 There's one slide I wanted to, there's one point I wanted to make on this presentation which just to highlight again, the outcome, if we can get this outcome, get this to work. This is the goal right here of the entire two weeks. I would characterize this a little bit differently, let me read this myself here, it's about making the right decisions. That's a pretty high level thing to say, but again, from my own personal experience, the experience of those of you in the room, experience of our lecturers, I believe we can all agree that we have to make the right decisions when we're talking about the use of nuclear technology. I would recharacterize this myself a little bit, I would put it in the context of it's about asking good questions, asking good questions and being ready to accept the answer. We might not like the answer. The answer may make us have to spend some money or have to commit some resources or maybe we might have to delay a project, but it's something that we cannot allow to lapse on as we've seen over the past, as you've seen over the experience of the use of nuclear power around the world, we have had several catastrophic accidents and we as safety professionals have to ensure that that never happens again. So are there any questions? I'm going to move on to my next presentation because we're already about 45 minutes behind schedule, which isn't too bad. We built the program as such, so no? All right, let me make a point here real quick. For those of you who I've worked with in the past, you'll be familiar with what I'm about to say and for those of you who haven't, again, I want to welcome you as new colleagues. I tend to speak very quickly. I try to speak slowly, but again, as a native English speaker, it's difficult for me to slow down. Please stop me, raise your hand, get my attention. If something doesn't make sense, please. It's not going to offend me. I will actually be more offended if you don't stop me, so I can repeat a point. I try my best to slow down and articulate, but again, frankly, English is the, you know, obviously that's my native language and I find it difficult sometimes to slow down. So again, please, I really would ask you to stop me so I can make the point. Okay, let me move on. All right, so what we're going to talk about for the first, really for the first day primarily and also a lot during the first week, we're going to spend quite a bit of time building upon IAEA safety standards. And the reason for that is really quite simple. The IAEA safety standards are the embodiment of safety knowledge as agreed upon by the worldwide experts. Again, it's an opportunity to use the standards, to work to ensure that you have access to the latest knowledge, the latest thinking, the latest processes. That's what the standards are for. And that's what we're going to spend quite a bit of time talking about here. Certainly during the first week and a little bit in the second week. So the subject of this presentation again is I'm going to go over why safety, why safety assessment is important. What is safety assessment? We'll talk about some of the responsibilities, purpose and the scope and when a safety assessment is performed. Again, this presentation here, I apologize for those of you who have seen this material before will be somewhat repetitive. And for those of you who are new, I hope this is useful for you. But again, it's always useful for us to go back and review some of the basics. This is a picture that my colleague Mike Modrow has used for many, many years. But I have frankly no idea where Mike actually got this from. This must have been drawn back in the 1960s. I mean, this is basic, what I would call sort of the nuts and bolts of a power plant, it's got all the important features in it. What we're, the reason again, why we do safety assessment is we're trying to maintain all of the barriers that you can see on this picture. And we're trying to demonstrate that we can maintain them. This just kind of goes through some of the processes. These are, I think this is maybe one of the best ways to articulate not so much the threat, if you will, but the potential radiological hazard of a nuclear power plant, I mean, again, this is just sort of, this is an outline of some very high level information about some of the potential radionuclides that are in the power plant. And our objective is to make sure that they stay in the power plant. In the fuel, it's certainly the best place for them to be, but we also have to anticipate the possibility that things can happen in the power plant. We can have accidents, we can have what we call anticipated operational occurrences, which could threaten the barriers that we build into the power plant. And again, our objective as safety professionals is to ensure that these materials do not threaten the public or the environment. Just a really brief picture of some of the high level processes we have to worry about. We'll have more on this later over the course of the next couple of weeks. Does this have a pointer? Look at that, it does, excellent. Again, as we talk about the kind of barriers we're talking about here, we have the fuel, which is where obviously this is where the radionuclides are created, which is also surrounded by the cladding itself. This is our first level barrier. If we're not able to maintain the integrity of the cladding, obviously our radionuclides are going to get out into the coolant, and then they're going to be able to transport themselves throughout the reactor systems and ultimately, if we have other barrier failures, they can ultimately threaten the environment as well. This is, as I mentioned earlier, this is some unfortunate very recent experience. I'm sure we're all very familiar with the tragic events that happened in 2011 at the Fukushima Daiichi Nuclear Power Plant. We are still, as a community around the world, working to learn, working to implement the lessons learned from this tragic accident. And I know that in Japan they're still working very hard to recover from this accident. Again, I want to point this out simply because this is an example of one of the things that we as safety professionals cannot allow to happen. This also has a picture, I believe, of the TMI accident right here in this lower right-hand corner. This happened in 1979 in the United States. This accident thankfully did not lead to any significant radiological releases because the reactor pressure vessel was not breached. But it's an example of something that we could not allow to happen and we have to learn the lessons from it. So nuclear installations around the world, I apologize if some of these numbers are a little bit out of date. But this is just sort of a reflection of a look around the world of the kind of facilities that are operated and the numbers. Talking about fundamental safety objectives, again, we are here as safety professionals to protect the people in the environment from the harmful effects of ionizing radiation. We have to control radioactive exposure of people and release the radioactive material to the environment. We also have to look at it from a, not just from a mitigation perspective, we have to look at it from a prevention side. We have to think about how can we prevent accidents from happening. And then we talk about mitigation. That's the other part of it as well, prevention and mitigation. These are principles that are in what we call fundamental safety principles. It's an IEA safety standards document. It is the highest level of the safety standards document. It establishes the principles upon which we build all of the subsequent documents and we will be talking more about this throughout the course of the next two weeks. Let me just go through this. I want to get to this next picture here. So again, this is the hierarchical structure of the IEA safety standards. You already saw a picture of the safety fundamentals, which is up on the top of the pyramid here. And then we go down and we talk about safety requirements documents throughout the course of the two weeks. We're going to be talking about, I believe, most, if not all of the safety requirements documents. They establish a series of statements that the international experts around the world have agreed upon through the agency board of governors. So these documents are endorsed by the agency member states. And they establish a set of requirements that power plants and facilities shall comply with. That's the key word here. These are things that experts recommend one shall comply with. Then we move down to the next level of documents. We talk about safety guides. Safety guides are documents that are intended to assist the implementation of requirements. Now what you're going to see, the real distinction there is, instead of using the word shall, the best example is we use the word should. These are recommendations of how one can comply with the safety requirements. These documents are also worked upon and agreed upon by the agency member states. So they reflect the best practices of the experts around the world. Okay. Let's see here. I think I've already mentioned all of this. Expert consensus, transparent and open process. Okay. This talks about the sort of the, if you will, the breakdown of the structure of some of the safety requirements documents. I'm not going to go through all of these right now. I want to point out a couple that we're going to, that we're most definitely going to focus on here throughout the next, of course, the next couple of weeks. On the left-hand side, we're going to talk quite a bit about GSR part four. On the right-hand side, we're going to talk about SSR two slash one, maybe a little bit of SSR two slash two. Those are the documents that we're going to focus on primarily here throughout the course of our workshop. The safety fundamentals document are broken down into a series of key principles. The international community, the experts developed 10 key principles and they're listed here for your use. These documents again are all available online if you're not familiar with them. So the IEA safety principles also require, safety has to be assessed for all facilities and all activities. But there's a point here that's bright and consistent with a graded approach. Now we'll have more of on that over the next couple of weeks. But the graded approach is really intended to reflect the fact that not all hazards are the same. In other words, some facilities have the potential for more hazard and more impact on people and the environment than others. So it's up to the community, the safety community, both the regulatory authority operators, TSOs come to a consensus agreement on what level of oversight, what level of work needs to be done according to what we call a graded approach. Safety assessment involves a systematic analysis of normal operations and its effects of the ways in which failures might occur and the consequences of such failures. What this is really intended to point out is that we need to cover safety assessment from both normal operations throughout the postulation of a series of potential hazards, accidents, or threats to the facilities. I want to choose my words carefully here because obviously we have to make decisions about what we're going to assess. And I know you have some more on this, Marco, throughout the other presentations, so I'm not going to get into the details about, you know, kind of the level of, you know, where we basically truncate, if you will, the set of analysis that we do, but we cannot analyze everything. We have to make decisions about what's appropriate. For example, you know, we're not going to analyze a meteorite strike on a nuclear power plant. I will concede that that's not a reasonable assessment. Okay, but we have to decide what we're going to analyze and how we're going to characterize the analysis and what we're willing to accept as the consequences of those analysis. Certain potential accident sequences have the potential to have higher consequences. And so we have to consider what we're willing to accept. And this is, so these are the kind of things we have to look at. We have to, in our analysis, we have to consider the features that are in the plant. We have to look at the engineered safety features. For certain types of analysis, we're going to go beyond the set of engineered safety features. If we're looking at an accident which, you know, goes beyond what I call the traditional design basis set of accidents, then questions will come up. Well, what kind of equipment can we assume? Do we just use the installed complement? These are all points that we as nuclear safety professionals have to discuss upon and decide upon. And we're kind of in the middle of an active debate on this right now. But the point is, is we have to, we have to consider the features in the plant. But there are questions and thoughts about, you know, how to go about that. Operator actions. That's another area that we consider. You know, should we, when we think about trying to analyze the plant response, should I consider the operator, the person at the controls, or should I assume that they're just not there? And that's a big question. All right. I know our experts in HRA, for example, would have some thoughts about how we evaluate how the operator will perform if we assume that we're going to assume the operator is there. You know, from my own personal experience, you know, I've had, I'm at a situation where a power plant wanted to credit an operator action to go out and manually open an atmospheric relief valve. And we said, well, show me, you can do it. Because we didn't believe it. And they really couldn't do it in the end. You know, they hadn't thought it out very well. Okay, so these are things that as professionals, we have to keep this in mind. It's very easy to write something down on a piece of paper. Very easy to put it into a computer code. Very easy to model things in a computer. But the computer isn't not reality. It's a simulation. We have to keep that in mind. Because it's easy for us to fall into this trap of looking at what's on our computer screen and saying, well, you know, the computer told me it, so it has to be the right answer. Well, I can tell you from personal experience that that is not necessarily the case. All right, so again, one of the things to consider is operator action. Okay, the last point, I think this is the last point on this slide. The last point on this slide is, you know, the role of the regulatory authority as an independent oversight body is really there to ensure, prior to operation commissioning construction, depending upon how the individual or country's regulatory structure is developed, it has to be this independent set of oversight provided by the regulatory authority of the activity which is proposed by the operator. Okay, the point there, again, is to ensure that we have multiple opportunities from multiple organizations to oversee the activity, a license has to be issued, and then from there the facility can begin to operate. Okay, again, the point, making the right decisions, I would characterize this as asking good questions, asking good questions. Okay. All right, what is safety assessment? Again, from my perspective, today is more from a standards perspective. Over the course of the week, and next week we'll get into more detail about some of the more practical applications of it. But here I'm talking primarily about the standards documents themselves. All right, GSR Part 4, I already mentioned this in the earlier slide where I showed the structure on the left and the right-hand side of the IEA safety standards. This document, as the name implies, is a safety assessment for facilities and activities. It's not specifically directed at nuclear power plants, but it is one of the documents that has to be complied with by nuclear power plants. All right. So, I'm not going to dwell on this again, but the key words here I think are systematic process, relevant safety requirements, and that the proposed or actual design are met. Let me pause here and make a point on this. The key distinction between proposed and actual. Okay, again, it gets down to the engineering process. It's very easy to sit down and draw a power plant on a piece of paper and say, well, I can build this. It's another thing to actually build it. Okay. Again, from my own personal experience, I can tell you walking into the power plant, asking for the piping diagrams, where is the... I want to go walk the system down at a power plant. So I get the drawing, I go out into the plant, I start following the drawing, and, well, the pipe's not there, because when they built the plant, it was easier when they were building it to actually put it somewhere else. Okay, that's fine. It's standard engineering design construction process. The key point is, when we put that information into our computer codes, it might matter. It might affect maybe the elevation of a component, which will affect the natural circulation flow in the system. We have to be cognizant that we are working in an engineered system and that the paper needs to match reality and it has to be checked to make sure. Because I can guarantee you that when they're building the plant, they will not build it exactly as the blueprint prescribes. That will not happen. It's not possible. There are too many parts. The point is, after it's built, we have to ensure that it is actually... that we're actually modeling it correctly. Okay. This picture here, let me read this to myself, is really more for your reference. It's really intended to kind of give us sort of a flow chart. And this is in the IEA safety standard, just sort of a flow chart of the safety assessment process. So I'll leave that for your reference. Okay. So let me step through this again. Again, we talk about safety assessment. We have safety analysis. Then we have evaluation of engineering factors important to safety. Okay. So we start from safety assessment and we can break that down into two components. Now, I want to emphasize here that there's been an evolution in thinking over the years about the different approaches to safety assessment. Again, my own experience when I started early in my career, you know, my job was to sit down and write Fortran in the relab five code. That's what I did. Okay. Very deterministic, very mathematical. Well, not to imply a PSA is not mathematical. I apologize for that. Very, very, you know, very, I would say one-dimensional, if you will. You know, we're analyzing the flow of an accident from the assumption of a hazard using mathematical models for, you know, multi-phase flow, nucleonics, materials interaction, et cetera, to evaluate an outcome. We're going to get a number out of it. It's going to be a yes or no. The plant passes or the plant fails. Now, back in the day, you know, we had the deterministic safety analysis group in one side of the office and we had the PSA group in the other side of the office and they never talked to one another ever. You know, I never even knew they existed. They didn't know I existed. Now, that thinking has evolved over the years and we've recognized that we need to look at this as a package. We have to put both groups together. This is really a best practice. We have these groups communicating. We have them feeding information to one another. Have to make sure that we use one set of analysis to complement the other. Hence the word to complementary methods here. All right. And again, we'll have quite a bit more on this throughout the course of the weeks. I just wanted to introduce this concept. So, on the right-hand side, we have more sort of process things to think about in safety analysis. You know, we have to make a certain level, you know, we're making assumptions when we're doing our safety analysis that, you know, the component that we're analyzing, be it through a deterministic analysis or to a lesser extent a probabilistic analysis because we can factor some of this into a PSA. We're assuming a certain level of quality, for example. Just to point out one here off the list here. You know, we're assuming that the materials are actually manufactured as they're specified. Okay? You know, we all have quality assurance requirements in our regulations. We all have quality assurance requirements in our power plants. There's a reason for that. And the reason is, is we're making a fundamental assumption with that set of requirements that when this valve arrives at the power plant and I physically put it in the power plant, it has been built to a certain specification. Now, yes, I test it. I evaluate it. I don't just leave the valve statically in the plant for 20 years and never use it. We have a certain set of technical specifications and requirements for, you know, periodic inspection and maintenance. But there is an underlying assumption that that was developed with proven engineering practices. We also apply, for example, a single failure criterion. Again, we'll have more on this later, but the point is, you know, we have multiple redundant systems in the power plant. We just make an assumption off the top that one of the systems simply doesn't work. You know, it has been seen over the years as a very conservative assumption. And that is one of the typical practices that you find. Okay. Am I speaking too fast? I am. Okay. Okay, you nodded. Okay. So you were supposed to nod earlier. I'm speaking too fast. I'm not. Oh, well, I thought I was. Okay. All right. Please. I think I'm speaking too fast. But if I'm not, then that's okay. But let me know. Okay. Next, well, that's actually this week. Whoops. Okay. Okay. Who's responsible for safety? Again, I would argue that, let me just get to the end of this, everybody is responsible for safety. That's what's kind of highlighted in these red words here. We are all safety professionals. You know, again, one of the examples that I like to bring up from my own experience, when I was my last job at the NRC, again, I was the branch chief of a group called the reactor systems branch. I had 16 engineers working for me, all extremely dedicated people. But the United States at that time operated 104 nuclear power plants. All right, my job, our job and my team was to oversee safety analysis, both, you know, how the computer codes are used. Are they validated? Are they verified? Are the licensees using them correctly? I can guarantee you that there's absolutely no way that my team can look at every single piece of paper generated in those power plants. We'd be talking about tens of thousands of pieces of paper. It's just simply not possible. My point is, is that the regulatory authority is part of the process. The licensee, the operating organization, is, as stated in the IA Safety Standards, the organization responsible for safety. And there's a couple of reasons for that. One, they understand the power plant better than anybody else. They're there every day. They think that they should know every single nut, bolt, valve, switch, annunciator, actuator in the power plant at all times. They're the ones who are overseeing the procurement of components. Fuel, valves, pumps, wire, light bulbs, all kinds of components that go into the power plant. So they're sort of at the nexus of this. They're the ones who are at the power plant every day. They're the ones who are ultimately responsible, which, again, gets me back to quality assurance. We think of quality assurance. I think a lot of us think of it in terms of hardware procurement, is the factory manufacturing the fuel within the tolerances that they're specified. That's very important, true. Quality assurance also applies to safety assessment. When I, as a power plant employee, get a document from my vendor, be it the fuel supplier, be it some outside consultant, I should not just simply put my own cover letter on top of it and pass it to the regulator and let them look at it. No. I should take responsibility for that document, review it myself, ensure that it's correct before I pass it on. And again, I'm speaking from personal experience. As a regulator, I've seen many documents that come across my desk, and it was obvious that the power plant didn't look at it, because there were just glaring mistakes in it. Okay, so the point being, we're all part of, we are all safety regulators, we're all safety professionals, and the system is designed with multiple levels, multiple checks, if you will. Okay. Purpose and scope. Not bad. All right, so we talked a little bit about the graded approach already. I'm not going to dwell too much again on this right now, other than to say, again, that not all facilities are created equal, not all hazards are the same. We have to think about it from the regulatory authority side, from the operator side of how best to approach safety assessment of a given facility, a given activity, to ensure that we're, you know, going to achieve the necessary level of protection. The scope, however, I would argue needs to be very broad. And this, again, is where we put the graded approach together with the scope. Because, again, we have limited resources as organizations. You know, the operator cannot do everything, the regulator cannot do everything. We have to choose where we're going to apply our resources wisely. And the way we do that is we, again, the graded approach is one way we achieve that. Because when we look at requirement two, we have to really have some level of safety assessment for every activity that we do, where there's potential for hazard. Okay. But obviously, again, realistically speaking, we cannot do that. We cannot apply the same level of rigor to every single thing. Because we just simply do not have enough people, money, time. So we have to think about how we're going to approach it. Okay. I've probably talked about this, so I'm just going to point out again here in red, we're trying to provide a demonstration of the adequate level of safety has been achieved for the facility. Okay. Preparation of the safety assessment. Whoops. I'm going to kind of speed through a couple of these slides here because we're a little bit behind schedule and I want to get to our coffee break on time here. Let me just kind of talk about this in some words here. We think about safety assessment again. It's not just simply sitting in front of the computer and typing relap5 return and then going away for a couple hours, coffee coming back and I magically have an answer on my computer. That's not safety assessment. That's the easy part of safety assessment. I mean, it's the part people like to do because it's kind of the fun part, you know, running the computer codes, but that's really not safety assessment. Again, the point that I want to make here is we have requirements in GSR Part 4. I'm just going to talk through these in words here where we have to think through from the beginning to the end. We have to think about our process. This gets back to the point about the as-designed versus the as-built plant. If you're sitting in your office at your power plant and you're looking at the results of an assessment from your vendor and let's say they're doing a large break loss of coolant calculation. That's a pretty typical analysis people do. In there, you have to assume certain pump performance characteristics. You know, the pump will pump a certain number of liters per hour. That's my assumption. Well, is it a good assumption? Maybe it was 20 years ago, but is the pump still performing as it was 20 years ago? Maybe, maybe not. Have they replaced the pump? It happens. Pump performance may not be exactly the same. So the key is that we have to look at the entire process. We can't just assume that the numbers are correct because the numbers are the easy part. The numbers are also the part where most of the mistakes are made. From an organizational perspective, do we have quality assurance requirements in place? We've got to get back to QA to ensure that the transfer of information from the power plant to the people physically doing the calculation. Is there a process to control that? Is there literally hundreds of numbers that flow back and forth during the process? And it's very easy to make a mistake. We're all human. I've made many of them myself. Putting in a computer code, you mean to type a 1 and you accidentally type a 0? It happens. Do we have processes in place to control that? We think about the computer codes themselves. Again, we have much more on this next week. The computer code is just a representation of reality. It is not perfect. If you would talk to a code developer, I would say that codes are in fact far from perfect. We have to be very cautious when we use computer codes. I don't want to leave you with the thought that codes are bad. Those codes are very good. We just have to know what they're good for. And we have to be careful when we apply them to ensure that we don't use them for something that they weren't intended to do. Relab 5, for example, will model many, many, many, many things. It will give you an answer for many things. But it doesn't mean that the answer is right. The code is not going to tell you that it's giving you a wrong answer. It doesn't care. For example, I've seen Relab 5, people have tried to apply it to a containment calculation. It gave them an answer, but I can guarantee you that answer was wrong because the code was not designed to do it, but Relab 5 didn't care. It gave them an answer. There's no way to know unless you're thinking about the whole process. Again, I'm just going to go through these next few slides, but I wanted to talk about them in words. The hard part is running the code is the easy part. The hard part is the process. That's why you see all these pictures that we'll have. I had one earlier in my presentation. You'll see many more next week throughout the course of the workshop. We focus a lot on process in this business. There's a very good reason for that. These are lessons that have been hard-learned over the years. Process is important in everything we do, not just building the fuel or building the pump or building the plant. Process is important in controlling safety assessment, for example. Let me keep going through here. These are the ones that I've already talked about. Assessment of engineering practices. Human factors. I'm not going to spend much time on that. We have more on that later. Let me pause here briefly and go through these next couple of requirements here. We have a few more minutes here. I haven't talked about defense in depth yet, which is obviously a principle that I know we're all familiar with. We've heard about defense in depth. Defense in depth is not just something that we... It's hard to put defense in depth in words of what it really means. We try to write down processes and write down principles and concepts about how to implement defense in depth. Like, for example, how do we implement defense in depth in a computer analysis? Or maybe the computer analysis is itself part of defense in depth. The point is we have to be thinking about defense in depth throughout all of our processes, all of our activities, including our safety assessment. Talked about scope already. We can't just limit ourselves to operational states, for example. We talk about shutdown, low power, PSA. We talk about the analysis during commissioning of the reactor. We have to think about analysis during... also the decommissioning of the reactor. There are still hazards. Even if we shut the reactor down, we pull the fuel out of the reactor, put it in the spent fuel pool. There are still hazards on the site. We cannot forget about it. Okay, I've talked a little bit about the combination of PSA and PSA. So let me go through this. Let me go pass that very quickly here. The point I wanted to make on this slide here is we have developed some... some over the years, some processes to help us integrate PSA and PSA together. And this is just an example of one of the ways that experts have come together to do this. I don't want to spend a lot of time on this. I just wanted to point out that we have worked in the area of trying to come up with some tools to assist the integration of PSA and PSA rather than just say you should go do it. We've been thinking about how to do it, and this is just an example of it. Okay. Now on the other side, we have to think about... not just running the code, we have to think about what are we going to compare the answer against? You know, it's... I was wanting to get an answer, but it's another thing to have something that's just take, for example, again, let's talk about our large break loss of coolant analysis. It's just one of the more common ones that I find most people are familiar with. We assume that the field failure criterion typically is around 1,200 centigrade. Roughly, that's not the exact number, but that's a pretty good number. So is that some magical number that if the fuel exceeds 1,200 centigrade, it's just immediately going to fall apart and fail? All right, well, since we're near a coffee break, I'll just answer the question. No, it's not. Okay. Just because the fuel exceeds 1,200 seed does not mean it's going to fail. It's an assumption that we make to establish a criterion, and that criterion in and of itself is conservative. Okay. We are applying another level of defense and depth, if you will, to the criterion itself, which is intended to encompass all types of challenges with measuring parameters. I'm not going to get into the details here. The point is, is the criterion themselves are not sort of like a cliff, if you will, that you step off and you're going to fall off into the abyss. Okay, that's another level of defense and depth. Okay. Uncertainty and sensitivity analysis. This kind of, not so much uncertainty, but sensitivity analysis sort of gets at this sort of cliff edge effect idea. It's this concept of, am I just literally standing there looking over the abyss, and if I take one extra millimeter, I'm going to fall into this major problem. We don't want to be there, ever, when we're working with nuclear technology. So when we think about using codes, using methods to do safety assessment, we should always do sensitivity calculations to ensure that I'm not just right there, and one little small change is going to push me over the edge. This could be because we never want to be there. All right. We have much more on requirement in 18 next week, so I'm going to not dwell on this, talking about verification and validation. Use of operating experience. You know, we think about operating experience. We don't generally think about computer codes, do we? I mean, what's operating experience? Okay, well, I know we're close to coffee break. No one's going to answer my question. It's things like, you know, there's an event in the power plant. The power plant safely shuts down, but there was a problem. Some component broke. Some individual, you know, hit the wrong switch in the control room or something. These things happen. It's operating experience. Okay. There's a system at the IEA called the International Reporting System, the IRS. It's intended where member states can put operating experience into the system. Some member states have their own operating experience platforms, which they generally open to the world. This information is not secret. It should be freely available. We should use it, okay? We should apply operating experience to the extent that we can in our safety analysis. It certainly impacts our probabilistic safety analysis. Okay, definitely. It gets into human performance. It gets into equipment performance. You know, how do components perform? How do they fail? And it will also impact deterministic analysis to, I think, a lesser extent. Okay. Documentation, independent verification, management of safety assessment, okay. I've talked about these already in my earlier sort of dialogue on the complexity of safety analysis. However, I want to stop on documentation briefly. Documentation is one thing that I know we all hate doing, myself included. I used to love running code. I never like writing it down, okay. Documentation is key. Documentation is important. And the reason is, if we get back to our QA process, how do we oversee the activity? Not just for the regulators, the operators for the TSOs, our own organizations, they should all have internal processes where an independent person comes in, takes a look, make sure that what was done is correct. Okay. They can't do that without documentation. It has to be written down. We have to write down our assumptions, write down how parameters are calculated. So this information can be independently verified. Okay. Let me, which moves in well to requirement 21, and then the management processes itself which oversee safety assessment. Okay. I think that's it, not bad. So again, coming to the end of this very high level introduction, and again, we'll have much more on this later throughout the course of the next two weeks. Safety assessment is about making the right decisions. Again, asking good questions. And with that, are there any good questions or bad questions? Any questions? Okay. We are on break, right, Barbara? 10.30? Right outside, right? Yes. Okay. Thank you very much. So let's reconvene at 11. We have a break now from 10.30 to 11. Thank you. Okay.