ML052870232
| ML052870232 | |
| Person / Time | |
|---|---|
| Site: | Nuclear Energy Institute, PROJ0669 |
| Issue date: | 10/18/2005 |
| From: | Berkow H NRC/NRR/DLPM/LPD4 |
| To: | Pietrangelo A Nuclear Energy Institute |
| Jaffe D, NRR/DLPM, 415-1439 | |
| References | |
| TR-1002835 | |
| Download: ML052870232 (6) | |
Text
October 18, 2005 Anthony R. Pietrangelo Senior Director, Risk Regulation Nuclear Generation Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708
SUBJECT:
COMMENTS REGARDING TOPICAL REPORT TR-1002835, "GUIDELINE FOR PERFORMING DEFENSE-IN-DEPTH AND DIVERSITY ASSESSMENTS FOR DIGITAL UPGRADES: APPLYING RISK-INFORMED AND DETERMINISTIC METHODS"
Dear Mr. Pietrangelo:
By letter dated March 11, 2005, the U.S. Nuclear Regulatory Commission (NRC) informed you of its plan to treat the subject topical report (TR) as a draft, have the pre-submittal meeting, and give you feedback at the meeting (i.e., to the extent possible, identify any concerns about the viability or completeness of the TR) to consider before revising and submitting the TR formally.
Subsequently, on April 21, 2005, representatives of the Electric Power Research Institute met with the NRC staff to outline the objective and technical approach of the subject TR. During this pre-submittal meeting, the NRC staff stated that they would provide written comments concerning the TR.
The enclosure contains the comments concerning the subject TR. Please review these comments in preparation for the formal submittal of the TR.
Sincerely,
/RA/
Herbert N. Berkow, Director Project Directorate IV Division of Licensing Project Management Office of Nuclear Reactor Regulation Project Nos. 669 and 689
Enclosure:
Comments on TR cc w/encl: See next pages
October 18, 2005 Anthony R. Pietrangelo Senior Director, Risk Regulation Nuclear Generation Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708
SUBJECT:
COMMENTS REGARDING TOPICAL REPORT TR-1002835, "GUIDELINE FOR PERFORMING DEFENSE-IN-DEPTH AND DIVERSITY ASSESSMENTS FOR DIGITAL UPGRADES: APPLYING RISK-INFORMED AND DETERMINISTIC METHODS"
Dear Mr. Pietrangelo:
By letter dated March 11, 2005, the U.S. Nuclear Regulatory Commission (NRC) informed you of its plan to treat the subject topical report (TR) as a draft, have the pre-submittal meeting, and give you feedback at the meeting (i.e., to the extent possible, identify any concerns about the viability or completeness of the TR) to consider before revising and submitting the TR formally.
Subsequently, on April 21, 2005, representatives of the Electric Power Research Institute met with the NRC staff to outline the objective and technical approach of the subject TR. During this pre-submittal meeting, the NRC staff stated that they would provide written comments concerning the TR.
The enclosure contains the comments concerning the subject TR. Please review these comments in preparation for the formal submittal of the TR.
Sincerely,
/RA/
Herbert N. Berkow, Director Project Directorate IV Division of Licensing Project Management Office of Nuclear Reactor Regulation Project Nos. 669 and 689
Enclosure:
Comments on TR cc w/encl: See next pages DISTRIBUTION:
PUBLIC RidsNrrPMDJaffe RidsNrrDlpmLpdiv1(DTerao)
PDIV-2 Reading RidsNrrLADBaxley RidsNrrDlpmLpdiv2(DCollins)
RidsNrrDlpm (TMarsh) RidsOgcRp RidsNrrDlpmLpdiv (HBerkow) RidsAcrsAcnwMailCenter ACCESSION NO.: ML052870232 NRR-106 OFFICE PDIV-1/PM PDIV-1/LA PDIV-2/SC PDIV/D NAME DJaffe DBaxley DTerao HBerkow DATE 10/18/05 10/18/05 10/18/05 10/18/05 OFFICIAL RECORD COPY
NRC COMMENTS REGARDING EPRI TOPICAL REPORT TR-1002835 GUIDELINE FOR PERFORMING DEFENSE-IN-DEPTH AND DIVERSITY ASSESSMENTS FOR DIGITAL UPGRADES: APPLYING RISK-INFORMED AND DETERMINISTIC METHODS Electric Power Research Institute (EPRI) TR-1002835 proposed three methods for performing defense-in-depth and diversity (D3) evaluations: 1) an extended deterministic method; 2) a simplified risk method; and 3) a standard risk-informed method. The extended deterministic method proposes to reduce the number of common cause failures (CCFs) to be evaluated against Safety Analysis Report (SAR) sequences by taking credit for defensive measures against CCFs. The criteria for screening out CCFs need additional detail and technical justification to support decision making and those criteria should be illustrated by examples.
- 1. The simplified risk method needs to be described in more detail. This method appears to require information and analysis that are not available in existing probabilistic risk assessments (PRAs). The modeling methods needed to support the standard risk-informed method are not currently available. The NRC staff believes that the methods for identifying failure modes, modeling their effects, and estimating probabilities of digital failures and digital CCFs have not been demonstrated. EPRI guidance with respect to establishing digital system modeling techniques is unclear. Both the data requirements and the PRA modeling techniques are not fully developed by the topical report. External events are not discussed with respect to the PRA analysis.
- 2. EPRI TR-1002835 does not specify how to develop a reliability model of digital systems and acknowledges the weaknesses of the state-of-the-art modeling digital systems. The D3 method recommended by EPRI is based on using defensive measures against
- 1) functional specification faults, 2) faults in software-based programmable equipment, and 3) digital design faults in smart devices. EPRI concluded that, with appropriate measures, there should be reasonable assurance that digital failures and digital CCFs are highly unlikely and much less likely than single failures assumed as part of a plants design basis. This conclusion is not justified by the information presented in the topical report.
- 3. The NRC staff finds that assumptions/statements made throughout the reports need supporting information data to substantiate the conclusion. For example, the report states that the addition of new equipment (assumed to be diverse backup) can have a negative impact on plant safety and that this additional risk should be evaluated, but there are no data present to substantiate the conclusion.
- 4. The NRC staff finds that the relationship of single failure and CCF needs to be clarified in the EPRI discussion. CCF is considered a subset of single failure. The topical report differentiation of CCF and single failure may be incorrect. IEEE-379 states that certain CCFs will be treated as single failures.
- 5. EPRI TR-1002835 requires additional information on how to perform D3 reviews, and needs more information, data, and analysis to support the topical report conclusions ENCLOSURE
associated with modeling methods and D3 defensive measures.
- 6. Based on NRC staff review of Regulatory Guide (RG) 1.174 and the Standard Review Plan, Chapter 19, it is not clear that the approach described in EPRI TR-1002835 for a limited D3 assessment with respect to the low likelihood of a single failure is justified.
Risk-informed approaches allow risk to be considered when performing a defense-in-depth analysis. However, the guidance in RG 1.174 provides that the risk informed approach be consistent with the defense-in-depth philosophy. That consistency is supported by, among other things, maintaining and preserving system redundancy, independence and diversity, and defenses against potential CCFs. The NRC staffs preliminary review has determined that the limited D3 review approaches proposed in the EPRI topical report do not appear to be consistent with RG 1.174. Note that approaches that are not consistent with existing guidance typically require additional review and analysis to determine whether or not they can be approved. Accordingly, the NRC staff cannot provide assurance that the proposed approach would be found acceptable.
Electric Power Research Institute Project No. 669 cc:
Mr. David J. Modeen Vice President and Chief Nuclear Officer EPRI 1300 W. T. Harris Boulevard Charlotte, NC 28262 Mr. James Lang, Director EPRI 1300 W.T. Harris Boulevard Charlotte, NC 28262 Mr. Warren Bilanin, Director EPRI 3412 Hillview Avenue Palo Alto, CA 94304 Mr. Alexander Marion Senior Director, Engineering Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708 Mr. Gary L. Vine, Executive Director Federal and Industry Activities, Nuclear Sector EPRI 2000 L Street, NW, Suite 805 Washington, DC 20036
Nuclear Energy Institute Project 689 cc:
Ms. Lynette Hendricks, Director Licensing Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708 Mr. Michael Shoppman Nuclear Energy Institute 1776 I Street, NW, Suite 400 Washington, DC 20006-3708 Mr. Pedro Salas -
Licensing & Industry Affairs Manager Tennessee Valley Authority P.O. Box 2000, OPS 4C-SQN Soddy Daisy, TN 37384 Ms. Barbara Lewis Assistant Editor Platts, Principal Editorial Office 1200 G St., N.W., Suite 1100 Washington, DC 20005 Mr. Gary Welsh Institute of Nuclear Power Operations Suite 100 700 Galleria Parkway, SE Atlanta, GA 30339-5957