IR 05000269/2011011

From kanterella
Jump to navigation Jump to search
IR 05000269-11-011, on 1/30/2011 - 08/01/2011; Oconee Nuclear Station, Unit 1; Digital Instrumentation and Control Modification Inspection
ML12069A088
Person / Time
Site: Oconee Duke Energy icon.png
Issue date: 03/09/2012
From: Nease R L
NRC/RGN-II/DRS/EB1
To: Gillespie T P
Duke Energy Carolinas
Linda Gruhler 404-997-4614
References
IR-11-011
Download: ML12069A088 (31)


Text

March 9, 2012

Mr. T. Preston Gillespie, Jr. Site Vice President Duke Energy Carolinas, LLC Oconee Nuclear Station 7800 Rochester Highway Seneca, SC 29672

SUBJECT: OCONEE NUCLEAR STATION UNIT 1 - REACTOR PROTECTIVE SYSTEM /ENGINEERED SAFEGUARDS PROTECTIVE SYSTEM (RPS/ESPS) DIGITAL MODIFICATION - NRC INSPECTION REPORT 05000269/2011011

Dear Mr. Gillespie:

On December 21, 2011, U. S. Nuclear Regulatory Commission (NRC) completed an inspection at your Oconee Nuclear Station, Unit 1 reactor facility. The enclosed inspection report documents the inspection results, which were discussed with you and other members of your staff on January 25, 2012. The inspection was performed in accordance with Inspection Procedure 52003, "Digital Instrumentation and Control Modification Inspection," and also focused on the list of recommended "Site Inspection Follow-Up Items" outlined in the RPS/ESPS Safety Evaluation dated January 28, 2010, (ADAMS Accession Number ML100220016). The inspection examined activities conducted under your license as they relate to safety and compliance with the Commission's rules and regulations, and with the conditions of your license. The team reviewed selected procedures and records, observed activities, and interviewed personnel. No findings were identified during this inspection. In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter, its enclosures, and your response (if any) will be available electronically for public inspection in the

DEC 2 NRC Public Document Room or from the Publicly Available Records (PARS) component ofthe NRC's document system (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

Sincerely,/RA/ Rebecca L. Nease, Chief Engineering Branch 1 Division of Reactor Safety Docket No. 50-269 License No. DPR-38

Enclosure:

Inspection Report 05000269/2011011,

w/Attachment:

Supplemental Information cc w/encl: (See page 3)

2 DEC NRC Public Document Room or from the Publicly Available Records (PARS) component of the NRC's document system (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

Sincerely,/RA/ Rebecca L. Nease, Chief Engineering Branch 1 Division of Reactor Safety Docket No. 50-269 License No. DPR-38

Enclosure:

Inspection Report 05000269/2011011,

w/Attachment:

Supplemental Information cc w/encl: (See page 3) Distribution w/encl: J. Bartley, RII, DRP C. Rapp, RII, DRP A, Sabishch, RII, SRI RIDSNRRDIRS PUBLIC RidsNrrPMOconee Resource X PUBLICLY AVAILABLE G NON-PUBLICLY AVAILABLE G SENSITIVE X NON-SENSITIVE ADAMS: X Yes ACCESSION NUMBER:_ML 12069A088_______ X SUNSI REVIEW COMPLETE X FORM 665 ATTACHED OFFICE RII:DRS RII:DRS RII:DRS RII:CCI RII:CCI RII:CCI RII:CCI NRR SIGNATURE /RA via email/ /RA/ /RA via email//RA via email//RA via email//RA via email/ /RA via email//RA via email/NAME S. Walker R. Nease R. Fanner T. Fanelli N. Karlovich J. Kent L. Dumont R. Stattel DATE 1/ 19 /2012 3/ 6 /2012 1/ 18 /2012 1/ 23 /2012 1/ 19 /2012 1/ 20 /2012 1/ 19 /2012 3/ 8 /2012 E-MAIL COPY YES NO YES NO YES NO YES NO YES NO YES NO YES NO YES NO OFFICIAL RECORD COPY DOCUMENT NAME: S:\DRS\DIGITAL IC\OCONEE MODIFICATION\OCONEE RPS-ES_2011011_FINAL.DOCX 3 DEC cc w/encl: Division of Radiological Health TN Dept. of Environment & Conservation 401 Church Street Nashville, TN 37243-1532 Charles J. Thomas Fleet Licensing Manager Duke Energy Carolinas, LLC Electronic Mail Distribution David A. Baxter Vice President, Nuclear Engineering General Office Duke Energy Carolinas, LLC Electronic Mail Distribution David A. Cummings Associate General Counsel Duke Energy Corporation Electronic Mail Distribution Judy E. Smith Licensing Administrator Oconee Nuclear Station Duke Energy Carolinas, LLC Electronic Mail Distribution Kent Alter Regulatory Compliance Manager Oconee Nuclear Station Duke Energy Carolinas, LLC Electronic Mail Distribution Lara S. Nichols Vice President-Legal Duke Energy Corporation Electronic Mail Distribution Luellen B. Jones Fleet Licensing Engineer Duke Energy Carolinas, LLC Electronic Mail Distribution M. Christopher Nolan Fleet Safety Assurance Manager Duke Energy Carolinas, LLC Electronic Mail Distribution Sandra Threatt, Manager Nuclear Response and Emergency Environmental Surveillance Bureau of Land and Waste Management Department of Health and Environmental Control Electronic Mail Distribution Scott L. Batson Station Manager Oconee Nuclear Station Duke Energy Carolinas, LLC Electronic Mail Distribution Senior Resident Inspector U.S. Nuclear Regulatory Commission Oconee Nuclear Station U.S. Nuclear Regulatory Commission 7812B Rochester Hwy Seneca, SC 29672 Terry L. Patterson Safety Assurance Manager Duke Energy Carolinas, LLC Electronic Mail Distribution Charles Brinkman Director Washington Operations Westinghouse Electric Company, LLC Electronic Mail Distribution Tom D. Ray Engineering Manager Oconee Nuclear Station Duke Energy Carolinas, LLC Electronic Mail Distribution County Supervisor of Oconee County 415 S. Pine Street Walhalla, SC 29691-2145 W. Lee Cox, III Section Chief Radiation Protection Section N.C. Department of Environmental Commerce & Natural Resources Electronic Mail Distribution Enclosure U. S. NUCLEAR REGULATORY COMMISSION REGION II Docket Nos.: 50-269 License Nos.: DPR-38 Report Nos.: 05000269/2011011 Licensee: Duke Energy Carolinas, LLC

Facility: Oconee Nuclear Station, Unit 1 Location: 7821 Rochester Highway Seneca, SC 29672 Dates: March 15, 2011 - December 21, 2011 Inspectors: S. Walker, Senior Reactor Inspector, RII DRS (Lead) L. Dumont, Construction Inspector, RII CCI R. Fanner, Reactor Inspector, RII DRS T. Fanelli, Construction Inspector, RII CCI N. Karlovich, Construction Inspector, RII CCI J. Kent, Construction Inspector, RII CCI R. Stattel, Senior Technical Reviewer, NRR Approved by: Rebecca L. Nease, Chief Engineering Branch 1 Division of Reactor Safety

2

SUMMARY OF FINDINGS

IR 05000269/2011011; 1/30/2011 - 08/01/2011; Oconee Nuclear Station, Unit 1; Digital Instrumentation and Control Modification Inspection. This inspection was conducted by a team of six NRC inspectors from the Region II office, and one senior technical reviewer from the Office of Nuclear Reactor Regulation (NRR). No findings were identified. The NRC's program for overseeing the safe operation of commercial nuclear power reactors is described in NUREG-1649, "Reactor Oversight Process," (ROP) Revision 4, dated December 2006.

3

REPORT DETAILS

Background Information On January 31, 2008, Duke Energy Carolinas submitted a first-of-a-kind license amendment request to upgrade the Oconee Nuclear Station to a digital Reactor Protective System (RPS)and Engineered Safeguards Protective System (ESPS). The proposed amendment would allow replacement of the existing Bailey Meter Company analog, solid-state design, RPS/ESPS with a digital computer based TELEPERM XS (TXS) platform at Oconee Units 1, 2 and 3. The digital RPS/ESPS would provide signal processing, signal validation, and protection logic function for these systems.

NRR approved the license amendment request (LAR) and issued a safety evaluation report (SER) dated January 28, 2010, (ML100220016). NRR conducted an evaluation of the license amendment as part of the normal review process. This included a review of the design and capabilities of the modification. Regional inspectors were tasked with performing documentation and functionality reviews after the system left the vendor in accordance with Inspection Procedure 52003.

In addition, the SER discussed inspection activities (Section 3.14., Regional Activities) for the digital RPS/ESPS that would be addressed by the NRC regional office during site acceptance testing, installation, startup testing, and operation of the system. The inspection activities are intended to verify licensee activities that are not part of the licensing process, but are related to the safe operation of the digital RPS/ESPS system. The bases for these inspection activities are derived from Chapter 7 of the Standard Review Plan (SRP) and explained in detail throughout the SER. This inspection report documents review and assessment of the inspection activities for the RPS/ESPS installation on Oconee Unit 1.

OTHER ACTIVITIES

4OA5 Other Activities - Digital Instrumentation and Control Modification Inspection

.1 Design Review

.1.1 Full Scope Modification

a. Inspection Scope

The team reviewed all the documentation required to gain a working knowledge of the digital instrumentation and control (I&C) modification including, but not limited to: the staff's SER; any licensing commitment documents; manufacturer's literature on the hardware and software being installed; and applicable drawings and schematics. In addition, the team reviewed design specification attributes including design architecture, input consolidations, isolation and interface devices, affected indicators, and the credited function of the system to verify proper system requirements were met and/or maintained during installation.

The team also reviewed the process the licensee used to minimize the probability of incorrect translation of the system basis to hardware and software requirements to determine whether the licensee performed a comparison of the required system software configuration data to the software installed onto the delivered equipment, as stated in SER inspection follow-up item (IFI) #6.

b. Observations and Findings

No findings were identified. The team determined that given the complexity and large scale of the modification, the licensee adequately implemented the full scale design; however, the team did have some observations related to this area.

The inspectors observed during the review of calculation, ON-1607-32-05-02.ES, "Digital Device Risk Assessment," the licensee stated that the emergency response functions were not impacted by the modification. Specifically, throughout the document and per the equipment specified in Attachment 1 of the document, no indication of a loss of function was specified. This was not consistent with inspector-observed instances identified in several maintenance procedures. Specifically, the inspectors identified steps in procedures IP-1 A 0315-001A, IP 1 A 0315-001E, and IP 1 A 0315-003A that referenced loss of Emergency Response Data System (ERDS) data. The inspector identified these procedures as maintenance activities credited for the new system. Upon presentation of this information to the licensee by the inspectors, the licensee stated that this appeared to be a weakness in the modification screening process, yet specified that this did not reduce the capability for the ERDS information to be transmitted to the NRC. The licensee recognized that process improvements might be needed to ensure that impacts to the Operator Aid Computer (OAC) or other applications, which referenced the loss of ERDS points, were properly evaluated and screened during the 10 CFR 50.59 review process. The licensee entered this into their corrective action program (CAP) as PIP O-11-5874 to address this potential programmatic weakness. During a review of corrective action records (PIPs), the team observed that the licensee required a change to the fire protection barrier design in the base of the new RPS/ESPS TXS cabinets due to the variance in the base configuration of the cabinet. The original design specified that the cable penetrations underneath the cabinets would have one of the following fire barriers installed: (1) minimum 4-inch thick Foam DC3, or (2) two sheets of 1-inch Cera-Fiber board with caulking. The TXS cabinets had a raised base frame design with steel partitions providing free space in the bottom of the cabinets for panel to panel wiring and proper separation; however, the design did not accommodate the original fire barrier design. The licensee supplemented the steel partitions with Cerablanket fire barriers in the wire way to provide a barrier from potential flaming materials reaching the wire ways. This design was adequate; however, the license did not revise the design or document a thorough evaluation of the design change through the proper configuration control process until prompted by the inspection team. The licensee subsequently revised the design package to document the change in fire barrier design. Based on the observations discussed above, and other observations made during the inspection, the team noted that there is a potential for a modification of this complexity and scope to have an unrecognized or indirect impact on non-safety ancillary systems and programs; including, ERDS, the Integrated Control System (ICS), OAC, Safety Parameter Display System (SPDS), and fire protection program. For example, in addition to the aforementioned issues, the licensee identified a problem in PIP O-11-5827 where RCS wide range pressure indications were not as expected during calibrations for RPS/ESPS testing. This PIP also identified that due to the 499 ohm dropping resistors versus 500 ohm resistors used in the new RPS/ESPS cabinets (i.e., 0-20ma across a 499 ohm dropping resistor); analog signals from RPS/ESPS to ICS, OAC, and other indications were not 0 to 10VDC but were slightly lower. I&C Systems Engineering personnel performed a review to determine the effects of this on all instrument loops. This review concluded that while no design changes were necessary, some re-ranging of OAC points was needed. It was determined that a difference in the output signal from the RPS/ESPS (e.g., 0-9.98V vs. nominal 0-10V) had not been taken into account from a calibration perspective on the ICS side.

.1.2 Modification Schedule

a. Inspection Scope

The team reviewed the licensee's proposed schedule for implementation to verify the licensee properly evaluated any associated shutdown risk due to modification implementation and emergent changes to the schedule. The team reviewed the licensee's modification plan to verify whether the implementation would be done in conjunction with shutdown risk activities, such as a complete core offload or mid-loop operations. The team reviewed and assessed the emergent issues to evaluate the potential impact on the overall implementation and testing schedule.

b. Observations and Findings

No findings were identified. The team determined the licensee adequately scheduled installation, maintenance, and testing appropriate to the circumstances. As emergent issues arose, the licensee would prioritize issues utilizing safety and risk insights. Given this was a first-of-a-kind modification; many emergent issues caused schedule shifts and delays, but were effectively managed by the licensee.

.1.3 Human-System Interface Review

a. Inspection Scope

The team performed walkdowns of the control room and observed training sessions in the control room simulator to verify that any changes to the human-system interface design reflected state-of-the-art human factors principles including compatibility with the remainder of the control room or local control stations. The inspectors reviewed licensee-provided materials to gain a working knowledge of the digital RPS/ESPS modification and conducted interviews with licensee staff. The inspectors observed licensee staff performing simulated exercises in the Unit 1 simulator and observed classroom training of licensed operators. The inspectors walked-down applicable sections of the main control room, which had undergone changes related to the modification. The licensee provided to inspectors a Human Factor Evaluation (HFE) scoping document for review, which highlighted physical human-machine interface (HMI), and other anticipated changes based upon the modification. The inspectors reviewed elements of this document and validated samples of the contents by conducting walkdowns at the simulator facility and main control room to assess the HMI changes. The inspectors compared these changes with an operational unit not yet modified.

The inspectors reviewed procedures associated with these changes and conducted interviews of licensee staff responsible for making them. The inspectors walked-down various sections of the maintenance training facility to assess the HMI impacts for maintenance staff. This review by inspectors focused on the new interface Service Unit (SU) utilized by maintenance personnel as well as the new RPS/ESPS environment to assess the maintenance staff interaction with the new HMI features.

b. Observations and Findings

No findings were identified. There are two simulators at Oconee and they are both modeled after Unit 1. The simulator the team toured was outfitted with temporary panels reflecting the digital RPS/ESPS system. These panels were configured as stand-out panels that are overlaid on top of the old system controls and indicators. In this configuration, the simulator can be used for training on the units with the Bailey Meter Company RPS/ESPS, as well as those upgraded to the digital Teleperm RPS/ESPS systems. Once the modification is implemented on all three units, the simulator will be permanently modified with the new controls and indicators. The inspectors noted that the licensee had completed the modification specific HFE, but did not document the evaluation in the approved manner per procedure EM 4.17,

1. The team considered this to be a minor deviation from the licensee's process since the licensee actually did conduct the HFE, which included review of operator training in the simulator and plant and review of PIPs related to human factors issues. The licensee captured this issue in the CAP as PIP O-11-10126.

The inspectors observed training in the simulator, which involved a simulated loss of coolant accident scenario. The reactor coolant system pressure decreased below the safety system and the diverse system setpoints, and both systems actuated as designed. Following the actuation of safety injection (SI), however, the operator was unable to take manual control of the SI components as directed by the operations procedures. When an actuated component was taken to manual control, the system trouble alarm actuated and the component could not be controlled manually. In order to regain manual control over these components, the operator had to defeat the diverse system actuation signal by placing the associated diverse actuation system in either Bypass or in Override mode. To address this issue, the licensee revised the operations procedure to include a step to bypass the diverse actuation system prior to placing components in the manual mode of operation. Provisions were also implemented in the operating procedures to override the applicable diverse system if the bypass function does not remove the actuation signal.

The team expressed a concern that the new steps to defeat the diverse protection function may compromise the safety function in cases where the safety protection system fails to perform the actuation function. The team discussed whether the licensee had considered including some sort of verification step prior to defeating (i.e., bypassing or overriding), the diverse safety functions to ensure that the safety system was operable. The licensee informed the team that the action of defeating the diverse safety functions was governed by Technical Specifications (TS) and would not be performed without addressing the appropriate TS Action Statements, if necessary. This, in addition to operator training and knowledge, would ensure that the safety system is operable prior to taking actions.

.2 Documentation Verification

.2.1 As-Installed Modification Documentation

a. Inspection Scope

The team reviewed the applicable 10 CFR Part 21 "Notifications, Bulletins, Generic Letters, and Information Notices," to verify they had been correctly applied to the system. The team assessed the licensee and vendor interface during system installation and system testing to determine the effectiveness of the interaction, and the extent of vendor involvement. The team reviewed various vendor and licensee documentation to verify that relevant manufacturer recommendations had been correctly incorporated and tracked.

The team reviewed applicable design documentation; vendor data, conducted interviews, and performed walkdowns to verify that the in-plant environmental conditions were consistent with those stated in the SER, manufacturer recommendations, and applicable industry standards during the various phases of installation and startup. The team reviewed applicable design documentation, vendor data, conducted interviews, and performed walkdowns to assess whether cable shielding, grounding scheme, and cable routing schemes were consistent with those stated in the SER, manufacturer recommendations, and applicable industry standards under all conditions. The inspectors assessed applicable elements on a sampling basis identified in the inspection plan. The inspectors assessed the licensee staffs performing activities on the SU, the designated test machine. The activities conducted were directly related to supporting post-installation, maintenance, and start-up activities. These activities conducted were in a physically controlled environment within the power block. The inspectors assessed the licensee personnel ability to coordinate various activities with operations personnel. The inspectors assessed the operations staffs' ability to monitor maintenance activities and access to the various cabinets designated for the RPS/ES equipment. The inspectors reviewed calculation ON-1607.32-05-01.PPS, "Cyber Security Standards Adherence Document," Rev. 3, to verify programmatic elements were properly evaluated based upon the modification.

The inspectors observed, in the field, a sample of the wiring for TXS cabinets 1PPSCA0002 and 1PPSCA0009 to verify that they had been correctly wired, and were properly separated. For 1PPSCA002, the inspectors verified the wire associated with terminal block X011, terminals 1 and 2, and for 1PPSCA0009 the inspectors verified the wires for terminal block X012 terminal 17, and terminal block X011, terminal 5. The inspectors performed a final field walkdown after the panel wiring was complete. The walkdown assessed the wiring quality in the four channels of the RPS system and the five channels of the ESPS system. The team reviewed several design documents and conducted interviews with licensee to verify that cyber-security designs were incorporated in accordance with the SER, as stated in SER IFIs # 12, 19, and 31-40.

b. Observations and Findings

Cyber security: Appendix A of 10 CFR Part 50, "General Design Criterion (GDC) 21," requires, in part, that protection systems be designed for high functional reliability commensurate with the safety function to be performed. Defense against cyber security attacks must be considered to maintain high functional reliability. The guidance for cyber security threats is contained in RG 1.152, Revision 2, and sections 3.6.1 through 3.6.5 of the SER. These sections addressed the cyber security provisions included in the digital RPS/ESPS system design, up to and including testing of the system. Based upon the satisfactory regulatory findings associated with the criteria in Sections 2.1 through 2.5 of RG 1.152 (Revision 2), addressed in the aforementioned sections, the NRC staff concluded that the licensee complied with GDC 21 as it pertained to providing a system designed for high functional reliability against cyber attacks. The inspectors confirmed that the licensee performed a cyber security risk evaluation.

This risk evaluation screening was based upon procedures NSD 804, "Cyber Security for Digital Process Systems" and EDM 801, "Cyber Security Risk Evaluation," Rev. 2. The inspectors identified that the licensee committed to complete a cyber security incident response and recovery process prior to the installation of the digital RPS/ESPS system. The details related to this commitment were specified in section 3.6.8.3 of the SER. The inspectors reviewed the licensee procedure NSD 807, "Cyber Security Incident Response Plan," Rev. 3. The inspectors noted that section 807.1 of the document specified a section devoted to incident response and incident handling. This procedure, which was in use prior to the modification, specified in Section 807.2 that the licensee needed to have a comprehensive procedure with detailed, step-by-step instructions for handling every incident type. These commitments were specified to ensure the credited plans would address the identification, containment, eradication, and recovery related to cyber security events. Such a plan would require necessary staff to be aware of these various conditions and provide the necessary response. The incident response process would also need to cover contingencies for ensuring minimal disruption of critical services as specified in procedure NSD 807, Section 807.4.2.5. The inspectors confirmed the licensee implemented a cyber security incident response and recovery process prior to the installation of the digital RPS/ESPS system based upon Section 3.6.8.3 of the SER.

During the review of procedure NSD 804, "Cyber Security for Digital Process Systems," Rev. 1, section 804.4.3.4.4, the inspectors identified the licensee specified computer-based test equipment would be secured to the most stringent level required by any digital process system device, which it is potentially connected. This control invoked requirements for physical and logical control, as well as virus protection/scanning.

Configuration Management: The team reviewed applicable programmatic elements to ensure the licensee met commitments related to implementing configuration management. Specifically, the inspectors reviewed procedure NSD 106, "Configuration Management," Rev.4, Section 3.2.1.11, Software Configuration Management Plan, and the SER specified attributes necessary to meet this commitment.

Though no performance deficiency was identified, the inspectors observed a potential weakness with the licensee's process for independent verification of changes. Specifically, the licensee referenced procedure NSD 703, "Administrative Instructions for Technical Procedures," and PIP O-04-07846, CA #2, to meet this element and specify a major procedure change. In one example, a major change to a procedure was identified as being needed, yet an independent verification of the change appeared to not have been performed. Through interviews, it was determined that an independent review would occur, though it would not come until after the changes were in place. The team also reviewed calculation ODSS-0866.PPS.0001, "Digital System Specification," and determined that the requirements of procedure NSD-106, "Configuration Management,"

were implemented for the RPS and ESPS systems modification. The inspectors observed maintenance staff performing surveillance activities at the SU to support the modification installation. Prior to the surveillance, the inspectors reviewed the controlling procedures and noted that the maintenance procedures did not have the same level of specificity as an operation's procedure. This was highlighted as the inspectors noted on observed instances that maintenance staff would perform actions not specified by the procedure. When the inspectors questioned this process, it was explained that skill of the craft allowed them this flexibility. On another instance when this skill of the craft was demonstrated, the inspectors observed maintenance personnel unable to initiate a graphic service monitor (GSM) session. Without any procedure guidance or insights on what they should do, maintenance staff took a time-out and called the maintenance supervisor. Upon his arrival, the maintenance supervisor was able to diagnose that a missing software dongle was not present. This component was not specified in the maintenance procedure. The licensee captured this issue in the CAP as PIP O-11-6960.

Panel Wiring: For the terminals checked, the inspectors concluded that the wiring for those terminals was correct. The final walkdown to assess the panel wiring quality revealed potential quality issues with the wiring. The inspectors noted that the four channels of the RPS system had wires (Okonite model 3BA-12U) that had exceeded the allowable bend radius. The inspectors determined that the training radius for the wire as specified by the manufacturer was four times the outer diameter (OD) of the wire. The inspectors noted that the same wires in the four channels had indentions and creases that appeared to be deep into the insulation. The inspectors determined that the indentions and creases were due to the licensee trussing the wires together with twine for up to 30 years. The inspectors determined that a minimum insulation wall thickness would have to be determined to evaluate these defects. The licensee documented this issue in the CAP as PIP O-11-6850. These potential issues are discussed in the following paragraphs. Regarding the indentions and creases in the wires, the licensee performed a walkdown of 18 TXS cabinets to inspect the conductor concerns. The licensee's inspection did not identify any nicks or cuts in conductor insulation or kinks in any conductor. The licensee's evaluation determined it was not a concern since all of the conductors were operating at voltages well below their insulation rating. The highest voltage in the cabinets was 120VAC and the lowest insulation rating for any conductor was 300V. The inspectors reviewed the evaluation and found it acceptable.

As for the training (or bend) radius on conductors, based on a review of manufacturer and industry-contacts correspondence, approved suppliers of Duke insulated wire and cable, such as Okonite, referred to several industry ICEA / NEMA standards for various cable and insulation types for permanent-training minimum bend radius (as opposed to pulling bend radius under tension). The ICEA / NEMA standards all have an Appendix for "Recommended Bending Radii for Cables," including insulated single-conductors within its scope, with a table indicating 4 x OD for cables with ODs of 1.000" or less and with insulation thickness of 0.169" or less, which includes all the internal / hook-up wire within identified by the inspection team in the RPS/ESPS cabinets. The licensee also reviewed conformance with IEEE standards 690-2004, "Standard for the Design and Installation of Cable Systems for Class 1E Circuits in Nuclear Power Generating Stations;" and IEEE-1185-2010, "Recommended Practice for Cable Installation in Generating Stations and Industrial Facilities," as well as a historical review of PIPs for all Duke sites. The licensee was not committed to these standards; however, concluded that guidance for recommended target minimum bending radius for permanent training of individual insulated conductors within enclosures would be added to the procedures for making cable terminations as well as included in the pre-job briefings for such work.

During startup of Unit 1 on June 10, 2011, the licensee observed an unexpected response of the power range neutron indications at 48% reactor power during planned monitoring. The Power Range Nuclear Instrumentation (NI) imbalance signals were diverging from the incore detector imbalance signals, which were trending with increasing negative imbalance as expected. The licensee determined that the triaxial cables for the top and bottom detector NI signals were wired in reverse at the Power Range Test Module (PRTM) for each RPS channel. The delta flux inputs to the flux/flow/imbalance trip function of RPS were declared inoperable for all four RPS channels, as excore imbalance was derived from the top and bottom detector chambers.

The high flux and other trip functions of RPS were unaffected due to this wiring error. Those terminals were not in the sample picked by the inspectors. The licensee developed a plan to correct each termination involved, corrected the design documents, and returned the system to operable status.

A Licensee Event Report (LER) LER 05000269/2011-05-00, Reactor Protection System Overpower Flow/Flux/Imbalance Channels Inoperable, Rev. 0 was submitted to report this event. The licensee submitted a supplemental revision to the LER documenting the details surrounding the issue, LER 05000269/2011-05-01. The inspectors plan to address this issue following review of the supplemental LER.

.2.2 Procedure Review

a. Inspection Scope

The inspectors performed, on a sampling basis, a review of the licensee procedures affected by the modification of the RPS/ESPS system. The team reviewed applicable surveillance test procedures for the RPS and ESPS systems to ensure that any steps to operate system key switches did not conflict with operations procedural controls to address channel operability during test activities. The team inspected licensee procedures to ensure that key switch operation appropriate for testing activities, such that no test that would render the system safety function inoperable, was performed without first declaring the affected channel inoperable and entering the appropriate Limiting Condition for Operation for this situation. The team reviewed documents to ensure that methods to confirm time constants were incorporated into periodic testing procedures to be used for the system.

The team reviewed the key control procedure to assess whether the ESPS and RPS authorization keys were included. The authorization keys are the Shutdown Bypass Keys, the Manual Bypass Keys, the RPS Parameter Change Enable Keys, the ESPS Parameter Change Enable Keys, the ESPS Voter Parameter Change Enable Keys, the RPS Channel Trip Keys, the ESPS Channel Trip Keys, the ESPS Voter 1 Manual Bypass Keys, and the ESPS Voter 2 Manual Bypass Keys. The team assessed whether plant procedures identify and control changes to the digital RPS/ESPS systems changeable parameters after final acceptance of the systems by the licensee. The team assessed whether procedures, that include steps to change either the ESPS or RPS channel parameters, have steps that require the channel to be placed in either bypass or trip mode prior to issuing the authorization key. The team assessed whether these procedures that control parameter changes release only one authorization key so that only one channel is configured at a time. The team assessed whether SU procedures prevented the development of new or modified logic in the RPS/ESPS systems.

The team assessed the implementation of the TS, applicable licensee standards, and vendor recommendations in the sampled calibration procedures. The inspectors also reviewed training material provided by the licensee associated with the RPS/ESPS modification. This material provided included operations training material that encompassed procedure changes, gap training, completed operations training packages in part. The inspectors reviewed applicable tests related to the updated procedures to assess licensee personnel performance of actions. The inspectors reviewed applicable operations procedures to assess operators' performance during applicable mode changes. The inspectors reviewed applicable annunciator response guidelines (ARG) to verify applicable alarms were present. The inspectors also reviewed training materials and lab exercises associated with the maintenance personnel.

The team reviewed the procedures that control the maintenance laptop and service unit computers used to modify the RPS/ESPS systems logic. The team assessed whether the controls for virus protection, password use, physical protection, and personnel access were adequate. The team assessed whether the procedures were sufficiently self-checking enough to minimize the introduction of errors into the RPS/ESPS systems. The team reviewed the procedures that control the computers to assess whether measures to ensure that the computers remain secure within the control room complex were included. The team assessed whether a control room alarm indicated if the computer security was broken. The team's review included procedures for surveillance, maintenance, abnormal operation, emergency operation, and annunciator response to assess whether the updates correctly reflected the new system attributes in accordance with the SER, as stated in SER IFIs #1-5, 8-11, 13, 15, 16, 18, and 28-30.

b. Observations and Findings

No findings were identified. The team verified through document review and licensee personnel interviews, that surveillance test procedures instruct maintenance personnel to communicate with a control room operator before beginning any steps that may affect safety related channel operability. Specifically, the team verified the procedures required maintenance personnel to communicate with control room operators prior to using key switch operations and to place any safety related channel into an inoperable state and enter the appropriate Limiting Condition for Operation for this situation. The team determined that the implementation of the TS, applicable licensee standards, and vendor recommendations were appropriately integrated in the sampled calibration procedures.

Port Tap Configuration:

The team discussed the port tap configuration details with the licensee and described the safety evaluation activities used as a basis for the safety conclusions. There was a concern the installed port tap allowed for two-way communication that was not part of the approved design bases. The inspection team pointed out that the manufacturer of the port aggregator device did produce a version that allowed two-way communications to the monitoring port. The model was the same as the approved models, which are either labeled PAD-CU or PA-CU, but there was a suffix "AR" that designated the feature

"Active Response." A product manual for the PAD-CU-AR was also provided for review. It was confirmed that the installed port tap device was model PA-CU, which was acceptable. The team also had a question regarding the positioning of dip-switch # 8 on the device.

The manual for the PAD-CU device states that this switch is reserved for future use and it is recommended that it be left in the OFF position. On the other hand, the PAD-CU-AR manual states that this switch is for Active Response and when in the ON position, it enables two-way communications on the monitoring ports, thus, this switch should always be placed in the OFF position.

An error was discovered in the installation procedure that allowed every dip-switch to be placed in the opposite position than was intended. Because of this, the installed port tap had switch #8 in the ON position. Switch #1 is the automatic negotiation switch and when it is in the ON position, the positions of switches 2 through 8 do not figure into the negotiation. For this reason, the device appeared to be functioning normally even though the switches were out of position. The licensee captured this issue in the CAP as PIP O-11-5756. The team determined this to be a minor issue because the dip-switch positions do not alter the communications restrictions imposed by the internal buffer amplifiers within the port tap device so no communications in the direction of the safety processors would be allowed regardless of the dip-switch positions. In addition, there were several resistors that were removed from the model being used and as long as these resistors were not installed; there was no possible way for data to flow from monitoring port C of the port-tap to either port A or B. The team confirmed this was the installed configuration. Setpoint Configuration: The inspection team also discussed the need to periodically verify that setpoints of the system were correct. The licensee did verify that the safety parameter setpoints were correct during the channel functional tests but did not intend to check all of the system configurable parameters on a regular basis. The team considered that controlling these configurable parameters was a critical part of maintaining the operability of the systems safety functions. The team's concern was, for example, if a lead-lag constant were to be inadvertently changed to a value that would cause excessive filtering of a critical system input parameter, it could render the system incapable of performing the required function within the required time-frame and thus could compromise plant safety. The licensee discussed that checking the configurable parameters (not just TS related setpoints) could be done easily but was time consuming, and also noted that it was not a requirement to do so. They also maintained that existing controls prevent unauthorized access and that to document all intentional changes to these parameters would ensure that they remain correct for an indefinite time-frame. The inspection team also confirmed the licensee verifies the setpoint configuration on a regular frequency.

The team also discussed with the licensee IFI #7, which required the licensee to ensure methods were available to confirm proper SAA1 time constants were incorporated into periodic testing procedures. Initially, it was discussed that this item was written in error and the licensee claimed that no periodic verification of time constants for SAA1 module were needed. Further investigation revealed that this inspection item was not in error. In the Failure Modes and Effects Analysis (FMEA) Summary, OSC-3348, the licensee identified a failure mode of the SAA1 module. In this report, the licensee also recommended performance of a surveillance test in order to detect the failure. They stated, "These failures are assumed to have an associated surveillance test and therefore are detectable." Although the report stated, "a surveillance test is necessary to ensure that the margin to trip is not reduced," it clarifies that the SAA1 failure has a small conservative effect on margin to trip.

As part of the licensee's engineering design change process (EDM 601), the licensee reviewed all of the FMEA recommendations documented by the system designer, AREVA, and developed an appropriate disposition for each. The SAA1 failure was identified as a "shorter than set time constant failure." This means it would fail (or trip) in a conservative direction. The largest possible time constant failure is 97 milliseconds out of the total time delay of 594 milliseconds for the RCS flow differential pressure signal. The licensee determined that since the failure mode would be more conservative and the other redundant channels would provide protection, no surveillance test was required. The team confirmed the licensee's conclusion.

Breaker Trip Testing: The team conducted a review of documentation associated with the performance of Breaker and RPS functional logic surveillance testing. Since the GSM application on the SU was being used to establish test conditions and to initiate test sequences, the GSM User Manual was reviewed. This manual described a RPS Channel Trip Relay Test GSM screen that, under certain conditions, allowed the user to manipulate individual trip relays. The surveillance test procedure directed the user to operate each of the four trip relays to ensure that the two of four logic functions were performing as required and that reactor trip breakers are tripping under both energize to trip and under voltage conditions.

The team also met with the licensee to discuss the procedures that would be used for on-line reactor trip breaker testing. On the old design, the Bailey RPS system, there were a series of test switches which provided a means of de-energizing selected trip relays in a sequence and allowed testing of the 2/4 logic and tripping of one single trip breaker at a time while maintaining two of three reactor trip operability via the three trip channels not being tested. Each trip breaker was tested twice to ensure functionality. The first breaker trip test energized a trip coil to open the breaker. The second test de-energized a shunt coil and caused the breaker to open.

The equivalent testing for the new replacement RPS system is accomplished by way of the GSM application running on the SU. Instead of using test switches, the new system uses the GSM application software to individually activate and deactivate the trip relays in a similar sequence to the old test. To enable SU access to control functions for the relays, the parameter change key switch for the channel under test is turned to the applicable test mode and the safety processor is placed into the applicable test mode of operation. The GSM application can then access the safety processor and initiate logic test functions that operate the trip relays.

The channel under test is declared inoperable during this test but the channel is neither bypassed nor put into a tripped status during the test. This was an apparent contrast to IFI #3 of SER, which stated that the procedures used to configure system parameters should include a step to place the channel in either Bypass or Trip prior to operation of the parameter change enable key switch.

The team interpreted the breaker test procedure as a required system functional test and not as a procedure used to reconfigure the RPS system. The act of inducing a trip or bypass in the channel would alter the logical functionality that was being tested during breaker surveillance testing; therefore, the inspectors considered it acceptable for the licensee to not bypass or trip the channel under test when performing trip breaker testing as long as the channel under test was declared inoperable for the duration of the test. In this case, the remaining channels that are not under test would continue to perform the required reactor trip functions using a two of three logic for actuation during breaker testing. The team considered this to still meet the intent of the inspection item criteria provided in the SER.

Steam Generator Feed Pump Run Status: The licensee identified that for the input signal of steam generator feed pump run status, the RPS system was designed to consider a feed pump to be running whenever its control oil pressure is above a certain setpoint. This control oil pressure is only an indication that the pump is reset and does not necessarily mean that the pump is running or in a condition to be capable of providing feed water flow to the steam generators. To compensate for this condition, steps were added to the maintenance and operating procedures to allow technicians to change a parameter on each RPS division to force a non-running status for feed pumps that are in this intermediate condition. Once the affected feed pump is started and running at a pumping speed, the parameter is once again changed in each RPS division to a state that reflects that the feed pump is operable.

The inspection team noted that during operations evolutions such as the one described above where parameters in the RPS/ESPS systems are required, the licensee stated that operators would not access or use the SU in any way. Instead, procedures direct these parameterization activities to be performed by I&C technicians with operations personnel oversight. Operators, therefore, will never be using the service unit.

.2.3 Design Bases Document Review

a. Inspection Scope

The team conducted sample reviews of the Updated Final Safety Analysis Report (UFSAR), design basis documents, TSs, and plant drawings to verify that design bases documents were adequately updated to reflect the replacement RPS/ES system as stated in SER IFI #23-25.

b. Observations and Findings

No findings were identified. The team noted that the design basis documents were adequately updated to reflect the new system and associated design changes. The team also reviewed the FSAR change summary package and observed the subsequent FSAR revision included the appropriate updates to reflect the design changes to Unit 1. Because this modification is being installed on each one of the units in phases, the FSAR revision did not specifically denote which unit was modified, rather it generically addressed units as either a unit with the RPS installed or not installed.

The team also observed the EC changes and the FSAR change packages referenced IEEE 279, "Criteria for Protection Systems for Nuclear Power Generating Stations;" however, the new RPS/ES is licensed to IEEE 603, "IEEE Standard for Safety Systems for Nuclear Power Generating Stations." The team noted that even though the FSAR references the SER, which denotes IEEE 603, the FSAR should reference the new standard or integration into a formal process to ensure the SER is reviewed and the correct codes and standards are used. Thorough review of the modification documents provided the team reasonable assurance the licensee used the correct code (IEEE 603) for any necessary design changes. The licensee captured this issue in the CAP as PIP-O-11-6663.

.2.4 Power and Grounding

a. Inspection Scope

The team reviewed the quality of the power and grounding system for the modification to assess the need for special grounding requirements either from vendor design requirements or due to unique plant conditions. The team reviewed battery-loading calculations to assess the maximum inverter loading and inrush currents and their effect on the RPS/ESPS systems. The team interviewed responsible personnel to assess whether the licensee, in the existing power system, addressed the effects of harmonic distortion on the new RPS/ESPS systems, and the harmonic distortion effects from the new RPS/ESPS systems on the legacy systems that will remain unchanged.

b. Observations and Findings

No findings were identified. The team found that the licensee did not review the plant-grounding grid as part of the digital RPS upgrade. The design life of the original grounding system was approximately 30 years. No degraded performance of the system could be identified because of the grounding grid. Additionally, the inspectors noted that the battery loading calculation showed the new electrical loading to be less than the original RPS system. The inspectors determined that the licensee sought to use the legacy shielded cabling with the digital RPS upgrade. The licensee and vendor conducted a walkdown of the cables to establish whether the shield grounding was adequate. The vendor noted that their specification required the grounding of the shield to be at both ends and that the legacy cabling had the shield drain wire removed from the field end. The vendor, in letter ESFAS-RPS-F-0127-09 dated November 9, 2009, informed the licensee that the legacy cabling grounding practice was adequate and no modifications were necessary to them. The inspectors noted that the licensee did not analyze the harmonic distortion affects of the digital RPS upgrade. The team determined this to be acceptable due to no adverse effects were identified.

.3 Testing, Operations, and Training

.3.1 Software Testing Plan

a. Inspection Scope

The team reviewed the installation and startup test procedures for the RPS/ESPS systems to assess whether the procedures ensured that the as-installed modifications were consistent with the SER as stated in IFI #13,14,17, and 18; the design drawings, and the licensee's commitments. The team observed portions of the site acceptance test (SAT) to verify the licensee appropriately captured issues in the test incident reports and translated them clearly in functional testing requirements. The team observed portions of the installation testing, including component checks, channel trip testing, functional testing, and integrated testing to verify the testing plan was adequate in identifying proper design implementation. The team assessed whether the installation tests adequately demonstrated the installed system met the system and plant-specific requirements listed in the SER. The team assessed whether the procedures were clear and sufficiently detailed enough to allow site personnel to perform the tests. The team interviewed responsible personnel to assess whether appropriate levels of verification and validation (V&V) confirmed that these test plans and procedures as well as the User Documentation for the RPS/ESPS system were adequate prior to plant startup as required by RG1.168, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," Rev. 1. The team assessed whether the tests ensured that the safety system was functioning properly after the inputs to the safety system were re-established following the use of the maintenance laptop or test machine.

b. Observations and Findings

No findings were identified. The team observed the SAT, installation testing, functional testing, and integrated system testing. The team found that the test plans assured adequate controls to implement the modification. The team found that the licensee addressed any potential issue according to its safety and risk significance. The team observed the RPS/ESPS integrated system test and that it had functioned properly. It was noted that some inputs could not be simulated during the testing stages and would only be verified during actual plant startup. These inputs were assessed and determined to be not safety significant and would cause no increase to public health and safety if not tested prior to startup. The team found that the test plan V&V was ongoing. The licensee established a team comprised of Senior Reactor Operators, engineers, and licensing staff to assess the soundness of the test procedure and accuracy of the test steps. The inspectors determined that the licensee established a procedure to assure that the safety systems were functioning properly after re-establishing the inputs to the system following maintenance activities.

Reference Section

.2.1 of this report for discussion on improperly wired NI power range cables, which were not identified during the testing.

3.2 Operations Manual

a. Inspection Scope

The team conducted select reviews to verify the operations manuals were in accordance with licensing commitments and the SER as stated in IFI #21. The team assessed the manuals to determine if they were sufficiently detailed, clear, and unambiguous for ease of use by licensee personnel.

b. Observations and Findings

No findings were identified. The inspectors reviewed licensee-credited material to provide insights on this element. The licensee did not have a stand-alone operations manual consistent with NUREG/CR-6101, "Software Reliability and Safety in Nuclear Reactor Protection Systems." To meet this commitment the licensee provided calculation ODSS-806.PPS.0001, "Unit 1 TXS Reactor Protection System and Engineered Safeguards Software," Rev. 0. Specifically, in Attachment F-1 of the document, the licensee stated that a stand-alone plan was not necessary since elements are evaluated via procedures NSD 703, "Administrative Instructions for Technical Procedures" and EDM 601, "Engineering Change Manual." The inspection team found this to be acceptable.

3.3 Software Training Plan

a. Inspection Scope

The team reviewed the software training plan and software training manuals in accordance with Branch Technical Position 7-14, Sections B.3.1.12, and B.3.3.9, to assess whether the plan and manuals provided the level of detailed training appropriate to the responsibility and RPS/ESPS system access granted to each licensee staff member. The team also reviewed the plans to verify they were in accordance with the SER as stated in IFI #20.

b. Observations and Findings

No findings were identified. Based on document review and staff interviews, the team confirmed the licensee had an adequate software training plan in place. The inspectors determined that maintenance personnel were required to be qualified on the software. The qualification, upon completion of the course, would allow them to troubleshoot faults in the software. Engineering personnel were required to be familiar with the software and its functions. Training materials were developed for the software. A spare RPS and ESPS system was built to give personnel realistic experience with system functions and fault detection. Finally, a qualification testing program was established to verify that personnel had successfully developed the required skills to troubleshoot the software.

Maintenance and system engineering personnel have responsibility for troubleshooting and setpoint adjustment and verification only. The system vendor's (AREVA) software development program and personnel will be used to develop any modifications to the software. 3.4 Personnel Training

a. Inspection Scope

The team reviewed training documents and interviewed personnel to verify that operators, technicians, and system engineers had been adequately trained and have an understanding of the system commensurate with their responsibilities.

b. Observations and Findings

No findings were identified. Following review of relevant documents, the team determined the licensee underwent appropriate training in preparation for implementation of the RPS/ESPS modification. Under contract, AREVA provided training to the licensee and included Teleperm training to system engineers, and procedure writing training. Teleperm TXS hardware and software training was also provided to licensee engineering and technicians. The licensee also developed ongoing technical training to be used for introductory and refresher training. 3.5 Hardware and Software Failures

a. Inspection Scope

The team reviewed TIRs and PIPs to verify the licensee was appropriately capturing hardware and software failures that occurred and that the issues were properly resolved.

b. Observations and Findings

No findings were identified. The team determined the licensee utilized an appropriate threshold for entering issues into the CAP. The licensee documented hundreds of issues related to the implementation of the new system, categorized each issue based on its significance, proposed appropriate corrective actions, and documented the resolution(s). The issues were appropriately entered into the CAP as PIPs (during the SAT, issues discovered were documented as test incident reports) and subsequently tracked separately in accessible tables. The licensee also reviewed the issues to determine mode applicability to ensure design basis limits and commitments (e.g., TS LCO) were maintained.

3.6 Environmental Parameters

a. Inspection Scope

The inspectors reviewed qualification summary documentation and manufacturer's manuals of the RTD Temperature Transmitter, Absopulse 120VAC/24VDC- 500W Power Supply Module, and TXS Standard Function Module to verify that the environmental qualifications, such as temperature, humidity, and seismic, matched the mild environment that the cabinets were located in and that the EMI/RFI qualifications matched what was in the NRC's SER. The inspectors also reviewed the qualification documents related to the Optocoupler to verify that it was qualified for 1E to non-1E connections.

b. Observations and Findings

No findings were identified. The inspectors observed that cabinets were located in a mild environment. The inspectors concluded, based on review of the documentation that the cabinets were qualified for the temperature, humidity, and seismic properties of the area they were located in. The inspectors concluded that the Optocopuler was qualified for Class 1E to non-1E connections.

3.7 Setpoints and Uncertainty

a. Inspection Scope

The team reviewed procedures, calculations, and design documents to verify that setpoints and related uncertainty terms have been adequately evaluated and revised to reflect the new system and have been accurately installed in the software.

b. Observations and Findings

No findings were identified. In addition to the discussion on configurable parameters as documented in Section 2.2 of this report, the team determined the licensee had implemented adequate procedures and calculations to maintain setpoint configuration control. The licensee developed a controlled parameters calculation and a list of changeable parameters. The team reviewed a selection of surveillance, maintenance, and operations procedures for controlling setpoint configuration, setpoint verification, and parameter changes. All procedures were appropriately subjected to a V&V process by the licensee and the vendor. The licensee had identified during the implementation project, prior to installation, that the information in the uncertainty calculations indicated that some plant setpoints needed to be changed to prevent exceeding TS allowable values. This issue was captured in the CAP as PIP O-11-1280. 3.8 Indication and Annunciation

a. Inspection Scope

The team reviewed procedures, performed walkdowns, and observed control room operations and testing to verify proper indication and annunciation for system failures and system bypass are functional, and meets the licensing basis as stated in SER IFI #26 and 27.

b. Observations and Findings

No findings were identified. The team found there were alarms in the control room to indicate when an RPS/ESPS cabinet was open; however, not to monitor the cabinets locked position as specified in the SER IFIs. The team did confirm though, that the cabinet is procedurally controlled to be in the locked position when it is closed, thus, if the alarm indicated that the cabinet was opened, it would have to be unlocked.

The team considered this to still meet the intent of the inspection item criteria provided in the SER.

The licensee also identified some design issues related to alarms for the RPS and ESPS system during installation and testing. One issue the licensee discovered and documented in PIP O-11-4327, was hardware failures that could occur and cause a Voter Trouble Statalarm on the new system but also cause other trouble indications for the redundant voters, thus having no means to immediately determine which voter had trouble. This could result in exceeding the one hour TS LCO and require a plant shutdown if the problem was not resolved. A design solution was implemented providing a means to determine which voter was in a Trouble state.

.4 Maintenance and Repair

4.1 Procedures Review

a. Inspection Scope

The inspectors reviewed the licensee's maintenance and repair procedures, industry standards, and plans for repair efforts; observed real-time maintenance and repairs for emergent issues related to the modification; and conducted interviews, to verify that the licensee's procedures have been updated, correctly reflect the new system attributes, and met licensing commitments as stated in SER IFI #16.

b. Observations and Findings

No findings were identified. The team determined the licensee had adequately prepared maintenance and repair documents for the new system installation. The licensee maintained vendor support onsite in the event repairs or maintenance arose that required hardware or software design changes to resolve. The licensee took necessary measures to stand-down maintenance activities, if required, based on safety and risk insights. The team verified the licensee took appropriate actions related to repairs consistent with the safety significance and resources available.

The inspectors also verified that maintenance for the TXS Plant Protective System Cabinets had incorporated and followed electrostatic discharge (ESD) precautions in their procedures, by reviewing the licensee maintenance documents and by interviewing the licensee staff.

4.2 Handling and Storage Requirements

a. Inspection Scope

The inspectors reviewed the licensee's maintenance and repair procedures, industry standards, and plans for repair efforts; and conducted interviews, to verify that the handling and storage requirements for spare parts were consistent with licensing and manufacturer requirements; and if any special precautions were implemented by the licensee.

b. Observations and Findings

No findings were identified. The team noted that the fiber optic cable and temperature sensor had a large storage temperature range (-25 to 75 degrees C) according to their manufacturing specifications, and that the licensee has committed to ANSI standard N45.2.2, "Packaging, Shipping, Receiving, Storage, and Handling of Items for Nuclear Power Plants." The team confirmed with the licensee the cable was maintained at storage level B, which requires areas to be maintained between a minimum of 40 degrees Fahrenheit and a maximum of 140 degrees Fahrenheit (4 to 60 degrees C). The storage area was required to also be fire resistant, weather tight, temperature controlled, and secure.

4OA6 Meetings, Including Exit Meeting

Exit Meeting Summary The inspection team presented the inspection results to the staff during a detailed pre-brief on January 12, 2012. An exit was held with Mr. T. Preston Gillespie, Jr., and other members of licensee management on January 25, 2012. The inspectors asked the licensee if any of the material examined during the inspection should be considered proprietary and no proprietary information was identified.

ATTACHMENT:

SUPPLEMENTAL INFORMATION