ML103120752
| ML103120752 | |
| Person / Time | |
|---|---|
| Issue date: | 08/09/2012 |
| From: | Sturzebecher K NRC/RES/DE |
| To: | |
| Orr M | |
| Shared Package | |
| ML103120750 | List: |
| References | |
| DG-1208 RG-1.171, Rev 1 | |
| Download: ML103120752 (4) | |
Text
REGULATORY ANALYSIS DRAFT REGULATORY GUIDE DG-1208 Software Unit Testing for Digital Computer Software used in Safety Systems of Nuclear Power Plants (Proposed Revision 1 of Regulatory Guide 1.171, dated September 1997)
- 1. Statement of the Problem Because traditional and well-understood methods of design and quality assurance for developing and manufacturing hardware apply imperfectly to software design and development, additional guidance beyond standard approaches for hardware is necessary if NRC regulations are to achieve their intent.
Many industries where computers and software are replacing traditional hardware-only I&C designs are facing this problem. To this extent, the nuclear industry is not very different from any industry associated with high-consequence hazards. While additional guidance is necessary to help prevent failures of digital I&C safety systems, the potential benefits of these systems make their use highly desirable.
The use of computers and software in safety-related I&C designs is both part of the larger problem of ensuring the long-term safety of nuclear power plants and part of the solution. It is not just digital systems themselves that raise concerns about design verification and quality assurance; the increase in complexity of the system designs (including software) is also a factor. The NRC staff discussed its concerns in SECY 91-292, Digital Computer Systems for Advanced Light Water Reactors, dated September 26, 1991 (Ref. 1), and again in parts of SECY 93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, dated April 2, 1993 (Ref. 2). Subsequently, the NRC sponsored studies that resulted in characterization of design factors, guidelines, technical bases, and practices generally considered appropriate for safety-related software [see NUREG/CR-6101, Software Reliability and Safety in Nuclear Reactor Protection Systems, November 1993 (Ref 3); NUREG/CR-6113, Class 1E Digital Systems Studies, issued October 1993 (Ref. 4); NUREG/CR-6263, High Integrity Software for Nuclear Power Plants: Candidate Guidelines, Technical Basis and Research Needs, June 1995 (Ref. 5); NUREG/CR-6293, Verification and Validation Guidelines for High Integrity Systems, issued March 1995 (Ref. 6); and NUREG/CR-6294, Design Factors for Safety-Critical Software, issued December 1994 (Ref. 7)]. These studies identified software design control techniques that are used in best practice software development efforts. They resulted in an agreed-upon collection of standards, established practice, and engineering techniques for software engineering methods to complement the collection that already supports traditional hardware engineering methods, such as statistical quality control, testing standards, and quality assurance techniques used for design and manufacturing processes for hardware components.
Software unit testing is fundamental to the assurance of software quality, as evidenced by the large body of literature on the subject and industry practices. An effective unit testing program depends on careful planning and execution. For systems and components under its purview, Appendix B to 10 CFR Part 50 requires that measures be established for verifying and checking the adequacy of design, such as by the performance of a suitable testing program. For software, unit testing is the first and most fundamental level of a layered approach to verifying and validating the adequacy of a software design.
The NRC developed this regulatory guide to ensure a common understanding between the NRC and its licensees and applicants of an acceptable method for software unit testing.
Revisions of industry standards referenced by the standard endorsed in this guide have captured subsequent experience with many related aspects of software quality assurance. Consequently, retaining Revision 0 of this guide without clarifying the status of the endorsement of these revised references would Page 1
not necessarily reflect current best practices. In addition, the regulatory framework described in Revision 0 of the guide does not include recent additions to NRC regulations that apply to new plant licensing.
Therefore, revision of this regulatory guidance is necessary to clarify the use of updated versions of referenced industry standards and to incorporate changes to the regulatory framework for new nuclear power plants.
- 2. Objective The objective of this regulatory action is to ensure that safety is promoted through effective regulatory guidance that endorses safe practices enhanced through experience, as captured in current consensus standards.
- 3. Alternative Approaches The NRC staff considered the following alternative approaches:
- Do not revise Regulatory Guide 1.171.
- Revise Regulatory Guide 1.171.
Alternative 1: Do Not Revise Regulatory Guide 1.171 Under this alternative, the NRC would not revise this guidance, and the current version of this regulatory guide would be retained. If the NRC does not take action, there would be no changes in costs or benefit to the public, the licensees, or the NRC. However, the no-action alternative would not address concerns identified with the current version of the regulatory guide.
The impact associated with not revising the regulatory guide to update its discussion of NRC regulations and its references to other guidance and standards is that the NRC and its licensees and applicants may interpret differently on proper software unit testing requirements. Not revising the regulatory guide does not reduce regulatory uncertainties with respect to software unit testing as the NRC staff and licensees and applicants try to reconcile variations in descriptions of the regulatory framework, as well as the usage of multiple versions of industry standards since the current version of regulatory guide does not address numerous changes in the regulatory environment:
- IEEE Std 603-1991 has been incorporated into 10 CFR 50.55a(h).
- IEEE Std 7-4.3.2 has been updated and the update version has been endorsed by Regulatory Guide 1.152.
The other software engineering Regulatory Guides: RG 1.168, Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, (Ref. 8);
RG 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, (Ref 9); RG 1.170 Software Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Plants (Ref. 10); RG 1.172, Software Requirements Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, (Ref.
11); and RG 1.173 Developing Software Life Cycle Processes for Digital Computer Software Used in Page 2
Safety Systems of Nuclear Power Plants, (Ref. 12) have been updated or are being updated in parallel with this revision.
Alternative 2: Revise Regulatory Guide 1.171 Under this alternative, the NRC would revise Regulatory Guide 1.171, taking into consideration the changes that have been made to the regulatory requirements and guidance associated with this guide.
The benefit of revising this guide is that it would enhance reactor safety by referencing the latest IEEE standard on safety systems endorsed by the NRC. Revising Regulatory Guide 1.171 to maintain consistency with the related requirements and guidance will also (1) simplify the staffs review process and enable licensees and applicants to develop a unified coherent means of meeting the requirements of 10 CFR Part 50 and 10 CFR Part 73 and (2) reduce regulatory uncertainty and thereby help to minimize the costs associated with the implementation of this guide.
The impact to the NRC would be the costs associated with preparing and issuing the regulatory guide revision. The impact to the public would be the voluntary costs associated with reviewing and providing comments to the NRC during the public comment period. The value to NRC and its applicants would be the benefits associated with enhanced efficiency and effectiveness in using a common guidance document as the technical basis for license applications and other interactions between the NRC and its regulated entities.
Conclusion On the basis of this regulatory analysis, the NRC staff recommends revision of Regulatory Guide 1.171. The staff concludes that the proposed action will enhance reactor safety by referencing the latest IEEE standards on software unit testing of safety systems. The revision of this guide could also reduce regulatory uncertainties and thereby minimize the costs for the industry, especially with regard to applications for standard plant design certifications and combined licenses.
Page 3
REFERENCES1
- 1. U.S. Nuclear Regulatory Commission (NRC), SECY 91-292, Digital Computer Systems for Advanced Light Water Reactors, U.S. NRC, Washington, DC, September 26, 1991. (ADAMS Accession number ML051750018)
- 2. NRC, SECY 93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, U.S. NRC, Washington, DC, April 2, 1993.
(ADAMS Accession Number ML003708021)
- 3. NRC, NUREG/CR-6101 Software Reliability and Safety in Nuclear Reactor Protection Systems, U.S. NRC, Washington, DC, November 1993.
- 4. NRC, NUREG/CR-6113, Class 1E Digital Systems Studies, U.S. NRC, Washington, DC, October 1993.
- 5. NRC, NUREG/CR-6263, High Integrity Software for Nuclear Power Plants: Candidate Guidelines, Technical Basis, and Research Needs, U.S. NRC, Washington, DC, June 1995.
- 6. NRC, NUREG/CR-6293, Verification and Validation Guidelines for High Integrity Systems, U.S. NRC, Washington, DC, March 1995.
- 7. NRC, NUREG/CR-6294, Design Factors for Safety-Critical Software, U.S. NRC, Washington, DC, December 1994.
- 8. NRC, Regulatory Guide 1.168, Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, U.S. NRC, Washington, DC.
- 9. NRC, Regulatory Guide 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, U.S. NRC, Washington, DC.
- 10. NRC, Regulatory Guide 1.170, Software Test Documentation for Digital Computer Software use in Safety Systems of Nuclear Power Plants, U.S. NRC, Washington, DC.
- 11. NRC, Regulatory Guide 1.172, Software Requirements Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, U.S. NRC, Washington, DC.
- 12. NRC, Regulatory Guide 1.173, Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, U.S. NRC, Washington, DC.
1 Publicly available NRC documents are available electronically through the Electronic Reading Room on the NRCs public Web site at http://www.nrc.gov/reading-rm/doc-collections/. The documents are also available for inspection or copying for a fee from the NRCs Public Document Room (PDR) at 11555 Rockville Pike, Rockville, MD; the mailing address is US NRC PDR, Washington, DC 20555; telephone (301) 415-4737 or (800) 397-4209; fax (301) 415-3548; and e-mail pdr.resource@nrc.gov.
Page 4