LIC-98-0025, Comment on Proposed Communications Re Year 2000 Readiness of Computer Sys at NPP
| ML20203J798 | |
| Person / Time | |
|---|---|
| Site: | Fort Calhoun  |
| Issue date: | 02/24/1998 |
| From: | Gambhir S OMAHA PUBLIC POWER DISTRICT |
| To: | NRC OFFICE OF ADMINISTRATION (ADM) |
| References | |
| FRN-63FR4498 63FR4498-00012, 63FR4498-12, LIC-98-0025, LIC-98-25, NUDOCS 9803040297 | |
| Download: ML20203J798 (11) | |
Text
. _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ - - - - - -- -
/3 09 t
J fja L/A< WP8 hfhh OWP&Pw M
%. a tw u p g,pl/ex,,,,j n905NED I??B g,g
- ,,7 g h )$
Jh H.' /M iTJLES & U M M US &
february 24, 1998 LIC-98 0025 Chief, Rule; and Di ectives Branch Division of Administrative Services Mail Stop T6-069 U. S, Nuclear Regulatory Commission Washington D. C. 205S5-0001
References:
- 1. Docket No. 50-285
- 2. federal Register Volume 63. W. 19 dated January 29, 1998
Subject:
Comments on Proposed Generic Communications Year 2000 Readiness of Computer Systems at Nuclear Power Plants in Reference 2, the NRC issued for public comment a proposed Generic Letter v51ch would require licensees to provide, pursuant to l' CFR 50,54(f), certificPtion that their facilities are Year 2000 ready and in compliance with the .erms and conditions of their licenses and NRC regulations The NRC encouraged the industry to propose a viable alternative to the Generic Letter, such as a voluntary initiative to provide information to the NRC, Instead o' responding to a Generic Letter Omaha Public Power District (OPPD) would prefer to participate in a voluntary initiative coordinated by the Nuclear Energy Institute (NEI) and the Nuclear Utilities Software Management Group (NUSMG). Recognizing that the NRC may decide to issue a Generic Letter, however, CPPD provides the attached revised version of the proposed Generic Letter which is based on comments of NUSMG members.
Please contact W. B. Pence Manager-Nuclear Processing Computing Services, at 402-533-6910 if you have any questions.
t Sincerely, 3
p unnn i\
S .' K. Gambhir Division Manager -
Engineering & Operations Support q{g -
9903040297 900224 hfc P9
~m g o. - - -
y- _ _
~
Chief. Rules and Directives Branch
- 0. 3. Nuclear Regulatory Commission LIC 98 0025 Page 2 WBP/TCH/ tem Attachment c: E. W. Merschoff. NRC Regional Administrator. Region IV L. R. Wharton NRC Projec' Manager W. C. Walker. NRC Senior Resident inspector J. W. Davis NEl Document Control Desk Winston & Strawn I
e
- --m e - m* r 4-m- w w
. , I
.i 2
LIC-98 0025 l Attachment ;
i Revised Proposed Generic Letter j (Year 2000 Readiness of Computer Systems at Nuclear Power Plants) ;
With OPPD Comments Incorporated- ;
4 l
+
t b
i
~
)
3 g c erf,p, - , , , r -
cv --<--re,-.-, e.-4,-s-, w * - as w - ~ e m-+-m e
- v we +r e e =.-_2&u - --
NRC GENERIC LETTER NO. 98 XX:
YEAR 2000 REAb.lESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS 1
i Addressees:
All holders of operating licenses for nucler -~ar plants, except those who have oermanently ceased operations and have certi.. that fuel has been permanently removed from the reactor vessel
Purpose:
The U.S. Nuclear Regulatory Commission (NRC) is issuing this generic letter to !
require that all addressees provide the following information regarding their l programs, planned or implemented, to address the Year 2000 (Y2K) problem in computer systems at their facilities: (1) written confirmation of implementation of the programs, and (2) written certification that the facilities are Y2K ready and in compliance with the ierms and conditions of their licenses and NRC regulations.
Description of Circumstances Simply stated the Y2K computer problem pertains to the potential for date-related problems that may be experienced by a system'or application. These problems include: not representing the year properly, not recognizing leap years, and improper date.calcuidtions. inability-of-computers-to-correctly-recognize-dates beyond-the-current-century-i e-teginning-with-January-ir2000-end-beyond--The p robl em-res ul ts-from-compu ter-h a rdwa re-or-s o f twa re-t ha t-us es-two-di g i t-f i eld s-to rep res en t- t he-ye a r-I f-the-Y2K-p robl em-i s-not-co rrec t edrcompu t e r-sys t ems-will be-unable-to-recognize-the-change-in-century-and-will-misread 200 "-for-the-year 2000 ras-1900: The Y2K problem has the potential to interfere ..ith the proper operation of any-computer systems, any-hardware that is microprocessor-based (embedded roftware), and any-software or databases relied upon at nuclear power plants. FurthermoreAs-a-consequence, there is a risk that affected plant systems and equipment maywill fail to function properly.
The Y2K problem is-urgent-because-it-has a fixed, non-negotiable deadline. ItThis matter requires priority attention because of the limited time remaining, to assess-the uncertain riskmagnitude-of that the problem _ presents. theits associated technical challenges presented, and-cost-risks-and the scarcity of resources availableility-and-to-implement programs-that-wil4- to remediate the probl ema ch ; eve-s a ti s f a ctory-resolut ion .
I
Existing reporting requirerents under 10 CFR Part 21.10 CFR 50.72, and 10 CFR 50.73 provide for notification to the NRC staff of deficiencies non-conformance and failures, such as the YM problem in safety related systams. To date, the NRC staff has not identified nor received notification from licuisees or vendors of digital protection systems (e.g., Westinghouse, General Electric. Combustion Engineering. Foxboro. Allen Bradley. or Framatome/ Babcock & Wilcox) that a Y2K problem exists with safety-related initiation and actuation systems. However.
. problems have been identified in non-safety but important computer-based syetems. Such systems, primarily databases and data collection processes necessary for plant operation that are date driven. may need to be modified for Y2K compliance. Some examples of systems and computer equipment that may be affected by Y2K problems follow:
Security computers
. Plant process (data scan, log, and alarm arJ safety parameter display system) computers
. Emergency response systems
. Radiation monitoring systems
. Dosimeters and readers
. Plant simulators
. Engineering programs
. Communication systems
. Inventory control systems
. Surveillance and maintenance tracking systems
. Control systems To alert nuclear power plant licensees to the Y2K problem, the NRC issued Information Notice (lN) 96-70. " Year 2000 Effect on Computer System Software "
on December 24.1996. In IN 96-70 the staff described the potential problems that nuclear power plant computer systems and software may encounter as a result of the change to the new century and how the Y2K issue may affect NRC licensees, in IN 96 70 the staff encouraged licensees t' exanine their uses of computer systems and software _well before the turn of the century and suggested that licensees consider actions appropriate to examine and evaluate their computer systems for Y2K vulnerabilities. The NRC staff also incorporated recognition of the Y2K concern in the updated Standard Review Plan (SRP). NUREG-0800. Chapter 7.
" Instrumentation and Control." dated August 1997, which contains guidance for staff review of computer-based instrumentation and control systems.
At.the Nuclear Utilities Software Management Group (NUSMG) Year 2000 Workshop.
an industry workshop held in July 1997, some nuclear power plant licensees described their Y2K programs.- and gave examples of areas in which they had 2
i addressed Y2K issues in order to ensure the safety and operability of their plants on January 1, 2000, Some of the issues discussed were the (1) evaluation ,
of the impact of the Y2K problem on plant equipment, (2) assessment process involveu in the identification of Y2K affected components, vendors and !
interfaces (3) development of Y2K testing strategies, and (4) identification of budget needs to address the Y2K problem, i The Nuclear En?rgy Institute (NEI) met with NUSMG and nuclear plant utility representstives in August 1997 to formulate an industry-wide plan to address the Y2K issue. On October 7, 1997, representatives of NEl and NUSMG met with the NRC staff to discuss the actions NEl was taking to help utilities make their plants
" Year 2000 ready." NEI presentedwas-preparing a framework document that provideswith guidance for utilitiesy to use in readying for the Year 2000. The framework document makes a distinction in terminology between "Y2K Readyreadiness" PY2K-Ready"-is-defined-as-a-computer-system-or-application-that h a s-been-de te rmi ned-to- be-su i ta bl e-for-con tinued -us e-i n to-the-yea r-2000-even though-the-computer-system-or-application-is-not-fully-Y2K-Compliant) and "Y2K Ccompliantee".-f "Y2K. Ready" is ' defined as a computer system or application 'that has been determined to be suitable for-continued use into the year 2000 even though the computer system or application is not fully Y2K Compliant, 4 P "Y2K Compliant" is defined as computer systems or applications that accurately process date/ time data (including but not limited to, calculating, comparing, and sequencing) from, into and between the twentieth and twenty-first centuries, the years 1999 and 2000, and leap-year calculations).
-NEl/NUSMG issued the framework document NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness" to all utility licensees in November 1997, The document recommends methods for nuclear utilities to attain Y2K readiness-and-thereby en s u re-t ha t-t hei r-f acili ti es-rema i n-s a fe-a nd-conti nue-to-opera te -wi t h ' n-t he recuirements-of-thetr-license. The scope of NEI/NUSMG 97 07 covers software, or software-based systems or interfaces, whose failure (due to the Y2K problem) would (1) prevent the performance of the safety function of a structure, system or component and (2) degrade, impair, or prevent operability of the nuclear
- facility.
- Discussion Diverse concerns are associated with the potentiv impact of the Y2K problem on nuclear power plants because of the variety and types of computer systems in use.
3
l TSome-of-the concerns results fromare-the licensee reliance upon (1) software to :
scheduleing of maintenance and technical specification surveillances !
requi,ements. (2) use-and-application-of-programmable logic controllers in safetyirelated .applicationsand-other--comercial-off-the-shelf-software-and hardware, (3) operdt-ion-of-digital process control systems. (4) software to - l
, support facility- operationperformance-of-engineering-viculatiens, and (5) :
digital systems for the collection of operating data, and (6) digital: systems to l
monitor post-accident plant parameter-conditionsdata. -
NEl/NUSMG 97-073uggests a' strategy for developing'and implementing a nuclear utility Y2K program The strategy recognizes management, implementation,: quality- 1 assurance, regulatory considerations, and documentation -as the fundamental !
elements of a successful Y2K projec.t The' document contains numerous examples currently in use by licensees. 'The document recommends that the Y2K-program be administered.using standard project management techniques, ,
The frecommended components for'manageme'ntJplanning are management awareness, ,
sponsorship, project leadership.- project objectives, project mmagement team. '
management plan, project reports, interfaces, resources, oversight,= and quality assurance. The suggested 'phasesEof implementationH are awareness, initial 7 assessment (which- includes inventory, categorization, classification, prioritization, ' and. analysis of initial ~ assessment). -detailed assessment ;
(including vendor. evaluation, utility-owned _or fsupported. software evaluation, interface evaluation,- remedial planning), _ remediation, Y2K testing and l validation, and notification.-
- Th'e - quality assurancei:(0A) - measures applf to project. management 0A. and implementation 0A.;; Regulatory considerations includeEt_he performance of appropriate reviews reporting requirements, and documentation. Documentation of {
LY2Kprogramactivitiesandresults;inclu_desdocumentationrequirements, project-management documentation- vendor documentation, inventory lists. checklists for initial and detailed assessmentst and record retention.
Some-vendors-have-taken-such-actions-as pleeing-information-on-the-Internet
. discussing-which-of-their products-eae-Y2K-compliant-and-how-the-vender-is '
addressing-the-Y2K problem-with-respeet-to-specific products-ineluding-products purchased-by-their-nuelear-power-plant-customers. When-addressing-some-of-the p a rti cul a r-t s sues-a s s oei s ted-wi t h-the-ma-a nd -a ppl ic a ti on-o f-so f twa re-i t-ba s '
been-found-that-even-4 f-the-a pplica t-ion-ha s-no; appa rent-da te-ma ni pal a t-ion i
a l go ri t hms-i t-may-s t Hi-be-a f fected-by-a-Y2K-rel s ted-probl em-Fo r-exa mpl e-a
- subroutine-that-date-stamps-the-header-information-in-archival-tapes-regardless -
o f- t he-res t-o f-the-con ten t-of-t he-ta pe-may-lee-e f fected--i n-a dd i ti on- a l though l 4 L
1
l 4
' l individually-several-systems-may-be "date-safeFthe-integrated-operations-that 1 4
the-systems-support-may-be-vulnerable-to-the-Y2K-problem. Furtherrthere-are potenti al-impact s-from-the-cpera ti ng-sys tem-supporting -t hei r-ins t rumen t a ti on systemts-application-software-and-from-sub programs-(such-as-calibration-and-data recordi ng / report ing )-as soci a ted-wi th-the-ma in-a ppl ica t-ion-sof twa re:
One aop11 cation which is common to all power reactor licensees is the link between plant computers and the NRC's Emergency Response Data System (ERDSL This application performs the communication and data transmission function which provide near real-time data availability to NRC and state incident response personnel during declared emergencies. The NRC is currently performing Y2K related upgrades to ERDS which will maintain the same communication protocol as the current system with the exception that either 2-digit or 4-digit year fields will be accepted. Those licensees that anticipate changes to their ERDS link should allow time in their schedules for retesting their systems. NRC contractors will support requests for testing on a "first come, first served" basis.
N M / HUSMG 47-07-s ugges ts-a -s t ra tegy-for-devel opi ng-e n dimpl emen t i ng -a-nucl e a r uti-lity-Y2K-program-The-strategy-recognizes-management -implementationrquality a ssu ra nce-regul a tory-cons idera tions--a nd-document a tion-a s-t he-fundament a l
,~
elements-of-e-successful-Y2K project-The-document-contains-additional guidance for-t hese-fundamente 1-elements-The-recommended-components-for-ma ne gemen t planning-are-management-awareness. sponsorship project-leadership-project objectives- project-management-team-management-plan, project-reports-interfacesroesources-oversightrendgaality-assurancerThe-suggested phases-of implementatdon-areewarenes5, i ni tie l-a s s es sment-(which-i ncl udes-i nventory-categorization, classificate-priorit428 tion, and-analysis-of--initial a sses smenth-dete il ed-e sses sment-(-i ncluding-vender-eval ua t ionr utili ty-owned-or
-supported-so f twa re-eva lua ti on ,-interf ace-eval ua t i on , remediel-pionningh remediationrY2K-testing-and-validationrand-notificatic trThe-quality-assurance (QA)-measures-apply-to project-management-0A-and-implementeion-0A-Reguletory con si d era tion s--i nclude-the-pe rforma nce-o f-a pp ropri e t e-rev iews , reporting requi remen ks-a nd-documenta tionrBocument a t-ion-o f-Y2K-program-setiv i ti e s-a nd resul ts-i ncl udes-documenta tion-requirementerproject,nana gemen t-documenta ti oni vendor-documentetion-inventory-+ists, checHists-for--initial-and-detailed a s s e ssment s-a nd-record-reten ti onr NMV NUSMG-W-07-a ls o-con ta i ns-e xa mpl es-o f varions plans-and-checHists-as-eppendices-The staff believes that the guidance in NET /NUSMG 97-07, when properly implemented, is an acceptablewiH-present-en-appropriate approach for licensees to address the Y2K problem at nuclear power plant facilities.
5
4 4 In the course of implementing the Y2K readiness program, problems could be identified that potentially impact the licensing basis of the plants. In certain cases, license amendments may be needed to address the problem resolution.
Licensees should submit such license amendments to the NRC on a timely basis. The utility Y2K readiness programs and schedules should have the flexibility to accommodate such an eventuality. In addition. licensces are reminded that any changes to their facilities that impact their current licensing basis must be reviewed in accordance with existing NRC requirements and the change properly documented.
Required Response '
In order to gain the necessary assurance that addressees are effectively addressing the Y2K problem and are in compliance with the terms and conditions of their licenses and NRC regu'ations, the NRC staff requires that all addressees submit a written response to this generic letter as follows:
- 1. Within 90 days of the date of this generic letter, submit a written response indicating whether or not you have pursued and are continuing to pursue a v
readiness program as outlined in NEI/NUSMG 97-07. If you are not conformire to the NEI/NUSMG guidance, present a brief description of the program (s) that have already been completed, are being conducted, or are planned to ensure Y2K readiness of the computer systems at your facility (ies). This response should address the program's scope, assessment process, and-plans for corrective actions (including testing, and schedules), quality assurance measures, and regulatory compliance.
- 2. Ilo0pon-complet-ing-your-Y2K-readiness-program-or-in-any-eventrno later than July 1,1999, submit a written response confirming that your facility is Y2K ready, or if your program is incomplete'a: of that date, indicate your schedule for-' attaining the status. of -Y2K Ready.-end-in-compliance-with-the-terms-and cond i t-i ons-o byou r-l i cens e fs -)-a nd-NRC-regula ti ons--I n-c dd i tion r th e-res pon s e should-contain-a-status-report-of-work-remaining-to-be-done-to-complete your-Y2K program-inclut tcomplet-ion-schedules. {"Y2K-Ready'is-defined-es-a-computer
. sys tem-o r-a pplica tion-t ha t-ha s-been-determi ned-tebe-sui ta bl e-for-conti nued-us e inte-the year-2000-even-though-the-computer-system-or-application-is-not-fully Y2K-Compliant. "Y2K-Compliant"-isdefined-es-computtr-systems-or-applications t ha t-accura tely-proces s-da te/ time-da ta (including-but-not-limited-to-ca l cul a t-i ng-compa ring r and-sequenci ng)-f romri ntee nd-be tween -the-twen ti eth-e nd twenty-f i rs t-cen tu ries nt he-yea rs-1999-e nd -2000-a nd-l ea p-yea r-c a lcul a ti onsr}
6
_ - - - . - _ - _ - . - -~ . .. . . - . . - -
Address the written reports to the U.S. Nuclear Regulatory Commission. Attention:
Document Control Desk, Washington, D.C. 20555-0001, under oath or affirmation under the provisions of Section 182a Atomic Energy /ct 1954, as amended, and 10 CFR 50.54(f). In addition, submit a copy to the appropriate regional administrator.
Backfit Discussion This generic letter only requests informatior, from addressees under the provisions of Section 182a of the Atomic Energy Act of 1954, as amended, and 10 CFR 50.54(f). The requested information will enable the staff to verify that each
, nuclear power plant licensee is implementing an effective plan to address the Y2K -
problem and provide for safe operation of the facility before January 1, 2000, and is in compliance with the terms and conditions of their license (s) and NRC regulations. The following NRC regulations are a basis for this request:
10 CFR 50.36. " Technical Specifications " paragraph (c)(3), " Surveillance requiremtnts " and paragraph (c) (5), " Administrative controls." These relate, respectively, to requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained, and to provisions relating to management, procedures, record keeping, and review and audit necessary to assure operation of the facility in a safe manner.
10 CFR 50.47, " Emergency plans." paragraph (b)(8), which relates to the provision and maintenance of adequate emergency facilities and equipment to support the
, emergency responses.
Appendix B to 10 CFR Part 50. Criterion Ill. " Design Control." requires that design control measures shall provide for verifying or checking the adequacy of design, such as by the performance of design reviews, by the use of alternate or simplified calculational methods, or by the performance of a suitable testing program, Appendix B to 10 CFR Part 50, Criterion XVII. " Quality Assurance Records "
requires that sufficient records shall be maintained to furnish evidence of activities affecting quality. The records are to include, among others, operating logs and results of reviews.
Appendix E to 10 CFR 50, Section VI, "Energency Response Data System" which relates to the provision and maintenance of licensee links to the Emergency Response Data System.
7 4- r , , , - , - >
In addition, the following requirements from Appendix A to 10 CFR Part 50,
" General Design Criteria for Nuclear Power Plants", also provide a basis for the request: (In the statement of consideration (SOC) for the amendment to 10 CFR l' art 50 which added Appendix A. " General Design Criteria for Nuclear Power Plants," published in the Federal Reg ater on Februery 20, 1971, the Commission noted that the general design criteria cdded as Appendix A to Part 50 establish the minimum requirements for the principal design criteria for water cooled nuclear power plants similar in design and location to plants for which construction permits have been--issued by the Commission. Principal design criteria established by an applicant and accepted by the Commission will be incorporated by reference in the construction permit. The S0C also notes that in considering the issuance of an operating license under Part 50, the Commission will require assurance that these criteria have been satisfied in the detailed design and construction of the facility and any changes in such criteria are justified. It should be noted that a proposed Appendix A to 10 CFR Part 50 was published in the Federal Register on July 11, 1967, and the comments and suggestions received in response to the notice of proposed rule making and subsequent developments in the technology and in the licensing process have been
. considered in developing the general design criteria.)
L Appendix A to 10 CFR Part 50. General Design Criterion (GDC) 13. " Instrumentation and control." which addresses the provision of appr griate instrumentation and controls to monitor and control systems and variables <1uring normal operation, anticipated operational occurrences, and accident conditions as appropriate to ensure adequate safety.
Appendix A to 10 CFR Part 50 GF,19. " Control room," which requires the provision of a control room from which actions can be taken to operate the nuclaar plant safely, Appendix A to 10 CFR Part 50 GCC 23. " Protection system failure modes," which requires that the protection system shall be designed to fail into a safe state or into a state demonstrated to be acceptable on come other defined basis.
8 I
4