Configuration management (CM) is the discipline that maintains alignment between the approved design basis of a nuclear facility and its actual as-built configuration. While design control governs how new designs are developed and verified, configuration management governs the ongoing stewardship of that design baseline throughout the facility's operational life. Uncontrolled configuration drift, where physical modifications accumulate without corresponding updates to design documentation, is one of the most persistent safety and quality challenges in nuclear operations and a recurring finding in both NRC and CNSC inspection programs.

01

The configuration baseline and design basis documentation

The configuration baseline is the set of documents that defines the approved configuration of the facility: design drawings, specifications, calculations, vendor manuals, procedures, and the Updated Final Safety Analysis Report (UFSAR) or equivalent. Every physical change to the plant must be reflected in an update to this baseline. The baseline must itself be controlled, documents must be at current approved revision, and it must be possible to identify the current configuration at any point in time.

Facilities that allow informal modifications to accumulate without updating documentation develop configuration gaps that are extremely difficult and expensive to resolve retroactively. Reconstruction of the design basis for systems where decades of undocumented changes have occurred requires extensive engineering effort, and in some cases the original design intent cannot be reliably determined. Maintaining a current, accurate configuration baseline from the outset is orders of magnitude less costly than recovering from its loss.

02

Change control and the modification process

Configuration changes are managed through a formal modification or design change process. The process requires: identification of the change and its scope, technical evaluation against the design basis and applicable requirements, safety review, approval at the appropriate authority level, implementation per the approved design package, and post-implementation verification that the as-built configuration matches the approved change. The post-implementation walkdown, physically verifying that the installed configuration matches the drawings, is often under-resourced but is the step that actually confirms configuration accuracy.

10 CFR 50.59 and equivalent provisions: In US-licensed facilities, 10 CFR 50.59 requires evaluation of proposed changes, tests, and experiments to determine whether prior NRC approval is needed. Changes that adversely affect safety analysis assumptions or create new regulatory commitments require prior approval. An inadequate 50.59 evaluation, concluding no prior approval is needed when one is actually required, is a significant regulatory finding. Canadian and other national frameworks contain equivalent provisions.

03

Configuration audits and discrepancy resolution

Periodic configuration audits verify that the as-built facility matches the documented design baseline. Auditors select a sample of systems or components and compare the physical installation against design drawings, specifications, and procedures. Discrepancies, where the physical configuration does not match the documentation, must be documented and resolved. Resolution requires determining which represents the approved design intent: sometimes the physical configuration is correct and the documentation needs updating; sometimes the physical configuration is wrong and must be restored to the documented baseline.

Configuration audit programs that consistently find discrepancies signal that either the modification process is not being followed consistently or that informal field changes are occurring outside it. Both are significant quality concerns. A configuration audit program that finds no discrepancies is either genuinely exceptional or is not looking carefully enough, auditors should periodically test their methodology by auditing areas known to have had recent modifications.

04

Document interdependencies and digital CM systems

Configuration management depends entirely on the integrity of the document control system. In modern facilities, CM systems manage thousands of interlinked documents, drawings, calculations, procedures, vendor manuals, where a change to one may require updates to many others. Document trees or cross-reference matrices capture these interdependencies, so that when a revision is issued, the impact on related documents is assessed and those documents are updated as needed.

Digital CM systems that maintain these cross-references reduce the risk of partial updates, where one drawing is revised but the affected calculation, procedure, or procurement specification is not. The risk of partial updates grows with the complexity of the facility and the frequency of modifications. Organisations transitioning from paper-based to digital CM systems often discover the extent of previously untracked interdependencies for the first time, which is an opportunity to establish a more complete and accurate baseline going forward.

Forged Operations maintains the configuration baseline in real time, linking change orders to affected drawings, procedures, and analyses, tracking implementation status, and flagging post-modification verification requirements. AI surfaces documentation gaps when design changes are approved but related documents have not been updated.

Book a demo Learn more →

Related terms

Design Control Document Control Work Planning & Control NQA-1

References

  1. American Society of Mechanical Engineers. ASME NQA-1-2022: Quality Assurance Requirements for Nuclear Facility Applications, Requirement 3 — Design Control. New York: ASME, 2022.
  2. U.S. Nuclear Regulatory Commission. 10 CFR 50.59 — Changes, Tests, and Experiments. Washington, D.C.: NRC.
  3. U.S. Nuclear Regulatory Commission. "Criterion III — Design Control and Criterion VI — Document Control." Code of Federal Regulations, 10 CFR 50 Appendix B. Washington, D.C.: NRC.