Information Notice 2016-09, Recent Issues Identified When Using Reverse Engineering Techniques in the Procurement of Safety-Related Components
ML16075A285 | |
Person / Time | |
---|---|
Issue date: | 07/15/2016 |
From: | Michael Cheok, Louise Lund Generic Communications Projects Branch |
To: | |
Harris B | |
References | |
IN-16-009 | |
Download: ML16075A285 (6) | |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
OFFICE OF NEW REACTORS
WASHINGTON, DC 20555-0001 July 15, 2016 NRC INFORMATION NOTICE 2016-09: RECENT ISSUES IDENTIFIED WHEN USING
REVERSE ENGINEERING TECHNIQUES IN THE
PROCUREMENT OF SAFETY-RELATED
COMPONENTS
ADDRESSEES
All holders of, and applicants for, a construction permit or an operating license for a non-power
reactor (research reactor, test reactor, or critical assembly) or a medical isotope production
facility under Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing
of Production and Utilization Facilities, except those that have permanently ceased operations.
All holders of an operating license or construction permit for a nuclear power reactor issued
under 10 CFR Part 50, except those that have permanently ceased operations and have
certified that fuel has been permanently removed from the reactor vessel.
All holders of, and applicants for, a power reactor early site permit, combined license, standard
design approval, or manufacturing license under 10 CFR Part 52, Licenses, Certifications, and
Approvals for Nuclear Power Plants. All applicants for a standard design certification, including
such applicants after initial issuance of a design certification rule.
All contractors and vendors that directly or indirectly supply basic components to U.S. Nuclear
Regulatory Commission (NRC) licensees under 10 CFR Part 50 or 10 CFR Part 52.
PURPOSE
The NRC is issuing this information notice (IN) to inform addressees of issues that the NRC
staff has identified concerning the supply of replacement safety-related components.
Specifically, this IN describes instances where reverse engineering techniques were used to
manufacture replacement components, and where the components were supplied without first
verifying the supplied components met all safety-related design requirements. The NRC
expects that recipients will review the information for applicability to their facilities and consider
actions, as appropriate, to avoid similar problems. Suggestions contained in this IN are not NRC
requirements; therefore, the NRC requires no specific action or written response.
DESCRIPTION OF CIRCUMSTANCES
During recent inspections, the NRC identified deficiencies in certain aspects of licensees and
vendors quality assurance programs. These quality assurance programs are intended to
ensure that safety-related components can be relied upon to function, as necessary, to meet
ML16075A285 their intended requirements. In some instances, reverse engineering techniques were used to
manufacture and supply components without first developing a full understanding of the
components safety-related design requirements.
This IN provides examples where licensees and suppliers used reverse engineering techniques
to manufacture and supply safety-related equipment, but did not implement sufficient controls to
verify that equipment was suitable for its intended application. In these examples, the suppliers
and/or licensees were unable to provide reasonable assurance that the supplied component
would be capable of operating on demand for the required life of the component and under the
full range of operating and accident conditions. This led to licensees installing components that
were not suitable for its intended application or that had indeterminate suitability at the time of
installation. In one example, this led to a failure of the component to operate on demand during
a plant event.
The list below provides a summary of the deficiencies that NRC inspectors identified as a result
of the procurement of reverse engineered components:
- not developing a full understanding of design requirements
- assuming that a reverse-engineered component is identical to the original equipment
manufacturer (OEM) component, even though it was not subject to the same design
and manufacturing specifications and processes as the original component
- assessing only the physical attributes of the component without properly evaluating
functional design requirements
- not passing on all relevant design requirements to the supplier
- not verifying that all safety-related design requirements have been met, either by
testing or analysis or a combination of the two
- not clearly establishing which organization is responsible for which portion of the
reverse engineering process
During recent NRC inspections, inspectors identified the following specific examples of improper
reverse engineering of safety-related components.
1. The NRC identified a non-cited violation of 10 CFR Part 50, Appendix B, Quality
Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, Criterion
III, Design Control, at Callaway Plant, Unit No. 1 for failure to assure that the design of
the replacement reverse-engineered Modutronics controller cards used for the auxiliary
feedwater control valves were suitable for their application. Specifically, the licensee
failed to establish suitable interface requirements in procurement documents to Nuclear
Logistics Incorporated (the vendor). The licensee also failed to verify (or ensure their
supplier had verified), by either design reviews or testing, that the supplied
reverse-engineered controller cards were suitable for their application. As a result, the
replacement cards were supplied with motor field current rectifier bridges that were
undersized and marginal for their application. Consequently, two of the circuit cards
failed in service, rendering the associated auxiliary feedwater system valves inoperable.
Following performance of a root cause analysis, the licensee replaced the deficient
controller cards with those of a higher current rating. [NRC Inspection Report 05000483/2015009, dated January 13, 2016 (Agencywide Documents Access and
Management System (ADAMS) Accession No. ML16013A021)]
2. The NRC identified a non-cited violation of 10 CFR Part 50, Appendix B, Criterion III,
Design Control, at River Bend Station, Unit 1 for the failure to verify the adequacy of the design of replacement accumulators, 18 of which were installed in the control rod
drive system. The accumulators were reverse engineered, purchased from a
commercial supplier (Tobul Accumulator), and dedicated for use as a basic component;
however, the licensees technical justification for the acceptability of the
reverse-engineered component was inadequate. The equivalency evaluation failed to
verify the adequacy of safety-related design requirements related to the performance of
the accumulators, such as flow rates, leakage rates, pressure ranges of operation, stroke times, temperature ranges of operation, and seismic qualification. [NRC
Inspection Report 5000458/2015002, dated August 11, 2015 (ADAMS Accession No.
3. The NRC identified a nonconformance to 10 CFR Part 50, Appendix B, Criterion III,
Design Control, at NOVA Machine Products Inc. for its failure to establish adequate
design control measures to verify and check the adequacy of the design of hydraulic
control unit (HCU) accumulators used in the control rod drive system of boiling-water
reactors. Specifically, NOVA reverse engineered and subsequently manufactured
approximately 881 safety-related HCU accumulator assemblies without proper design
verification in the form of a design review, use of calculational methods, or through a
suitable qualification testing program. [NRC Inspection Report 99901052/2015-201, dated January 15, 2016 (ADAMS Accession No. ML16006A394)]
In response to the above identified deficiencies, licensees and vendors entered the deficiencies
into their corrective action programs and took appropriate corrective measures.
BACKGROUND
The regulations in 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power
Plants and Fuel Reprocessing Plants, Criterion III, Design Control, require that licensees, vendors, and contractors establish measures for the selection of parts and equipment essential
to the safety-related functions of structures, systems, and components. Criterion III also
requires that licensees, vendors, and contractors establish measures for verifying the
adequacy of the design, such as by the performance of design reviews, by the use of alternate
or simplified calculation methods, or by the performance of a suitable testing program. Vendors
and contractors that supply safety-related components to licensees are required to adhere to
these requirements when imposed on them by NRC licensees through contractual requirements.
DISCUSSION
For various reasons, including obsolescence, cost, and extended delivery schedules, licensees
and their suppliers are increasingly using reverse engineering techniques to manufacture
replacement safety-related components. While there is no regulatory definition of reverse
engineering, it can be considered a process (or set of processes) to help manufacture or
replicate a component based upon physically examining, measuring, or testing existing items;
reviewing technical data; or performing engineering analysis. 1 When all safety-related design
requirements, are well understood and documented, the process is not unlike a normal
safety-related procurement for an alternate component. In many cases, licensees use an
equivalency evaluation process to verify the new proposed component is suitable for its
application (i.e., meets all relevant safety-related requirements).
1 Definition taken in part from EPRI TR 107372, Guideline for Reverse Engineering at Nuclear Power Plants, July 1998. In some instances, however, the full scope of the safety-related requirements for the component
is unknown and has to be regenerated. Various engineering methods can be used to help
regenerate component-specific requirements. This can be accomplished through a review of
relevant system and component-level design information, including information obtained from
original equipment manufacturers (OEM), through the performance of new calculations, or
through testing and/or examination of the original component.
While physical examination and material analysis of an OEM component may be sufficient to
define the physical characteristics necessary to create a physically equivalent component
design, physical examination alone is typically not sufficient to identify all the functional
requirements. Identifying all functional requirements necessitates a full understanding of the
intended application of the component, interface requirements, environmental parameters, and
other design considerations. Although not explicitly required, recipients are encouraged to
review the information and references provided in this IN for applicability and consider actions, as appropriate, for their facilities to avoid similar problems.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contact listed below.
/RA/ /RA/
Michael C. Cheok, Director Louise Lund, Director
Division of Construction Inspection Division of Policy and Rulemaking
and Operational Programs Office of Nuclear Reactor Regulation
Office of New Reactors
Technical Contact:
Jeffrey Jacobson, NRO
Phone: 301-415-2977 E-mail: Jeffrey.Jacobson@nrc.gov
Note: NRC generic communications may be found on the NRCs public Web site, http://www.nrc.gov, under NRC Library/Document Collections.
ML16075A285; *via e-mail
OFFICE NRR/PGCB/LA* Tech Editor* NRO/DCIP/QVIB-1* NRO/DCIP/QVIB-1/BC* NRR/PGCB/PM*
NAME ELee (w/comment) CHsu JJacobson TJackson BHarris
DATE 03/17/2016 03/31/2016 06/06/2016 06/09/2016 06/06/2016 OFFICE NRR/PGCB/LA NRR/PGCB/BC NRO/DCIP/D NRR/DPR/D
NAME ELee (ABaxter) SStuchell MCheok LLund
DATE 06/09/2016 06/09/2016 07/12/2016 07/15/2016