ISO 19443

Quality management system

for supply chain of the nuclear
energy sector

Hanna Kuivalainen
1 12.3.2019
Content
• Status of standard ISO 19443
• YVL A.3 renewal and scope
• ISO 19443 requirements
• ISO guidance and conformity
assessment progress
The status of standard
• The formal publication of ISO 19443 was in June 2018.
• The document was prepared by Technical Committee ISO/TC 85,
Nuclear energy, nuclear technologies, and radiological
protection.The International Standard ISO 19443:2018 has the
status of a Finnish national standard
• WG (members from nine countries) has performed review of the
draft of the ISO 19443 guidance material.
• Guidance will be issued by the WG as an ISO Technical Report
• Conformity assessment - ISO/Casco conformity assessment
committee knowledge ja ISO/TC 85 Nuclear Activities =>
ISO/TS (Technical specification) 23406 Nuclear sector --
Requirements for bodies providing audit and certification of
Quality management systems for organizations supplying
products and services important to nuclear safety (ITNS) - Under
development

3
YVL A.3 Background Standards IAEA and
ISO 9000
• Renewal of YVL A.3 was supposed to be
minor updating for Management System for a
nuclear facility (2014)
• Many changes in backgroud standars:
– GS-R-3 Management Systems for Facilities and
Activities, IAEA 2006 => GS-R Part 2 (2016)
• The vocabulary was taken mainly from
ISO9000:2005 Quality management systems.
Fundamentals and vocabulary =>ISO
9001:2015 .
• New version will be published in March.
• Most changes in wording and clarification of
requirements.
• Some requirements moved from YVL A.5

4
YVL A.3 Management and Leadership for
Safety
• YVL A.3 guide presents the general requirements of safety and
quality management that affect the contents, implementation,
maintenance, assessment, and improvement of the management
system of an organisation applying for a construction or
operating licence for a nuclear facility or one constructing or
operating a nuclear facility.
• The requirements of guide YVL A.3 apply, to the appropriate extent,
to the plant supplier, suppliers contributing to nuclear fuel fabrication,
safety-significant design and expert organisations, testing and
inspection organisations, component and material manufacturers,
and other safety-significant suppliers. If a requirement only concerns
the licensee or the nuclear facility, it is specifically mentioned.
• Other YVL-guides (YVL A.4, YVL A.5, YVL A.6, YVL A.7, YVL
A.11, YVL A.12, YVL B.1, and several YVL guides in E-series)
give more detailed ’how-to’ guidance

5
YVL A.3 Supply chain management
system reguirements
• 629. Suppliers of safety-significant products and related services
shall have in place a management system that is appropriate
certified (for example, ISO 9001 or ISO 19443) or independently
evaluated by an expert third party. Requirements for the
management system of manufacturers of serially manufactured
products are presented in the E series Guides.
• 629a. With regard to deliveries of products in safety class 1 and 2
and related services, the management system of the supplier
shall comply with the management system requirements set forth
in this guide and be compatible with the other standards used in
the operation. The management system can be supplemented in
the quality plan for justified reasons by applying the procedure
presented in paragraph 630.

6
Appropriate certification in YVL -guides
Hyväksytty sertifiointi (appropriate certification)
• Hyväksytyllä sertifioinnilla tarkoitetaan laatujärjestelmän
sertifiointia, jossa sertifiointielimen akkreditointi on tehty
standardin EN ISO/IEC 17021 vaatimuksia vasten ja
akkreditointi kuuluu FINASin solmimien monenkeskisten
tunnustamissopimusten (MLA) piiriin.

Appropriate certification
• Appropriate certification shall refer to a certification of quality
management system in which the certification body is accredited
against the requirements of standard EN ISO/IEC 17021 and
accreditation is covered by the multilateral recognition
arrangements (MLA) signed by Finnish FINAS.

7
ISO 19443 Quality management systems
Quality management systems. Specific requirements for
the application of ISO 9001:2015 by organizations in the
supply chain of the nuclear energy sector supplying products
and services important to nuclear safety (ITNS)
• Laadunhallintajärjestelmät. Erikoisvaatimukset ISO 9001:2015:n
soveltamiseen ydinenergiateollisuutta palvelevissa
toimitusketjuissa toimiville organisaatioille ydinenergia-
turvallisuuden kannalta tärkeiden tuotteiden ja
palveluidentoimittamisessa
• ISO collaborated with the International Atomic Energy Agency
(IAEA). IAEA has it’s own standards for Nuclear Safety. ISO
standards are complementary technical documents.
• The text reproduced from ISO 9001:2015 is placed in boxes

8
Principles and scope
Principles also apply the following :
– nuclear safety culture;
– determination of ITNS items and activites;
– graded approach to the application of quality requirements.
• Requirements specific to security management, and nuclear
material accounting and control don’t belong to this
standard
• applies to organizations supplying ITNS products or services
• activities on a licensed nuclear site prior agreement by the
Licensee
• complementary (not alternative) to customer and applicable
statutory and regulatory requirements

9
Terms, definitions, policy –
Quality Manager
• Some new terms and definitios: Activity, commercial grade item or
activity, Counterfeit/fraudulent/suspect (CFS) item (refer IAEA
NP- T-3.21), graded approach, important to nuclear safety ITNS,
item and nuclear safety (IAEA).
• Organisation and its context -External and internal issues shall
include nuclear safety considerations.
• Policy (5.2) and quality objectives (6.2.1) – include nuclear safety
and commitment to nuclear safety
• Quality Manager – member of the organization's management
– a) the organizational independence and authority to manage nuclear
safety and quality issues, and
– b) unrestricted access to top management.

10
 Nuclear Safety Management
System
Integrated
Management
Occupational Health and
System Safety Management
(ISO 45001:2018)
Nuclear Safety
Management System Environmental Management
(ISO 14001:2015)
Quality Management

Quality Leadership for Safety, Competences,

planning, Nuclear Safety Culture, Processes,
assurance, ITNS, CFSI, Safety Supply Chain
control and Classification, Management, Product
improvement Graded Approach, and services,
Project Control Independet review
11
Leadership and nuclear safety culture
• Requirements for top management not to compromise nuclear safety
in decision making (5.1.1) and Nuclear Safety Culture (5.1.3)
• Commitment to nuclear safety,
• Encouraging a questioning attitude
• Open communication
• Use of needed documented information
• Reporting HOF issues
• Lesson learned
• Challenging unsafe acts, behaviours and conditions
•Analyze and evaluate nuclear safety culture aspects (9.1)
Environment (7.1.4) Psychological factors include non-blaming
ITNS - persons shall understand the importance of their work and
consequences of errors in their activities
12
ITSN and Graded Approach
• Quality manual or quality plan (4.4.3), risk management (planning
6.1.1, 6.1.2)
• ITNS (6.1.3) – break down products and activities to items and
acitvies
• Safety Classification specified by customer in line with Licensee’s
classification
• Graded Approach (6.1.4) – grade the application of requirement
taking into account:
– ITNS specified by customer
– Complexity of items
– Organizational aspects
• Measuremnet traceability (7.1.5.2) outputs and actions taken

13
Nuclear safety is not compromise
• Changes – communication of changes
• Changes to quality management system so that safety is not
compromise
• Not include – organizational changes directly like YL A.3
• Determination and provisions of resources (7.1.1)
• Management review – receive the attention by its
significance

14
Support
• Resources so that safety in not compromised (7.1.1)
• Suitability of the monitoring and measurement resources (7.1.5.1)
• Competence and qualification of persons – shall maintained
• Persons shall be trained to understand the importance of their
tasks (7.3)
• Translations needs to be correct (7.5.2)
• Documentation: Independent review, traceable, authenticated
• Documented information: change communication, prevent misuse
of old documentation

15
Operation – products and services
• Project and configuration management (8.1)
• Schedule and interface management
• Managing the interfaces with exernal parts (8.2.1)
• Managing the changes of requirements
• Design and development has many new requirements (8.3)
• Verification and validation test shall be planned, performed,
controlled, reviewd and documented
• Organisation shall spesify when commersial grade items can be
used
• Documented information from design and development
changes
• Many requirements for control of externally provided processes,
products and services (8.4)
16
CFS – counterfit, fraudulent or suspect
items
Prevention has to go through the whole organisation
- Selection of suppliers
- Specific information from CFS and requirements for control sub
tier provides
- Control of externally provided processes
- Monitoring and measurement activities
- Handling detected CFS
- Customer information

IAEA documentation

17
Production and service provision
• Control of production and service provision - addings
– Customer and statuory and regulatory requirements related to
monitoring and measurement
• Control of production equipment - new chapter
• Monitoring and measurement activities – new chapter
– Independent inspections
• Identification and traceavility – addings
• Preservation
– Prevention of ITNS product deterioration
• Control of nonconforming outputs – addings

18
Performance evaluation
• Conformity to products needs to consider when thinking
performance and effeciveness of the quality management. (9.1)
• Customer requirements in internal audits (9.2)
• Auditors independence – not audit own work
• Management review – nuclear safety (9.3)
• Lessons learned from nuclear field
• Not exist: regular self-assessment
• YVL A.3: The management and all organisational levels shall
carry out regular self-assessment of their own work performances
against pre-defined criteria. Experts in the topic shall be utilised
in self-assessment of safety culture and leadership.

19
Improvement
• Lessons learned from experience
• Risk evaluation
• Can apply:
– Technical R&D
– Identify good practices
• Resources for improvements plans, share to its supply chain
relevant OE
• Nonconformaties and corrective actions are managed and
reported without undue delay to management and customer.
• Impact analysis and root cause analysis for nonconformity.
• Safety culture continual improvement

20
The ISO guidance planned activities
The ISO guidance activities have been agreed to meet the
following sequence (see N061):
1.Early February 2019 (and for 2 months duration): review/ballot of
the ISO Technical Report outside of the Working Group;
2. Early April 2019 (and for 2 months duration):
a. compilation and distribution of comments by the ISO Secretariat;
b. subsequent National Committee assessment of the reported
comments;
3.July 2019: Working Group meeting to upgrade the Technical
Report as appropriate;
4.September 2019: review and approval of the Technical Report by
the ISO TC 85 Chairman;
5. October 2019: release of the Technical Report.

21
Planning the conformity assessment
The review of ISO TS WD 23406 has being performed during the
meeting with a particular focus on discussions addressing the:
• knowledge and skills of the certification functions;
• definition of the technological sectors.
As a fast track project, ISO TS 23406 roadmap is confirmed as
follows:
2019 – Q1: working draft completion
2019 – Q2: CD ballot
2019 – Q4: ballot analysis and standard update as needed
2020 – Q1: publication of ISO TS 23406
Next meeting is planned April 9th 2019 to review the Working
Draft with a particular focus on the:
competence section; ISO 19443 knowledge.

22