NRRC Specific Regulations
Integrated Management
System for Facilities,
Activities and Practices
with Radiation Sources
NRRC-R-01-SR13
2023
Specific Regulation
Integrated Management System for Facilities, Activities and Practices with
Radiation Sources
2023
NRRC-R-01-SR13
NRRC-R-01-SR13
2
Preamble
In accordance with the provisions of the Radiation Safety Regulation
(NRRC-R-01), approved by the NRRC’s Board of Directors in resolution
No. (R/1/1/2022), dated 20 April 2022, in chapter (3) section (12), this
specific regulation establishes specific criteria for the development and
implementation of an integrated management system, prioritizing safety
and security in facilities applying activities, and practices.
This specific regulation has been prepared on the basis of International
Atomic Energy Agency (IAEA) standards, as well as the and the interna-
tional best practices and the experiences of similar international regula-
tory bodies, and in accordance with the Kingdom’s international com-
mitments, and it has been approved by the NRRC’s CEO resolution No.
1367 dated 9/7/2023.
3
NRRC-R-01-SR13
Table of Contents
Chapter 1: Objective, Scope, and Definitions 6
Section 1: Objective 6
Section 2: Scope 6
Section 3: Definitions 7
Chapter 2: Integrated Management System (IMS)
Fundamentals 9
Section 4: Safety, Security, and IMS Harmonization 9
Section 5: Graded Approach 11
Chapter 3: Specific requirements for the IMS 13
Section 6: Processes and procedures 13
Section 7: IMS documentation 15
Section 8: Quality Assurance 16
Section 9: Management of Resources 17
Section 10: Interested Parties 17
Section 11: Training and Education 18
Section 12: Communication 19
Chapter 4: Suppliers and Subcontractors 20
Section 13: Supply chain management 20
4
Chapter 5: Non-Conformities and Corrective and Preventive
Actions 22
Section 14: Non-Conformities 22
Section 15: Prevention of Non-Conformities 23
Chapter 6: Assessments and Improvements 24
Section 16: Audits 24
Section 17: IMS Review 24
Section 18: Lesson Learned 25
Table of References
Radiation Safety (NRRC-R-01) 20
5
NRRC-R-01-SR13
Chapter 1: Objective, Scope, and Definitions
Section 1: Objective
1. This specific regulation establishes the requirements for the develop-
ment and implementation of an integrated management system (here-
inafter referred to as the IMS) in line with a related and approved
international quality management standard, prioritizing safety and se-
curity in all facilities applying activities, and practices with radiation
sources in the Kingdom.
Section 2: Scope
2. This specific regulation applies to:
a. All authorized facilities and activities with radiation sources
in the Kingdom;
b. All authorized persons intending to operate facilities and ap-
ply activities and practices with radiation sources in the King-
dom, regardless of whether they are fully or partly owned or
controlled by a person from another country or by a foreign
corporation; and
c. The provision of services to external facilities that requires
the presence of employees in controlled or supervised areas.
3. This specific regulation does not apply to:
a. Nuclear fuel cycle facilities, activities or practices;
b. Facilities, activities or practices with nuclear related items;
and
6
c. Research reactors.
4. The requirements defined in this specific regulation are in line with
and complement the requirements set in the international quality
management standard prescribed under Article 1 and the relevant
NRRC regulations concerning facilities and activities with radiation
sources.
Section 3: Definitions
Accident
Any unintended event including operating errors, equipment failures and
other mishaps. The consequences or potential consequences of which are
not negligible from the point of view of protection and safety.
Abnormal events
Events that fall outside the remit of agreed or expected activities that may
also lead to undesirable outcomes.
Continuous improvement
Recurring activity to increase the ability to fulfil requirements.
Conformity
Fulfilment of a requirement.
Corrective action
Action to eliminate the cause of a detected nonconformity or other unde-
sirable situation.
7
NRRC-R-01-SR13
Document
Information and its supporting medium.
Fraudulent items
Items that are intentionally misrepresented with intent to deceive.
Information
Meaningful data.
Integrated management system
A single coherent management system for facilities and activities in which
all the component parts of an organization are integrated to enable the
organization’s objectives to be achieved.
Interested party
A person, company, etc., with a concern or interest in the activities and
performance of an authorized facility and activity.
Lesson learned
A good work practice or innovative approach that is captured and shared
to inform potential application. A lesson learned may also be an adverse
work practice or experience that is captured and shared to avoid recur-
rence.
Organization
Group of people and facilities with an arrangement of responsibilities, au-
thorities, and relationships.
8
Organizational structure
Arrangement of responsibilities, authorities and relationships between
people.
Quality control (QC)
Part of quality management intended to verify that structures, systems and
components correspond with predetermined requirements.
Chapter 2: Integrated Management System (IMS) Fundamentals
Section 4: Safety, Security, and IMS Harmonization
5. The authorized person shall establish, implement, sustain and contin-
uously improve an IMS which, among others:
a. Ensures compliance with the applicable regulations and reg-
ulatory provisions;
b. Clearly defines the organizations safety and security policy;
c. Establishes goals, strategies, plans and objectives for the orga-
nization that are consistent with the organization’s safety and
security policies;
d. Seeks the integration of the elements of the management sys-
tem;
e. Demonstrates the organization’s management commitment
to safety and security;
f. Ensures that safety and security is embedded at all organiza-
tional and operational levels;
9
NRRC-R-01-SR13
g. Ensures that processes and procedures are developed and ef-
fectively managed to achieve the organization’s goals without
compromising safety and security;
h. Integrates safety, health, environmental, security, quality, hu-
man, organizational, societal and economic elements, so that
safety and security are not compromised;
i. Ensures that no benefits are offered as substitutes for mea-
sures for protection and safety.
j. Integrates all the key elements for safety and security from
any previously implemented management system; and
k. Anticipates abnormal events to prevent safety-threatening
events as effectively as possible and provides instructions for
the case that any such should occur.
6. The authorized person shall ensure that the implemented IMS:
a. Includes appropriate arrangements to record decisions con-
cerning the organization’s management and activities;
b. Includes appropriate arrangements to record the planned and
systematic actions necessary to build confidence regarding
the compliance with all safety and security requirements;
c. Includes the necessary provisions for the resolution of con-
flicts that arise from the decision-making processes that af-
fect safety and security;
10
d. Defines the structures, processes, responsibilities and internal
and external communication channels of the organization;
e. Includes provisions and requirements for independent re-
view of the decision-making processes that affect safety and
security;
f. Includes appropriate arrangements for the identification and
analysis of any change that may have significant safety or se-
curity consequences, including changes in the organization
or cumulative effects of minor changes.
7. The authorized person, irrespective of the organization’s size or the
scale of its activities, shall address in the implemented IMS, at least,
the requirements which are set in the corresponding international
quality management standards, such as ISO 9001.
Section 5: Graded Approach
8. The authorized person shall ensure that the development, scope, con-
tent, and implementation of the IMS are commensurate with the in-
curred safety and security risks associated to the operation of the fa-
cility and the applied activities and practices.
9. Considering the organization’s needs and based on the magnitude of
the risks associated to the facility and the applied activities, the autho-
rized person shall appropriately define general and specific grading
levels for addressing regulatory requirements, safety, security, and op-
erational performance.
11
NRRC-R-01-SR13
10. When defining the grading levels under Article 9, the authorized per-
son shall consider the following factors:
a. The safety and security characteristics of the facility and the
radiation sources used;
b. The maturity and complexity of the applied activities and
practices and the associated safety and security risks;
c. The significance of hazards related to safety, health, environ-
ment, security, and economical aspects;
d. The magnitude and likelihood of normal and potential occu-
pational and public exposures;
e. The necessary measures to mitigate the consequences of fore-
seeable incidents and accidents;
f. The available human resources and the competence of the
staff; and
g. The related regulatory requirements.
11. Considering the grading levels under Article 9, the authorized person
shall ensure that the implemented IMS management system includes
appropriate arrangements addressing the regulatory requirements for
the scope and content of the:
a. Safety assessment;
b. Radiation protection program;
c. Radioactive waste management activities;
12
d. Radioactive sources security plan;
e. Emergency preparedness and response; and
f. Transport security plan of radioactive sources.
12. The authorized person has the responsibility to prove that the objec-
tives, scope, and content of the implemented IMS are in line with a
graded approach.
Chapter 3: Specific requirements for the IMS
Section 6: Processes and procedures
13. The authorized person shall ensure that the IMS processes are in line
with the organization’s objectives, plans and strategies related to safety
and security.
14. The authorized person shall ensure that the IMS processes are devel-
oped and managed in such a way that:
a. The compliance with the related requirements does not com-
promise safety and security;
b. The responsibilities for safety, security and quality are clearly
specified, and assigned to competent individuals;
c. Their sequence and interrelationships are specified;
d. The supporting documentation is preserved;
e. The related documentation is consistent with the organiza-
tion›s documents; and
13
NRRC-R-01-SR13
f. The results of the assessment of the implementation perfor-
mance, and of the efficiency and effectiveness of the processes
and procedures are recorded.
15. The authorized person shall ensure that updates or modifications of
the IMS processes, and new processes are designed, verified, validated
where relevant, approved and applied in a way that does not compro-
mise safety and security.
16. The authorized person shall ensure that the implemented IMS speci-
fies appopriate evaluation, inspection, testing, verification, and valda-
tion procedures, as well as the related acceptance criteria and respon-
sibilities for aspects concerning safety and security.
17. The authorized person shall ensure that any process that may have
safety and security consequences is implemented under controlled
conditions.
18. The authorized person shall ensure that approved and updated IMS
procedures, instructions and plans concerning safety and security are
applied, which have been validated before their first use and are peri-
odically reviewed by authorized personnel.
19. The authorized person shall ensure that:
a. Production, monitoring, measuring, and testing equipment
is appropriately maintained to enable the verification of com-
pliance with the applicable requirements of opera-tional as-
pects with a safety and/or security impact; and
14
b. Procedures for checking, calibrating, and maintaining mon-
itoring, measuring, and testing equipment are defined in the
IMS to ensure the reliability of the related meas-urements.
Section 7: IMS documentation
20. The authorized person shall ensure the availability of the necessary
documentation for the IMS, including:
a. The description of the IMS (i.e., overview of policies, objec-
tives, etc.);
b. Generic IMS procedures; and
c. Detailed operational procedures.
21. The authorized person shall document the IMS in a readable and un-
derstandable language to the personnel.
22. The authorized person shall ensure that the IMS documentation clear-
ly addresses all the organizational and operational aspects that are
relevant to safety and security.
23. The authorized person shall ensure that documentation is:
a. Hierarchically organized;
b. Controlled;
c. Identifiable;
d. Traceable;
15
NRRC-R-01-SR13
e. Reviewed and approved according to regulatory and techni-
cal updates; and
f. Communicated to the personnel and interested parties.
24. The authorized person shall establish a review and approval documen-
tation cycle, considering different roles and responsibilities, to verify
the proper implementation of changes on applicable laws, regulations,
and technical requirements concerning safety and security.
25. The authorized person shall ensure:
a. The protection of sensitive information concerning safety
and security; and
b. The availability of the most recent version of the ims docu-
mentation to the NRRC.
Section 8: Quality Assurance
26. The authorized person shall ensure that the implemented IMS in-
cludes:
a. Appropriate Quality Assurance (QA) and Quality Control
(QC) arrangements for the processes, procedures, systems
and devices related to safety and security; and
b. Appropriate arrangements to ensure the regular calibration
of the measuring equipment used for safety and security pur-
poses and the tracebility of the associated meas-urements.
16
Section 9: Management of Resources
27. The authorized person shall ensure that the organization has in-house,
or maintains access to, the full range of competences and the resources
necessary to conduct its activities and to discharge its responsibilities
for ensuring safety and security at each stage in the lifetime of the
facility or activity, and during an emergency response.
28. The authorized person shall ensure that the IMS includes plans and
arrangements to guarantee that the safety and security provisions are
supported by:
a. Systems in place to identify resource requirements;
b. Mechanism to control organization’s resources;
c. Measures to ensure that safety and security are considered in
allocation of resources;
d. Systems capable to track and monitor resources; and
e. Systems capable to review resources allocation if circum-
stances change to ensure continued safety and security of
operations.
Section 10: Interested Parties
29. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements for interacting with and managing
the interested parties with respect to:
17
NRRC-R-01-SR13
a. The communication of radiological risks associated with the
operation of the facilities and the application of activities,
and practices with radiation sources;
b. The communication of unforeseen circumstances;
c. The exchange of necessary information about safety and se-
curity; and
d. The identification of interested parties´ interests and expec-
tations in safety and security-related decision-making pro-
cesses.
Section 11: Training and Education
30. The authorized person shall ensure that the implemented IMS in-
cludes appropriate plans and arrangements that demonstrate:
a. The systems or processes used to identify and determine the
competency requirements for operations with a safety and/or
security impact;
b. How the safety and security training needs of the organi-
zation’s staff are identified and covered to meet the related
competency requirements;
c. That an adequate plan, program, or method exists to ensure
that training requirements are met, such as succession-plan-
ning or refresher training;
d. That there is a systematic process for developing, approving,
and reviewing training to ensure it is effective and covers the
identified needs;
18
e. That the systems or processes used ensure the content and
delivery of the training involves stakeholder consultation,
considers adult learning styles and other relevant factors so
that the training is effective;
f. How training records for all staff will be controlled, moni-
tored, and kept up to date; and
g. The training programs are informed by the organization’s
performance assessment and reviewed on a regular basis.
Section 12: Communication
31. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements for the effective communication of
information related to safety and security throughout the organiza-
tion.
32. The authorized person shall ensure that the arrangements referred in
Article 31 address:
a. Identification of communication needs;
b. The communication processes and infrastructure which are
maintained or put in place to address the communication
needs;
c. The modes of communication that the staff, including con-
tractors, are expected to use;
d. The methods that the staff, including contractors, use to
communicate information with a safety and/or security im-
pact efficiently and effectively;
19
NRRC-R-01-SR13
e. The procedure applied for the communication of safety and/
or security risks associated with the operation of facilities
and the application of activities;
f. The procedure applied for the communication of unforeseen
circumstances regarding safety, health, environment, securi-
ty, and quality aspects;
g. The dissemination of relevant and necessary information for
safety and security;
h. The method to identify the interested parties’ interests and
expectations in safety and security-related decision-making
processes are identified;
i. The procedure applied to communicate topics concerning
the prevention of human and organizational failures that may
impact safety and security;
j. The procedure applied to report on and learning from acci-
dents and other incidents following the Regulation on Radi-
ation Safety (NRRC-R-01).
Chapter 4 : Suppliers and Subcontractors
Section 13: Supply chain management
33. The authorized person shall include appropriate arrangements in the
implemented IMS to ensure that the full responsibility for safety and
security of the facilities and activities under authorization remains to
it and it is delegated, in whole or in part, to its suppliers and/or sub-
contractors.
20
34. The authorize person shall include appropriate arrangements in the
implemented IMS to ensure that suppliers of radiation sources and
subcontractors involved in radiological practices, meet all applicable
specific regulations in the Kingdom and products and services are
delivered in a quality assured manner.
35. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements for the minimization of risks associ-
ated to of Counterfeit, Fraudulent and Suspect Items (CFSIs) along the
supply chain and to treat them.
36. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements to control purchasing activities as
applicable for each defined grading range:
a. Specifications and purchase orders;
b. Use of qualified suppliers and subcontractors;
c. Agreement on appropriate quality control and acceptance
criteria;
d. Provisions for settlement of non-conformities and corrective
actions and their reporting;
e. Quality, safety, and security records to be provided.
37. The authorized person shall ensure that the IMS includes appropriate
procedure and criteria for the selection of suppliers and subcontrac-
tors.
21
NRRC-R-01-SR13
Chapter 5 : Non-Conformities and Corrective and Preventive
Actions
Section 14: Non-Conformities
38. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements for the identification of non-confor-
mities with an impact to safety and security and the application of
suitable corrective and preventive actions.
39. The authorized person shall encourage the organization’s personnel
to identify non-conformities and be involved in dealing with them,
giving priority to safety and security considerations when defining the
necessary corrective and preventive actions.
40. The authorized person shall allocate responsibilities for the monitor-
ing and following up of non-conformities until the adequate comple-
tion of the related corrective actions.
41. The authorized person shall include appropriate arrangements in the
implemented IMS for the identification of responsibilities and steps to
properly identify, segregate, and report non-compliant products and/
or activities based on their significance for safety and security and for
the allocation of resources for the correction, prevention, and closure
of non-conformities.
42. The authorized person shall include appropriate arrangements in the
implemented IMS to ensure that Individuals responsible for analyz-
ing non-conformities and determining the associated causes have an
adequate understanding of the area in which they are working and
22
should have access to pertinent background information concerning
the non-conformities.
43. The authorized person shall ensure that the implemented IMS in-
cludes a procedure and defines specific thresholds or criteria for in-
vestigating deviations from expected outcomes.
44. The authorized person shall ensure that the implemented IMS defines
the retention periods for records of non-conformities based on their
significance.
Section 15: Prevention of Non-Conformities
45. The authorize person shall take proactive steps to ensure that a poten-
tial non-conformity does not occur.
46. The authorized person shall promote an open atmosphere in the orga-
nization to facilitate the identification and handling of any deficiency,
non-conformity, and preventive needs.
47. The authorized person shall encourage its personnel to report ob-
served defects or malfunctions during the operation of the facilities
and the application of activities, and to propose improvements.
48. The authorized person shall include appropriate arrangements in the
implemented IMS to systematic monitor and evaluate the effective-
ness of the preventive actions.
23
NRRC-R-01-SR13
Chapter 6: Assessments and Improvements
Section 16: Audits
49. The authorized person shall be responsible to regularly conduct as-
sessments at all levels of the organization to identify, correct and pre-
vent problems related to safety, security, and performance.
50. The authorized person shall:
a. Include appropriate arrangements in the implemented IMS
to ensure that internal and external audits are carried out on
a regular basis to verify compliance with all aspects of the
management system and to confirm its continuing effective-
ness.
b. Select and assign auditors based on their qualifications and
experience.
c. Establish in the implemented IMS and requirements for the
qualifications of prospective auditors and the use of technical
specialists to conduct audits.
51. The authorized person shall include appropriate arrangements in the
IMS for carrying out and scheduling independent assessment (inter-
nal audits, external audits, surveillance and reviews, checks, inspec-
tions, and tests) of the processes and activities.
Section 17: IMS Review
52. The authorized person shall be responsible to improve the implement-
24
ed IMS and the operational processes and procedures as part of its
organizational culture for safety and security.
53. The authorized person shall make appropriate arrangements for the
regular review of the implemented IMS to identify opportunities for
the improvement of the IMS and the organization’s performance in
general.
54. The authorized person shall ensure that relevant operating experience,
radiological safety and security standards, and new knowledge gained
from good practices and incidents in the industry, are analysed and
considered to improve the organization’s operations and the imple-
mented IMS.
55. The authorized person shall identify and analyse any changes that may
have significant safety and security consequences through the imple-
mented IMS, including organizational changes or cumulative effects
of minor changes.
56. The authorized person shall ensure that the implemented IMS in-
cludes appropriate arrangements to assess the applicability of signif-
icant changes and their effects in safety and security, prior to their
application.
Section 18: Lesson Learned
57. The authorized person shall encourage its personnel to share the
gained operational experience and knowledge within the organization.
58. The authorized person shall coordinate with the NRRC regarding the
lessons learned from significant events and share the relevant experi-
ence.
25
NRRC-R-01-SR13
59. The authorized person shall ensure that the operational knowledge
and experience gained is used to improve processes and supports de-
cision-making for the prevention of accidents and incidents.
60. The authorized person shall ensure that the implemented IMS de-
fines a structured approach for capturing, organizing, evaluating, and
applying lessons learned from accidents, incidents, operational expe-
rience, and best practices, and disseminating them to the personnel.
26
©Nuclear and Radiological Regulatory Commission , 2023
King Fahd National Library Cataloging-in-Publication Data
L.D. no. 1444/12371
ISBN: 978-603-92052-5-8
27
Kingdom of Saudi Arabia
@saudinrrc
nrrc.gov.sa
