05000454/FIN-2017002-01
From kanterella
Jump to navigation
Jump to search
Finding | |
|---|---|
| Title | Failure to Verify Computer Software during a Transformer Replacement Modification |
| Description | Green . A finding of very low safety significance was self -revealed on March 28, 2017, when operators rapidly reduced generator load in response to a loss of forced cooling for the newly installed Unit 1 East main power transformer ( 1E MPT ) and an indicated rapid rise in transformer winding hotspot temperature caused by vendor data entry errors in the monitoring system software . The process detailed in CC -AA- 256- 101, Software Quality Assurance Process for Plant Digital Instrumentation and Control Systems and Components, to verify and validate the software/firmware during updates was not implemented after the vendor made changes to the digital software during the modification process. The issue was entered into the licensees corrective action program (CAP) and corrective actions included replacement of the cooling group supply breaker, correction of the software errors, and revision of the alarm response procedure and supporting documentation. The inspectors concluded that the issue was more than minor because it adversely impacted the Design Control attribute of the Initiating Events Cornerstone objective to limit the likelihood of events that upset plant stability and challenge critical safety functions during plant operations. Specifically, rapid power changes or load reject could challenge operating safety limits. In this event, the rapid rise in the calculated winding hotspot indications and subsequent operator actions to rapidly reduce load over 300 megawatts electric ( MWe ) was the result of two software errors : (1) an incorrect Current Turns (CT) Ratio and (2) the incorrect configuration of the MPT cooling groups in series within the software. The inspectors utilized Exhibit 1, Initiating Events Screening Questions of IMC 0609, Significance Determination Process, Appendix A, dated June 19, 2012, to conclude that the finding was Green, or of very low safety significance, because the event did not cause a reactor trip and the event did not affect any mitigation equipment. A cross -cutting aspect in the Challenge the Unknown element of the Human Performance Are a (IMC 0310 H.11) was assigned because the engineering group based the risk evaluation on the vendor input that the scope of the change was limited. The flawed assumption that the vendor input was correct without verification resulted in a failure to manage the risk prior to implementation through the verification/validation of the software/firmware. |
| Site: | Byron  |
|---|---|
| Report | IR 05000454/2017002 Section 4OA2 |
| Date counted | Jun 30, 2017 (2017Q2) |
| Type: | Finding: Green |
| cornerstone | Initiating Events |
| Identified by: | Self-revealing |
| Inspection Procedure: | IP 71152 |
| Inspectors (proximate) | J Mcghee J Draper C Hunt K Pusateri C Thompson E Duncan |
| CCA | H.11, Challenge the Unknown |
| INPO aspect | QA.2 |
| ' | |
Finding - Byron - IR 05000454/2017002 | ||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Finding List (Byron) @ 2017Q2
Self-Identified List (Byron)
| ||||||||||||||||||||||||||||||||||||||