.
Measures taken that result in more effective implementation of the safety objectives of a nuclear power plant.
The significance of a situation, event or issue with respect to the impact on meeting the nuclear safety objectives as defined by the International Atomic Energy Agency (IAEA) in document SF-1 Fundamental Safety Principles . In general, a situation, event or issue has safety significance if it denotes a deviation from the safety case accepted in the licence, in a direction detrimental to safety, such as but not limited to:
reducing margins to (or exceeding) the accepted limits
increasing risk to the health, safety and security of persons and the environment
impairments (various degrees) of the special safety systems or of the safety functions for accident mitigation
reduction in defence in depth
events causing radioactive releases and spills of hazardous substances, injuries to workers or the public, etc.
structures, systems and components (SSCs)
A general term encompassing all of the elements (items) of a facility or activity that contribute to protection and safety. Structures are the passive elements: buildings, vessels, shielding, etc. A system comprises several components, assembled in such a way as to perform a specific (active) function. A component is a discrete element of a system. Examples are wires, transistors, integrated circuits, motors, relays, solenoids, pipes, fittings, pumps, tanks, and valves.