DCL-13-028, Invensys Operations Management Document 993754-1-909, Revision 1, Software Configuration Management Plan.

From kanterella
(Redirected from DCL-13-028)
Jump to navigation Jump to search
Invensys Operations Management Document 993754-1-909, Revision 1, Software Configuration Management Plan.
ML13093A318
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 12/18/2012
From: Muzaffrey O
Invensys Operations Management, Invensys/Triconex
To:
Office of Nuclear Reactor Regulation
References
DCL-13-028 993754-1-909, Rev 1
Download: ML13093A318 (44)


Text

Attachments 9-14 to the Enclosure contain Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure Attachment 8 PG&E Letter DCL-13-028 Invensys Operations Management Document "993754-1-909, Revision 1, Software Configuration Management Plan" (Non-Proprietary)

Attachments 9-14 to the Enclosure contain Proprietary Information When separated from Attachments 9-14 to the Enclosure, this document is decontrolled.

i n v e. n s*..yjso TM i n v'e. n s'.t Operations Management Triconex Project: IPG&E PROCESS PROTECTION SYSTEM REPLACEMENT Purchase Order No.: 13500897372 Project Sales Order: 1993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT SOFTWARE CONFIGURATION MANAGEMENT PLAN (SCMP)

Document No. 993754-1-909(-NP)

Revision 1 December 18, 2012 Non -Proprietary copy per IOCFR2.390

- Areas of Invensys Operations Management proprietary N

[ information, marked as [P], have been redacted based on I OCFR2.390(aX4).

Name Sig Lture, Title Author: 0. Muzaffrey pplication Engineer Reviewer: L. Nguyen IV&V Engineer Reviewer: J.McKay Project Engineer Approvals: R. Shaffer ( . Project Manager

- E,

i n v e. n so TM inv e.n s'., s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 2 of 43 Date: 12/18/2012 Document Change History Revision Date Change Author 0 16 AUG Initial Release JMcKay 2011 1 18 DEC 2012 Throughout - Update acronyms to be defined once only OMuzaffrey and included in section 1.4 as applicable.

Updated references to PPM forms so they appear once only in first reference.

Updated References for consistency..

2.2.7 - Clarified Configuration Database is NI Records 3.1.1.2 - Clarified statement about requiring upstream documents to be baselined prior to baselining a document.

n v e. n s'.y s" TM in V e. n .. s" Operations Management Triconex I

I Document:

Revision:

993754-1-909 I 1

Title:

Paste: I Software Configuration Management Plan 3 of 43 1 Date: 1 12/18/2012 I

Table of Contents 1 Introduction ........................................................................................................ 5 1.1 Purpose ............................................................................................................................................................ 5 1.2 Scope of Application ....................................................................................................................................... 5 1.3 Key Term s ....................................................................................................................................................... 7 1.4 Term s, Abbreviations and Acronyms ......................................................................................................... 8 1.5 Developmental References .............................................................................................................................. 9 2 Software Configuration Management ........................................................... 11 2.1 Organization .................................................................................................................................................. 11 2.2 SCM Responsibilities .................................................................................................................................... 11 2.2.1 Customer ......................................................................................................................................... 11 2.2.2 Project M anager .............................................................................................................................. 12 2.2.3 Project Engineer .............................................................................................................................. 12 2.2.4 Application Engineer ..................................................................................................................... 13 2.2.5 Nuclear IV&V Engineer ................................................................................................................. 13 2.2.6 Project Nuclear QA Engineer ..................................................................................................... 14 2.2.7 Project Administrator ...................................................................................................................... 14 2.2.8 The Configuration Control Board (CCB) .................................................................................... 15 2.3 Applicable Policies, Directives, and Procedures ...................................................................................... 15 3 SCM Activities ................................................................................................. 16 3.1 Configuration Identification .......................................................................................................................... 16 3.1.1 Identifying Configuration Items .................................................................................................. 16 3.1.2 Naming Configuration Items .................................................................................................... 25 3.1.3 Acquiring Configuration Items ................................................................................................. 26 3.2 Configuration Contlrol ................................................................................................................................... 28 3.2.2 Evaluating Changes ......................................................................................................................... 32 3.2.3 Approval or Rejection of Changes ............................................................................................. 33 3.2.4 Implementing Changes .......................................................................................... 34

i n v'e. n s'.e s" TM e. n s'.# s-Operations Management Triconex E Document: 1993754-1-909 I

Title:

I Software Configuration Management Plan L Revision: 1 Page: 1 4 of43 1 Date: 1 12/18/2012 3.3 Configuration Status Accounting ............................................................................................................ 34 3.4 Configuration Audits and Reviews .......................................................................................................... 35 3.4.1 Configuration A udits ....................................................................................................................... 36 3.4.2 Configuration Reviews ............................................................................................................ 36 3.5 Interface Control ........................................................................................................................................... 37 3.6 SubcontractorNendor Control ............................................................................................................ 37 4 SCM Schedules ................................................................................................. 38 4.1 Softw are File Lifecycle ................................................................................................................................. 38 5 SCM Resources ................................................................................................ 41 6 SCM Plan M aintenance .................................................................................. 43

i n v e. n s'.y s" i n V 'e. n . s'. s 0 Im Operations Management Triconex Document:

Revision:

I993754-1-909 1

1 eTitle:

Page:

I Software Configuration Management Plan 5 of 43 Date: 12/18/2012 1 Introduction Software Configuration Management is applied according to RG 1.169 (Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants) which endorses IEEE Std. 828-1998 (Standard for Software Configuration Management Plans). IEEE Std. 828-1998 establishes the minimum required content of the Software Configuration Management Plan (SCMP). These standards are supplemented by IEEE Std. 1042-1998 (IEEE Guide to Software Configuration Management) which provides approaches to good software configuration management planning.

Configuration Management is the means through which the integrity and traceability of the system are recorded, communicated, and controlled during both development and maintenance.

This SCMP documents software configuration management activities to be done, how they are to be done, who is responsible for doing specific activities, when they are to happen, and what resources are required. The document provides the methods to control the TriStation Application Program (TSAP) throughout its development and testing. The methods require activities including configuration identification, configuration control, configuration status accounting, configuration audits and reviews, interface control, and subcontractor/vendor control.

1.1 Purpose The purpose of this plan is to define software configuration management activities for the Diablo Canyon Power Plant (DCPP) Process Protection System (PPS) replacement project using the process defined in IEEE 828-1998. Following the SCMP process protects the TSAP and related software development collaterals from errors created by using the wrong program version, by identifying possible changes to the software which are in need of configuration control. The SCMP defines the program baseline, tracks development, records changes, and establishes allowed user access.

This plan is intended to be used by individuals performing Software Configuration Management (SCM) activities, those responsible for managing SCM activities, and those who audit and review SCM activities 1.2 Scope of Application Invensys Operations Management employs the process defined in this SCMP to control and track the changes to TSAP projects and project documents. The SCMP provides traceability and is not intended to prevent software configuration errors nor teach the user how to perform software implementation in TriStation 1131.

The scope of SCM covers the configuration and tracking of the following items: I

i n v'e. n s". s*7iM n V e. n s'.w s*

Operations Management Triconex Documnent: I993754-1-909 ITitle: I Software Configuration Management Plan Revision: 1 Page: 6of43 Date: 12/18/2012_

  • Protection Set firmware;

" Protection set run time software libraries and modules;

  • Software engineering tools used for developing and testing configurations and special functions;

" Software documentation.

Invensys Operations Management provides direct marking of firmware versions on hardware modules or alternate acceptable configuration management solution to relate firmware configuration management to hardware configuration management.

Invensys Operations Management provides a V1 0 Tricon system for each of four Protection Sets to be used in a safety-related application for the PPS. The PPSs are configured using Function Block Diagrams (FBD) in accordance with document EEC 61131-3 [Ref. 1.5.3)). Software is developed in accordance with the Software Development Plan (SDP) 993754-1-906. The SDP defines the following software life cycle phases:

" Planning Phase

" Requirements Phase

" Design Phase

" Implementation Phase

" Test Phase

" Delivery Phase The project requires four protection sets. A separate TSAP and associated software documentation are created for each set.

Configuration Items (CIs) are items in the project which are tracked and controlled as outlined in the SCMP. Such items can negatively affect the integrity of the system if not carefully considered. The TSAP's file name, download version, access security levels, program version, function block version, configuration version, and libraries version, are each considered CIs which are recorded throughout the life of the project. Other software to be controlled includes the operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purposes. Documentation CIs covered by this plan comprise customer supplied design input, and Projects-developed design output consisting of engineering design documentation, and Nuclear Independent Verification and Validation (Nuclear IV&V) documentation. [Ref. section 3.1.1].

The CIs are managed as defined in this plan for the duration of the project, and the configuration database and records are dispositioned prior to signing off of the completed Certificate of Conformance.

i n v'e. n0 s i n7 V e.' n7 s .t:" s "

0 TM Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Confiuation Management Plan Revision: 1 Page: 7 of 43 Date: 12/18/2012 The software configurations to be managed consist of:

" TriStation Application Project

" Embedded software (i.e., operating system software, communication software, and firmware). These items are not developed as part of the PPS replacement, but this SCMP will provide configuration control over the V 10 Tricon procured for this purpose.

" TriStation 1131 application program development platform (as listed on the latest version of the Nuclear Qualified Equipment List).

" Software Nuclear 1V&V tools While the SCMP can serve as a stand-alone document, it is part of a larger encompassing Project Management Plan (PMP) [Ref.l.5.11]. The SCMP is used to control the software CIs. The PMP entails how the entire project is managed, and names the SCMP as the plan for its software section.

The degree of formality is the same for all CI changes. Each change should be recorded and should note who, when, and what changed by the Document Review/Release (DRR) process as shown in PPM 3.0 (Drawing Preparation & Control). Software configuration is managed from the Requirements phase of the software life cycle until the completion of the Testing phase.

Limitations The SCMP is limited to the software and documentation created by Invensys Operations Management. Commercial Off The Shelf (COTS) software, such as Microsoft's operating system, or software supplied by the customer are tracked by revision but Invensys Operations Management is not responsible for configuration management of COTS software.

Assumptions The user of the SCMP is assumed to know TriStation 1131 configuration basics. Adequate grammar and a basic knowledge of the PPM processes are traits assumed to be held by the reviewers and developers of the CIs as managed by this SCMP. It is assumed that third party software and documentation supplied by commercial vendors and by the customer is under configuration management by the provider.

1.3 Key Terms Baseline: A specification or product that has been formally reviewed and released, that thereafter serves as the basis for further development. This baseline can then be changed only through formal change control procedures.

Configuration Item: A specification or product that is to be incorporated into the configuration management process.

i n v'e. n0 se..

  • s"M i n V e.l* n s-t-" s" Operations Management Triconex Document: 1993754-1-909I

Title:

I Software Configuration Management Plan Revision: 1 Page: 8 of 43 / Date: 1 12/18/2012 Control Point: A project agreed upon point in time or times when specified agreements or controls are applied to the software configuration items being developed, e.g. an approved baseline or release of a specified document/code.

Design Input List: List of documents delivered by Pacific Gas and Electric to Invensys Operations Management that must be used for the creation of the project applications.

Functional Configuration Audit: An audit conducted to verify that the development of a configuration item has been completed satisfactorily, that the item has achieved the performance and functional characteristics specified in the functional or allocated configuration identification, and that its operational and support documents are complete and satisfactory.

Interface: Depending upon context:

1) A shared boundary across which information is passed.
2) A hardware or software component that connects two or more other components for the purpose of passing information from one to the other.
3) To connect two or more components for the purpose of passing information from one to the other.
4) To serve as a connecting or connected to component as in (2).

Physical Configuration Audit: An audit conducted to verify that a configuration item, as built, conforms to the technical documentation that defines it.

Promotion: An internal or developmental completion of an activity and a release to the next activity through transition in level of authority needed to approve changes (compare baseline).

Release: The formal notification and distribution of an approved version.

1.4 Terms, Abbreviations and Acronyms AE Application Engineer CCB Configuration Control Board CD/ER Customer Deviation/Exception Request CI Configuration Item COTS Commercial Off-The-Shelf DCPP Diablo Canyon Power Plant DRCS Document Review Comment Sheet DRR Document Review/Release FAT Factory Acceptance Test FBD Function Block Diagram HRS Hardware Requirements Specification ICN Interim Change Notice IRE Independent Review Engineer IV&V Independent Verification and Validation MCL Master Configuration List NI Nuclear Integration

i n v'e. v* n s'.ýj sm s, i n v'e.n s" *y5" Operations Management Triconex Document: i993754-1-909 1

Title:

I Software Confi uration Management Plan Revision: 1 Page: 1 9 of43 f Date: 1 12/18/2012 PA Project Administrator PE Project Engineer PI Project Instruction PM Project Manager PMP Project Management Plan PMRB Project Material Review Board PPS Process Protection System PQAE Project Quality Assurance Engineer PQP Project Quality Plan PPM Project Procedures Manual PT2 filename extension of the TriStation 1131 Application Program PTM Project Traceability Matrix QA Quality Assurance QPM Quality Procedures Manual SCM Software Configuration Management SCMP Software Configuration Management Plan SDC Software Development Checklist SDD Software Design Description SDP Software Development Plan SIDR System Integration Deficiency Report SQAP Software Quality Assurance Plan SRS Software Requirements Specification SVVP Software Verification and Validation Plan TRL Technical Requirements List TSAP TriStation Application Program 1.5 Developmental References The following references are used within this plan:

1.5.1. 10 CFR Part 50 Appendix B, "Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants" 1.5.2. ASME NQA-I-1994, Subpart 2.7 (NQA-la-1995 addendum), "Quality Assurance Requirements for Computer Software for Nuclear Facility Applications" 1.5.3. IEC 61131-3, "Programmable Controllers: Part 3 Programming Languages" 1.5.4. IEEE Std.828-1998, "IEEE Standard for Software Configuration Management Plans."

1.5.5. IEEE Std. 1012-1998, "IEEE Standard for Software Verification and Validation."

1.5.6. IEEE Std. 1042-1987, "IEEE Guide to Software Configuration Management" 1.5.7. Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants", September 1997

i n v e. n s,.ý ~ s. 0 T& in V e. n s.'. 5 Operations Management Triconex

-Document:[ 993754-1-909

Title:

Software Configuration Management Plan Revision: I Page: 10 of 43 1 Date: 1 12/18/2012 1.5.8. Invensys Operations Management Quality Procedures Manual 1.5.9. Invensys Operations Management Project Procedures Manual (PPM) 1.5.10. Invensys Operations Management Document 9600380-001, "Nuclear Delivery Programming Guide" 1.5.11. Invensys Operations Management Document 993754-1-905, "Project Management Plan" 1.5.12. Invensys Operations Management Document 993754-1-808, "Technical Requirements List" 1.5.13. Invensys Operations Management Document 993754-1-801, "Software Quality Assurance Plan" 1.5.14. Invensys Operations Management Document 993754-1-900, "Project Quality Plan" 1.5.15. Invensys Operations Management Document 993754-1-802, "Software Verification and Validation Plan" 1.5.16. Invensys Operations Management Document 993754-1-803, "Master Configuration List" 1.5.17. Invensys Operations Management Document 993754-1-907, "Software Development Plan Coding Guidelines" 1.5.18. Invensys Operations Management Document 993754-1-059, "Project Schedule" 1.5.19. Invensys Operations Management Project Instruction 1.0, Application Project Administrative Controls for the PPS Replacement Project 1.5.20. Invensys Operations Management Project Instruction 7.0, Application Program Development for the PPS Replacement Project

n v'e. noTs".

  • s- i n V'e. n. s'.ý: s-Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 11 of 43 1 Date: 12/18/2012 2 Software Configuration Management 2.1 Organization The developer of the TSAP has full responsibility of Software Configuration Management (SCM). The developer works under the Nuclear Delivery group, which is managerially and financially separate from the Nuclear Independent Verification and Validation (IV&V) and Nuclear Quality Assurance (QA) groups.

A Project Engineer (PE), also working under the Nuclear Delivery group, has the responsibility of peer review of the TSAP and associated documentation once the development is complete.

Upon customer review of the TSAP, the PE shall obtain customer approval that the TSAP was developed in accordance with the Project Quality Plan (PQP) [Ref. 1.5.14]. The Project Organizational chart is detailed in the PMP [Ref. 1.5.11]. I This SCMP also applies to the Nuclear IV&V and Nuclear QA groups. The Nuclear IV&V group is independently performing verification testing to insure that the program was developed correctly. While Nuclear QA is not part of the TSAP Review cycle, they are performing quality checks to verify that the Software Requirements Specification (SRS) and Software Design Description (SDD) requirements match the code as implemented in the TSAP.

The customer may also take part in the review process. The customer review is in parallel with the Nuclear IV&V review, subsequent to the TSAP Peer review.

At the end of the review cycle, the Nuclear IV&V Manager reviews and signs off on the Final Nuclear IV&V Report.

2.2 SCM Responsibilities 2.2.1 Customer The customer, Pacific Gas and Electric, is intending to purchase four V10 Tricon systems with the intention of replacing the existing digital Westinghouse Eagle 21 PPS of the DCPP. The customer is working with and has oversight of the entire Invensys Operations Management project from Acquisition Phase to Delivery. The customer operates through procedures separate from those of Invensys Operations Management. The only operation that must occur in parallel with Invensys Operations Management is the document review process. The customer is responsible for:

" Establishing and relaying requirements through specification documents

  • Reviewing comment feedback of supplier produced documents
  • Accepting the system upon project completion
  • Updating Invensys Operations Management with requests for changes in project scope

n v'e. n s..y s- in V e. n s'. s" to n MTM Operations Management Triconex I Document: 1993754-1-909 1

Title:

I Software Configration Management Plan Revision: I Page: 1 12 of 43 1 Date: 1 12/18/2012 2.2.2 Project Manager The Project Manager (PM) is the change approval total authority for Configuration Items (Cis).

The PM oversees the project throughout the entire lifecycle by making decisions affecting overall project coordination. The Project Manager shall act in accordance with the PPMs, and I project-specific Project Instructions (PIs), specifically PI 1.0 [Ref. 1.5.21 ].

IL 2.2.3 Project Engineer The Project Engineer (PE) reports to the PM throughout the entire lifecycle of the project. The PE shall act in accordance with the PPMs and project-specific Project Instructions. EL I

i n v e. n s'.9 s" TM i n V e. n s'.! s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 13 of 43 1 Date: 1 12/18/2012 2.2.4 Application Engineer The AE reports to the PM and PE throughout the entire lifecycle of the project. The AE shall act i in accordance with the PPMs and project-specific Project Instructions.

ED 2.2.5 Nuclear IV&V Engineer The Nuclear IV&V Engineer reports to the Nuclear IV&V Manager throughout the entire lifecycle of the project. The Nuclear IV&V group has organizational freedom to ensure that Nuclear IV&V activities are managerially, technically, and financially independent of the development organization. The Nuclear IV&V Engineer shall act in accordance with the PPMs and project-specific PIs.

U I

i n v e. n s*.ýs a TM i n V e. n s'.! s' Operations Management Triconex I Document: 1993754-1-909 1

Title:

I Software Confi.ation Management Plan Revision: 1 Page: 14 of 43 1 Date: 1 12/18/2012 2.2.6 Project Nuclear QA Engineer The Nuclear Project QA Engineer (PQAE) reports to the Nuclear Project QA Manager for the full life cycle of the project. The PQAE shall act in accordance with the Quality Procedure Manual (QPM) [Ref. 1.5.8], the PPMs [Ref 1.5.9] and Pls. Some of the major functions and responsibilities of the PQAE are listed below. The detailed functions and responsibilities of the PQAE are described in each applicable PQP.

'E 4

I 2.2.7 Project Administrator The Project Administrator (PA) does not directly report to any manager, but assists document control for all projects. The PA is available throughout the entire lifecycle of the project.

I I

i n v'e. n0 s TM

".js i n] V'e. n. s'.t. s" Operations Management Triconex Document: I993754-1-909 ITitle: I Software Configuration Management Plan Revision: 1 Page: 15 of 43 Date: 12/18/2012 2.2.8 The Configuration Control Board The purpose of the CCB is to maintain and administer software configuration management for the TSAP. The CCB has authority over all configuration items identified on the project, and is guided through configuration management by PI 7.0. The PM chairs the CCB. The PM, PE, Nuclear IV&V, and PQAE are permanent members of the CCB.

The CCB meets on a regularly scheduled basis throughout the life of the project. Should an issue surface that requires deliberation of the CCB prior to the next regularly scheduled meeting, the PM calls for the members to meet. Minutes of meetings are kept as project records and serve to provide evidence of decisions that were made, when those decisions need to be carried out, and who follows up.

2.3 Applicable Policies, Directives, and Procedures The Invensys Operations Management PI number 7.0, sections 4.4 - 4.9 specify the SCM procedures for development, control, review, change, and release of the TSAP.

The PPS Replacement Project Coding Guidelines (993754-1-907) recommends good practice for configuring the TSAP file, setting multi-user password protection, and version tracking of program items in the TSAP.

i n S°v e. n s"jsi TMi n. V'e. n. s'.t s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 16 of 43 I Date: 1 12/18/2012 3 SCM Activities These activities apply to the complete set of CIs:

  • Configuration Identification
  • Configuration Control
  • Status Accounting

" Configuration Audits and Review 3.1 Configuration Identification Important functional elements of a Project are automatically assigned a version number by the TriStation 1131 Software. These version numbers are the basis for tracking progress during the Project development, and are a major contributor to the SCM process. More importantly, version numbers are used for maintaining traceability and configuration of Project elements.

Project elements which are tracked by this method include the Project Version Number (which is incremented during each controller download), Program Version Number, and implementation identifier. Additionally, Audit Trail comments are generated for each change in the TSAP.

Tri Station "User Documents" and "Library Documents" reports are generated at the conclusion of the development/change process. These reports are required to be manually refreshed by right-clicking the Reports folder and selecting "Update Reports Database". These reports, which identify the version of many CIs associated within the TSAP, are attached to the SDC.

3.1.1 Identifying Configuration Items The following Configuration Items are scheduled to be delivered to the customer at the conclusion of the development lifecycle. These documents/programs are maintained under Configuration Control and a MCL provides a list of all Cls.

3.1.1.1 Customer SuppliedDesign Input Documentation

i n v e. n S,TM inlV'e. rl. s- 5 Operations Management Triconex Document: 993754-1-909

Title:

I Sofware Configation Management Plan Revision: I Page: 17 of 43 I Date: 1 12/18/2012 wq 3.1.1.2 Design Output Documentation The project team creates two (2) classes of design output documents:

" Hardware and software drawings

  • Technical documents Each document shall have its unique number and revision level and issue date indicated.

w*

i n v e*. n s*.y S" TM i n V e..n 5.9i s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 1 18 of 43 1 Date: 1 12/18/2012 Iel I

i nv'2. n s'.Y s" OM i n v e. s s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: I 1 Page: 119 of43 1 Date: 1 12/18/2012 I

i n y e. n s*gs Y i nV e.n s-.nE i Operations Management Triconex I Document: 1993754-1-909 1

Title:

I Software Confiration Management Plan Revision: 1 Page: 20 of 43 Date: 1 12/18/2012 w

3.1.1.3 Nuclear IV& V Documentation The Nuclear IV&V organization produces such CI documents as:

" Test Plans

" Test Specifications

" Test Procedures

" Test Reports Approval criteria for baseline candidates are:

" All signature blocks are signed.

" It is accompanied by a closed DRCS from the Independent Reviewer.

I

i n v e. n s*..J S.TPA inV e. n s'. s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Sofitware Configuration Management Plan Revision: 1 Page: 21 of 43 1 Date: 1 12/18/2012 IPI I

3.1.1.4 TSAP Project File The TSAP project file is a ".pt2" file created by TriStation 1131 Developer's Workbench software. The main programming language is function block diagrams. Important functional elements of a TSAP are automatically assigned a version number by TriStation 113 1. These version numbers are the basis for tracking progress during the TSAP development, and are a major contributor to the SCM process. These version numbers are used for maintaining traceability and configuration control of TSAP elements.

An additional feature of the TriStation software is that a permanent journal of all configuration edits is automatically maintained internally, including date/time stamp and identification of the IP individual making the change.

I

i n0env'e. MTM n s'.y s" i nVe.n s'.* s" Operations Management Triconex F Document:

Revision:

1993754-1-909 1

1 il:

Page:

I Software 22 of 43 Confi =*ation Management Plan Date: 12/18/2012 EL

i n v'e. n s'.y s" inv'e. ns 5" Operations MTM Management Oen Triconex I Document: 1993754-1-909 1

Title:

I Software Confiration Management Plan Revision: 1 Page: 23 of 43 1 Date: 1 12/18/2012 IEl

n v*e. n s'.y s-o *TM if 'Ve. n s ' s*".y Operations Management Triconex Document: 1993754-1-909

Title:

I Software Configuration Management Plan Revision: 1 Page: 24 of 43 Date: 1 12/18/2012 IL I

i n v'e. n0 sv.en s M

  • n.Ve. n s'.ý: s" Operations Management Triconex Document: I993754-1-909 ITitle: I Software Configuration Management Plan Revision: I Page: 25 of 43 Date: 12/18/2012 3.1.1.5 Vendor Supplied Documentation Material and documents are received and inspected in accordance with QPM 10.2 [Ref. 1.5.8]

and PPM 5.0 [Ref. 1.5.9]. Vendor documents are controlled in accordance with PPM 2.0.

Invensys Operations Management makes no changes to vendor supplieddocumentation.

The PE makes recommendations to the CCB on baseline attributes for vendor supplied documentation baseline candidates.

3.1.1.6 Vendor Supplied Software Invensys Operations Management does not expect to use third party development software from vendors or subcontractors for the DCPP PPS Upgrade Project.

Should the use of vendor/subcontractor software be later deemed necessary, the following protocols are followed. No vendor supplied software is edited by the project team. The software version is recorded upon receipt and should not change. Therefore neither configuration change procedures nor baselining apply. Invensys Operations Management makes no changes to vendor supplied software.

3.1.1.7 Invensys OperationsManagementManufacturedSoftware 3.1.1.7.1 TriStation 1131 Developer's Workbench The TriStation 1131 Developer's Workbench is the application which interfaces with the design engineer to allow the creation of the TSAP. The TriStation 1131 follows the guidelines of EEC 113 1. The version and build of the TriStation 1131 platform are recorded in the MCL and SDC.

The version is checked by Nuclear IV&V as part of verification testing and later validation testing. TriStation 1131 is considered an implementation tool versus a design tool and therefore is not baselined. Configuration management of software developed by Invensys Operations Management is handled per PI 7.0.

3.1.2 Naming Configuration Items The Invensys Operations Management PPMs specify a numbering scheme for project drawings and documents. PPM 3.0 provides a table listing the drawing designator numbers for corresponding drawing descriptions. PPM 4.0 provides a table listing the document designator number for corresponding document descriptions.

Design documents are processed for review utilizing the alpha/numeric revision numbering convention. Preliminary (draft) documents are assigned Revision A, i.e., for review and

i n v'e. n s*.y s"nve

  • °TM n ve.

V n s'.t.* s" Operations Management Triconex Documient: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 26 of 43 1 Date: 1 12/18/2012 comment. The PE determines required reviews of preliminary design documents by selecting the appropriate reviewers on the DRR form (e.g. the PE may choose to submit Revision A of a document for Independent Review only; Revision B of the document may be submitted to other internal organizations, Revision C may be submitted to the customer for review). All required reviewers review the final alpha revision prior to issuing as Revision 0.

3.1.3 Acquiring Configuration Items Project records and a printout of all applicable data are assembled and filed to support auditing.

These records are consolidated into the system integration document package and filed per PPM 4.0 and PI 7.0. Records are reviewed prior to filing to assure that they are appropriate and acceptable. The author of the document forwards the approved document to the Project Administrator for further processing.

Project hardcopy documents and records are retained and filed in the system integration document package and are stored in dual remote storage locations to preclude loss caused by natural disasters. ie I

i n v e. n s*.js* i n v'e. n s'.y s, Operations Management Triconex I Document: 993754-1-909

Title:

Sofware Confi° ation Management Plan Revision: I Page: 27 of 43 1 Date: 1 12/18/2012 EL I

n v'e. n s-.9 s in v e ns' . s*

Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 28 of 43 Date: 12/18/20o12 3.2 Configuration Control At this point the preliminary TSAP design is ready for peer review. The PE obtains a DRR number from the PA and initiates the DRR (PPM Form 3-I)to document the required reviews via DRCS by the PE or designee, as well as designated Project Team members After Project team review, the TSAP is released to a project independent reviewer (IRE/Nuclear IV&V), and QA. As the TSAP is now subject to configuration control, the TSAP developer shall initiate a SDC in accordance with PI 7.0. and release the TSAP under Revision Number zero (0).

Any modification to the TSAP at this point is documented via the SDC/SIDR Process.

As customer review is required, their review is also be documented on the DRR. At this point the TSAP is formally transmitted (PPM 4.0, Paragraph 4.3.4) to the customer for their review and comment.

Upon completion of the Project review process, PI 7.0 Paragraph 4.4.3, the TSAP is considered filly functional and ready for verification. This point in the process is considered the baseline of the TSAP and released as Revision 1. The developer or the PE creates a Master Disk, on a read-only CD-R, containing Revision 1 of the TSAP. The SDC is submitted to the IRE/Nuclear IV&V group.

3.2.1.1 Changes- CustomerDeviation / Exception Request (CD/ER)

Customer Deviation/ Exception Requests (CD/ERs) request changes to customer design input specifications. If, after the issuance of a conformed specification in accordance with the requirements of PI 1.0, any customer requirement cannot be met, the PM requests a deviation or exception to that requirement and provides a reason why the requirement cannot be met. The CD/ER or the customer contract deviation form is transmitted to the customer for review and acceptance. Urgency of the change is stated by the requester or judged by the customer on a case-by-case basis. There are no formal means of documenting change urgency.

n v'e. n s'.9 s TM i nv'e.n s'. *1 s" Operations Management Triconex Document: 993754-1-909

Title:

S oftware Configuration Management Plan Revision: 1 Page: 29 of 43 1 Date: 1 12/18/20 12 EL I

n v'e. n s'.ýi s- in V e. n s*

Operations Management Triconex I Document: 1993754-1-909 Revision: I I 1

I

Title:

Page:

I I

Software Configuration Management Plan 30 of 43 1 Date: 1 12/18/2012 I

IL I

I

i - v" e. In s*A.Jys. TM inV'e. ns'._ s" Operations Management Triconex I Dument: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: I Page: 31 of 43 1 Date: 1 12/18/2012 I LEJ 3.2.1.3 Changes- Anomaly Resolution Any project-related item that does not meet specified requirements is considered to be nonconforming and requires disposition of the nonconforming item, evaluation to identify the cause, and to determine appropriate corrective action. The term "item" includes materials, parts, components and, for the purposes of this procedure, software.

When an item is identified as nonconforming, the nonconforming condition is documented on an SIDR (PPM Form 10-1). The initiator of the SIDR uses the next consecutive number from the SIDR Log and record the applicable information on the SIDR Log. The PA maintains the SIDR Log (PPM Form 10-1 a), in NIRecords. The PE evaluates and dispositions all reported nonconforming conditions. The PE completes the SIDR to document the disposition and all related actions.

Urgency of the change is stated by the requester or judged by the PM on a case-by-case basis.

There are no formal means of documenting change urgency. However, any impact that the SIDR has on testing increases the urgency of resolution. II]

i n v e. n S'..yjs* TM i v'e.n s'.H s" Operations Management Triconex Document: 993754-1-9091

Title:

Software Confi 9a=ion Management Plan ED Revision: 1 Page: 32 of 43 Date: 12/18/2012 3.2.2 Evaluating Changes Any changes to the final approved design documents are reviewed and approved in the same manner as the original design, PPM 2.0 Section 4.4.10. This provides assurance that design analyses for the system are still valid. If a significant design change is necessary because of an incorrect design, the design control measures described in this procedure are evaluated and modified as necessary. All design changes are reviewed and evaluated to assure that the impact of the change or cumulative effect of multiple changes is carefully considered (i.e., performance, interchangeability, test, and equipment qualification). The evaluations are documented.

Design review comments and change requests are documented on a DRCS. The PE reviews all comments provided by the reviewers to determine if they are technically correct, workable and if they should be incorporated into the design. The PE resolves all review comments and documents their resolutions. All review comments and their resolutions are attached to the I associated DRR.

ED

i n v e. n s'.y s" 0 TM in v'e. ns'.i s" Operations Management Triconex Document: 1

Title:

a993754-1-909 I Software Configuration Management Plan Revision: I Page: 33 of 43 / Date: 1 12/18/2012 wI 3.2.3 Approval or Rejection of Changes All changes requested from the customer are dispositioned by the CCB. The CCB dispositions a change as approved, approved with comments, or rejected. A disposition other than approved for external changes typically causes the CCB to negotiate with the customer to modify the scope change to one that is mutually acceptable. CCB approved responses to external changes (changes generated by PG&E) are transmitted to the customer via the contract acceptance process per PI 1.0. Implementation of the change commences per the agreed upon schedule.

Changes stemming from SIDRs are dispositioned by the Project Material Review Board (PMRB). The PMRB consists of the PM and the PQAE. The PMRB: I

1) Reviews and approves the disposition of all nonconforming conditions, including related actions provided by the PE.
2) Where appropriate, authorizes work to continue under a Conditional Release.
3) Analyzes all nonconforming conditions for repeat occurrences in accordance with QPM 14.0.

When the disposition and all related actions are determined to be appropriate and complete, the PMRB approves the SIDR for implementation. For dispositions that result in deviations from customer requirements, i.e., repair and use-as-is dispositions, documented customer approval is obtained in accordance with PPM 4.0.

i n-y e. n ST TU invNe. ns-.! s" Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 34of43 Date: 12/18/2012 3.2.4 Implementing Changes Changes are implemented using the same process as for the CO's original design. The initiating document(s) is revised using the same practices as in their creation. The review and verification activities performed on the original document is also be used on the change. Those reviews, however, may be limited to the change itself, and to any portion of the design that is affected by the change per a decision from regression analysis. The revised documents and document review forms constitute documentation of the change. Changes initiated by PG&E are documented by the appropriate revision to the Design Input documents, and the Design Input List is updated. No special activities exist for release planning and control outside of normal I change control procedures specified in this section.

3.3 Configuration Status Accounting The following PPMs are followed for:

0 What data elements are to be tracked and reported for baselines and changes - PPM 3.4

i nve. n s*.,y. S.T#A in Ve.n s'.* s" Operations Management Triconex F Document: 1993754-1-909 1

Title:

I Software Confimuaion Management Plan Revision: 1 Page: 35 of 43 1 Date: 1 12/18/2012

  • What types of status accounting reports are to be generated and their frequency - PPM 7.02 and 7.03
  • How information is to be collected, stored, processed, and reported - PPM 4.0
  • How access to the status data is to be controlled - PPM 3.0 The status of requested changes and implementation of changes are accounted by the form by which the change was initiated and logged respectively..

3.4 Configuration Audits and Reviews

i n ve. 0 n s*. ~I&

s i n V e. n s'. Y s" Operations Management Triconex I -Document: 1993754-1-909 1

Title:

I Software Configuration Management Plan Revision: I Page: 36 of 43 1 Date: 1 12/18/2012 3.4.1 Configuration Audits Configuration Audits are required for all CIs prior to release per IEEE Std. 828-1998. Section 6 "Reviews and Audits" of the SQAP [Ref. 1.5.13] detail the different types of audits to be I performed.

1) Audits of document CIs meet the auditing requirements of IEEE Std. 828-1998 as follows:

o Quality control of project documents is detailed in QPM 5.1.

o Verification reviews of the physical and functional characteristics of some software documents required by IEEE Std. 828-1998 are performed during the Nuclear IV&V process outlined in the SVVP.

o The DRR process is another audit to check that the CI reflects the required physical and functional characteristics. Each reviewer is knowledgeable enough to understand and flag any characteristics that do not comply with the expected results.

2) Audits of software CIs meet the auditing requirements of IEEE Std. 828-1998 by both verification and validation of the Nuclear IV&V group per PI 7.0. The plan for these types of audits is detailed in the SVVP.

Audits as performed by Nuclear QA are described in the SQAP. I w

3.4.2 Configuration Reviews The PE ensures configuration reviews are performed at the completion of each phase, after all phase required documents have been baselined. The Configuration Review is performed by the PQAE as part of the Quality Assurance Surveillance performed in accordance with QPM 17.2, Surveillances [Ref. 1.5.9]. I

i n v'e. n s'.> s"OM inve, s.u s" Operations Management Triconex

-Document: 1

Title:

I a993754-1-909 Software Configuration Management Plan Revision: 1 Page: 1 37 of 43 1 Date: 1 12/18/2012 we 3.5 Interface Control Design interfaces are established during the design development and design review and approval process. Design interfaces are specified and controlled in the SRS and HRS. PTM updates I ensure that any changes to customer supplied documents regarding interfacing requirements flows down to each of these documents respective of its system use.

Interfaces by affected organizations are detailed within Section 6, "Technical Process Plan," of the PMP. Invensys Operations Management is the Manufacturing organization responsible for standard hardware, embedded software, operating system software and V10 Tricon configuration tools.

3.6 SubcontractorNendor Control Invensys Operations Management does not expect to use third party software from vendors or subcontractors for development of the DCPP PPS Upgrade Project.

Should the use of vendor/subcontractor software be later deemed necessary, the project team purchases services, documentation, and hardware in accordance with PPM 5.0. Any changes to such items such as control of vendor-supplied documentation are performed per Subsection 3.1.1.5 of this plan. Procurement of nuclear safety-related software is not expected from I vendors; therefore the SCMP does not provide a process for this activity. Control of procured I commercial grade software is per Subsection 3.1.1.6 Subcontractor evaluation and audits are performed following the guidelines of PPM 5.01.

i n y e. n .s ifnV'e. ns'5 s" Operations Management Triconex E Document: 1 993754-1-909 1

Title:

I Software Configuration Management Plan Revision: 1 Page: 38 of 43 1 Date: 1 12/18/2012 4 SCM Schedules Per PI 1.0, the PE provides the draft Project Schedule to the PM, customer, PQAE, Nuclear IV&V Staff, and other Project participants for review during the planning phase. A copy of the draft schedule should also be provided to Finance in order to establish any milestone billing dates for the Project. The Project Schedule is updated by the PE, as necessary.

The sequence and dependencies among all SCM activities and the relationship of key SCM activities to project milestones or events is shown in the diagram of Appendix 2 in PI 1.0.

4.1 Software File Lifecyde CM of the TSAP starts once the TSAP is baselined and released to Nuclear 1V&V for software verification testing. As previously mentioned, this occurs at the end of the Implementation Phase after a project group peer review is completed. An SDC is initiated for and a Master Disk is created containing the project-internally reviewed version of the TSAP. Once the application is placed under configuration control, any code revision requires that a new SDC be submitted to the Nuclear IV&V group. Each new revision of the application program shall be placed on a new Master Disk, stored in the project folder and placed on the NI Records network drive by the I Project Administrator. A customer review occurs when the TSAP is revised and ready for issue.

i n y e. ns*qs* in V e. n' s".Y s*

Operations Management Triconex Document: 1993754-1-909 1

Title:

I Software Confi4uration Management Plan Revision: 1 Page: 1 39 of 43 1 Date: 1 12/18/2012 Iel

I i n v'e. n s'.- s" IM i nve.n s'.t s" Operations Management Triconex Document: 1993754-1-909 1

Title:

S oftware Confi4uration Management Plan Revision: _I I I Page: 40 of 43 1 Date: 1 12/18/2012 EL

i n v'e. n 0

  • s" TM i nV es " s

. e." n s. .ý= '

Operations Management Triconex Document: 1993754-1-909 1

Title:

I 9=ion Management Plan Software Confi4 Revision: 1 Page: 1 41 of 43 1 Date: 1 12/18/2012 5 SCM Resources The CCB is responsible for configuration control. The Project Administrator is assigned to maintain records of the configuration items per this plan. Project training, including Configuration Management training, is per the PMP [Ref. 1.5.14].

The resources required for each SCM activity are specified in the plan respective of the group performing the activity. Nuclear IV&V activities and respective resources are specified in the SVVP, Nuclear QA activities and respective resources are specified in the SQAP, and Nuclear Delivery activities and respective resources are specified in the PMP.

TriStation 1131 - Software for Invensys Operations Management product applications is developed using established TriStation 1131 software expressly designed for this purpose, which is itself a fully validated software product, approved and independently certified for use in developing safety-critical control programs. A key SCM feature in TriStation 1131 is the ability to record changes to CIs and generate reports detailing such changes. Another attribute supportive of SCM is the ability to control user access to CI through the use of varying security level logins.

Software Developer - The software developer develops the application program using the TriStation 1131 software in accordance with the TriStation Developer's Guide. Program databases reflecting the specific system configuration, plant-specific equipment tags and operating parameters are also developed by the software developer. The software developer incorporates all requirements of the SDD. During this development phase, the software developer establishes program elements, conducts in-progress testing and makes program changes, as necessary, to meet specified logic requirements. The software developer is also the main figure in controlling the TSAP for SCM purposes. All changes to the program are made and recorded by the developer or a specifically designated AE. It is the job of the developer to control the master copy of the TSAP and know who is in possession of it at all times.

Nuclear Delivery, Nuclear IV&V, and Nuclear QA Staff- Refer to Section 2.2 and the diagram in Appendix 2 of PI 1.0 for detailed SCM related responsibilities of the staff resources.

Software Development Checklist -The steps to process the SDC are based on PPM 7.0. The SDC tracks all changes to the baselined TSAP. The application program's initial configuration is established and all subsequent revisions to the application program are documented and controlled by the SDC. Each revision of the application program is made to the latest SDC controlled version of the code. Steps for completion of the SDC are listed in PI 7.0.

Master Configuration List - The MCL is a key element in maintaining Project configuration control and, therefore, only documents listed on the MCL are used for the conduct of Project

  • Clh i n v e. n S*

T&M i n Ve. n s". . s' Operations Management Triconex Document: 1993754-1-909

Title:

Software Configuration Management Plan Revision: 1 Page: 42 of 43 Date: 1 12/18/2012 activities. Such documents relating to SCM include the SRS, SDD, TSAP file, TriStation 1131 generated User Document Reports, and the SDC. The MCL identifies the current revision of all Project documents. The MCL is also a key element in documenting system configuration. The PE uses the MCL to document system configuration not represented by Project developed documents, e.g., TRICON board serial numbers.

i n v'e. n s".- se i n V 'e. n s. '.ý=s "

0 ,,,

Operations Management Triconex Document: 1993754-1-909 I

Title:

I Software Configuration Management Plan i Revision: I Page: 43 of 43 1 Date: 1 12/18/2012 6 SCM Plan Maintenance Maintenance of the SCMP is a continual process. The plan must be fluid to change by necessity of project requirements, while holding steadfast to the basic structure of components that uphold the integrity of the document so as to continue ideal software configuration management. The PE and AE are responsible for monitoring and reviewing the efficiency of the plan. The reviews occur during the Project Phase Exit Reviews, starting with the Design Phase Exit Review and continuing through to the Test Phase Exit Review. Any suggested changes are approved by the PE and required to pass a review of the Nuclear IV&V and Nuclear QA personnel. This Plan is a requirement in the Specification and is a deliverable document. Changes to this plan constitute a revision and are affected by the previously explained document review process applied to CIs.