ML060060427
| ML060060427 | |
| Person / Time | |
|---|---|
| Site: | Oconee  |
| Issue date: | 01/11/2006 |
| From: | Catherine Haney Plant Licensing Branch III-2 |
| To: | Brandi Hamilton Duke Energy Corp |
| Olshan L N, NRR/DLPM, 415-1419 | |
| References | |
| TAC MC5895, TAC MC5896, TAC MC5897 | |
| Download: ML060060427 (7) | |
Text
January 11, 2006 Mr. Bruce H. Hamilton Vice President, Oconee Site Duke Energy Corporation 7800 Rochester Highway Seneca, SC 29672
SUBJECT:
REVIEW ISSUES FOR DIGITAL UPGRADE OF RPS/ESPS FOR OCONEE NUCLEAR STATION, UNITS 1, 2, AND 3 (TAC NOS. MC5895, MC5896, AND MC5897)
Dear Mr. Hamilton:
This letter is to notify you of concerns about your February 14, 2005, license amendment request for a digital upgrade of the reactor protective system (RPS) and the engineered safeguards protective system (ESPS) for Oconee Nuclear Station, Units 1, 2, and 3. You have proposed to replace the current analog-based RPS/ESPS with a digital-based Framatome TELEPERM XS system that will perform all the functions that are now being performed by separate analog systems.
On July 27, 2005, the Nuclear Regulatory Commission (NRC) sent you a detailed letter containing a number of staff concerns on the design process and system architecture in which the staff stated that it was premature to assume that the concerns could be favorably resolved or that approval would be received by your need date. Although progress has been made on the issues identified in the July 27, 2005, letter, most of our concerns have not been completely resolved. Factors contributing to the delays in resolving these issues include (1) incomplete response to our September 6, 2005, request for additional information, (2) many documents we have requested have been provided in a preliminary form that are either draft, under revision, or have not received final approval, and (3) much of the preliminary information is un-docketed.
When we conducted our review at your vendors offices in November 2005, we found your development of the design was not complete. While this limited review did not identify any specific issues with software development, the NRC noted that many of your planning, requirements and specification documents were in either draft form or undergoing revision.
Consequently, additional review of the design and development processes is required.
The preliminary status of key documents has significantly delayed our ability to evaluate the adequacy of your design and quality assurance processes. As you know, our review is focusing on these processes to ensure development of a safe and high-quality system. It is important to note that digital instrumentation and control (I&C) systems are fundamentally different from analog I&C systems because (1) minor errors in design and implementation can cause these systems to exhibit unexpected behavior, (2) the performance of digital systems over the entire range of input conditions cannot generally be inferred from testing of a sample of input conditions, and (3) the use of inspections, type testing, and acceptance testing of digital systems and components does not alone accomplish design qualification at high confidence levels. With this in mind, the NRCs approach to the review of design qualification for digital
B. Hamilton systems, depends, to a large extent, on confirming that you employ a high-quality development process that incorporates disciplined specification and implementation of design requirements.
NRC also reviews the inspection and testing used to verify correct implementation and to validate desired functionality of the final product. However, confidence that isolated, discontinuous point failures will not occur is derived from the discipline of your development process. Therefore, our assessment that you have implemented a disciplined, high-quality development process will be an important aspect of our overall conclusion on this application.
At this point in our review, there are also unresolved technical issues. Some of the significant issues are the lack of isolation between safety and non-safety systems and interconnections between safety-related channels, both discussed in the July 27, 2005, letter. The NRC staff continues to evaluate the overall acceptability of the consolidation of all RPS and ESPS functions as previously discussed with you at numerous meetings. Further, our review of the preliminary documentation has identified possible specification and design errors. Additionally, there a number of new features associated with the design, such as lead/lag modules, emergency override functions, and unused time delays which are complicating the review.
The NRC is committed to the licensing of advanced designs including digital technology provided that they assure the necessary levels of safety delivered by current systems are maintained. We have identified issues that raise concerns regarding the completeness and adequacy of your design and of your verification and validation processes. These issues, in turn, raise concerns about the reliance on those processes to develop a high-quality product.
Because of the issues identified to date, NRC will not complete its review by the October 2006 outage at Unit 1. This letter alerts you to this situation so you can make contingency plans.
Further, NRC has suspended its review of your application until such time as final information related to your application has been submitted and docketed. Enclosed with this letter is a list of the areas where final documentation is required to support the review. This information needs to be docketed by February 14, 2006, for NRC to be able to complete its review by February 2007. When the information is docketed, NRC will conduct an acceptance review and notify you of the results.
My staff is available, at your convenience, to discuss these issues and your plans for their resolution. If you have any questions, please contact Leonard N. Olshan at 301 415-1419.
Sincerely,
/RA/
Catherine Haney, Director Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-269, 50-270, and 50-287
Enclosure:
Documents Needed to Support Review of Digital RPS/ESPS cc w/encl: See next page
B. Hamilton systems, depends, to a large extent, on confirming that you employ a high-quality development process that incorporates disciplined specification and implementation of design requirements.
NRC also reviews the inspection and testing used to verify correct implementation and to validate desired functionality of the final product. However, confidence that isolated, discontinuous point failures will not occur is derived from the discipline of your development process. Therefore, our assessment that you have implemented a disciplined, high-quality development process will be an important aspect of our overall conclusion on this application.
At this point in our review, there are also unresolved technical issues. Some of the significant issues are the lack of isolation between safety and non-safety systems and interconnections between safety-related channels, both discussed in the July 27, 2005, letter. The NRC staff continues to evaluate the overall acceptability of the consolidation of all RPS and ESPS functions as previously discussed with you at numerous meetings. Further, our review of the preliminary documentation has identified possible specification and design errors. Additionally, there a number of new features associated with the design, such as lead/lag modules, emergency override functions, and unused time delays which are complicating the review.
The NRC is committed to the licensing of advanced designs including digital technology provided that they assure the necessary levels of safety delivered by current systems are maintained. We have identified issues that raise concerns regarding the completeness and adequacy of your design and of your verification and validation processes. These issues, in turn, raise concerns about the reliance on those processes to develop a high-quality product.
Because of the issues identified to date, NRC will not complete its review by the October 2006 outage at Unit 1. This letter alerts you to this situation so you can make contingency plans.
Further, NRC has suspended its review of your application until such time as final information related to your application has been submitted and docketed. Enclosed with this letter is a list of the areas where final documentation is required to support the review. This information needs to be docketed by February 14, 2006, for NRC to be able to complete its review by February 2007. When the information is docketed, NRC will conduct an acceptance review and notify you of the results.
My staff is available, at your convenience, to discuss these issues and your plans for their resolution. If you have any questions, please contact Leonard N. Olshan at 301 415-1419.
Sincerely,
/RA/
Catherine Haney, Director Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-269, 50-270, and 50-287
Enclosure:
Documents Needed to Support Review of Digital RPS/ESPS cc w/encl: See next page Distribution:
Public RidsNrrLAMOBrien(hard copy)(2) BSingal,DORL DPR LPL2-1 r/f RidsOgcRp RidsNrrDorlLplc(EMarinos) RidsAcrsAcnwMailCenter RidsNrrPMLOlshan(hard copy) RidsRgn2MailCenter(MErnstes)
Accession Number: ML060060427 NRR-106 OFFICE NRR/LPL2-1/PM NRR/LPL2-1/LA NRR/LPL2-1/BC NRR/DORL/D NRR/DE/D NAME LOlshan:ckg MOBrien EHackett for CHaney MMayfield EMarinos DATE 1/11/06 1/11/06 1/11/06 1/11/06 1/11/06 OFFICIAL RECORD COPY
DOCUMENTS NEEDED TO SUPPORT REVIEW ISSUES FOR DIGITAL UPGRADE OF REACTOR PROTECTIVE SYSTEM/ENGINEERED SAFEGUARDS PROTECTIVE SYSTEM (RPS/ESPS) FOR OCONEE NUCLEAR STATION, UNITS 1, 2, AND 3 (OCONEE 1/2/3, ONS 1, 2, & 3)
The documents listed below are needed to support the review and prepare the Nuclear Regulatory Commission (NRC) staffs safety evaluation (SE). It will take at least 12 months to review and analyze these documents and to write the SE. In order to meet a February 2007 completion date, these documents need to be docketed in their final approved version no later than February 14, 2006. If you have previously submitted a document in the list, please indicate when, and how, that document was submitted to meet the requirements of Title 10 of the Code of Federal Regulations Part 50, Section 50.4.
This list represents the basic information needed to restart the review. During the course of the review, the documents below may reference documents which may also be required. NRC will initiate requests for additional information as appropriate. This list does not include the procedures and test reports for the factory acceptance tests and site acceptance tests. This information needs to be provided when it is available. However, submission after July 1, 2006, could delay the February 2007 completion date.
Document Title Doc. No.
Detailed System Architecture Unknown Oconee 1 RPS&ESFAS (Engineered Safety Features Activation RTM System) Requirements Traceability Matrix Teleperm XS Product Information on Release 3.0.7A of TXS Software 2005/26 Oconee Nuclear Station TXS RPS/ESPS Replacement System 38-5069821 Cabinet Design: 1PPSCA0005 Oconee Nuclear Station TXS RPS/ESPS Replacement System 38-5069822 Cabinet Design: 1PPSCA0006 ONS Units 1,2, & 3 RPS/ESFAS Controls Upgrade Failure Mode and 51-5023886 Effects Analysis ONS 1, 2, & 3 RPS/ESF Controls Upgrade, Design Specification for 51-5045379 Key Locks and Key Switches*
Software Requirements Specification, ONS-1 RPS/ESF Software 51-5045380 Requirements Specification (QA1)
Oconee Unit 1: RPS and ESFAS Replacement Project Open Item 51-5052833 Form, "HW Typicals for CRD (Control Rod Drive) UV (under voltage) Test Jacks," Doc Step 3.12*
ONS 1, 2, & 3 RPS/ESF Controls Upgrade Hardware Design 51-5052833 Solutions ONS Unit 1 - RPS & ESFAS Configuration Management Plan 51-5055761 Oconee Nuclear Station, Units 1, 2, & 3 RPS/ESF Controls Upgrade 51-5058134 ID Coding Concept*
ONS Units 1,2, & 3 RPS/ESFAS Controls Upgrade Verification and 51-5058661 Validation Plan ONS Unit 1 RPS/ESFAS Controls Upgrade Software Design 51-5065423 Description
- Document not requested in September RAI Enclosure, page 1 of 3
Document Title Doc. No.
Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade 51-5066516 Software Requirements Review Report ONS Unit 1 - RPS & ESFAS Factory Acceptance Test Plan 51-9001334 Dedication Package for Absopulse Power Supply 51-9002116 ONS Units 1,2, & 3 RPS/ESFAS Controls Upgrade Software Safety 51-9005043 Plan ONS Units 1,2, & 3 RPS/ESFAS Controls Upgrade Software 51-9008803 Installation Plan TXS Supplemental EQ (Equipment Qualification) Summary Test 66-5015893 Report ONS RPS/ESFAS Replacement Project EQ Summary Test Report 66-5065212 TÜV Certificate on Communication Processor 968/K 110/02 TÜV Documentation on SCP2 Testing 968/K 110.01/02 TÜV Certificate on Processing Module 968/K 109/02 FANP (Framatome ANP) Report, "TELEPERM XS Simulation - NGLP/2004/en/0094 Concept of Validation and Verification,"*
Configuration Management NSD 106 Software and Data Quality Assurance (SDQA Program NSD 800 Reactor Building Narrow Range Pressure Instrument Loop Accuracy OSC-2495 Calculation (ESFAS)
Setpoint Calculations - Wide Range RCS (Reactor Coolant System) OSC-2759 Pressure Uncertainty, (ESFAS HPI (High-Pressure Injection) &
LPI (Low-Pressure Injection) Setpoints)
Setpoint Calculations - RPS Main Feedwater Pump Pressure OSC-3395 Instrument Loop Accuracy Calculation Setpoint Calculations - RPS Flux/Flow Ratio Uncertainty Evaluation OSC-3416 Setpoint Calculations - Reactor Building Pressure Instrument Loop OSC-3446 Accuracy Calculation (ESFAS & RPS)
Setpoint Calculations - RPS RCS Pressure & Temperature Trip OSC-4048 Function Uncertainty Analysis and Variable Low Pressure Safety Limit Setpoint Calculations - Power-Imbalance Safety Limits and Tech. OSC-5604 Spec. Setpoints Using Error-Adjusted Flux/Flow Ratio of 1.094 Setpoint Calculations - RPS High Flux and Pump/Power Monitor Trip OSC-7237 Function Uncertainty Analysis ONS Unit 1 - RPS & ESFAS System Functional Description OSC-8623 Engineered Safeguard Feature Actuation System (ESFAS) OSS-0311.00-00-0012 Replacement Project Specification Reactor Protection System (RPS) Replacement Project Specification OSS-0311.00-00-0013 Duke Power Company, Oconee Nuclear Station, "Nuclear Procedure No.
Instrumentation RPS Removal from and Return to Service for IP/0/A/0305/015 Channels A, B, C and D, Rev. 031, ETQS No. RPS-Q-ENTRY"*
Documentation of Software Requirements and SDQA for RPS/ESFAS SDQA-10143-ONS System Replacement
- Document not requested in September RAI Enclosure, page 2 of 3
Document Title Doc. No.
SIVAT LSELS Specifications, Job 4310002, Outputs: EFHV0037* Test Case L010400A Teleperm XS Function Blocks, Version 2.60 TXS-1003-76-V10.0/01.04 FB-ADDON, Version 1.2*
SIVAT-TXS Simulation Based Validation Tool, Version 1.4.0* TXS-1047-76-V2.0/01.04
- Document not requested in September RAI Enclosure, page 3 of 3
Oconee Nuclear Station, Units 1, 2, and 3 cc:
Ms. Lisa F. Vaughn Mr. R. L. Gill, Jr.
Duke Energy Corporation Manager - Nuclear Regulatory 526 South Church Street Issues and Industry Affairs P. O. Box 1006 Duke Energy Corporation Mail Code = EC07H 526 S. Church St.
Charlotte, North Carolina 28201-1006 Mail Stop EC05P Charlotte, NC 28202 Manager, LIS NUS Corporation Division of Radiation Protection 2650 McCormick Dr., 3rd Floor NC Dept of Environment, Health, & Natural Clearwater, FL 34619-1035 Resources 3825 Barrett Dr.
Senior Resident Inspector Raleigh, NC 27609-7721 U.S. Nuclear Regulatory Commission 7812B Rochester Highway Mr. Peter R. Harden, IV Seneca, SC 29672 VP-Customer Relations and Sales Westinghouse Electric Company Mr. Henry Porter, Director 6000 Fairview Road Division of Radioactive Waste Management 12th Floor Bureau of Land and Waste Management Charlotte, NC 28210 Dept. of Health and Env. Control 2600 Bull St. Mr. Henry Barron Columbia, SC 29201-1708 Group Vice President, Nuclear Generation and Chief Nuclear Officer Mr. Michael A. Schoppman P.O. Box 1006-EC07H Framatome ANP Charlotte, NC 28201-1006 1911 North Ft. Myer Dr.
Suite 705 Rosslyn, VA 22209 Mr. B. G. Davenport Regulatory Compliance Manager Oconee Nuclear Site Duke Energy Corporation ON03RC 7800 Rochester Highway Seneca, SC 29672 Ms. Karen E. Long Assistant Attorney General NC Department of Justice P.O. Box 629 Raleigh, NC 27602