ML071380511

From kanterella
Jump to navigation Jump to search

Acceptance Review of Licensee'S Application for Main Steam and Feedwater Isolation System Controls Modification
ML071380511
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 05/29/2007
From: John Lubinski
Plant Licensing Branch III-2
To: Muench R
Wolf Creek
Donohew J N, NRR/DORL/LP4, 415-1307
References
TAC MD4839
Download: ML071380511 (14)
v  d  e


Text

May 29, 2007 Mr. Rick A. Muench President and Chief Executive Officer Wolf Creek Nuclear Operating Corporation Post Office Box 411 Burlington, KS 66839

SUBJECT:

WOLF CREEK GENERATING STATION - ACCEPTANCE REVIEW OF LICENSEES APPLICATION FOR MAIN STEAM AND FEEDWATER ISOLATION SYSTEM CONTROLS MODIFICATION (TAC NO. MD4839)

Dear Mr. Muench:

By letter dated March 14, 2007 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML070800193), Wolf Creek Nuclear Operating Corporation (the licensee) submitted a license amendment request (LAR) to, in part, (1) modify the safety-related main steam and feedwater isolation system (MSFIS), which is an engineered safety features actuation system, and (2) amend the associated Technical Specifications for the MSFIS, for Wolf Creek Generating Station. This application was supplemented by the letter dated April 18, 2007 (ADAMS Accession No. ML071160332).

In our initial review of the application, we determined that the application did not include sufficient information to allow us to accept the application and start a detailed review of the proposed modification of the MSFIS controls. The acceptance review determines whether or not there is sufficient detail to allow the NRC staff to proceed with its detailed technical review.

The review also ensures that the application adequately characterizes the regulatory requirements and licensing basis of the plant.

Since the application was submitted, we have interacted with your staff to determine if sufficient information has been provided for us to begin our review of the application and, if not, to determine when it will be submitted. The supplemental letter of April 18, 2007, was submitted during these interactions. These interactions culminated in the meeting held with your staff on May 17, 2007. In the meeting, we identified and discussed 22 areas of information needed for our review of the MSFIS modification. This information is described in the enclosure to this letter.

The purpose of the May 17, 2007, meeting was to determine where your staff is in the development life cycle of the MSFIS modification project, and what of the information needed by us to both initiate and complete our review is available and has been submitted, or the time frame in which the information will be submitted. We explained in the meeting that our review focuses on the discipline and rigor of your process to develop the MSFIS modification. In an application like the MSFIS modification, it is important to note that digital instrumentation and control (I&C) systems are fundamentally different from analog I&C systems because (1) minor errors in design and implementation can cause digital systems to exhibit unexpected behavior; (2) the performance of digital systems over the entire range of input conditions can not

R. A. Muench generally be inferred from testing of a sample of input conditions; and (3) the use of inspections, type testing, and acceptance testing of digital systems and components does not alone accomplish design qualification at high confidence levels. With this in mind, our approach to the review of design qualification for digital systems depends, to a large extent, on confirming that you have employed a high-quality development process that incorporates a disciplined specification and implementation of design requirements. We also review the inspection and testing used to verify correct implementation and to validate correct functionality of the final product. However, confidence that isolated, discontinuous point failures will not occur is derived from the discipline of the your development process. Therefore, our assessment that you have implemented a disciplined, high-quality development process will be an important aspect of our overall conclusion on this application.

As previously noted, at the May 17, 2007, meeting, we discussed the information needed to begin our review of the LAR (enclosed). In the meeting the staff also acknowledged that some of the needed information will not be completed until near the end of our review of the LAR.

Your staff stated that it would provide the necessary information for the following areas, as discussed in the enclosure, such that we can initiate our review of the application:

  • 1, Commercial-grade Dedication Process
  • 2, Verification & Validation (V&V) Plans and Procedures
  • 3, Configuration Management (CM) Plans
  • 4, Quality Assurance Plans and Procedures
  • 5, Management Plans
  • 6, Development Plan
  • 7, Test Plan
  • 8, Installation Plan
  • 9, Maintenance Plan
  • 10, Safety Plan
  • 11, Requirements Specifications
  • 13, Design Specifications
  • 18, Diversity and Defense-in-Depth Analysis
  • 21, The Standard Used by CS Innovations During the Design Process Your staff stated that it would submit the information for the above areas within 1 month of the meeting, June 18, 2007, except for the following:
  • For area 7 above, Test Plan, you would provide the system test plan developed by Baseline Engineering (7.A) and a schedule for submitting the test plans for CS Innovations (7.B) and Nutherm International (7.C).
  • For area 10 above, Safety Plan, you would provide the safety plan for CS Innovations (10.A) and your staffs evaluation and acceptance of the CS Innovations safety plan (10.C) within 1 month. The representative from Nutherm International was not sure if the Nutherm International safety plan had been completed and evaluated by the licensee. If this plan has not been completed, you will provide a schedule for when the Nutherm International safety plan and your staffs evaluation of that plan will be submitted.

R. A. Muench For those areas of information identified in the enclosure that are not expected to be completed until later in the development process, your staff stated that it would also provide the schedule for submitting the information to NRC by June 18, 2007.

Upon receipt of this supplemental information, we will continue our acceptance review of the application and determine whether sufficient information has been provided for us to start our review of the proposed MSFIS modification and whether the schedule for providing the remaining information will support the timely completion of our review. The start of our review will begin when we conclude that the supplemental information and the schedule for the remaining information is acceptable. If the response is not provided by June 18, 2007, or does not provide the information needed for us to begin our review, or does not commit to provide the remaining information on an acceptable schedule, as discussed in the meeting of May 17, 2007, we may proceed to act on your application for the MSFIS modification consistent with 10 CFR 2.108, Denial of application, for failure to submit sufficient information in the application. We will notify you when we complete our acceptance review.

As stated at the May 17, 2007, meeting, your requested approval date of December 31, 2007, at this time represents a very aggressive schedule. This combined with your incomplete application to date prevents us from committing at this point to meet your requested approval date. At the meeting, your staff stated that it was making contingency plans so that the proposed replacement of the main steam and main feedwater isolation valves, and their actuators, which is also in the LAR, could be replaced in the spring 2008 outage without the MSFIS modification. Because your staff had previously stated the MSFIS modification was needed for the valve replacement, we had put the review of the valve replacement on hold because of the incomplete application for the MSFIS modification. This letter is, therefore, also to inform you that we are now in the process of restarting the review on the valve replacement.

If you have any questions concerning this letter, contact Jack N. Donohew, your project manager, at (301) 415-1307.

Sincerely,

/RA/

John W. Lubinski, Deputy Director Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-482

Enclosure:

Documentation Needed for Staff Review of the Wolf Creek MSFIS Actuation System cc w/encl: See next page

ML071380511 NRR-004 OFFICE NRR/LPL4/PM NRR/LPL4/LA EICB/BC DE/D NRR/LPL4/BC DORL/DD NAME JDonohew:sp JBurkhardt AHowe MGalloway for THiltz JLubinski PHiland DATE 5/24/07 5/21/07 5/24/07 5/24/07 5/25/07 5/29/07 Wolf Creek Generating Station cc:

Jay Silberg, Esq. Chief, Radiation and Asbestos Control Pillsbury Winthrop Shaw Pittman LLP Section 2300 N Street, NW Kansas Department of Health Washington, D.C. 20037 and Environment Bureau of Air and Radiation Regional Administrator, Region IV 1000 SW Jackson, Suite 310 U.S. Nuclear Regulatory Commission Topeka, KS 66612-1366 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011 Vice President Operations/Plant Manager Wolf Creek Nuclear Operating Corporation Senior Resident Inspector P.O. Box 411 U.S. Nuclear Regulatory Commission Burlington, KS 66839 P.O. Box 311 Burlington, KS 66839 Supervisor Licensing Wolf Creek Nuclear Operating Corporation Chief Engineer, Utilities Division P.O. Box 411 Kansas Corporation Commission Burlington, KS 66839 1500 SW Arrowhead Road Topeka, KS 66604-4027 U.S. Nuclear Regulatory Commission Resident Inspectors Office/Callaway Plant Office of the Governor 8201 NRC Road State of Kansas Steedman, MO 65077-1032 Topeka, KS 66612 Attorney General 120 S.W. 10th Avenue, 2nd Floor Topeka, KS 66612-1597 County Clerk Coffey County Courthouse 110 South 6th Street Burlington, KS 66839 February 2006

DOCUMENTATION NEEDED FOR NRC STAFF REVIEW OF THE WOLF CREEK MSFIS ACTUATION SYSTEM This information request addresses areas where supplemental information is requested for the Nuclear Regulatory Commission (NRC) staff to determine if the specification, design, development, test, production, verification and validation, and commercial-grade dedication processes were of sufficient high quality to result in a product useable in a safety-related application at a nuclear power plant.

It is understood that each of the documents listed below may not be an independent document, and that several of these documents may be combined, or that the information may be contained in several documents. If this is the case, it is requested that the licensee provide a reference document showing where the various information may be found.

It is also understood that some documentation, particularly that concerning the later stages of the life-cycle process, may not yet be completed and ready for submittal to the NRC. In those cases, a schedule for submission of these documents is needed to understand the scope of the additional information that will be submitted later and the schedule when it will be submitted. It is expected, however, that planning documentation and procedures for activities already performed will be available.

1. Commercial-grade Dedication Process The NRC staff needs to understand how the commercial-grade dedication process is being accomplished.

A. The documentation on the selection of Nutherm International as the Appendix B commercial-grade dedication contractor. This should include the determination that Nutherm International has the personnel and experience necessary to perform this type of commercial-grade dedication.

B. The documentation on the selection of Baseline Engineering as the independent Verification & Validation (V&V) contractor, including the determination that Baseline Engineering has the personnel and experience necessary to perform verification and validation of a process resulting in a product intended for safety-related use in a nuclear power plant, and that this product would be the equivalent of a product designed and manufactured under an Appendix B process.

C. The documentation on the selection of CS Innovations as the commercial-grade design and manufacturing contractor, showing that CS Innovations has the personnel and experience necessary to perform this type of design, and why the licensee believed this design would be capable of commercial-grade dedication to be the equivalent of a product designed and manufactured under an Appendix B process.

D. The documentation of the selection of the Advance Logic System (ALS) product line as suitable for commercial-grade dedication.

E. The documentation of the selection of the basic components contained in the ALS product, such as the basic field programmable gate array (FPGA), the Actel ProASICplus APA600, as suitable for commercial-grade dedication.

F. The documentation of the selection of the software used during the development process as suitable for design and manufacture of product intended for safety-related use in a nuclear power plant, and that this product would be the equivalent of a product designed and manufactured under an Appendix B process.

G. The plans and procedures used by Nutherm International to verify that the quality of design and manufacturing process was sufficient to determine that the FPGA-based MSFIS actuation system was the equivalent of a product designed and manufactured under an Appendix B process. The Nutherm International Dedication Plan, WCN-9715DP mentions this as a critical characteristic for the replacement MSFIS actuation system, but does not discuss how this determination will be made, or what the requirements are.

2. V&V Plans and Procedures The Wolf Creek V&V plan was received. However, the following additional plans and procedures are requested:

A. The V&V plan or whatever plan was used by CS Innovations to assure the correctness of their design.

B. The V&V procedures or whatever procedures were used by CS Innovations to assure the correctness of their design.

C. The V&V plan used by Baseline Engineering to provide independent V&V for the CS Innovations planning, design, and test activities.

D. The V&V procedures used by Baseline Engineering during the independent V&V activities.

E. The Nutherm International V&V plan or whatever plan was used to assure the correctness of the commercial-grade dedication process.

F. The Nutherm International V&V procedures or whatever procedure was used to assure the correctness of the commercial-grade dedication process.

3. Configuration Management (CM) Plans Four CM plans are requested:

A. The plan used by CS Innovations to perform configuration management during the development process. This should show the following items:

  • Method for change control of development and V&V documentation.
  • Version control of pre-released burn or flash lists; version control.
  • Historical recording and archiving of released verified source code modules; historical recording and archiving of verified and validated burn or flash lists.
  • Control of hardware manufacturing.
  • How and where the software tools under configuration management are stored.

B. The plan used by Baseline Engineering during the independent V&V process.

C. The plan used by Nutherm International during the commercial-grade dedication process.

D. The plan which the licensee will use to maintain configuration management after delivery of the MSFIS actuation system.

4. Quality Assurance Plans and Procedures Four Quality Assurance plans are requested:

A. The plans and procedures used by CS Innovations to perform quality assurance activities during the development process.

B. The plans and procedures used by Baseline Engineering to perform quality assurance activities during the independent V&V process.

C. The plans and procedures used by Nutherm International to perform quality assurance activities during the commercial-grade dedication process.

D. The plans and procedures which the licensee used for quality assurance activities during the specification process and will use after delivery of the MSFIS actuation system.

5. Management Plans Four Management Plans are requested:

A. The management plan used by CS Innovations which shows the management characteristics which display the purpose, organization, oversight, responsibilities, and security for this project.

B. The management plan used by Baseline Engineering which shows the management characteristics which display the purpose, organization, oversight, responsibilities, and security for this project.

C. The management plan used by Nutherm International which shows the management characteristics which display the purpose, organization, oversight, responsibilities, and security for this project.

D. The management plan used by the licensee which shows the management characteristics which display the purpose, organization, oversight, responsibilities, and security for this project.

6. Development Plan Four Development Plans are requested:

A. The Development Plan used by CS Innovations which shows the development life-cycle model that will be used in this project, the objectives of each life-cycle activity group and its context within the overall project, and the strategy for managing the technical development effort.

B. The Development Plan used by Baseline Engineering which shows the V&V activities for the development life cycle that will be used in this project, the objectives of each of the phase of the V&V activities for each life-cycle activity group and its context within the overall project, and the strategy for managing the V&V effort.

C. The Development Plan used by Nutherm International which shows the commercial-grade dedication activities to assure high quality of the development life cycle that will be used in this project, the context of each of these activities within the overall project, and the strategy for managing the overall commercial-grade dedication effort.

D. The Development Plan used by the licensee which shows how the licensee will monitor the activities of CS Innovations, Baseline Engineering, and Nutherm International during the life cycle that will be used in this project, and the method to be used by the licensee to determine that the design and commercial-grade dedication process are sufficient to assure that the final product is suitable for safety-related use in a nuclear power plant, and that this product would be the

equivalent of a product designed and manufactured under an Appendix B process.

7. Test Plan Development of a test plan is a V&V activity; therefore, the following information is requested:

A. The Baseline Engineering test plans for the factory and site acceptance tests and for installation tests.

B. The CS Innovations test plans for design tests.

C. The documentation of the Nutherm International review of the test plan.

8. Installation Plan The installation plan is requested. This plan would be specific to the Wolf Creek site, and would be produced by the licensee. There may be input to this plan from the system designer, CS Innovations.
9. Maintenance Plan The maintenance plan is requested. This plan would be specific to the Wolf Creek site, and would be produced by the licensee. The plan should discuss the methods and responsibilities involved with the possible future modifications of the MSFIS actuation system, requirements for documentation and reporting of failures, and requirements for regression testing of any future modifications. The plan may consist of two parts. The first part concerns the those actions by the licensee to maintain the system design, and a second part may be required if the licensee relies on the system vendor to perform certain maintenance functions. The second part would consist of the vendors plans and procedures. For this reason, there may be input to this plan from CS Innovations and Nutherm International.
10. Safety Plan While an FPGA-based system does not have software, it does have a burn or flash list, the correctness of which will determine the proper operation of the FPGA-based system.

This burn or flash list is generated using a variety of software tools, in a manner somewhat analogous to the tools used to generate the operational software of a microprocessor-based system. For this reason, a safety plan which will have some of the characteristics of a software safety plan is requested. There should be three safety plans:

A. The CS Innovations safety plan which describes the safety effort, how the safety activities are coordinated with the development activities, and the interactions between the safety organization and the V&V organization. This plan also needs to discuss the methods to be used to reduce safety risks caused by failures of

the various software tools to an acceptable level. The safety plan should include a requirement that a safety analysis be performed and documented on each of the principal design documents: requirements, design descriptions, and burn or flash list. Hazards, including abnormal events and conditions and malicious modifications, should be analyzed and documented. Hazard reduction efforts should be documented.

B. The Nutherm International safety plan, which shows that commercial-grade dedication of a product designed and built to commercial standards and using commercial processes does not increase the safety risks.

C. The licensee's evaluation and acceptance of the CS Innovations and Nutherm International safety plans.

11. Requirements Specifications The NRC staff has received the Wolf Creek Specification J-105A(Q) for Replacement MSFIS System. At this time, the NRC staff does not need any additional requirements specifications.
12. Requirement Traceability Matrix The Requirement Traceability Matrix for those portions of the design already done, and a schedule for the remainder of the Requirement Traceability Matrix is requested.
13. Design Specifications The NRC staff has received the CS Innovations ALS Level-1 System Specification, revision 1.0. At this time, the NRC staff does not need any additional design specifications.
14. Detailed Architecture Description The following information is requested on the description and the reviews that determined the design is suitable.

A. The CS Innovations detailed architecture description needs to include the system description, processor subsystem, input/output (I/O) subsystem, test subsystem, and any other subsystems as needed. These descriptions should not only be of the electronic part of the system, but also a physical description discussing cabinets used, I/O cabling, interconnect wiring, and general layout.

B. The Nutherm International evaluation of the detailed architecture description, and the reasoning behind the decision that the CS Innovations final product is suitable for safety-related use in a nuclear power plant, and that this product would be the equivalent of a product designed and manufactured under an Appendix B process.

C. The licensee's evaluation and acceptance of the CS Innovations architecture and of the Nutherm International review of that architecture.

15. Flash or Burn List The Flash or Burn List is requested.
16. System Build Documentation A detailed description of the system as it will be installed at Wolf Creek is requested.
17. Test Plans and Documentation These are the test procedures based upon the test plans mentioned in section 7 of this list.

A. Environmental test plans, procedures, and results. The following undocketed reports, which have been received by the NRC staff, should be docketed:

Nutherm Qualification Report WCN-9715R, Rev. 0 Nutherm Qualification Report WCN-9715R, Rev. 0 App. I Nutherm Qualification Report WCN-9715R, Rev. 0 App. II Nutherm Qualification Report WCN-9715R, Rev. 0 App. III Nutherm Qualification Report WCN-9715R, Rev. 0 App. IV Nutherm Qualification Report WCN-9715R, Rev. 0 App. V Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 1 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 2 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 3 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 4 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 5 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 6 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 7 Nutherm Qualification Report WCN-9715R, Rev. 0 App. VI Part 8 B. Factory acceptance test procedures, and results. The NRC staff requests the following four documents for the test procedures and test results:

  • The CS Innovations test procedure and the test results.
  • The Baseline Engineering analysis of the test procedures verifying that the procedures will test the items required by the test plan, and that the results show that the tests demonstrated that the system meets the requirements.
  • The Nutherm International analysis of the CS Innovations and Baseline Engineering analysis reports showing that the tests demonstrated that the final product is suitable for safety-related use in a nuclear power plant,

and that this product is the equivalent of a product designed and manufactured under an Appendix B process.

  • The licensee review and acceptance reports of the previous procedures, results, and analysis.

C. Site acceptance test procedures, and results. The NRC staff requests the following four documents for the test procedures and test results:

  • The CS Innovations test procedure and the test results.
  • The Baseline Engineering analysis of the test procedures verifying that the procedures will test the items required by the test plan, and that the results show that the tests demonstrated that the system meets the requirements.
  • The Nutherm International analysis of the CS Innovations and Baseline Engineering analysis reports showing that the tests demonstrated that the final product is suitable for safety-related use in a nuclear power plant, and that this product is the equivalent of a product designed and manufactured under an Appendix B process.
  • The licensee review and acceptance reports of the previous procedures, results, and analysis.

D. Installation test procedures, and results. The NRC staff requests the licensee procedure and the test results, with the licensee review and determination that the FPGA-based MSFIS system meets all licensee requirements and expectations.

18. Diversity and Defense-in-Depth Analysis The diversity and defense-in-depth analysis is requested. This analysis must demonstrate that there is sufficient diversity and defense-in-depth to meet the requirements of Part 50, Appendix A, of Title 10 of the Code of Federal Regulations (10 CFR), General Design Criterion 22 on protection system independence, as described in the Standard Review Plan, Appendix 7.1-A, section 2.h.
19. V&V Reports The V&V Reports are requested. For each of these reports, there should be three documents; (1) the report written by the independent V&V contractor, Baseline Engineering, (2) the analysis of the report by Nutherm International showing that the report shows that the covered portion of the life cycle is suitable to produce a final product suitable for safety-related use in a nuclear power plant, and that this product will

be the equivalent of a product designed and manufactured under an Appendix B process, and (3) the licensee acceptance of the report and analysis.

A. V&V Requirements Analysis Report B. V&V Design Analysis Report C. V&V Implementation Analysis & Test Report D. V&V Validation & Test Report

20. An analysis of all Institute of Electrical and Electronics Engineers (IEEE) 603 requirements, with a description of how the FPGA-based MSFIS actuation system meets these requirements, is requested.
21. The standard used by CS Innovations during the design process is requested. The May 9, 2007, letter (ET 07-0013) from the licensee stated that the licensee considered the Federal Aviation Administration (FAA) guidance document RTCA DO-254/EUROCAE ED-80, "Design Assurance Guidance for Airborne Electronic Hardware," to be more appropriate guidance than IEEE 7-4.3.2. In this respect, the NRC staff requests:

A. A copy of RTCA DO-254/EUROCAE ED-80, "Design Assurance Guidance for Airborne Electronic Hardware."

B. Documentation on how and why this determination was made.

C. A comparison of the requirements of the FAA guidance document RTCA DO-254/EUROCAE ED-80 and IEEE 7-4.3.2.

22. Installation, Operations, and Maintenance Documentation It is requested that each of the following manuals be available for review prior to installation, that there is a Nutherm International evaluation of these manuals as suitable for a safety-related system, and a licensee acceptance of these manuals:

A. Operations Manuals B. Maintenance Manuals C. Training Manuals D. Repair Planning

Retrieved from "https://kanterella.com/w/index.php?title=ML071380511&oldid=2576974"