Task Group Purpose: The EFCOG Procurement Engineering Task Group (PETG) is comprised of industry experts in engineering and procurement. This groups primary focus is to identify opportunities for improvement with regards to the procurement engineering processes, such as commercial grade dedication (CGD), and develop best practices and lessons learned based on those identified opportunities.
- Spencer Daw (Chair)
- John Hendricks (Vice-Chair)
- Sandra Schindler (Secretary)
Contact our team via the contact form below. Looking for the SME POC list? Please request a copy via the form below.
DOE POINTS OF CONTACT
- Chris Beaman
ENGINEERED PROCUREMENT EFFECTIVENESS INITIATIVE
Procurement Engineering is collaboratively teaming with the Engineering Practices Subgroup and Supply Chain Quality Assurance Subgroup to facilitate Engineered Procurement Effectiveness in the DOE Supply Chain.
Contact Engineered Procurement Core Team Members via the form below.
Engineered Procurement Resources
The following is and initial compilation of Best Practices (BP) and Lesson’s Learned (LL) to support the typical process flow for engineered procurements from design output document development through to item acceptance. The contents is designed to help sites effectively execute engineered procurements. Procurement Engineering, Engineering Practices, and Supply Chain QA will provide additional resources as developed/identified.
Training Resources for Engineering and Quality
Engineering (EPSG) or QA Best Practices and Documents related to Procurement
General Engineered Procurement EFCOG Best Practices:
- BP-207, Identification of Look-Alike Electrical Equipment
- BP-202, Lines of Inquiry for Flow down of Requirements and Subcontractor Implementation of 10-CFR-851
- BP-166, Process for Safe, Efficient Laser Service Subcontractor Work
- BP- 225 , Quality Assurance Considerations for Supply Chain Management in Large-Scale Capital Asset Acquisition Projects.
EPSG developed procurement best practices relative to supply chain welding activities:
- BP-231, Welding Requirements Flow-Down
- BP-216, Filler Material Control – Receipt, Storage and Issue
- BP-215, Welding in Support of Research and Development
- BP-201, Welding Program Ownership
- BP-191, On-Site Review and Assessment of Subcontractor Welding Programs, Facilities, and Operations
- BP-162, Improving the Quality of Subcontractor Welding
Procurement Engineering White Papers
- EFCOG White Paper, Benchmarking of Engineered Procurement Effectiveness Elements
- NRC vs. DOE Safety Classification and the Resultant NQA-1 Acceptance Requirements
- NQA-1 Sub-Part 2.14 Crosswalk to NQA-1 Part 1 and NAP 401.1 (Formerly NAP 24-A)
- Technical Requirements for the Procurement of 55-Gallon, Carbon Steel, Removable Head Drums
- GREASE 121118 CGD jrh
- OIL 121118 CGD jrh
- NQA-1 Flowdown Paper for Team Review
Supplier Qualification Strategies
The Master Supplier List provides efficiency in potential bidder identification and in pre-award vendor qualification efforts.
The Master Supplier List (MSL) (formerly known as Master Approved Supplier List (MASL) is a single database used by DOE contractors to share supplier qualification information. Numerous EFCOG efforts have shared the benefits of this database including EFCOG Final Report, EM SINGLE APPROVED SUPPLIER LIST PROCESS TASK TEAM. This report issued in 2017 recommended all DOE-EM sites start using this database.
There are two key uses of MSL to be more efficient in engineered procurements:
- The list of qualified vendors can be searched to ensure suitably qualified vendors are included in solicitation processes
- MSL supplier qualification information resources (e.g., pre-award audits by other sites) can be used to more efficiently qualify a vendor prior to use by other sites.
Commercial Grade Dedication Best Practices
- BP-142, Evaluation and Acceptance of Commercial Grade Items and Services
- BP-140, Performance of Commercial Grade Surveys
- Eval & Acceptance of Commercial Grade Items & Services
- Performance of Commercial Grade Surveys
FAQ – Frequently Asked Questions
CAN A DIFFERENT DEGREE OF VERIFICATION BE USED ON AN ITEM WITH EQUIVALENT SAFETY FUNCTIONS?
Yes, the degree of verification will vary depending on the determining factors of the technical evaluation, such as the consequence and likelihood of failure. As in all cases when using engineering judgement, the factors considered in the technical evaluation to determine the degree of verification must be documented.
Determination of the rigor utilized in the verification of critical characteristics is part of the larger determination of reasonable assurance that the item/service will perform its intended safety function (See FAQ-2 for more on reasonable assurance).
NQA-1 Subpart 2.14 Section 601 contains discussion on the selection of acceptance method(s) for use in determining if the commercial grade item/service meets the acceptance criteria of the selected critical characteristics.
ASTM A312 304 Stainless Steel Pipe with safety function to maintain pressure boundary.
Case A – Pipe supplying coolant to spent fuel storage
Loss of spent fuel storage coolant could potentially cause fuel melting and a resulting criticality accident. The consequences of such a failure are relatively high as it would result in a significant safety impact to co-located workers and the public.
Case B – Pipe transporting radioactive liquid
A breach in the pressure boundary could potentially result in the spray of radioactive liquid on a co-located worker. Such a failure of the pipe would result in a minor safety impact on a co-located worker.
The pipe in both cases is neither complex nor unique, however the consequences of each pipe failure are significantly different. Case A might require the performance of a full chemical and physical analysis of test coupons to verify conformance with the requirements of ASTM A312. While Case B might require the performance of XRF PMI to verify conformance of the major chemical constituents (Cr and Ni) with the requirements of ASTM A312. In each of these cases the technical evaluation leads the CGD practitioner to perform varying degrees of rigor to obtain reasonable assurance.
NQA-1 Subpart 2.14 Section 601
NQA-1-2012 Subpart 3.1-2.1, Section 502 Graded Approach
NQA-1-2012 SUBPART 2.22, Section 101 Definition of Graded Approach
DOE-HDBK-1230-2019 Section 6.5 Dedication Process
EPRI TR 3002002982 Section 5.7 Identify Acceptance Methods and Criteria
WHO DETERMINES REASONABLE ASSURANCE AND WHAT DOCUMENTATION IS REQUIRED?
Reasonable assurance is determined by the responsible engineering organization who originates the information used to develop the technical evaluation. The dedicating entity verifies that the item/service meets the acceptance criteria and provides the documentation from one or more of the four acceptance methods to the responsible engineering organization to establish that reasonable assurance has been achieved such that the item/service will perform its intended safety function. The documentation required to establish reasonable assurance is a complete technical evaluation along with the results and/or reports resulting from the use of one or more of the four acceptance methods.
For the sake of clarity, the terms used in this answer are defined as follows:
- Responsible Engineering Organization – the entity that develops the technical evaluation or provides the requisite information to a 3rd party dedicator that will be used in writing the technical evaluation (e.g. Pantex, SRNL). CGD practitioners are typically delegated the authority to make the call on what constitute reasonable assurance but ultimately the responsibility lies with the engineering organization
- Technical Evaluation – A documented evaluation that includes the safety function(s), like-for-like or equivalency determination, critical characteristics, acceptance criteria, and dedication methods. (In the case of a build-to-print procurement, the dedication methods are typically determined by the Supplier.)
- Dedicating Entity – As defined in NQA-1 Subpart 2.14 Section 601 (a). This entity performs the verification activities, which may be the contractor (e.g. INL, Y-12), a Supplier, or a sub-supplier.
Factors that are considered in determining what constitutes reasonable assurance for a given situation are: safety function, whether that is an active or passive safety function, complexity of the item/service, the consequence of failure, the likelihood of failure, whether a replacement item is to be placed in a service requiring environmental or seismic qualification.
The responsible engineering organization obtains reasonable assurance from the dedication process by applying an appropriate level of rigor in the determination of critical characteristics, acceptance criteria, sampling plans and lot formation, and in choosing the method(s) of acceptance.
EPRI states “The decision that reasonable assurance has been attained is inherently subjective, and the judgment of reasonability may vary between different observers.” These examples are one “observer’s” judgement call – each responsible engineering organization (the CGD practitioner) must make their own subjective, defendable call on what reasonable assurance is for each unique situation.
Example #1 – Item: relay switch
Safety Function: start up emergency generator upon loss of commercial power within 60 seconds – active safety function.
Consequence of failure: failure of the relay to start-up within 60 seconds would result in a possible release of radioactive contamination to the public
Likelihood of failure: likelihood of failure is low as the original relay functioned for 40 years without fault. Also, this is a relatively simple item with only one moving part
EQ/SQ: this relay does not have any environmental qualification requirements, but it will be installed in a system that does require seismic qualification.
Given the conditions stated above, reasonable assurance would be attained via a combination of Method three and Method one. Source surveillance would be conducted to witness the manufacturing of both a test relay and the relay to be put in service to verify that the relay’s materials and methods of fabrication are per the specification. After receipt of the relays, the test relay will be tested to verify functionality and destructively tested to verify design limits and capabilities. Additional critical characteristics must be verified to ensure that the new relay maintains the previously performed seismic qualification. This is a moderately high level of rigor due to the high consequence and low likelihood of failure.
Example #2 – Item: lead
Safety function: shield collocated workers from radiation exposure – passive safety function
Consequence of failure: failure of the lead to provide required shielding would expose collocated workers to an unacceptable radiation dose.
Likelihood of failure: likelihood of failure is low as shielding designs are analyzed for appropriate thickness with margin built in and the likelihood of a manufacturing failure that would result in an undetectable bubble in during the lead pour is also unlikely.
EQ/SQ: not applicable as this is not a replacement item.
Given the conditions stated above, reasonable assurance would be attained via Method three source verification at the supplier’s facility to witness the dimensions of the forms into which the lead will be poured to ensure compliance with drawing dimensions and verify the final weight of the shield lead. This is low level of rigor as the consequence of failure is low and the likelihood of failure is also low.
Example #3 – Item: structural fasteners in new construction
Safety Function: provide clamping force between two structural members of a nuclear facility – passive safety function
Consequence of failure: failure of the fasteners would result in the breach of confinement boundary of nuclear material piping resulting in the exposure of collocated workers and even possibly the public
Likelihood of failure: likelihood of failure is low as a large design margin is built in and there would have to be a concurrent or unnoticed successive failure of dozens of fasteners to cause a piping pressure boundary breach.
EQ/SQ: not applicable as this is new construction
Given the conditions stated above, reasonable assurance would be attained through a CG survey of the supplier to verify that they have control of their manufacturing and testing processes such that the critical characteristics of fastener strength and fastener material chemistry are controlled. This is a low level of rigor as the consequence of failure is moderately high, but the likelihood of failure is very low.
ASME NQA-1 2017, Sub-part 2.14
EPRI Report NP-5652 on the Utilization of Commercial Grade Items. EPRI, Palo Alto, CA: 1994. TR-102260
DOE-HDBK-1230-2019, Commercial Grade Dedication Application Handbook
WHAT FACTORS SHOULD BE CONSIDERED IN DETERMINING THE DEGREE OF VERIFICATION?
The degree of verification for a given critical characteristic is inherently subjective and corresponds to the acceptance criteria to be met. The degree of verification may vary for the same item based on each end-use application. The goal is to provide a reasonable assurance based on engineering judgement.
While there are many factors to be considered in determining degree of verification, a partial list might be:
- Risk of the item failing
- Consequence of the item failing
- Complexity of the item
- Tolerance of the specifications
- The item’s stated safety function per safety basis document.
- Results of Technical evaluation, including the FMEA.
- The sample size of items chosen for acceptance
The word reasonable connotes a level of confidence that is justifiable but not absolute. In the context of product or service quality, reasonable assurance of performance must be based on facts, actions, or observations (objective evidence). Although these bases are objective and measurable, the inference of adequacy drawn from them—the decision that reasonable assurance has been attained—is inherently subjective, and the judgment of reasonability may vary between different observers. These judgments are commonly referred to as engineering judgment and should be documented. Reasonable assurance of the item’s ability to perform its intended safety function results from the combination of the technical evaluation and acceptance processes.
Varying degree of verification based on stated safety function
If procuring metal for the tank wall that holds a corrosive mixed waste, then require independent CMTR’s of material because the metallurgical properties are critical (e.g., corrosion resistance).
If the same material holds makeup feed water, then only alloy analyzer verification simply to show an item is “stainless steel” might be adequate.
Varying degree of verification based on tolerance of the specifications with sample size
If the tolerance of a pipe is +-0.5 cm then sampling some fraction of a lot with a go-no-go gage might be sufficient.
If the tolerance of the same pipe is +-0.005 cm then sampling every item in a lot in multiple locations with a micrometer might be necessary.
10CFR50, Appendix B 
EPRI report TR-017218-R1, Guideline for Sampling in the Commercial-Grade Item Acceptance Process
WHEN APPLYING SAMPLING, HOW IS PRODUCTION TRACEABILITY ESTABLISHED?
Production traceability is established by sampling from lots that have traceability to a manufacturer’s heat number, production lot number, or batch number. Further guidance for production traceability is in at EPRI NP-5652 TR-102260 2016 Appendix H.
Production traceability can be established by several methods:
- If the manufacturer is on your QSL then a CofC incorporating production traceability would be acceptable.
- If the manufacturer is not on your QSL then a CGD survey or source verification could be used to establish production traceability. If you find issues than a change to sampling plan would be warranted.
- No supplier visit, additional testing and documentation would be required to establish production traceability.
A Widget is produced by a manufacturer in production lots which have a heat number.
The Company procures 10 Widgets. To establish production traceability the Company would include a clause about production traceability in the purchase order and verify with manufacturer or distributor their ability to conform to production traceability requirements which may include that all widgets bought on the purchase order come from the same heat number were possible. If not, sampling would then be applied to each heat number separately.
For example, a supplier might establish production traceability by performing overchecks on the chemical and physical properties of the CMTR for raw material received. Then that supplier might apply their own marking/numbering to the tested lot of raw material that is traceable to the results of the test and the CMTR that are on file. The supplier’s unique identification number is then used to maintain traceability between the material used in the as fabricated item back to the test results and CMTR.
EPRI NP-5652 TR-102260 2016
EPRI NP-5652 TR-102260 2016 Appendix H
WHAT DOCUMENTS ESTABLISH THE SAFETY FUNCTIONS OF COMMERCIAL ITEMS OR SERVICES INTENDED FOR USE IN A NUCLEAR SAFETY APPLICATION?
Safety functions performed by the item or a host component in support of the overall safety function are described in the DSA for an existing facility, the PDSA for a facility under construction, or other safety basis documentation. A CGD is performed only on those items or services that perform a safety function.
Safety function – the performance of an item or service necessary to achieve safe, reliable, and effective utilization of nuclear energy and nuclear material processing. (DOE-HDBK-1230)
Safety basis – the documented safety analysis and hazard controls that provide reasonable assurance that a DOE nuclear facility can be operated safely in a manner that adequately protects workers, the public, and the environment. (From 10CFR 830)
Hazard controls – measures to eliminate, limit, or mitigate hazards to workers, the public, or the environment, including
- Physical, design, structural, and engineering features;
- Safety structures, systems, and components;
- Safety management programs;
- Technical safety requirements; and
- Other controls necessary to provide adequate protection from hazards. (From 10CFR 830)
All DOE-approved safety analyses (i.e., safety analysis reports/documented safety analyses), TSRs, USQs, hazard controls, and any Conditions of Approval within DOE safety evaluation reports that provide reasonable assurance that a DOE facility can be operated safely in a manner that adequately protects workers, the public, and the environment.
Under DOE regulatory requirements, there may be instances in which a commitment to implement ASME NQA-1 on a non-safety-related item such as hardware in support of compliance with air permit requirements would need the performance of a CGD. As such, critical characteristics would be those that support the performance of the item to meet program requirements and not the nuclear safety function.
The question to the safety function should be raised to the responsible engineering and nuclear safety organizations.
Examples where upper tier design documents discuss safety classifications and safety functions can be found in:
- Preliminary Documented Safety Analysis (PDSA) – PDSA provides descriptions of safety class and safety significant SSCs, and functional requirements and performance criteria for early CGD development and to support procurement strategies.
- Documented Safety Analysis (DSA) – Chapter 4 of the DSA describes the safety class and safety significant SSCs, their safety functions, and performance criteria.
- Functional Classification – Provide system and component functional classification and system functional classification boundaries. Functional Classification Documents (or databases) can be effectively used to document evaluations on subcomponents of SSCs
- System Design Description (SDDs) – Convenient single point of reference that centralizes pertinent information or interpretations of details in supplier technical manuals and engineering documents
Examples of items and their safety functions:
- The safety function is often a subset of the item function.
- The function of an instrument may be to maintain the pressure boundary of a pipe system and provide a flow signal, but the safety function may only be to maintain the pressure boundary.
- For a computer program that tracks surveillances of safety SSCs to meet the technical safety requirements, the portion of the computer program that calculates dates based upon past surveillances completed and automatically notifies an engineer to schedule the surveillance would be the safety function, whereas the portion of that same computer program that stores the surveillance report may not be part of the safety function.
DOE-STD-3024-2011, Content of System Design Descriptions
DOE-HDBK-1230-2019, Commercial Grade Dedication Application Handbook
ASME NQA-1 2017, Sub-part 2.14
IS AN ASSESSMENT BY A THIRD-PARTY CONFORMITY ASSESSMENT BODY, AN ACCEPTABLE ALTERNATIVE TO DIRECT EVALUATION OF A SUPPLIER?
Yes, use of an assessment performed by a third-party Conformity Assessment Body (CAB) can be an acceptable alternative to direct evaluation. The degree to which the assessment is relied on should be consistent with the relative importance and scope of the item or activity being procured.
DOE O 414.1D Attachment 1 Section 1 states “The contractor, using a graded approach, must develop a QAP and conduct work in accordance with the approved QAP that meets the requirements of this CRD.” Hence, the site QAP must first make allowance for alternatives to direct evaluations and obtain buy-in from the regulator.
ASME NQA-1 Subpart 2.19 allows for the use of 3rd party accreditations of testing and calibration services if the accrediting body is an ILAC signatory and if the accreditation is to ISO-17025. No such allowance is stated in NQA-1 for accreditation to ISO-17065 or others.
Accreditation refers to recognition given to an organization by an authoritative body. It is a process by which an authoritative body gives formal recognition that a CAB fulfills specified requirements and is competent to carry out specific tasks.
A testing laboratory, such as BACL, is requested to be added to a site’s QSL using the accreditation of a 3rd party such as A2LA instead of a direct evaluation at BACL’s facilities. First, verify that the site QAP allows for such a qualification, then review the A2LA certificate to verify that the accreditation to ISO-17025 is current and that the scope of work is within the lab’s scope of accreditation. This evaluation would need to be documented and the addition to the QSL would then proceed in accordance with the directions of the QAP.
An item is required to go through the commercial grade dedication process, and credit is intended to be given for a UL stamp to reduce the overall rigor of dedication. An item stamped with the UL certification mark demonstrates that the item meets the requirements of the certification scheme. First, verify that the QAP allows for such credit, then verify that the product certification body has been accredited to ISO-17065 by an authoritative body such as A2LA. Also, verify that the product is listed in the certification body’s directory of certified products and document the evaluation in accordance with the site QAP.
ASME NQA-1 Subpart 2.19
DOE O 414.1D Attachment 1 CRD
IS A CONSIDERATION OF CREDIBLE FAILURE MODES REQUIRED WHEN DESIGN CRITERIA IS AVAILABLE? IN THIS CASE, WHAT IS DESIGN CRITERIA?
When design criteria is available, consideration of credible failure modes and mechanisms is not required. Design criteria is typically available to the dedicating entity when they have developed or acquired the design of the SSC. The design criteria are the parameters and allowables specified in the design documents.
A company that designs and manufactures an SSC would already have an in-depth knowledge of its strengths and weaknesses, and as such, they may not need to re-consider its potential failure modes when performing CGD. On the other hand, a company that has acquired the SSC from the original designer/manufacturer would not have that inside knowledge and would therefore need to consider the credible failures in the CGD technical evaluation.
Some SSC (e.g. an item that has an unusually high consequence of failure, one that is to be installed in an application other than that for which it was designed) might require even the original designer to re-evaluate the credible failures of the SSC in accordance with its end use. In general, consideration of the credible failures, their likelihood, and the subsequent consequences of failure forms part of the foundation on which the procurement engineer chooses the appropriate critical characteristics and acceptance methods.
Jack’s Specialty Valves designs, manufactures, and provides ball valves to customers as a nuclear qualified item. In performing CGD on these valves the supplier’s tech eval does not consider what the credible failure modes are of the valve as they have an inside knowledge of which characteristics are considered to be critical.
If an assembly is determined to perform a safety function and had been designed by the dedicating entity, then the ASTM parameters of a certain component on the design drawing for the assembly might be used as the critical characteristics in the CGD plan. For example, the parameters found in ASTM A193 for a ½” grade B8M bolt could be used as critical characteristics.
NQA-1 2008/2009a Section 401 fourth paragraph
Procurement Engineering Task Group Library
Contact our Team: